VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 29603

Last change on this file since 29603 was 28980, checked in by vboxsync, 15 years ago

Devices/Storage: fix extremely sporadic bogus triggering of "I/O state inconsistent" release assertion due to BMDMA transfers getting started twice

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 268.5 KB
Line 
1/* $Id: DevATA.cpp 28980 2010-05-03 14:45:14Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/stam.h>
55#include <VBox/mm.h>
56#include <VBox/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "../Builtins.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/**
102 * Length of the configurable VPD data (without termination)
103 */
104#define ATA_SERIAL_NUMBER_LENGTH 20
105#define ATA_FIRMWARE_REVISION_LENGTH 8
106#define ATA_MODEL_NUMBER_LENGTH 40
107#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
108#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
109#define ATAPI_INQUIRY_REVISION_LENGTH 4
110
111/*******************************************************************************
112* Structures and Typedefs *
113*******************************************************************************/
114/**
115 * The state of an ATA device.
116 *
117 * @implements PDMIBASE
118 * @implements PDMIBLOCKPORT
119 * @implements PDMIMOUNTNOTIFY
120 */
121typedef struct ATADevState
122{
123 /** Flag indicating whether the current command uses LBA48 mode. */
124 bool fLBA48;
125 /** Flag indicating whether this drive implements the ATAPI command set. */
126 bool fATAPI;
127 /** Set if this interface has asserted the IRQ. */
128 bool fIrqPending;
129 /** Currently configured number of sectors in a multi-sector transfer. */
130 uint8_t cMultSectors;
131 /** PCHS disk geometry. */
132 PDMMEDIAGEOMETRY PCHSGeometry;
133 /** Total number of sectors on this disk. */
134 uint64_t cTotalSectors;
135 /** Number of sectors to transfer per IRQ. */
136 uint32_t cSectorsPerIRQ;
137
138 /** ATA/ATAPI register 1: feature (write-only). */
139 uint8_t uATARegFeature;
140 /** ATA/ATAPI register 1: feature, high order byte. */
141 uint8_t uATARegFeatureHOB;
142 /** ATA/ATAPI register 1: error (read-only). */
143 uint8_t uATARegError;
144 /** ATA/ATAPI register 2: sector count (read/write). */
145 uint8_t uATARegNSector;
146 /** ATA/ATAPI register 2: sector count, high order byte. */
147 uint8_t uATARegNSectorHOB;
148 /** ATA/ATAPI register 3: sector (read/write). */
149 uint8_t uATARegSector;
150 /** ATA/ATAPI register 3: sector, high order byte. */
151 uint8_t uATARegSectorHOB;
152 /** ATA/ATAPI register 4: cylinder low (read/write). */
153 uint8_t uATARegLCyl;
154 /** ATA/ATAPI register 4: cylinder low, high order byte. */
155 uint8_t uATARegLCylHOB;
156 /** ATA/ATAPI register 5: cylinder high (read/write). */
157 uint8_t uATARegHCyl;
158 /** ATA/ATAPI register 5: cylinder high, high order byte. */
159 uint8_t uATARegHCylHOB;
160 /** ATA/ATAPI register 6: select drive/head (read/write). */
161 uint8_t uATARegSelect;
162 /** ATA/ATAPI register 7: status (read-only). */
163 uint8_t uATARegStatus;
164 /** ATA/ATAPI register 7: command (write-only). */
165 uint8_t uATARegCommand;
166 /** ATA/ATAPI drive control register (write-only). */
167 uint8_t uATARegDevCtl;
168
169 /** Currently active transfer mode (MDMA/UDMA) and speed. */
170 uint8_t uATATransferMode;
171 /** Current transfer direction. */
172 uint8_t uTxDir;
173 /** Index of callback for begin transfer. */
174 uint8_t iBeginTransfer;
175 /** Index of callback for source/sink of data. */
176 uint8_t iSourceSink;
177 /** Flag indicating whether the current command transfers data in DMA mode. */
178 bool fDMA;
179 /** Set to indicate that ATAPI transfer semantics must be used. */
180 bool fATAPITransfer;
181
182 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
183 uint32_t cbTotalTransfer;
184 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
185 uint32_t cbElementaryTransfer;
186 /** Current read/write buffer position, shared PIO/DMA. */
187 uint32_t iIOBufferCur;
188 /** First element beyond end of valid buffer content, shared PIO/DMA. */
189 uint32_t iIOBufferEnd;
190
191 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
192 uint32_t iIOBufferPIODataStart;
193 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
194 uint32_t iIOBufferPIODataEnd;
195
196 /** ATAPI current LBA position. */
197 uint32_t iATAPILBA;
198 /** ATAPI current sector size. */
199 uint32_t cbATAPISector;
200 /** ATAPI current command. */
201 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
202 /** ATAPI sense data. */
203 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
204 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
205 uint8_t cNotifiedMediaChange;
206 /** The same for GET_EVENT_STATUS for mechanism */
207 volatile uint32_t MediaEventStatus;
208
209 uint32_t Alignment0;
210
211 /** The status LED state for this drive. */
212 PDMLED Led;
213
214 /** Size of I/O buffer. */
215 uint32_t cbIOBuffer;
216 /** Pointer to the I/O buffer. */
217 R3PTRTYPE(uint8_t *) pbIOBufferR3;
218 /** Pointer to the I/O buffer. */
219 R0PTRTYPE(uint8_t *) pbIOBufferR0;
220 /** Pointer to the I/O buffer. */
221 RCPTRTYPE(uint8_t *) pbIOBufferRC;
222
223 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
224
225 /*
226 * No data that is part of the saved state after this point!!!!!
227 */
228
229 /* Release statistics: number of ATA DMA commands. */
230 STAMCOUNTER StatATADMA;
231 /* Release statistics: number of ATA PIO commands. */
232 STAMCOUNTER StatATAPIO;
233 /* Release statistics: number of ATAPI PIO commands. */
234 STAMCOUNTER StatATAPIDMA;
235 /* Release statistics: number of ATAPI PIO commands. */
236 STAMCOUNTER StatATAPIPIO;
237#ifdef VBOX_INSTRUMENT_DMA_WRITES
238 /* Release statistics: number of DMA sector writes and the time spent. */
239 STAMPROFILEADV StatInstrVDWrites;
240#endif
241
242 /** Statistics: number of read operations and the time spent reading. */
243 STAMPROFILEADV StatReads;
244 /** Statistics: number of bytes read. */
245 STAMCOUNTER StatBytesRead;
246 /** Statistics: number of write operations and the time spent writing. */
247 STAMPROFILEADV StatWrites;
248 /** Statistics: number of bytes written. */
249 STAMCOUNTER StatBytesWritten;
250 /** Statistics: number of flush operations and the time spend flushing. */
251 STAMPROFILE StatFlushes;
252
253 /** Enable passing through commands directly to the ATAPI drive. */
254 bool fATAPIPassthrough;
255 /** Number of errors we've reported to the release log.
256 * This is to prevent flooding caused by something going horribly wrong.
257 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
258 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
259 uint32_t cErrors;
260 /** Timestamp of last started command. 0 if no command pending. */
261 uint64_t u64CmdTS;
262
263 /** Pointer to the attached driver's base interface. */
264 R3PTRTYPE(PPDMIBASE) pDrvBase;
265 /** Pointer to the attached driver's block interface. */
266 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
267 /** Pointer to the attached driver's block bios interface. */
268 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
269 /** Pointer to the attached driver's mount interface.
270 * This is NULL if the driver isn't a removable unit. */
271 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
272 /** The base interface. */
273 PDMIBASE IBase;
274 /** The block port interface. */
275 PDMIBLOCKPORT IPort;
276 /** The mount notify interface. */
277 PDMIMOUNTNOTIFY IMountNotify;
278 /** The LUN #. */
279 RTUINT iLUN;
280 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
281 /** Pointer to device instance. */
282 PPDMDEVINSR3 pDevInsR3;
283 /** Pointer to controller instance. */
284 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
285 /** Pointer to device instance. */
286 PPDMDEVINSR0 pDevInsR0;
287 /** Pointer to controller instance. */
288 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
289 /** Pointer to device instance. */
290 PPDMDEVINSRC pDevInsRC;
291 /** Pointer to controller instance. */
292 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
293
294 /** The serial number to use for IDENTIFY DEVICE commands. */
295 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
296 /** The firmware revision to use for IDENTIFY DEVICE commands. */
297 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
298 /** The model number to use for IDENTIFY DEVICE commands. */
299 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
300 /** The vendor identification string for SCSI INQUIRY commands. */
301 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
302 /** The product identification string for SCSI INQUIRY commands. */
303 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
304 /** The revision string for SCSI INQUIRY commands. */
305 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
306
307 uint8_t abAlignment3[7];
308} ATADevState;
309AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
310AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
311AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
312AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
313AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
314AssertCompileSizeAlignment(ATADevState, 8);
315
316
317typedef struct ATATransferRequest
318{
319 uint8_t iIf;
320 uint8_t iBeginTransfer;
321 uint8_t iSourceSink;
322 uint32_t cbTotalTransfer;
323 uint8_t uTxDir;
324} ATATransferRequest;
325
326
327typedef struct ATAAbortRequest
328{
329 uint8_t iIf;
330 bool fResetDrive;
331} ATAAbortRequest;
332
333
334typedef enum
335{
336 /** Begin a new transfer. */
337 ATA_AIO_NEW = 0,
338 /** Continue a DMA transfer. */
339 ATA_AIO_DMA,
340 /** Continue a PIO transfer. */
341 ATA_AIO_PIO,
342 /** Reset the drives on current controller, stop all transfer activity. */
343 ATA_AIO_RESET_ASSERTED,
344 /** Reset the drives on current controller, resume operation. */
345 ATA_AIO_RESET_CLEARED,
346 /** Abort the current transfer of a particular drive. */
347 ATA_AIO_ABORT
348} ATAAIO;
349
350
351typedef struct ATARequest
352{
353 ATAAIO ReqType;
354 union
355 {
356 ATATransferRequest t;
357 ATAAbortRequest a;
358 } u;
359} ATARequest;
360
361
362typedef struct ATACONTROLLER
363{
364 /** The base of the first I/O Port range. */
365 RTIOPORT IOPortBase1;
366 /** The base of the second I/O Port range. (0 if none) */
367 RTIOPORT IOPortBase2;
368 /** The assigned IRQ. */
369 RTUINT irq;
370 /** Access critical section */
371 PDMCRITSECT lock;
372
373 /** Selected drive. */
374 uint8_t iSelectedIf;
375 /** The interface on which to handle async I/O. */
376 uint8_t iAIOIf;
377 /** The state of the async I/O thread. */
378 uint8_t uAsyncIOState;
379 /** Flag indicating whether the next transfer is part of the current command. */
380 bool fChainedTransfer;
381 /** Set when the reset processing is currently active on this controller. */
382 bool fReset;
383 /** Flag whether the current transfer needs to be redone. */
384 bool fRedo;
385 /** Flag whether the redo suspend has been finished. */
386 bool fRedoIdle;
387 /** Flag whether the DMA operation to be redone is the final transfer. */
388 bool fRedoDMALastDesc;
389 /** The BusMaster DMA state. */
390 BMDMAState BmDma;
391 /** Pointer to first DMA descriptor. */
392 RTGCPHYS32 pFirstDMADesc;
393 /** Pointer to last DMA descriptor. */
394 RTGCPHYS32 pLastDMADesc;
395 /** Pointer to current DMA buffer (for redo operations). */
396 RTGCPHYS32 pRedoDMABuffer;
397 /** Size of current DMA buffer (for redo operations). */
398 uint32_t cbRedoDMABuffer;
399
400 /** The ATA/ATAPI interfaces of this controller. */
401 ATADevState aIfs[2];
402
403 /** Pointer to device instance. */
404 PPDMDEVINSR3 pDevInsR3;
405 /** Pointer to device instance. */
406 PPDMDEVINSR0 pDevInsR0;
407 /** Pointer to device instance. */
408 PPDMDEVINSRC pDevInsRC;
409
410 /** Set when the destroying the device instance and the thread must exit. */
411 uint32_t volatile fShutdown;
412 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
413 RTTHREAD AsyncIOThread;
414 /** The event semaphore the thread is waiting on for requests. */
415 RTSEMEVENT AsyncIOSem;
416 /** The request queue for the AIO thread. One element is always unused. */
417 ATARequest aAsyncIORequests[4];
418 /** The position at which to insert a new request for the AIO thread. */
419 volatile uint8_t AsyncIOReqHead;
420 /** The position at which to get a new request for the AIO thread. */
421 volatile uint8_t AsyncIOReqTail;
422 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
423 bool volatile fSignalIdle;
424 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
425 /** Magic delay before triggering interrupts in DMA mode. */
426 uint32_t DelayIRQMillies;
427 /** The mutex protecting the request queue. */
428 RTSEMMUTEX AsyncIORequestMutex;
429 /** The event semaphore the thread is waiting on during suspended I/O. */
430 RTSEMEVENT SuspendIOSem;
431#if 0 /*HC_ARCH_BITS == 32*/
432 uint32_t Alignment0;
433#endif
434
435 /** Timestamp we started the reset. */
436 uint64_t u64ResetTime;
437
438 /* Statistics */
439 STAMCOUNTER StatAsyncOps;
440 uint64_t StatAsyncMinWait;
441 uint64_t StatAsyncMaxWait;
442 STAMCOUNTER StatAsyncTimeUS;
443 STAMPROFILEADV StatAsyncTime;
444 STAMPROFILE StatLockWait;
445} ATACONTROLLER, *PATACONTROLLER;
446AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
447AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
448AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
449AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
450
451typedef enum CHIPSET
452{
453 /** PIIX3 chipset, must be 0 for saved state compatibility */
454 CHIPSET_PIIX3 = 0,
455 /** PIIX4 chipset, must be 1 for saved state compatibility */
456 CHIPSET_PIIX4 = 1,
457 /** ICH6 chipset */
458 CHIPSET_ICH6 = 2
459} CHIPSET;
460
461/**
462 * The state of the ATA PCI device.
463 *
464 * @extends PCIDEVICE
465 * @implements PDMILEDPORTS
466 */
467typedef struct PCIATAState
468{
469 PCIDEVICE dev;
470 /** The controllers. */
471 ATACONTROLLER aCts[2];
472 /** Pointer to device instance. */
473 PPDMDEVINSR3 pDevIns;
474 /** Status LUN: Base interface. */
475 PDMIBASE IBase;
476 /** Status LUN: Leds interface. */
477 PDMILEDPORTS ILeds;
478 /** Status LUN: Partner of ILeds. */
479 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
480 /** Flag whether GC is enabled. */
481 bool fGCEnabled;
482 /** Flag whether R0 is enabled. */
483 bool fR0Enabled;
484 /** Flag indicating chipset being emulated. */
485 uint8_t u8Type;
486 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
487} PCIATAState;
488
489#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
490#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
491#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
492#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
493#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
494#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
495
496#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
497
498#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
499#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
500#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
501#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
502
503#ifndef VBOX_DEVICE_STRUCT_TESTCASE
504/*******************************************************************************
505 * Internal Functions *
506 ******************************************************************************/
507RT_C_DECLS_BEGIN
508PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
509PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
510PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
511PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
512PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
513PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
514PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
515PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
516RT_C_DECLS_END
517
518
519
520DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
521{
522 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
523
524 /* Freeze status register contents while processing RESET. */
525 if (!pCtl->fReset)
526 {
527 s->uATARegStatus = stat;
528 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
529 }
530}
531
532
533DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
534{
535 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
536
537 /* Freeze status register contents while processing RESET. */
538 if (!pCtl->fReset)
539 {
540 s->uATARegStatus |= stat;
541 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
542 }
543}
544
545
546DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
547{
548 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
549
550 /* Freeze status register contents while processing RESET. */
551 if (!pCtl->fReset)
552 {
553 s->uATARegStatus &= ~stat;
554 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
555 }
556}
557
558#ifdef IN_RING3
559
560typedef void (*PBeginTransferFunc)(ATADevState *);
561typedef bool (*PSourceSinkFunc)(ATADevState *);
562
563static void ataReadWriteSectorsBT(ATADevState *);
564static void ataPacketBT(ATADevState *);
565static void atapiCmdBT(ATADevState *);
566static void atapiPassthroughCmdBT(ATADevState *);
567
568static bool ataIdentifySS(ATADevState *);
569static bool ataFlushSS(ATADevState *);
570static bool ataReadSectorsSS(ATADevState *);
571static bool ataWriteSectorsSS(ATADevState *);
572static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
573static bool ataPacketSS(ATADevState *);
574static bool atapiGetConfigurationSS(ATADevState *);
575static bool atapiGetEventStatusNotificationSS(ATADevState *);
576static bool atapiIdentifySS(ATADevState *);
577static bool atapiInquirySS(ATADevState *);
578static bool atapiMechanismStatusSS(ATADevState *);
579static bool atapiModeSenseErrorRecoverySS(ATADevState *);
580static bool atapiModeSenseCDStatusSS(ATADevState *);
581static bool atapiReadSS(ATADevState *);
582static bool atapiReadCapacitySS(ATADevState *);
583static bool atapiReadDiscInformationSS(ATADevState *);
584static bool atapiReadTOCNormalSS(ATADevState *);
585static bool atapiReadTOCMultiSS(ATADevState *);
586static bool atapiReadTOCRawSS(ATADevState *);
587static bool atapiReadTrackInformationSS(ATADevState *);
588static bool atapiRequestSenseSS(ATADevState *);
589static bool atapiPassthroughSS(ATADevState *);
590static bool atapiReadDVDStructureSS(ATADevState *);
591
592/**
593 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
594 */
595typedef enum ATAFNBT
596{
597 ATAFN_BT_NULL = 0,
598 ATAFN_BT_READ_WRITE_SECTORS,
599 ATAFN_BT_PACKET,
600 ATAFN_BT_ATAPI_CMD,
601 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
602 ATAFN_BT_MAX
603} ATAFNBT;
604
605/**
606 * Array of end transfer functions, the index is ATAFNET.
607 * Make sure ATAFNET and this array match!
608 */
609static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
610{
611 NULL,
612 ataReadWriteSectorsBT,
613 ataPacketBT,
614 atapiCmdBT,
615 atapiPassthroughCmdBT,
616};
617
618/**
619 * Source/sink function indexes for g_apfnSourceSinkFuncs.
620 */
621typedef enum ATAFNSS
622{
623 ATAFN_SS_NULL = 0,
624 ATAFN_SS_IDENTIFY,
625 ATAFN_SS_FLUSH,
626 ATAFN_SS_READ_SECTORS,
627 ATAFN_SS_WRITE_SECTORS,
628 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
629 ATAFN_SS_PACKET,
630 ATAFN_SS_ATAPI_GET_CONFIGURATION,
631 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
632 ATAFN_SS_ATAPI_IDENTIFY,
633 ATAFN_SS_ATAPI_INQUIRY,
634 ATAFN_SS_ATAPI_MECHANISM_STATUS,
635 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
636 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
637 ATAFN_SS_ATAPI_READ,
638 ATAFN_SS_ATAPI_READ_CAPACITY,
639 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
640 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
641 ATAFN_SS_ATAPI_READ_TOC_MULTI,
642 ATAFN_SS_ATAPI_READ_TOC_RAW,
643 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
644 ATAFN_SS_ATAPI_REQUEST_SENSE,
645 ATAFN_SS_ATAPI_PASSTHROUGH,
646 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
647 ATAFN_SS_MAX
648} ATAFNSS;
649
650/**
651 * Array of source/sink functions, the index is ATAFNSS.
652 * Make sure ATAFNSS and this array match!
653 */
654static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
655{
656 NULL,
657 ataIdentifySS,
658 ataFlushSS,
659 ataReadSectorsSS,
660 ataWriteSectorsSS,
661 ataExecuteDeviceDiagnosticSS,
662 ataPacketSS,
663 atapiGetConfigurationSS,
664 atapiGetEventStatusNotificationSS,
665 atapiIdentifySS,
666 atapiInquirySS,
667 atapiMechanismStatusSS,
668 atapiModeSenseErrorRecoverySS,
669 atapiModeSenseCDStatusSS,
670 atapiReadSS,
671 atapiReadCapacitySS,
672 atapiReadDiscInformationSS,
673 atapiReadTOCNormalSS,
674 atapiReadTOCMultiSS,
675 atapiReadTOCRawSS,
676 atapiReadTrackInformationSS,
677 atapiRequestSenseSS,
678 atapiPassthroughSS,
679 atapiReadDVDStructureSS
680};
681
682
683static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
684static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
685static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
686static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
687
688static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
689{
690 int rc;
691
692 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
693 AssertRC(rc);
694 pCtl->AsyncIOReqHead = 0;
695 pCtl->AsyncIOReqTail = 0;
696 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
697 AssertRC(rc);
698}
699
700
701static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
702{
703 int rc;
704
705 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
706 AssertRC(rc);
707 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
708 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
709 pCtl->AsyncIOReqHead++;
710 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
711 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
712 AssertRC(rc);
713 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
714 if (RT_FAILURE(rc))
715 {
716 rc = RTSemEventSignal(pCtl->AsyncIOSem);
717 AssertRC(rc);
718 }
719}
720
721
722static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
723{
724 int rc;
725 const ATARequest *pReq;
726
727 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
728 AssertRC(rc);
729 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
730 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
731 else
732 pReq = NULL;
733 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
734 AssertRC(rc);
735 return pReq;
736}
737
738
739/**
740 * Remove the request with the given type, as it's finished. The request
741 * is not removed blindly, as this could mean a RESET request that is not
742 * yet processed (but has cleared the request queue) is lost.
743 *
744 * @param pCtl Controller for which to remove the request.
745 * @param ReqType Type of the request to remove.
746 */
747static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
748{
749 int rc;
750
751 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
752 AssertRC(rc);
753 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
754 {
755 pCtl->AsyncIOReqTail++;
756 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
757 }
758 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
759 AssertRC(rc);
760}
761
762
763/**
764 * Dump the request queue for a particular controller. First dump the queue
765 * contents, then the already processed entries, as long as they haven't been
766 * overwritten.
767 *
768 * @param pCtl Controller for which to dump the queue.
769 */
770static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
771{
772 int rc;
773 uint8_t curr;
774
775 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
776 AssertRC(rc);
777 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
778 curr = pCtl->AsyncIOReqTail;
779 do
780 {
781 if (curr == pCtl->AsyncIOReqHead)
782 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
783 switch (pCtl->aAsyncIORequests[curr].ReqType)
784 {
785 case ATA_AIO_NEW:
786 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
787 break;
788 case ATA_AIO_DMA:
789 LogRel(("dma transfer continuation\n"));
790 break;
791 case ATA_AIO_PIO:
792 LogRel(("pio transfer continuation\n"));
793 break;
794 case ATA_AIO_RESET_ASSERTED:
795 LogRel(("reset asserted request\n"));
796 break;
797 case ATA_AIO_RESET_CLEARED:
798 LogRel(("reset cleared request\n"));
799 break;
800 case ATA_AIO_ABORT:
801 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
802 break;
803 default:
804 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
805 }
806 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
807 } while (curr != pCtl->AsyncIOReqTail);
808 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
809 AssertRC(rc);
810}
811
812
813/**
814 * Checks whether the request queue for a particular controller is empty
815 * or whether a particular controller is idle.
816 *
817 * @param pCtl Controller for which to check the queue.
818 * @param fStrict If set then the controller is checked to be idle.
819 */
820static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
821{
822 int rc;
823 bool fIdle;
824
825 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
826 AssertRC(rc);
827 fIdle = pCtl->fRedoIdle;
828 if (!fIdle)
829 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
830 if (fStrict)
831 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
832 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
833 AssertRC(rc);
834 return fIdle;
835}
836
837
838/**
839 * Send a transfer request to the async I/O thread.
840 *
841 * @param s Pointer to the ATA device state data.
842 * @param cbTotalTransfer Data transfer size.
843 * @param uTxDir Data transfer direction.
844 * @param iBeginTransfer Index of BeginTransfer callback.
845 * @param iSourceSink Index of SourceSink callback.
846 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
847 */
848static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
849{
850 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
851 ATARequest Req;
852
853 Assert(PDMCritSectIsOwner(&pCtl->lock));
854
855 /* Do not issue new requests while the RESET line is asserted. */
856 if (pCtl->fReset)
857 {
858 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
859 return;
860 }
861
862 /* If the controller is already doing something else right now, ignore
863 * the command that is being submitted. Some broken guests issue commands
864 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
865 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
866 {
867 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
868 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
869 return;
870 }
871
872 Req.ReqType = ATA_AIO_NEW;
873 if (fChainedTransfer)
874 Req.u.t.iIf = pCtl->iAIOIf;
875 else
876 Req.u.t.iIf = pCtl->iSelectedIf;
877 Req.u.t.cbTotalTransfer = cbTotalTransfer;
878 Req.u.t.uTxDir = uTxDir;
879 Req.u.t.iBeginTransfer = iBeginTransfer;
880 Req.u.t.iSourceSink = iSourceSink;
881 ataSetStatusValue(s, ATA_STAT_BUSY);
882 pCtl->fChainedTransfer = fChainedTransfer;
883
884 /*
885 * Kick the worker thread into action.
886 */
887 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
888 ataAsyncIOPutRequest(pCtl, &Req);
889}
890
891
892/**
893 * Send an abort command request to the async I/O thread.
894 *
895 * @param s Pointer to the ATA device state data.
896 * @param fResetDrive Whether to reset the drive or just abort a command.
897 */
898static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
899{
900 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
901 ATARequest Req;
902
903 Assert(PDMCritSectIsOwner(&pCtl->lock));
904
905 /* Do not issue new requests while the RESET line is asserted. */
906 if (pCtl->fReset)
907 {
908 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
909 return;
910 }
911
912 Req.ReqType = ATA_AIO_ABORT;
913 Req.u.a.iIf = pCtl->iSelectedIf;
914 Req.u.a.fResetDrive = fResetDrive;
915 ataSetStatus(s, ATA_STAT_BUSY);
916 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
917 ataAsyncIOPutRequest(pCtl, &Req);
918}
919
920
921static void ataSetIRQ(ATADevState *s)
922{
923 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
924 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
925
926 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
927 {
928 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
929 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
930 * line is asserted. It monitors the line for a rising edge. */
931 if (!s->fIrqPending)
932 pCtl->BmDma.u8Status |= BM_STATUS_INT;
933 /* Only actually set the IRQ line if updating the currently selected drive. */
934 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
935 {
936 /** @todo experiment with adaptive IRQ delivery: for reads it is
937 * better to wait for IRQ delivery, as it reduces latency. */
938 if (pCtl->irq == 16)
939 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
940 else
941 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
942 }
943 }
944 s->fIrqPending = true;
945}
946
947#endif /* IN_RING3 */
948
949static void ataUnsetIRQ(ATADevState *s)
950{
951 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
952 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
953
954 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
955 {
956 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
957 /* Only actually unset the IRQ line if updating the currently selected drive. */
958 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
959 {
960 if (pCtl->irq == 16)
961 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
962 else
963 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
964 }
965 }
966 s->fIrqPending = false;
967}
968
969#ifdef IN_RING3
970
971static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
972{
973 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
974 s->iIOBufferPIODataStart = start;
975 s->iIOBufferPIODataEnd = start + size;
976 ataSetStatus(s, ATA_STAT_DRQ);
977}
978
979
980static void ataPIOTransferStop(ATADevState *s)
981{
982 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
983 if (s->fATAPITransfer)
984 {
985 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
986 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
987 ataSetIRQ(s);
988 s->fATAPITransfer = false;
989 }
990 s->cbTotalTransfer = 0;
991 s->cbElementaryTransfer = 0;
992 s->iIOBufferPIODataStart = 0;
993 s->iIOBufferPIODataEnd = 0;
994 s->iBeginTransfer = ATAFN_BT_NULL;
995 s->iSourceSink = ATAFN_SS_NULL;
996}
997
998
999static void ataPIOTransferLimitATAPI(ATADevState *s)
1000{
1001 uint32_t cbLimit, cbTransfer;
1002
1003 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1004 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1005 if (cbLimit == 0)
1006 cbLimit = 0xfffe;
1007 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1008 if (cbLimit == 0xffff)
1009 cbLimit--;
1010 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1011 if (cbTransfer > cbLimit)
1012 {
1013 /* Byte count limit for clipping must be even in this case */
1014 if (cbLimit & 1)
1015 cbLimit--;
1016 cbTransfer = cbLimit;
1017 }
1018 s->uATARegLCyl = cbTransfer;
1019 s->uATARegHCyl = cbTransfer >> 8;
1020 s->cbElementaryTransfer = cbTransfer;
1021}
1022
1023
1024static uint32_t ataGetNSectors(ATADevState *s)
1025{
1026 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1027 if (s->fLBA48)
1028 {
1029 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1030 return 65536;
1031 else
1032 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1033 }
1034 else
1035 {
1036 if (!s->uATARegNSector)
1037 return 256;
1038 else
1039 return s->uATARegNSector;
1040 }
1041}
1042
1043
1044static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1045{
1046 for (uint32_t i = 0; i < cbSize; i++)
1047 {
1048 if (*pbSrc)
1049 pbDst[i ^ 1] = *pbSrc++;
1050 else
1051 pbDst[i ^ 1] = ' ';
1052 }
1053}
1054
1055
1056static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1057{
1058 for (uint32_t i = 0; i < cbSize; i++)
1059 {
1060 if (*pbSrc)
1061 pbDst[i] = *pbSrc++;
1062 else
1063 pbDst[i] = ' ';
1064 }
1065}
1066
1067
1068DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1069{
1070 pbBuf[0] = val >> 8;
1071 pbBuf[1] = val;
1072}
1073
1074
1075DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1076{
1077 pbBuf[0] = val >> 16;
1078 pbBuf[1] = val >> 8;
1079 pbBuf[2] = val;
1080}
1081
1082
1083DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1084{
1085 pbBuf[0] = val >> 24;
1086 pbBuf[1] = val >> 16;
1087 pbBuf[2] = val >> 8;
1088 pbBuf[3] = val;
1089}
1090
1091
1092DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1093{
1094 return (pbBuf[0] << 8) | pbBuf[1];
1095}
1096
1097
1098DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1099{
1100 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1101}
1102
1103
1104DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1105{
1106 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1107}
1108
1109
1110DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1111{
1112 iATAPILBA += 150;
1113 pbBuf[0] = (iATAPILBA / 75) / 60;
1114 pbBuf[1] = (iATAPILBA / 75) % 60;
1115 pbBuf[2] = iATAPILBA % 75;
1116}
1117
1118
1119DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1120{
1121 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1122}
1123
1124
1125static void ataCmdOK(ATADevState *s, uint8_t status)
1126{
1127 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1128 ataSetStatusValue(s, ATA_STAT_READY | status);
1129}
1130
1131
1132static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1133{
1134 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1135 Assert(uErrorCode);
1136 s->uATARegError = uErrorCode;
1137 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1138 s->cbTotalTransfer = 0;
1139 s->cbElementaryTransfer = 0;
1140 s->iIOBufferCur = 0;
1141 s->iIOBufferEnd = 0;
1142 s->uTxDir = PDMBLOCKTXDIR_NONE;
1143 s->iBeginTransfer = ATAFN_BT_NULL;
1144 s->iSourceSink = ATAFN_SS_NULL;
1145}
1146
1147static uint32_t ataChecksum(void* ptr, size_t count)
1148{
1149 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1150 size_t i;
1151
1152 for (i = 0; i < count; i++)
1153 {
1154 u8Sum += *p++;
1155 }
1156
1157 return (uint8_t)-(int32_t)u8Sum;
1158}
1159
1160static bool ataIdentifySS(ATADevState *s)
1161{
1162 uint16_t *p;
1163
1164 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1165 Assert(s->cbElementaryTransfer == 512);
1166
1167 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1168 memset(p, 0, 512);
1169 p[0] = RT_H2LE_U16(0x0040);
1170 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1171 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1172 /* Block size; obsolete, but required for the BIOS. */
1173 p[5] = RT_H2LE_U16(512);
1174 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1175 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1176 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1177 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1178 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1179 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1180 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1181#if ATA_MAX_MULT_SECTORS > 1
1182 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1183#endif
1184 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1185 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1186 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1187 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1188 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1189 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1190 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1191 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1192 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1193 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1194 * s->PCHSGeometry.cHeads
1195 * s->PCHSGeometry.cSectors);
1196 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1197 * s->PCHSGeometry.cHeads
1198 * s->PCHSGeometry.cSectors >> 16);
1199 if (s->cMultSectors)
1200 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1201 if (s->cTotalSectors <= (1 << 28) - 1)
1202 {
1203 p[60] = RT_H2LE_U16(s->cTotalSectors);
1204 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1205 }
1206 else
1207 {
1208 /* Report maximum number of sectors possible with LBA28 */
1209 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1210 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1211 }
1212 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1213 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1214 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1215 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1216 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1217 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1218 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1219 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1220 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1221 if (s->cTotalSectors <= (1 << 28) - 1)
1222 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1223 else
1224 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1225 p[84] = RT_H2LE_U16(1 << 14);
1226 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1227 if (s->cTotalSectors <= (1 << 28) - 1)
1228 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1229 else
1230 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1231 p[87] = RT_H2LE_U16(1 << 14);
1232 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1233 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1234 if (s->cTotalSectors > (1 << 28) - 1)
1235 {
1236 p[100] = RT_H2LE_U16(s->cTotalSectors);
1237 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1238 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1239 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1240 }
1241 uint32_t uCsum = ataChecksum(p, 510);
1242 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1243 s->iSourceSink = ATAFN_SS_NULL;
1244 ataCmdOK(s, ATA_STAT_SEEK);
1245 return false;
1246}
1247
1248
1249static bool ataFlushSS(ATADevState *s)
1250{
1251 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1252 int rc;
1253
1254 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1255 Assert(!s->cbElementaryTransfer);
1256
1257 PDMCritSectLeave(&pCtl->lock);
1258
1259 STAM_PROFILE_START(&s->StatFlushes, f);
1260 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1261 AssertRC(rc);
1262 STAM_PROFILE_STOP(&s->StatFlushes, f);
1263
1264 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1265 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1266 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1267 ataCmdOK(s, 0);
1268 return false;
1269}
1270
1271static bool atapiIdentifySS(ATADevState *s)
1272{
1273 uint16_t *p;
1274
1275 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1276 Assert(s->cbElementaryTransfer == 512);
1277
1278 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1279 memset(p, 0, 512);
1280 /* Removable CDROM, 50us response, 12 byte packets */
1281 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1282 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1283 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1284 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1285 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1286 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1287 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1288 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1289 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1290 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1291 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1292 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1293 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1294 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1295 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1296 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1297 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1298 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1299 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1300 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1301 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1302 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1303 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1304 p[83] = RT_H2LE_U16(1 << 14);
1305 p[84] = RT_H2LE_U16(1 << 14);
1306 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1307 p[86] = RT_H2LE_U16(0);
1308 p[87] = RT_H2LE_U16(1 << 14);
1309 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1310 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1311 /* According to ATAPI-5 spec:
1312 *
1313 * The use of this word is optional.
1314 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1315 * contain the data
1316 * structure checksum.
1317 * The data structure checksum is the twos complement of the sum of
1318 * all bytes in words 0 through 254 and the byte consisting of
1319 * bits 7:0 in word 255.
1320 * Each byte shall be added with unsigned arithmetic,
1321 * and overflow shall be ignored.
1322 * The sum of all 512 bytes is zero when the checksum is correct.
1323 */
1324 uint32_t uCsum = ataChecksum(p, 510);
1325 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1326
1327 s->iSourceSink = ATAFN_SS_NULL;
1328 ataCmdOK(s, ATA_STAT_SEEK);
1329 return false;
1330}
1331
1332
1333static void ataSetSignature(ATADevState *s)
1334{
1335 s->uATARegSelect &= 0xf0; /* clear head */
1336 /* put signature */
1337 s->uATARegNSector = 1;
1338 s->uATARegSector = 1;
1339 if (s->fATAPI)
1340 {
1341 s->uATARegLCyl = 0x14;
1342 s->uATARegHCyl = 0xeb;
1343 }
1344 else if (s->pDrvBlock)
1345 {
1346 s->uATARegLCyl = 0;
1347 s->uATARegHCyl = 0;
1348 }
1349 else
1350 {
1351 s->uATARegLCyl = 0xff;
1352 s->uATARegHCyl = 0xff;
1353 }
1354}
1355
1356
1357static uint64_t ataGetSector(ATADevState *s)
1358{
1359 uint64_t iLBA;
1360 if (s->uATARegSelect & 0x40)
1361 {
1362 /* any LBA variant */
1363 if (s->fLBA48)
1364 {
1365 /* LBA48 */
1366 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1367 ((uint64_t)s->uATARegLCylHOB << 32) |
1368 ((uint64_t)s->uATARegSectorHOB << 24) |
1369 ((uint64_t)s->uATARegHCyl << 16) |
1370 ((uint64_t)s->uATARegLCyl << 8) |
1371 s->uATARegSector;
1372 }
1373 else
1374 {
1375 /* LBA */
1376 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1377 (s->uATARegLCyl << 8) | s->uATARegSector;
1378 }
1379 }
1380 else
1381 {
1382 /* CHS */
1383 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1384 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1385 (s->uATARegSector - 1);
1386 }
1387 return iLBA;
1388}
1389
1390static void ataSetSector(ATADevState *s, uint64_t iLBA)
1391{
1392 uint32_t cyl, r;
1393 if (s->uATARegSelect & 0x40)
1394 {
1395 /* any LBA variant */
1396 if (s->fLBA48)
1397 {
1398 /* LBA48 */
1399 s->uATARegHCylHOB = iLBA >> 40;
1400 s->uATARegLCylHOB = iLBA >> 32;
1401 s->uATARegSectorHOB = iLBA >> 24;
1402 s->uATARegHCyl = iLBA >> 16;
1403 s->uATARegLCyl = iLBA >> 8;
1404 s->uATARegSector = iLBA;
1405 }
1406 else
1407 {
1408 /* LBA */
1409 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1410 s->uATARegHCyl = (iLBA >> 16);
1411 s->uATARegLCyl = (iLBA >> 8);
1412 s->uATARegSector = (iLBA);
1413 }
1414 }
1415 else
1416 {
1417 /* CHS */
1418 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1419 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1420 s->uATARegHCyl = cyl >> 8;
1421 s->uATARegLCyl = cyl;
1422 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1423 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1424 }
1425}
1426
1427
1428static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1429{
1430 int rc;
1431 LogRel(("PIIX3 ATA: Host disk full\n"));
1432 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_DISKFULL",
1433 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1434 AssertRC(rc);
1435}
1436
1437static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1438{
1439 int rc;
1440 LogRel(("PIIX3 ATA: File too big\n"));
1441 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_FILETOOBIG",
1442 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1443 AssertRC(rc);
1444}
1445
1446static void ataWarningISCSI(PPDMDEVINS pDevIns)
1447{
1448 int rc;
1449 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1450 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_ISCSIDOWN",
1451 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1452 AssertRC(rc);
1453}
1454
1455/**
1456 * Suspend I/O operations on a controller. Also suspends EMT, because it's
1457 * waiting for I/O to make progress. The next attempt to perform an I/O
1458 * operation will be made when EMT is resumed up again (as the resume
1459 * callback below restarts I/O).
1460 *
1461 * @param pCtl Controller for which to suspend I/O.
1462 */
1463static void ataSuspendRedo(PATACONTROLLER pCtl)
1464{
1465 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
1466 int rc;
1467
1468 pCtl->fRedoIdle = true;
1469 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
1470 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
1471 AssertReleaseRC(rc);
1472}
1473
1474bool ataIsRedoSetWarning(ATADevState *s, int rc)
1475{
1476 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1477 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1478 if (rc == VERR_DISK_FULL)
1479 {
1480 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1481 ataSuspendRedo(pCtl);
1482 return true;
1483 }
1484 if (rc == VERR_FILE_TOO_BIG)
1485 {
1486 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1487 ataSuspendRedo(pCtl);
1488 return true;
1489 }
1490 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1491 {
1492 /* iSCSI connection abort (first error) or failure to reestablish
1493 * connection (second error). Pause VM. On resume we'll retry. */
1494 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1495 ataSuspendRedo(pCtl);
1496 return true;
1497 }
1498 return false;
1499}
1500
1501
1502static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors, bool *fRedo)
1503{
1504 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1505 int rc;
1506
1507 PDMCritSectLeave(&pCtl->lock);
1508
1509 STAM_PROFILE_ADV_START(&s->StatReads, r);
1510 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1511 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1512 s->Led.Actual.s.fReading = 0;
1513 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1514
1515 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1516
1517 if (RT_SUCCESS(rc))
1518 *fRedo = false;
1519 else
1520 *fRedo = ataIsRedoSetWarning(s, rc);
1521
1522 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1523 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1524 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1525 return rc;
1526}
1527
1528
1529static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors, bool *fRedo)
1530{
1531 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1532 int rc;
1533
1534 PDMCritSectLeave(&pCtl->lock);
1535
1536 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1537 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1538#ifdef VBOX_INSTRUMENT_DMA_WRITES
1539 if (s->fDMA)
1540 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1541#endif
1542 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1543#ifdef VBOX_INSTRUMENT_DMA_WRITES
1544 if (s->fDMA)
1545 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1546#endif
1547 s->Led.Actual.s.fWriting = 0;
1548 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1549
1550 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1551
1552 if (RT_SUCCESS(rc))
1553 *fRedo = false;
1554 else
1555 *fRedo = ataIsRedoSetWarning(s, rc);
1556
1557 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1558 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1559 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1560 return rc;
1561}
1562
1563
1564static void ataReadWriteSectorsBT(ATADevState *s)
1565{
1566 uint32_t cSectors;
1567
1568 cSectors = s->cbTotalTransfer / 512;
1569 if (cSectors > s->cSectorsPerIRQ)
1570 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1571 else
1572 s->cbElementaryTransfer = cSectors * 512;
1573 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1574 ataCmdOK(s, 0);
1575}
1576
1577
1578static bool ataReadSectorsSS(ATADevState *s)
1579{
1580 int rc;
1581 uint32_t cSectors;
1582 uint64_t iLBA;
1583 bool fRedo;
1584
1585 cSectors = s->cbElementaryTransfer / 512;
1586 Assert(cSectors);
1587 iLBA = ataGetSector(s);
1588 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1589 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1590 if (RT_SUCCESS(rc))
1591 {
1592 ataSetSector(s, iLBA + cSectors);
1593 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1594 s->iSourceSink = ATAFN_SS_NULL;
1595 ataCmdOK(s, ATA_STAT_SEEK);
1596 }
1597 else
1598 {
1599 if (fRedo)
1600 return fRedo;
1601 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1602 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1603 s->iLUN, rc, iLBA, cSectors));
1604
1605 /*
1606 * Check if we got interrupted. We don't need to set status variables
1607 * because the request was aborted.
1608 */
1609 if (rc != VERR_INTERRUPTED)
1610 ataCmdError(s, ID_ERR);
1611 }
1612 return false;
1613}
1614
1615
1616static bool ataWriteSectorsSS(ATADevState *s)
1617{
1618 int rc;
1619 uint32_t cSectors;
1620 uint64_t iLBA;
1621 bool fRedo;
1622
1623 cSectors = s->cbElementaryTransfer / 512;
1624 Assert(cSectors);
1625 iLBA = ataGetSector(s);
1626 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1627 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1628 if (RT_SUCCESS(rc))
1629 {
1630 ataSetSector(s, iLBA + cSectors);
1631 if (!s->cbTotalTransfer)
1632 s->iSourceSink = ATAFN_SS_NULL;
1633 ataCmdOK(s, ATA_STAT_SEEK);
1634 }
1635 else
1636 {
1637 if (fRedo)
1638 return fRedo;
1639 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1640 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1641 s->iLUN, rc, iLBA, cSectors));
1642
1643 /*
1644 * Check if we got interrupted. We don't need to set status variables
1645 * because the request was aborted.
1646 */
1647 if (rc != VERR_INTERRUPTED)
1648 ataCmdError(s, ID_ERR);
1649 }
1650 return false;
1651}
1652
1653
1654static void atapiCmdOK(ATADevState *s)
1655{
1656 s->uATARegError = 0;
1657 ataSetStatusValue(s, ATA_STAT_READY);
1658 s->uATARegNSector = (s->uATARegNSector & ~7)
1659 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1660 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1661 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1662
1663 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1664 s->abATAPISense[0] = 0x70 | (1 << 7);
1665 s->abATAPISense[7] = 10;
1666}
1667
1668
1669static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1670{
1671 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1672 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1673 s->uATARegError = pabATAPISense[2] << 4;
1674 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1675 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1676 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1677 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1678 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1679 s->cbTotalTransfer = 0;
1680 s->cbElementaryTransfer = 0;
1681 s->iIOBufferCur = 0;
1682 s->iIOBufferEnd = 0;
1683 s->uTxDir = PDMBLOCKTXDIR_NONE;
1684 s->iBeginTransfer = ATAFN_BT_NULL;
1685 s->iSourceSink = ATAFN_SS_NULL;
1686}
1687
1688
1689/** @todo deprecated function - doesn't provide enough info. Replace by direct
1690 * calls to atapiCmdError() with full data. */
1691static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1692{
1693 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1694 memset(abATAPISense, '\0', sizeof(abATAPISense));
1695 abATAPISense[0] = 0x70 | (1 << 7);
1696 abATAPISense[2] = uATAPISenseKey & 0x0f;
1697 abATAPISense[7] = 10;
1698 abATAPISense[12] = uATAPIASC;
1699 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1700}
1701
1702
1703static void atapiCmdBT(ATADevState *s)
1704{
1705 s->fATAPITransfer = true;
1706 s->cbElementaryTransfer = s->cbTotalTransfer;
1707 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1708 atapiCmdOK(s);
1709}
1710
1711
1712static void atapiPassthroughCmdBT(ATADevState *s)
1713{
1714 /* @todo implement an algorithm for correctly determining the read and
1715 * write sector size without sending additional commands to the drive.
1716 * This should be doable by saving processing the configuration requests
1717 * and replies. */
1718#if 0
1719 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1720 {
1721 uint8_t cmd = s->aATAPICmd[0];
1722 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1723 {
1724 uint8_t aModeSenseCmd[10];
1725 uint8_t aModeSenseResult[16];
1726 uint8_t uDummySense;
1727 uint32_t cbTransfer;
1728 int rc;
1729
1730 cbTransfer = sizeof(aModeSenseResult);
1731 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1732 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1733 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1734 aModeSenseCmd[3] = 0; /* subpage code */
1735 aModeSenseCmd[4] = 0; /* reserved */
1736 aModeSenseCmd[5] = 0; /* reserved */
1737 aModeSenseCmd[6] = 0; /* reserved */
1738 aModeSenseCmd[7] = cbTransfer >> 8;
1739 aModeSenseCmd[8] = cbTransfer & 0xff;
1740 aModeSenseCmd[9] = 0; /* control */
1741 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1742 if (RT_FAILURE(rc))
1743 {
1744 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1745 return;
1746 }
1747 /* Select sector size based on the current data block type. */
1748 switch (aModeSenseResult[12] & 0x0f)
1749 {
1750 case 0:
1751 s->cbATAPISector = 2352;
1752 break;
1753 case 1:
1754 s->cbATAPISector = 2368;
1755 break;
1756 case 2:
1757 case 3:
1758 s->cbATAPISector = 2448;
1759 break;
1760 case 8:
1761 case 10:
1762 s->cbATAPISector = 2048;
1763 break;
1764 case 9:
1765 s->cbATAPISector = 2336;
1766 break;
1767 case 11:
1768 s->cbATAPISector = 2056;
1769 break;
1770 case 12:
1771 s->cbATAPISector = 2324;
1772 break;
1773 case 13:
1774 s->cbATAPISector = 2332;
1775 break;
1776 default:
1777 s->cbATAPISector = 0;
1778 }
1779 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1780 s->cbTotalTransfer *= s->cbATAPISector;
1781 if (s->cbTotalTransfer == 0)
1782 s->uTxDir = PDMBLOCKTXDIR_NONE;
1783 }
1784 }
1785#endif
1786 atapiCmdBT(s);
1787}
1788
1789
1790static bool atapiReadSS(ATADevState *s)
1791{
1792 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1793 int rc = VINF_SUCCESS;
1794 uint32_t cbTransfer, cSectors;
1795
1796 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1797 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1798 cSectors = cbTransfer / s->cbATAPISector;
1799 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1800 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1801
1802 PDMCritSectLeave(&pCtl->lock);
1803
1804 STAM_PROFILE_ADV_START(&s->StatReads, r);
1805 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1806 switch (s->cbATAPISector)
1807 {
1808 case 2048:
1809 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1810 break;
1811 case 2352:
1812 {
1813 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1814
1815 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1816 {
1817 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1818 *pbBuf++ = 0x00;
1819 memset(pbBuf, 0xff, 10);
1820 pbBuf += 10;
1821 *pbBuf++ = 0x00;
1822 /* MSF */
1823 ataLBA2MSF(pbBuf, i);
1824 pbBuf += 3;
1825 *pbBuf++ = 0x01; /* mode 1 data */
1826 /* data */
1827 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1828 if (RT_FAILURE(rc))
1829 break;
1830 pbBuf += 2048;
1831 /**
1832 * @todo: maybe compute ECC and parity, layout is:
1833 * 2072 4 EDC
1834 * 2076 172 P parity symbols
1835 * 2248 104 Q parity symbols
1836 */
1837 memset(pbBuf, 0, 280);
1838 pbBuf += 280;
1839 }
1840 }
1841 break;
1842 default:
1843 break;
1844 }
1845 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1846
1847 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1848 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1849 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1850
1851 if (RT_SUCCESS(rc))
1852 {
1853 s->Led.Actual.s.fReading = 0;
1854 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1855
1856 /* The initial buffer end value has been set up based on the total
1857 * transfer size. But the I/O buffer size limits what can actually be
1858 * done in one transfer, so set the actual value of the buffer end. */
1859 s->cbElementaryTransfer = cbTransfer;
1860 if (cbTransfer >= s->cbTotalTransfer)
1861 s->iSourceSink = ATAFN_SS_NULL;
1862 atapiCmdOK(s);
1863 s->iATAPILBA += cSectors;
1864 }
1865 else
1866 {
1867 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1868 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1869
1870 /*
1871 * Check if we got interrupted. We don't need to set status variables
1872 * because the request was aborted.
1873 */
1874 if (rc != VERR_INTERRUPTED)
1875 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1876 }
1877 return false;
1878}
1879
1880
1881static bool atapiPassthroughSS(ATADevState *s)
1882{
1883 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1884 int rc = VINF_SUCCESS;
1885 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1886 uint32_t cbTransfer;
1887 PSTAMPROFILEADV pProf = NULL;
1888
1889 cbTransfer = s->cbElementaryTransfer;
1890
1891 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1892 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1893
1894 /* Simple heuristics: if there is at least one sector of data
1895 * to transfer, it's worth updating the LEDs. */
1896 if (cbTransfer >= 2048)
1897 {
1898 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1899 {
1900 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1901 pProf = &s->StatReads;
1902 }
1903 else
1904 {
1905 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1906 pProf = &s->StatWrites;
1907 }
1908 }
1909
1910 PDMCritSectLeave(&pCtl->lock);
1911
1912 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1913 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1914 {
1915 /* Linux accepts commands with up to 100KB of data, but expects
1916 * us to handle commands with up to 128KB of data. The usual
1917 * imbalance of powers. */
1918 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1919 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1920 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1921
1922 switch (s->aATAPICmd[0])
1923 {
1924 case SCSI_READ_10:
1925 case SCSI_WRITE_10:
1926 case SCSI_WRITE_AND_VERIFY_10:
1927 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1928 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1929 break;
1930 case SCSI_READ_12:
1931 case SCSI_WRITE_12:
1932 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1933 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1934 break;
1935 case SCSI_READ_CD:
1936 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1937 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1938 break;
1939 case SCSI_READ_CD_MSF:
1940 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1941 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1942 break;
1943 default:
1944 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1945 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1946 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1947 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1948 {
1949 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1950 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1951 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1952 }
1953 return false;
1954 }
1955 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1956 cReqSectors = 0;
1957 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1958 {
1959 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1960 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1961 else
1962 cReqSectors = i;
1963 cbCurrTX = s->cbATAPISector * cReqSectors;
1964 switch (s->aATAPICmd[0])
1965 {
1966 case SCSI_READ_10:
1967 case SCSI_WRITE_10:
1968 case SCSI_WRITE_AND_VERIFY_10:
1969 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1970 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1971 break;
1972 case SCSI_READ_12:
1973 case SCSI_WRITE_12:
1974 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1975 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1976 break;
1977 case SCSI_READ_CD:
1978 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1979 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1980 break;
1981 case SCSI_READ_CD_MSF:
1982 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1983 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1984 break;
1985 }
1986 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1987 if (rc != VINF_SUCCESS)
1988 break;
1989 iATAPILBA += cReqSectors;
1990 pbBuf += s->cbATAPISector * cReqSectors;
1991 }
1992 }
1993 else
1994 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1995 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1996
1997 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1998 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1999 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2000
2001 /* Update the LEDs and the read/write statistics. */
2002 if (cbTransfer >= 2048)
2003 {
2004 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2005 {
2006 s->Led.Actual.s.fReading = 0;
2007 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2008 }
2009 else
2010 {
2011 s->Led.Actual.s.fWriting = 0;
2012 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2013 }
2014 }
2015
2016 if (RT_SUCCESS(rc))
2017 {
2018 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2019 {
2020 Assert(cbTransfer <= s->cbTotalTransfer);
2021 /* Reply with the same amount of data as the real drive. */
2022 s->cbTotalTransfer = cbTransfer;
2023 /* The initial buffer end value has been set up based on the total
2024 * transfer size. But the I/O buffer size limits what can actually be
2025 * done in one transfer, so set the actual value of the buffer end. */
2026 s->cbElementaryTransfer = cbTransfer;
2027 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2028 {
2029 /* Make sure that the real drive cannot be identified.
2030 * Motivation: changing the VM configuration should be as
2031 * invisible as possible to the guest. */
2032 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2033 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2034 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2035 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2036 }
2037 if (cbTransfer)
2038 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2039 }
2040 s->iSourceSink = ATAFN_SS_NULL;
2041 atapiCmdOK(s);
2042 }
2043 else
2044 {
2045 if (s->cErrors < MAX_LOG_REL_ERRORS)
2046 {
2047 uint8_t u8Cmd = s->aATAPICmd[0];
2048 do
2049 {
2050 /* don't log superflous errors */
2051 if ( rc == VERR_DEV_IO_ERROR
2052 && ( u8Cmd == SCSI_TEST_UNIT_READY
2053 || u8Cmd == SCSI_READ_CAPACITY
2054 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2055 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2056 break;
2057 s->cErrors++;
2058 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2059 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2060 } while (0);
2061 }
2062 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2063 }
2064 return false;
2065}
2066
2067/** @todo: Revise ASAP. */
2068static bool atapiReadDVDStructureSS(ATADevState *s)
2069{
2070 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2071 int media = s->aATAPICmd[1];
2072 int format = s->aATAPICmd[7];
2073
2074 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2075
2076 memset(buf, 0, max_len);
2077
2078 switch (format) {
2079 case 0x00:
2080 case 0x01:
2081 case 0x02:
2082 case 0x03:
2083 case 0x04:
2084 case 0x05:
2085 case 0x06:
2086 case 0x07:
2087 case 0x08:
2088 case 0x09:
2089 case 0x0a:
2090 case 0x0b:
2091 case 0x0c:
2092 case 0x0d:
2093 case 0x0e:
2094 case 0x0f:
2095 case 0x10:
2096 case 0x11:
2097 case 0x30:
2098 case 0x31:
2099 case 0xff:
2100 if (media == 0)
2101 {
2102 int uASC = SCSI_ASC_NONE;
2103
2104 switch (format)
2105 {
2106 case 0x0: /* Physical format information */
2107 {
2108 int layer = s->aATAPICmd[6];
2109 uint64_t total_sectors;
2110
2111 if (layer != 0)
2112 {
2113 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2114 break;
2115 }
2116
2117 total_sectors = s->cTotalSectors;
2118 total_sectors >>= 2;
2119 if (total_sectors == 0)
2120 {
2121 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2122 break;
2123 }
2124
2125 buf[4] = 1; /* DVD-ROM, part version 1 */
2126 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2127 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2128 buf[7] = 0; /* default densities */
2129
2130 /* FIXME: 0x30000 per spec? */
2131 ataH2BE_U32(buf + 8, 0); /* start sector */
2132 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2133 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2134
2135 /* Size of buffer, not including 2 byte size field */
2136 ataH2BE_U32(&buf[0], 2048 + 2);
2137
2138 /* 2k data + 4 byte header */
2139 uASC = (2048 + 4);
2140 }
2141 break;
2142 case 0x01: /* DVD copyright information */
2143 buf[4] = 0; /* no copyright data */
2144 buf[5] = 0; /* no region restrictions */
2145
2146 /* Size of buffer, not including 2 byte size field */
2147 ataH2BE_U16(buf, 4 + 2);
2148
2149 /* 4 byte header + 4 byte data */
2150 uASC = (4 + 4);
2151
2152 case 0x03: /* BCA information - invalid field for no BCA info */
2153 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2154 break;
2155
2156 case 0x04: /* DVD disc manufacturing information */
2157 /* Size of buffer, not including 2 byte size field */
2158 ataH2BE_U16(buf, 2048 + 2);
2159
2160 /* 2k data + 4 byte header */
2161 uASC = (2048 + 4);
2162 break;
2163 case 0xff:
2164 /*
2165 * This lists all the command capabilities above. Add new ones
2166 * in order and update the length and buffer return values.
2167 */
2168
2169 buf[4] = 0x00; /* Physical format */
2170 buf[5] = 0x40; /* Not writable, is readable */
2171 ataH2BE_U16((buf + 6), 2048 + 4);
2172
2173 buf[8] = 0x01; /* Copyright info */
2174 buf[9] = 0x40; /* Not writable, is readable */
2175 ataH2BE_U16((buf + 10), 4 + 4);
2176
2177 buf[12] = 0x03; /* BCA info */
2178 buf[13] = 0x40; /* Not writable, is readable */
2179 ataH2BE_U16((buf + 14), 188 + 4);
2180
2181 buf[16] = 0x04; /* Manufacturing info */
2182 buf[17] = 0x40; /* Not writable, is readable */
2183 ataH2BE_U16((buf + 18), 2048 + 4);
2184
2185 /* Size of buffer, not including 2 byte size field */
2186 ataH2BE_U16(buf, 16 + 2);
2187
2188 /* data written + 4 byte header */
2189 uASC = (16 + 4);
2190 break;
2191 default: /* TODO: formats beyond DVD-ROM requires */
2192 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2193 }
2194
2195 if (uASC < 0)
2196 {
2197 s->iSourceSink = ATAFN_SS_NULL;
2198 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2199 return false;
2200 }
2201 break;
2202 }
2203 /* TODO: BD support, fall through for now */
2204
2205 /* Generic disk structures */
2206 case 0x80: /* TODO: AACS volume identifier */
2207 case 0x81: /* TODO: AACS media serial number */
2208 case 0x82: /* TODO: AACS media identifier */
2209 case 0x83: /* TODO: AACS media key block */
2210 case 0x90: /* TODO: List of recognized format layers */
2211 case 0xc0: /* TODO: Write protection status */
2212 default:
2213 s->iSourceSink = ATAFN_SS_NULL;
2214 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2215 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2216 return false;
2217 }
2218
2219 s->iSourceSink = ATAFN_SS_NULL;
2220 atapiCmdOK(s);
2221 return false;
2222}
2223
2224static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2225{
2226 Assert(cSectors > 0);
2227 s->iATAPILBA = iATAPILBA;
2228 s->cbATAPISector = cbSector;
2229 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2230 return false;
2231}
2232
2233
2234static bool atapiReadCapacitySS(ATADevState *s)
2235{
2236 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2237
2238 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2239 Assert(s->cbElementaryTransfer <= 8);
2240 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2241 ataH2BE_U32(pbBuf + 4, 2048);
2242 s->iSourceSink = ATAFN_SS_NULL;
2243 atapiCmdOK(s);
2244 return false;
2245}
2246
2247
2248static bool atapiReadDiscInformationSS(ATADevState *s)
2249{
2250 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2251
2252 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2253 Assert(s->cbElementaryTransfer <= 34);
2254 memset(pbBuf, '\0', 34);
2255 ataH2BE_U16(pbBuf, 32);
2256 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2257 pbBuf[3] = 1; /* number of first track */
2258 pbBuf[4] = 1; /* number of sessions (LSB) */
2259 pbBuf[5] = 1; /* first track number in last session (LSB) */
2260 pbBuf[6] = 1; /* last track number in last session (LSB) */
2261 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2262 pbBuf[8] = 0; /* disc type = CD-ROM */
2263 pbBuf[9] = 0; /* number of sessions (MSB) */
2264 pbBuf[10] = 0; /* number of sessions (MSB) */
2265 pbBuf[11] = 0; /* number of sessions (MSB) */
2266 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2267 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2268 s->iSourceSink = ATAFN_SS_NULL;
2269 atapiCmdOK(s);
2270 return false;
2271}
2272
2273
2274static bool atapiReadTrackInformationSS(ATADevState *s)
2275{
2276 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2277
2278 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2279 Assert(s->cbElementaryTransfer <= 36);
2280 /* Accept address/number type of 1 only, and only track 1 exists. */
2281 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2282 {
2283 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2284 return false;
2285 }
2286 memset(pbBuf, '\0', 36);
2287 ataH2BE_U16(pbBuf, 34);
2288 pbBuf[2] = 1; /* track number (LSB) */
2289 pbBuf[3] = 1; /* session number (LSB) */
2290 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2291 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2292 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2293 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2294 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2295 pbBuf[32] = 0; /* track number (MSB) */
2296 pbBuf[33] = 0; /* session number (MSB) */
2297 s->iSourceSink = ATAFN_SS_NULL;
2298 atapiCmdOK(s);
2299 return false;
2300}
2301
2302
2303static bool atapiGetConfigurationSS(ATADevState *s)
2304{
2305 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2306 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2307
2308 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2309 Assert(s->cbElementaryTransfer <= 32);
2310 /* Accept valid request types only, and only starting feature 0. */
2311 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2312 {
2313 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2314 return false;
2315 }
2316 memset(pbBuf, '\0', 32);
2317 ataH2BE_U32(pbBuf, 16);
2318 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2319 * way to differentiate them right now is based on the image size). Also
2320 * implement signalling "no current profile" if no medium is loaded. */
2321 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2322
2323 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2324 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2325 pbBuf[11] = 8; /* additional bytes for profiles */
2326 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2327 * before CD-ROM read capability. */
2328 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2329 pbBuf[14] = (0 << 0); /* NOT current profile */
2330 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2331 pbBuf[18] = (1 << 0); /* current profile */
2332 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2333 s->iSourceSink = ATAFN_SS_NULL;
2334 atapiCmdOK(s);
2335 return false;
2336}
2337
2338
2339static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2340{
2341 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2342
2343 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2344 Assert(s->cbElementaryTransfer <= 8);
2345
2346 if (!(s->aATAPICmd[1] & 1))
2347 {
2348 /* no asynchronous operation supported */
2349 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2350 return false;
2351 }
2352
2353 uint32_t OldStatus, NewStatus;
2354 do
2355 {
2356 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2357 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2358 switch (OldStatus)
2359 {
2360 case ATA_EVENT_STATUS_MEDIA_NEW:
2361 /* mount */
2362 ataH2BE_U16(pbBuf + 0, 6);
2363 pbBuf[2] = 0x04; /* media */
2364 pbBuf[3] = 0x5e; /* suppored = busy|media|external|power|operational */
2365 pbBuf[4] = 0x02; /* new medium */
2366 pbBuf[5] = 0x02; /* medium present / door closed */
2367 pbBuf[6] = 0x00;
2368 pbBuf[7] = 0x00;
2369 break;
2370
2371 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2372 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2373 /* umount */
2374 ataH2BE_U16(pbBuf + 0, 6);
2375 pbBuf[2] = 0x04; /* media */
2376 pbBuf[3] = 0x5e; /* suppored = busy|media|external|power|operational */
2377 pbBuf[4] = 0x03; /* media removal */
2378 pbBuf[5] = 0x00; /* medium absent / door closed */
2379 pbBuf[6] = 0x00;
2380 pbBuf[7] = 0x00;
2381 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2382 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2383 break;
2384
2385 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2386 ataH2BE_U16(pbBuf + 0, 6);
2387 pbBuf[2] = 0x04; /* media */
2388 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2389 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2390 pbBuf[5] = 0x02; /* medium present / door closed */
2391 pbBuf[6] = 0x00;
2392 pbBuf[7] = 0x00;
2393 break;
2394
2395 case ATA_EVENT_STATUS_UNCHANGED:
2396 default:
2397 ataH2BE_U16(pbBuf + 0, 6);
2398 pbBuf[2] = 0x01; /* operational change request / notification */
2399 pbBuf[3] = 0x5e; /* suppored = busy|media|external|power|operational */
2400 pbBuf[4] = 0x00;
2401 pbBuf[5] = 0x00;
2402 pbBuf[6] = 0x00;
2403 pbBuf[7] = 0x00;
2404 break;
2405 }
2406 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2407
2408 s->iSourceSink = ATAFN_SS_NULL;
2409 atapiCmdOK(s);
2410 return false;
2411}
2412
2413
2414static bool atapiInquirySS(ATADevState *s)
2415{
2416 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2417
2418 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2419 Assert(s->cbElementaryTransfer <= 36);
2420 pbBuf[0] = 0x05; /* CD-ROM */
2421 pbBuf[1] = 0x80; /* removable */
2422#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2423 pbBuf[2] = 0x00; /* ISO */
2424 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2425#else
2426 pbBuf[2] = 0x00; /* ISO */
2427 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2428#endif
2429 pbBuf[4] = 31; /* additional length */
2430 pbBuf[5] = 0; /* reserved */
2431 pbBuf[6] = 0; /* reserved */
2432 pbBuf[7] = 0; /* reserved */
2433 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2434 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2435 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2436 s->iSourceSink = ATAFN_SS_NULL;
2437 atapiCmdOK(s);
2438 return false;
2439}
2440
2441
2442static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2443{
2444 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2445
2446 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2447 Assert(s->cbElementaryTransfer <= 16);
2448 ataH2BE_U16(&pbBuf[0], 16 + 6);
2449 pbBuf[2] = 0x70;
2450 pbBuf[3] = 0;
2451 pbBuf[4] = 0;
2452 pbBuf[5] = 0;
2453 pbBuf[6] = 0;
2454 pbBuf[7] = 0;
2455
2456 pbBuf[8] = 0x01;
2457 pbBuf[9] = 0x06;
2458 pbBuf[10] = 0x00;
2459 pbBuf[11] = 0x05;
2460 pbBuf[12] = 0x00;
2461 pbBuf[13] = 0x00;
2462 pbBuf[14] = 0x00;
2463 pbBuf[15] = 0x00;
2464 s->iSourceSink = ATAFN_SS_NULL;
2465 atapiCmdOK(s);
2466 return false;
2467}
2468
2469
2470static bool atapiModeSenseCDStatusSS(ATADevState *s)
2471{
2472 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2473
2474 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2475 Assert(s->cbElementaryTransfer <= 40);
2476 ataH2BE_U16(&pbBuf[0], 38);
2477 pbBuf[2] = 0x70;
2478 pbBuf[3] = 0;
2479 pbBuf[4] = 0;
2480 pbBuf[5] = 0;
2481 pbBuf[6] = 0;
2482 pbBuf[7] = 0;
2483
2484 pbBuf[8] = 0x2a;
2485 pbBuf[9] = 30; /* page length */
2486 pbBuf[10] = 0x08; /* DVD-ROM read support */
2487 pbBuf[11] = 0x00; /* no write support */
2488 /* The following claims we support audio play. This is obviously false,
2489 * but the Linux generic CDROM support makes many features depend on this
2490 * capability. If it's not set, this causes many things to be disabled. */
2491 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2492 pbBuf[13] = 0x00; /* no subchannel reads supported */
2493 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2494 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2495 pbBuf[14] |= 1 << 1; /* report lock state */
2496 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2497 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2498 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2499 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2500 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2501 pbBuf[24] = 0; /* reserved */
2502 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2503 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2504 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2505 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2506 pbBuf[32] = 0; /* reserved */
2507 pbBuf[33] = 0; /* reserved */
2508 pbBuf[34] = 0; /* reserved */
2509 pbBuf[35] = 1; /* rotation control CAV */
2510 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2511 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2512 s->iSourceSink = ATAFN_SS_NULL;
2513 atapiCmdOK(s);
2514 return false;
2515}
2516
2517
2518static bool atapiRequestSenseSS(ATADevState *s)
2519{
2520 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2521
2522 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2523 memset(pbBuf, '\0', s->cbElementaryTransfer);
2524 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2525 s->iSourceSink = ATAFN_SS_NULL;
2526 atapiCmdOK(s);
2527 return false;
2528}
2529
2530
2531static bool atapiMechanismStatusSS(ATADevState *s)
2532{
2533 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2534
2535 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2536 Assert(s->cbElementaryTransfer <= 8);
2537 ataH2BE_U16(pbBuf, 0);
2538 /* no current LBA */
2539 pbBuf[2] = 0;
2540 pbBuf[3] = 0;
2541 pbBuf[4] = 0;
2542 pbBuf[5] = 1;
2543 ataH2BE_U16(pbBuf + 6, 0);
2544 s->iSourceSink = ATAFN_SS_NULL;
2545 atapiCmdOK(s);
2546 return false;
2547}
2548
2549
2550static bool atapiReadTOCNormalSS(ATADevState *s)
2551{
2552 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2553 bool fMSF;
2554 uint32_t cbSize;
2555
2556 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2557 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2558 iStartTrack = s->aATAPICmd[6];
2559 if (iStartTrack > 1 && iStartTrack != 0xaa)
2560 {
2561 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2562 return false;
2563 }
2564 q = pbBuf + 2;
2565 *q++ = 1; /* first session */
2566 *q++ = 1; /* last session */
2567 if (iStartTrack <= 1)
2568 {
2569 *q++ = 0; /* reserved */
2570 *q++ = 0x14; /* ADR, control */
2571 *q++ = 1; /* track number */
2572 *q++ = 0; /* reserved */
2573 if (fMSF)
2574 {
2575 *q++ = 0; /* reserved */
2576 ataLBA2MSF(q, 0);
2577 q += 3;
2578 }
2579 else
2580 {
2581 /* sector 0 */
2582 ataH2BE_U32(q, 0);
2583 q += 4;
2584 }
2585 }
2586 /* lead out track */
2587 *q++ = 0; /* reserved */
2588 *q++ = 0x14; /* ADR, control */
2589 *q++ = 0xaa; /* track number */
2590 *q++ = 0; /* reserved */
2591 if (fMSF)
2592 {
2593 *q++ = 0; /* reserved */
2594 ataLBA2MSF(q, s->cTotalSectors);
2595 q += 3;
2596 }
2597 else
2598 {
2599 ataH2BE_U32(q, s->cTotalSectors);
2600 q += 4;
2601 }
2602 cbSize = q - pbBuf;
2603 ataH2BE_U16(pbBuf, cbSize - 2);
2604 if (cbSize < s->cbTotalTransfer)
2605 s->cbTotalTransfer = cbSize;
2606 s->iSourceSink = ATAFN_SS_NULL;
2607 atapiCmdOK(s);
2608 return false;
2609}
2610
2611
2612static bool atapiReadTOCMultiSS(ATADevState *s)
2613{
2614 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2615 bool fMSF;
2616
2617 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2618 Assert(s->cbElementaryTransfer <= 12);
2619 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2620 /* multi session: only a single session defined */
2621/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2622 memset(pbBuf, 0, 12);
2623 pbBuf[1] = 0x0a;
2624 pbBuf[2] = 0x01;
2625 pbBuf[3] = 0x01;
2626 pbBuf[5] = 0x14; /* ADR, control */
2627 pbBuf[6] = 1; /* first track in last complete session */
2628 if (fMSF)
2629 {
2630 pbBuf[8] = 0; /* reserved */
2631 ataLBA2MSF(&pbBuf[9], 0);
2632 }
2633 else
2634 {
2635 /* sector 0 */
2636 ataH2BE_U32(pbBuf + 8, 0);
2637 }
2638 s->iSourceSink = ATAFN_SS_NULL;
2639 atapiCmdOK(s);
2640 return false;
2641}
2642
2643
2644static bool atapiReadTOCRawSS(ATADevState *s)
2645{
2646 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2647 bool fMSF;
2648 uint32_t cbSize;
2649
2650 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2651 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2652 iStartTrack = s->aATAPICmd[6];
2653
2654 q = pbBuf + 2;
2655 *q++ = 1; /* first session */
2656 *q++ = 1; /* last session */
2657
2658 *q++ = 1; /* session number */
2659 *q++ = 0x14; /* data track */
2660 *q++ = 0; /* track number */
2661 *q++ = 0xa0; /* first track in program area */
2662 *q++ = 0; /* min */
2663 *q++ = 0; /* sec */
2664 *q++ = 0; /* frame */
2665 *q++ = 0;
2666 *q++ = 1; /* first track */
2667 *q++ = 0x00; /* disk type CD-DA or CD data */
2668 *q++ = 0;
2669
2670 *q++ = 1; /* session number */
2671 *q++ = 0x14; /* data track */
2672 *q++ = 0; /* track number */
2673 *q++ = 0xa1; /* last track in program area */
2674 *q++ = 0; /* min */
2675 *q++ = 0; /* sec */
2676 *q++ = 0; /* frame */
2677 *q++ = 0;
2678 *q++ = 1; /* last track */
2679 *q++ = 0;
2680 *q++ = 0;
2681
2682 *q++ = 1; /* session number */
2683 *q++ = 0x14; /* data track */
2684 *q++ = 0; /* track number */
2685 *q++ = 0xa2; /* lead-out */
2686 *q++ = 0; /* min */
2687 *q++ = 0; /* sec */
2688 *q++ = 0; /* frame */
2689 if (fMSF)
2690 {
2691 *q++ = 0; /* reserved */
2692 ataLBA2MSF(q, s->cTotalSectors);
2693 q += 3;
2694 }
2695 else
2696 {
2697 ataH2BE_U32(q, s->cTotalSectors);
2698 q += 4;
2699 }
2700
2701 *q++ = 1; /* session number */
2702 *q++ = 0x14; /* ADR, control */
2703 *q++ = 0; /* track number */
2704 *q++ = 1; /* point */
2705 *q++ = 0; /* min */
2706 *q++ = 0; /* sec */
2707 *q++ = 0; /* frame */
2708 if (fMSF)
2709 {
2710 *q++ = 0; /* reserved */
2711 ataLBA2MSF(q, 0);
2712 q += 3;
2713 }
2714 else
2715 {
2716 /* sector 0 */
2717 ataH2BE_U32(q, 0);
2718 q += 4;
2719 }
2720
2721 cbSize = q - pbBuf;
2722 ataH2BE_U16(pbBuf, cbSize - 2);
2723 if (cbSize < s->cbTotalTransfer)
2724 s->cbTotalTransfer = cbSize;
2725 s->iSourceSink = ATAFN_SS_NULL;
2726 atapiCmdOK(s);
2727 return false;
2728}
2729
2730
2731static void atapiParseCmdVirtualATAPI(ATADevState *s)
2732{
2733 const uint8_t *pbPacket;
2734 uint8_t *pbBuf;
2735 uint32_t cbMax;
2736
2737 pbPacket = s->aATAPICmd;
2738 pbBuf = s->CTX_SUFF(pbIOBuffer);
2739 switch (pbPacket[0])
2740 {
2741 case SCSI_TEST_UNIT_READY:
2742 if (s->cNotifiedMediaChange > 0)
2743 {
2744 if (s->cNotifiedMediaChange-- > 2)
2745 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2746 else
2747 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2748 }
2749 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2750 atapiCmdOK(s);
2751 else
2752 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2753 break;
2754 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2755 cbMax = ataBE2H_U16(pbPacket + 7);
2756 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2757 break;
2758 case SCSI_MODE_SENSE_10:
2759 {
2760 uint8_t uPageControl, uPageCode;
2761 cbMax = ataBE2H_U16(pbPacket + 7);
2762 uPageControl = pbPacket[2] >> 6;
2763 uPageCode = pbPacket[2] & 0x3f;
2764 switch (uPageControl)
2765 {
2766 case SCSI_PAGECONTROL_CURRENT:
2767 switch (uPageCode)
2768 {
2769 case SCSI_MODEPAGE_ERROR_RECOVERY:
2770 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2771 break;
2772 case SCSI_MODEPAGE_CD_STATUS:
2773 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2774 break;
2775 default:
2776 goto error_cmd;
2777 }
2778 break;
2779 case SCSI_PAGECONTROL_CHANGEABLE:
2780 goto error_cmd;
2781 case SCSI_PAGECONTROL_DEFAULT:
2782 goto error_cmd;
2783 default:
2784 case SCSI_PAGECONTROL_SAVED:
2785 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2786 break;
2787 }
2788 }
2789 break;
2790 case SCSI_REQUEST_SENSE:
2791 cbMax = pbPacket[4];
2792 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2793 break;
2794 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2795 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2796 {
2797 if (pbPacket[4] & 1)
2798 s->pDrvMount->pfnLock(s->pDrvMount);
2799 else
2800 s->pDrvMount->pfnUnlock(s->pDrvMount);
2801 atapiCmdOK(s);
2802 }
2803 else
2804 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2805 break;
2806 case SCSI_READ_10:
2807 case SCSI_READ_12:
2808 {
2809 uint32_t cSectors, iATAPILBA;
2810
2811 if (s->cNotifiedMediaChange > 0)
2812 {
2813 s->cNotifiedMediaChange-- ;
2814 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2815 break;
2816 }
2817 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2818 {
2819 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2820 break;
2821 }
2822 if (pbPacket[0] == SCSI_READ_10)
2823 cSectors = ataBE2H_U16(pbPacket + 7);
2824 else
2825 cSectors = ataBE2H_U32(pbPacket + 6);
2826 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2827 if (cSectors == 0)
2828 {
2829 atapiCmdOK(s);
2830 break;
2831 }
2832 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2833 {
2834 /* Rate limited logging, one log line per second. For
2835 * guests that insist on reading from places outside the
2836 * valid area this often generates too many release log
2837 * entries otherwise. */
2838 static uint64_t uLastLogTS = 0;
2839 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2840 {
2841 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2842 uLastLogTS = RTTimeMilliTS();
2843 }
2844 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2845 break;
2846 }
2847 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2848 }
2849 break;
2850 case SCSI_READ_CD:
2851 {
2852 uint32_t cSectors, iATAPILBA;
2853
2854 if (s->cNotifiedMediaChange > 0)
2855 {
2856 s->cNotifiedMediaChange-- ;
2857 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2858 break;
2859 }
2860 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2861 {
2862 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2863 break;
2864 }
2865 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2866 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2867 if (cSectors == 0)
2868 {
2869 atapiCmdOK(s);
2870 break;
2871 }
2872 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2873 {
2874 /* Rate limited logging, one log line per second. For
2875 * guests that insist on reading from places outside the
2876 * valid area this often generates too many release log
2877 * entries otherwise. */
2878 static uint64_t uLastLogTS = 0;
2879 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2880 {
2881 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2882 uLastLogTS = RTTimeMilliTS();
2883 }
2884 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2885 break;
2886 }
2887 switch (pbPacket[9] & 0xf8)
2888 {
2889 case 0x00:
2890 /* nothing */
2891 atapiCmdOK(s);
2892 break;
2893 case 0x10:
2894 /* normal read */
2895 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2896 break;
2897 case 0xf8:
2898 /* read all data */
2899 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2900 break;
2901 default:
2902 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2903 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2904 break;
2905 }
2906 }
2907 break;
2908 case SCSI_SEEK_10:
2909 {
2910 uint32_t iATAPILBA;
2911 if (s->cNotifiedMediaChange > 0)
2912 {
2913 s->cNotifiedMediaChange-- ;
2914 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2915 break;
2916 }
2917 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2918 {
2919 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2920 break;
2921 }
2922 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2923 if (iATAPILBA > s->cTotalSectors)
2924 {
2925 /* Rate limited logging, one log line per second. For
2926 * guests that insist on seeking to places outside the
2927 * valid area this often generates too many release log
2928 * entries otherwise. */
2929 static uint64_t uLastLogTS = 0;
2930 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2931 {
2932 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2933 uLastLogTS = RTTimeMilliTS();
2934 }
2935 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2936 break;
2937 }
2938 atapiCmdOK(s);
2939 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2940 }
2941 break;
2942 case SCSI_START_STOP_UNIT:
2943 {
2944 int rc = VINF_SUCCESS;
2945 switch (pbPacket[4] & 3)
2946 {
2947 case 0: /* 00 - Stop motor */
2948 case 1: /* 01 - Start motor */
2949 break;
2950 case 2: /* 10 - Eject media */
2951 /* This must be done from EMT. */
2952 {
2953 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2954 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2955
2956 PDMCritSectLeave(&pCtl->lock);
2957 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
2958 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2959 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED));
2960 {
2961 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2962 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2963 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2964 }
2965 }
2966 break;
2967 case 3: /* 11 - Load media */
2968 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2969 break;
2970 }
2971 if (RT_SUCCESS(rc))
2972 atapiCmdOK(s);
2973 else
2974 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2975 }
2976 break;
2977 case SCSI_MECHANISM_STATUS:
2978 {
2979 cbMax = ataBE2H_U16(pbPacket + 8);
2980 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2981 }
2982 break;
2983 case SCSI_READ_TOC_PMA_ATIP:
2984 {
2985 uint8_t format;
2986
2987 if (s->cNotifiedMediaChange > 0)
2988 {
2989 s->cNotifiedMediaChange-- ;
2990 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2991 break;
2992 }
2993 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2994 {
2995 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2996 break;
2997 }
2998 cbMax = ataBE2H_U16(pbPacket + 7);
2999 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3000 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3001 * the other field is clear... */
3002 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3003 switch (format)
3004 {
3005 case 0:
3006 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3007 break;
3008 case 1:
3009 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3010 break;
3011 case 2:
3012 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3013 break;
3014 default:
3015 error_cmd:
3016 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3017 break;
3018 }
3019 }
3020 break;
3021 case SCSI_READ_CAPACITY:
3022 if (s->cNotifiedMediaChange > 0)
3023 {
3024 s->cNotifiedMediaChange-- ;
3025 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3026 break;
3027 }
3028 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3029 {
3030 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3031 break;
3032 }
3033 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3034 break;
3035 case SCSI_READ_DISC_INFORMATION:
3036 if (s->cNotifiedMediaChange > 0)
3037 {
3038 s->cNotifiedMediaChange-- ;
3039 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3040 break;
3041 }
3042 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3043 {
3044 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3045 break;
3046 }
3047 cbMax = ataBE2H_U16(pbPacket + 7);
3048 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3049 break;
3050 case SCSI_READ_TRACK_INFORMATION:
3051 if (s->cNotifiedMediaChange > 0)
3052 {
3053 s->cNotifiedMediaChange-- ;
3054 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3055 break;
3056 }
3057 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3058 {
3059 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3060 break;
3061 }
3062 cbMax = ataBE2H_U16(pbPacket + 7);
3063 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3064 break;
3065 case SCSI_GET_CONFIGURATION:
3066 /* No media change stuff here, it can confuse Linux guests. */
3067 cbMax = ataBE2H_U16(pbPacket + 7);
3068 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3069 break;
3070 case SCSI_INQUIRY:
3071 cbMax = ataBE2H_U16(pbPacket + 3);
3072 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3073 break;
3074 case SCSI_READ_DVD_STRUCTURE:
3075 {
3076 cbMax = ataBE2H_U16(pbPacket + 8);
3077 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3078 break;
3079 }
3080 default:
3081 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3082 break;
3083 }
3084}
3085
3086
3087/*
3088 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3089 */
3090static void atapiParseCmdPassthrough(ATADevState *s)
3091{
3092 const uint8_t *pbPacket;
3093 uint8_t *pbBuf;
3094 uint32_t cSectors, iATAPILBA;
3095 uint32_t cbTransfer = 0;
3096 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3097
3098 pbPacket = s->aATAPICmd;
3099 pbBuf = s->CTX_SUFF(pbIOBuffer);
3100 switch (pbPacket[0])
3101 {
3102 case SCSI_BLANK:
3103 goto sendcmd;
3104 case SCSI_CLOSE_TRACK_SESSION:
3105 goto sendcmd;
3106 case SCSI_ERASE_10:
3107 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3108 cbTransfer = ataBE2H_U16(pbPacket + 7);
3109 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3110 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3111 goto sendcmd;
3112 case SCSI_FORMAT_UNIT:
3113 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3114 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3115 goto sendcmd;
3116 case SCSI_GET_CONFIGURATION:
3117 cbTransfer = ataBE2H_U16(pbPacket + 7);
3118 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3119 goto sendcmd;
3120 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3121 cbTransfer = ataBE2H_U16(pbPacket + 7);
3122 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3123 {
3124 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3125 break;
3126 }
3127 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3128 goto sendcmd;
3129 case SCSI_GET_PERFORMANCE:
3130 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3131 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3132 goto sendcmd;
3133 case SCSI_INQUIRY:
3134 cbTransfer = ataBE2H_U16(pbPacket + 3);
3135 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3136 goto sendcmd;
3137 case SCSI_LOAD_UNLOAD_MEDIUM:
3138 goto sendcmd;
3139 case SCSI_MECHANISM_STATUS:
3140 cbTransfer = ataBE2H_U16(pbPacket + 8);
3141 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3142 goto sendcmd;
3143 case SCSI_MODE_SELECT_10:
3144 cbTransfer = ataBE2H_U16(pbPacket + 7);
3145 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3146 goto sendcmd;
3147 case SCSI_MODE_SENSE_10:
3148 cbTransfer = ataBE2H_U16(pbPacket + 7);
3149 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3150 goto sendcmd;
3151 case SCSI_PAUSE_RESUME:
3152 goto sendcmd;
3153 case SCSI_PLAY_AUDIO_10:
3154 goto sendcmd;
3155 case SCSI_PLAY_AUDIO_12:
3156 goto sendcmd;
3157 case SCSI_PLAY_AUDIO_MSF:
3158 goto sendcmd;
3159 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3160 /** @todo do not forget to unlock when a VM is shut down */
3161 goto sendcmd;
3162 case SCSI_READ_10:
3163 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3164 cSectors = ataBE2H_U16(pbPacket + 7);
3165 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3166 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3167 cbTransfer = cSectors * s->cbATAPISector;
3168 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3169 goto sendcmd;
3170 case SCSI_READ_12:
3171 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3172 cSectors = ataBE2H_U32(pbPacket + 6);
3173 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3174 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3175 cbTransfer = cSectors * s->cbATAPISector;
3176 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3177 goto sendcmd;
3178 case SCSI_READ_BUFFER:
3179 cbTransfer = ataBE2H_U24(pbPacket + 6);
3180 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3181 goto sendcmd;
3182 case SCSI_READ_BUFFER_CAPACITY:
3183 cbTransfer = ataBE2H_U16(pbPacket + 7);
3184 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3185 goto sendcmd;
3186 case SCSI_READ_CAPACITY:
3187 cbTransfer = 8;
3188 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3189 goto sendcmd;
3190 case SCSI_READ_CD:
3191 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3192 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
3193 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3194 goto sendcmd;
3195 case SCSI_READ_CD_MSF:
3196 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3197 if (cSectors > 32)
3198 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3199 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3200 cbTransfer = cSectors * s->cbATAPISector;
3201 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3202 goto sendcmd;
3203 case SCSI_READ_DISC_INFORMATION:
3204 cbTransfer = ataBE2H_U16(pbPacket + 7);
3205 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3206 goto sendcmd;
3207 case SCSI_READ_DVD_STRUCTURE:
3208 cbTransfer = ataBE2H_U16(pbPacket + 8);
3209 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3210 goto sendcmd;
3211 case SCSI_READ_FORMAT_CAPACITIES:
3212 cbTransfer = ataBE2H_U16(pbPacket + 7);
3213 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3214 goto sendcmd;
3215 case SCSI_READ_SUBCHANNEL:
3216 cbTransfer = ataBE2H_U16(pbPacket + 7);
3217 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3218 goto sendcmd;
3219 case SCSI_READ_TOC_PMA_ATIP:
3220 cbTransfer = ataBE2H_U16(pbPacket + 7);
3221 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3222 goto sendcmd;
3223 case SCSI_READ_TRACK_INFORMATION:
3224 cbTransfer = ataBE2H_U16(pbPacket + 7);
3225 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3226 goto sendcmd;
3227 case SCSI_REPAIR_TRACK:
3228 goto sendcmd;
3229 case SCSI_REPORT_KEY:
3230 cbTransfer = ataBE2H_U16(pbPacket + 8);
3231 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3232 goto sendcmd;
3233 case SCSI_REQUEST_SENSE:
3234 cbTransfer = pbPacket[4];
3235 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3236 {
3237 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3238 break;
3239 }
3240 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3241 goto sendcmd;
3242 case SCSI_RESERVE_TRACK:
3243 goto sendcmd;
3244 case SCSI_SCAN:
3245 goto sendcmd;
3246 case SCSI_SEEK_10:
3247 goto sendcmd;
3248 case SCSI_SEND_CUE_SHEET:
3249 cbTransfer = ataBE2H_U24(pbPacket + 6);
3250 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3251 goto sendcmd;
3252 case SCSI_SEND_DVD_STRUCTURE:
3253 cbTransfer = ataBE2H_U16(pbPacket + 8);
3254 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3255 goto sendcmd;
3256 case SCSI_SEND_EVENT:
3257 cbTransfer = ataBE2H_U16(pbPacket + 8);
3258 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3259 goto sendcmd;
3260 case SCSI_SEND_KEY:
3261 cbTransfer = ataBE2H_U16(pbPacket + 8);
3262 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3263 goto sendcmd;
3264 case SCSI_SEND_OPC_INFORMATION:
3265 cbTransfer = ataBE2H_U16(pbPacket + 7);
3266 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3267 goto sendcmd;
3268 case SCSI_SET_CD_SPEED:
3269 goto sendcmd;
3270 case SCSI_SET_READ_AHEAD:
3271 goto sendcmd;
3272 case SCSI_SET_STREAMING:
3273 cbTransfer = ataBE2H_U16(pbPacket + 9);
3274 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3275 goto sendcmd;
3276 case SCSI_START_STOP_UNIT:
3277 goto sendcmd;
3278 case SCSI_STOP_PLAY_SCAN:
3279 goto sendcmd;
3280 case SCSI_SYNCHRONIZE_CACHE:
3281 goto sendcmd;
3282 case SCSI_TEST_UNIT_READY:
3283 goto sendcmd;
3284 case SCSI_VERIFY_10:
3285 goto sendcmd;
3286 case SCSI_WRITE_10:
3287 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3288 cSectors = ataBE2H_U16(pbPacket + 7);
3289 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3290#if 0
3291 /* The sector size is determined by the async I/O thread. */
3292 s->cbATAPISector = 0;
3293 /* Preliminary, will be corrected once the sector size is known. */
3294 cbTransfer = cSectors;
3295#else
3296 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3297 cbTransfer = cSectors * s->cbATAPISector;
3298#endif
3299 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3300 goto sendcmd;
3301 case SCSI_WRITE_12:
3302 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3303 cSectors = ataBE2H_U32(pbPacket + 6);
3304 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3305#if 0
3306 /* The sector size is determined by the async I/O thread. */
3307 s->cbATAPISector = 0;
3308 /* Preliminary, will be corrected once the sector size is known. */
3309 cbTransfer = cSectors;
3310#else
3311 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3312 cbTransfer = cSectors * s->cbATAPISector;
3313#endif
3314 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3315 goto sendcmd;
3316 case SCSI_WRITE_AND_VERIFY_10:
3317 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3318 cSectors = ataBE2H_U16(pbPacket + 7);
3319 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3320 /* The sector size is determined by the async I/O thread. */
3321 s->cbATAPISector = 0;
3322 /* Preliminary, will be corrected once the sector size is known. */
3323 cbTransfer = cSectors;
3324 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3325 goto sendcmd;
3326 case SCSI_WRITE_BUFFER:
3327 switch (pbPacket[1] & 0x1f)
3328 {
3329 case 0x04: /* download microcode */
3330 case 0x05: /* download microcode and save */
3331 case 0x06: /* download microcode with offsets */
3332 case 0x07: /* download microcode with offsets and save */
3333 case 0x0e: /* download microcode with offsets and defer activation */
3334 case 0x0f: /* activate deferred microcode */
3335 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3336 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3337 break;
3338 default:
3339 cbTransfer = ataBE2H_U16(pbPacket + 6);
3340 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3341 goto sendcmd;
3342 }
3343 break;
3344 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3345 cbTransfer = ataBE2H_U32(pbPacket + 6);
3346 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3347 goto sendcmd;
3348 case SCSI_REZERO_UNIT:
3349 /* Obsolete command used by cdrecord. What else would one expect?
3350 * This command is not sent to the drive, it is handled internally,
3351 * as the Linux kernel doesn't like it (message "scsi: unknown
3352 * opcode 0x01" in syslog) and replies with a sense code of 0,
3353 * which sends cdrecord to an endless loop. */
3354 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3355 break;
3356 default:
3357 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3358 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3359 break;
3360 sendcmd:
3361 /* Send a command to the drive, passing data in/out as required. */
3362 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3363 Assert(cbTransfer <= s->cbIOBuffer);
3364 if (cbTransfer == 0)
3365 uTxDir = PDMBLOCKTXDIR_NONE;
3366 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3367 }
3368}
3369
3370
3371static void atapiParseCmd(ATADevState *s)
3372{
3373 const uint8_t *pbPacket;
3374
3375 pbPacket = s->aATAPICmd;
3376#ifdef DEBUG
3377 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3378#else /* !DEBUG */
3379 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3380#endif /* !DEBUG */
3381 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3382
3383 if (s->fATAPIPassthrough)
3384 atapiParseCmdPassthrough(s);
3385 else
3386 atapiParseCmdVirtualATAPI(s);
3387}
3388
3389
3390static bool ataPacketSS(ATADevState *s)
3391{
3392 s->fDMA = !!(s->uATARegFeature & 1);
3393 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3394 s->uTxDir = PDMBLOCKTXDIR_NONE;
3395 s->cbTotalTransfer = 0;
3396 s->cbElementaryTransfer = 0;
3397 atapiParseCmd(s);
3398 return false;
3399}
3400
3401
3402/**
3403 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3404 * from now on, regardless if there was a medium inserted or not.
3405 */
3406static void ataMediumRemoved(ATADevState *s)
3407{
3408 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3409}
3410
3411
3412/**
3413 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3414 * there was already a medium inserted, don't forget to send the "medium
3415 * removed" event first.
3416 */
3417static void ataMediumInserted(ATADevState *s)
3418{
3419 uint32_t OldStatus, NewStatus;
3420 do
3421 {
3422 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3423 switch (OldStatus)
3424 {
3425 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3426 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3427 /* no change, we will send "medium removed" + "medium inserted" */
3428 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3429 break;
3430 default:
3431 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3432 break;
3433 }
3434 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3435}
3436
3437
3438/**
3439 * Called when a media is mounted.
3440 *
3441 * @param pInterface Pointer to the interface structure containing the called function pointer.
3442 */
3443static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3444{
3445 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3446 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3447
3448 /* Ignore the call if we're called while being attached. */
3449 if (!pIf->pDrvBlock)
3450 return;
3451
3452 if (pIf->fATAPI)
3453 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3454 else
3455 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3456
3457 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3458
3459 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3460 if (pIf->cNotifiedMediaChange < 2)
3461 pIf->cNotifiedMediaChange = 2;
3462 ataMediumInserted(pIf);
3463}
3464
3465/**
3466 * Called when a media is unmounted
3467 * @param pInterface Pointer to the interface structure containing the called function pointer.
3468 */
3469static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3470{
3471 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3472 Log(("%s:\n", __FUNCTION__));
3473 pIf->cTotalSectors = 0;
3474
3475 /*
3476 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3477 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3478 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3479 * present and 2 in which it is changed.
3480 */
3481 pIf->cNotifiedMediaChange = 4;
3482 ataMediumRemoved(pIf);
3483}
3484
3485static void ataPacketBT(ATADevState *s)
3486{
3487 s->cbElementaryTransfer = s->cbTotalTransfer;
3488 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3489 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3490 ataSetStatusValue(s, ATA_STAT_READY);
3491}
3492
3493
3494static void ataResetDevice(ATADevState *s)
3495{
3496 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3497 s->cNotifiedMediaChange = 0;
3498 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3499 ataUnsetIRQ(s);
3500
3501 s->uATARegSelect = 0x20;
3502 ataSetStatusValue(s, ATA_STAT_READY);
3503 ataSetSignature(s);
3504 s->cbTotalTransfer = 0;
3505 s->cbElementaryTransfer = 0;
3506 s->iIOBufferPIODataStart = 0;
3507 s->iIOBufferPIODataEnd = 0;
3508 s->iBeginTransfer = ATAFN_BT_NULL;
3509 s->iSourceSink = ATAFN_SS_NULL;
3510 s->fDMA = false;
3511 s->fATAPITransfer = false;
3512 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3513
3514 s->uATARegFeature = 0;
3515}
3516
3517
3518static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3519{
3520 ataSetSignature(s);
3521 if (s->fATAPI)
3522 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3523 else
3524 ataSetStatusValue(s, ATA_STAT_READY);
3525 s->uATARegError = 0x01;
3526 return false;
3527}
3528
3529
3530static void ataParseCmd(ATADevState *s, uint8_t cmd)
3531{
3532#ifdef DEBUG
3533 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3534#else /* !DEBUG */
3535 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3536#endif /* !DEBUG */
3537 s->fLBA48 = false;
3538 s->fDMA = false;
3539 if (cmd == ATA_IDLE_IMMEDIATE)
3540 {
3541 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3542 * would overwrite the failing command unfortunately), then RESET. */
3543 int32_t uCmdWait = -1;
3544 uint64_t uNow = RTTimeNanoTS();
3545 if (s->u64CmdTS)
3546 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3547 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3548 s->iLUN, s->uATARegCommand, uCmdWait));
3549 }
3550 s->uATARegCommand = cmd;
3551 switch (cmd)
3552 {
3553 case ATA_IDENTIFY_DEVICE:
3554 if (s->pDrvBlock && !s->fATAPI)
3555 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3556 else
3557 {
3558 if (s->fATAPI)
3559 ataSetSignature(s);
3560 ataCmdError(s, ABRT_ERR);
3561 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3562 }
3563 break;
3564 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3565 case ATA_RECALIBRATE:
3566 ataCmdOK(s, ATA_STAT_SEEK);
3567 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3568 break;
3569 case ATA_SET_MULTIPLE_MODE:
3570 if ( s->uATARegNSector != 0
3571 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3572 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3573 {
3574 ataCmdError(s, ABRT_ERR);
3575 }
3576 else
3577 {
3578 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3579 s->cMultSectors = s->uATARegNSector;
3580 ataCmdOK(s, 0);
3581 }
3582 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3583 break;
3584 case ATA_READ_VERIFY_SECTORS_EXT:
3585 s->fLBA48 = true;
3586 case ATA_READ_VERIFY_SECTORS:
3587 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3588 /* do sector number check ? */
3589 ataCmdOK(s, 0);
3590 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3591 break;
3592 case ATA_READ_SECTORS_EXT:
3593 s->fLBA48 = true;
3594 case ATA_READ_SECTORS:
3595 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3596 if (!s->pDrvBlock)
3597 goto abort_cmd;
3598 s->cSectorsPerIRQ = 1;
3599 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3600 break;
3601 case ATA_WRITE_SECTORS_EXT:
3602 s->fLBA48 = true;
3603 case ATA_WRITE_SECTORS:
3604 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3605 s->cSectorsPerIRQ = 1;
3606 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3607 break;
3608 case ATA_READ_MULTIPLE_EXT:
3609 s->fLBA48 = true;
3610 case ATA_READ_MULTIPLE:
3611 if (!s->cMultSectors)
3612 goto abort_cmd;
3613 s->cSectorsPerIRQ = s->cMultSectors;
3614 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3615 break;
3616 case ATA_WRITE_MULTIPLE_EXT:
3617 s->fLBA48 = true;
3618 case ATA_WRITE_MULTIPLE:
3619 if (!s->cMultSectors)
3620 goto abort_cmd;
3621 s->cSectorsPerIRQ = s->cMultSectors;
3622 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3623 break;
3624 case ATA_READ_DMA_EXT:
3625 s->fLBA48 = true;
3626 case ATA_READ_DMA:
3627 case ATA_READ_DMA_WITHOUT_RETRIES:
3628 if (!s->pDrvBlock)
3629 goto abort_cmd;
3630 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3631 s->fDMA = true;
3632 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3633 break;
3634 case ATA_WRITE_DMA_EXT:
3635 s->fLBA48 = true;
3636 case ATA_WRITE_DMA:
3637 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3638 if (!s->pDrvBlock)
3639 goto abort_cmd;
3640 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3641 s->fDMA = true;
3642 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3643 break;
3644 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3645 s->fLBA48 = true;
3646 ataSetSector(s, s->cTotalSectors - 1);
3647 ataCmdOK(s, 0);
3648 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3649 break;
3650 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3651 ataCmdOK(s, 0);
3652 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3653 break;
3654 case ATA_READ_NATIVE_MAX_ADDRESS:
3655 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3656 ataCmdOK(s, 0);
3657 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3658 break;
3659 case ATA_CHECK_POWER_MODE:
3660 s->uATARegNSector = 0xff; /* drive active or idle */
3661 ataCmdOK(s, 0);
3662 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3663 break;
3664 case ATA_SET_FEATURES:
3665 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3666 if (!s->pDrvBlock)
3667 goto abort_cmd;
3668 switch (s->uATARegFeature)
3669 {
3670 case 0x02: /* write cache enable */
3671 Log2(("%s: write cache enable\n", __FUNCTION__));
3672 ataCmdOK(s, ATA_STAT_SEEK);
3673 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3674 break;
3675 case 0xaa: /* read look-ahead enable */
3676 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3677 ataCmdOK(s, ATA_STAT_SEEK);
3678 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3679 break;
3680 case 0x55: /* read look-ahead disable */
3681 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3682 ataCmdOK(s, ATA_STAT_SEEK);
3683 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3684 break;
3685 case 0xcc: /* reverting to power-on defaults enable */
3686 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3687 ataCmdOK(s, ATA_STAT_SEEK);
3688 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3689 break;
3690 case 0x66: /* reverting to power-on defaults disable */
3691 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3692 ataCmdOK(s, ATA_STAT_SEEK);
3693 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3694 break;
3695 case 0x82: /* write cache disable */
3696 Log2(("%s: write cache disable\n", __FUNCTION__));
3697 /* As per the ATA/ATAPI-6 specs, a write cache disable
3698 * command MUST flush the write buffers to disc. */
3699 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3700 break;
3701 case 0x03: { /* set transfer mode */
3702 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3703 switch (s->uATARegNSector & 0xf8)
3704 {
3705 case 0x00: /* PIO default */
3706 case 0x08: /* PIO mode */
3707 break;
3708 case ATA_MODE_MDMA: /* MDMA mode */
3709 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3710 break;
3711 case ATA_MODE_UDMA: /* UDMA mode */
3712 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3713 break;
3714 default:
3715 goto abort_cmd;
3716 }
3717 ataCmdOK(s, ATA_STAT_SEEK);
3718 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3719 break;
3720 }
3721 default:
3722 goto abort_cmd;
3723 }
3724 /*
3725 * OS/2 workarond:
3726 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3727 * reset here. According to the specification, this is a driver bug as the register
3728 * contents are undefined after the call. This means we can just as well reset it.
3729 */
3730 s->uATARegFeature = 0;
3731 break;
3732 case ATA_FLUSH_CACHE_EXT:
3733 case ATA_FLUSH_CACHE:
3734 if (!s->pDrvBlock || s->fATAPI)
3735 goto abort_cmd;
3736 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3737 break;
3738 case ATA_STANDBY_IMMEDIATE:
3739 ataCmdOK(s, 0);
3740 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3741 break;
3742 case ATA_IDLE_IMMEDIATE:
3743 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3744 ataAbortCurrentCommand(s, false);
3745 break;
3746 case ATA_SLEEP:
3747 ataCmdOK(s, 0);
3748 ataSetIRQ(s);
3749 break;
3750 /* ATAPI commands */
3751 case ATA_IDENTIFY_PACKET_DEVICE:
3752 if (s->fATAPI)
3753 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3754 else
3755 {
3756 ataCmdError(s, ABRT_ERR);
3757 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3758 }
3759 break;
3760 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3761 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3762 break;
3763 case ATA_DEVICE_RESET:
3764 if (!s->fATAPI)
3765 goto abort_cmd;
3766 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3767 ataAbortCurrentCommand(s, true);
3768 break;
3769 case ATA_PACKET:
3770 if (!s->fATAPI)
3771 goto abort_cmd;
3772 /* overlapping commands not supported */
3773 if (s->uATARegFeature & 0x02)
3774 goto abort_cmd;
3775 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3776 break;
3777 default:
3778 abort_cmd:
3779 ataCmdError(s, ABRT_ERR);
3780 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3781 break;
3782 }
3783}
3784
3785#endif /* IN_RING3 */
3786
3787static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3788{
3789 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3790 addr &= 7;
3791 switch (addr)
3792 {
3793 case 0:
3794 break;
3795 case 1: /* feature register */
3796 /* NOTE: data is written to the two drives */
3797 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3798 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3799 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3800 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3801 pCtl->aIfs[0].uATARegFeature = val;
3802 pCtl->aIfs[1].uATARegFeature = val;
3803 break;
3804 case 2: /* sector count */
3805 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3806 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3807 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3808 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3809 pCtl->aIfs[0].uATARegNSector = val;
3810 pCtl->aIfs[1].uATARegNSector = val;
3811 break;
3812 case 3: /* sector number */
3813 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3814 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3815 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3816 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3817 pCtl->aIfs[0].uATARegSector = val;
3818 pCtl->aIfs[1].uATARegSector = val;
3819 break;
3820 case 4: /* cylinder low */
3821 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3822 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3823 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3824 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3825 pCtl->aIfs[0].uATARegLCyl = val;
3826 pCtl->aIfs[1].uATARegLCyl = val;
3827 break;
3828 case 5: /* cylinder high */
3829 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3830 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3831 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3832 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3833 pCtl->aIfs[0].uATARegHCyl = val;
3834 pCtl->aIfs[1].uATARegHCyl = val;
3835 break;
3836 case 6: /* drive/head */
3837 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3838 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3839 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3840 {
3841 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3842
3843 /* select another drive */
3844 pCtl->iSelectedIf = (val >> 4) & 1;
3845 /* The IRQ line is multiplexed between the two drives, so
3846 * update the state when switching to another drive. Only need
3847 * to update interrupt line if it is enabled and there is a
3848 * state change. */
3849 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3850 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3851 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3852 {
3853 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3854 {
3855 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3856 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3857 * the interrupt line is asserted. It monitors the line
3858 * for a rising edge. */
3859 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3860 if (pCtl->irq == 16)
3861 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3862 else
3863 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3864 }
3865 else
3866 {
3867 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3868 if (pCtl->irq == 16)
3869 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3870 else
3871 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3872 }
3873 }
3874 }
3875 break;
3876 default:
3877 case 7: /* command */
3878 /* ignore commands to non existant slave */
3879 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3880 break;
3881#ifndef IN_RING3
3882 /* Don't do anything complicated in GC */
3883 return VINF_IOM_HC_IOPORT_WRITE;
3884#else /* IN_RING3 */
3885 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3886#endif /* !IN_RING3 */
3887 }
3888 return VINF_SUCCESS;
3889}
3890
3891
3892static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3893{
3894 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3895 uint32_t val;
3896 bool fHOB;
3897
3898 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3899 switch (addr & 7)
3900 {
3901 case 0: /* data register */
3902 val = 0xff;
3903 break;
3904 case 1: /* error register */
3905 /* The ATA specification is very terse when it comes to specifying
3906 * the precise effects of reading back the error/feature register.
3907 * The error register (read-only) shares the register number with
3908 * the feature register (write-only), so it seems that it's not
3909 * necessary to support the usual HOB readback here. */
3910 if (!s->pDrvBlock)
3911 val = 0;
3912 else
3913 val = s->uATARegError;
3914 break;
3915 case 2: /* sector count */
3916 if (!s->pDrvBlock)
3917 val = 0;
3918 else if (fHOB)
3919 val = s->uATARegNSectorHOB;
3920 else
3921 val = s->uATARegNSector;
3922 break;
3923 case 3: /* sector number */
3924 if (!s->pDrvBlock)
3925 val = 0;
3926 else if (fHOB)
3927 val = s->uATARegSectorHOB;
3928 else
3929 val = s->uATARegSector;
3930 break;
3931 case 4: /* cylinder low */
3932 if (!s->pDrvBlock)
3933 val = 0;
3934 else if (fHOB)
3935 val = s->uATARegLCylHOB;
3936 else
3937 val = s->uATARegLCyl;
3938 break;
3939 case 5: /* cylinder high */
3940 if (!s->pDrvBlock)
3941 val = 0;
3942 else if (fHOB)
3943 val = s->uATARegHCylHOB;
3944 else
3945 val = s->uATARegHCyl;
3946 break;
3947 case 6: /* drive/head */
3948 /* This register must always work as long as there is at least
3949 * one drive attached to the controller. It is common between
3950 * both drives anyway (completely identical content). */
3951 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3952 val = 0;
3953 else
3954 val = s->uATARegSelect;
3955 break;
3956 default:
3957 case 7: /* primary status */
3958 {
3959 /* Counter for number of busy status seen in GC in a row. */
3960 static unsigned cBusy = 0;
3961
3962 if (!s->pDrvBlock)
3963 val = 0;
3964 else
3965 val = s->uATARegStatus;
3966
3967 /* Give the async I/O thread an opportunity to make progress,
3968 * don't let it starve by guests polling frequently. EMT has a
3969 * lower priority than the async I/O thread, but sometimes the
3970 * host OS doesn't care. With some guests we are only allowed to
3971 * be busy for about 5 milliseconds in some situations. Note that
3972 * this is no guarantee for any other VBox thread getting
3973 * scheduled, so this just lowers the CPU load a bit when drives
3974 * are busy. It cannot help with timing problems. */
3975 if (val & ATA_STAT_BUSY)
3976 {
3977#ifdef IN_RING3
3978 cBusy = 0;
3979 PDMCritSectLeave(&pCtl->lock);
3980
3981#ifndef RT_OS_WINDOWS
3982 /*
3983 * The thread might be stuck in an I/O operation
3984 * due to a high I/O load on the host. (see @bugref{3301})
3985 * To perform the reset successfully
3986 * we interrupt the operation by sending a signal to the thread
3987 * if the thread didn't responded in 10ms.
3988 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
3989 * does the same but it was introduced with Vista) but so far
3990 * this hang was only observed on Linux and Mac OS X.
3991 *
3992 * This is a workaround and needs to be solved properly.
3993 */
3994 if (pCtl->fReset)
3995 {
3996 uint64_t u64ResetTimeStop = RTTimeMilliTS();
3997
3998 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
3999 {
4000 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4001 pCtl->u64ResetTime = u64ResetTimeStop;
4002 RTThreadPoke(pCtl->AsyncIOThread);
4003 }
4004 }
4005#endif
4006
4007 RTThreadYield();
4008
4009 {
4010 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4011 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4012 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4013 }
4014
4015 val = s->uATARegStatus;
4016#else /* !IN_RING3 */
4017 /* Cannot yield CPU in guest context. And switching to host
4018 * context for each and every busy status is too costly,
4019 * especially on SMP systems where we don't gain much by
4020 * yielding the CPU to someone else. */
4021 if (++cBusy >= 20)
4022 {
4023 cBusy = 0;
4024 return VINF_IOM_HC_IOPORT_READ;
4025 }
4026#endif /* !IN_RING3 */
4027 }
4028 else
4029 cBusy = 0;
4030 ataUnsetIRQ(s);
4031 break;
4032 }
4033 }
4034 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4035 *pu32 = val;
4036 return VINF_SUCCESS;
4037}
4038
4039
4040static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4041{
4042 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4043 uint32_t val;
4044
4045 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4046 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4047 val = 0;
4048 else
4049 val = s->uATARegStatus;
4050 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4051 return val;
4052}
4053
4054static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4055{
4056#ifndef IN_RING3
4057 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4058 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4059#endif /* !IN_RING3 */
4060
4061 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4062 /* RESET is common for both drives attached to a controller. */
4063 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4064 (val & ATA_DEVCTL_RESET))
4065 {
4066#ifdef IN_RING3
4067 /* Software RESET low to high */
4068 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4069 uint64_t uNow = RTTimeNanoTS();
4070 if (pCtl->aIfs[0].u64CmdTS)
4071 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4072 if (pCtl->aIfs[1].u64CmdTS)
4073 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4074 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4075 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4076 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4077 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4078 pCtl->fReset = true;
4079 /* Everything must be done after the reset flag is set, otherwise
4080 * there are unavoidable races with the currently executing request
4081 * (which might just finish in the mean time). */
4082 pCtl->fChainedTransfer = false;
4083 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4084 {
4085 ataResetDevice(&pCtl->aIfs[i]);
4086 /* The following cannot be done using ataSetStatusValue() since the
4087 * reset flag is already set, which suppresses all status changes. */
4088 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4089 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4090 pCtl->aIfs[i].uATARegError = 0x01;
4091 }
4092 ataAsyncIOClearRequests(pCtl);
4093 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4094 if (val & ATA_DEVCTL_HOB)
4095 {
4096 val &= ~ATA_DEVCTL_HOB;
4097 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4098 }
4099
4100 /* Save the timestamp we started the reset. */
4101 pCtl->u64ResetTime = RTTimeMilliTS();
4102
4103 /* Issue the reset request now. */
4104 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4105#else /* !IN_RING3 */
4106 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4107#endif /* IN_RING3 */
4108 }
4109 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4110 !(val & ATA_DEVCTL_RESET))
4111 {
4112#ifdef IN_RING3
4113 /* Software RESET high to low */
4114 Log(("%s: deasserting RESET\n", __FUNCTION__));
4115 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4116 if (val & ATA_DEVCTL_HOB)
4117 {
4118 val &= ~ATA_DEVCTL_HOB;
4119 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4120 }
4121 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4122#else /* !IN_RING3 */
4123 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4124#endif /* IN_RING3 */
4125 }
4126
4127 /* Change of interrupt disable flag. Update interrupt line if interrupt
4128 * is pending on the current interface. */
4129 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4130 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4131 {
4132 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4133 {
4134 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4135 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4136 * interrupt line is asserted. It monitors the line for a rising
4137 * edge. */
4138 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4139 if (pCtl->irq == 16)
4140 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4141 else
4142 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4143 }
4144 else
4145 {
4146 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4147 if (pCtl->irq == 16)
4148 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4149 else
4150 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4151 }
4152 }
4153
4154 if (val & ATA_DEVCTL_HOB)
4155 Log2(("%s: set HOB\n", __FUNCTION__));
4156
4157 pCtl->aIfs[0].uATARegDevCtl = val;
4158 pCtl->aIfs[1].uATARegDevCtl = val;
4159
4160 return VINF_SUCCESS;
4161}
4162
4163#ifdef IN_RING3
4164
4165static void ataPIOTransfer(PATACONTROLLER pCtl)
4166{
4167 ATADevState *s;
4168
4169 s = &pCtl->aIfs[pCtl->iAIOIf];
4170 Log3(("%s: if=%p\n", __FUNCTION__, s));
4171
4172 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4173 {
4174 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4175 /* Any guest OS that triggers this case has a pathetic ATA driver.
4176 * In a real system it would block the CPU via IORDY, here we do it
4177 * very similarly by not continuing with the current instruction
4178 * until the transfer to/from the storage medium is completed. */
4179 if (s->iSourceSink != ATAFN_SS_NULL)
4180 {
4181 bool fRedo;
4182 uint8_t status = s->uATARegStatus;
4183 ataSetStatusValue(s, ATA_STAT_BUSY);
4184 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4185 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4186 pCtl->fRedo = fRedo;
4187 if (RT_UNLIKELY(fRedo))
4188 return;
4189 ataSetStatusValue(s, status);
4190 s->iIOBufferCur = 0;
4191 s->iIOBufferEnd = s->cbElementaryTransfer;
4192 }
4193 }
4194 if (s->cbTotalTransfer)
4195 {
4196 if (s->fATAPITransfer)
4197 ataPIOTransferLimitATAPI(s);
4198
4199 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4200 s->cbElementaryTransfer = s->cbTotalTransfer;
4201
4202 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4203 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4204 s->cbTotalTransfer, s->cbElementaryTransfer,
4205 s->iIOBufferCur, s->iIOBufferEnd));
4206 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4207 s->cbTotalTransfer -= s->cbElementaryTransfer;
4208 s->iIOBufferCur += s->cbElementaryTransfer;
4209
4210 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4211 s->cbElementaryTransfer = s->cbTotalTransfer;
4212 }
4213 else
4214 ataPIOTransferStop(s);
4215}
4216
4217
4218DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4219{
4220 /* Do not interfere with RESET processing if the PIO transfer finishes
4221 * while the RESET line is asserted. */
4222 if (pCtl->fReset)
4223 {
4224 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4225 return;
4226 }
4227
4228 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4229 || ( s->iSourceSink != ATAFN_SS_NULL
4230 && s->iIOBufferCur >= s->iIOBufferEnd))
4231 {
4232 /* Need to continue the transfer in the async I/O thread. This is
4233 * the case for write operations or generally for not yet finished
4234 * transfers (some data might need to be read). */
4235 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4236 ataSetStatus(s, ATA_STAT_BUSY);
4237
4238 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4239 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4240 }
4241 else
4242 {
4243 /* Either everything finished (though some data might still be pending)
4244 * or some data is pending before the next read is due. */
4245
4246 /* Continue a previously started transfer. */
4247 ataUnsetStatus(s, ATA_STAT_DRQ);
4248 ataSetStatus(s, ATA_STAT_READY);
4249
4250 if (s->cbTotalTransfer)
4251 {
4252 /* There is more to transfer, happens usually for large ATAPI
4253 * reads - the protocol limits the chunk size to 65534 bytes. */
4254 ataPIOTransfer(pCtl);
4255 ataSetIRQ(s);
4256 }
4257 else
4258 {
4259 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4260 /* Finish PIO transfer. */
4261 ataPIOTransfer(pCtl);
4262 Assert(!pCtl->fRedo);
4263 }
4264 }
4265}
4266
4267#endif /* IN_RING3 */
4268
4269static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4270{
4271 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4272 uint8_t *p;
4273
4274 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4275 {
4276 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4277 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4278#ifndef IN_RING3
4279 /* All but the last transfer unit is simple enough for GC, but
4280 * sending a request to the async IO thread is too complicated. */
4281 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4282 {
4283 memcpy(p, pbBuf, cbSize);
4284 s->iIOBufferPIODataStart += cbSize;
4285 }
4286 else
4287 return VINF_IOM_HC_IOPORT_WRITE;
4288#else /* IN_RING3 */
4289 memcpy(p, pbBuf, cbSize);
4290 s->iIOBufferPIODataStart += cbSize;
4291 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4292 ataPIOTransferFinish(pCtl, s);
4293#endif /* !IN_RING3 */
4294 }
4295 else
4296 Log2(("%s: DUMMY data\n", __FUNCTION__));
4297 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4298 return VINF_SUCCESS;
4299}
4300
4301static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4302{
4303 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4304 uint8_t *p;
4305
4306 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4307 {
4308 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4309 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4310#ifndef IN_RING3
4311 /* All but the last transfer unit is simple enough for GC, but
4312 * sending a request to the async IO thread is too complicated. */
4313 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4314 {
4315 memcpy(pbBuf, p, cbSize);
4316 s->iIOBufferPIODataStart += cbSize;
4317 }
4318 else
4319 return VINF_IOM_HC_IOPORT_READ;
4320#else /* IN_RING3 */
4321 memcpy(pbBuf, p, cbSize);
4322 s->iIOBufferPIODataStart += cbSize;
4323 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4324 ataPIOTransferFinish(pCtl, s);
4325#endif /* !IN_RING3 */
4326 }
4327 else
4328 {
4329 Log2(("%s: DUMMY data\n", __FUNCTION__));
4330 memset(pbBuf, '\xff', cbSize);
4331 }
4332 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4333 return VINF_SUCCESS;
4334}
4335
4336#ifdef IN_RING3
4337
4338static void ataDMATransferStop(ATADevState *s)
4339{
4340 s->cbTotalTransfer = 0;
4341 s->cbElementaryTransfer = 0;
4342 s->iBeginTransfer = ATAFN_BT_NULL;
4343 s->iSourceSink = ATAFN_SS_NULL;
4344}
4345
4346
4347/**
4348 * Perform the entire DMA transfer in one go (unless a source/sink operation
4349 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4350 * this function cannot handle empty transfers.
4351 *
4352 * @param pCtl Controller for which to perform the transfer.
4353 */
4354static void ataDMATransfer(PATACONTROLLER pCtl)
4355{
4356 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4357 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4358 bool fRedo;
4359 RTGCPHYS32 pDesc;
4360 uint32_t cbTotalTransfer, cbElementaryTransfer;
4361 uint32_t iIOBufferCur, iIOBufferEnd;
4362 uint32_t dmalen;
4363 PDMBLOCKTXDIR uTxDir;
4364 bool fLastDesc = false;
4365
4366 Assert(sizeof(BMDMADesc) == 8);
4367
4368 fRedo = pCtl->fRedo;
4369 if (RT_LIKELY(!fRedo))
4370 Assert(s->cbTotalTransfer);
4371 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4372 cbTotalTransfer = s->cbTotalTransfer;
4373 cbElementaryTransfer = s->cbElementaryTransfer;
4374 iIOBufferCur = s->iIOBufferCur;
4375 iIOBufferEnd = s->iIOBufferEnd;
4376
4377 /* The DMA loop is designed to hold the lock only when absolutely
4378 * necessary. This avoids long freezes should the guest access the
4379 * ATA registers etc. for some reason. */
4380 PDMCritSectLeave(&pCtl->lock);
4381
4382 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4383 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4384 cbTotalTransfer, cbElementaryTransfer,
4385 iIOBufferCur, iIOBufferEnd));
4386 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4387 {
4388 BMDMADesc DMADesc;
4389 RTGCPHYS32 pBuffer;
4390 uint32_t cbBuffer;
4391
4392 if (RT_UNLIKELY(fRedo))
4393 {
4394 pBuffer = pCtl->pRedoDMABuffer;
4395 cbBuffer = pCtl->cbRedoDMABuffer;
4396 fLastDesc = pCtl->fRedoDMALastDesc;
4397 }
4398 else
4399 {
4400 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4401 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4402 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4403 fLastDesc = !!(cbBuffer & 0x80000000);
4404 cbBuffer &= 0xfffe;
4405 if (cbBuffer == 0)
4406 cbBuffer = 0x10000;
4407 if (cbBuffer > cbTotalTransfer)
4408 cbBuffer = cbTotalTransfer;
4409 }
4410
4411 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4412 {
4413 if (RT_LIKELY(!fRedo))
4414 {
4415 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4416 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4417 (int)pDesc, pBuffer, cbBuffer));
4418 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4419 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4420 else
4421 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4422 iIOBufferCur += dmalen;
4423 cbTotalTransfer -= dmalen;
4424 cbBuffer -= dmalen;
4425 pBuffer += dmalen;
4426 }
4427 if ( iIOBufferCur == iIOBufferEnd
4428 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4429 {
4430 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4431 cbElementaryTransfer = cbTotalTransfer;
4432
4433 {
4434 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4435 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4436 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4437 }
4438
4439 /* The RESET handler could have cleared the DMA transfer
4440 * state (since we didn't hold the lock until just now
4441 * the guest can continue in parallel). If so, the state
4442 * is already set up so the loop is exited immediately. */
4443 if (s->iSourceSink != ATAFN_SS_NULL)
4444 {
4445 s->iIOBufferCur = iIOBufferCur;
4446 s->iIOBufferEnd = iIOBufferEnd;
4447 s->cbElementaryTransfer = cbElementaryTransfer;
4448 s->cbTotalTransfer = cbTotalTransfer;
4449 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4450 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4451 if (RT_UNLIKELY(fRedo))
4452 {
4453 pCtl->pFirstDMADesc = pDesc;
4454 pCtl->pRedoDMABuffer = pBuffer;
4455 pCtl->cbRedoDMABuffer = cbBuffer;
4456 pCtl->fRedoDMALastDesc = fLastDesc;
4457 }
4458 else
4459 {
4460 cbTotalTransfer = s->cbTotalTransfer;
4461 cbElementaryTransfer = s->cbElementaryTransfer;
4462
4463 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4464 cbElementaryTransfer = cbTotalTransfer;
4465 iIOBufferCur = 0;
4466 iIOBufferEnd = cbElementaryTransfer;
4467 }
4468 pCtl->fRedo = fRedo;
4469 }
4470 else
4471 {
4472 /* This forces the loop to exit immediately. */
4473 pDesc = pCtl->pLastDMADesc + 1;
4474 }
4475
4476 PDMCritSectLeave(&pCtl->lock);
4477 if (RT_UNLIKELY(fRedo))
4478 break;
4479 }
4480 }
4481
4482 if (RT_UNLIKELY(fRedo))
4483 break;
4484
4485 /* end of transfer */
4486 if (!cbTotalTransfer || fLastDesc)
4487 break;
4488
4489 {
4490 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4491 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4492 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4493 }
4494
4495 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4496 {
4497 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4498 if (!pCtl->fReset)
4499 ataDMATransferStop(s);
4500 /* This forces the loop to exit immediately. */
4501 pDesc = pCtl->pLastDMADesc + 1;
4502 }
4503
4504 PDMCritSectLeave(&pCtl->lock);
4505 }
4506
4507 {
4508 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4509 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4510 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4511 }
4512
4513 if (RT_UNLIKELY(fRedo))
4514 return;
4515
4516 if (fLastDesc)
4517 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4518 s->cbTotalTransfer = cbTotalTransfer;
4519 s->cbElementaryTransfer = cbElementaryTransfer;
4520 s->iIOBufferCur = iIOBufferCur;
4521 s->iIOBufferEnd = iIOBufferEnd;
4522}
4523
4524/**
4525 * Signal PDM that we're idle (if we actually are).
4526 *
4527 * @param pCtl The controller.
4528 */
4529static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4530{
4531 /*
4532 * Take the mutex here and recheck the idle indicator to avoid
4533 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4534 */
4535 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4536
4537 if ( pCtl->fSignalIdle
4538 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4539 {
4540 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4541 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4542 }
4543
4544 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4545}
4546
4547/** Asynch I/O thread for an interface. Once upon a time this was readable
4548 * code with several loops and a different semaphore for each purpose. But
4549 * then came the "how can one save the state in the middle of a PIO transfer"
4550 * question. The solution was to use an ASM, which is what's there now. */
4551static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4552{
4553 const ATARequest *pReq;
4554 uint64_t u64TS = 0; /* shut up gcc */
4555 uint64_t uWait;
4556 int rc = VINF_SUCCESS;
4557 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4558 ATADevState *s;
4559
4560 pReq = NULL;
4561 pCtl->fChainedTransfer = false;
4562 while (!pCtl->fShutdown)
4563 {
4564 /* Keep this thread from doing anything as long as EMT is suspended. */
4565 while (pCtl->fRedoIdle)
4566 {
4567 if (pCtl->fSignalIdle)
4568 ataR3AsyncSignalIdle(pCtl);
4569 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4570 /* Continue if we got a signal by RTThreadPoke().
4571 * We will get notified if there is a request to process.
4572 */
4573 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4574 continue;
4575 if (RT_FAILURE(rc) || pCtl->fShutdown)
4576 break;
4577
4578 pCtl->fRedoIdle = false;
4579 }
4580
4581 /* Wait for work. */
4582 while (pReq == NULL)
4583 {
4584 if (pCtl->fSignalIdle)
4585 ataR3AsyncSignalIdle(pCtl);
4586 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4587 /* Continue if we got a signal by RTThreadPoke().
4588 * We will get notified if there is a request to process.
4589 */
4590 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4591 continue;
4592 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4593 break;
4594
4595 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4596 }
4597
4598 if (RT_FAILURE(rc) || pCtl->fShutdown)
4599 break;
4600
4601 if (pReq == NULL)
4602 continue;
4603
4604 ATAAIO ReqType = pReq->ReqType;
4605
4606 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4607 if (pCtl->uAsyncIOState != ReqType)
4608 {
4609 /* The new state is not the state that was expected by the normal
4610 * state changes. This is either a RESET/ABORT or there's something
4611 * really strange going on. */
4612 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4613 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4614 {
4615 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4616 ataAsyncIODumpRequests(pCtl);
4617 }
4618 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4619 }
4620
4621 /* Do our work. */
4622 {
4623 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4624 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4625 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4626 }
4627
4628 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4629 {
4630 u64TS = RTTimeNanoTS();
4631#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4632 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4633#endif /* DEBUG || VBOX_WITH_STATISTICS */
4634 }
4635
4636 switch (ReqType)
4637 {
4638 case ATA_AIO_NEW:
4639
4640 pCtl->iAIOIf = pReq->u.t.iIf;
4641 s = &pCtl->aIfs[pCtl->iAIOIf];
4642 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4643 s->uTxDir = pReq->u.t.uTxDir;
4644 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4645 s->iSourceSink = pReq->u.t.iSourceSink;
4646 s->iIOBufferEnd = 0;
4647 s->u64CmdTS = u64TS;
4648
4649 if (s->fATAPI)
4650 {
4651 if (pCtl->fChainedTransfer)
4652 {
4653 /* Only count the actual transfers, not the PIO
4654 * transfer of the ATAPI command bytes. */
4655 if (s->fDMA)
4656 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4657 else
4658 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4659 }
4660 }
4661 else
4662 {
4663 if (s->fDMA)
4664 STAM_REL_COUNTER_INC(&s->StatATADMA);
4665 else
4666 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4667 }
4668
4669 pCtl->fChainedTransfer = false;
4670
4671 if (s->iBeginTransfer != ATAFN_BT_NULL)
4672 {
4673 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4674 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4675 s->iBeginTransfer = ATAFN_BT_NULL;
4676 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4677 s->iIOBufferEnd = s->cbElementaryTransfer;
4678 }
4679 else
4680 {
4681 s->cbElementaryTransfer = s->cbTotalTransfer;
4682 s->iIOBufferEnd = s->cbTotalTransfer;
4683 }
4684 s->iIOBufferCur = 0;
4685
4686 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4687 {
4688 if (s->iSourceSink != ATAFN_SS_NULL)
4689 {
4690 bool fRedo;
4691 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4692 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4693 pCtl->fRedo = fRedo;
4694 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4695 {
4696 /* Operation failed at the initial transfer, restart
4697 * everything from scratch by resending the current
4698 * request. Occurs very rarely, not worth optimizing. */
4699 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4700 ataAsyncIOPutRequest(pCtl, pReq);
4701 break;
4702 }
4703 }
4704 else
4705 ataCmdOK(s, 0);
4706 s->iIOBufferEnd = s->cbElementaryTransfer;
4707
4708 }
4709
4710 /* Do not go into the transfer phase if RESET is asserted.
4711 * The CritSect is released while waiting for the host OS
4712 * to finish the I/O, thus RESET is possible here. Most
4713 * important: do not change uAsyncIOState. */
4714 if (pCtl->fReset)
4715 break;
4716
4717 if (s->fDMA)
4718 {
4719 if (s->cbTotalTransfer)
4720 {
4721 ataSetStatus(s, ATA_STAT_DRQ);
4722
4723 pCtl->uAsyncIOState = ATA_AIO_DMA;
4724 /* If BMDMA is already started, do the transfer now. */
4725 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4726 {
4727 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4728 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4729 }
4730 }
4731 else
4732 {
4733 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4734 /* Finish DMA transfer. */
4735 ataDMATransferStop(s);
4736 ataSetIRQ(s);
4737 pCtl->uAsyncIOState = ATA_AIO_NEW;
4738 }
4739 }
4740 else
4741 {
4742 if (s->cbTotalTransfer)
4743 {
4744 ataPIOTransfer(pCtl);
4745 Assert(!pCtl->fRedo);
4746 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4747 ataSetIRQ(s);
4748
4749 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4750 {
4751 /* Write operations and not yet finished transfers
4752 * must be completed in the async I/O thread. */
4753 pCtl->uAsyncIOState = ATA_AIO_PIO;
4754 }
4755 else
4756 {
4757 /* Finished read operation can be handled inline
4758 * in the end of PIO transfer handling code. Linux
4759 * depends on this, as it waits only briefly for
4760 * devices to become ready after incoming data
4761 * transfer. Cannot find anything in the ATA spec
4762 * that backs this assumption, but as all kernels
4763 * are affected (though most of the time it does
4764 * not cause any harm) this must work. */
4765 pCtl->uAsyncIOState = ATA_AIO_NEW;
4766 }
4767 }
4768 else
4769 {
4770 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4771 /* Finish PIO transfer. */
4772 ataPIOTransfer(pCtl);
4773 Assert(!pCtl->fRedo);
4774 if (!s->fATAPITransfer)
4775 ataSetIRQ(s);
4776 pCtl->uAsyncIOState = ATA_AIO_NEW;
4777 }
4778 }
4779 break;
4780
4781 case ATA_AIO_DMA:
4782 {
4783 BMDMAState *bm = &pCtl->BmDma;
4784 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4785 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4786
4787 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4788 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4789 else
4790 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4791
4792 if (RT_LIKELY(!pCtl->fRedo))
4793 {
4794 /* The specs say that the descriptor table must not cross a
4795 * 4K boundary. */
4796 pCtl->pFirstDMADesc = bm->pvAddr;
4797 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4798 }
4799 ataDMATransfer(pCtl);
4800
4801 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
4802 {
4803 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4804 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4805 break;
4806 }
4807
4808 /* The infamous delay IRQ hack. */
4809 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4810 && s->cbTotalTransfer == 0
4811 && pCtl->DelayIRQMillies)
4812 {
4813 /* Delay IRQ for writing. Required to get the Win2K
4814 * installation work reliably (otherwise it crashes,
4815 * usually during component install). So far no better
4816 * solution has been found. */
4817 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4818 PDMCritSectLeave(&pCtl->lock);
4819 RTThreadSleep(pCtl->DelayIRQMillies);
4820 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4821 }
4822
4823 ataUnsetStatus(s, ATA_STAT_DRQ);
4824 Assert(!pCtl->fChainedTransfer);
4825 Assert(s->iSourceSink == ATAFN_SS_NULL);
4826 if (s->fATAPITransfer)
4827 {
4828 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4829 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4830 s->fATAPITransfer = false;
4831 }
4832 ataSetIRQ(s);
4833 pCtl->uAsyncIOState = ATA_AIO_NEW;
4834 break;
4835 }
4836
4837 case ATA_AIO_PIO:
4838 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4839
4840 if (s->iSourceSink != ATAFN_SS_NULL)
4841 {
4842 bool fRedo;
4843 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4844 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4845 pCtl->fRedo = fRedo;
4846 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4847 {
4848 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4849 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4850 ataSuspendRedo(pCtl);
4851 break;
4852 }
4853 s->iIOBufferCur = 0;
4854 s->iIOBufferEnd = s->cbElementaryTransfer;
4855 }
4856 else
4857 {
4858 /* Continue a previously started transfer. */
4859 ataUnsetStatus(s, ATA_STAT_BUSY);
4860 ataSetStatus(s, ATA_STAT_READY);
4861 }
4862
4863 /* It is possible that the drives on this controller get RESET
4864 * during the above call to the source/sink function. If that's
4865 * the case, don't restart the transfer and don't finish it the
4866 * usual way. RESET handling took care of all that already.
4867 * Most important: do not change uAsyncIOState. */
4868 if (pCtl->fReset)
4869 break;
4870
4871 if (s->cbTotalTransfer)
4872 {
4873 ataPIOTransfer(pCtl);
4874 ataSetIRQ(s);
4875
4876 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4877 {
4878 /* Write operations and not yet finished transfers
4879 * must be completed in the async I/O thread. */
4880 pCtl->uAsyncIOState = ATA_AIO_PIO;
4881 }
4882 else
4883 {
4884 /* Finished read operation can be handled inline
4885 * in the end of PIO transfer handling code. Linux
4886 * depends on this, as it waits only briefly for
4887 * devices to become ready after incoming data
4888 * transfer. Cannot find anything in the ATA spec
4889 * that backs this assumption, but as all kernels
4890 * are affected (though most of the time it does
4891 * not cause any harm) this must work. */
4892 pCtl->uAsyncIOState = ATA_AIO_NEW;
4893 }
4894 }
4895 else
4896 {
4897 /* Finish PIO transfer. */
4898 ataPIOTransfer(pCtl);
4899 if ( !pCtl->fChainedTransfer
4900 && !s->fATAPITransfer
4901 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4902 {
4903 ataSetIRQ(s);
4904 }
4905 pCtl->uAsyncIOState = ATA_AIO_NEW;
4906 }
4907 break;
4908
4909 case ATA_AIO_RESET_ASSERTED:
4910 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4911 ataPIOTransferStop(&pCtl->aIfs[0]);
4912 ataPIOTransferStop(&pCtl->aIfs[1]);
4913 /* Do not change the DMA registers, they are not affected by the
4914 * ATA controller reset logic. It should be sufficient to issue a
4915 * new command, which is now possible as the state is cleared. */
4916 break;
4917
4918 case ATA_AIO_RESET_CLEARED:
4919 pCtl->uAsyncIOState = ATA_AIO_NEW;
4920 pCtl->fReset = false;
4921 /* Ensure that half-completed transfers are not redone. A reset
4922 * cancels the entire transfer, so continuing is wrong. */
4923 pCtl->fRedo = false;
4924 pCtl->fRedoDMALastDesc = false;
4925 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4926 ATACONTROLLER_IDX(pCtl)));
4927 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4928 {
4929 if (pCtl->aIfs[i].fATAPI)
4930 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4931 else
4932 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4933 ataSetSignature(&pCtl->aIfs[i]);
4934 }
4935 break;
4936
4937 case ATA_AIO_ABORT:
4938 /* Abort the current command only if it operates on the same interface. */
4939 if (pCtl->iAIOIf == pReq->u.a.iIf)
4940 {
4941 s = &pCtl->aIfs[pCtl->iAIOIf];
4942
4943 pCtl->uAsyncIOState = ATA_AIO_NEW;
4944 /* Do not change the DMA registers, they are not affected by the
4945 * ATA controller reset logic. It should be sufficient to issue a
4946 * new command, which is now possible as the state is cleared. */
4947 if (pReq->u.a.fResetDrive)
4948 {
4949 ataResetDevice(s);
4950 ataExecuteDeviceDiagnosticSS(s);
4951 }
4952 else
4953 {
4954 /* Stop any pending DMA transfer. */
4955 s->fDMA = false;
4956 ataPIOTransferStop(s);
4957 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4958 ataSetStatus(s, ATA_STAT_READY);
4959 ataSetIRQ(s);
4960 }
4961 }
4962 break;
4963
4964 default:
4965 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4966 }
4967
4968 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4969 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4970
4971 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4972 {
4973#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4974 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4975#endif /* DEBUG || VBOX_WITH_STATISTICS */
4976
4977 u64TS = RTTimeNanoTS() - u64TS;
4978 uWait = u64TS / 1000;
4979 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4980 /* Mark command as finished. */
4981 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4982
4983 /*
4984 * Release logging of command execution times depends on the
4985 * command type. ATAPI commands often take longer (due to CD/DVD
4986 * spin up time etc.) so the threshold is different.
4987 */
4988 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4989 {
4990 if (uWait > 8 * 1000 * 1000)
4991 {
4992 /*
4993 * Command took longer than 8 seconds. This is close
4994 * enough or over the guest's command timeout, so place
4995 * an entry in the release log to allow tracking such
4996 * timing errors (which are often caused by the host).
4997 */
4998 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
4999 }
5000 }
5001 else
5002 {
5003 if (uWait > 20 * 1000 * 1000)
5004 {
5005 /*
5006 * Command took longer than 20 seconds. This is close
5007 * enough or over the guest's command timeout, so place
5008 * an entry in the release log to allow tracking such
5009 * timing errors (which are often caused by the host).
5010 */
5011 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5012 }
5013 }
5014
5015#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5016 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5017 pCtl->StatAsyncMinWait = uWait;
5018 if (uWait > pCtl->StatAsyncMaxWait)
5019 pCtl->StatAsyncMaxWait = uWait;
5020
5021 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5022 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5023#endif /* DEBUG || VBOX_WITH_STATISTICS */
5024 }
5025
5026 PDMCritSectLeave(&pCtl->lock);
5027 }
5028
5029 /* Signal the ultimate idleness. */
5030 RTThreadUserSignal(pCtl->AsyncIOThread);
5031 if (pCtl->fSignalIdle)
5032 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5033
5034 /* Cleanup the state. */
5035 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5036 pCtl->fShutdown = false;
5037
5038 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5039 return rc;
5040}
5041
5042#endif /* IN_RING3 */
5043
5044static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5045{
5046 uint32_t val = pCtl->BmDma.u8Cmd;
5047 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5048 return val;
5049}
5050
5051
5052static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5053{
5054 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5055 if (!(val & BM_CMD_START))
5056 {
5057 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5058 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5059 }
5060 else
5061 {
5062#ifdef IN_RING3
5063 /* Check whether the guest OS wants to change DMA direction in
5064 * mid-flight. Not allowed, according to the PIIX3 specs. */
5065 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5066 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5067 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5068 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5069
5070 /* Do not continue DMA transfers while the RESET line is asserted. */
5071 if (pCtl->fReset)
5072 {
5073 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5074 return;
5075 }
5076
5077 /* Do not start DMA transfers if there's a PIO transfer going on,
5078 * or if there is already a transfer started on this controller. */
5079 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5080 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5081 return;
5082
5083 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5084 {
5085 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5086 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5087 }
5088#else /* !IN_RING3 */
5089 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5090#endif /* IN_RING3 */
5091 }
5092}
5093
5094static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5095{
5096 uint32_t val = pCtl->BmDma.u8Status;
5097 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5098 return val;
5099}
5100
5101static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5102{
5103 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5104 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5105 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5106 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5107}
5108
5109static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5110{
5111 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5112 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5113 return val;
5114}
5115
5116static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5117{
5118 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5119 pCtl->BmDma.pvAddr = val & ~3;
5120}
5121
5122static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5123{
5124 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5125 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5126
5127}
5128
5129static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5130{
5131 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5132 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5133}
5134
5135#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5136
5137/**
5138 * Port I/O Handler for bus master DMA IN operations.
5139 * @see FNIOMIOPORTIN for details.
5140 */
5141PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5142{
5143 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5144 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5145 PATACONTROLLER pCtl = &pThis->aCts[i];
5146 int rc;
5147
5148 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5149 if (rc != VINF_SUCCESS)
5150 return rc;
5151 switch (VAL(Port, cb))
5152 {
5153 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5154 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5155 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5156 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5157 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5158 case VAL(0, 4):
5159 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5160 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5161 break;
5162 default:
5163 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5164 PDMCritSectLeave(&pCtl->lock);
5165 return VERR_IOM_IOPORT_UNUSED;
5166 }
5167 PDMCritSectLeave(&pCtl->lock);
5168 return rc;
5169}
5170
5171/**
5172 * Port I/O Handler for bus master DMA OUT operations.
5173 * @see FNIOMIOPORTOUT for details.
5174 */
5175PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5176{
5177 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5178 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5179 PATACONTROLLER pCtl = &pThis->aCts[i];
5180 int rc;
5181
5182 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5183 if (rc != VINF_SUCCESS)
5184 return rc;
5185 switch (VAL(Port, cb))
5186 {
5187 case VAL(0, 1):
5188#ifndef IN_RING3
5189 if (u32 & BM_CMD_START)
5190 {
5191 rc = VINF_IOM_HC_IOPORT_WRITE;
5192 break;
5193 }
5194#endif /* !IN_RING3 */
5195 ataBMDMACmdWriteB(pCtl, Port, u32);
5196 break;
5197 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5198 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5199 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5200 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5201 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5202 }
5203 PDMCritSectLeave(&pCtl->lock);
5204 return rc;
5205}
5206
5207#undef VAL
5208
5209#ifdef IN_RING3
5210
5211/**
5212 * Callback function for mapping an PCI I/O region.
5213 *
5214 * @return VBox status code.
5215 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5216 * @param iRegion The region number.
5217 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5218 * I/O port, else it's a physical address.
5219 * This address is *NOT* relative to pci_mem_base like earlier!
5220 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5221 */
5222static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5223{
5224 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5225 int rc = VINF_SUCCESS;
5226 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5227 Assert(iRegion == 4);
5228 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5229
5230 /* Register the port range. */
5231 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5232 {
5233 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5234 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5235 AssertRC(rc2);
5236 if (rc2 < rc)
5237 rc = rc2;
5238
5239 if (pThis->fGCEnabled)
5240 {
5241 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5242 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5243 AssertRC(rc2);
5244 if (rc2 < rc)
5245 rc = rc2;
5246 }
5247 if (pThis->fR0Enabled)
5248 {
5249 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5250 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5251 AssertRC(rc2);
5252 if (rc2 < rc)
5253 rc = rc2;
5254 }
5255 }
5256 return rc;
5257}
5258
5259
5260/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5261
5262/**
5263 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5264 */
5265static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5266{
5267 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5268 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5269 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5270 return NULL;
5271}
5272
5273
5274/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5275
5276/**
5277 * Gets the pointer to the status LED of a unit.
5278 *
5279 * @returns VBox status code.
5280 * @param pInterface Pointer to the interface structure containing the called function pointer.
5281 * @param iLUN The unit which status LED we desire.
5282 * @param ppLed Where to store the LED pointer.
5283 */
5284static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5285{
5286 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5287 if (iLUN < 4)
5288 {
5289 switch (iLUN)
5290 {
5291 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5292 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5293 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5294 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5295 }
5296 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5297 return VINF_SUCCESS;
5298 }
5299 return VERR_PDM_LUN_NOT_FOUND;
5300}
5301
5302
5303/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5304
5305/**
5306 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5307 */
5308static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5309{
5310 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5311 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5312 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5313 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5314 return NULL;
5315}
5316
5317#endif /* IN_RING3 */
5318
5319
5320/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5321
5322/**
5323 * Port I/O Handler for primary port range OUT operations.
5324 * @see FNIOMIOPORTOUT for details.
5325 */
5326PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5327{
5328 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5329 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5330 PATACONTROLLER pCtl = &pThis->aCts[i];
5331 int rc = VINF_SUCCESS;
5332
5333 Assert(i < 2);
5334
5335 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5336 if (rc != VINF_SUCCESS)
5337 return rc;
5338 if (cb == 1)
5339 rc = ataIOPortWriteU8(pCtl, Port, u32);
5340 else if (Port == pCtl->IOPortBase1)
5341 {
5342 Assert(cb == 2 || cb == 4);
5343 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5344 }
5345 else
5346 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5347 PDMCritSectLeave(&pCtl->lock);
5348 return rc;
5349}
5350
5351
5352/**
5353 * Port I/O Handler for primary port range IN operations.
5354 * @see FNIOMIOPORTIN for details.
5355 */
5356PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5357{
5358 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5359 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5360 PATACONTROLLER pCtl = &pThis->aCts[i];
5361 int rc = VINF_SUCCESS;
5362
5363 Assert(i < 2);
5364
5365 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5366 if (rc != VINF_SUCCESS)
5367 return rc;
5368 if (cb == 1)
5369 {
5370 rc = ataIOPortReadU8(pCtl, Port, pu32);
5371 }
5372 else if (Port == pCtl->IOPortBase1)
5373 {
5374 Assert(cb == 2 || cb == 4);
5375 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5376 if (cb == 2)
5377 *pu32 &= 0xffff;
5378 }
5379 else
5380 {
5381 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5382 rc = VERR_IOM_IOPORT_UNUSED;
5383 }
5384 PDMCritSectLeave(&pCtl->lock);
5385 return rc;
5386}
5387
5388#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5389/**
5390 * Port I/O Handler for primary port range IN string operations.
5391 * @see FNIOMIOPORTINSTRING for details.
5392 */
5393PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5394{
5395 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5396 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5397 PATACONTROLLER pCtl = &pThis->aCts[i];
5398 int rc = VINF_SUCCESS;
5399
5400 Assert(i < 2);
5401
5402 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5403 if (rc != VINF_SUCCESS)
5404 return rc;
5405 if (Port == pCtl->IOPortBase1)
5406 {
5407 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5408 RTGCPTR GCDst = *pGCPtrDst;
5409 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5410 Assert(cb == 2 || cb == 4);
5411
5412 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5413#ifndef IN_RING3
5414 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5415 if (!cTransAvailable)
5416 {
5417 PDMCritSectLeave(&pCtl->lock);
5418 return VINF_IOM_HC_IOPORT_READ;
5419 }
5420 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5421 cTransAvailable--;
5422#endif /* !IN_RING3 */
5423 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5424 * They are not performance-critical and generally shouldn't occur at all. */
5425 if (cTransAvailable > cTransfer)
5426 cTransAvailable = cTransfer;
5427 cbTransfer = cTransAvailable * cb;
5428
5429 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5430 Assert(rc == VINF_SUCCESS);
5431
5432 if (cbTransfer)
5433 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5434 s->iIOBufferPIODataStart += cbTransfer;
5435 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5436 *pcTransfer = cTransfer - cTransAvailable;
5437#ifdef IN_RING3
5438 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5439 ataPIOTransferFinish(pCtl, s);
5440#endif /* IN_RING3 */
5441 }
5442 PDMCritSectLeave(&pCtl->lock);
5443 return rc;
5444}
5445
5446
5447/**
5448 * Port I/O Handler for primary port range OUT string operations.
5449 * @see FNIOMIOPORTOUTSTRING for details.
5450 */
5451PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5452{
5453 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5454 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5455 PATACONTROLLER pCtl = &pThis->aCts[i];
5456 int rc;
5457
5458 Assert(i < 2);
5459
5460 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5461 if (rc != VINF_SUCCESS)
5462 return rc;
5463 if (Port == pCtl->IOPortBase1)
5464 {
5465 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5466 RTGCPTR GCSrc = *pGCPtrSrc;
5467 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5468 Assert(cb == 2 || cb == 4);
5469
5470 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5471#ifndef IN_RING3
5472 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5473 if (!cTransAvailable)
5474 {
5475 PDMCritSectLeave(&pCtl->lock);
5476 return VINF_IOM_HC_IOPORT_WRITE;
5477 }
5478 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5479 cTransAvailable--;
5480#endif /* !IN_RING3 */
5481 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5482 * They are not performance-critical and generally shouldn't occur at all. */
5483 if (cTransAvailable > cTransfer)
5484 cTransAvailable = cTransfer;
5485 cbTransfer = cTransAvailable * cb;
5486
5487 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5488 Assert(rc == VINF_SUCCESS);
5489
5490 if (cbTransfer)
5491 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5492 s->iIOBufferPIODataStart += cbTransfer;
5493 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5494 *pcTransfer = cTransfer - cTransAvailable;
5495#ifdef IN_RING3
5496 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5497 ataPIOTransferFinish(pCtl, s);
5498#endif /* IN_RING3 */
5499 }
5500 PDMCritSectLeave(&pCtl->lock);
5501 return rc;
5502}
5503#endif /* !IN_RING0 */
5504
5505/**
5506 * Port I/O Handler for secondary port range OUT operations.
5507 * @see FNIOMIOPORTOUT for details.
5508 */
5509PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5510{
5511 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5512 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5513 PATACONTROLLER pCtl = &pThis->aCts[i];
5514 int rc;
5515
5516 Assert(i < 2);
5517
5518 if (cb != 1)
5519 return VINF_SUCCESS;
5520 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5521 if (rc != VINF_SUCCESS)
5522 return rc;
5523 rc = ataControlWrite(pCtl, Port, u32);
5524 PDMCritSectLeave(&pCtl->lock);
5525 return rc;
5526}
5527
5528
5529/**
5530 * Port I/O Handler for secondary port range IN operations.
5531 * @see FNIOMIOPORTIN for details.
5532 */
5533PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5534{
5535 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5536 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5537 PATACONTROLLER pCtl = &pThis->aCts[i];
5538 int rc;
5539
5540 Assert(i < 2);
5541
5542 if (cb != 1)
5543 return VERR_IOM_IOPORT_UNUSED;
5544
5545 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5546 if (rc != VINF_SUCCESS)
5547 return rc;
5548 *pu32 = ataStatusRead(pCtl, Port);
5549 PDMCritSectLeave(&pCtl->lock);
5550 return VINF_SUCCESS;
5551}
5552
5553#ifdef IN_RING3
5554
5555
5556DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5557{
5558 if (s->pbIOBufferR3)
5559 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5560}
5561
5562
5563/**
5564 * @copydoc FNPDMDEVRELOCATE
5565 */
5566static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5567{
5568 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5569
5570 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5571 {
5572 pThis->aCts[i].pDevInsRC += offDelta;
5573 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5574 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5575 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5576 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5577 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5578 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5579 }
5580}
5581
5582
5583/**
5584 * Destroy a driver instance.
5585 *
5586 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5587 * resources can be freed correctly.
5588 *
5589 * @param pDevIns The device instance data.
5590 */
5591static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5592{
5593 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5594 int rc;
5595
5596 Log(("ataR3Destruct\n"));
5597 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
5598
5599 /*
5600 * Tell the async I/O threads to terminate.
5601 */
5602 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5603 {
5604 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5605 {
5606 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5607 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5608 AssertRC(rc);
5609 }
5610 }
5611
5612 /*
5613 * Wait for the threads to terminate before destroying their resources.
5614 */
5615 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5616 {
5617 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5618 {
5619 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5620 if (RT_SUCCESS(rc))
5621 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5622 else
5623 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5624 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5625 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5626 }
5627 }
5628
5629 /*
5630 * Free resources.
5631 */
5632 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5633 {
5634 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5635 {
5636 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5637 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5638 }
5639 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5640 {
5641 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5642 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5643 }
5644 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5645 {
5646 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5647 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5648 }
5649
5650 /* try one final time */
5651 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5652 {
5653 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5654 if (RT_SUCCESS(rc))
5655 {
5656 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5657 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5658 }
5659 }
5660 }
5661
5662 return VINF_SUCCESS;
5663}
5664
5665
5666/**
5667 * Detach notification.
5668 *
5669 * The DVD drive has been unplugged.
5670 *
5671 * @param pDevIns The device instance.
5672 * @param iLUN The logical unit which is being detached.
5673 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5674 */
5675static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5676{
5677 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5678 PATACONTROLLER pCtl;
5679 ATADevState *pIf;
5680 unsigned iController;
5681 unsigned iInterface;
5682
5683 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5684 ("PIIX3IDE: Device does not support hotplugging\n"));
5685
5686 /*
5687 * Locate the controller and stuff.
5688 */
5689 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5690 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5691 pCtl = &pThis->aCts[iController];
5692
5693 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5694 pIf = &pCtl->aIfs[iInterface];
5695
5696 /*
5697 * Zero some important members.
5698 */
5699 pIf->pDrvBase = NULL;
5700 pIf->pDrvBlock = NULL;
5701 pIf->pDrvBlockBios = NULL;
5702 pIf->pDrvMount = NULL;
5703
5704 /*
5705 * In case there was a medium inserted.
5706 */
5707 ataMediumRemoved(pIf);
5708}
5709
5710
5711/**
5712 * Configure a LUN.
5713 *
5714 * @returns VBox status code.
5715 * @param pDevIns The device instance.
5716 * @param pIf The ATA unit state.
5717 */
5718static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5719{
5720 int rc = VINF_SUCCESS;
5721 PDMBLOCKTYPE enmType;
5722
5723 /*
5724 * Query Block, Bios and Mount interfaces.
5725 */
5726 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5727 if (!pIf->pDrvBlock)
5728 {
5729 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5730 return VERR_PDM_MISSING_INTERFACE;
5731 }
5732
5733 /** @todo implement the BIOS invisible code path. */
5734 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5735 if (!pIf->pDrvBlockBios)
5736 {
5737 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5738 return VERR_PDM_MISSING_INTERFACE;
5739 }
5740 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5741
5742 /*
5743 * Validate type.
5744 */
5745 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5746 if ( enmType != PDMBLOCKTYPE_CDROM
5747 && enmType != PDMBLOCKTYPE_DVD
5748 && enmType != PDMBLOCKTYPE_HARD_DISK)
5749 {
5750 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5751 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5752 }
5753 if ( ( enmType == PDMBLOCKTYPE_DVD
5754 || enmType == PDMBLOCKTYPE_CDROM)
5755 && !pIf->pDrvMount)
5756 {
5757 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5758 return VERR_INTERNAL_ERROR;
5759 }
5760 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5761 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5762
5763 /*
5764 * Allocate I/O buffer.
5765 */
5766 PVM pVM = PDMDevHlpGetVM(pDevIns);
5767 if (pIf->cbIOBuffer)
5768 {
5769 /* Buffer is (probably) already allocated. Validate the fields,
5770 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5771 if (pIf->fATAPI)
5772 AssertRelease(pIf->cbIOBuffer == _128K);
5773 else
5774 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5775 Assert(pIf->pbIOBufferR3);
5776 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5777 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5778 }
5779 else
5780 {
5781 if (pIf->fATAPI)
5782 pIf->cbIOBuffer = _128K;
5783 else
5784 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5785 Assert(!pIf->pbIOBufferR3);
5786 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5787 if (RT_FAILURE(rc))
5788 return VERR_NO_MEMORY;
5789 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5790 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5791 }
5792
5793 /*
5794 * Init geometry (only for non-CD/DVD media).
5795 */
5796 if (pIf->fATAPI)
5797 {
5798 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5799 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5800 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5801 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5802 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5803 }
5804 else
5805 {
5806 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5807 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5808 &pIf->PCHSGeometry);
5809 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5810 {
5811 pIf->PCHSGeometry.cCylinders = 0;
5812 pIf->PCHSGeometry.cHeads = 16; /*??*/
5813 pIf->PCHSGeometry.cSectors = 63; /*??*/
5814 }
5815 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5816 {
5817 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5818 rc = VINF_SUCCESS;
5819 }
5820 AssertRC(rc);
5821
5822 if ( pIf->PCHSGeometry.cCylinders == 0
5823 || pIf->PCHSGeometry.cHeads == 0
5824 || pIf->PCHSGeometry.cSectors == 0
5825 )
5826 {
5827 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5828 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5829 pIf->PCHSGeometry.cHeads = 16;
5830 pIf->PCHSGeometry.cSectors = 63;
5831 /* Set the disk geometry information. Ignore errors. */
5832 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5833 &pIf->PCHSGeometry);
5834 rc = VINF_SUCCESS;
5835 }
5836 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5837 }
5838 return rc;
5839}
5840
5841
5842/**
5843 * Attach command.
5844 *
5845 * This is called when we change block driver for the DVD drive.
5846 *
5847 * @returns VBox status code.
5848 * @param pDevIns The device instance.
5849 * @param iLUN The logical unit which is being detached.
5850 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5851 */
5852static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5853{
5854 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5855 PATACONTROLLER pCtl;
5856 ATADevState *pIf;
5857 int rc;
5858 unsigned iController;
5859 unsigned iInterface;
5860
5861 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5862 ("PIIX3IDE: Device does not support hotplugging\n"),
5863 VERR_INVALID_PARAMETER);
5864
5865 /*
5866 * Locate the controller and stuff.
5867 */
5868 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5869 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5870 pCtl = &pThis->aCts[iController];
5871
5872 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5873 pIf = &pCtl->aIfs[iInterface];
5874
5875 /* the usual paranoia */
5876 AssertRelease(!pIf->pDrvBase);
5877 AssertRelease(!pIf->pDrvBlock);
5878 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5879 Assert(pIf->iLUN == iLUN);
5880
5881 /*
5882 * Try attach the block device and get the interfaces,
5883 * required as well as optional.
5884 */
5885 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5886 if (RT_SUCCESS(rc))
5887 {
5888 rc = ataConfigLun(pDevIns, pIf);
5889 /*
5890 * In case there is a medium inserted.
5891 */
5892 ataMediumInserted(pIf);
5893 }
5894 else
5895 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5896
5897 if (RT_FAILURE(rc))
5898 {
5899 pIf->pDrvBase = NULL;
5900 pIf->pDrvBlock = NULL;
5901 }
5902 return rc;
5903}
5904
5905
5906/**
5907 * Resume notification.
5908 *
5909 * @returns VBox status.
5910 * @param pDevIns The device instance data.
5911 */
5912static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
5913{
5914 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5915 int rc;
5916
5917 Log(("%s:\n", __FUNCTION__));
5918 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5919 {
5920 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5921 {
5922 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5923 AssertRC(rc);
5924 }
5925 }
5926 return;
5927}
5928
5929
5930/**
5931 * Checks if all (both) the async I/O threads have quiesced.
5932 *
5933 * @returns true on success.
5934 * @returns false when one or more threads is still processing.
5935 * @param pThis Pointer to the instance data.
5936 */
5937static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
5938{
5939 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5940
5941 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5942 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5943 {
5944 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
5945 if (!fRc)
5946 {
5947 /* Make it signal PDM & itself when its done */
5948 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
5949 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
5950 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
5951 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
5952 if (!fRc)
5953 {
5954#if 0 /** @todo Need to do some time tracking here... */
5955 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5956 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5957 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
5958#endif
5959 return false;
5960 }
5961 }
5962 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
5963 }
5964 return true;
5965}
5966
5967
5968/**
5969 * Callback employed by ataSuspend and ataR3PowerOff.
5970 *
5971 * @returns true if we've quiesced, false if we're still working.
5972 * @param pDevIns The device instance.
5973 */
5974static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
5975{
5976 return ataR3AllAsyncIOIsIdle(pDevIns);
5977}
5978
5979
5980/**
5981 * Common worker for ataSuspend and ataR3PowerOff.
5982 */
5983static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
5984{
5985 if (!ataR3AllAsyncIOIsIdle(pDevIns))
5986 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
5987}
5988
5989
5990/**
5991 * Power Off notification.
5992 *
5993 * @returns VBox status.
5994 * @param pDevIns The device instance data.
5995 */
5996static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
5997{
5998 Log(("%s:\n", __FUNCTION__));
5999 ataR3SuspendOrPowerOff(pDevIns);
6000}
6001
6002
6003/**
6004 * Suspend notification.
6005 *
6006 * @returns VBox status.
6007 * @param pDevIns The device instance data.
6008 */
6009static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6010{
6011 Log(("%s:\n", __FUNCTION__));
6012 ataR3SuspendOrPowerOff(pDevIns);
6013}
6014
6015
6016/**
6017 * Callback employed by ataR3Reset.
6018 *
6019 * @returns true if we've quiesced, false if we're still working.
6020 * @param pDevIns The device instance.
6021 */
6022static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6023{
6024 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6025
6026 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6027 return false;
6028
6029 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6030 {
6031 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6032 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6033 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6034 PDMCritSectLeave(&pThis->aCts[i].lock);
6035 }
6036 return true;
6037}
6038
6039
6040/**
6041 * Common reset worker for ataR3Reset and ataR3Construct.
6042 *
6043 * @returns VBox status.
6044 * @param pDevIns The device instance data.
6045 * @param fConstruct Indicates who is calling.
6046 */
6047static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6048{
6049 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6050
6051 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6052 {
6053 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6054
6055 pThis->aCts[i].iSelectedIf = 0;
6056 pThis->aCts[i].iAIOIf = 0;
6057 pThis->aCts[i].BmDma.u8Cmd = 0;
6058 /* Report that both drives present on the bus are in DMA mode. This
6059 * pretends that there is a BIOS that has set it up. Normal reset
6060 * default is 0x00. */
6061 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6062 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6063 pThis->aCts[i].BmDma.pvAddr = 0;
6064
6065 pThis->aCts[i].fReset = true;
6066 pThis->aCts[i].fRedo = false;
6067 pThis->aCts[i].fRedoIdle = false;
6068 ataAsyncIOClearRequests(&pThis->aCts[i]);
6069 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6070 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6071 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6072
6073 PDMCritSectLeave(&pThis->aCts[i].lock);
6074 }
6075
6076 int rcRet = VINF_SUCCESS;
6077 if (!fConstruct)
6078 {
6079 /*
6080 * Setup asynchronous notification compmletion if the requests haven't
6081 * completed yet.
6082 */
6083 if (!ataR3IsAsyncResetDone(pDevIns))
6084 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6085 }
6086 else
6087 {
6088 /*
6089 * Wait for the requests for complete.
6090 *
6091 * Would be real nice if we could do it all from EMT(0) and not
6092 * involve the worker threads, then we could dispense with all the
6093 * waiting and semaphore ping-pong here...
6094 */
6095 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6096 {
6097 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6098 {
6099 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6100 AssertRC(rc);
6101
6102 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6103 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6104 AssertRC(rc);
6105
6106 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6107 AssertRC(rc);
6108
6109 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6110 {
6111 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6112 if (RT_FAILURE(rc))
6113 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6114 if (RT_FAILURE(rc))
6115 {
6116 AssertRC(rc);
6117 rcRet = rc;
6118 }
6119 }
6120 }
6121 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6122 }
6123 if (RT_SUCCESS(rcRet))
6124 {
6125 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6126 AssertRC(rcRet);
6127 }
6128 }
6129 return rcRet;
6130}
6131
6132
6133/**
6134 * Reset notification.
6135 *
6136 * @param pDevIns The device instance data.
6137 */
6138static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6139{
6140 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6141}
6142
6143
6144/**
6145 * Prepare state save and load operation.
6146 *
6147 * @returns VBox status code.
6148 * @param pDevIns Device instance of the device which registered the data unit.
6149 * @param pSSM SSM operation handle.
6150 */
6151static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6152{
6153 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6154
6155 /* sanity - the suspend notification will wait on the async stuff. */
6156 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6157 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6158 ("i=%u\n", i),
6159 VERR_SSM_IDE_ASYNC_TIMEOUT);
6160 return VINF_SUCCESS;
6161}
6162
6163/**
6164 * @copydoc FNSSMDEVLIVEEXEC
6165 */
6166static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6167{
6168 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6169
6170 SSMR3PutU8(pSSM, pThis->u8Type);
6171 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6172 {
6173 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6174 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6175 {
6176 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6177 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6178 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6179 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6180 }
6181 }
6182
6183 return VINF_SSM_DONT_CALL_AGAIN;
6184}
6185
6186
6187/**
6188 * @copydoc FNSSMDEVSAVEEXEC
6189 */
6190static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6191{
6192 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6193
6194 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6195
6196 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6197 {
6198 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6199 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6200 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6201 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6202 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6203 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6204 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6205 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6206 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6207 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6208 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6209 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6210 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6211
6212 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6213 {
6214 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6215 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6216 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6217 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6218 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6219 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6220 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6221 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6222 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6223 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6224 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6225 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6226 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6227 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6228 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6229 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6230 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6231 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6232 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6233 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6234 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6235 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6236 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6237 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6238 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6239 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6240 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6241 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6242 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6243 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6244 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6245 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6246 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6247 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6248 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6249 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6250 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6251 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6252 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6253 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6254 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6255 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6256 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6257 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6258 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6259 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6260 else
6261 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6262 }
6263 }
6264
6265 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6266}
6267
6268/**
6269 * Converts the LUN number into a message string.
6270 */
6271static const char *ataStringifyLun(unsigned iLun)
6272{
6273 switch (iLun)
6274 {
6275 case 0: return "primary master";
6276 case 1: return "primary slave";
6277 case 2: return "secondary master";
6278 case 3: return "secondary slave";
6279 default: AssertFailedReturn("unknown lun");
6280 }
6281}
6282
6283/**
6284 * FNSSMDEVLOADEXEC
6285 */
6286static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6287{
6288 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6289 int rc;
6290 uint32_t u32;
6291
6292 if ( uVersion != ATA_SAVED_STATE_VERSION
6293 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6294 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6295 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6296 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6297 {
6298 AssertMsgFailed(("uVersion=%d\n", uVersion));
6299 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6300 }
6301
6302 /*
6303 * Verify the configuration.
6304 */
6305 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6306 {
6307 uint8_t u8Type;
6308 rc = SSMR3GetU8(pSSM, &u8Type);
6309 AssertRCReturn(rc, rc);
6310 if (u8Type != pThis->u8Type)
6311 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6312
6313 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6314 {
6315 bool fEnabled;
6316 rc = SSMR3GetBool(pSSM, &fEnabled);
6317 AssertRCReturn(rc, rc);
6318 if (!fEnabled)
6319 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6320
6321 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6322 {
6323 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6324
6325 bool fInUse;
6326 rc = SSMR3GetBool(pSSM, &fInUse);
6327 AssertRCReturn(rc, rc);
6328 if (fInUse != (pIf->pDrvBase != NULL))
6329 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6330 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6331 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6332
6333 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6334 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6335 AssertRCReturn(rc, rc);
6336 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6337 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6338 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6339
6340 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6341 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6342 AssertRCReturn(rc, rc);
6343 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6344 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6345 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6346
6347 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6348 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6349 AssertRCReturn(rc, rc);
6350 if (strcmp(szModelNumber, pIf->szModelNumber))
6351 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6352 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6353 }
6354 }
6355 }
6356 if (uPass != SSM_PASS_FINAL)
6357 return VINF_SUCCESS;
6358
6359 /*
6360 * Restore valid parts of the PCIATAState structure
6361 */
6362 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6363 {
6364 /* integrity check */
6365 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6366 {
6367 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6368 return VERR_INTERNAL_ERROR_4;
6369 }
6370
6371 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6372 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6373 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6374 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6375 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6376 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6377 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6378 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6379 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6380 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6381 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6382 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6383 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6384
6385 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6386 {
6387 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6388 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6389 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6390 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6391 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6392 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6393 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6394 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6395 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6396 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6397 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6398 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6399 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6400 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6401 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6402 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6403 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6404 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6405 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6406 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6407 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6408 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6409 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6410 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6411 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6412 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6413 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6414 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6415 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6416 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6417 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6418 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6419 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6420 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6421 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6422 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6423 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6424 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6425 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6426 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6427 {
6428 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6429 }
6430 else
6431 {
6432 uint8_t uATAPISenseKey, uATAPIASC;
6433 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6434 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6435 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6436 SSMR3GetU8(pSSM, &uATAPISenseKey);
6437 SSMR3GetU8(pSSM, &uATAPIASC);
6438 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6439 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6440 }
6441 /** @todo triple-check this hack after passthrough is working */
6442 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6443 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6444 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6445 else
6446 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6447 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6448 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6449 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6450 {
6451 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6452 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6453 else
6454 {
6455 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6456 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6457 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6458
6459 /* skip the buffer if we're loading for the debugger / animator. */
6460 uint8_t u8Ignored;
6461 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6462 while (cbLeft-- > 0)
6463 SSMR3GetU8(pSSM, &u8Ignored);
6464 }
6465 }
6466 else
6467 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6468 }
6469 }
6470 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6471 SSMR3GetU8(pSSM, &pThis->u8Type);
6472
6473 rc = SSMR3GetU32(pSSM, &u32);
6474 if (RT_FAILURE(rc))
6475 return rc;
6476 if (u32 != ~0U)
6477 {
6478 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6479 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6480 return rc;
6481 }
6482
6483 return VINF_SUCCESS;
6484}
6485
6486/**
6487 * Convert config value to DEVPCBIOSBOOT.
6488 *
6489 * @returns VBox status code.
6490 * @param pDevIns The device instance data.
6491 * @param pCfg Configuration handle.
6492 * @param penmChipset Where to store the chipset type.
6493 */
6494static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
6495{
6496 char szType[20];
6497
6498 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
6499 if (RT_FAILURE(rc))
6500 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6501 N_("Configuration error: Querying \"Type\" as a string failed"));
6502 if (!strcmp(szType, "PIIX3"))
6503 *penmChipset = CHIPSET_PIIX3;
6504 else if (!strcmp(szType, "PIIX4"))
6505 *penmChipset = CHIPSET_PIIX4;
6506 else if (!strcmp(szType, "ICH6"))
6507 *penmChipset = CHIPSET_ICH6;
6508 else
6509 {
6510 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6511 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6512 szType);
6513 rc = VERR_INTERNAL_ERROR;
6514 }
6515 return rc;
6516}
6517
6518
6519/**
6520 * @interface_method_impl{PDMDEVREG,pfnConstruct}
6521 */
6522static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
6523{
6524 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6525 PPDMIBASE pBase;
6526 int rc;
6527 bool fGCEnabled;
6528 bool fR0Enabled;
6529 uint32_t DelayIRQMillies;
6530
6531 Assert(iInstance == 0);
6532 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
6533
6534 /*
6535 * Initialize NIL handle values (for the destructor).
6536 */
6537 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6538 {
6539 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6540 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6541 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6542 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6543 }
6544
6545 /*
6546 * Validate and read configuration.
6547 */
6548 if (!CFGMR3AreValuesValid(pCfg,
6549 "GCEnabled\0"
6550 "R0Enabled\0"
6551 "IRQDelay\0"
6552 "Type\0")
6553 /** @todo || invalid keys */)
6554 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6555 N_("PIIX3 configuration error: unknown option specified"));
6556
6557 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
6558 if (RT_FAILURE(rc))
6559 return PDMDEV_SET_ERROR(pDevIns, rc,
6560 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6561 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6562
6563 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
6564 if (RT_FAILURE(rc))
6565 return PDMDEV_SET_ERROR(pDevIns, rc,
6566 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6567 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6568
6569 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
6570 if (RT_FAILURE(rc))
6571 return PDMDEV_SET_ERROR(pDevIns, rc,
6572 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6573 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6574 Assert(DelayIRQMillies < 50);
6575
6576 CHIPSET enmChipset = CHIPSET_PIIX3;
6577 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
6578 if (RT_FAILURE(rc))
6579 return rc;
6580 pThis->u8Type = (uint8_t)enmChipset;
6581
6582 /*
6583 * Initialize data (most of it anyway).
6584 */
6585 /* Status LUN. */
6586 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6587 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6588
6589 /* PCI configuration space. */
6590 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6591
6592 /*
6593 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6594 * as it explicitly checks for PCI id for IDE controllers.
6595 */
6596 switch (pThis->u8Type)
6597 {
6598 case CHIPSET_ICH6:
6599 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6600 /** @todo: do we need it? Do we need anything else? */
6601 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6602 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6603 pThis->dev.config[0x4B] = 0x00;
6604 {
6605 /*
6606 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6607 * Report
6608 * WR_Ping-Pong_EN: must be set
6609 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6610 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6611 */
6612 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6613 pThis->dev.config[0x54] = u16Config & 0xff;
6614 pThis->dev.config[0x55] = u16Config >> 8;
6615 }
6616 break;
6617 case CHIPSET_PIIX4:
6618 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6619 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6620 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6621 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6622 pThis->dev.config[0x4B] = 0x00;
6623 break;
6624 case CHIPSET_PIIX3:
6625 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6626 break;
6627 default:
6628 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6629 }
6630
6631 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6632 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6633 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6634 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6635 PCIDevSetHeaderType(&pThis->dev, 0x00);
6636
6637 pThis->pDevIns = pDevIns;
6638 pThis->fGCEnabled = fGCEnabled;
6639 pThis->fR0Enabled = fR0Enabled;
6640 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6641 {
6642 pThis->aCts[i].pDevInsR3 = pDevIns;
6643 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6644 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6645 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6646 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6647 {
6648 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6649
6650 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6651 pIf->pDevInsR3 = pDevIns;
6652 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6653 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6654 pIf->pControllerR3 = &pThis->aCts[i];
6655 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6656 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6657 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6658 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6659 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6660 pIf->Led.u32Magic = PDMLED_MAGIC;
6661 }
6662 }
6663
6664 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6665 pThis->aCts[0].irq = 14;
6666 pThis->aCts[0].IOPortBase1 = 0x1f0;
6667 pThis->aCts[0].IOPortBase2 = 0x3f6;
6668 pThis->aCts[1].irq = 15;
6669 pThis->aCts[1].IOPortBase1 = 0x170;
6670 pThis->aCts[1].IOPortBase2 = 0x376;
6671
6672 /*
6673 * Register the PCI device.
6674 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6675 * device the slot next to itself.
6676 */
6677 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6678 if (RT_FAILURE(rc))
6679 return PDMDEV_SET_ERROR(pDevIns, rc,
6680 N_("PIIX3 cannot register PCI device"));
6681 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6682 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6683 if (RT_FAILURE(rc))
6684 return PDMDEV_SET_ERROR(pDevIns, rc,
6685 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6686
6687 /*
6688 * Register the I/O ports.
6689 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6690 */
6691 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6692 {
6693 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6694 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6695 if (RT_FAILURE(rc))
6696 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6697
6698 if (fGCEnabled)
6699 {
6700 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6701 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6702 if (RT_FAILURE(rc))
6703 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6704 }
6705
6706 if (fR0Enabled)
6707 {
6708#if 1
6709 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6710 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6711#else
6712 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6713 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6714#endif
6715 if (RT_FAILURE(rc))
6716 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6717 }
6718
6719 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6720 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6721 if (RT_FAILURE(rc))
6722 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6723
6724 if (fGCEnabled)
6725 {
6726 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6727 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6728 if (RT_FAILURE(rc))
6729 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6730 }
6731 if (fR0Enabled)
6732 {
6733 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6734 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6735 if (RT_FAILURE(rc))
6736 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6737 }
6738
6739 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6740 {
6741 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6742 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6743 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6744 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6745 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6746 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6747 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
6748 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6749 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
6750#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6751 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6752 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
6753#endif
6754 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6755 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
6756#ifdef VBOX_INSTRUMENT_DMA_WRITES
6757 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6758 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
6759#endif
6760#ifdef VBOX_WITH_STATISTICS
6761 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6762 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
6763#endif
6764 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6765 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
6766#ifdef VBOX_WITH_STATISTICS
6767 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6768 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
6769#endif
6770 }
6771#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6772 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6773 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
6774 /** @todo STAMUNIT_MICROSECS */
6775 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6776 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
6777 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6778 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
6779 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6780 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
6781 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6782 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
6783 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6784 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
6785#endif /* VBOX_WITH_STATISTICS */
6786
6787 /* Initialize per-controller critical section */
6788 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
6789 if (RT_FAILURE(rc))
6790 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6791 }
6792
6793 /*
6794 * Attach status driver (optional).
6795 */
6796 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6797 if (RT_SUCCESS(rc))
6798 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
6799 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6800 {
6801 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6802 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6803 }
6804
6805 /*
6806 * Attach the units.
6807 */
6808 uint32_t cbTotalBuffer = 0;
6809 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6810 {
6811 PATACONTROLLER pCtl = &pThis->aCts[i];
6812
6813 /*
6814 * Start the worker thread.
6815 */
6816 pCtl->uAsyncIOState = ATA_AIO_NEW;
6817 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6818 AssertLogRelRCReturn(rc, rc);
6819 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6820 AssertLogRelRCReturn(rc, rc);
6821 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6822 AssertLogRelRCReturn(rc, rc);
6823 ataAsyncIOClearRequests(pCtl);
6824 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
6825 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6826 AssertLogRelRCReturn(rc, rc);
6827 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6828 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6829
6830 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6831 {
6832 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6833 {
6834 { "Primary Master", "Primary Slave" },
6835 { "Secondary Master", "Secondary Slave" }
6836 };
6837
6838 /*
6839 * Try attach the block device and get the interfaces,
6840 * required as well as optional.
6841 */
6842 ATADevState *pIf = &pCtl->aIfs[j];
6843
6844 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6845 if (RT_SUCCESS(rc))
6846 {
6847 rc = ataConfigLun(pDevIns, pIf);
6848 if (RT_SUCCESS(rc))
6849 {
6850 /*
6851 * Init vendor product data.
6852 */
6853 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6854 {
6855 { "PrimaryMaster", "PrimarySlave" },
6856 { "SecondaryMaster", "SecondarySlave" }
6857 };
6858
6859 /* Generate a default serial number. */
6860 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6861 RTUUID Uuid;
6862 if (pIf->pDrvBlock)
6863 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6864 else
6865 RTUuidClear(&Uuid);
6866
6867 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6868 {
6869 /* Generate a predictable serial for drives which don't have a UUID. */
6870 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6871 pIf->iLUN + pDevIns->iInstance * 32,
6872 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6873 }
6874 else
6875 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6876
6877 /* Get user config if present using defaults otherwise. */
6878 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
6879 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6880 szSerial);
6881 if (RT_FAILURE(rc))
6882 {
6883 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6884 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6885 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6886 return PDMDEV_SET_ERROR(pDevIns, rc,
6887 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6888 }
6889
6890 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6891 "1.0");
6892 if (RT_FAILURE(rc))
6893 {
6894 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6895 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6896 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6897 return PDMDEV_SET_ERROR(pDevIns, rc,
6898 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6899 }
6900
6901 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
6902 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
6903 if (RT_FAILURE(rc))
6904 {
6905 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6906 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6907 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6908 return PDMDEV_SET_ERROR(pDevIns, rc,
6909 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6910 }
6911
6912 /* There are three other identification strings for CD drives used for INQUIRY */
6913 if (pIf->fATAPI)
6914 {
6915 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
6916 "VBOX");
6917 if (RT_FAILURE(rc))
6918 {
6919 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6920 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6921 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
6922 return PDMDEV_SET_ERROR(pDevIns, rc,
6923 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
6924 }
6925
6926 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
6927 "CD-ROM");
6928 if (RT_FAILURE(rc))
6929 {
6930 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6931 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6932 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
6933 return PDMDEV_SET_ERROR(pDevIns, rc,
6934 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
6935 }
6936
6937 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
6938 "1.0");
6939 if (RT_FAILURE(rc))
6940 {
6941 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6942 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6943 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
6944 return PDMDEV_SET_ERROR(pDevIns, rc,
6945 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
6946 }
6947 }
6948 }
6949
6950 }
6951 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6952 {
6953 pIf->pDrvBase = NULL;
6954 pIf->pDrvBlock = NULL;
6955 pIf->cbIOBuffer = 0;
6956 pIf->pbIOBufferR3 = NULL;
6957 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6958 pIf->pbIOBufferRC = NIL_RTGCPTR;
6959 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6960 }
6961 else
6962 {
6963 switch (rc)
6964 {
6965 case VERR_ACCESS_DENIED:
6966 /* Error already catched by DrvHostBase */
6967 return rc;
6968 default:
6969 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6970 N_("PIIX3 cannot attach drive to the %s"),
6971 s_apszDescs[i][j]);
6972 }
6973 }
6974 cbTotalBuffer += pIf->cbIOBuffer;
6975 }
6976 }
6977
6978 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
6979 NULL, ataLiveExec, NULL,
6980 ataSaveLoadPrep, ataSaveExec, NULL,
6981 ataSaveLoadPrep, ataLoadExec, NULL);
6982 if (RT_FAILURE(rc))
6983 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6984
6985 /*
6986 * Initialize the device state.
6987 */
6988 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
6989}
6990
6991
6992/**
6993 * The device registration structure.
6994 */
6995const PDMDEVREG g_DevicePIIX3IDE =
6996{
6997 /* u32Version */
6998 PDM_DEVREG_VERSION,
6999 /* szName */
7000 "piix3ide",
7001 /* szRCMod */
7002 "VBoxDDGC.gc",
7003 /* szR0Mod */
7004 "VBoxDDR0.r0",
7005 /* pszDescription */
7006 "Intel PIIX3 ATA controller.\n"
7007 " LUN #0 is primary master.\n"
7008 " LUN #1 is primary slave.\n"
7009 " LUN #2 is secondary master.\n"
7010 " LUN #3 is secondary slave.\n"
7011 " LUN #999 is the LED/Status connector.",
7012 /* fFlags */
7013 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7014 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7015 /* fClass */
7016 PDM_DEVREG_CLASS_STORAGE,
7017 /* cMaxInstances */
7018 1,
7019 /* cbInstance */
7020 sizeof(PCIATAState),
7021 /* pfnConstruct */
7022 ataR3Construct,
7023 /* pfnDestruct */
7024 ataR3Destruct,
7025 /* pfnRelocate */
7026 ataR3Relocate,
7027 /* pfnIOCtl */
7028 NULL,
7029 /* pfnPowerOn */
7030 NULL,
7031 /* pfnReset */
7032 ataR3Reset,
7033 /* pfnSuspend */
7034 ataR3Suspend,
7035 /* pfnResume */
7036 ataR3Resume,
7037 /* pfnAttach */
7038 ataR3Attach,
7039 /* pfnDetach */
7040 ataR3Detach,
7041 /* pfnQueryInterface. */
7042 NULL,
7043 /* pfnInitComplete */
7044 NULL,
7045 /* pfnPowerOff */
7046 ataR3PowerOff,
7047 /* pfnSoftReset */
7048 NULL,
7049 /* u32VersionEnd */
7050 PDM_DEVREG_VERSION
7051};
7052#endif /* IN_RING3 */
7053#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette