VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 24413

Last change on this file since 24413 was 24265, checked in by vboxsync, 15 years ago

Devices,VMM: Replaced all VERR_SSM_LOAD_CONFIG_MISMATCH returns with SSMR3SetCfgError calls.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 264.5 KB
Line 
1/* $Id: DevATA.cpp 24265 2009-11-02 15:21:30Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/** @name The SSM saved state versions.
30 * @{
31 */
32/** The current saved state version. */
33#define ATA_SAVED_STATE_VERSION 20
34/** The saved state version used by VirtualBox 3.0.
35 * This lacks the config part and has the type at the and. */
36#define ATA_SAVED_STATE_VERSION_VBOX_30 19
37#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
38#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
39#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
40/** @} */
41
42/*******************************************************************************
43* Header Files *
44*******************************************************************************/
45#define LOG_GROUP LOG_GROUP_DEV_IDE
46#include <VBox/pdmdev.h>
47#include <iprt/assert.h>
48#include <iprt/string.h>
49#ifdef IN_RING3
50# include <iprt/uuid.h>
51# include <iprt/semaphore.h>
52# include <iprt/thread.h>
53# include <iprt/time.h>
54# include <iprt/alloc.h>
55#endif /* IN_RING3 */
56#include <iprt/critsect.h>
57#include <iprt/asm.h>
58#include <VBox/stam.h>
59#include <VBox/mm.h>
60#include <VBox/pgm.h>
61
62#include <VBox/scsi.h>
63
64#include "PIIX3ATABmDma.h"
65#include "ide.h"
66#include "../Builtins.h"
67
68/*******************************************************************************
69* Defined Constants And Macros *
70*******************************************************************************/
71/**
72 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
73 * Set to 1 to disable multi-sector read support. According to the ATA
74 * specification this must be a power of 2 and it must fit in an 8 bit
75 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
76 */
77#define ATA_MAX_MULT_SECTORS 128
78
79/**
80 * Fastest PIO mode supported by the drive.
81 */
82#define ATA_PIO_MODE_MAX 4
83/**
84 * Fastest MDMA mode supported by the drive.
85 */
86#define ATA_MDMA_MODE_MAX 2
87/**
88 * Fastest UDMA mode supported by the drive.
89 */
90#define ATA_UDMA_MODE_MAX 6
91
92/** ATAPI sense info size. */
93#define ATAPI_SENSE_SIZE 64
94
95/** The maximum number of release log entries per device. */
96#define MAX_LOG_REL_ERRORS 1024
97
98/* MediaEventStatus */
99#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
100#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
101#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
102#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
103
104/**
105 * Length of the configurable VPD data (without termination)
106 */
107#define ATA_SERIAL_NUMBER_LENGTH 20
108#define ATA_FIRMWARE_REVISION_LENGTH 8
109#define ATA_MODEL_NUMBER_LENGTH 40
110#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
111#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
112#define ATAPI_INQUIRY_REVISION_LENGTH 4
113
114/*******************************************************************************
115* Structures and Typedefs *
116*******************************************************************************/
117typedef struct ATADevState {
118 /** Flag indicating whether the current command uses LBA48 mode. */
119 bool fLBA48;
120 /** Flag indicating whether this drive implements the ATAPI command set. */
121 bool fATAPI;
122 /** Set if this interface has asserted the IRQ. */
123 bool fIrqPending;
124 /** Currently configured number of sectors in a multi-sector transfer. */
125 uint8_t cMultSectors;
126 /** PCHS disk geometry. */
127 PDMMEDIAGEOMETRY PCHSGeometry;
128 /** Total number of sectors on this disk. */
129 uint64_t cTotalSectors;
130 /** Number of sectors to transfer per IRQ. */
131 uint32_t cSectorsPerIRQ;
132
133 /** ATA/ATAPI register 1: feature (write-only). */
134 uint8_t uATARegFeature;
135 /** ATA/ATAPI register 1: feature, high order byte. */
136 uint8_t uATARegFeatureHOB;
137 /** ATA/ATAPI register 1: error (read-only). */
138 uint8_t uATARegError;
139 /** ATA/ATAPI register 2: sector count (read/write). */
140 uint8_t uATARegNSector;
141 /** ATA/ATAPI register 2: sector count, high order byte. */
142 uint8_t uATARegNSectorHOB;
143 /** ATA/ATAPI register 3: sector (read/write). */
144 uint8_t uATARegSector;
145 /** ATA/ATAPI register 3: sector, high order byte. */
146 uint8_t uATARegSectorHOB;
147 /** ATA/ATAPI register 4: cylinder low (read/write). */
148 uint8_t uATARegLCyl;
149 /** ATA/ATAPI register 4: cylinder low, high order byte. */
150 uint8_t uATARegLCylHOB;
151 /** ATA/ATAPI register 5: cylinder high (read/write). */
152 uint8_t uATARegHCyl;
153 /** ATA/ATAPI register 5: cylinder high, high order byte. */
154 uint8_t uATARegHCylHOB;
155 /** ATA/ATAPI register 6: select drive/head (read/write). */
156 uint8_t uATARegSelect;
157 /** ATA/ATAPI register 7: status (read-only). */
158 uint8_t uATARegStatus;
159 /** ATA/ATAPI register 7: command (write-only). */
160 uint8_t uATARegCommand;
161 /** ATA/ATAPI drive control register (write-only). */
162 uint8_t uATARegDevCtl;
163
164 /** Currently active transfer mode (MDMA/UDMA) and speed. */
165 uint8_t uATATransferMode;
166 /** Current transfer direction. */
167 uint8_t uTxDir;
168 /** Index of callback for begin transfer. */
169 uint8_t iBeginTransfer;
170 /** Index of callback for source/sink of data. */
171 uint8_t iSourceSink;
172 /** Flag indicating whether the current command transfers data in DMA mode. */
173 bool fDMA;
174 /** Set to indicate that ATAPI transfer semantics must be used. */
175 bool fATAPITransfer;
176
177 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
178 uint32_t cbTotalTransfer;
179 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
180 uint32_t cbElementaryTransfer;
181 /** Current read/write buffer position, shared PIO/DMA. */
182 uint32_t iIOBufferCur;
183 /** First element beyond end of valid buffer content, shared PIO/DMA. */
184 uint32_t iIOBufferEnd;
185
186 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
187 uint32_t iIOBufferPIODataStart;
188 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
189 uint32_t iIOBufferPIODataEnd;
190
191 /** ATAPI current LBA position. */
192 uint32_t iATAPILBA;
193 /** ATAPI current sector size. */
194 uint32_t cbATAPISector;
195 /** ATAPI current command. */
196 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
197 /** ATAPI sense data. */
198 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
199 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
200 uint8_t cNotifiedMediaChange;
201 /** The same for GET_EVENT_STATUS for mechanism */
202 volatile uint32_t MediaEventStatus;
203
204 uint32_t Alignment0;
205
206 /** The status LED state for this drive. */
207 PDMLED Led;
208
209 /** Size of I/O buffer. */
210 uint32_t cbIOBuffer;
211 /** Pointer to the I/O buffer. */
212 R3PTRTYPE(uint8_t *) pbIOBufferR3;
213 /** Pointer to the I/O buffer. */
214 R0PTRTYPE(uint8_t *) pbIOBufferR0;
215 /** Pointer to the I/O buffer. */
216 RCPTRTYPE(uint8_t *) pbIOBufferRC;
217
218 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
219
220 /*
221 * No data that is part of the saved state after this point!!!!!
222 */
223
224 /* Release statistics: number of ATA DMA commands. */
225 STAMCOUNTER StatATADMA;
226 /* Release statistics: number of ATA PIO commands. */
227 STAMCOUNTER StatATAPIO;
228 /* Release statistics: number of ATAPI PIO commands. */
229 STAMCOUNTER StatATAPIDMA;
230 /* Release statistics: number of ATAPI PIO commands. */
231 STAMCOUNTER StatATAPIPIO;
232#ifdef VBOX_INSTRUMENT_DMA_WRITES
233 /* Release statistics: number of DMA sector writes and the time spent. */
234 STAMPROFILEADV StatInstrVDWrites;
235#endif
236
237 /** Statistics: number of read operations and the time spent reading. */
238 STAMPROFILEADV StatReads;
239 /** Statistics: number of bytes read. */
240 STAMCOUNTER StatBytesRead;
241 /** Statistics: number of write operations and the time spent writing. */
242 STAMPROFILEADV StatWrites;
243 /** Statistics: number of bytes written. */
244 STAMCOUNTER StatBytesWritten;
245 /** Statistics: number of flush operations and the time spend flushing. */
246 STAMPROFILE StatFlushes;
247
248 /** Enable passing through commands directly to the ATAPI drive. */
249 bool fATAPIPassthrough;
250 /** Number of errors we've reported to the release log.
251 * This is to prevent flooding caused by something going horribly wrong.
252 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
253 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
254 uint32_t cErrors;
255 /** Timestamp of last started command. 0 if no command pending. */
256 uint64_t u64CmdTS;
257
258 /** Pointer to the attached driver's base interface. */
259 R3PTRTYPE(PPDMIBASE) pDrvBase;
260 /** Pointer to the attached driver's block interface. */
261 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
262 /** Pointer to the attached driver's block bios interface. */
263 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
264 /** Pointer to the attached driver's mount interface.
265 * This is NULL if the driver isn't a removable unit. */
266 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
267 /** The base interface. */
268 PDMIBASE IBase;
269 /** The block port interface. */
270 PDMIBLOCKPORT IPort;
271 /** The mount notify interface. */
272 PDMIMOUNTNOTIFY IMountNotify;
273 /** The LUN #. */
274 RTUINT iLUN;
275 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
276 /** Pointer to device instance. */
277 PPDMDEVINSR3 pDevInsR3;
278 /** Pointer to controller instance. */
279 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
280 /** Pointer to device instance. */
281 PPDMDEVINSR0 pDevInsR0;
282 /** Pointer to controller instance. */
283 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
284 /** Pointer to device instance. */
285 PPDMDEVINSRC pDevInsRC;
286 /** Pointer to controller instance. */
287 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
288
289 /** The serial numnber to use for IDENTIFY DEVICE commands. */
290 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
291 /** The firmware revision to use for IDENTIFY DEVICE commands. */
292 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
293 /** The model number to use for IDENTIFY DEVICE commands. */
294 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
295 /** The vendor identification string for SCSI INQUIRY commands. */
296 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
297 /** The product identification string for SCSI INQUIRY commands. */
298 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
299 /** The revision string for SCSI INQUIRY commands. */
300 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
301
302 uint8_t abAlignment3[7];
303} ATADevState;
304AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
305AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
306AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
307AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
308AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
309AssertCompileSizeAlignment(ATADevState, 8);
310
311
312typedef struct ATATransferRequest
313{
314 uint8_t iIf;
315 uint8_t iBeginTransfer;
316 uint8_t iSourceSink;
317 uint32_t cbTotalTransfer;
318 uint8_t uTxDir;
319} ATATransferRequest;
320
321
322typedef struct ATAAbortRequest
323{
324 uint8_t iIf;
325 bool fResetDrive;
326} ATAAbortRequest;
327
328
329typedef enum
330{
331 /** Begin a new transfer. */
332 ATA_AIO_NEW = 0,
333 /** Continue a DMA transfer. */
334 ATA_AIO_DMA,
335 /** Continue a PIO transfer. */
336 ATA_AIO_PIO,
337 /** Reset the drives on current controller, stop all transfer activity. */
338 ATA_AIO_RESET_ASSERTED,
339 /** Reset the drives on current controller, resume operation. */
340 ATA_AIO_RESET_CLEARED,
341 /** Abort the current transfer of a particular drive. */
342 ATA_AIO_ABORT
343} ATAAIO;
344
345
346typedef struct ATARequest
347{
348 ATAAIO ReqType;
349 union
350 {
351 ATATransferRequest t;
352 ATAAbortRequest a;
353 } u;
354} ATARequest;
355
356
357typedef struct ATACONTROLLER
358{
359 /** The base of the first I/O Port range. */
360 RTIOPORT IOPortBase1;
361 /** The base of the second I/O Port range. (0 if none) */
362 RTIOPORT IOPortBase2;
363 /** The assigned IRQ. */
364 RTUINT irq;
365 /** Access critical section */
366 PDMCRITSECT lock;
367
368 /** Selected drive. */
369 uint8_t iSelectedIf;
370 /** The interface on which to handle async I/O. */
371 uint8_t iAIOIf;
372 /** The state of the async I/O thread. */
373 uint8_t uAsyncIOState;
374 /** Flag indicating whether the next transfer is part of the current command. */
375 bool fChainedTransfer;
376 /** Set when the reset processing is currently active on this controller. */
377 bool fReset;
378 /** Flag whether the current transfer needs to be redone. */
379 bool fRedo;
380 /** Flag whether the redo suspend has been finished. */
381 bool fRedoIdle;
382 /** Flag whether the DMA operation to be redone is the final transfer. */
383 bool fRedoDMALastDesc;
384 /** The BusMaster DMA state. */
385 BMDMAState BmDma;
386 /** Pointer to first DMA descriptor. */
387 RTGCPHYS32 pFirstDMADesc;
388 /** Pointer to last DMA descriptor. */
389 RTGCPHYS32 pLastDMADesc;
390 /** Pointer to current DMA buffer (for redo operations). */
391 RTGCPHYS32 pRedoDMABuffer;
392 /** Size of current DMA buffer (for redo operations). */
393 uint32_t cbRedoDMABuffer;
394
395 /** The ATA/ATAPI interfaces of this controller. */
396 ATADevState aIfs[2];
397
398 /** Pointer to device instance. */
399 PPDMDEVINSR3 pDevInsR3;
400 /** Pointer to device instance. */
401 PPDMDEVINSR0 pDevInsR0;
402 /** Pointer to device instance. */
403 PPDMDEVINSRC pDevInsRC;
404
405 /** Set when the destroying the device instance and the thread must exit. */
406 uint32_t volatile fShutdown;
407 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
408 RTTHREAD AsyncIOThread;
409 /** The event semaphore the thread is waiting on for requests. */
410 RTSEMEVENT AsyncIOSem;
411 /** The request queue for the AIO thread. One element is always unused. */
412 ATARequest aAsyncIORequests[4];
413 /** The position at which to insert a new request for the AIO thread. */
414 uint8_t AsyncIOReqHead;
415 /** The position at which to get a new request for the AIO thread. */
416 uint8_t AsyncIOReqTail;
417 /** Whether to call RTThreadUserSignal when idle.
418 * Before setting this, call RTThreadUserReset. */
419 bool volatile fSignalIdle;
420 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
421 /** Magic delay before triggering interrupts in DMA mode. */
422 uint32_t DelayIRQMillies;
423 /** The mutex protecting the request queue. */
424 RTSEMMUTEX AsyncIORequestMutex;
425 /** The event semaphore the thread is waiting on during suspended I/O. */
426 RTSEMEVENT SuspendIOSem;
427#if 0 /*HC_ARCH_BITS == 32*/
428 uint32_t Alignment0;
429#endif
430
431 /** Timestamp we started the reset. */
432 uint64_t u64ResetTime;
433
434 /* Statistics */
435 STAMCOUNTER StatAsyncOps;
436 uint64_t StatAsyncMinWait;
437 uint64_t StatAsyncMaxWait;
438 STAMCOUNTER StatAsyncTimeUS;
439 STAMPROFILEADV StatAsyncTime;
440 STAMPROFILE StatLockWait;
441} ATACONTROLLER, *PATACONTROLLER;
442AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
443AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
444AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
445AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
446
447typedef enum CHIPSET
448{
449 /** PIIX3 chipset, must be 0 for saved state compatibility */
450 CHIPSET_PIIX3 = 0,
451 /** PIIX4 chipset, must be 1 for saved state compatibility */
452 CHIPSET_PIIX4 = 1,
453 /** ICH6 chipset */
454 CHIPSET_ICH6 = 2
455} CHIPSET;
456
457typedef struct PCIATAState {
458 PCIDEVICE dev;
459 /** The controllers. */
460 ATACONTROLLER aCts[2];
461 /** Pointer to device instance. */
462 PPDMDEVINSR3 pDevIns;
463 /** Status Port - Base interface. */
464 PDMIBASE IBase;
465 /** Status Port - Leds interface. */
466 PDMILEDPORTS ILeds;
467 /** Partner of ILeds. */
468 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
469 /** Flag whether GC is enabled. */
470 bool fGCEnabled;
471 /** Flag whether R0 is enabled. */
472 bool fR0Enabled;
473 /** Flag indicating chipset being emulated. */
474 uint8_t u8Type;
475 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
476} PCIATAState;
477
478#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
479#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
480#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
481#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
482#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
483#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
484
485#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
486
487#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
488#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
489#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
490#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
491
492#ifndef VBOX_DEVICE_STRUCT_TESTCASE
493/*******************************************************************************
494 * Internal Functions *
495 ******************************************************************************/
496RT_C_DECLS_BEGIN
497PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
498PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
499PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
500PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
501PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
502PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
503PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
504PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
505RT_C_DECLS_END
506
507
508
509DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
510{
511 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
512
513 /* Freeze status register contents while processing RESET. */
514 if (!pCtl->fReset)
515 {
516 s->uATARegStatus = stat;
517 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
518 }
519}
520
521
522DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
523{
524 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
525
526 /* Freeze status register contents while processing RESET. */
527 if (!pCtl->fReset)
528 {
529 s->uATARegStatus |= stat;
530 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
531 }
532}
533
534
535DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
536{
537 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
538
539 /* Freeze status register contents while processing RESET. */
540 if (!pCtl->fReset)
541 {
542 s->uATARegStatus &= ~stat;
543 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
544 }
545}
546
547#ifdef IN_RING3
548
549typedef void (*PBeginTransferFunc)(ATADevState *);
550typedef bool (*PSourceSinkFunc)(ATADevState *);
551
552static void ataReadWriteSectorsBT(ATADevState *);
553static void ataPacketBT(ATADevState *);
554static void atapiCmdBT(ATADevState *);
555static void atapiPassthroughCmdBT(ATADevState *);
556
557static bool ataIdentifySS(ATADevState *);
558static bool ataFlushSS(ATADevState *);
559static bool ataReadSectorsSS(ATADevState *);
560static bool ataWriteSectorsSS(ATADevState *);
561static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
562static bool ataPacketSS(ATADevState *);
563static bool atapiGetConfigurationSS(ATADevState *);
564static bool atapiGetEventStatusNotificationSS(ATADevState *);
565static bool atapiIdentifySS(ATADevState *);
566static bool atapiInquirySS(ATADevState *);
567static bool atapiMechanismStatusSS(ATADevState *);
568static bool atapiModeSenseErrorRecoverySS(ATADevState *);
569static bool atapiModeSenseCDStatusSS(ATADevState *);
570static bool atapiReadSS(ATADevState *);
571static bool atapiReadCapacitySS(ATADevState *);
572static bool atapiReadDiscInformationSS(ATADevState *);
573static bool atapiReadTOCNormalSS(ATADevState *);
574static bool atapiReadTOCMultiSS(ATADevState *);
575static bool atapiReadTOCRawSS(ATADevState *);
576static bool atapiReadTrackInformationSS(ATADevState *);
577static bool atapiRequestSenseSS(ATADevState *);
578static bool atapiPassthroughSS(ATADevState *);
579static bool atapiReadDVDStructureSS(ATADevState *);
580
581/**
582 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
583 */
584typedef enum ATAFNBT
585{
586 ATAFN_BT_NULL = 0,
587 ATAFN_BT_READ_WRITE_SECTORS,
588 ATAFN_BT_PACKET,
589 ATAFN_BT_ATAPI_CMD,
590 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
591 ATAFN_BT_MAX
592} ATAFNBT;
593
594/**
595 * Array of end transfer functions, the index is ATAFNET.
596 * Make sure ATAFNET and this array match!
597 */
598static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
599{
600 NULL,
601 ataReadWriteSectorsBT,
602 ataPacketBT,
603 atapiCmdBT,
604 atapiPassthroughCmdBT,
605};
606
607/**
608 * Source/sink function indexes for g_apfnSourceSinkFuncs.
609 */
610typedef enum ATAFNSS
611{
612 ATAFN_SS_NULL = 0,
613 ATAFN_SS_IDENTIFY,
614 ATAFN_SS_FLUSH,
615 ATAFN_SS_READ_SECTORS,
616 ATAFN_SS_WRITE_SECTORS,
617 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
618 ATAFN_SS_PACKET,
619 ATAFN_SS_ATAPI_GET_CONFIGURATION,
620 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
621 ATAFN_SS_ATAPI_IDENTIFY,
622 ATAFN_SS_ATAPI_INQUIRY,
623 ATAFN_SS_ATAPI_MECHANISM_STATUS,
624 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
625 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
626 ATAFN_SS_ATAPI_READ,
627 ATAFN_SS_ATAPI_READ_CAPACITY,
628 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
629 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
630 ATAFN_SS_ATAPI_READ_TOC_MULTI,
631 ATAFN_SS_ATAPI_READ_TOC_RAW,
632 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
633 ATAFN_SS_ATAPI_REQUEST_SENSE,
634 ATAFN_SS_ATAPI_PASSTHROUGH,
635 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
636 ATAFN_SS_MAX
637} ATAFNSS;
638
639/**
640 * Array of source/sink functions, the index is ATAFNSS.
641 * Make sure ATAFNSS and this array match!
642 */
643static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
644{
645 NULL,
646 ataIdentifySS,
647 ataFlushSS,
648 ataReadSectorsSS,
649 ataWriteSectorsSS,
650 ataExecuteDeviceDiagnosticSS,
651 ataPacketSS,
652 atapiGetConfigurationSS,
653 atapiGetEventStatusNotificationSS,
654 atapiIdentifySS,
655 atapiInquirySS,
656 atapiMechanismStatusSS,
657 atapiModeSenseErrorRecoverySS,
658 atapiModeSenseCDStatusSS,
659 atapiReadSS,
660 atapiReadCapacitySS,
661 atapiReadDiscInformationSS,
662 atapiReadTOCNormalSS,
663 atapiReadTOCMultiSS,
664 atapiReadTOCRawSS,
665 atapiReadTrackInformationSS,
666 atapiRequestSenseSS,
667 atapiPassthroughSS,
668 atapiReadDVDStructureSS
669};
670
671
672static const ATARequest ataDMARequest = { ATA_AIO_DMA, };
673static const ATARequest ataPIORequest = { ATA_AIO_PIO, };
674static const ATARequest ataResetARequest = { ATA_AIO_RESET_ASSERTED, };
675static const ATARequest ataResetCRequest = { ATA_AIO_RESET_CLEARED, };
676
677
678static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
679{
680 int rc;
681
682 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
683 AssertRC(rc);
684 pCtl->AsyncIOReqHead = 0;
685 pCtl->AsyncIOReqTail = 0;
686 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
687 AssertRC(rc);
688}
689
690
691static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
692{
693 int rc;
694
695 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
696 AssertRC(rc);
697 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
698 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
699 pCtl->AsyncIOReqHead++;
700 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
701 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
702 AssertRC(rc);
703 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
704 if (RT_FAILURE(rc))
705 {
706 rc = RTSemEventSignal(pCtl->AsyncIOSem);
707 AssertRC(rc);
708 }
709}
710
711
712static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
713{
714 int rc;
715 const ATARequest *pReq;
716
717 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
718 AssertRC(rc);
719 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
720 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
721 else
722 pReq = NULL;
723 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
724 AssertRC(rc);
725 return pReq;
726}
727
728
729/**
730 * Remove the request with the given type, as it's finished. The request
731 * is not removed blindly, as this could mean a RESET request that is not
732 * yet processed (but has cleared the request queue) is lost.
733 *
734 * @param pCtl Controller for which to remove the request.
735 * @param ReqType Type of the request to remove.
736 */
737static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
738{
739 int rc;
740
741 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
742 AssertRC(rc);
743 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
744 {
745 pCtl->AsyncIOReqTail++;
746 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
747 }
748 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
749 AssertRC(rc);
750}
751
752
753/**
754 * Dump the request queue for a particular controller. First dump the queue
755 * contents, then the already processed entries, as long as they haven't been
756 * overwritten.
757 *
758 * @param pCtl Controller for which to dump the queue.
759 */
760static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
761{
762 int rc;
763 uint8_t curr;
764
765 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
766 AssertRC(rc);
767 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
768 curr = pCtl->AsyncIOReqTail;
769 do
770 {
771 if (curr == pCtl->AsyncIOReqHead)
772 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
773 switch (pCtl->aAsyncIORequests[curr].ReqType)
774 {
775 case ATA_AIO_NEW:
776 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
777 break;
778 case ATA_AIO_DMA:
779 LogRel(("dma transfer finished\n"));
780 break;
781 case ATA_AIO_PIO:
782 LogRel(("pio transfer finished\n"));
783 break;
784 case ATA_AIO_RESET_ASSERTED:
785 LogRel(("reset asserted request\n"));
786 break;
787 case ATA_AIO_RESET_CLEARED:
788 LogRel(("reset cleared request\n"));
789 break;
790 case ATA_AIO_ABORT:
791 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
792 break;
793 default:
794 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
795 }
796 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
797 } while (curr != pCtl->AsyncIOReqTail);
798 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
799 AssertRC(rc);
800}
801
802
803/**
804 * Checks whether the request queue for a particular controller is empty
805 * or whether a particular controller is idle.
806 *
807 * @param pCtl Controller for which to check the queue.
808 * @param fStrict If set then the controller is checked to be idle.
809 */
810static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
811{
812 int rc;
813 bool fIdle;
814
815 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
816 AssertRC(rc);
817 fIdle = pCtl->fRedoIdle;
818 if (!fIdle)
819 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
820 if (fStrict)
821 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
822 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
823 AssertRC(rc);
824 return fIdle;
825}
826
827
828/**
829 * Send a transfer request to the async I/O thread.
830 *
831 * @param s Pointer to the ATA device state data.
832 * @param cbTotalTransfer Data transfer size.
833 * @param uTxDir Data transfer direction.
834 * @param iBeginTransfer Index of BeginTransfer callback.
835 * @param iSourceSink Index of SourceSink callback.
836 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
837 */
838static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
839{
840 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
841 ATARequest Req;
842
843 Assert(PDMCritSectIsOwner(&pCtl->lock));
844
845 /* Do not issue new requests while the RESET line is asserted. */
846 if (pCtl->fReset)
847 {
848 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
849 return;
850 }
851
852 /* If the controller is already doing something else right now, ignore
853 * the command that is being submitted. Some broken guests issue commands
854 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
855 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
856 {
857 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
858 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
859 return;
860 }
861
862 Req.ReqType = ATA_AIO_NEW;
863 if (fChainedTransfer)
864 Req.u.t.iIf = pCtl->iAIOIf;
865 else
866 Req.u.t.iIf = pCtl->iSelectedIf;
867 Req.u.t.cbTotalTransfer = cbTotalTransfer;
868 Req.u.t.uTxDir = uTxDir;
869 Req.u.t.iBeginTransfer = iBeginTransfer;
870 Req.u.t.iSourceSink = iSourceSink;
871 ataSetStatusValue(s, ATA_STAT_BUSY);
872 pCtl->fChainedTransfer = fChainedTransfer;
873
874 /*
875 * Kick the worker thread into action.
876 */
877 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
878 ataAsyncIOPutRequest(pCtl, &Req);
879}
880
881
882/**
883 * Send an abort command request to the async I/O thread.
884 *
885 * @param s Pointer to the ATA device state data.
886 * @param fResetDrive Whether to reset the drive or just abort a command.
887 */
888static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
889{
890 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
891 ATARequest Req;
892
893 Assert(PDMCritSectIsOwner(&pCtl->lock));
894
895 /* Do not issue new requests while the RESET line is asserted. */
896 if (pCtl->fReset)
897 {
898 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
899 return;
900 }
901
902 Req.ReqType = ATA_AIO_ABORT;
903 Req.u.a.iIf = pCtl->iSelectedIf;
904 Req.u.a.fResetDrive = fResetDrive;
905 ataSetStatus(s, ATA_STAT_BUSY);
906 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
907 ataAsyncIOPutRequest(pCtl, &Req);
908}
909
910
911static void ataSetIRQ(ATADevState *s)
912{
913 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
914 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
915
916 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
917 {
918 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
919 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
920 * line is asserted. It monitors the line for a rising edge. */
921 if (!s->fIrqPending)
922 pCtl->BmDma.u8Status |= BM_STATUS_INT;
923 /* Only actually set the IRQ line if updating the currently selected drive. */
924 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
925 {
926 /** @todo experiment with adaptive IRQ delivery: for reads it is
927 * better to wait for IRQ delivery, as it reduces latency. */
928 if (pCtl->irq == 16)
929 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
930 else
931 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
932 }
933 }
934 s->fIrqPending = true;
935}
936
937#endif /* IN_RING3 */
938
939static void ataUnsetIRQ(ATADevState *s)
940{
941 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
942 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
943
944 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
945 {
946 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
947 /* Only actually unset the IRQ line if updating the currently selected drive. */
948 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
949 {
950 if (pCtl->irq == 16)
951 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
952 else
953 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
954 }
955 }
956 s->fIrqPending = false;
957}
958
959#ifdef IN_RING3
960
961static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
962{
963 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
964 s->iIOBufferPIODataStart = start;
965 s->iIOBufferPIODataEnd = start + size;
966 ataSetStatus(s, ATA_STAT_DRQ);
967}
968
969
970static void ataPIOTransferStop(ATADevState *s)
971{
972 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
973 if (s->fATAPITransfer)
974 {
975 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
976 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
977 ataSetIRQ(s);
978 s->fATAPITransfer = false;
979 }
980 s->cbTotalTransfer = 0;
981 s->cbElementaryTransfer = 0;
982 s->iIOBufferPIODataStart = 0;
983 s->iIOBufferPIODataEnd = 0;
984 s->iBeginTransfer = ATAFN_BT_NULL;
985 s->iSourceSink = ATAFN_SS_NULL;
986}
987
988
989static void ataPIOTransferLimitATAPI(ATADevState *s)
990{
991 uint32_t cbLimit, cbTransfer;
992
993 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
994 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
995 if (cbLimit == 0)
996 cbLimit = 0xfffe;
997 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
998 if (cbLimit == 0xffff)
999 cbLimit--;
1000 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1001 if (cbTransfer > cbLimit)
1002 {
1003 /* Byte count limit for clipping must be even in this case */
1004 if (cbLimit & 1)
1005 cbLimit--;
1006 cbTransfer = cbLimit;
1007 }
1008 s->uATARegLCyl = cbTransfer;
1009 s->uATARegHCyl = cbTransfer >> 8;
1010 s->cbElementaryTransfer = cbTransfer;
1011}
1012
1013
1014static uint32_t ataGetNSectors(ATADevState *s)
1015{
1016 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1017 if (s->fLBA48)
1018 {
1019 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1020 return 65536;
1021 else
1022 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1023 }
1024 else
1025 {
1026 if (!s->uATARegNSector)
1027 return 256;
1028 else
1029 return s->uATARegNSector;
1030 }
1031}
1032
1033
1034static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1035{
1036 for (uint32_t i = 0; i < cbSize; i++)
1037 {
1038 if (*pbSrc)
1039 pbDst[i ^ 1] = *pbSrc++;
1040 else
1041 pbDst[i ^ 1] = ' ';
1042 }
1043}
1044
1045
1046static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1047{
1048 for (uint32_t i = 0; i < cbSize; i++)
1049 {
1050 if (*pbSrc)
1051 pbDst[i] = *pbSrc++;
1052 else
1053 pbDst[i] = ' ';
1054 }
1055}
1056
1057
1058DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1059{
1060 pbBuf[0] = val >> 8;
1061 pbBuf[1] = val;
1062}
1063
1064
1065DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1066{
1067 pbBuf[0] = val >> 16;
1068 pbBuf[1] = val >> 8;
1069 pbBuf[2] = val;
1070}
1071
1072
1073DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1074{
1075 pbBuf[0] = val >> 24;
1076 pbBuf[1] = val >> 16;
1077 pbBuf[2] = val >> 8;
1078 pbBuf[3] = val;
1079}
1080
1081
1082DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1083{
1084 return (pbBuf[0] << 8) | pbBuf[1];
1085}
1086
1087
1088DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1089{
1090 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1091}
1092
1093
1094DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1095{
1096 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1097}
1098
1099
1100DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1101{
1102 iATAPILBA += 150;
1103 pbBuf[0] = (iATAPILBA / 75) / 60;
1104 pbBuf[1] = (iATAPILBA / 75) % 60;
1105 pbBuf[2] = iATAPILBA % 75;
1106}
1107
1108
1109DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1110{
1111 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1112}
1113
1114
1115static void ataCmdOK(ATADevState *s, uint8_t status)
1116{
1117 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1118 ataSetStatusValue(s, ATA_STAT_READY | status);
1119}
1120
1121
1122static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1123{
1124 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1125 s->uATARegError = uErrorCode;
1126 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1127 s->cbTotalTransfer = 0;
1128 s->cbElementaryTransfer = 0;
1129 s->iIOBufferCur = 0;
1130 s->iIOBufferEnd = 0;
1131 s->uTxDir = PDMBLOCKTXDIR_NONE;
1132 s->iBeginTransfer = ATAFN_BT_NULL;
1133 s->iSourceSink = ATAFN_SS_NULL;
1134}
1135
1136
1137static bool ataIdentifySS(ATADevState *s)
1138{
1139 uint16_t *p;
1140
1141 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1142 Assert(s->cbElementaryTransfer == 512);
1143
1144 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1145 memset(p, 0, 512);
1146 p[0] = RT_H2LE_U16(0x0040);
1147 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1148 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1149 /* Block size; obsolete, but required for the BIOS. */
1150 p[5] = RT_H2LE_U16(512);
1151 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1152 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1153 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1154 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1155 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1156 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1157 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1158#if ATA_MAX_MULT_SECTORS > 1
1159 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1160#endif
1161 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1162 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1163 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1164 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1165 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1166 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1167 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1168 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1169 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1170 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1171 * s->PCHSGeometry.cHeads
1172 * s->PCHSGeometry.cSectors);
1173 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1174 * s->PCHSGeometry.cHeads
1175 * s->PCHSGeometry.cSectors >> 16);
1176 if (s->cMultSectors)
1177 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1178 if (s->cTotalSectors <= (1 << 28) - 1)
1179 {
1180 p[60] = RT_H2LE_U16(s->cTotalSectors);
1181 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1182 }
1183 else
1184 {
1185 /* Report maximum number of sectors possible with LBA28 */
1186 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1187 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1188 }
1189 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1190 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1191 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1192 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1193 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1194 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1195 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1196 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1197 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1198 if (s->cTotalSectors <= (1 << 28) - 1)
1199 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1200 else
1201 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1202 p[84] = RT_H2LE_U16(1 << 14);
1203 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1204 if (s->cTotalSectors <= (1 << 28) - 1)
1205 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1206 else
1207 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1208 p[87] = RT_H2LE_U16(1 << 14);
1209 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1210 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1211 if (s->cTotalSectors > (1 << 28) - 1)
1212 {
1213 p[100] = RT_H2LE_U16(s->cTotalSectors);
1214 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1215 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1216 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1217 }
1218 s->iSourceSink = ATAFN_SS_NULL;
1219 ataCmdOK(s, ATA_STAT_SEEK);
1220 return false;
1221}
1222
1223
1224static bool ataFlushSS(ATADevState *s)
1225{
1226 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1227 int rc;
1228
1229 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1230 Assert(!s->cbElementaryTransfer);
1231
1232 PDMCritSectLeave(&pCtl->lock);
1233
1234 STAM_PROFILE_START(&s->StatFlushes, f);
1235 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1236 AssertRC(rc);
1237 STAM_PROFILE_STOP(&s->StatFlushes, f);
1238
1239 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1240 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1241 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1242 ataCmdOK(s, 0);
1243 return false;
1244}
1245
1246
1247static bool atapiIdentifySS(ATADevState *s)
1248{
1249 uint16_t *p;
1250
1251 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1252 Assert(s->cbElementaryTransfer == 512);
1253
1254 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1255 memset(p, 0, 512);
1256 /* Removable CDROM, 50us response, 12 byte packets */
1257 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1258 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1259 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1260 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1261 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1262 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1263 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1264 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1265 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1266 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1267 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1268 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1269 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1270 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1271 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1272 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1273 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1274 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1275 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1276 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1277 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1278 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1279 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1280 p[83] = RT_H2LE_U16(1 << 14);
1281 p[84] = RT_H2LE_U16(1 << 14);
1282 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1283 p[86] = RT_H2LE_U16(0);
1284 p[87] = RT_H2LE_U16(1 << 14);
1285 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1286 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1287 s->iSourceSink = ATAFN_SS_NULL;
1288 ataCmdOK(s, ATA_STAT_SEEK);
1289 return false;
1290}
1291
1292
1293static void ataSetSignature(ATADevState *s)
1294{
1295 s->uATARegSelect &= 0xf0; /* clear head */
1296 /* put signature */
1297 s->uATARegNSector = 1;
1298 s->uATARegSector = 1;
1299 if (s->fATAPI)
1300 {
1301 s->uATARegLCyl = 0x14;
1302 s->uATARegHCyl = 0xeb;
1303 }
1304 else if (s->pDrvBlock)
1305 {
1306 s->uATARegLCyl = 0;
1307 s->uATARegHCyl = 0;
1308 }
1309 else
1310 {
1311 s->uATARegLCyl = 0xff;
1312 s->uATARegHCyl = 0xff;
1313 }
1314}
1315
1316
1317static uint64_t ataGetSector(ATADevState *s)
1318{
1319 uint64_t iLBA;
1320 if (s->uATARegSelect & 0x40)
1321 {
1322 /* any LBA variant */
1323 if (s->fLBA48)
1324 {
1325 /* LBA48 */
1326 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1327 ((uint64_t)s->uATARegLCylHOB << 32) |
1328 ((uint64_t)s->uATARegSectorHOB << 24) |
1329 ((uint64_t)s->uATARegHCyl << 16) |
1330 ((uint64_t)s->uATARegLCyl << 8) |
1331 s->uATARegSector;
1332 }
1333 else
1334 {
1335 /* LBA */
1336 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1337 (s->uATARegLCyl << 8) | s->uATARegSector;
1338 }
1339 }
1340 else
1341 {
1342 /* CHS */
1343 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1344 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1345 (s->uATARegSector - 1);
1346 }
1347 return iLBA;
1348}
1349
1350static void ataSetSector(ATADevState *s, uint64_t iLBA)
1351{
1352 uint32_t cyl, r;
1353 if (s->uATARegSelect & 0x40)
1354 {
1355 /* any LBA variant */
1356 if (s->fLBA48)
1357 {
1358 /* LBA48 */
1359 s->uATARegHCylHOB = iLBA >> 40;
1360 s->uATARegLCylHOB = iLBA >> 32;
1361 s->uATARegSectorHOB = iLBA >> 24;
1362 s->uATARegHCyl = iLBA >> 16;
1363 s->uATARegLCyl = iLBA >> 8;
1364 s->uATARegSector = iLBA;
1365 }
1366 else
1367 {
1368 /* LBA */
1369 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1370 s->uATARegHCyl = (iLBA >> 16);
1371 s->uATARegLCyl = (iLBA >> 8);
1372 s->uATARegSector = (iLBA);
1373 }
1374 }
1375 else
1376 {
1377 /* CHS */
1378 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1379 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1380 s->uATARegHCyl = cyl >> 8;
1381 s->uATARegLCyl = cyl;
1382 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1383 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1384 }
1385}
1386
1387
1388static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1389{
1390 int rc;
1391 LogRel(("PIIX3 ATA: Host disk full\n"));
1392 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_DISKFULL",
1393 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1394 AssertRC(rc);
1395}
1396
1397static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1398{
1399 int rc;
1400 LogRel(("PIIX3 ATA: File too big\n"));
1401 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_FILETOOBIG",
1402 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1403 AssertRC(rc);
1404}
1405
1406static void ataWarningISCSI(PPDMDEVINS pDevIns)
1407{
1408 int rc;
1409 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1410 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_ISCSIDOWN",
1411 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1412 AssertRC(rc);
1413}
1414
1415/**
1416 * Suspend I/O operations on a controller. Also suspends EMT, because it's
1417 * waiting for I/O to make progress. The next attempt to perform an I/O
1418 * operation will be made when EMT is resumed up again (as the resume
1419 * callback below restarts I/O).
1420 *
1421 * @param pCtl Controller for which to suspend I/O.
1422 */
1423static void ataSuspendRedo(PATACONTROLLER pCtl)
1424{
1425 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
1426 int rc;
1427
1428 pCtl->fRedoIdle = true;
1429 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
1430 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
1431 AssertReleaseRC(rc);
1432}
1433
1434bool ataIsRedoSetWarning(ATADevState *s, int rc)
1435{
1436 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1437 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1438 if (rc == VERR_DISK_FULL)
1439 {
1440 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1441 ataSuspendRedo(pCtl);
1442 return true;
1443 }
1444 if (rc == VERR_FILE_TOO_BIG)
1445 {
1446 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1447 ataSuspendRedo(pCtl);
1448 return true;
1449 }
1450 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1451 {
1452 /* iSCSI connection abort (first error) or failure to reestablish
1453 * connection (second error). Pause VM. On resume we'll retry. */
1454 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1455 ataSuspendRedo(pCtl);
1456 return true;
1457 }
1458 return false;
1459}
1460
1461
1462static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors, bool *fRedo)
1463{
1464 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1465 int rc;
1466
1467 PDMCritSectLeave(&pCtl->lock);
1468
1469 STAM_PROFILE_ADV_START(&s->StatReads, r);
1470 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1471 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1472 s->Led.Actual.s.fReading = 0;
1473 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1474
1475 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1476
1477 if (RT_SUCCESS(rc))
1478 *fRedo = false;
1479 else
1480 *fRedo = ataIsRedoSetWarning(s, rc);
1481
1482 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1483 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1484 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1485 return rc;
1486}
1487
1488
1489static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors, bool *fRedo)
1490{
1491 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1492 int rc;
1493
1494 PDMCritSectLeave(&pCtl->lock);
1495
1496 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1497 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1498#ifdef VBOX_INSTRUMENT_DMA_WRITES
1499 if (s->fDMA)
1500 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1501#endif
1502 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1503#ifdef VBOX_INSTRUMENT_DMA_WRITES
1504 if (s->fDMA)
1505 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1506#endif
1507 s->Led.Actual.s.fWriting = 0;
1508 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1509
1510 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1511
1512 if (RT_SUCCESS(rc))
1513 *fRedo = false;
1514 else
1515 *fRedo = ataIsRedoSetWarning(s, rc);
1516
1517 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1518 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1519 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1520 return rc;
1521}
1522
1523
1524static void ataReadWriteSectorsBT(ATADevState *s)
1525{
1526 uint32_t cSectors;
1527
1528 cSectors = s->cbTotalTransfer / 512;
1529 if (cSectors > s->cSectorsPerIRQ)
1530 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1531 else
1532 s->cbElementaryTransfer = cSectors * 512;
1533 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1534 ataCmdOK(s, 0);
1535}
1536
1537
1538static bool ataReadSectorsSS(ATADevState *s)
1539{
1540 int rc;
1541 uint32_t cSectors;
1542 uint64_t iLBA;
1543 bool fRedo;
1544
1545 cSectors = s->cbElementaryTransfer / 512;
1546 Assert(cSectors);
1547 iLBA = ataGetSector(s);
1548 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1549 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1550 if (RT_SUCCESS(rc))
1551 {
1552 ataSetSector(s, iLBA + cSectors);
1553 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1554 s->iSourceSink = ATAFN_SS_NULL;
1555 ataCmdOK(s, ATA_STAT_SEEK);
1556 }
1557 else
1558 {
1559 if (fRedo)
1560 return fRedo;
1561 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1562 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1563 s->iLUN, rc, iLBA, cSectors));
1564
1565 /*
1566 * Check if we got interrupted. We don't need to set status variables
1567 * because the request was aborted.
1568 */
1569 if (rc != VERR_INTERRUPTED)
1570 ataCmdError(s, ID_ERR);
1571 }
1572 return false;
1573}
1574
1575
1576static bool ataWriteSectorsSS(ATADevState *s)
1577{
1578 int rc;
1579 uint32_t cSectors;
1580 uint64_t iLBA;
1581 bool fRedo;
1582
1583 cSectors = s->cbElementaryTransfer / 512;
1584 Assert(cSectors);
1585 iLBA = ataGetSector(s);
1586 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1587 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1588 if (RT_SUCCESS(rc))
1589 {
1590 ataSetSector(s, iLBA + cSectors);
1591 if (!s->cbTotalTransfer)
1592 s->iSourceSink = ATAFN_SS_NULL;
1593 ataCmdOK(s, ATA_STAT_SEEK);
1594 }
1595 else
1596 {
1597 if (fRedo)
1598 return fRedo;
1599 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1600 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1601 s->iLUN, rc, iLBA, cSectors));
1602
1603 /*
1604 * Check if we got interrupted. We don't need to set status variables
1605 * because the request was aborted.
1606 */
1607 if (rc != VERR_INTERRUPTED)
1608 ataCmdError(s, ID_ERR);
1609 }
1610 return false;
1611}
1612
1613
1614static void atapiCmdOK(ATADevState *s)
1615{
1616 s->uATARegError = 0;
1617 ataSetStatusValue(s, ATA_STAT_READY);
1618 s->uATARegNSector = (s->uATARegNSector & ~7)
1619 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1620 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1621 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1622
1623 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1624 s->abATAPISense[0] = 0x70 | (1 << 7);
1625 s->abATAPISense[7] = 10;
1626}
1627
1628
1629static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1630{
1631 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1632 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1633 s->uATARegError = pabATAPISense[2] << 4;
1634 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1635 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1636 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1637 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1638 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1639 s->cbTotalTransfer = 0;
1640 s->cbElementaryTransfer = 0;
1641 s->iIOBufferCur = 0;
1642 s->iIOBufferEnd = 0;
1643 s->uTxDir = PDMBLOCKTXDIR_NONE;
1644 s->iBeginTransfer = ATAFN_BT_NULL;
1645 s->iSourceSink = ATAFN_SS_NULL;
1646}
1647
1648
1649/** @todo deprecated function - doesn't provide enough info. Replace by direct
1650 * calls to atapiCmdError() with full data. */
1651static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1652{
1653 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1654 memset(abATAPISense, '\0', sizeof(abATAPISense));
1655 abATAPISense[0] = 0x70 | (1 << 7);
1656 abATAPISense[2] = uATAPISenseKey & 0x0f;
1657 abATAPISense[7] = 10;
1658 abATAPISense[12] = uATAPIASC;
1659 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1660}
1661
1662
1663static void atapiCmdBT(ATADevState *s)
1664{
1665 s->fATAPITransfer = true;
1666 s->cbElementaryTransfer = s->cbTotalTransfer;
1667 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1668 atapiCmdOK(s);
1669}
1670
1671
1672static void atapiPassthroughCmdBT(ATADevState *s)
1673{
1674 /* @todo implement an algorithm for correctly determining the read and
1675 * write sector size without sending additional commands to the drive.
1676 * This should be doable by saving processing the configuration requests
1677 * and replies. */
1678#if 0
1679 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1680 {
1681 uint8_t cmd = s->aATAPICmd[0];
1682 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1683 {
1684 uint8_t aModeSenseCmd[10];
1685 uint8_t aModeSenseResult[16];
1686 uint8_t uDummySense;
1687 uint32_t cbTransfer;
1688 int rc;
1689
1690 cbTransfer = sizeof(aModeSenseResult);
1691 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1692 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1693 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1694 aModeSenseCmd[3] = 0; /* subpage code */
1695 aModeSenseCmd[4] = 0; /* reserved */
1696 aModeSenseCmd[5] = 0; /* reserved */
1697 aModeSenseCmd[6] = 0; /* reserved */
1698 aModeSenseCmd[7] = cbTransfer >> 8;
1699 aModeSenseCmd[8] = cbTransfer & 0xff;
1700 aModeSenseCmd[9] = 0; /* control */
1701 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1702 if (RT_FAILURE(rc))
1703 {
1704 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1705 return;
1706 }
1707 /* Select sector size based on the current data block type. */
1708 switch (aModeSenseResult[12] & 0x0f)
1709 {
1710 case 0:
1711 s->cbATAPISector = 2352;
1712 break;
1713 case 1:
1714 s->cbATAPISector = 2368;
1715 break;
1716 case 2:
1717 case 3:
1718 s->cbATAPISector = 2448;
1719 break;
1720 case 8:
1721 case 10:
1722 s->cbATAPISector = 2048;
1723 break;
1724 case 9:
1725 s->cbATAPISector = 2336;
1726 break;
1727 case 11:
1728 s->cbATAPISector = 2056;
1729 break;
1730 case 12:
1731 s->cbATAPISector = 2324;
1732 break;
1733 case 13:
1734 s->cbATAPISector = 2332;
1735 break;
1736 default:
1737 s->cbATAPISector = 0;
1738 }
1739 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1740 s->cbTotalTransfer *= s->cbATAPISector;
1741 if (s->cbTotalTransfer == 0)
1742 s->uTxDir = PDMBLOCKTXDIR_NONE;
1743 }
1744 }
1745#endif
1746 atapiCmdBT(s);
1747}
1748
1749
1750static bool atapiReadSS(ATADevState *s)
1751{
1752 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1753 int rc = VINF_SUCCESS;
1754 uint32_t cbTransfer, cSectors;
1755
1756 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1757 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1758 cSectors = cbTransfer / s->cbATAPISector;
1759 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1760 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1761
1762 PDMCritSectLeave(&pCtl->lock);
1763
1764 STAM_PROFILE_ADV_START(&s->StatReads, r);
1765 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1766 switch (s->cbATAPISector)
1767 {
1768 case 2048:
1769 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1770 break;
1771 case 2352:
1772 {
1773 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1774
1775 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1776 {
1777 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1778 *pbBuf++ = 0x00;
1779 memset(pbBuf, 0xff, 10);
1780 pbBuf += 10;
1781 *pbBuf++ = 0x00;
1782 /* MSF */
1783 ataLBA2MSF(pbBuf, i);
1784 pbBuf += 3;
1785 *pbBuf++ = 0x01; /* mode 1 data */
1786 /* data */
1787 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1788 if (RT_FAILURE(rc))
1789 break;
1790 pbBuf += 2048;
1791 /**
1792 * @todo: maybe compute ECC and parity, layout is:
1793 * 2072 4 EDC
1794 * 2076 172 P parity symbols
1795 * 2248 104 Q parity symbols
1796 */
1797 memset(pbBuf, 0, 280);
1798 pbBuf += 280;
1799 }
1800 }
1801 break;
1802 default:
1803 break;
1804 }
1805 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1806
1807 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1808 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1809 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1810
1811 if (RT_SUCCESS(rc))
1812 {
1813 s->Led.Actual.s.fReading = 0;
1814 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1815
1816 /* The initial buffer end value has been set up based on the total
1817 * transfer size. But the I/O buffer size limits what can actually be
1818 * done in one transfer, so set the actual value of the buffer end. */
1819 s->cbElementaryTransfer = cbTransfer;
1820 if (cbTransfer >= s->cbTotalTransfer)
1821 s->iSourceSink = ATAFN_SS_NULL;
1822 atapiCmdOK(s);
1823 s->iATAPILBA += cSectors;
1824 }
1825 else
1826 {
1827 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1828 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1829
1830 /*
1831 * Check if we got interrupted. We don't need to set status variables
1832 * because the request was aborted.
1833 */
1834 if (rc != VERR_INTERRUPTED)
1835 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1836 }
1837 return false;
1838}
1839
1840
1841static bool atapiPassthroughSS(ATADevState *s)
1842{
1843 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1844 int rc = VINF_SUCCESS;
1845 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1846 uint32_t cbTransfer;
1847 PSTAMPROFILEADV pProf = NULL;
1848
1849 cbTransfer = s->cbElementaryTransfer;
1850
1851 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1852 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1853
1854 /* Simple heuristics: if there is at least one sector of data
1855 * to transfer, it's worth updating the LEDs. */
1856 if (cbTransfer >= 2048)
1857 {
1858 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1859 {
1860 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1861 pProf = &s->StatReads;
1862 }
1863 else
1864 {
1865 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1866 pProf = &s->StatWrites;
1867 }
1868 }
1869
1870 PDMCritSectLeave(&pCtl->lock);
1871
1872 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1873 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1874 {
1875 /* Linux accepts commands with up to 100KB of data, but expects
1876 * us to handle commands with up to 128KB of data. The usual
1877 * imbalance of powers. */
1878 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1879 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1880 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1881
1882 switch (s->aATAPICmd[0])
1883 {
1884 case SCSI_READ_10:
1885 case SCSI_WRITE_10:
1886 case SCSI_WRITE_AND_VERIFY_10:
1887 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1888 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1889 break;
1890 case SCSI_READ_12:
1891 case SCSI_WRITE_12:
1892 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1893 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1894 break;
1895 case SCSI_READ_CD:
1896 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1897 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1898 break;
1899 case SCSI_READ_CD_MSF:
1900 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1901 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1902 break;
1903 default:
1904 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1905 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1906 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1907 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1908 {
1909 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1910 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1911 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1912 }
1913 return false;
1914 }
1915 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1916 cReqSectors = 0;
1917 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1918 {
1919 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1920 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1921 else
1922 cReqSectors = i;
1923 cbCurrTX = s->cbATAPISector * cReqSectors;
1924 switch (s->aATAPICmd[0])
1925 {
1926 case SCSI_READ_10:
1927 case SCSI_WRITE_10:
1928 case SCSI_WRITE_AND_VERIFY_10:
1929 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1930 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1931 break;
1932 case SCSI_READ_12:
1933 case SCSI_WRITE_12:
1934 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1935 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1936 break;
1937 case SCSI_READ_CD:
1938 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1939 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1940 break;
1941 case SCSI_READ_CD_MSF:
1942 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1943 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1944 break;
1945 }
1946 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1947 if (rc != VINF_SUCCESS)
1948 break;
1949 iATAPILBA += cReqSectors;
1950 pbBuf += s->cbATAPISector * cReqSectors;
1951 }
1952 }
1953 else
1954 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1955 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1956
1957 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1958 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1959 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1960
1961 /* Update the LEDs and the read/write statistics. */
1962 if (cbTransfer >= 2048)
1963 {
1964 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1965 {
1966 s->Led.Actual.s.fReading = 0;
1967 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
1968 }
1969 else
1970 {
1971 s->Led.Actual.s.fWriting = 0;
1972 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
1973 }
1974 }
1975
1976 if (RT_SUCCESS(rc))
1977 {
1978 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
1979 {
1980 Assert(cbTransfer <= s->cbTotalTransfer);
1981 /* Reply with the same amount of data as the real drive. */
1982 s->cbTotalTransfer = cbTransfer;
1983 /* The initial buffer end value has been set up based on the total
1984 * transfer size. But the I/O buffer size limits what can actually be
1985 * done in one transfer, so set the actual value of the buffer end. */
1986 s->cbElementaryTransfer = cbTransfer;
1987 if (s->aATAPICmd[0] == SCSI_INQUIRY)
1988 {
1989 /* Make sure that the real drive cannot be identified.
1990 * Motivation: changing the VM configuration should be as
1991 * invisible as possible to the guest. */
1992 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1993 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
1994 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
1995 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
1996 }
1997 if (cbTransfer)
1998 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1999 }
2000 s->iSourceSink = ATAFN_SS_NULL;
2001 atapiCmdOK(s);
2002 }
2003 else
2004 {
2005 if (s->cErrors < MAX_LOG_REL_ERRORS)
2006 {
2007 uint8_t u8Cmd = s->aATAPICmd[0];
2008 do
2009 {
2010 /* don't log superflous errors */
2011 if ( rc == VERR_DEV_IO_ERROR
2012 && ( u8Cmd == SCSI_TEST_UNIT_READY
2013 || u8Cmd == SCSI_READ_CAPACITY
2014 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2015 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2016 break;
2017 s->cErrors++;
2018 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2019 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2020 } while (0);
2021 }
2022 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2023 }
2024 return false;
2025}
2026
2027/** @todo: Revise ASAP. */
2028static bool atapiReadDVDStructureSS(ATADevState *s)
2029{
2030 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2031 int media = s->aATAPICmd[1];
2032 int format = s->aATAPICmd[7];
2033
2034 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2035
2036 memset(buf, 0, max_len);
2037
2038 switch (format) {
2039 case 0x00:
2040 case 0x01:
2041 case 0x02:
2042 case 0x03:
2043 case 0x04:
2044 case 0x05:
2045 case 0x06:
2046 case 0x07:
2047 case 0x08:
2048 case 0x09:
2049 case 0x0a:
2050 case 0x0b:
2051 case 0x0c:
2052 case 0x0d:
2053 case 0x0e:
2054 case 0x0f:
2055 case 0x10:
2056 case 0x11:
2057 case 0x30:
2058 case 0x31:
2059 case 0xff:
2060 if (media == 0)
2061 {
2062 int uASC = SCSI_ASC_NONE;
2063
2064 switch (format)
2065 {
2066 case 0x0: /* Physical format information */
2067 {
2068 int layer = s->aATAPICmd[6];
2069 uint64_t total_sectors;
2070
2071 if (layer != 0)
2072 {
2073 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2074 break;
2075 }
2076
2077 total_sectors = s->cTotalSectors;
2078 total_sectors >>= 2;
2079 if (total_sectors == 0)
2080 {
2081 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2082 break;
2083 }
2084
2085 buf[4] = 1; /* DVD-ROM, part version 1 */
2086 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2087 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2088 buf[7] = 0; /* default densities */
2089
2090 /* FIXME: 0x30000 per spec? */
2091 ataH2BE_U32(buf + 8, 0); /* start sector */
2092 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2093 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2094
2095 /* Size of buffer, not including 2 byte size field */
2096 ataH2BE_U32(&buf[0], 2048 + 2);
2097
2098 /* 2k data + 4 byte header */
2099 uASC = (2048 + 4);
2100 }
2101 break;
2102 case 0x01: /* DVD copyright information */
2103 buf[4] = 0; /* no copyright data */
2104 buf[5] = 0; /* no region restrictions */
2105
2106 /* Size of buffer, not including 2 byte size field */
2107 ataH2BE_U16(buf, 4 + 2);
2108
2109 /* 4 byte header + 4 byte data */
2110 uASC = (4 + 4);
2111
2112 case 0x03: /* BCA information - invalid field for no BCA info */
2113 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2114 break;
2115
2116 case 0x04: /* DVD disc manufacturing information */
2117 /* Size of buffer, not including 2 byte size field */
2118 ataH2BE_U16(buf, 2048 + 2);
2119
2120 /* 2k data + 4 byte header */
2121 uASC = (2048 + 4);
2122 break;
2123 case 0xff:
2124 /*
2125 * This lists all the command capabilities above. Add new ones
2126 * in order and update the length and buffer return values.
2127 */
2128
2129 buf[4] = 0x00; /* Physical format */
2130 buf[5] = 0x40; /* Not writable, is readable */
2131 ataH2BE_U16((buf + 6), 2048 + 4);
2132
2133 buf[8] = 0x01; /* Copyright info */
2134 buf[9] = 0x40; /* Not writable, is readable */
2135 ataH2BE_U16((buf + 10), 4 + 4);
2136
2137 buf[12] = 0x03; /* BCA info */
2138 buf[13] = 0x40; /* Not writable, is readable */
2139 ataH2BE_U16((buf + 14), 188 + 4);
2140
2141 buf[16] = 0x04; /* Manufacturing info */
2142 buf[17] = 0x40; /* Not writable, is readable */
2143 ataH2BE_U16((buf + 18), 2048 + 4);
2144
2145 /* Size of buffer, not including 2 byte size field */
2146 ataH2BE_U16(buf, 16 + 2);
2147
2148 /* data written + 4 byte header */
2149 uASC = (16 + 4);
2150 break;
2151 default: /* TODO: formats beyond DVD-ROM requires */
2152 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2153 }
2154
2155 if (uASC < 0)
2156 {
2157 s->iSourceSink = ATAFN_SS_NULL;
2158 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2159 return false;
2160 }
2161 break;
2162 }
2163 /* TODO: BD support, fall through for now */
2164
2165 /* Generic disk structures */
2166 case 0x80: /* TODO: AACS volume identifier */
2167 case 0x81: /* TODO: AACS media serial number */
2168 case 0x82: /* TODO: AACS media identifier */
2169 case 0x83: /* TODO: AACS media key block */
2170 case 0x90: /* TODO: List of recognized format layers */
2171 case 0xc0: /* TODO: Write protection status */
2172 default:
2173 s->iSourceSink = ATAFN_SS_NULL;
2174 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2175 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2176 return false;
2177 }
2178
2179 s->iSourceSink = ATAFN_SS_NULL;
2180 atapiCmdOK(s);
2181 return false;
2182}
2183
2184static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2185{
2186 Assert(cSectors > 0);
2187 s->iATAPILBA = iATAPILBA;
2188 s->cbATAPISector = cbSector;
2189 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2190 return false;
2191}
2192
2193
2194static bool atapiReadCapacitySS(ATADevState *s)
2195{
2196 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2197
2198 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2199 Assert(s->cbElementaryTransfer <= 8);
2200 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2201 ataH2BE_U32(pbBuf + 4, 2048);
2202 s->iSourceSink = ATAFN_SS_NULL;
2203 atapiCmdOK(s);
2204 return false;
2205}
2206
2207
2208static bool atapiReadDiscInformationSS(ATADevState *s)
2209{
2210 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2211
2212 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2213 Assert(s->cbElementaryTransfer <= 34);
2214 memset(pbBuf, '\0', 34);
2215 ataH2BE_U16(pbBuf, 32);
2216 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2217 pbBuf[3] = 1; /* number of first track */
2218 pbBuf[4] = 1; /* number of sessions (LSB) */
2219 pbBuf[5] = 1; /* first track number in last session (LSB) */
2220 pbBuf[6] = 1; /* last track number in last session (LSB) */
2221 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2222 pbBuf[8] = 0; /* disc type = CD-ROM */
2223 pbBuf[9] = 0; /* number of sessions (MSB) */
2224 pbBuf[10] = 0; /* number of sessions (MSB) */
2225 pbBuf[11] = 0; /* number of sessions (MSB) */
2226 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2227 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2228 s->iSourceSink = ATAFN_SS_NULL;
2229 atapiCmdOK(s);
2230 return false;
2231}
2232
2233
2234static bool atapiReadTrackInformationSS(ATADevState *s)
2235{
2236 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2237
2238 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2239 Assert(s->cbElementaryTransfer <= 36);
2240 /* Accept address/number type of 1 only, and only track 1 exists. */
2241 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2242 {
2243 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2244 return false;
2245 }
2246 memset(pbBuf, '\0', 36);
2247 ataH2BE_U16(pbBuf, 34);
2248 pbBuf[2] = 1; /* track number (LSB) */
2249 pbBuf[3] = 1; /* session number (LSB) */
2250 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2251 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2252 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2253 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2254 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2255 pbBuf[32] = 0; /* track number (MSB) */
2256 pbBuf[33] = 0; /* session number (MSB) */
2257 s->iSourceSink = ATAFN_SS_NULL;
2258 atapiCmdOK(s);
2259 return false;
2260}
2261
2262
2263static bool atapiGetConfigurationSS(ATADevState *s)
2264{
2265 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2266 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2267
2268 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2269 Assert(s->cbElementaryTransfer <= 32);
2270 /* Accept valid request types only, and only starting feature 0. */
2271 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2272 {
2273 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2274 return false;
2275 }
2276 memset(pbBuf, '\0', 32);
2277 ataH2BE_U32(pbBuf, 16);
2278 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2279 * way to differentiate them right now is based on the image size). Also
2280 * implement signalling "no current profile" if no medium is loaded. */
2281 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2282
2283 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2284 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2285 pbBuf[11] = 8; /* additional bytes for profiles */
2286 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2287 * before CD-ROM read capability. */
2288 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2289 pbBuf[14] = (0 << 0); /* NOT current profile */
2290 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2291 pbBuf[18] = (1 << 0); /* current profile */
2292 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2293 s->iSourceSink = ATAFN_SS_NULL;
2294 atapiCmdOK(s);
2295 return false;
2296}
2297
2298
2299static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2300{
2301 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2302
2303 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2304 Assert(s->cbElementaryTransfer <= 8);
2305
2306 if (!(s->aATAPICmd[1] & 1))
2307 {
2308 /* no asynchronous operation supported */
2309 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2310 return false;
2311 }
2312
2313 uint32_t OldStatus, NewStatus;
2314 do
2315 {
2316 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2317 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2318 switch (OldStatus)
2319 {
2320 case ATA_EVENT_STATUS_MEDIA_NEW:
2321 /* mount */
2322 ataH2BE_U16(pbBuf + 0, 6);
2323 pbBuf[2] = 0x04;
2324 pbBuf[3] = 0x5e;
2325 pbBuf[4] = 0x02;
2326 pbBuf[5] = 0x02;
2327 pbBuf[6] = 0x00;
2328 pbBuf[7] = 0x00;
2329 break;
2330
2331 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2332 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2333 /* umount */
2334 ataH2BE_U16(pbBuf + 0, 6);
2335 pbBuf[2] = 0x04;
2336 pbBuf[3] = 0x5e;
2337 pbBuf[4] = 0x03;
2338 pbBuf[5] = 0x00;
2339 pbBuf[6] = 0x00;
2340 pbBuf[7] = 0x00;
2341 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2342 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2343 break;
2344
2345 case ATA_EVENT_STATUS_UNCHANGED:
2346 default:
2347 ataH2BE_U16(pbBuf + 0, 6);
2348 pbBuf[2] = 0x01;
2349 pbBuf[3] = 0x5e;
2350 pbBuf[4] = 0x00;
2351 pbBuf[5] = 0x00;
2352 pbBuf[6] = 0x00;
2353 pbBuf[7] = 0x00;
2354 break;
2355 }
2356 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2357
2358 s->iSourceSink = ATAFN_SS_NULL;
2359 atapiCmdOK(s);
2360 return false;
2361}
2362
2363
2364static bool atapiInquirySS(ATADevState *s)
2365{
2366 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2367
2368 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2369 Assert(s->cbElementaryTransfer <= 36);
2370 pbBuf[0] = 0x05; /* CD-ROM */
2371 pbBuf[1] = 0x80; /* removable */
2372#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2373 pbBuf[2] = 0x00; /* ISO */
2374 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2375#else
2376 pbBuf[2] = 0x00; /* ISO */
2377 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2378#endif
2379 pbBuf[4] = 31; /* additional length */
2380 pbBuf[5] = 0; /* reserved */
2381 pbBuf[6] = 0; /* reserved */
2382 pbBuf[7] = 0; /* reserved */
2383 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2384 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2385 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2386 s->iSourceSink = ATAFN_SS_NULL;
2387 atapiCmdOK(s);
2388 return false;
2389}
2390
2391
2392static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2393{
2394 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2395
2396 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2397 Assert(s->cbElementaryTransfer <= 16);
2398 ataH2BE_U16(&pbBuf[0], 16 + 6);
2399 pbBuf[2] = 0x70;
2400 pbBuf[3] = 0;
2401 pbBuf[4] = 0;
2402 pbBuf[5] = 0;
2403 pbBuf[6] = 0;
2404 pbBuf[7] = 0;
2405
2406 pbBuf[8] = 0x01;
2407 pbBuf[9] = 0x06;
2408 pbBuf[10] = 0x00;
2409 pbBuf[11] = 0x05;
2410 pbBuf[12] = 0x00;
2411 pbBuf[13] = 0x00;
2412 pbBuf[14] = 0x00;
2413 pbBuf[15] = 0x00;
2414 s->iSourceSink = ATAFN_SS_NULL;
2415 atapiCmdOK(s);
2416 return false;
2417}
2418
2419
2420static bool atapiModeSenseCDStatusSS(ATADevState *s)
2421{
2422 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2423
2424 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2425 Assert(s->cbElementaryTransfer <= 40);
2426 ataH2BE_U16(&pbBuf[0], 38);
2427 pbBuf[2] = 0x70;
2428 pbBuf[3] = 0;
2429 pbBuf[4] = 0;
2430 pbBuf[5] = 0;
2431 pbBuf[6] = 0;
2432 pbBuf[7] = 0;
2433
2434 pbBuf[8] = 0x2a;
2435 pbBuf[9] = 30; /* page length */
2436 pbBuf[10] = 0x08; /* DVD-ROM read support */
2437 pbBuf[11] = 0x00; /* no write support */
2438 /* The following claims we support audio play. This is obviously false,
2439 * but the Linux generic CDROM support makes many features depend on this
2440 * capability. If it's not set, this causes many things to be disabled. */
2441 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2442 pbBuf[13] = 0x00; /* no subchannel reads supported */
2443 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2444 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2445 pbBuf[14] |= 1 << 1; /* report lock state */
2446 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2447 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2448 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2449 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2450 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2451 pbBuf[24] = 0; /* reserved */
2452 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2453 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2454 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2455 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2456 pbBuf[32] = 0; /* reserved */
2457 pbBuf[33] = 0; /* reserved */
2458 pbBuf[34] = 0; /* reserved */
2459 pbBuf[35] = 1; /* rotation control CAV */
2460 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2461 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2462 s->iSourceSink = ATAFN_SS_NULL;
2463 atapiCmdOK(s);
2464 return false;
2465}
2466
2467
2468static bool atapiRequestSenseSS(ATADevState *s)
2469{
2470 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2471
2472 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2473 memset(pbBuf, '\0', s->cbElementaryTransfer);
2474 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2475 s->iSourceSink = ATAFN_SS_NULL;
2476 atapiCmdOK(s);
2477 return false;
2478}
2479
2480
2481static bool atapiMechanismStatusSS(ATADevState *s)
2482{
2483 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2484
2485 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2486 Assert(s->cbElementaryTransfer <= 8);
2487 ataH2BE_U16(pbBuf, 0);
2488 /* no current LBA */
2489 pbBuf[2] = 0;
2490 pbBuf[3] = 0;
2491 pbBuf[4] = 0;
2492 pbBuf[5] = 1;
2493 ataH2BE_U16(pbBuf + 6, 0);
2494 s->iSourceSink = ATAFN_SS_NULL;
2495 atapiCmdOK(s);
2496 return false;
2497}
2498
2499
2500static bool atapiReadTOCNormalSS(ATADevState *s)
2501{
2502 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2503 bool fMSF;
2504 uint32_t cbSize;
2505
2506 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2507 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2508 iStartTrack = s->aATAPICmd[6];
2509 if (iStartTrack > 1 && iStartTrack != 0xaa)
2510 {
2511 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2512 return false;
2513 }
2514 q = pbBuf + 2;
2515 *q++ = 1; /* first session */
2516 *q++ = 1; /* last session */
2517 if (iStartTrack <= 1)
2518 {
2519 *q++ = 0; /* reserved */
2520 *q++ = 0x14; /* ADR, control */
2521 *q++ = 1; /* track number */
2522 *q++ = 0; /* reserved */
2523 if (fMSF)
2524 {
2525 *q++ = 0; /* reserved */
2526 ataLBA2MSF(q, 0);
2527 q += 3;
2528 }
2529 else
2530 {
2531 /* sector 0 */
2532 ataH2BE_U32(q, 0);
2533 q += 4;
2534 }
2535 }
2536 /* lead out track */
2537 *q++ = 0; /* reserved */
2538 *q++ = 0x14; /* ADR, control */
2539 *q++ = 0xaa; /* track number */
2540 *q++ = 0; /* reserved */
2541 if (fMSF)
2542 {
2543 *q++ = 0; /* reserved */
2544 ataLBA2MSF(q, s->cTotalSectors);
2545 q += 3;
2546 }
2547 else
2548 {
2549 ataH2BE_U32(q, s->cTotalSectors);
2550 q += 4;
2551 }
2552 cbSize = q - pbBuf;
2553 ataH2BE_U16(pbBuf, cbSize - 2);
2554 if (cbSize < s->cbTotalTransfer)
2555 s->cbTotalTransfer = cbSize;
2556 s->iSourceSink = ATAFN_SS_NULL;
2557 atapiCmdOK(s);
2558 return false;
2559}
2560
2561
2562static bool atapiReadTOCMultiSS(ATADevState *s)
2563{
2564 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2565 bool fMSF;
2566
2567 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2568 Assert(s->cbElementaryTransfer <= 12);
2569 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2570 /* multi session: only a single session defined */
2571/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2572 memset(pbBuf, 0, 12);
2573 pbBuf[1] = 0x0a;
2574 pbBuf[2] = 0x01;
2575 pbBuf[3] = 0x01;
2576 pbBuf[5] = 0x14; /* ADR, control */
2577 pbBuf[6] = 1; /* first track in last complete session */
2578 if (fMSF)
2579 {
2580 pbBuf[8] = 0; /* reserved */
2581 ataLBA2MSF(&pbBuf[9], 0);
2582 }
2583 else
2584 {
2585 /* sector 0 */
2586 ataH2BE_U32(pbBuf + 8, 0);
2587 }
2588 s->iSourceSink = ATAFN_SS_NULL;
2589 atapiCmdOK(s);
2590 return false;
2591}
2592
2593
2594static bool atapiReadTOCRawSS(ATADevState *s)
2595{
2596 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2597 bool fMSF;
2598 uint32_t cbSize;
2599
2600 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2601 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2602 iStartTrack = s->aATAPICmd[6];
2603
2604 q = pbBuf + 2;
2605 *q++ = 1; /* first session */
2606 *q++ = 1; /* last session */
2607
2608 *q++ = 1; /* session number */
2609 *q++ = 0x14; /* data track */
2610 *q++ = 0; /* track number */
2611 *q++ = 0xa0; /* first track in program area */
2612 *q++ = 0; /* min */
2613 *q++ = 0; /* sec */
2614 *q++ = 0; /* frame */
2615 *q++ = 0;
2616 *q++ = 1; /* first track */
2617 *q++ = 0x00; /* disk type CD-DA or CD data */
2618 *q++ = 0;
2619
2620 *q++ = 1; /* session number */
2621 *q++ = 0x14; /* data track */
2622 *q++ = 0; /* track number */
2623 *q++ = 0xa1; /* last track in program area */
2624 *q++ = 0; /* min */
2625 *q++ = 0; /* sec */
2626 *q++ = 0; /* frame */
2627 *q++ = 0;
2628 *q++ = 1; /* last track */
2629 *q++ = 0;
2630 *q++ = 0;
2631
2632 *q++ = 1; /* session number */
2633 *q++ = 0x14; /* data track */
2634 *q++ = 0; /* track number */
2635 *q++ = 0xa2; /* lead-out */
2636 *q++ = 0; /* min */
2637 *q++ = 0; /* sec */
2638 *q++ = 0; /* frame */
2639 if (fMSF)
2640 {
2641 *q++ = 0; /* reserved */
2642 ataLBA2MSF(q, s->cTotalSectors);
2643 q += 3;
2644 }
2645 else
2646 {
2647 ataH2BE_U32(q, s->cTotalSectors);
2648 q += 4;
2649 }
2650
2651 *q++ = 1; /* session number */
2652 *q++ = 0x14; /* ADR, control */
2653 *q++ = 0; /* track number */
2654 *q++ = 1; /* point */
2655 *q++ = 0; /* min */
2656 *q++ = 0; /* sec */
2657 *q++ = 0; /* frame */
2658 if (fMSF)
2659 {
2660 *q++ = 0; /* reserved */
2661 ataLBA2MSF(q, 0);
2662 q += 3;
2663 }
2664 else
2665 {
2666 /* sector 0 */
2667 ataH2BE_U32(q, 0);
2668 q += 4;
2669 }
2670
2671 cbSize = q - pbBuf;
2672 ataH2BE_U16(pbBuf, cbSize - 2);
2673 if (cbSize < s->cbTotalTransfer)
2674 s->cbTotalTransfer = cbSize;
2675 s->iSourceSink = ATAFN_SS_NULL;
2676 atapiCmdOK(s);
2677 return false;
2678}
2679
2680
2681static void atapiParseCmdVirtualATAPI(ATADevState *s)
2682{
2683 const uint8_t *pbPacket;
2684 uint8_t *pbBuf;
2685 uint32_t cbMax;
2686
2687 pbPacket = s->aATAPICmd;
2688 pbBuf = s->CTX_SUFF(pbIOBuffer);
2689 switch (pbPacket[0])
2690 {
2691 case SCSI_TEST_UNIT_READY:
2692 if (s->cNotifiedMediaChange > 0)
2693 {
2694 if (s->cNotifiedMediaChange-- > 2)
2695 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2696 else
2697 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2698 }
2699 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2700 atapiCmdOK(s);
2701 else
2702 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2703 break;
2704 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2705 cbMax = ataBE2H_U16(pbPacket + 7);
2706 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2707 break;
2708 case SCSI_MODE_SENSE_10:
2709 {
2710 uint8_t uPageControl, uPageCode;
2711 cbMax = ataBE2H_U16(pbPacket + 7);
2712 uPageControl = pbPacket[2] >> 6;
2713 uPageCode = pbPacket[2] & 0x3f;
2714 switch (uPageControl)
2715 {
2716 case SCSI_PAGECONTROL_CURRENT:
2717 switch (uPageCode)
2718 {
2719 case SCSI_MODEPAGE_ERROR_RECOVERY:
2720 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2721 break;
2722 case SCSI_MODEPAGE_CD_STATUS:
2723 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2724 break;
2725 default:
2726 goto error_cmd;
2727 }
2728 break;
2729 case SCSI_PAGECONTROL_CHANGEABLE:
2730 goto error_cmd;
2731 case SCSI_PAGECONTROL_DEFAULT:
2732 goto error_cmd;
2733 default:
2734 case SCSI_PAGECONTROL_SAVED:
2735 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2736 break;
2737 }
2738 }
2739 break;
2740 case SCSI_REQUEST_SENSE:
2741 cbMax = pbPacket[4];
2742 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2743 break;
2744 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2745 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2746 {
2747 if (pbPacket[4] & 1)
2748 s->pDrvMount->pfnLock(s->pDrvMount);
2749 else
2750 s->pDrvMount->pfnUnlock(s->pDrvMount);
2751 atapiCmdOK(s);
2752 }
2753 else
2754 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2755 break;
2756 case SCSI_READ_10:
2757 case SCSI_READ_12:
2758 {
2759 uint32_t cSectors, iATAPILBA;
2760
2761 if (s->cNotifiedMediaChange > 0)
2762 {
2763 s->cNotifiedMediaChange-- ;
2764 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2765 break;
2766 }
2767 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2768 {
2769 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2770 break;
2771 }
2772 if (pbPacket[0] == SCSI_READ_10)
2773 cSectors = ataBE2H_U16(pbPacket + 7);
2774 else
2775 cSectors = ataBE2H_U32(pbPacket + 6);
2776 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2777 if (cSectors == 0)
2778 {
2779 atapiCmdOK(s);
2780 break;
2781 }
2782 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2783 {
2784 /* Rate limited logging, one log line per second. For
2785 * guests that insist on reading from places outside the
2786 * valid area this often generates too many release log
2787 * entries otherwise. */
2788 static uint64_t uLastLogTS = 0;
2789 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2790 {
2791 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2792 uLastLogTS = RTTimeMilliTS();
2793 }
2794 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2795 break;
2796 }
2797 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2798 }
2799 break;
2800 case SCSI_READ_CD:
2801 {
2802 uint32_t cSectors, iATAPILBA;
2803
2804 if (s->cNotifiedMediaChange > 0)
2805 {
2806 s->cNotifiedMediaChange-- ;
2807 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2808 break;
2809 }
2810 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2811 {
2812 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2813 break;
2814 }
2815 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2816 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2817 if (cSectors == 0)
2818 {
2819 atapiCmdOK(s);
2820 break;
2821 }
2822 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2823 {
2824 /* Rate limited logging, one log line per second. For
2825 * guests that insist on reading from places outside the
2826 * valid area this often generates too many release log
2827 * entries otherwise. */
2828 static uint64_t uLastLogTS = 0;
2829 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2830 {
2831 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2832 uLastLogTS = RTTimeMilliTS();
2833 }
2834 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2835 break;
2836 }
2837 switch (pbPacket[9] & 0xf8)
2838 {
2839 case 0x00:
2840 /* nothing */
2841 atapiCmdOK(s);
2842 break;
2843 case 0x10:
2844 /* normal read */
2845 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2846 break;
2847 case 0xf8:
2848 /* read all data */
2849 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2850 break;
2851 default:
2852 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2853 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2854 break;
2855 }
2856 }
2857 break;
2858 case SCSI_SEEK_10:
2859 {
2860 uint32_t iATAPILBA;
2861 if (s->cNotifiedMediaChange > 0)
2862 {
2863 s->cNotifiedMediaChange-- ;
2864 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2865 break;
2866 }
2867 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2868 {
2869 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2870 break;
2871 }
2872 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2873 if (iATAPILBA > s->cTotalSectors)
2874 {
2875 /* Rate limited logging, one log line per second. For
2876 * guests that insist on seeking to places outside the
2877 * valid area this often generates too many release log
2878 * entries otherwise. */
2879 static uint64_t uLastLogTS = 0;
2880 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2881 {
2882 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2883 uLastLogTS = RTTimeMilliTS();
2884 }
2885 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2886 break;
2887 }
2888 atapiCmdOK(s);
2889 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2890 }
2891 break;
2892 case SCSI_START_STOP_UNIT:
2893 {
2894 int rc = VINF_SUCCESS;
2895 switch (pbPacket[4] & 3)
2896 {
2897 case 0: /* 00 - Stop motor */
2898 case 1: /* 01 - Start motor */
2899 break;
2900 case 2: /* 10 - Eject media */
2901 /* This must be done from EMT. */
2902 {
2903 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2904 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2905
2906 PDMCritSectLeave(&pCtl->lock);
2907 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
2908 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2909 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED));
2910 {
2911 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2912 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2913 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2914 }
2915 }
2916 break;
2917 case 3: /* 11 - Load media */
2918 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2919 break;
2920 }
2921 if (RT_SUCCESS(rc))
2922 atapiCmdOK(s);
2923 else
2924 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2925 }
2926 break;
2927 case SCSI_MECHANISM_STATUS:
2928 {
2929 cbMax = ataBE2H_U16(pbPacket + 8);
2930 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2931 }
2932 break;
2933 case SCSI_READ_TOC_PMA_ATIP:
2934 {
2935 uint8_t format;
2936
2937 if (s->cNotifiedMediaChange > 0)
2938 {
2939 s->cNotifiedMediaChange-- ;
2940 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2941 break;
2942 }
2943 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2944 {
2945 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2946 break;
2947 }
2948 cbMax = ataBE2H_U16(pbPacket + 7);
2949 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2950 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2951 * the other field is clear... */
2952 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2953 switch (format)
2954 {
2955 case 0:
2956 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
2957 break;
2958 case 1:
2959 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
2960 break;
2961 case 2:
2962 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
2963 break;
2964 default:
2965 error_cmd:
2966 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2967 break;
2968 }
2969 }
2970 break;
2971 case SCSI_READ_CAPACITY:
2972 if (s->cNotifiedMediaChange > 0)
2973 {
2974 s->cNotifiedMediaChange-- ;
2975 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2976 break;
2977 }
2978 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2979 {
2980 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2981 break;
2982 }
2983 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
2984 break;
2985 case SCSI_READ_DISC_INFORMATION:
2986 if (s->cNotifiedMediaChange > 0)
2987 {
2988 s->cNotifiedMediaChange-- ;
2989 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2990 break;
2991 }
2992 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2993 {
2994 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2995 break;
2996 }
2997 cbMax = ataBE2H_U16(pbPacket + 7);
2998 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
2999 break;
3000 case SCSI_READ_TRACK_INFORMATION:
3001 if (s->cNotifiedMediaChange > 0)
3002 {
3003 s->cNotifiedMediaChange-- ;
3004 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3005 break;
3006 }
3007 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3008 {
3009 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3010 break;
3011 }
3012 cbMax = ataBE2H_U16(pbPacket + 7);
3013 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3014 break;
3015 case SCSI_GET_CONFIGURATION:
3016 /* No media change stuff here, it can confuse Linux guests. */
3017 cbMax = ataBE2H_U16(pbPacket + 7);
3018 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3019 break;
3020 case SCSI_INQUIRY:
3021 cbMax = ataBE2H_U16(pbPacket + 3);
3022 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3023 break;
3024 case SCSI_READ_DVD_STRUCTURE:
3025 {
3026 /* Only available for ICH6 for now. */
3027 PCIATAState *pDevice = PDMINS_2_DATA(s->CTX_SUFF(pDevIns), PCIATAState *);
3028
3029 if ( (PCIDevGetVendorId(&pDevice->dev) == 0x8086)
3030 && (PCIDevGetDeviceId(&pDevice->dev) == 0x269e))
3031 {
3032 cbMax = ataBE2H_U16(pbPacket + 8);
3033 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3034 }
3035 else
3036 {
3037 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3038 }
3039 break;
3040 }
3041 default:
3042 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3043 break;
3044 }
3045}
3046
3047
3048/*
3049 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3050 */
3051static void atapiParseCmdPassthrough(ATADevState *s)
3052{
3053 const uint8_t *pbPacket;
3054 uint8_t *pbBuf;
3055 uint32_t cSectors, iATAPILBA;
3056 uint32_t cbTransfer = 0;
3057 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3058
3059 pbPacket = s->aATAPICmd;
3060 pbBuf = s->CTX_SUFF(pbIOBuffer);
3061 switch (pbPacket[0])
3062 {
3063 case SCSI_BLANK:
3064 goto sendcmd;
3065 case SCSI_CLOSE_TRACK_SESSION:
3066 goto sendcmd;
3067 case SCSI_ERASE_10:
3068 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3069 cbTransfer = ataBE2H_U16(pbPacket + 7);
3070 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3071 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3072 goto sendcmd;
3073 case SCSI_FORMAT_UNIT:
3074 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3075 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3076 goto sendcmd;
3077 case SCSI_GET_CONFIGURATION:
3078 cbTransfer = ataBE2H_U16(pbPacket + 7);
3079 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3080 goto sendcmd;
3081 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3082 cbTransfer = ataBE2H_U16(pbPacket + 7);
3083 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3084 {
3085 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3086 break;
3087 }
3088 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3089 goto sendcmd;
3090 case SCSI_GET_PERFORMANCE:
3091 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3092 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3093 goto sendcmd;
3094 case SCSI_INQUIRY:
3095 cbTransfer = ataBE2H_U16(pbPacket + 3);
3096 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3097 goto sendcmd;
3098 case SCSI_LOAD_UNLOAD_MEDIUM:
3099 goto sendcmd;
3100 case SCSI_MECHANISM_STATUS:
3101 cbTransfer = ataBE2H_U16(pbPacket + 8);
3102 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3103 goto sendcmd;
3104 case SCSI_MODE_SELECT_10:
3105 cbTransfer = ataBE2H_U16(pbPacket + 7);
3106 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3107 goto sendcmd;
3108 case SCSI_MODE_SENSE_10:
3109 cbTransfer = ataBE2H_U16(pbPacket + 7);
3110 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3111 goto sendcmd;
3112 case SCSI_PAUSE_RESUME:
3113 goto sendcmd;
3114 case SCSI_PLAY_AUDIO_10:
3115 goto sendcmd;
3116 case SCSI_PLAY_AUDIO_12:
3117 goto sendcmd;
3118 case SCSI_PLAY_AUDIO_MSF:
3119 goto sendcmd;
3120 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3121 /** @todo do not forget to unlock when a VM is shut down */
3122 goto sendcmd;
3123 case SCSI_READ_10:
3124 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3125 cSectors = ataBE2H_U16(pbPacket + 7);
3126 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3127 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3128 cbTransfer = cSectors * s->cbATAPISector;
3129 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3130 goto sendcmd;
3131 case SCSI_READ_12:
3132 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3133 cSectors = ataBE2H_U32(pbPacket + 6);
3134 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3135 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3136 cbTransfer = cSectors * s->cbATAPISector;
3137 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3138 goto sendcmd;
3139 case SCSI_READ_BUFFER:
3140 cbTransfer = ataBE2H_U24(pbPacket + 6);
3141 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3142 goto sendcmd;
3143 case SCSI_READ_BUFFER_CAPACITY:
3144 cbTransfer = ataBE2H_U16(pbPacket + 7);
3145 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3146 goto sendcmd;
3147 case SCSI_READ_CAPACITY:
3148 cbTransfer = 8;
3149 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3150 goto sendcmd;
3151 case SCSI_READ_CD:
3152 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3153 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
3154 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3155 goto sendcmd;
3156 case SCSI_READ_CD_MSF:
3157 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3158 if (cSectors > 32)
3159 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3160 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3161 cbTransfer = cSectors * s->cbATAPISector;
3162 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3163 goto sendcmd;
3164 case SCSI_READ_DISC_INFORMATION:
3165 cbTransfer = ataBE2H_U16(pbPacket + 7);
3166 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3167 goto sendcmd;
3168 case SCSI_READ_DVD_STRUCTURE:
3169 cbTransfer = ataBE2H_U16(pbPacket + 8);
3170 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3171 goto sendcmd;
3172 case SCSI_READ_FORMAT_CAPACITIES:
3173 cbTransfer = ataBE2H_U16(pbPacket + 7);
3174 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3175 goto sendcmd;
3176 case SCSI_READ_SUBCHANNEL:
3177 cbTransfer = ataBE2H_U16(pbPacket + 7);
3178 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3179 goto sendcmd;
3180 case SCSI_READ_TOC_PMA_ATIP:
3181 cbTransfer = ataBE2H_U16(pbPacket + 7);
3182 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3183 goto sendcmd;
3184 case SCSI_READ_TRACK_INFORMATION:
3185 cbTransfer = ataBE2H_U16(pbPacket + 7);
3186 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3187 goto sendcmd;
3188 case SCSI_REPAIR_TRACK:
3189 goto sendcmd;
3190 case SCSI_REPORT_KEY:
3191 cbTransfer = ataBE2H_U16(pbPacket + 8);
3192 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3193 goto sendcmd;
3194 case SCSI_REQUEST_SENSE:
3195 cbTransfer = pbPacket[4];
3196 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3197 {
3198 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3199 break;
3200 }
3201 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3202 goto sendcmd;
3203 case SCSI_RESERVE_TRACK:
3204 goto sendcmd;
3205 case SCSI_SCAN:
3206 goto sendcmd;
3207 case SCSI_SEEK_10:
3208 goto sendcmd;
3209 case SCSI_SEND_CUE_SHEET:
3210 cbTransfer = ataBE2H_U24(pbPacket + 6);
3211 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3212 goto sendcmd;
3213 case SCSI_SEND_DVD_STRUCTURE:
3214 cbTransfer = ataBE2H_U16(pbPacket + 8);
3215 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3216 goto sendcmd;
3217 case SCSI_SEND_EVENT:
3218 cbTransfer = ataBE2H_U16(pbPacket + 8);
3219 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3220 goto sendcmd;
3221 case SCSI_SEND_KEY:
3222 cbTransfer = ataBE2H_U16(pbPacket + 8);
3223 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3224 goto sendcmd;
3225 case SCSI_SEND_OPC_INFORMATION:
3226 cbTransfer = ataBE2H_U16(pbPacket + 7);
3227 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3228 goto sendcmd;
3229 case SCSI_SET_CD_SPEED:
3230 goto sendcmd;
3231 case SCSI_SET_READ_AHEAD:
3232 goto sendcmd;
3233 case SCSI_SET_STREAMING:
3234 cbTransfer = ataBE2H_U16(pbPacket + 9);
3235 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3236 goto sendcmd;
3237 case SCSI_START_STOP_UNIT:
3238 goto sendcmd;
3239 case SCSI_STOP_PLAY_SCAN:
3240 goto sendcmd;
3241 case SCSI_SYNCHRONIZE_CACHE:
3242 goto sendcmd;
3243 case SCSI_TEST_UNIT_READY:
3244 goto sendcmd;
3245 case SCSI_VERIFY_10:
3246 goto sendcmd;
3247 case SCSI_WRITE_10:
3248 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3249 cSectors = ataBE2H_U16(pbPacket + 7);
3250 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3251#if 0
3252 /* The sector size is determined by the async I/O thread. */
3253 s->cbATAPISector = 0;
3254 /* Preliminary, will be corrected once the sector size is known. */
3255 cbTransfer = cSectors;
3256#else
3257 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3258 cbTransfer = cSectors * s->cbATAPISector;
3259#endif
3260 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3261 goto sendcmd;
3262 case SCSI_WRITE_12:
3263 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3264 cSectors = ataBE2H_U32(pbPacket + 6);
3265 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3266#if 0
3267 /* The sector size is determined by the async I/O thread. */
3268 s->cbATAPISector = 0;
3269 /* Preliminary, will be corrected once the sector size is known. */
3270 cbTransfer = cSectors;
3271#else
3272 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3273 cbTransfer = cSectors * s->cbATAPISector;
3274#endif
3275 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3276 goto sendcmd;
3277 case SCSI_WRITE_AND_VERIFY_10:
3278 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3279 cSectors = ataBE2H_U16(pbPacket + 7);
3280 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3281 /* The sector size is determined by the async I/O thread. */
3282 s->cbATAPISector = 0;
3283 /* Preliminary, will be corrected once the sector size is known. */
3284 cbTransfer = cSectors;
3285 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3286 goto sendcmd;
3287 case SCSI_WRITE_BUFFER:
3288 switch (pbPacket[1] & 0x1f)
3289 {
3290 case 0x04: /* download microcode */
3291 case 0x05: /* download microcode and save */
3292 case 0x06: /* download microcode with offsets */
3293 case 0x07: /* download microcode with offsets and save */
3294 case 0x0e: /* download microcode with offsets and defer activation */
3295 case 0x0f: /* activate deferred microcode */
3296 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3297 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3298 break;
3299 default:
3300 cbTransfer = ataBE2H_U16(pbPacket + 6);
3301 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3302 goto sendcmd;
3303 }
3304 break;
3305 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3306 cbTransfer = ataBE2H_U32(pbPacket + 6);
3307 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3308 goto sendcmd;
3309 case SCSI_REZERO_UNIT:
3310 /* Obsolete command used by cdrecord. What else would one expect?
3311 * This command is not sent to the drive, it is handled internally,
3312 * as the Linux kernel doesn't like it (message "scsi: unknown
3313 * opcode 0x01" in syslog) and replies with a sense code of 0,
3314 * which sends cdrecord to an endless loop. */
3315 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3316 break;
3317 default:
3318 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3319 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3320 break;
3321 sendcmd:
3322 /* Send a command to the drive, passing data in/out as required. */
3323 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3324 Assert(cbTransfer <= s->cbIOBuffer);
3325 if (cbTransfer == 0)
3326 uTxDir = PDMBLOCKTXDIR_NONE;
3327 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3328 }
3329}
3330
3331
3332static void atapiParseCmd(ATADevState *s)
3333{
3334 const uint8_t *pbPacket;
3335
3336 pbPacket = s->aATAPICmd;
3337#ifdef DEBUG
3338 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3339#else /* !DEBUG */
3340 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3341#endif /* !DEBUG */
3342 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3343
3344 if (s->fATAPIPassthrough)
3345 atapiParseCmdPassthrough(s);
3346 else
3347 atapiParseCmdVirtualATAPI(s);
3348}
3349
3350
3351static bool ataPacketSS(ATADevState *s)
3352{
3353 s->fDMA = !!(s->uATARegFeature & 1);
3354 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3355 s->uTxDir = PDMBLOCKTXDIR_NONE;
3356 s->cbTotalTransfer = 0;
3357 s->cbElementaryTransfer = 0;
3358 atapiParseCmd(s);
3359 return false;
3360}
3361
3362
3363/**
3364 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3365 * from now on, regardless if there was a medium inserted or not.
3366 */
3367static void ataMediumRemoved(ATADevState *s)
3368{
3369 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3370}
3371
3372
3373/**
3374 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3375 * there was already a medium inserted, don't forget to send the "medium
3376 * removed" event first.
3377 */
3378static void ataMediumInserted(ATADevState *s)
3379{
3380 uint32_t OldStatus, NewStatus;
3381 do
3382 {
3383 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3384 switch (OldStatus)
3385 {
3386 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3387 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3388 /* no change, we will send "medium removed" + "medium inserted" */
3389 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3390 break;
3391 default:
3392 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3393 break;
3394 }
3395 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3396}
3397
3398
3399/**
3400 * Called when a media is mounted.
3401 *
3402 * @param pInterface Pointer to the interface structure containing the called function pointer.
3403 */
3404static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3405{
3406 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3407 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3408
3409 /* Ignore the call if we're called while being attached. */
3410 if (!pIf->pDrvBlock)
3411 return;
3412
3413 if (pIf->fATAPI)
3414 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3415 else
3416 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3417
3418 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3419
3420 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3421 if (pIf->cNotifiedMediaChange < 2)
3422 pIf->cNotifiedMediaChange = 2;
3423 ataMediumInserted(pIf);
3424}
3425
3426/**
3427 * Called when a media is unmounted
3428 * @param pInterface Pointer to the interface structure containing the called function pointer.
3429 */
3430static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3431{
3432 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3433 Log(("%s:\n", __FUNCTION__));
3434 pIf->cTotalSectors = 0;
3435
3436 /*
3437 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3438 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3439 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3440 * present and 2 in which it is changed.
3441 */
3442 pIf->cNotifiedMediaChange = 4;
3443 ataMediumRemoved(pIf);
3444}
3445
3446static void ataPacketBT(ATADevState *s)
3447{
3448 s->cbElementaryTransfer = s->cbTotalTransfer;
3449 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3450 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3451 ataSetStatusValue(s, ATA_STAT_READY);
3452}
3453
3454
3455static void ataResetDevice(ATADevState *s)
3456{
3457 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3458 s->cNotifiedMediaChange = 0;
3459 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3460 ataUnsetIRQ(s);
3461
3462 s->uATARegSelect = 0x20;
3463 ataSetStatusValue(s, ATA_STAT_READY);
3464 ataSetSignature(s);
3465 s->cbTotalTransfer = 0;
3466 s->cbElementaryTransfer = 0;
3467 s->iIOBufferPIODataStart = 0;
3468 s->iIOBufferPIODataEnd = 0;
3469 s->iBeginTransfer = ATAFN_BT_NULL;
3470 s->iSourceSink = ATAFN_SS_NULL;
3471 s->fATAPITransfer = false;
3472 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3473
3474 s->uATARegFeature = 0;
3475}
3476
3477
3478static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3479{
3480 ataSetSignature(s);
3481 if (s->fATAPI)
3482 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3483 else
3484 ataSetStatusValue(s, ATA_STAT_READY);
3485 s->uATARegError = 0x01;
3486 return false;
3487}
3488
3489
3490static void ataParseCmd(ATADevState *s, uint8_t cmd)
3491{
3492#ifdef DEBUG
3493 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3494#else /* !DEBUG */
3495 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3496#endif /* !DEBUG */
3497 s->fLBA48 = false;
3498 s->fDMA = false;
3499 if (cmd == ATA_IDLE_IMMEDIATE)
3500 {
3501 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3502 * would overwrite the failing command unfortunately), then RESET. */
3503 int32_t uCmdWait = -1;
3504 uint64_t uNow = RTTimeNanoTS();
3505 if (s->u64CmdTS)
3506 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3507 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3508 s->iLUN, s->uATARegCommand, uCmdWait));
3509 }
3510 s->uATARegCommand = cmd;
3511 switch (cmd)
3512 {
3513 case ATA_IDENTIFY_DEVICE:
3514 if (s->pDrvBlock && !s->fATAPI)
3515 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3516 else
3517 {
3518 if (s->fATAPI)
3519 ataSetSignature(s);
3520 ataCmdError(s, ABRT_ERR);
3521 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3522 }
3523 break;
3524 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3525 case ATA_RECALIBRATE:
3526 ataCmdOK(s, ATA_STAT_SEEK);
3527 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3528 break;
3529 case ATA_SET_MULTIPLE_MODE:
3530 if ( s->uATARegNSector != 0
3531 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3532 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3533 {
3534 ataCmdError(s, ABRT_ERR);
3535 }
3536 else
3537 {
3538 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3539 s->cMultSectors = s->uATARegNSector;
3540 ataCmdOK(s, 0);
3541 }
3542 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3543 break;
3544 case ATA_READ_VERIFY_SECTORS_EXT:
3545 s->fLBA48 = true;
3546 case ATA_READ_VERIFY_SECTORS:
3547 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3548 /* do sector number check ? */
3549 ataCmdOK(s, 0);
3550 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3551 break;
3552 case ATA_READ_SECTORS_EXT:
3553 s->fLBA48 = true;
3554 case ATA_READ_SECTORS:
3555 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3556 if (!s->pDrvBlock)
3557 goto abort_cmd;
3558 s->cSectorsPerIRQ = 1;
3559 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3560 break;
3561 case ATA_WRITE_SECTORS_EXT:
3562 s->fLBA48 = true;
3563 case ATA_WRITE_SECTORS:
3564 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3565 s->cSectorsPerIRQ = 1;
3566 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3567 break;
3568 case ATA_READ_MULTIPLE_EXT:
3569 s->fLBA48 = true;
3570 case ATA_READ_MULTIPLE:
3571 if (!s->cMultSectors)
3572 goto abort_cmd;
3573 s->cSectorsPerIRQ = s->cMultSectors;
3574 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3575 break;
3576 case ATA_WRITE_MULTIPLE_EXT:
3577 s->fLBA48 = true;
3578 case ATA_WRITE_MULTIPLE:
3579 if (!s->cMultSectors)
3580 goto abort_cmd;
3581 s->cSectorsPerIRQ = s->cMultSectors;
3582 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3583 break;
3584 case ATA_READ_DMA_EXT:
3585 s->fLBA48 = true;
3586 case ATA_READ_DMA:
3587 case ATA_READ_DMA_WITHOUT_RETRIES:
3588 if (!s->pDrvBlock)
3589 goto abort_cmd;
3590 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3591 s->fDMA = true;
3592 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3593 break;
3594 case ATA_WRITE_DMA_EXT:
3595 s->fLBA48 = true;
3596 case ATA_WRITE_DMA:
3597 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3598 if (!s->pDrvBlock)
3599 goto abort_cmd;
3600 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3601 s->fDMA = true;
3602 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3603 break;
3604 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3605 s->fLBA48 = true;
3606 ataSetSector(s, s->cTotalSectors - 1);
3607 ataCmdOK(s, 0);
3608 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3609 break;
3610 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3611 ataCmdOK(s, 0);
3612 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3613 break;
3614 case ATA_READ_NATIVE_MAX_ADDRESS:
3615 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3616 ataCmdOK(s, 0);
3617 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3618 break;
3619 case ATA_CHECK_POWER_MODE:
3620 s->uATARegNSector = 0xff; /* drive active or idle */
3621 ataCmdOK(s, 0);
3622 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3623 break;
3624 case ATA_SET_FEATURES:
3625 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3626 if (!s->pDrvBlock)
3627 goto abort_cmd;
3628 switch (s->uATARegFeature)
3629 {
3630 case 0x02: /* write cache enable */
3631 Log2(("%s: write cache enable\n", __FUNCTION__));
3632 ataCmdOK(s, ATA_STAT_SEEK);
3633 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3634 break;
3635 case 0xaa: /* read look-ahead enable */
3636 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3637 ataCmdOK(s, ATA_STAT_SEEK);
3638 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3639 break;
3640 case 0x55: /* read look-ahead disable */
3641 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3642 ataCmdOK(s, ATA_STAT_SEEK);
3643 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3644 break;
3645 case 0xcc: /* reverting to power-on defaults enable */
3646 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3647 ataCmdOK(s, ATA_STAT_SEEK);
3648 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3649 break;
3650 case 0x66: /* reverting to power-on defaults disable */
3651 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3652 ataCmdOK(s, ATA_STAT_SEEK);
3653 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3654 break;
3655 case 0x82: /* write cache disable */
3656 Log2(("%s: write cache disable\n", __FUNCTION__));
3657 /* As per the ATA/ATAPI-6 specs, a write cache disable
3658 * command MUST flush the write buffers to disc. */
3659 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3660 break;
3661 case 0x03: { /* set transfer mode */
3662 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3663 switch (s->uATARegNSector & 0xf8)
3664 {
3665 case 0x00: /* PIO default */
3666 case 0x08: /* PIO mode */
3667 break;
3668 case ATA_MODE_MDMA: /* MDMA mode */
3669 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3670 break;
3671 case ATA_MODE_UDMA: /* UDMA mode */
3672 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3673 break;
3674 default:
3675 goto abort_cmd;
3676 }
3677 ataCmdOK(s, ATA_STAT_SEEK);
3678 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3679 break;
3680 }
3681 default:
3682 goto abort_cmd;
3683 }
3684 /*
3685 * OS/2 workarond:
3686 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3687 * reset here. According to the specification, this is a driver bug as the register
3688 * contents are undefined after the call. This means we can just as well reset it.
3689 */
3690 s->uATARegFeature = 0;
3691 break;
3692 case ATA_FLUSH_CACHE_EXT:
3693 case ATA_FLUSH_CACHE:
3694 if (!s->pDrvBlock || s->fATAPI)
3695 goto abort_cmd;
3696 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3697 break;
3698 case ATA_STANDBY_IMMEDIATE:
3699 ataCmdOK(s, 0);
3700 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3701 break;
3702 case ATA_IDLE_IMMEDIATE:
3703 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3704 ataAbortCurrentCommand(s, false);
3705 break;
3706 /* ATAPI commands */
3707 case ATA_IDENTIFY_PACKET_DEVICE:
3708 if (s->fATAPI)
3709 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3710 else
3711 {
3712 ataCmdError(s, ABRT_ERR);
3713 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3714 }
3715 break;
3716 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3717 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3718 break;
3719 case ATA_DEVICE_RESET:
3720 if (!s->fATAPI)
3721 goto abort_cmd;
3722 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3723 ataAbortCurrentCommand(s, true);
3724 break;
3725 case ATA_PACKET:
3726 if (!s->fATAPI)
3727 goto abort_cmd;
3728 /* overlapping commands not supported */
3729 if (s->uATARegFeature & 0x02)
3730 goto abort_cmd;
3731 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3732 break;
3733 default:
3734 abort_cmd:
3735 ataCmdError(s, ABRT_ERR);
3736 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3737 break;
3738 }
3739}
3740
3741
3742/**
3743 * Waits for a particular async I/O thread to complete whatever it
3744 * is doing at the moment.
3745 *
3746 * @returns true on success.
3747 * @returns false when the thread is still processing.
3748 * @param pThis Pointer to the controller data.
3749 * @param cMillies How long to wait (total). This isn't very accurate.
3750 */
3751static bool ataWaitForAsyncIOIsIdle(PATACONTROLLER pCtl, unsigned cMillies)
3752{
3753 uint64_t u64Start;
3754 bool fRc;
3755
3756 /* Hope for the simple way out... */
3757 if (ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
3758 return true;
3759
3760 /*
3761 * Have to wait. Do the setup while owning the mutex to avoid races.
3762 */
3763 RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
3764
3765 RTThreadUserReset(pCtl->AsyncIOThread);
3766 ASMAtomicWriteBool(&pCtl->fSignalIdle, true);
3767
3768 RTSemMutexRelease(pCtl->AsyncIORequestMutex);
3769
3770 u64Start = RTTimeMilliTS();
3771 for (;;)
3772 {
3773 fRc = ataAsyncIOIsIdle(pCtl, false /*fStrict*/);
3774 if (fRc)
3775 break;
3776
3777 if (RTTimeMilliTS() - u64Start >= cMillies)
3778 break;
3779
3780 int rc = RTThreadUserWait(pCtl->AsyncIOThread, 100 /*ms*/);
3781 AssertMsg( ( RT_SUCCESS(rc)
3782 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
3783 || rc == VERR_TIMEOUT,
3784 ("rc=%Rrc i=%u\n", rc, ATACONTROLLER_IDX(pCtl)));
3785 }
3786
3787 ASMAtomicWriteBool(&pCtl->fSignalIdle, false);
3788 return fRc;
3789}
3790
3791/**
3792 * Waits for all async I/O threads to complete whatever they are doing at the
3793 * moment.
3794 *
3795 * @returns true on success.
3796 * @returns false when one or more threads is still processing.
3797 * @param pThis Pointer to the instance data.
3798 * @param cMillies How long to wait per controller.
3799 */
3800static bool ataWaitForAllAsyncIOIsIdle(PPDMDEVINS pDevIns, uint32_t cMillies)
3801{
3802 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
3803
3804 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
3805 if ( pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD
3806 && !ataWaitForAsyncIOIsIdle(&pThis->aCts[i], cMillies))
3807 {
3808 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
3809 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
3810 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
3811 return false;
3812 }
3813 return true;
3814}
3815
3816#endif /* IN_RING3 */
3817
3818static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3819{
3820 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3821 addr &= 7;
3822 switch (addr)
3823 {
3824 case 0:
3825 break;
3826 case 1: /* feature register */
3827 /* NOTE: data is written to the two drives */
3828 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3829 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3830 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3831 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3832 pCtl->aIfs[0].uATARegFeature = val;
3833 pCtl->aIfs[1].uATARegFeature = val;
3834 break;
3835 case 2: /* sector count */
3836 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3837 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3838 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3839 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3840 pCtl->aIfs[0].uATARegNSector = val;
3841 pCtl->aIfs[1].uATARegNSector = val;
3842 break;
3843 case 3: /* sector number */
3844 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3845 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3846 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3847 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3848 pCtl->aIfs[0].uATARegSector = val;
3849 pCtl->aIfs[1].uATARegSector = val;
3850 break;
3851 case 4: /* cylinder low */
3852 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3853 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3854 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3855 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3856 pCtl->aIfs[0].uATARegLCyl = val;
3857 pCtl->aIfs[1].uATARegLCyl = val;
3858 break;
3859 case 5: /* cylinder high */
3860 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3861 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3862 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3863 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3864 pCtl->aIfs[0].uATARegHCyl = val;
3865 pCtl->aIfs[1].uATARegHCyl = val;
3866 break;
3867 case 6: /* drive/head */
3868 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3869 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3870 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3871 {
3872 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3873
3874 /* select another drive */
3875 pCtl->iSelectedIf = (val >> 4) & 1;
3876 /* The IRQ line is multiplexed between the two drives, so
3877 * update the state when switching to another drive. Only need
3878 * to update interrupt line if it is enabled and there is a
3879 * state change. */
3880 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3881 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3882 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3883 {
3884 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3885 {
3886 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3887 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3888 * the interrupt line is asserted. It monitors the line
3889 * for a rising edge. */
3890 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3891 if (pCtl->irq == 16)
3892 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3893 else
3894 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3895 }
3896 else
3897 {
3898 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3899 if (pCtl->irq == 16)
3900 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3901 else
3902 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3903 }
3904 }
3905 }
3906 break;
3907 default:
3908 case 7: /* command */
3909 /* ignore commands to non existant slave */
3910 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3911 break;
3912#ifndef IN_RING3
3913 /* Don't do anything complicated in GC */
3914 return VINF_IOM_HC_IOPORT_WRITE;
3915#else /* IN_RING3 */
3916 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3917#endif /* !IN_RING3 */
3918 }
3919 return VINF_SUCCESS;
3920}
3921
3922
3923static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3924{
3925 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3926 uint32_t val;
3927 bool fHOB;
3928
3929 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3930 switch (addr & 7)
3931 {
3932 case 0: /* data register */
3933 val = 0xff;
3934 break;
3935 case 1: /* error register */
3936 /* The ATA specification is very terse when it comes to specifying
3937 * the precise effects of reading back the error/feature register.
3938 * The error register (read-only) shares the register number with
3939 * the feature register (write-only), so it seems that it's not
3940 * necessary to support the usual HOB readback here. */
3941 if (!s->pDrvBlock)
3942 val = 0;
3943 else
3944 val = s->uATARegError;
3945 break;
3946 case 2: /* sector count */
3947 if (!s->pDrvBlock)
3948 val = 0;
3949 else if (fHOB)
3950 val = s->uATARegNSectorHOB;
3951 else
3952 val = s->uATARegNSector;
3953 break;
3954 case 3: /* sector number */
3955 if (!s->pDrvBlock)
3956 val = 0;
3957 else if (fHOB)
3958 val = s->uATARegSectorHOB;
3959 else
3960 val = s->uATARegSector;
3961 break;
3962 case 4: /* cylinder low */
3963 if (!s->pDrvBlock)
3964 val = 0;
3965 else if (fHOB)
3966 val = s->uATARegLCylHOB;
3967 else
3968 val = s->uATARegLCyl;
3969 break;
3970 case 5: /* cylinder high */
3971 if (!s->pDrvBlock)
3972 val = 0;
3973 else if (fHOB)
3974 val = s->uATARegHCylHOB;
3975 else
3976 val = s->uATARegHCyl;
3977 break;
3978 case 6: /* drive/head */
3979 /* This register must always work as long as there is at least
3980 * one drive attached to the controller. It is common between
3981 * both drives anyway (completely identical content). */
3982 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3983 val = 0;
3984 else
3985 val = s->uATARegSelect;
3986 break;
3987 default:
3988 case 7: /* primary status */
3989 {
3990 /* Counter for number of busy status seen in GC in a row. */
3991 static unsigned cBusy = 0;
3992
3993 if (!s->pDrvBlock)
3994 val = 0;
3995 else
3996 val = s->uATARegStatus;
3997
3998 /* Give the async I/O thread an opportunity to make progress,
3999 * don't let it starve by guests polling frequently. EMT has a
4000 * lower priority than the async I/O thread, but sometimes the
4001 * host OS doesn't care. With some guests we are only allowed to
4002 * be busy for about 5 milliseconds in some situations. Note that
4003 * this is no guarantee for any other VBox thread getting
4004 * scheduled, so this just lowers the CPU load a bit when drives
4005 * are busy. It cannot help with timing problems. */
4006 if (val & ATA_STAT_BUSY)
4007 {
4008#ifdef IN_RING3
4009 cBusy = 0;
4010 PDMCritSectLeave(&pCtl->lock);
4011
4012#ifndef RT_OS_WINDOWS
4013 /*
4014 * The thread might be stuck in an I/O operation
4015 * due to a high I/O load on the host. (see @bugref{3301})
4016 * To perform the reset successfully
4017 * we interrupt the operation by sending a signal to the thread
4018 * if the thread didn't responded in 10ms.
4019 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4020 * does the same but it was introduced with Vista) but so far
4021 * this hang was only observed on Linux and Mac OS X.
4022 *
4023 * This is a workaround and needs to be solved properly.
4024 */
4025 if (pCtl->fReset)
4026 {
4027 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4028
4029 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4030 {
4031 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4032 pCtl->u64ResetTime = u64ResetTimeStop;
4033 RTThreadPoke(pCtl->AsyncIOThread);
4034 }
4035 }
4036#endif
4037
4038 RTThreadYield();
4039
4040 {
4041 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4042 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4043 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4044 }
4045
4046 val = s->uATARegStatus;
4047#else /* !IN_RING3 */
4048 /* Cannot yield CPU in guest context. And switching to host
4049 * context for each and every busy status is too costly,
4050 * especially on SMP systems where we don't gain much by
4051 * yielding the CPU to someone else. */
4052 if (++cBusy >= 20)
4053 {
4054 cBusy = 0;
4055 return VINF_IOM_HC_IOPORT_READ;
4056 }
4057#endif /* !IN_RING3 */
4058 }
4059 else
4060 cBusy = 0;
4061 ataUnsetIRQ(s);
4062 break;
4063 }
4064 }
4065 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4066 *pu32 = val;
4067 return VINF_SUCCESS;
4068}
4069
4070
4071static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4072{
4073 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4074 uint32_t val;
4075
4076 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4077 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4078 val = 0;
4079 else
4080 val = s->uATARegStatus;
4081 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4082 return val;
4083}
4084
4085static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4086{
4087#ifndef IN_RING3
4088 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4089 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4090#endif /* !IN_RING3 */
4091
4092 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4093 /* RESET is common for both drives attached to a controller. */
4094 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4095 (val & ATA_DEVCTL_RESET))
4096 {
4097#ifdef IN_RING3
4098 /* Software RESET low to high */
4099 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4100 uint64_t uNow = RTTimeNanoTS();
4101 if (pCtl->aIfs[0].u64CmdTS)
4102 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4103 if (pCtl->aIfs[1].u64CmdTS)
4104 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4105 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4106 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4107 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4108 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4109 pCtl->fReset = true;
4110 /* Everything must be done after the reset flag is set, otherwise
4111 * there are unavoidable races with the currently executing request
4112 * (which might just finish in the mean time). */
4113 pCtl->fChainedTransfer = false;
4114 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4115 {
4116 ataResetDevice(&pCtl->aIfs[i]);
4117 /* The following cannot be done using ataSetStatusValue() since the
4118 * reset flag is already set, which suppresses all status changes. */
4119 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4120 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4121 pCtl->aIfs[i].uATARegError = 0x01;
4122 }
4123 ataAsyncIOClearRequests(pCtl);
4124 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4125 if (val & ATA_DEVCTL_HOB)
4126 {
4127 val &= ~ATA_DEVCTL_HOB;
4128 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4129 }
4130
4131 /* Save the timestamp we started the reset. */
4132 pCtl->u64ResetTime = RTTimeMilliTS();
4133
4134 /* Issue the reset request now. */
4135 ataAsyncIOPutRequest(pCtl, &ataResetARequest);
4136#else /* !IN_RING3 */
4137 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4138#endif /* IN_RING3 */
4139 }
4140 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4141 !(val & ATA_DEVCTL_RESET))
4142 {
4143#ifdef IN_RING3
4144 /* Software RESET high to low */
4145 Log(("%s: deasserting RESET\n", __FUNCTION__));
4146 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4147 if (val & ATA_DEVCTL_HOB)
4148 {
4149 val &= ~ATA_DEVCTL_HOB;
4150 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4151 }
4152 ataAsyncIOPutRequest(pCtl, &ataResetCRequest);
4153#else /* !IN_RING3 */
4154 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4155#endif /* IN_RING3 */
4156 }
4157
4158 /* Change of interrupt disable flag. Update interrupt line if interrupt
4159 * is pending on the current interface. */
4160 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4161 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4162 {
4163 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4164 {
4165 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4166 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4167 * interrupt line is asserted. It monitors the line for a rising
4168 * edge. */
4169 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4170 if (pCtl->irq == 16)
4171 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4172 else
4173 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4174 }
4175 else
4176 {
4177 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4178 if (pCtl->irq == 16)
4179 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4180 else
4181 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4182 }
4183 }
4184
4185 if (val & ATA_DEVCTL_HOB)
4186 Log2(("%s: set HOB\n", __FUNCTION__));
4187
4188 pCtl->aIfs[0].uATARegDevCtl = val;
4189 pCtl->aIfs[1].uATARegDevCtl = val;
4190
4191 return VINF_SUCCESS;
4192}
4193
4194#ifdef IN_RING3
4195
4196static void ataPIOTransfer(PATACONTROLLER pCtl)
4197{
4198 ATADevState *s;
4199
4200 s = &pCtl->aIfs[pCtl->iAIOIf];
4201 Log3(("%s: if=%p\n", __FUNCTION__, s));
4202
4203 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4204 {
4205 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4206 /* Any guest OS that triggers this case has a pathetic ATA driver.
4207 * In a real system it would block the CPU via IORDY, here we do it
4208 * very similarly by not continuing with the current instruction
4209 * until the transfer to/from the storage medium is completed. */
4210 if (s->iSourceSink != ATAFN_SS_NULL)
4211 {
4212 bool fRedo;
4213 uint8_t status = s->uATARegStatus;
4214 ataSetStatusValue(s, ATA_STAT_BUSY);
4215 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4216 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4217 pCtl->fRedo = fRedo;
4218 if (RT_UNLIKELY(fRedo))
4219 return;
4220 ataSetStatusValue(s, status);
4221 s->iIOBufferCur = 0;
4222 s->iIOBufferEnd = s->cbElementaryTransfer;
4223 }
4224 }
4225 if (s->cbTotalTransfer)
4226 {
4227 if (s->fATAPITransfer)
4228 ataPIOTransferLimitATAPI(s);
4229
4230 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4231 s->cbElementaryTransfer = s->cbTotalTransfer;
4232
4233 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4234 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4235 s->cbTotalTransfer, s->cbElementaryTransfer,
4236 s->iIOBufferCur, s->iIOBufferEnd));
4237 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4238 s->cbTotalTransfer -= s->cbElementaryTransfer;
4239 s->iIOBufferCur += s->cbElementaryTransfer;
4240
4241 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4242 s->cbElementaryTransfer = s->cbTotalTransfer;
4243 }
4244 else
4245 ataPIOTransferStop(s);
4246}
4247
4248
4249DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4250{
4251 /* Do not interfere with RESET processing if the PIO transfer finishes
4252 * while the RESET line is asserted. */
4253 if (pCtl->fReset)
4254 {
4255 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4256 return;
4257 }
4258
4259 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4260 || ( s->iSourceSink != ATAFN_SS_NULL
4261 && s->iIOBufferCur >= s->iIOBufferEnd))
4262 {
4263 /* Need to continue the transfer in the async I/O thread. This is
4264 * the case for write operations or generally for not yet finished
4265 * transfers (some data might need to be read). */
4266 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4267 ataSetStatus(s, ATA_STAT_BUSY);
4268
4269 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4270 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4271 }
4272 else
4273 {
4274 /* Either everything finished (though some data might still be pending)
4275 * or some data is pending before the next read is due. */
4276
4277 /* Continue a previously started transfer. */
4278 ataUnsetStatus(s, ATA_STAT_DRQ);
4279 ataSetStatus(s, ATA_STAT_READY);
4280
4281 if (s->cbTotalTransfer)
4282 {
4283 /* There is more to transfer, happens usually for large ATAPI
4284 * reads - the protocol limits the chunk size to 65534 bytes. */
4285 ataPIOTransfer(pCtl);
4286 ataSetIRQ(s);
4287 }
4288 else
4289 {
4290 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4291 /* Finish PIO transfer. */
4292 ataPIOTransfer(pCtl);
4293 Assert(!pCtl->fRedo);
4294 }
4295 }
4296}
4297
4298#endif /* IN_RING3 */
4299
4300static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4301{
4302 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4303 uint8_t *p;
4304
4305 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4306 {
4307 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4308 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4309#ifndef IN_RING3
4310 /* All but the last transfer unit is simple enough for GC, but
4311 * sending a request to the async IO thread is too complicated. */
4312 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4313 {
4314 memcpy(p, pbBuf, cbSize);
4315 s->iIOBufferPIODataStart += cbSize;
4316 }
4317 else
4318 return VINF_IOM_HC_IOPORT_WRITE;
4319#else /* IN_RING3 */
4320 memcpy(p, pbBuf, cbSize);
4321 s->iIOBufferPIODataStart += cbSize;
4322 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4323 ataPIOTransferFinish(pCtl, s);
4324#endif /* !IN_RING3 */
4325 }
4326 else
4327 Log2(("%s: DUMMY data\n", __FUNCTION__));
4328 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4329 return VINF_SUCCESS;
4330}
4331
4332static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4333{
4334 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4335 uint8_t *p;
4336
4337 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4338 {
4339 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4340 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4341#ifndef IN_RING3
4342 /* All but the last transfer unit is simple enough for GC, but
4343 * sending a request to the async IO thread is too complicated. */
4344 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4345 {
4346 memcpy(pbBuf, p, cbSize);
4347 s->iIOBufferPIODataStart += cbSize;
4348 }
4349 else
4350 return VINF_IOM_HC_IOPORT_READ;
4351#else /* IN_RING3 */
4352 memcpy(pbBuf, p, cbSize);
4353 s->iIOBufferPIODataStart += cbSize;
4354 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4355 ataPIOTransferFinish(pCtl, s);
4356#endif /* !IN_RING3 */
4357 }
4358 else
4359 {
4360 Log2(("%s: DUMMY data\n", __FUNCTION__));
4361 memset(pbBuf, '\xff', cbSize);
4362 }
4363 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4364 return VINF_SUCCESS;
4365}
4366
4367#ifdef IN_RING3
4368
4369static void ataDMATransferStop(ATADevState *s)
4370{
4371 s->cbTotalTransfer = 0;
4372 s->cbElementaryTransfer = 0;
4373 s->iBeginTransfer = ATAFN_BT_NULL;
4374 s->iSourceSink = ATAFN_SS_NULL;
4375}
4376
4377
4378/**
4379 * Perform the entire DMA transfer in one go (unless a source/sink operation
4380 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4381 * this function cannot handle empty transfers.
4382 *
4383 * @param pCtl Controller for which to perform the transfer.
4384 */
4385static void ataDMATransfer(PATACONTROLLER pCtl)
4386{
4387 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4388 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4389 bool fRedo;
4390 RTGCPHYS32 pDesc;
4391 uint32_t cbTotalTransfer, cbElementaryTransfer;
4392 uint32_t iIOBufferCur, iIOBufferEnd;
4393 uint32_t dmalen;
4394 PDMBLOCKTXDIR uTxDir;
4395 bool fLastDesc = false;
4396
4397 Assert(sizeof(BMDMADesc) == 8);
4398
4399 fRedo = pCtl->fRedo;
4400 if (RT_LIKELY(!fRedo))
4401 Assert(s->cbTotalTransfer);
4402 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4403 cbTotalTransfer = s->cbTotalTransfer;
4404 cbElementaryTransfer = s->cbElementaryTransfer;
4405 iIOBufferCur = s->iIOBufferCur;
4406 iIOBufferEnd = s->iIOBufferEnd;
4407
4408 /* The DMA loop is designed to hold the lock only when absolutely
4409 * necessary. This avoids long freezes should the guest access the
4410 * ATA registers etc. for some reason. */
4411 PDMCritSectLeave(&pCtl->lock);
4412
4413 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4414 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4415 cbTotalTransfer, cbElementaryTransfer,
4416 iIOBufferCur, iIOBufferEnd));
4417 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4418 {
4419 BMDMADesc DMADesc;
4420 RTGCPHYS32 pBuffer;
4421 uint32_t cbBuffer;
4422
4423 if (RT_UNLIKELY(fRedo))
4424 {
4425 pBuffer = pCtl->pRedoDMABuffer;
4426 cbBuffer = pCtl->cbRedoDMABuffer;
4427 fLastDesc = pCtl->fRedoDMALastDesc;
4428 }
4429 else
4430 {
4431 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4432 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4433 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4434 fLastDesc = !!(cbBuffer & 0x80000000);
4435 cbBuffer &= 0xfffe;
4436 if (cbBuffer == 0)
4437 cbBuffer = 0x10000;
4438 if (cbBuffer > cbTotalTransfer)
4439 cbBuffer = cbTotalTransfer;
4440 }
4441
4442 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4443 {
4444 if (RT_LIKELY(!fRedo))
4445 {
4446 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4447 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4448 (int)pDesc, pBuffer, cbBuffer));
4449 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4450 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4451 else
4452 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4453 iIOBufferCur += dmalen;
4454 cbTotalTransfer -= dmalen;
4455 cbBuffer -= dmalen;
4456 pBuffer += dmalen;
4457 }
4458 if ( iIOBufferCur == iIOBufferEnd
4459 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4460 {
4461 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4462 cbElementaryTransfer = cbTotalTransfer;
4463
4464 {
4465 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4466 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4467 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4468 }
4469
4470 /* The RESET handler could have cleared the DMA transfer
4471 * state (since we didn't hold the lock until just now
4472 * the guest can continue in parallel). If so, the state
4473 * is already set up so the loop is exited immediately. */
4474 if (s->iSourceSink != ATAFN_SS_NULL)
4475 {
4476 s->iIOBufferCur = iIOBufferCur;
4477 s->iIOBufferEnd = iIOBufferEnd;
4478 s->cbElementaryTransfer = cbElementaryTransfer;
4479 s->cbTotalTransfer = cbTotalTransfer;
4480 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4481 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4482 if (RT_UNLIKELY(fRedo))
4483 {
4484 pCtl->pFirstDMADesc = pDesc;
4485 pCtl->pRedoDMABuffer = pBuffer;
4486 pCtl->cbRedoDMABuffer = cbBuffer;
4487 pCtl->fRedoDMALastDesc = fLastDesc;
4488 }
4489 else
4490 {
4491 cbTotalTransfer = s->cbTotalTransfer;
4492 cbElementaryTransfer = s->cbElementaryTransfer;
4493
4494 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4495 cbElementaryTransfer = cbTotalTransfer;
4496 iIOBufferCur = 0;
4497 iIOBufferEnd = cbElementaryTransfer;
4498 }
4499 pCtl->fRedo = fRedo;
4500 }
4501 else
4502 {
4503 /* This forces the loop to exit immediately. */
4504 pDesc = pCtl->pLastDMADesc + 1;
4505 }
4506
4507 PDMCritSectLeave(&pCtl->lock);
4508 if (RT_UNLIKELY(fRedo))
4509 break;
4510 }
4511 }
4512
4513 if (RT_UNLIKELY(fRedo))
4514 break;
4515
4516 /* end of transfer */
4517 if (!cbTotalTransfer || fLastDesc)
4518 break;
4519
4520 {
4521 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4522 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4523 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4524 }
4525
4526 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4527 {
4528 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4529 if (!pCtl->fReset)
4530 ataDMATransferStop(s);
4531 /* This forces the loop to exit immediately. */
4532 pDesc = pCtl->pLastDMADesc + 1;
4533 }
4534
4535 PDMCritSectLeave(&pCtl->lock);
4536 }
4537
4538 {
4539 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4540 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4541 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4542 }
4543
4544 if (RT_UNLIKELY(fRedo))
4545 return;
4546
4547 if (fLastDesc)
4548 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4549 s->cbTotalTransfer = cbTotalTransfer;
4550 s->cbElementaryTransfer = cbElementaryTransfer;
4551 s->iIOBufferCur = iIOBufferCur;
4552 s->iIOBufferEnd = iIOBufferEnd;
4553}
4554
4555/**
4556 * Signal ataWaitForAsyncIOIsIdle that we're idle (if we actually are).
4557 *
4558 * @param pCtl The controller.
4559 */
4560static void ataAsyncSignalIdle(PATACONTROLLER pCtl)
4561{
4562 /*
4563 * Take the mutex here and recheck the idle indicator as there might be
4564 * interesting races, like in the ataReset code.
4565 */
4566 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4567
4568 if ( pCtl->fSignalIdle
4569 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4570 RTThreadUserSignal(pCtl->AsyncIOThread);
4571
4572 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4573}
4574
4575/** Asynch I/O thread for an interface. Once upon a time this was readable
4576 * code with several loops and a different semaphore for each purpose. But
4577 * then came the "how can one save the state in the middle of a PIO transfer"
4578 * question. The solution was to use an ASM, which is what's there now. */
4579static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4580{
4581 const ATARequest *pReq;
4582 uint64_t u64TS = 0; /* shut up gcc */
4583 uint64_t uWait;
4584 int rc = VINF_SUCCESS;
4585 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4586 ATADevState *s;
4587
4588 pReq = NULL;
4589 pCtl->fChainedTransfer = false;
4590 while (!pCtl->fShutdown)
4591 {
4592 /* Keep this thread from doing anything as long as EMT is suspended. */
4593 while (pCtl->fRedoIdle)
4594 {
4595 if (pCtl->fSignalIdle)
4596 ataAsyncSignalIdle(pCtl);
4597 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4598 /* Continue if we got a signal by RTThreadPoke().
4599 * We will get notified if there is a request to process.
4600 */
4601 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4602 continue;
4603 if (RT_FAILURE(rc) || pCtl->fShutdown)
4604 break;
4605
4606 pCtl->fRedoIdle = false;
4607 }
4608
4609 /* Wait for work. */
4610 while (pReq == NULL)
4611 {
4612 if (pCtl->fSignalIdle)
4613 ataAsyncSignalIdle(pCtl);
4614 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4615 /* Continue if we got a signal by RTThreadPoke().
4616 * We will get notified if there is a request to process.
4617 */
4618 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4619 continue;
4620 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4621 break;
4622
4623 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4624 }
4625
4626 if (RT_FAILURE(rc) || pCtl->fShutdown)
4627 break;
4628
4629 if (pReq == NULL)
4630 continue;
4631
4632 ATAAIO ReqType = pReq->ReqType;
4633
4634 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4635 if (pCtl->uAsyncIOState != ReqType)
4636 {
4637 /* The new state is not the state that was expected by the normal
4638 * state changes. This is either a RESET/ABORT or there's something
4639 * really strange going on. */
4640 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4641 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4642 {
4643 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4644 ataAsyncIODumpRequests(pCtl);
4645 }
4646 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4647 }
4648
4649 /* Do our work. */
4650 {
4651 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4652 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4653 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4654 }
4655
4656 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4657 {
4658 u64TS = RTTimeNanoTS();
4659#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4660 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4661#endif /* DEBUG || VBOX_WITH_STATISTICS */
4662 }
4663
4664 switch (ReqType)
4665 {
4666 case ATA_AIO_NEW:
4667
4668 pCtl->iAIOIf = pReq->u.t.iIf;
4669 s = &pCtl->aIfs[pCtl->iAIOIf];
4670 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4671 s->uTxDir = pReq->u.t.uTxDir;
4672 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4673 s->iSourceSink = pReq->u.t.iSourceSink;
4674 s->iIOBufferEnd = 0;
4675 s->u64CmdTS = u64TS;
4676
4677 if (s->fATAPI)
4678 {
4679 if (pCtl->fChainedTransfer)
4680 {
4681 /* Only count the actual transfers, not the PIO
4682 * transfer of the ATAPI command bytes. */
4683 if (s->fDMA)
4684 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4685 else
4686 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4687 }
4688 }
4689 else
4690 {
4691 if (s->fDMA)
4692 STAM_REL_COUNTER_INC(&s->StatATADMA);
4693 else
4694 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4695 }
4696
4697 pCtl->fChainedTransfer = false;
4698
4699 if (s->iBeginTransfer != ATAFN_BT_NULL)
4700 {
4701 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4702 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4703 s->iBeginTransfer = ATAFN_BT_NULL;
4704 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4705 s->iIOBufferEnd = s->cbElementaryTransfer;
4706 }
4707 else
4708 {
4709 s->cbElementaryTransfer = s->cbTotalTransfer;
4710 s->iIOBufferEnd = s->cbTotalTransfer;
4711 }
4712 s->iIOBufferCur = 0;
4713
4714 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4715 {
4716 if (s->iSourceSink != ATAFN_SS_NULL)
4717 {
4718 bool fRedo;
4719 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4720 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4721 pCtl->fRedo = fRedo;
4722 if (RT_UNLIKELY(fRedo))
4723 {
4724 /* Operation failed at the initial transfer, restart
4725 * everything from scratch by resending the current
4726 * request. Occurs very rarely, not worth optimizing. */
4727 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4728 ataAsyncIOPutRequest(pCtl, pReq);
4729 break;
4730 }
4731 }
4732 else
4733 ataCmdOK(s, 0);
4734 s->iIOBufferEnd = s->cbElementaryTransfer;
4735
4736 }
4737
4738 /* Do not go into the transfer phase if RESET is asserted.
4739 * The CritSect is released while waiting for the host OS
4740 * to finish the I/O, thus RESET is possible here. Most
4741 * important: do not change uAsyncIOState. */
4742 if (pCtl->fReset)
4743 break;
4744
4745 if (s->fDMA)
4746 {
4747 if (s->cbTotalTransfer)
4748 {
4749 ataSetStatus(s, ATA_STAT_DRQ);
4750
4751 pCtl->uAsyncIOState = ATA_AIO_DMA;
4752 /* If BMDMA is already started, do the transfer now. */
4753 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4754 {
4755 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4756 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4757 }
4758 }
4759 else
4760 {
4761 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4762 /* Finish DMA transfer. */
4763 ataDMATransferStop(s);
4764 ataSetIRQ(s);
4765 pCtl->uAsyncIOState = ATA_AIO_NEW;
4766 }
4767 }
4768 else
4769 {
4770 if (s->cbTotalTransfer)
4771 {
4772 ataPIOTransfer(pCtl);
4773 Assert(!pCtl->fRedo);
4774 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4775 ataSetIRQ(s);
4776
4777 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4778 {
4779 /* Write operations and not yet finished transfers
4780 * must be completed in the async I/O thread. */
4781 pCtl->uAsyncIOState = ATA_AIO_PIO;
4782 }
4783 else
4784 {
4785 /* Finished read operation can be handled inline
4786 * in the end of PIO transfer handling code. Linux
4787 * depends on this, as it waits only briefly for
4788 * devices to become ready after incoming data
4789 * transfer. Cannot find anything in the ATA spec
4790 * that backs this assumption, but as all kernels
4791 * are affected (though most of the time it does
4792 * not cause any harm) this must work. */
4793 pCtl->uAsyncIOState = ATA_AIO_NEW;
4794 }
4795 }
4796 else
4797 {
4798 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4799 /* Finish PIO transfer. */
4800 ataPIOTransfer(pCtl);
4801 Assert(!pCtl->fRedo);
4802 if (!s->fATAPITransfer)
4803 ataSetIRQ(s);
4804 pCtl->uAsyncIOState = ATA_AIO_NEW;
4805 }
4806 }
4807 break;
4808
4809 case ATA_AIO_DMA:
4810 {
4811 BMDMAState *bm = &pCtl->BmDma;
4812 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4813 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4814
4815 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4816 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4817 else
4818 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4819
4820 if (RT_LIKELY(!pCtl->fRedo))
4821 {
4822 /* The specs say that the descriptor table must not cross a
4823 * 4K boundary. */
4824 pCtl->pFirstDMADesc = bm->pvAddr;
4825 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4826 }
4827 ataDMATransfer(pCtl);
4828
4829 if (RT_UNLIKELY(pCtl->fRedo))
4830 {
4831 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4832 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4833 break;
4834 }
4835
4836 /* The infamous delay IRQ hack. */
4837 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4838 && s->cbTotalTransfer == 0
4839 && pCtl->DelayIRQMillies)
4840 {
4841 /* Delay IRQ for writing. Required to get the Win2K
4842 * installation work reliably (otherwise it crashes,
4843 * usually during component install). So far no better
4844 * solution has been found. */
4845 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4846 PDMCritSectLeave(&pCtl->lock);
4847 RTThreadSleep(pCtl->DelayIRQMillies);
4848 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4849 }
4850
4851 ataUnsetStatus(s, ATA_STAT_DRQ);
4852 Assert(!pCtl->fChainedTransfer);
4853 Assert(s->iSourceSink == ATAFN_SS_NULL);
4854 if (s->fATAPITransfer)
4855 {
4856 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4857 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4858 s->fATAPITransfer = false;
4859 }
4860 ataSetIRQ(s);
4861 pCtl->uAsyncIOState = ATA_AIO_NEW;
4862 break;
4863 }
4864
4865 case ATA_AIO_PIO:
4866 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4867
4868 if (s->iSourceSink != ATAFN_SS_NULL)
4869 {
4870 bool fRedo;
4871 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4872 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4873 pCtl->fRedo = fRedo;
4874 if (RT_UNLIKELY(fRedo))
4875 {
4876 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4877 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4878 ataSuspendRedo(pCtl);
4879 break;
4880 }
4881 s->iIOBufferCur = 0;
4882 s->iIOBufferEnd = s->cbElementaryTransfer;
4883 }
4884 else
4885 {
4886 /* Continue a previously started transfer. */
4887 ataUnsetStatus(s, ATA_STAT_BUSY);
4888 ataSetStatus(s, ATA_STAT_READY);
4889 }
4890
4891 /* It is possible that the drives on this controller get RESET
4892 * during the above call to the source/sink function. If that's
4893 * the case, don't restart the transfer and don't finish it the
4894 * usual way. RESET handling took care of all that already.
4895 * Most important: do not change uAsyncIOState. */
4896 if (pCtl->fReset)
4897 break;
4898
4899 if (s->cbTotalTransfer)
4900 {
4901 ataPIOTransfer(pCtl);
4902 ataSetIRQ(s);
4903
4904 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4905 {
4906 /* Write operations and not yet finished transfers
4907 * must be completed in the async I/O thread. */
4908 pCtl->uAsyncIOState = ATA_AIO_PIO;
4909 }
4910 else
4911 {
4912 /* Finished read operation can be handled inline
4913 * in the end of PIO transfer handling code. Linux
4914 * depends on this, as it waits only briefly for
4915 * devices to become ready after incoming data
4916 * transfer. Cannot find anything in the ATA spec
4917 * that backs this assumption, but as all kernels
4918 * are affected (though most of the time it does
4919 * not cause any harm) this must work. */
4920 pCtl->uAsyncIOState = ATA_AIO_NEW;
4921 }
4922 }
4923 else
4924 {
4925 /* Finish PIO transfer. */
4926 ataPIOTransfer(pCtl);
4927 if ( !pCtl->fChainedTransfer
4928 && !s->fATAPITransfer
4929 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4930 {
4931 ataSetIRQ(s);
4932 }
4933 pCtl->uAsyncIOState = ATA_AIO_NEW;
4934 }
4935 break;
4936
4937 case ATA_AIO_RESET_ASSERTED:
4938 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4939 ataPIOTransferStop(&pCtl->aIfs[0]);
4940 ataPIOTransferStop(&pCtl->aIfs[1]);
4941 /* Do not change the DMA registers, they are not affected by the
4942 * ATA controller reset logic. It should be sufficient to issue a
4943 * new command, which is now possible as the state is cleared. */
4944 break;
4945
4946 case ATA_AIO_RESET_CLEARED:
4947 pCtl->uAsyncIOState = ATA_AIO_NEW;
4948 pCtl->fReset = false;
4949 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4950 ATACONTROLLER_IDX(pCtl)));
4951 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4952 {
4953 if (pCtl->aIfs[i].fATAPI)
4954 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4955 else
4956 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4957 ataSetSignature(&pCtl->aIfs[i]);
4958 }
4959 break;
4960
4961 case ATA_AIO_ABORT:
4962 /* Abort the current command only if it operates on the same interface. */
4963 if (pCtl->iAIOIf == pReq->u.a.iIf)
4964 {
4965 s = &pCtl->aIfs[pCtl->iAIOIf];
4966
4967 pCtl->uAsyncIOState = ATA_AIO_NEW;
4968 /* Do not change the DMA registers, they are not affected by the
4969 * ATA controller reset logic. It should be sufficient to issue a
4970 * new command, which is now possible as the state is cleared. */
4971 if (pReq->u.a.fResetDrive)
4972 {
4973 ataResetDevice(s);
4974 ataExecuteDeviceDiagnosticSS(s);
4975 }
4976 else
4977 {
4978 ataPIOTransferStop(s);
4979 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4980 ataSetStatus(s, ATA_STAT_READY);
4981 ataSetIRQ(s);
4982 }
4983 }
4984 break;
4985
4986 default:
4987 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4988 }
4989
4990 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4991 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4992
4993 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4994 {
4995#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4996 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4997#endif /* DEBUG || VBOX_WITH_STATISTICS */
4998
4999 u64TS = RTTimeNanoTS() - u64TS;
5000 uWait = u64TS / 1000;
5001 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5002 /* Mark command as finished. */
5003 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5004
5005 /*
5006 * Release logging of command execution times depends on the
5007 * command type. ATAPI commands often take longer (due to CD/DVD
5008 * spin up time etc.) so the threshold is different.
5009 */
5010 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5011 {
5012 if (uWait > 8 * 1000 * 1000)
5013 {
5014 /*
5015 * Command took longer than 8 seconds. This is close
5016 * enough or over the guest's command timeout, so place
5017 * an entry in the release log to allow tracking such
5018 * timing errors (which are often caused by the host).
5019 */
5020 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5021 }
5022 }
5023 else
5024 {
5025 if (uWait > 20 * 1000 * 1000)
5026 {
5027 /*
5028 * Command took longer than 20 seconds. This is close
5029 * enough or over the guest's command timeout, so place
5030 * an entry in the release log to allow tracking such
5031 * timing errors (which are often caused by the host).
5032 */
5033 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5034 }
5035 }
5036
5037#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5038 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5039 pCtl->StatAsyncMinWait = uWait;
5040 if (uWait > pCtl->StatAsyncMaxWait)
5041 pCtl->StatAsyncMaxWait = uWait;
5042
5043 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5044 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5045#endif /* DEBUG || VBOX_WITH_STATISTICS */
5046 }
5047
5048 PDMCritSectLeave(&pCtl->lock);
5049 }
5050
5051 /* Signal the ultimate idleness. */
5052 RTThreadUserSignal(ThreadSelf);
5053
5054 /* Cleanup the state. */
5055 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5056 pCtl->fShutdown = false;
5057
5058 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5059 return rc;
5060}
5061
5062#endif /* IN_RING3 */
5063
5064static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5065{
5066 uint32_t val = pCtl->BmDma.u8Cmd;
5067 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5068 return val;
5069}
5070
5071
5072static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5073{
5074 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5075 if (!(val & BM_CMD_START))
5076 {
5077 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5078 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5079 }
5080 else
5081 {
5082#ifdef IN_RING3
5083 /* Check whether the guest OS wants to change DMA direction in
5084 * mid-flight. Not allowed, according to the PIIX3 specs. */
5085 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5086 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5087 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5088
5089 /* Do not continue DMA transfers while the RESET line is asserted. */
5090 if (pCtl->fReset)
5091 {
5092 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5093 return;
5094 }
5095
5096 /* Do not start DMA transfers if there's a PIO transfer going on. */
5097 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
5098 return;
5099
5100 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5101 {
5102 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5103 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
5104 }
5105#else /* !IN_RING3 */
5106 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5107#endif /* IN_RING3 */
5108 }
5109}
5110
5111static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5112{
5113 uint32_t val = pCtl->BmDma.u8Status;
5114 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5115 return val;
5116}
5117
5118static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5119{
5120 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5121 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5122 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5123 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5124}
5125
5126static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5127{
5128 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5129 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5130 return val;
5131}
5132
5133static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5134{
5135 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5136 pCtl->BmDma.pvAddr = val & ~3;
5137}
5138
5139static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5140{
5141 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5142 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5143
5144}
5145
5146static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5147{
5148 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5149 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5150}
5151
5152#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5153
5154/**
5155 * Port I/O Handler for bus master DMA IN operations.
5156 * @see FNIOMIOPORTIN for details.
5157 */
5158PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5159{
5160 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5161 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5162 PATACONTROLLER pCtl = &pThis->aCts[i];
5163 int rc;
5164
5165 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5166 if (rc != VINF_SUCCESS)
5167 return rc;
5168 switch (VAL(Port, cb))
5169 {
5170 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5171 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5172 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5173 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5174 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5175 case VAL(0, 4):
5176 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5177 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5178 break;
5179 default:
5180 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5181 PDMCritSectLeave(&pCtl->lock);
5182 return VERR_IOM_IOPORT_UNUSED;
5183 }
5184 PDMCritSectLeave(&pCtl->lock);
5185 return rc;
5186}
5187
5188/**
5189 * Port I/O Handler for bus master DMA OUT operations.
5190 * @see FNIOMIOPORTOUT for details.
5191 */
5192PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5193{
5194 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5195 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5196 PATACONTROLLER pCtl = &pThis->aCts[i];
5197 int rc;
5198
5199 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5200 if (rc != VINF_SUCCESS)
5201 return rc;
5202 switch (VAL(Port, cb))
5203 {
5204 case VAL(0, 1):
5205#ifndef IN_RING3
5206 if (u32 & BM_CMD_START)
5207 {
5208 rc = VINF_IOM_HC_IOPORT_WRITE;
5209 break;
5210 }
5211#endif /* !IN_RING3 */
5212 ataBMDMACmdWriteB(pCtl, Port, u32);
5213 break;
5214 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5215 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5216 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5217 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5218 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5219 }
5220 PDMCritSectLeave(&pCtl->lock);
5221 return rc;
5222}
5223
5224#undef VAL
5225
5226#ifdef IN_RING3
5227
5228/**
5229 * Callback function for mapping an PCI I/O region.
5230 *
5231 * @return VBox status code.
5232 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5233 * @param iRegion The region number.
5234 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5235 * I/O port, else it's a physical address.
5236 * This address is *NOT* relative to pci_mem_base like earlier!
5237 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5238 */
5239static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5240{
5241 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5242 int rc = VINF_SUCCESS;
5243 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5244 Assert(iRegion == 4);
5245 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5246
5247 /* Register the port range. */
5248 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5249 {
5250 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5251 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5252 AssertRC(rc2);
5253 if (rc2 < rc)
5254 rc = rc2;
5255
5256 if (pThis->fGCEnabled)
5257 {
5258 rc2 = PDMDevHlpIOPortRegisterGC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5259 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5260 AssertRC(rc2);
5261 if (rc2 < rc)
5262 rc = rc2;
5263 }
5264 if (pThis->fR0Enabled)
5265 {
5266 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5267 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5268 AssertRC(rc2);
5269 if (rc2 < rc)
5270 rc = rc2;
5271 }
5272 }
5273 return rc;
5274}
5275
5276
5277/**
5278 * Reset notification.
5279 *
5280 * @returns VBox status.
5281 * @param pDevIns The device instance data.
5282 */
5283static DECLCALLBACK(void) ataReset(PPDMDEVINS pDevIns)
5284{
5285 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5286
5287 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5288 {
5289 pThis->aCts[i].iSelectedIf = 0;
5290 pThis->aCts[i].iAIOIf = 0;
5291 pThis->aCts[i].BmDma.u8Cmd = 0;
5292 /* Report that both drives present on the bus are in DMA mode. This
5293 * pretends that there is a BIOS that has set it up. Normal reset
5294 * default is 0x00. */
5295 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
5296 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
5297 pThis->aCts[i].BmDma.pvAddr = 0;
5298
5299 pThis->aCts[i].fReset = true;
5300 pThis->aCts[i].fRedo = false;
5301 pThis->aCts[i].fRedoIdle = false;
5302 ataAsyncIOClearRequests(&pThis->aCts[i]);
5303 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
5304 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetARequest);
5305 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetCRequest);
5306 if (!ataWaitForAsyncIOIsIdle(&pThis->aCts[i], 30000))
5307 {
5308 PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_ASYNCBUSY",
5309 N_("The IDE async I/O thread remained busy after a reset, usually a host filesystem performance problem\n"));
5310 AssertMsgFailed(("Async I/O thread busy after reset\n"));
5311 }
5312
5313 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5314 ataResetDevice(&pThis->aCts[i].aIfs[j]);
5315 }
5316}
5317
5318
5319/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5320
5321/**
5322 * Queries an interface to the driver.
5323 *
5324 * @returns Pointer to interface.
5325 * @returns NULL if the interface was not supported by the device.
5326 * @param pInterface Pointer to ATADevState::IBase.
5327 * @param enmInterface The requested interface identification.
5328 */
5329static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5330{
5331 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5332 switch (enmInterface)
5333 {
5334 case PDMINTERFACE_BASE:
5335 return &pThis->IBase;
5336 case PDMINTERFACE_LED_PORTS:
5337 return &pThis->ILeds;
5338 default:
5339 return NULL;
5340 }
5341}
5342
5343
5344/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5345
5346/**
5347 * Gets the pointer to the status LED of a unit.
5348 *
5349 * @returns VBox status code.
5350 * @param pInterface Pointer to the interface structure containing the called function pointer.
5351 * @param iLUN The unit which status LED we desire.
5352 * @param ppLed Where to store the LED pointer.
5353 */
5354static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5355{
5356 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5357 if (iLUN < 4)
5358 {
5359 switch (iLUN)
5360 {
5361 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5362 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5363 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5364 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5365 }
5366 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5367 return VINF_SUCCESS;
5368 }
5369 return VERR_PDM_LUN_NOT_FOUND;
5370}
5371
5372
5373/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5374
5375/**
5376 * Queries an interface to the driver.
5377 *
5378 * @returns Pointer to interface.
5379 * @returns NULL if the interface was not supported by the device.
5380 * @param pInterface Pointer to ATADevState::IBase.
5381 * @param enmInterface The requested interface identification.
5382 */
5383static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5384{
5385 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5386 switch (enmInterface)
5387 {
5388 case PDMINTERFACE_BASE:
5389 return &pIf->IBase;
5390 case PDMINTERFACE_BLOCK_PORT:
5391 return &pIf->IPort;
5392 case PDMINTERFACE_MOUNT_NOTIFY:
5393 return &pIf->IMountNotify;
5394 default:
5395 return NULL;
5396 }
5397}
5398
5399#endif /* IN_RING3 */
5400
5401
5402/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5403
5404/**
5405 * Port I/O Handler for primary port range OUT operations.
5406 * @see FNIOMIOPORTOUT for details.
5407 */
5408PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5409{
5410 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5411 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5412 PATACONTROLLER pCtl = &pThis->aCts[i];
5413 int rc = VINF_SUCCESS;
5414
5415 Assert(i < 2);
5416
5417 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5418 if (rc != VINF_SUCCESS)
5419 return rc;
5420 if (cb == 1)
5421 rc = ataIOPortWriteU8(pCtl, Port, u32);
5422 else if (Port == pCtl->IOPortBase1)
5423 {
5424 Assert(cb == 2 || cb == 4);
5425 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5426 }
5427 else
5428 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5429 PDMCritSectLeave(&pCtl->lock);
5430 return rc;
5431}
5432
5433
5434/**
5435 * Port I/O Handler for primary port range IN operations.
5436 * @see FNIOMIOPORTIN for details.
5437 */
5438PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5439{
5440 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5441 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5442 PATACONTROLLER pCtl = &pThis->aCts[i];
5443 int rc = VINF_SUCCESS;
5444
5445 Assert(i < 2);
5446
5447 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5448 if (rc != VINF_SUCCESS)
5449 return rc;
5450 if (cb == 1)
5451 {
5452 rc = ataIOPortReadU8(pCtl, Port, pu32);
5453 }
5454 else if (Port == pCtl->IOPortBase1)
5455 {
5456 Assert(cb == 2 || cb == 4);
5457 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5458 if (cb == 2)
5459 *pu32 &= 0xffff;
5460 }
5461 else
5462 {
5463 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5464 rc = VERR_IOM_IOPORT_UNUSED;
5465 }
5466 PDMCritSectLeave(&pCtl->lock);
5467 return rc;
5468}
5469
5470#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5471/**
5472 * Port I/O Handler for primary port range IN string operations.
5473 * @see FNIOMIOPORTINSTRING for details.
5474 */
5475PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5476{
5477 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5478 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5479 PATACONTROLLER pCtl = &pThis->aCts[i];
5480 int rc = VINF_SUCCESS;
5481
5482 Assert(i < 2);
5483
5484 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5485 if (rc != VINF_SUCCESS)
5486 return rc;
5487 if (Port == pCtl->IOPortBase1)
5488 {
5489 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5490 RTGCPTR GCDst = *pGCPtrDst;
5491 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5492 Assert(cb == 2 || cb == 4);
5493
5494 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5495#ifndef IN_RING3
5496 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5497 cTransAvailable--;
5498#endif /* !IN_RING3 */
5499 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5500 * They are not performance-critical and generally shouldn't occur at all. */
5501 if (cTransAvailable > cTransfer)
5502 cTransAvailable = cTransfer;
5503 cbTransfer = cTransAvailable * cb;
5504
5505 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5506 Assert(rc == VINF_SUCCESS);
5507
5508 if (cbTransfer)
5509 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5510 s->iIOBufferPIODataStart += cbTransfer;
5511 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5512 *pcTransfer = cTransfer - cTransAvailable;
5513#ifdef IN_RING3
5514 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5515 ataPIOTransferFinish(pCtl, s);
5516#endif /* IN_RING3 */
5517 }
5518 PDMCritSectLeave(&pCtl->lock);
5519 return rc;
5520}
5521
5522
5523/**
5524 * Port I/O Handler for primary port range OUT string operations.
5525 * @see FNIOMIOPORTOUTSTRING for details.
5526 */
5527PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5528{
5529 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5530 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5531 PATACONTROLLER pCtl = &pThis->aCts[i];
5532 int rc;
5533
5534 Assert(i < 2);
5535
5536 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5537 if (rc != VINF_SUCCESS)
5538 return rc;
5539 if (Port == pCtl->IOPortBase1)
5540 {
5541 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5542 RTGCPTR GCSrc = *pGCPtrSrc;
5543 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5544 Assert(cb == 2 || cb == 4);
5545
5546 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5547#ifndef IN_RING3
5548 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5549 cTransAvailable--;
5550#endif /* !IN_RING3 */
5551 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5552 * They are not performance-critical and generally shouldn't occur at all. */
5553 if (cTransAvailable > cTransfer)
5554 cTransAvailable = cTransfer;
5555 cbTransfer = cTransAvailable * cb;
5556
5557 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5558 Assert(rc == VINF_SUCCESS);
5559
5560 if (cbTransfer)
5561 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5562 s->iIOBufferPIODataStart += cbTransfer;
5563 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5564 *pcTransfer = cTransfer - cTransAvailable;
5565#ifdef IN_RING3
5566 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5567 ataPIOTransferFinish(pCtl, s);
5568#endif /* IN_RING3 */
5569 }
5570 PDMCritSectLeave(&pCtl->lock);
5571 return rc;
5572}
5573#endif /* !IN_RING0 */
5574
5575/**
5576 * Port I/O Handler for secondary port range OUT operations.
5577 * @see FNIOMIOPORTOUT for details.
5578 */
5579PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5580{
5581 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5582 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5583 PATACONTROLLER pCtl = &pThis->aCts[i];
5584 int rc;
5585
5586 Assert(i < 2);
5587
5588 if (cb != 1)
5589 return VINF_SUCCESS;
5590 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5591 if (rc != VINF_SUCCESS)
5592 return rc;
5593 rc = ataControlWrite(pCtl, Port, u32);
5594 PDMCritSectLeave(&pCtl->lock);
5595 return rc;
5596}
5597
5598
5599/**
5600 * Port I/O Handler for secondary port range IN operations.
5601 * @see FNIOMIOPORTIN for details.
5602 */
5603PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5604{
5605 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5606 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5607 PATACONTROLLER pCtl = &pThis->aCts[i];
5608 int rc;
5609
5610 Assert(i < 2);
5611
5612 if (cb != 1)
5613 return VERR_IOM_IOPORT_UNUSED;
5614
5615 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5616 if (rc != VINF_SUCCESS)
5617 return rc;
5618 *pu32 = ataStatusRead(pCtl, Port);
5619 PDMCritSectLeave(&pCtl->lock);
5620 return VINF_SUCCESS;
5621}
5622
5623#ifdef IN_RING3
5624
5625DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5626{
5627 if (s->pbIOBufferR3)
5628 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5629}
5630
5631
5632/**
5633 * @copydoc FNPDMDEVRELOCATE
5634 */
5635static DECLCALLBACK(void) ataRelocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5636{
5637 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5638
5639 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5640 {
5641 pThis->aCts[i].pDevInsRC += offDelta;
5642 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5643 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5644 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5645 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5646 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5647 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5648 }
5649}
5650
5651
5652/**
5653 * Destroy a driver instance.
5654 *
5655 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5656 * resources can be freed correctly.
5657 *
5658 * @param pDevIns The device instance data.
5659 */
5660static DECLCALLBACK(int) ataDestruct(PPDMDEVINS pDevIns)
5661{
5662 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5663 int rc;
5664
5665 Log(("ataDestruct\n"));
5666
5667 /*
5668 * Tell the async I/O threads to terminate.
5669 */
5670 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5671 {
5672 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5673 {
5674 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5675 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5676 AssertRC(rc);
5677 }
5678 }
5679
5680 /*
5681 * Wait for the threads to terminate before destroying their resources.
5682 */
5683 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5684 {
5685 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5686 {
5687 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5688 if (RT_SUCCESS(rc))
5689 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5690 else
5691 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5692 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5693 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5694 }
5695 }
5696
5697 /*
5698 * Free resources.
5699 */
5700 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5701 {
5702 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5703 {
5704 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5705 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5706 }
5707 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5708 {
5709 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5710 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5711 }
5712 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5713 {
5714 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5715 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5716 }
5717
5718 /* try one final time */
5719 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5720 {
5721 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5722 if (RT_SUCCESS(rc))
5723 {
5724 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5725 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5726 }
5727 }
5728 }
5729
5730 return VINF_SUCCESS;
5731}
5732
5733
5734/**
5735 * Detach notification.
5736 *
5737 * The DVD drive has been unplugged.
5738 *
5739 * @param pDevIns The device instance.
5740 * @param iLUN The logical unit which is being detached.
5741 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5742 */
5743static DECLCALLBACK(void) ataDetach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5744{
5745 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5746 PATACONTROLLER pCtl;
5747 ATADevState *pIf;
5748 unsigned iController;
5749 unsigned iInterface;
5750
5751 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5752 ("PIIX3IDE: Device does not support hotplugging\n"));
5753
5754 /*
5755 * Locate the controller and stuff.
5756 */
5757 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5758 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5759 pCtl = &pThis->aCts[iController];
5760
5761 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5762 pIf = &pCtl->aIfs[iInterface];
5763
5764 /*
5765 * Zero some important members.
5766 */
5767 pIf->pDrvBase = NULL;
5768 pIf->pDrvBlock = NULL;
5769 pIf->pDrvBlockBios = NULL;
5770 pIf->pDrvMount = NULL;
5771
5772 /*
5773 * In case there was a medium inserted.
5774 */
5775 ataMediumRemoved(pIf);
5776}
5777
5778
5779/**
5780 * Configure a LUN.
5781 *
5782 * @returns VBox status code.
5783 * @param pDevIns The device instance.
5784 * @param pIf The ATA unit state.
5785 */
5786static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5787{
5788 int rc = VINF_SUCCESS;
5789 PDMBLOCKTYPE enmType;
5790
5791 /*
5792 * Query Block, Bios and Mount interfaces.
5793 */
5794 pIf->pDrvBlock = (PDMIBLOCK *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK);
5795 if (!pIf->pDrvBlock)
5796 {
5797 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5798 return VERR_PDM_MISSING_INTERFACE;
5799 }
5800
5801 /** @todo implement the BIOS invisible code path. */
5802 pIf->pDrvBlockBios = (PDMIBLOCKBIOS *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK_BIOS);
5803 if (!pIf->pDrvBlockBios)
5804 {
5805 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5806 return VERR_PDM_MISSING_INTERFACE;
5807 }
5808 pIf->pDrvMount = (PDMIMOUNT *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_MOUNT);
5809
5810 /*
5811 * Validate type.
5812 */
5813 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5814 if ( enmType != PDMBLOCKTYPE_CDROM
5815 && enmType != PDMBLOCKTYPE_DVD
5816 && enmType != PDMBLOCKTYPE_HARD_DISK)
5817 {
5818 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5819 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5820 }
5821 if ( ( enmType == PDMBLOCKTYPE_DVD
5822 || enmType == PDMBLOCKTYPE_CDROM)
5823 && !pIf->pDrvMount)
5824 {
5825 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5826 return VERR_INTERNAL_ERROR;
5827 }
5828 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5829 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5830
5831 /*
5832 * Allocate I/O buffer.
5833 */
5834 PVM pVM = PDMDevHlpGetVM(pDevIns);
5835 if (pIf->cbIOBuffer)
5836 {
5837 /* Buffer is (probably) already allocated. Validate the fields,
5838 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5839 if (pIf->fATAPI)
5840 AssertRelease(pIf->cbIOBuffer == _128K);
5841 else
5842 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5843 Assert(pIf->pbIOBufferR3);
5844 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5845 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5846 }
5847 else
5848 {
5849 if (pIf->fATAPI)
5850 pIf->cbIOBuffer = _128K;
5851 else
5852 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5853 Assert(!pIf->pbIOBufferR3);
5854 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5855 if (RT_FAILURE(rc))
5856 return VERR_NO_MEMORY;
5857 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5858 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5859 }
5860
5861 /*
5862 * Init geometry (only for non-CD/DVD media).
5863 */
5864 if (pIf->fATAPI)
5865 {
5866 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5867 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5868 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5869 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5870 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5871 }
5872 else
5873 {
5874 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5875 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5876 &pIf->PCHSGeometry);
5877 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5878 {
5879 pIf->PCHSGeometry.cCylinders = 0;
5880 pIf->PCHSGeometry.cHeads = 16; /*??*/
5881 pIf->PCHSGeometry.cSectors = 63; /*??*/
5882 }
5883 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5884 {
5885 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5886 rc = VINF_SUCCESS;
5887 }
5888 AssertRC(rc);
5889
5890 if ( pIf->PCHSGeometry.cCylinders == 0
5891 || pIf->PCHSGeometry.cHeads == 0
5892 || pIf->PCHSGeometry.cSectors == 0
5893 )
5894 {
5895 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5896 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5897 pIf->PCHSGeometry.cHeads = 16;
5898 pIf->PCHSGeometry.cSectors = 63;
5899 /* Set the disk geometry information. Ignore errors. */
5900 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5901 &pIf->PCHSGeometry);
5902 rc = VINF_SUCCESS;
5903 }
5904 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5905 }
5906 return rc;
5907}
5908
5909
5910/**
5911 * Attach command.
5912 *
5913 * This is called when we change block driver for the DVD drive.
5914 *
5915 * @returns VBox status code.
5916 * @param pDevIns The device instance.
5917 * @param iLUN The logical unit which is being detached.
5918 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5919 */
5920static DECLCALLBACK(int) ataAttach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5921{
5922 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5923 PATACONTROLLER pCtl;
5924 ATADevState *pIf;
5925 int rc;
5926 unsigned iController;
5927 unsigned iInterface;
5928
5929 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5930 ("PIIX3IDE: Device does not support hotplugging\n"),
5931 VERR_INVALID_PARAMETER);
5932
5933 /*
5934 * Locate the controller and stuff.
5935 */
5936 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5937 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5938 pCtl = &pThis->aCts[iController];
5939
5940 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5941 pIf = &pCtl->aIfs[iInterface];
5942
5943 /* the usual paranoia */
5944 AssertRelease(!pIf->pDrvBase);
5945 AssertRelease(!pIf->pDrvBlock);
5946 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5947 Assert(pIf->iLUN == iLUN);
5948
5949 /*
5950 * Try attach the block device and get the interfaces,
5951 * required as well as optional.
5952 */
5953 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5954 if (RT_SUCCESS(rc))
5955 {
5956 rc = ataConfigLun(pDevIns, pIf);
5957 /*
5958 * In case there is a medium inserted.
5959 */
5960 ataMediumInserted(pIf);
5961 }
5962 else
5963 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5964
5965 if (RT_FAILURE(rc))
5966 {
5967 pIf->pDrvBase = NULL;
5968 pIf->pDrvBlock = NULL;
5969 }
5970 return rc;
5971}
5972
5973
5974/**
5975 * Suspend notification.
5976 *
5977 * @returns VBox status.
5978 * @param pDevIns The device instance data.
5979 */
5980static DECLCALLBACK(void) ataSuspend(PPDMDEVINS pDevIns)
5981{
5982 Log(("%s:\n", __FUNCTION__));
5983 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5984 AssertMsgFailed(("Async I/O didn't stop in ~40 seconds!\n"));
5985 return;
5986}
5987
5988
5989/**
5990 * Resume notification.
5991 *
5992 * @returns VBox status.
5993 * @param pDevIns The device instance data.
5994 */
5995static DECLCALLBACK(void) ataResume(PPDMDEVINS pDevIns)
5996{
5997 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5998 int rc;
5999
6000 Log(("%s:\n", __FUNCTION__));
6001 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6002 {
6003 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6004 {
6005 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6006 AssertRC(rc);
6007 }
6008 }
6009 return;
6010}
6011
6012
6013/**
6014 * Power Off notification.
6015 *
6016 * @returns VBox status.
6017 * @param pDevIns The device instance data.
6018 */
6019static DECLCALLBACK(void) ataPowerOff(PPDMDEVINS pDevIns)
6020{
6021 Log(("%s:\n", __FUNCTION__));
6022 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
6023 AssertMsgFailed(("Async I/O didn't stop in ~40 seconds!\n"));
6024 return;
6025}
6026
6027
6028/**
6029 * Prepare state save and load operation.
6030 *
6031 * @returns VBox status code.
6032 * @param pDevIns Device instance of the device which registered the data unit.
6033 * @param pSSM SSM operation handle.
6034 */
6035static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6036{
6037 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6038
6039 /* sanity - the suspend notification will wait on the async stuff. */
6040 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6041 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6042 ("i=%u\n", i),
6043 VERR_SSM_IDE_ASYNC_TIMEOUT);
6044 return VINF_SUCCESS;
6045}
6046
6047/**
6048 * @copydoc FNSSMDEVLIVEEXEC
6049 */
6050static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6051{
6052 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6053
6054 SSMR3PutU8(pSSM, pThis->u8Type);
6055 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6056 {
6057 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6058 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6059 {
6060 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6061 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6062 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6063 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6064 }
6065 }
6066
6067 return VINF_SSM_DONT_CALL_AGAIN;
6068}
6069
6070
6071/**
6072 * @copydoc FNSSMDEVSAVEEXEC
6073 */
6074static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6075{
6076 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6077
6078 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6079
6080 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6081 {
6082 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6083 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6084 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6085 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6086 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6087 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6088 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6089 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6090 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6091 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6092 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6093 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6094 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6095
6096 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6097 {
6098 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6099 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6100 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6101 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6102 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6103 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6104 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6105 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6106 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6107 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6108 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6109 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6110 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6111 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6112 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6113 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6114 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6115 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6116 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6117 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6118 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6119 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6120 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6121 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6122 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6123 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6124 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6125 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6126 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6127 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6128 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6129 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6130 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6131 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6132 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6133 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6134 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6135 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6136 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6137 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6138 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6139 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6140 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6141 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6142 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6143 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6144 else
6145 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6146 }
6147 }
6148
6149 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6150}
6151
6152
6153/**
6154 * FNSSMDEVLOADEXEC
6155 */
6156static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6157{
6158 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6159 int rc;
6160 uint32_t u32;
6161
6162 if ( uVersion != ATA_SAVED_STATE_VERSION
6163 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6164 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6165 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6166 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6167 {
6168 AssertMsgFailed(("uVersion=%d\n", uVersion));
6169 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6170 }
6171
6172 /*
6173 * Verify the configuration.
6174 */
6175 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6176 {
6177 uint8_t u8Type;
6178 rc = SSMR3GetU8(pSSM, &u8Type);
6179 AssertRCReturn(rc, rc);
6180 if (u8Type != pThis->u8Type)
6181 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6182
6183 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6184 {
6185 bool fEnabled;
6186 rc = SSMR3GetBool(pSSM, &fEnabled);
6187 AssertRCReturn(rc, rc);
6188 if (!fEnabled)
6189 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6190
6191 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6192 {
6193 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6194
6195 bool fInUse;
6196 rc = SSMR3GetBool(pSSM, &fInUse);
6197 AssertRCReturn(rc, rc);
6198 if (fInUse != (pIf->pDrvBase != NULL))
6199 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("LUN#%u config mismatch: fInUse - saved=%RTbool config=%RTbool"),
6200 pIf->iLUN, fInUse, (pIf->pDrvBase != NULL));
6201
6202 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6203 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6204 AssertRCReturn(rc, rc);
6205 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6206 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6207 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6208
6209 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6210 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6211 AssertRCReturn(rc, rc);
6212 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6213 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6214 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6215
6216 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6217 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6218 AssertRCReturn(rc, rc);
6219 if (strcmp(szModelNumber, pIf->szModelNumber))
6220 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6221 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6222 }
6223 }
6224 }
6225 if (uPass != SSM_PASS_FINAL)
6226 return VINF_SUCCESS;
6227
6228 /*
6229 * Restore valid parts of the PCIATAState structure
6230 */
6231 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6232 {
6233 /* integrity check */
6234 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6235 {
6236 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6237 return VERR_INTERNAL_ERROR_4;
6238 }
6239
6240 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6241 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6242 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6243 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6244 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6245 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6246 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6247 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6248 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6249 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6250 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6251 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6252 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6253
6254 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6255 {
6256 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6257 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6258 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6259 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6260 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6261 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6262 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6263 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6264 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6265 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6266 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6267 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6268 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6269 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6270 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6271 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6272 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6273 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6274 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6275 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6276 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6277 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6278 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6279 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6280 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6281 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6282 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6283 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6284 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6285 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6286 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6287 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6288 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6289 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6290 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6291 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6292 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6293 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6294 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6295 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6296 {
6297 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6298 }
6299 else
6300 {
6301 uint8_t uATAPISenseKey, uATAPIASC;
6302 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6303 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6304 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6305 SSMR3GetU8(pSSM, &uATAPISenseKey);
6306 SSMR3GetU8(pSSM, &uATAPIASC);
6307 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6308 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6309 }
6310 /** @todo triple-check this hack after passthrough is working */
6311 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6312 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6313 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6314 else
6315 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6316 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6317 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6318 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6319 {
6320 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6321 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6322 else
6323 {
6324 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6325 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6326 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6327
6328 /* skip the buffer if we're loading for the debugger / animator. */
6329 uint8_t u8Ignored;
6330 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6331 while (cbLeft-- > 0)
6332 SSMR3GetU8(pSSM, &u8Ignored);
6333 }
6334 }
6335 else
6336 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6337 }
6338 }
6339 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6340 SSMR3GetU8(pSSM, &pThis->u8Type);
6341
6342 rc = SSMR3GetU32(pSSM, &u32);
6343 if (RT_FAILURE(rc))
6344 return rc;
6345 if (u32 != ~0U)
6346 {
6347 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6348 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6349 return rc;
6350 }
6351
6352 return VINF_SUCCESS;
6353}
6354
6355/**
6356 * Convert config value to DEVPCBIOSBOOT.
6357 *
6358 * @returns VBox status code.
6359 * @param pDevIns The device instance data.
6360 * @param pCfgHandle Configuration handle.
6361 * @param penmChipset Where to store the chipset type.
6362 */
6363static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfgHandle, CHIPSET *penmChipset)
6364{
6365 char szType[20];
6366
6367 int rc = CFGMR3QueryStringDef(pCfgHandle, "Type", &szType[0], sizeof(szType), "PIIX4");
6368 if (RT_FAILURE(rc))
6369 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6370 N_("Configuration error: Querying \"Type\" as a string failed"));
6371 if (!strcmp(szType, "PIIX3"))
6372 *penmChipset = CHIPSET_PIIX3;
6373 else if (!strcmp(szType, "PIIX4"))
6374 *penmChipset = CHIPSET_PIIX4;
6375 else if (!strcmp(szType, "ICH6"))
6376 *penmChipset = CHIPSET_ICH6;
6377 else
6378 {
6379 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6380 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6381 szType);
6382 rc = VERR_INTERNAL_ERROR;
6383 }
6384 return rc;
6385}
6386
6387
6388/**
6389 * Construct a device instance for a VM.
6390 *
6391 * @returns VBox status.
6392 * @param pDevIns The device instance data.
6393 * If the registration structure is needed, pDevIns->pDevReg points to it.
6394 * @param iInstance Instance number. Use this to figure out which registers and such to use.
6395 * The device number is also found in pDevIns->iInstance, but since it's
6396 * likely to be freqently used PDM passes it as parameter.
6397 * @param pCfgHandle Configuration node handle for the device. Use this to obtain the configuration
6398 * of the device instance. It's also found in pDevIns->pCfgHandle, but like
6399 * iInstance it's expected to be used a bit in this function.
6400 */
6401static DECLCALLBACK(int) ataConstruct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfgHandle)
6402{
6403 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6404 PPDMIBASE pBase;
6405 int rc;
6406 bool fGCEnabled;
6407 bool fR0Enabled;
6408 uint32_t DelayIRQMillies;
6409
6410 Assert(iInstance == 0);
6411
6412 /*
6413 * Initialize NIL handle values (for the destructor).
6414 */
6415 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6416 {
6417 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6418 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6419 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6420 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6421 }
6422
6423 /*
6424 * Validate and read configuration.
6425 */
6426 if (!CFGMR3AreValuesValid(pCfgHandle,
6427 "GCEnabled\0"
6428 "R0Enabled\0"
6429 "IRQDelay\0"
6430 "Type\0")
6431 /** @todo || invalid keys */)
6432 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6433 N_("PIIX3 configuration error: unknown option specified"));
6434
6435 rc = CFGMR3QueryBoolDef(pCfgHandle, "GCEnabled", &fGCEnabled, true);
6436 if (RT_FAILURE(rc))
6437 return PDMDEV_SET_ERROR(pDevIns, rc,
6438 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6439 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6440
6441 rc = CFGMR3QueryBoolDef(pCfgHandle, "R0Enabled", &fR0Enabled, true);
6442 if (RT_FAILURE(rc))
6443 return PDMDEV_SET_ERROR(pDevIns, rc,
6444 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6445 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6446
6447 rc = CFGMR3QueryU32Def(pCfgHandle, "IRQDelay", &DelayIRQMillies, 0);
6448 if (RT_FAILURE(rc))
6449 return PDMDEV_SET_ERROR(pDevIns, rc,
6450 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6451 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6452 Assert(DelayIRQMillies < 50);
6453
6454 CHIPSET enmChipset = CHIPSET_PIIX3;
6455 rc = ataControllerFromCfg(pDevIns, pCfgHandle, &enmChipset);
6456 if (RT_FAILURE(rc))
6457 return rc;
6458 pThis->u8Type = (uint8_t)enmChipset;
6459
6460 /*
6461 * Initialize data (most of it anyway).
6462 */
6463 /* Status LUN. */
6464 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6465 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6466
6467 /* PCI configuration space. */
6468 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6469
6470 /*
6471 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6472 * as it explicitly checks for PCI id for IDE controllers.
6473 */
6474 switch (pThis->u8Type)
6475 {
6476 case CHIPSET_ICH6:
6477 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6478 /** @todo: do we need it? Do we need anything else? */
6479 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6480 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6481 pThis->dev.config[0x4B] = 0x00;
6482 {
6483 /*
6484 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6485 * Report
6486 * WR_Ping-Pong_EN: must be set
6487 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6488 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6489 */
6490 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6491 pThis->dev.config[0x54] = u16Config & 0xff;
6492 pThis->dev.config[0x55] = u16Config >> 8;
6493 }
6494 break;
6495 case CHIPSET_PIIX4:
6496 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6497 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6498 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6499 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6500 pThis->dev.config[0x4B] = 0x00;
6501 break;
6502 case CHIPSET_PIIX3:
6503 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6504 break;
6505 default:
6506 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6507 }
6508
6509 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6510 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6511 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6512 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6513 PCIDevSetHeaderType(&pThis->dev, 0x00);
6514
6515 pThis->pDevIns = pDevIns;
6516 pThis->fGCEnabled = fGCEnabled;
6517 pThis->fR0Enabled = fR0Enabled;
6518 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6519 {
6520 pThis->aCts[i].pDevInsR3 = pDevIns;
6521 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6522 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6523 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6524 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6525 {
6526 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6527
6528 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6529 pIf->pDevInsR3 = pDevIns;
6530 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6531 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6532 pIf->pControllerR3 = &pThis->aCts[i];
6533 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6534 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6535 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6536 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6537 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6538 pIf->Led.u32Magic = PDMLED_MAGIC;
6539 }
6540 }
6541
6542 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6543 pThis->aCts[0].irq = 14;
6544 pThis->aCts[0].IOPortBase1 = 0x1f0;
6545 pThis->aCts[0].IOPortBase2 = 0x3f6;
6546 pThis->aCts[1].irq = 15;
6547 pThis->aCts[1].IOPortBase1 = 0x170;
6548 pThis->aCts[1].IOPortBase2 = 0x376;
6549
6550 /*
6551 * Register the PCI device.
6552 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6553 * device the slot next to itself.
6554 */
6555 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6556 if (RT_FAILURE(rc))
6557 return PDMDEV_SET_ERROR(pDevIns, rc,
6558 N_("PIIX3 cannot register PCI device"));
6559 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6560 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6561 if (RT_FAILURE(rc))
6562 return PDMDEV_SET_ERROR(pDevIns, rc,
6563 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6564
6565 /*
6566 * Register the I/O ports.
6567 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6568 */
6569 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6570 {
6571 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6572 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6573 if (RT_FAILURE(rc))
6574 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6575
6576 if (fGCEnabled)
6577 {
6578 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6579 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6580 if (RT_FAILURE(rc))
6581 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6582 }
6583
6584 if (fR0Enabled)
6585 {
6586#if 1
6587 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6588 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6589#else
6590 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6591 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6592#endif
6593 if (RT_FAILURE(rc))
6594 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6595 }
6596
6597 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6598 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6599 if (RT_FAILURE(rc))
6600 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6601
6602 if (fGCEnabled)
6603 {
6604 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6605 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6606 if (RT_FAILURE(rc))
6607 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6608 }
6609 if (fR0Enabled)
6610 {
6611 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6612 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6613 if (RT_FAILURE(rc))
6614 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6615 }
6616
6617 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6618 {
6619 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6620 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6621 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6622 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6623 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6624 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6625 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
6626 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6627 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
6628#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6629 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6630 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
6631#endif
6632 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6633 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
6634#ifdef VBOX_INSTRUMENT_DMA_WRITES
6635 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6636 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
6637#endif
6638#ifdef VBOX_WITH_STATISTICS
6639 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6640 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
6641#endif
6642 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6643 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
6644#ifdef VBOX_WITH_STATISTICS
6645 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6646 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
6647#endif
6648 }
6649#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6650 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6651 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
6652 /** @todo STAMUNIT_MICROSECS */
6653 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6654 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
6655 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6656 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
6657 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6658 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
6659 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6660 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
6661 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6662 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
6663#endif /* VBOX_WITH_STATISTICS */
6664
6665 /* Initialize per-controller critical section */
6666 char szName[24];
6667 RTStrPrintf(szName, sizeof(szName), "ATA%d", i);
6668 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, szName);
6669 if (RT_FAILURE(rc))
6670 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6671 }
6672
6673 /*
6674 * Attach status driver (optional).
6675 */
6676 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6677 if (RT_SUCCESS(rc))
6678 pThis->pLedsConnector = (PDMILEDCONNECTORS *)pBase->pfnQueryInterface(pBase, PDMINTERFACE_LED_CONNECTORS);
6679 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6680 {
6681 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6682 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6683 }
6684
6685 /*
6686 * Attach the units.
6687 */
6688 uint32_t cbTotalBuffer = 0;
6689 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6690 {
6691 PATACONTROLLER pCtl = &pThis->aCts[i];
6692
6693 /*
6694 * Start the worker thread.
6695 */
6696 pCtl->uAsyncIOState = ATA_AIO_NEW;
6697 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6698 AssertLogRelRCReturn(rc, rc);
6699 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6700 AssertLogRelRCReturn(rc, rc);
6701 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6702 AssertLogRelRCReturn(rc, rc);
6703 ataAsyncIOClearRequests(pCtl);
6704 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
6705 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6706 AssertLogRelRCReturn(rc, rc);
6707 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6708 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6709
6710 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6711 {
6712 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6713 {
6714 { "Primary Master", "Primary Slave" },
6715 { "Secondary Master", "Secondary Slave" }
6716 };
6717
6718 /*
6719 * Try attach the block device and get the interfaces,
6720 * required as well as optional.
6721 */
6722 ATADevState *pIf = &pCtl->aIfs[j];
6723
6724 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6725 if (RT_SUCCESS(rc))
6726 {
6727 rc = ataConfigLun(pDevIns, pIf);
6728 if (RT_SUCCESS(rc))
6729 {
6730 /*
6731 * Init vendor product data.
6732 */
6733 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6734 {
6735 { "PrimaryMaster", "PrimarySlave" },
6736 { "SecondaryMaster", "SecondarySlave" }
6737 };
6738
6739 /* Generate a default serial number. */
6740 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6741 RTUUID Uuid;
6742 if (pIf->pDrvBlock)
6743 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6744 else
6745 RTUuidClear(&Uuid);
6746
6747 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6748 {
6749 /* Generate a predictable serial for drives which don't have a UUID. */
6750 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6751 pIf->iLUN + pDevIns->iInstance * 32,
6752 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6753 }
6754 else
6755 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6756
6757 /* Get user config if present using defaults otherwise. */
6758 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfgHandle, s_apszCFGMKeys[i][j]);
6759 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6760 szSerial);
6761 if (RT_FAILURE(rc))
6762 {
6763 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6764 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6765 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6766 return PDMDEV_SET_ERROR(pDevIns, rc,
6767 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6768 }
6769
6770 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6771 "1.0");
6772 if (RT_FAILURE(rc))
6773 {
6774 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6775 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6776 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6777 return PDMDEV_SET_ERROR(pDevIns, rc,
6778 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6779 }
6780
6781 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
6782 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
6783 if (RT_FAILURE(rc))
6784 {
6785 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6786 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6787 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6788 return PDMDEV_SET_ERROR(pDevIns, rc,
6789 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6790 }
6791
6792 /* There are three other identification strings for CD drives used for INQUIRY */
6793 if (pIf->fATAPI)
6794 {
6795 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
6796 "VBOX");
6797 if (RT_FAILURE(rc))
6798 {
6799 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6800 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6801 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
6802 return PDMDEV_SET_ERROR(pDevIns, rc,
6803 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
6804 }
6805
6806 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
6807 "CD-ROM");
6808 if (RT_FAILURE(rc))
6809 {
6810 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6811 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6812 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
6813 return PDMDEV_SET_ERROR(pDevIns, rc,
6814 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
6815 }
6816
6817 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
6818 "1.0");
6819 if (RT_FAILURE(rc))
6820 {
6821 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6822 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6823 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
6824 return PDMDEV_SET_ERROR(pDevIns, rc,
6825 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
6826 }
6827 }
6828 }
6829
6830 }
6831 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6832 {
6833 pIf->pDrvBase = NULL;
6834 pIf->pDrvBlock = NULL;
6835 pIf->cbIOBuffer = 0;
6836 pIf->pbIOBufferR3 = NULL;
6837 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6838 pIf->pbIOBufferRC = NIL_RTGCPTR;
6839 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6840 }
6841 else
6842 {
6843 switch (rc)
6844 {
6845 case VERR_ACCESS_DENIED:
6846 /* Error already catched by DrvHostBase */
6847 return rc;
6848 default:
6849 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6850 N_("PIIX3 cannot attach drive to the %s"),
6851 s_apszDescs[i][j]);
6852 }
6853 }
6854 cbTotalBuffer += pIf->cbIOBuffer;
6855 }
6856 }
6857
6858 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
6859 NULL, ataLiveExec, NULL,
6860 ataSaveLoadPrep, ataSaveExec, NULL,
6861 ataSaveLoadPrep, ataLoadExec, NULL);
6862 if (RT_FAILURE(rc))
6863 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6864
6865 /*
6866 * Initialize the device state.
6867 */
6868 ataReset(pDevIns);
6869
6870 return VINF_SUCCESS;
6871}
6872
6873
6874/**
6875 * The device registration structure.
6876 */
6877const PDMDEVREG g_DevicePIIX3IDE =
6878{
6879 /* u32Version */
6880 PDM_DEVREG_VERSION,
6881 /* szDeviceName */
6882 "piix3ide",
6883 /* szRCMod */
6884 "VBoxDDGC.gc",
6885 /* szR0Mod */
6886 "VBoxDDR0.r0",
6887 /* pszDescription */
6888 "Intel PIIX3 ATA controller.\n"
6889 " LUN #0 is primary master.\n"
6890 " LUN #1 is primary slave.\n"
6891 " LUN #2 is secondary master.\n"
6892 " LUN #3 is secondary slave.\n"
6893 " LUN #999 is the LED/Status connector.",
6894 /* fFlags */
6895 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
6896 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
6897 /* fClass */
6898 PDM_DEVREG_CLASS_STORAGE,
6899 /* cMaxInstances */
6900 1,
6901 /* cbInstance */
6902 sizeof(PCIATAState),
6903 /* pfnConstruct */
6904 ataConstruct,
6905 /* pfnDestruct */
6906 ataDestruct,
6907 /* pfnRelocate */
6908 ataRelocate,
6909 /* pfnIOCtl */
6910 NULL,
6911 /* pfnPowerOn */
6912 NULL,
6913 /* pfnReset */
6914 ataReset,
6915 /* pfnSuspend */
6916 ataSuspend,
6917 /* pfnResume */
6918 ataResume,
6919 /* pfnAttach */
6920 ataAttach,
6921 /* pfnDetach */
6922 ataDetach,
6923 /* pfnQueryInterface. */
6924 NULL,
6925 /* pfnInitComplete */
6926 NULL,
6927 /* pfnPowerOff */
6928 ataPowerOff,
6929 /* pfnSoftReset */
6930 NULL,
6931 /* u32VersionEnd */
6932 PDM_DEVREG_VERSION
6933};
6934#endif /* IN_RING3 */
6935#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette