VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 35631

Last change on this file since 35631 was 35595, checked in by vboxsync, 14 years ago

Storage/DevATA+ATAController: only allow read/write commands for ATA devices
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 272.5 KB
Line 
1/* $Id: DevATA.cpp 35595 2011-01-17 20:05:15Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "VBoxDD.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/* Media track type */
102#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
103#define ATA_MEDIA_TYPE_DATA 1 /**< Data CD */
104#define ATA_MEDIA_TYPE_CDDA 2 /**< CD-DA (audio) CD type */
105
106/**
107 * Length of the configurable VPD data (without termination)
108 */
109#define ATA_SERIAL_NUMBER_LENGTH 20
110#define ATA_FIRMWARE_REVISION_LENGTH 8
111#define ATA_MODEL_NUMBER_LENGTH 40
112#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
113#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
114#define ATAPI_INQUIRY_REVISION_LENGTH 4
115
116/*******************************************************************************
117* Structures and Typedefs *
118*******************************************************************************/
119/**
120 * The state of an ATA device.
121 *
122 * @implements PDMIBASE
123 * @implements PDMIBLOCKPORT
124 * @implements PDMIMOUNTNOTIFY
125 */
126typedef struct ATADevState
127{
128 /** Flag indicating whether the current command uses LBA48 mode. */
129 bool fLBA48;
130 /** Flag indicating whether this drive implements the ATAPI command set. */
131 bool fATAPI;
132 /** Set if this interface has asserted the IRQ. */
133 bool fIrqPending;
134 /** Currently configured number of sectors in a multi-sector transfer. */
135 uint8_t cMultSectors;
136 /** PCHS disk geometry. */
137 PDMMEDIAGEOMETRY PCHSGeometry;
138 /** Total number of sectors on this disk. */
139 uint64_t cTotalSectors;
140 /** Number of sectors to transfer per IRQ. */
141 uint32_t cSectorsPerIRQ;
142
143 /** ATA/ATAPI register 1: feature (write-only). */
144 uint8_t uATARegFeature;
145 /** ATA/ATAPI register 1: feature, high order byte. */
146 uint8_t uATARegFeatureHOB;
147 /** ATA/ATAPI register 1: error (read-only). */
148 uint8_t uATARegError;
149 /** ATA/ATAPI register 2: sector count (read/write). */
150 uint8_t uATARegNSector;
151 /** ATA/ATAPI register 2: sector count, high order byte. */
152 uint8_t uATARegNSectorHOB;
153 /** ATA/ATAPI register 3: sector (read/write). */
154 uint8_t uATARegSector;
155 /** ATA/ATAPI register 3: sector, high order byte. */
156 uint8_t uATARegSectorHOB;
157 /** ATA/ATAPI register 4: cylinder low (read/write). */
158 uint8_t uATARegLCyl;
159 /** ATA/ATAPI register 4: cylinder low, high order byte. */
160 uint8_t uATARegLCylHOB;
161 /** ATA/ATAPI register 5: cylinder high (read/write). */
162 uint8_t uATARegHCyl;
163 /** ATA/ATAPI register 5: cylinder high, high order byte. */
164 uint8_t uATARegHCylHOB;
165 /** ATA/ATAPI register 6: select drive/head (read/write). */
166 uint8_t uATARegSelect;
167 /** ATA/ATAPI register 7: status (read-only). */
168 uint8_t uATARegStatus;
169 /** ATA/ATAPI register 7: command (write-only). */
170 uint8_t uATARegCommand;
171 /** ATA/ATAPI drive control register (write-only). */
172 uint8_t uATARegDevCtl;
173
174 /** Currently active transfer mode (MDMA/UDMA) and speed. */
175 uint8_t uATATransferMode;
176 /** Current transfer direction. */
177 uint8_t uTxDir;
178 /** Index of callback for begin transfer. */
179 uint8_t iBeginTransfer;
180 /** Index of callback for source/sink of data. */
181 uint8_t iSourceSink;
182 /** Flag indicating whether the current command transfers data in DMA mode. */
183 bool fDMA;
184 /** Set to indicate that ATAPI transfer semantics must be used. */
185 bool fATAPITransfer;
186
187 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbTotalTransfer;
189 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
190 uint32_t cbElementaryTransfer;
191 /** Current read/write buffer position, shared PIO/DMA. */
192 uint32_t iIOBufferCur;
193 /** First element beyond end of valid buffer content, shared PIO/DMA. */
194 uint32_t iIOBufferEnd;
195
196 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataStart;
198 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
199 uint32_t iIOBufferPIODataEnd;
200
201 /** ATAPI current LBA position. */
202 uint32_t iATAPILBA;
203 /** ATAPI current sector size. */
204 uint32_t cbATAPISector;
205 /** ATAPI current command. */
206 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
207 /** ATAPI sense data. */
208 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
209 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
210 uint8_t cNotifiedMediaChange;
211 /** The same for GET_EVENT_STATUS for mechanism */
212 volatile uint32_t MediaEventStatus;
213
214 /** Media type if known. */
215 volatile uint32_t MediaTrackType;
216
217 /** The status LED state for this drive. */
218 PDMLED Led;
219
220 /** Size of I/O buffer. */
221 uint32_t cbIOBuffer;
222 /** Pointer to the I/O buffer. */
223 R3PTRTYPE(uint8_t *) pbIOBufferR3;
224 /** Pointer to the I/O buffer. */
225 R0PTRTYPE(uint8_t *) pbIOBufferR0;
226 /** Pointer to the I/O buffer. */
227 RCPTRTYPE(uint8_t *) pbIOBufferRC;
228
229 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
230
231 /*
232 * No data that is part of the saved state after this point!!!!!
233 */
234
235 /* Release statistics: number of ATA DMA commands. */
236 STAMCOUNTER StatATADMA;
237 /* Release statistics: number of ATA PIO commands. */
238 STAMCOUNTER StatATAPIO;
239 /* Release statistics: number of ATAPI PIO commands. */
240 STAMCOUNTER StatATAPIDMA;
241 /* Release statistics: number of ATAPI PIO commands. */
242 STAMCOUNTER StatATAPIPIO;
243#ifdef VBOX_INSTRUMENT_DMA_WRITES
244 /* Release statistics: number of DMA sector writes and the time spent. */
245 STAMPROFILEADV StatInstrVDWrites;
246#endif
247
248 /** Statistics: number of read operations and the time spent reading. */
249 STAMPROFILEADV StatReads;
250 /** Statistics: number of bytes read. */
251 STAMCOUNTER StatBytesRead;
252 /** Statistics: number of write operations and the time spent writing. */
253 STAMPROFILEADV StatWrites;
254 /** Statistics: number of bytes written. */
255 STAMCOUNTER StatBytesWritten;
256 /** Statistics: number of flush operations and the time spend flushing. */
257 STAMPROFILE StatFlushes;
258
259 /** Enable passing through commands directly to the ATAPI drive. */
260 bool fATAPIPassthrough;
261 /** Number of errors we've reported to the release log.
262 * This is to prevent flooding caused by something going horribly wrong.
263 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
264 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
265 uint32_t cErrors;
266 /** Timestamp of last started command. 0 if no command pending. */
267 uint64_t u64CmdTS;
268
269 /** Pointer to the attached driver's base interface. */
270 R3PTRTYPE(PPDMIBASE) pDrvBase;
271 /** Pointer to the attached driver's block interface. */
272 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
273 /** Pointer to the attached driver's block bios interface. */
274 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
275 /** Pointer to the attached driver's mount interface.
276 * This is NULL if the driver isn't a removable unit. */
277 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
278 /** The base interface. */
279 PDMIBASE IBase;
280 /** The block port interface. */
281 PDMIBLOCKPORT IPort;
282 /** The mount notify interface. */
283 PDMIMOUNTNOTIFY IMountNotify;
284 /** The LUN #. */
285 RTUINT iLUN;
286 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
287 /** Pointer to device instance. */
288 PPDMDEVINSR3 pDevInsR3;
289 /** Pointer to controller instance. */
290 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
291 /** Pointer to device instance. */
292 PPDMDEVINSR0 pDevInsR0;
293 /** Pointer to controller instance. */
294 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
295 /** Pointer to device instance. */
296 PPDMDEVINSRC pDevInsRC;
297 /** Pointer to controller instance. */
298 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
299
300 /** The serial number to use for IDENTIFY DEVICE commands. */
301 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
302 /** The firmware revision to use for IDENTIFY DEVICE commands. */
303 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
304 /** The model number to use for IDENTIFY DEVICE commands. */
305 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
306 /** The vendor identification string for SCSI INQUIRY commands. */
307 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
308 /** The product identification string for SCSI INQUIRY commands. */
309 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
310 /** The revision string for SCSI INQUIRY commands. */
311 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
312
313 uint8_t abAlignment3[7];
314} ATADevState;
315AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
316AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
317AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
318AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
319AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
320AssertCompileSizeAlignment(ATADevState, 8);
321
322
323typedef struct ATATransferRequest
324{
325 uint8_t iIf;
326 uint8_t iBeginTransfer;
327 uint8_t iSourceSink;
328 uint32_t cbTotalTransfer;
329 uint8_t uTxDir;
330} ATATransferRequest;
331
332
333typedef struct ATAAbortRequest
334{
335 uint8_t iIf;
336 bool fResetDrive;
337} ATAAbortRequest;
338
339
340typedef enum
341{
342 /** Begin a new transfer. */
343 ATA_AIO_NEW = 0,
344 /** Continue a DMA transfer. */
345 ATA_AIO_DMA,
346 /** Continue a PIO transfer. */
347 ATA_AIO_PIO,
348 /** Reset the drives on current controller, stop all transfer activity. */
349 ATA_AIO_RESET_ASSERTED,
350 /** Reset the drives on current controller, resume operation. */
351 ATA_AIO_RESET_CLEARED,
352 /** Abort the current transfer of a particular drive. */
353 ATA_AIO_ABORT
354} ATAAIO;
355
356
357typedef struct ATARequest
358{
359 ATAAIO ReqType;
360 union
361 {
362 ATATransferRequest t;
363 ATAAbortRequest a;
364 } u;
365} ATARequest;
366
367
368typedef struct ATACONTROLLER
369{
370 /** The base of the first I/O Port range. */
371 RTIOPORT IOPortBase1;
372 /** The base of the second I/O Port range. (0 if none) */
373 RTIOPORT IOPortBase2;
374 /** The assigned IRQ. */
375 RTUINT irq;
376 /** Access critical section */
377 PDMCRITSECT lock;
378
379 /** Selected drive. */
380 uint8_t iSelectedIf;
381 /** The interface on which to handle async I/O. */
382 uint8_t iAIOIf;
383 /** The state of the async I/O thread. */
384 uint8_t uAsyncIOState;
385 /** Flag indicating whether the next transfer is part of the current command. */
386 bool fChainedTransfer;
387 /** Set when the reset processing is currently active on this controller. */
388 bool fReset;
389 /** Flag whether the current transfer needs to be redone. */
390 bool fRedo;
391 /** Flag whether the redo suspend has been finished. */
392 bool fRedoIdle;
393 /** Flag whether the DMA operation to be redone is the final transfer. */
394 bool fRedoDMALastDesc;
395 /** The BusMaster DMA state. */
396 BMDMAState BmDma;
397 /** Pointer to first DMA descriptor. */
398 RTGCPHYS32 pFirstDMADesc;
399 /** Pointer to last DMA descriptor. */
400 RTGCPHYS32 pLastDMADesc;
401 /** Pointer to current DMA buffer (for redo operations). */
402 RTGCPHYS32 pRedoDMABuffer;
403 /** Size of current DMA buffer (for redo operations). */
404 uint32_t cbRedoDMABuffer;
405
406 /** The ATA/ATAPI interfaces of this controller. */
407 ATADevState aIfs[2];
408
409 /** Pointer to device instance. */
410 PPDMDEVINSR3 pDevInsR3;
411 /** Pointer to device instance. */
412 PPDMDEVINSR0 pDevInsR0;
413 /** Pointer to device instance. */
414 PPDMDEVINSRC pDevInsRC;
415
416 /** Set when the destroying the device instance and the thread must exit. */
417 uint32_t volatile fShutdown;
418 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
419 RTTHREAD AsyncIOThread;
420 /** The event semaphore the thread is waiting on for requests. */
421 RTSEMEVENT AsyncIOSem;
422 /** The request queue for the AIO thread. One element is always unused. */
423 ATARequest aAsyncIORequests[4];
424 /** The position at which to insert a new request for the AIO thread. */
425 volatile uint8_t AsyncIOReqHead;
426 /** The position at which to get a new request for the AIO thread. */
427 volatile uint8_t AsyncIOReqTail;
428 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
429 bool volatile fSignalIdle;
430 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
431 /** Magic delay before triggering interrupts in DMA mode. */
432 uint32_t DelayIRQMillies;
433 /** The mutex protecting the request queue. */
434 RTSEMMUTEX AsyncIORequestMutex;
435 /** The event semaphore the thread is waiting on during suspended I/O. */
436 RTSEMEVENT SuspendIOSem;
437#if 0 /*HC_ARCH_BITS == 32*/
438 uint32_t Alignment0;
439#endif
440
441 /** Timestamp we started the reset. */
442 uint64_t u64ResetTime;
443
444 /* Statistics */
445 STAMCOUNTER StatAsyncOps;
446 uint64_t StatAsyncMinWait;
447 uint64_t StatAsyncMaxWait;
448 STAMCOUNTER StatAsyncTimeUS;
449 STAMPROFILEADV StatAsyncTime;
450 STAMPROFILE StatLockWait;
451} ATACONTROLLER, *PATACONTROLLER;
452AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
453AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
456
457typedef enum CHIPSET
458{
459 /** PIIX3 chipset, must be 0 for saved state compatibility */
460 CHIPSET_PIIX3 = 0,
461 /** PIIX4 chipset, must be 1 for saved state compatibility */
462 CHIPSET_PIIX4 = 1,
463 /** ICH6 chipset */
464 CHIPSET_ICH6 = 2
465} CHIPSET;
466
467/**
468 * The state of the ATA PCI device.
469 *
470 * @extends PCIDEVICE
471 * @implements PDMILEDPORTS
472 */
473typedef struct PCIATAState
474{
475 PCIDEVICE dev;
476 /** The controllers. */
477 ATACONTROLLER aCts[2];
478 /** Pointer to device instance. */
479 PPDMDEVINSR3 pDevIns;
480 /** Status LUN: Base interface. */
481 PDMIBASE IBase;
482 /** Status LUN: Leds interface. */
483 PDMILEDPORTS ILeds;
484 /** Status LUN: Partner of ILeds. */
485 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
486 /** Flag whether GC is enabled. */
487 bool fGCEnabled;
488 /** Flag whether R0 is enabled. */
489 bool fR0Enabled;
490 /** Flag indicating chipset being emulated. */
491 uint8_t u8Type;
492 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
493} PCIATAState;
494
495#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
496#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
497#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
498#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
499#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
500#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
501
502#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
503
504#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
505#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
506#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
507#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
508#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
509
510#ifndef VBOX_DEVICE_STRUCT_TESTCASE
511/*******************************************************************************
512 * Internal Functions *
513 ******************************************************************************/
514RT_C_DECLS_BEGIN
515PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
516PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
517PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
518PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
521PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
522PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
523RT_C_DECLS_END
524
525
526
527DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
528{
529 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
530
531 /* Freeze status register contents while processing RESET. */
532 if (!pCtl->fReset)
533 {
534 s->uATARegStatus = stat;
535 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
536 }
537}
538
539
540DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
541{
542 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
543
544 /* Freeze status register contents while processing RESET. */
545 if (!pCtl->fReset)
546 {
547 s->uATARegStatus |= stat;
548 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
549 }
550}
551
552
553DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
554{
555 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
556
557 /* Freeze status register contents while processing RESET. */
558 if (!pCtl->fReset)
559 {
560 s->uATARegStatus &= ~stat;
561 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
562 }
563}
564
565#ifdef IN_RING3
566
567typedef void (*PBeginTransferFunc)(ATADevState *);
568typedef bool (*PSourceSinkFunc)(ATADevState *);
569
570static void ataReadWriteSectorsBT(ATADevState *);
571static void ataPacketBT(ATADevState *);
572static void atapiCmdBT(ATADevState *);
573static void atapiPassthroughCmdBT(ATADevState *);
574
575static bool ataIdentifySS(ATADevState *);
576static bool ataFlushSS(ATADevState *);
577static bool ataReadSectorsSS(ATADevState *);
578static bool ataWriteSectorsSS(ATADevState *);
579static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
580static bool ataPacketSS(ATADevState *);
581static bool atapiGetConfigurationSS(ATADevState *);
582static bool atapiGetEventStatusNotificationSS(ATADevState *);
583static bool atapiIdentifySS(ATADevState *);
584static bool atapiInquirySS(ATADevState *);
585static bool atapiMechanismStatusSS(ATADevState *);
586static bool atapiModeSenseErrorRecoverySS(ATADevState *);
587static bool atapiModeSenseCDStatusSS(ATADevState *);
588static bool atapiReadSS(ATADevState *);
589static bool atapiReadCapacitySS(ATADevState *);
590static bool atapiReadDiscInformationSS(ATADevState *);
591static bool atapiReadTOCNormalSS(ATADevState *);
592static bool atapiReadTOCMultiSS(ATADevState *);
593static bool atapiReadTOCRawSS(ATADevState *);
594static bool atapiReadTrackInformationSS(ATADevState *);
595static bool atapiRequestSenseSS(ATADevState *);
596static bool atapiPassthroughSS(ATADevState *);
597static bool atapiReadDVDStructureSS(ATADevState *);
598
599/**
600 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
601 */
602typedef enum ATAFNBT
603{
604 ATAFN_BT_NULL = 0,
605 ATAFN_BT_READ_WRITE_SECTORS,
606 ATAFN_BT_PACKET,
607 ATAFN_BT_ATAPI_CMD,
608 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
609 ATAFN_BT_MAX
610} ATAFNBT;
611
612/**
613 * Array of end transfer functions, the index is ATAFNET.
614 * Make sure ATAFNET and this array match!
615 */
616static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
617{
618 NULL,
619 ataReadWriteSectorsBT,
620 ataPacketBT,
621 atapiCmdBT,
622 atapiPassthroughCmdBT,
623};
624
625/**
626 * Source/sink function indexes for g_apfnSourceSinkFuncs.
627 */
628typedef enum ATAFNSS
629{
630 ATAFN_SS_NULL = 0,
631 ATAFN_SS_IDENTIFY,
632 ATAFN_SS_FLUSH,
633 ATAFN_SS_READ_SECTORS,
634 ATAFN_SS_WRITE_SECTORS,
635 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
636 ATAFN_SS_PACKET,
637 ATAFN_SS_ATAPI_GET_CONFIGURATION,
638 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
639 ATAFN_SS_ATAPI_IDENTIFY,
640 ATAFN_SS_ATAPI_INQUIRY,
641 ATAFN_SS_ATAPI_MECHANISM_STATUS,
642 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
643 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
644 ATAFN_SS_ATAPI_READ,
645 ATAFN_SS_ATAPI_READ_CAPACITY,
646 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
647 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
648 ATAFN_SS_ATAPI_READ_TOC_MULTI,
649 ATAFN_SS_ATAPI_READ_TOC_RAW,
650 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
651 ATAFN_SS_ATAPI_REQUEST_SENSE,
652 ATAFN_SS_ATAPI_PASSTHROUGH,
653 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
654 ATAFN_SS_MAX
655} ATAFNSS;
656
657/**
658 * Array of source/sink functions, the index is ATAFNSS.
659 * Make sure ATAFNSS and this array match!
660 */
661static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
662{
663 NULL,
664 ataIdentifySS,
665 ataFlushSS,
666 ataReadSectorsSS,
667 ataWriteSectorsSS,
668 ataExecuteDeviceDiagnosticSS,
669 ataPacketSS,
670 atapiGetConfigurationSS,
671 atapiGetEventStatusNotificationSS,
672 atapiIdentifySS,
673 atapiInquirySS,
674 atapiMechanismStatusSS,
675 atapiModeSenseErrorRecoverySS,
676 atapiModeSenseCDStatusSS,
677 atapiReadSS,
678 atapiReadCapacitySS,
679 atapiReadDiscInformationSS,
680 atapiReadTOCNormalSS,
681 atapiReadTOCMultiSS,
682 atapiReadTOCRawSS,
683 atapiReadTrackInformationSS,
684 atapiRequestSenseSS,
685 atapiPassthroughSS,
686 atapiReadDVDStructureSS
687};
688
689
690static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
691static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
692static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
693static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
694
695static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
696{
697 int rc;
698
699 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
700 AssertRC(rc);
701 pCtl->AsyncIOReqHead = 0;
702 pCtl->AsyncIOReqTail = 0;
703 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
704 AssertRC(rc);
705}
706
707
708static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
709{
710 int rc;
711
712 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
713 AssertRC(rc);
714 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
715 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
716 pCtl->AsyncIOReqHead++;
717 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
718 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
719 AssertRC(rc);
720 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
721 if (RT_FAILURE(rc))
722 {
723 rc = RTSemEventSignal(pCtl->AsyncIOSem);
724 AssertRC(rc);
725 }
726}
727
728
729static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
730{
731 int rc;
732 const ATARequest *pReq;
733
734 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
735 AssertRC(rc);
736 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
737 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
738 else
739 pReq = NULL;
740 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
741 AssertRC(rc);
742 return pReq;
743}
744
745
746/**
747 * Remove the request with the given type, as it's finished. The request
748 * is not removed blindly, as this could mean a RESET request that is not
749 * yet processed (but has cleared the request queue) is lost.
750 *
751 * @param pCtl Controller for which to remove the request.
752 * @param ReqType Type of the request to remove.
753 */
754static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
755{
756 int rc;
757
758 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
759 AssertRC(rc);
760 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
761 {
762 pCtl->AsyncIOReqTail++;
763 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
764 }
765 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
766 AssertRC(rc);
767}
768
769
770/**
771 * Dump the request queue for a particular controller. First dump the queue
772 * contents, then the already processed entries, as long as they haven't been
773 * overwritten.
774 *
775 * @param pCtl Controller for which to dump the queue.
776 */
777static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
778{
779 int rc;
780 uint8_t curr;
781
782 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
783 AssertRC(rc);
784 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
785 curr = pCtl->AsyncIOReqTail;
786 do
787 {
788 if (curr == pCtl->AsyncIOReqHead)
789 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
790 switch (pCtl->aAsyncIORequests[curr].ReqType)
791 {
792 case ATA_AIO_NEW:
793 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
794 break;
795 case ATA_AIO_DMA:
796 LogRel(("dma transfer continuation\n"));
797 break;
798 case ATA_AIO_PIO:
799 LogRel(("pio transfer continuation\n"));
800 break;
801 case ATA_AIO_RESET_ASSERTED:
802 LogRel(("reset asserted request\n"));
803 break;
804 case ATA_AIO_RESET_CLEARED:
805 LogRel(("reset cleared request\n"));
806 break;
807 case ATA_AIO_ABORT:
808 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
809 break;
810 default:
811 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
812 }
813 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
814 } while (curr != pCtl->AsyncIOReqTail);
815 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
816 AssertRC(rc);
817}
818
819
820/**
821 * Checks whether the request queue for a particular controller is empty
822 * or whether a particular controller is idle.
823 *
824 * @param pCtl Controller for which to check the queue.
825 * @param fStrict If set then the controller is checked to be idle.
826 */
827static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
828{
829 int rc;
830 bool fIdle;
831
832 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
833 AssertRC(rc);
834 fIdle = pCtl->fRedoIdle;
835 if (!fIdle)
836 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
837 if (fStrict)
838 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
839 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
840 AssertRC(rc);
841 return fIdle;
842}
843
844
845/**
846 * Send a transfer request to the async I/O thread.
847 *
848 * @param s Pointer to the ATA device state data.
849 * @param cbTotalTransfer Data transfer size.
850 * @param uTxDir Data transfer direction.
851 * @param iBeginTransfer Index of BeginTransfer callback.
852 * @param iSourceSink Index of SourceSink callback.
853 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
854 */
855static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
856{
857 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
858 ATARequest Req;
859
860 Assert(PDMCritSectIsOwner(&pCtl->lock));
861
862 /* Do not issue new requests while the RESET line is asserted. */
863 if (pCtl->fReset)
864 {
865 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
866 return;
867 }
868
869 /* If the controller is already doing something else right now, ignore
870 * the command that is being submitted. Some broken guests issue commands
871 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
872 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
873 {
874 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
875 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
876 return;
877 }
878
879 Req.ReqType = ATA_AIO_NEW;
880 if (fChainedTransfer)
881 Req.u.t.iIf = pCtl->iAIOIf;
882 else
883 Req.u.t.iIf = pCtl->iSelectedIf;
884 Req.u.t.cbTotalTransfer = cbTotalTransfer;
885 Req.u.t.uTxDir = uTxDir;
886 Req.u.t.iBeginTransfer = iBeginTransfer;
887 Req.u.t.iSourceSink = iSourceSink;
888 ataSetStatusValue(s, ATA_STAT_BUSY);
889 pCtl->fChainedTransfer = fChainedTransfer;
890
891 /*
892 * Kick the worker thread into action.
893 */
894 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
895 ataAsyncIOPutRequest(pCtl, &Req);
896}
897
898
899/**
900 * Send an abort command request to the async I/O thread.
901 *
902 * @param s Pointer to the ATA device state data.
903 * @param fResetDrive Whether to reset the drive or just abort a command.
904 */
905static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
906{
907 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
908 ATARequest Req;
909
910 Assert(PDMCritSectIsOwner(&pCtl->lock));
911
912 /* Do not issue new requests while the RESET line is asserted. */
913 if (pCtl->fReset)
914 {
915 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
916 return;
917 }
918
919 Req.ReqType = ATA_AIO_ABORT;
920 Req.u.a.iIf = pCtl->iSelectedIf;
921 Req.u.a.fResetDrive = fResetDrive;
922 ataSetStatus(s, ATA_STAT_BUSY);
923 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
924 ataAsyncIOPutRequest(pCtl, &Req);
925}
926
927
928static void ataSetIRQ(ATADevState *s)
929{
930 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
931 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
932
933 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
934 {
935 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
936 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
937 * line is asserted. It monitors the line for a rising edge. */
938 if (!s->fIrqPending)
939 pCtl->BmDma.u8Status |= BM_STATUS_INT;
940 /* Only actually set the IRQ line if updating the currently selected drive. */
941 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
942 {
943 /** @todo experiment with adaptive IRQ delivery: for reads it is
944 * better to wait for IRQ delivery, as it reduces latency. */
945 if (pCtl->irq == 16)
946 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
947 else
948 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
949 }
950 }
951 s->fIrqPending = true;
952}
953
954#endif /* IN_RING3 */
955
956static void ataUnsetIRQ(ATADevState *s)
957{
958 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
959 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
960
961 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
962 {
963 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
964 /* Only actually unset the IRQ line if updating the currently selected drive. */
965 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
966 {
967 if (pCtl->irq == 16)
968 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
969 else
970 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
971 }
972 }
973 s->fIrqPending = false;
974}
975
976#ifdef IN_RING3
977
978static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
979{
980 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
981 s->iIOBufferPIODataStart = start;
982 s->iIOBufferPIODataEnd = start + size;
983 ataSetStatus(s, ATA_STAT_DRQ);
984}
985
986
987static void ataPIOTransferStop(ATADevState *s)
988{
989 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
990 if (s->fATAPITransfer)
991 {
992 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
993 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
994 ataSetIRQ(s);
995 s->fATAPITransfer = false;
996 }
997 s->cbTotalTransfer = 0;
998 s->cbElementaryTransfer = 0;
999 s->iIOBufferPIODataStart = 0;
1000 s->iIOBufferPIODataEnd = 0;
1001 s->iBeginTransfer = ATAFN_BT_NULL;
1002 s->iSourceSink = ATAFN_SS_NULL;
1003}
1004
1005
1006static void ataPIOTransferLimitATAPI(ATADevState *s)
1007{
1008 uint32_t cbLimit, cbTransfer;
1009
1010 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1011 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1012 if (cbLimit == 0)
1013 cbLimit = 0xfffe;
1014 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1015 if (cbLimit == 0xffff)
1016 cbLimit--;
1017 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1018 if (cbTransfer > cbLimit)
1019 {
1020 /* Byte count limit for clipping must be even in this case */
1021 if (cbLimit & 1)
1022 cbLimit--;
1023 cbTransfer = cbLimit;
1024 }
1025 s->uATARegLCyl = cbTransfer;
1026 s->uATARegHCyl = cbTransfer >> 8;
1027 s->cbElementaryTransfer = cbTransfer;
1028}
1029
1030
1031static uint32_t ataGetNSectors(ATADevState *s)
1032{
1033 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1034 if (s->fLBA48)
1035 {
1036 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1037 return 65536;
1038 else
1039 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1040 }
1041 else
1042 {
1043 if (!s->uATARegNSector)
1044 return 256;
1045 else
1046 return s->uATARegNSector;
1047 }
1048}
1049
1050
1051static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1052{
1053 for (uint32_t i = 0; i < cbSize; i++)
1054 {
1055 if (*pbSrc)
1056 pbDst[i ^ 1] = *pbSrc++;
1057 else
1058 pbDst[i ^ 1] = ' ';
1059 }
1060}
1061
1062
1063static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1064{
1065 for (uint32_t i = 0; i < cbSize; i++)
1066 {
1067 if (*pbSrc)
1068 pbDst[i] = *pbSrc++;
1069 else
1070 pbDst[i] = ' ';
1071 }
1072}
1073
1074
1075DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1076{
1077 pbBuf[0] = val >> 8;
1078 pbBuf[1] = val;
1079}
1080
1081
1082DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1083{
1084 pbBuf[0] = val >> 16;
1085 pbBuf[1] = val >> 8;
1086 pbBuf[2] = val;
1087}
1088
1089
1090DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1091{
1092 pbBuf[0] = val >> 24;
1093 pbBuf[1] = val >> 16;
1094 pbBuf[2] = val >> 8;
1095 pbBuf[3] = val;
1096}
1097
1098
1099DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1100{
1101 return (pbBuf[0] << 8) | pbBuf[1];
1102}
1103
1104
1105DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1114}
1115
1116
1117DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1118{
1119 iATAPILBA += 150;
1120 pbBuf[0] = (iATAPILBA / 75) / 60;
1121 pbBuf[1] = (iATAPILBA / 75) % 60;
1122 pbBuf[2] = iATAPILBA % 75;
1123}
1124
1125
1126DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1127{
1128 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1129}
1130
1131
1132static void ataCmdOK(ATADevState *s, uint8_t status)
1133{
1134 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1135 ataSetStatusValue(s, ATA_STAT_READY | status);
1136}
1137
1138
1139static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1140{
1141 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1142 Assert(uErrorCode);
1143 s->uATARegError = uErrorCode;
1144 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1145 s->cbTotalTransfer = 0;
1146 s->cbElementaryTransfer = 0;
1147 s->iIOBufferCur = 0;
1148 s->iIOBufferEnd = 0;
1149 s->uTxDir = PDMBLOCKTXDIR_NONE;
1150 s->iBeginTransfer = ATAFN_BT_NULL;
1151 s->iSourceSink = ATAFN_SS_NULL;
1152}
1153
1154static uint32_t ataChecksum(void* ptr, size_t count)
1155{
1156 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1157 size_t i;
1158
1159 for (i = 0; i < count; i++)
1160 {
1161 u8Sum += *p++;
1162 }
1163
1164 return (uint8_t)-(int32_t)u8Sum;
1165}
1166
1167static bool ataIdentifySS(ATADevState *s)
1168{
1169 uint16_t *p;
1170
1171 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1172 Assert(s->cbElementaryTransfer == 512);
1173
1174 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1175 memset(p, 0, 512);
1176 p[0] = RT_H2LE_U16(0x0040);
1177 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1178 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1179 /* Block size; obsolete, but required for the BIOS. */
1180 p[5] = RT_H2LE_U16(512);
1181 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1182 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1183 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1184 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1185 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1186 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1187 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1188#if ATA_MAX_MULT_SECTORS > 1
1189 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1190#endif
1191 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1192 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1193 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1194 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1195 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1196 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1197 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1198 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1199 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1200 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1201 * s->PCHSGeometry.cHeads
1202 * s->PCHSGeometry.cSectors);
1203 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1204 * s->PCHSGeometry.cHeads
1205 * s->PCHSGeometry.cSectors >> 16);
1206 if (s->cMultSectors)
1207 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1208 if (s->cTotalSectors <= (1 << 28) - 1)
1209 {
1210 p[60] = RT_H2LE_U16(s->cTotalSectors);
1211 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1212 }
1213 else
1214 {
1215 /* Report maximum number of sectors possible with LBA28 */
1216 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1217 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1218 }
1219 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1220 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1221 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1222 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1223 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1224 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1225 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1226 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1227 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1228 if (s->cTotalSectors <= (1 << 28) - 1)
1229 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1230 else
1231 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1232 p[84] = RT_H2LE_U16(1 << 14);
1233 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1234 if (s->cTotalSectors <= (1 << 28) - 1)
1235 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1236 else
1237 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1238 p[87] = RT_H2LE_U16(1 << 14);
1239 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1240 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1241 if (s->cTotalSectors > (1 << 28) - 1)
1242 {
1243 p[100] = RT_H2LE_U16(s->cTotalSectors);
1244 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1245 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1246 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1247 }
1248 uint32_t uCsum = ataChecksum(p, 510);
1249 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1250 s->iSourceSink = ATAFN_SS_NULL;
1251 ataCmdOK(s, ATA_STAT_SEEK);
1252 return false;
1253}
1254
1255
1256static bool ataFlushSS(ATADevState *s)
1257{
1258 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1259 int rc;
1260
1261 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1262 Assert(!s->cbElementaryTransfer);
1263
1264 PDMCritSectLeave(&pCtl->lock);
1265
1266 STAM_PROFILE_START(&s->StatFlushes, f);
1267 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1268 AssertRC(rc);
1269 STAM_PROFILE_STOP(&s->StatFlushes, f);
1270
1271 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1272 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1273 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1274 ataCmdOK(s, 0);
1275 return false;
1276}
1277
1278static bool atapiIdentifySS(ATADevState *s)
1279{
1280 uint16_t *p;
1281
1282 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1283 Assert(s->cbElementaryTransfer == 512);
1284
1285 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1286 memset(p, 0, 512);
1287 /* Removable CDROM, 50us response, 12 byte packets */
1288 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1289 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1290 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1291 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1292 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1293 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1294 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1295 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1296 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1297 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1298 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1299 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1300 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1301 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1302 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1303 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1304 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1305 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1306 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1307 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1308 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1309 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1310 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1311 p[83] = RT_H2LE_U16(1 << 14);
1312 p[84] = RT_H2LE_U16(1 << 14);
1313 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1314 p[86] = RT_H2LE_U16(0);
1315 p[87] = RT_H2LE_U16(1 << 14);
1316 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1317 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1318 /* According to ATAPI-5 spec:
1319 *
1320 * The use of this word is optional.
1321 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1322 * contain the data
1323 * structure checksum.
1324 * The data structure checksum is the twos complement of the sum of
1325 * all bytes in words 0 through 254 and the byte consisting of
1326 * bits 7:0 in word 255.
1327 * Each byte shall be added with unsigned arithmetic,
1328 * and overflow shall be ignored.
1329 * The sum of all 512 bytes is zero when the checksum is correct.
1330 */
1331 uint32_t uCsum = ataChecksum(p, 510);
1332 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1333
1334 s->iSourceSink = ATAFN_SS_NULL;
1335 ataCmdOK(s, ATA_STAT_SEEK);
1336 return false;
1337}
1338
1339
1340static void ataSetSignature(ATADevState *s)
1341{
1342 s->uATARegSelect &= 0xf0; /* clear head */
1343 /* put signature */
1344 s->uATARegNSector = 1;
1345 s->uATARegSector = 1;
1346 if (s->fATAPI)
1347 {
1348 s->uATARegLCyl = 0x14;
1349 s->uATARegHCyl = 0xeb;
1350 }
1351 else if (s->pDrvBlock)
1352 {
1353 s->uATARegLCyl = 0;
1354 s->uATARegHCyl = 0;
1355 }
1356 else
1357 {
1358 s->uATARegLCyl = 0xff;
1359 s->uATARegHCyl = 0xff;
1360 }
1361}
1362
1363
1364static uint64_t ataGetSector(ATADevState *s)
1365{
1366 uint64_t iLBA;
1367 if (s->uATARegSelect & 0x40)
1368 {
1369 /* any LBA variant */
1370 if (s->fLBA48)
1371 {
1372 /* LBA48 */
1373 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1374 ((uint64_t)s->uATARegLCylHOB << 32) |
1375 ((uint64_t)s->uATARegSectorHOB << 24) |
1376 ((uint64_t)s->uATARegHCyl << 16) |
1377 ((uint64_t)s->uATARegLCyl << 8) |
1378 s->uATARegSector;
1379 }
1380 else
1381 {
1382 /* LBA */
1383 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1384 (s->uATARegLCyl << 8) | s->uATARegSector;
1385 }
1386 }
1387 else
1388 {
1389 /* CHS */
1390 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1391 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1392 (s->uATARegSector - 1);
1393 }
1394 return iLBA;
1395}
1396
1397static void ataSetSector(ATADevState *s, uint64_t iLBA)
1398{
1399 uint32_t cyl, r;
1400 if (s->uATARegSelect & 0x40)
1401 {
1402 /* any LBA variant */
1403 if (s->fLBA48)
1404 {
1405 /* LBA48 */
1406 s->uATARegHCylHOB = iLBA >> 40;
1407 s->uATARegLCylHOB = iLBA >> 32;
1408 s->uATARegSectorHOB = iLBA >> 24;
1409 s->uATARegHCyl = iLBA >> 16;
1410 s->uATARegLCyl = iLBA >> 8;
1411 s->uATARegSector = iLBA;
1412 }
1413 else
1414 {
1415 /* LBA */
1416 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1417 s->uATARegHCyl = (iLBA >> 16);
1418 s->uATARegLCyl = (iLBA >> 8);
1419 s->uATARegSector = (iLBA);
1420 }
1421 }
1422 else
1423 {
1424 /* CHS */
1425 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1426 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1427 s->uATARegHCyl = cyl >> 8;
1428 s->uATARegLCyl = cyl;
1429 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1430 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1431 }
1432}
1433
1434
1435static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1436{
1437 int rc;
1438 LogRel(("PIIX3 ATA: Host disk full\n"));
1439 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1440 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1441 AssertRC(rc);
1442}
1443
1444static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1445{
1446 int rc;
1447 LogRel(("PIIX3 ATA: File too big\n"));
1448 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1449 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1450 AssertRC(rc);
1451}
1452
1453static void ataWarningISCSI(PPDMDEVINS pDevIns)
1454{
1455 int rc;
1456 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1457 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1458 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1459 AssertRC(rc);
1460}
1461
1462static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1463{
1464 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1465 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1466 if (rc == VERR_DISK_FULL)
1467 {
1468 pCtl->fRedoIdle = true;
1469 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1470 return true;
1471 }
1472 if (rc == VERR_FILE_TOO_BIG)
1473 {
1474 pCtl->fRedoIdle = true;
1475 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1476 return true;
1477 }
1478 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1479 {
1480 pCtl->fRedoIdle = true;
1481 /* iSCSI connection abort (first error) or failure to reestablish
1482 * connection (second error). Pause VM. On resume we'll retry. */
1483 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1484 return true;
1485 }
1486 return false;
1487}
1488
1489
1490static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1491 uint32_t cSectors, bool *pfRedo)
1492{
1493 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1494 int rc;
1495
1496 PDMCritSectLeave(&pCtl->lock);
1497
1498 STAM_PROFILE_ADV_START(&s->StatReads, r);
1499 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1500 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1501 s->Led.Actual.s.fReading = 0;
1502 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1503
1504 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1505
1506 if (RT_SUCCESS(rc))
1507 *pfRedo = false;
1508 else
1509 *pfRedo = ataIsRedoSetWarning(s, rc);
1510
1511 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1512 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1513 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1514 return rc;
1515}
1516
1517
1518static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1519 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1520{
1521 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1522 int rc;
1523
1524 PDMCritSectLeave(&pCtl->lock);
1525
1526 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1527 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1528#ifdef VBOX_INSTRUMENT_DMA_WRITES
1529 if (s->fDMA)
1530 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1531#endif
1532 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1533#ifdef VBOX_INSTRUMENT_DMA_WRITES
1534 if (s->fDMA)
1535 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1536#endif
1537 s->Led.Actual.s.fWriting = 0;
1538 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1539
1540 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1541
1542 if (RT_SUCCESS(rc))
1543 *pfRedo = false;
1544 else
1545 *pfRedo = ataIsRedoSetWarning(s, rc);
1546
1547 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1548 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1549 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1550 return rc;
1551}
1552
1553
1554static void ataReadWriteSectorsBT(ATADevState *s)
1555{
1556 uint32_t cSectors;
1557
1558 cSectors = s->cbTotalTransfer / 512;
1559 if (cSectors > s->cSectorsPerIRQ)
1560 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1561 else
1562 s->cbElementaryTransfer = cSectors * 512;
1563 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1564 ataCmdOK(s, 0);
1565}
1566
1567
1568static bool ataReadSectorsSS(ATADevState *s)
1569{
1570 int rc;
1571 uint32_t cSectors;
1572 uint64_t iLBA;
1573 bool fRedo;
1574
1575 cSectors = s->cbElementaryTransfer / 512;
1576 Assert(cSectors);
1577 iLBA = ataGetSector(s);
1578 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1579 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1580 if (RT_SUCCESS(rc))
1581 {
1582 ataSetSector(s, iLBA + cSectors);
1583 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1584 s->iSourceSink = ATAFN_SS_NULL;
1585 ataCmdOK(s, ATA_STAT_SEEK);
1586 }
1587 else
1588 {
1589 if (fRedo)
1590 return fRedo;
1591 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1592 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1593 s->iLUN, rc, iLBA, cSectors));
1594
1595 /*
1596 * Check if we got interrupted. We don't need to set status variables
1597 * because the request was aborted.
1598 */
1599 if (rc != VERR_INTERRUPTED)
1600 ataCmdError(s, ID_ERR);
1601 }
1602 return false;
1603}
1604
1605
1606static bool ataWriteSectorsSS(ATADevState *s)
1607{
1608 int rc;
1609 uint32_t cSectors;
1610 uint64_t iLBA;
1611 bool fRedo;
1612
1613 cSectors = s->cbElementaryTransfer / 512;
1614 Assert(cSectors);
1615 iLBA = ataGetSector(s);
1616 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1617 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1618 if (RT_SUCCESS(rc))
1619 {
1620 ataSetSector(s, iLBA + cSectors);
1621 if (!s->cbTotalTransfer)
1622 s->iSourceSink = ATAFN_SS_NULL;
1623 ataCmdOK(s, ATA_STAT_SEEK);
1624 }
1625 else
1626 {
1627 if (fRedo)
1628 return fRedo;
1629 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1630 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1631 s->iLUN, rc, iLBA, cSectors));
1632
1633 /*
1634 * Check if we got interrupted. We don't need to set status variables
1635 * because the request was aborted.
1636 */
1637 if (rc != VERR_INTERRUPTED)
1638 ataCmdError(s, ID_ERR);
1639 }
1640 return false;
1641}
1642
1643
1644static void atapiCmdOK(ATADevState *s)
1645{
1646 s->uATARegError = 0;
1647 ataSetStatusValue(s, ATA_STAT_READY);
1648 s->uATARegNSector = (s->uATARegNSector & ~7)
1649 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1650 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1651 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1652
1653 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1654 s->abATAPISense[0] = 0x70 | (1 << 7);
1655 s->abATAPISense[7] = 10;
1656}
1657
1658
1659static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1660{
1661 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1662 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1663 s->uATARegError = pabATAPISense[2] << 4;
1664 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1665 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1666 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1667 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1668 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1669 s->cbTotalTransfer = 0;
1670 s->cbElementaryTransfer = 0;
1671 s->iIOBufferCur = 0;
1672 s->iIOBufferEnd = 0;
1673 s->uTxDir = PDMBLOCKTXDIR_NONE;
1674 s->iBeginTransfer = ATAFN_BT_NULL;
1675 s->iSourceSink = ATAFN_SS_NULL;
1676}
1677
1678
1679/** @todo deprecated function - doesn't provide enough info. Replace by direct
1680 * calls to atapiCmdError() with full data. */
1681static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1682{
1683 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1684 memset(abATAPISense, '\0', sizeof(abATAPISense));
1685 abATAPISense[0] = 0x70 | (1 << 7);
1686 abATAPISense[2] = uATAPISenseKey & 0x0f;
1687 abATAPISense[7] = 10;
1688 abATAPISense[12] = uATAPIASC;
1689 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1690}
1691
1692
1693static void atapiCmdBT(ATADevState *s)
1694{
1695 s->fATAPITransfer = true;
1696 s->cbElementaryTransfer = s->cbTotalTransfer;
1697 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1698 atapiCmdOK(s);
1699}
1700
1701
1702static void atapiPassthroughCmdBT(ATADevState *s)
1703{
1704 /* @todo implement an algorithm for correctly determining the read and
1705 * write sector size without sending additional commands to the drive.
1706 * This should be doable by saving processing the configuration requests
1707 * and replies. */
1708#if 0
1709 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1710 {
1711 uint8_t cmd = s->aATAPICmd[0];
1712 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1713 {
1714 uint8_t aModeSenseCmd[10];
1715 uint8_t aModeSenseResult[16];
1716 uint8_t uDummySense;
1717 uint32_t cbTransfer;
1718 int rc;
1719
1720 cbTransfer = sizeof(aModeSenseResult);
1721 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1722 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1723 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1724 aModeSenseCmd[3] = 0; /* subpage code */
1725 aModeSenseCmd[4] = 0; /* reserved */
1726 aModeSenseCmd[5] = 0; /* reserved */
1727 aModeSenseCmd[6] = 0; /* reserved */
1728 aModeSenseCmd[7] = cbTransfer >> 8;
1729 aModeSenseCmd[8] = cbTransfer & 0xff;
1730 aModeSenseCmd[9] = 0; /* control */
1731 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1732 if (RT_FAILURE(rc))
1733 {
1734 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1735 return;
1736 }
1737 /* Select sector size based on the current data block type. */
1738 switch (aModeSenseResult[12] & 0x0f)
1739 {
1740 case 0:
1741 s->cbATAPISector = 2352;
1742 break;
1743 case 1:
1744 s->cbATAPISector = 2368;
1745 break;
1746 case 2:
1747 case 3:
1748 s->cbATAPISector = 2448;
1749 break;
1750 case 8:
1751 case 10:
1752 s->cbATAPISector = 2048;
1753 break;
1754 case 9:
1755 s->cbATAPISector = 2336;
1756 break;
1757 case 11:
1758 s->cbATAPISector = 2056;
1759 break;
1760 case 12:
1761 s->cbATAPISector = 2324;
1762 break;
1763 case 13:
1764 s->cbATAPISector = 2332;
1765 break;
1766 default:
1767 s->cbATAPISector = 0;
1768 }
1769 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1770 s->cbTotalTransfer *= s->cbATAPISector;
1771 if (s->cbTotalTransfer == 0)
1772 s->uTxDir = PDMBLOCKTXDIR_NONE;
1773 }
1774 }
1775#endif
1776 atapiCmdBT(s);
1777}
1778
1779
1780static bool atapiReadSS(ATADevState *s)
1781{
1782 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1783 int rc = VINF_SUCCESS;
1784 uint32_t cbTransfer, cSectors;
1785
1786 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1787 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1788 cSectors = cbTransfer / s->cbATAPISector;
1789 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1790 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1791
1792 PDMCritSectLeave(&pCtl->lock);
1793
1794 STAM_PROFILE_ADV_START(&s->StatReads, r);
1795 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1796 switch (s->cbATAPISector)
1797 {
1798 case 2048:
1799 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1800 break;
1801 case 2352:
1802 {
1803 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1804
1805 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1806 {
1807 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1808 *pbBuf++ = 0x00;
1809 memset(pbBuf, 0xff, 10);
1810 pbBuf += 10;
1811 *pbBuf++ = 0x00;
1812 /* MSF */
1813 ataLBA2MSF(pbBuf, i);
1814 pbBuf += 3;
1815 *pbBuf++ = 0x01; /* mode 1 data */
1816 /* data */
1817 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1818 if (RT_FAILURE(rc))
1819 break;
1820 pbBuf += 2048;
1821 /**
1822 * @todo: maybe compute ECC and parity, layout is:
1823 * 2072 4 EDC
1824 * 2076 172 P parity symbols
1825 * 2248 104 Q parity symbols
1826 */
1827 memset(pbBuf, 0, 280);
1828 pbBuf += 280;
1829 }
1830 }
1831 break;
1832 default:
1833 break;
1834 }
1835 s->Led.Actual.s.fReading = 0;
1836 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1837
1838 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1839 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1840 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1841
1842 if (RT_SUCCESS(rc))
1843 {
1844 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1845
1846 /* The initial buffer end value has been set up based on the total
1847 * transfer size. But the I/O buffer size limits what can actually be
1848 * done in one transfer, so set the actual value of the buffer end. */
1849 s->cbElementaryTransfer = cbTransfer;
1850 if (cbTransfer >= s->cbTotalTransfer)
1851 s->iSourceSink = ATAFN_SS_NULL;
1852 atapiCmdOK(s);
1853 s->iATAPILBA += cSectors;
1854 }
1855 else
1856 {
1857 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1858 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1859
1860 /*
1861 * Check if we got interrupted. We don't need to set status variables
1862 * because the request was aborted.
1863 */
1864 if (rc != VERR_INTERRUPTED)
1865 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1866 }
1867 return false;
1868}
1869
1870/**
1871 * Sets the given media track type.
1872 */
1873static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1874{
1875 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1876}
1877
1878static bool atapiPassthroughSS(ATADevState *s)
1879{
1880 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1881 int rc = VINF_SUCCESS;
1882 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1883 uint32_t cbTransfer;
1884 PSTAMPROFILEADV pProf = NULL;
1885
1886 cbTransfer = s->cbElementaryTransfer;
1887
1888 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1889 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1890
1891 /* Simple heuristics: if there is at least one sector of data
1892 * to transfer, it's worth updating the LEDs. */
1893 if (cbTransfer >= 2048)
1894 {
1895 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1896 {
1897 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1898 pProf = &s->StatReads;
1899 }
1900 else
1901 {
1902 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1903 pProf = &s->StatWrites;
1904 }
1905 }
1906
1907 PDMCritSectLeave(&pCtl->lock);
1908
1909 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1910 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1911 {
1912 /* Linux accepts commands with up to 100KB of data, but expects
1913 * us to handle commands with up to 128KB of data. The usual
1914 * imbalance of powers. */
1915 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1916 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1917 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1918
1919 switch (s->aATAPICmd[0])
1920 {
1921 case SCSI_READ_10:
1922 case SCSI_WRITE_10:
1923 case SCSI_WRITE_AND_VERIFY_10:
1924 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1925 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1926 break;
1927 case SCSI_READ_12:
1928 case SCSI_WRITE_12:
1929 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1930 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1931 break;
1932 case SCSI_READ_CD:
1933 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1934 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
1935 break;
1936 case SCSI_READ_CD_MSF:
1937 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1938 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1939 break;
1940 default:
1941 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1942 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1943 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1944 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1945 {
1946 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1947 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1948 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1949 }
1950 return false;
1951 }
1952 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1953 cReqSectors = 0;
1954 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1955 {
1956 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1957 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1958 else
1959 cReqSectors = i;
1960 cbCurrTX = s->cbATAPISector * cReqSectors;
1961 switch (s->aATAPICmd[0])
1962 {
1963 case SCSI_READ_10:
1964 case SCSI_WRITE_10:
1965 case SCSI_WRITE_AND_VERIFY_10:
1966 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1967 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1968 break;
1969 case SCSI_READ_12:
1970 case SCSI_WRITE_12:
1971 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1972 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1973 break;
1974 case SCSI_READ_CD:
1975 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1976 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
1977 break;
1978 case SCSI_READ_CD_MSF:
1979 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1980 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1981 break;
1982 }
1983 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1984 if (rc != VINF_SUCCESS)
1985 break;
1986 iATAPILBA += cReqSectors;
1987 pbBuf += s->cbATAPISector * cReqSectors;
1988 }
1989 }
1990 else
1991 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1992 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1993
1994 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1995 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1996 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1997
1998 /* Update the LEDs and the read/write statistics. */
1999 if (cbTransfer >= 2048)
2000 {
2001 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2002 {
2003 s->Led.Actual.s.fReading = 0;
2004 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2005 }
2006 else
2007 {
2008 s->Led.Actual.s.fWriting = 0;
2009 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2010 }
2011 }
2012
2013 if (RT_SUCCESS(rc))
2014 {
2015 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2016 {
2017 Assert(cbTransfer <= s->cbTotalTransfer);
2018 /* Reply with the same amount of data as the real drive. */
2019 s->cbTotalTransfer = cbTransfer;
2020 /* The initial buffer end value has been set up based on the total
2021 * transfer size. But the I/O buffer size limits what can actually be
2022 * done in one transfer, so set the actual value of the buffer end. */
2023 s->cbElementaryTransfer = cbTransfer;
2024 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2025 {
2026 /* Make sure that the real drive cannot be identified.
2027 * Motivation: changing the VM configuration should be as
2028 * invisible as possible to the guest. */
2029 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2030 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2031 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2032 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2033 }
2034 else if (s->aATAPICmd[0] == SCSI_READ_TOC_PMA_ATIP)
2035 {
2036 /* Set the media type if we can detect it. */
2037 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2038
2039 /** @todo: Implemented only for formatted TOC now. */
2040 if ( (s->aATAPICmd[1] & 0xf) == 0
2041 && cbTransfer >= 6)
2042 {
2043 uint32_t NewMediaType;
2044 uint32_t OldMediaType;
2045
2046 if (pbBuf[5] & 0x4)
2047 NewMediaType = ATA_MEDIA_TYPE_DATA;
2048 else
2049 NewMediaType = ATA_MEDIA_TYPE_CDDA;
2050
2051 OldMediaType = ataMediumTypeSet(s, NewMediaType);
2052
2053 if (OldMediaType != NewMediaType)
2054 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough, detected %s CD\n",
2055 s->iLUN,
2056 NewMediaType == ATA_MEDIA_TYPE_DATA
2057 ? "data"
2058 : "audio"));
2059 }
2060 else /* Play safe and set to unknown. */
2061 ataMediumTypeSet(s, ATA_MEDIA_TYPE_UNKNOWN);
2062 }
2063 if (cbTransfer)
2064 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2065 }
2066 s->iSourceSink = ATAFN_SS_NULL;
2067 atapiCmdOK(s);
2068 }
2069 else
2070 {
2071 if (s->cErrors < MAX_LOG_REL_ERRORS)
2072 {
2073 uint8_t u8Cmd = s->aATAPICmd[0];
2074 do
2075 {
2076 /* don't log superfluous errors */
2077 if ( rc == VERR_DEV_IO_ERROR
2078 && ( u8Cmd == SCSI_TEST_UNIT_READY
2079 || u8Cmd == SCSI_READ_CAPACITY
2080 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2081 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2082 break;
2083 s->cErrors++;
2084 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2085 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2086 } while (0);
2087 }
2088 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2089 }
2090 return false;
2091}
2092
2093/** @todo: Revise ASAP. */
2094static bool atapiReadDVDStructureSS(ATADevState *s)
2095{
2096 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2097 int media = s->aATAPICmd[1];
2098 int format = s->aATAPICmd[7];
2099
2100 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2101
2102 memset(buf, 0, max_len);
2103
2104 switch (format) {
2105 case 0x00:
2106 case 0x01:
2107 case 0x02:
2108 case 0x03:
2109 case 0x04:
2110 case 0x05:
2111 case 0x06:
2112 case 0x07:
2113 case 0x08:
2114 case 0x09:
2115 case 0x0a:
2116 case 0x0b:
2117 case 0x0c:
2118 case 0x0d:
2119 case 0x0e:
2120 case 0x0f:
2121 case 0x10:
2122 case 0x11:
2123 case 0x30:
2124 case 0x31:
2125 case 0xff:
2126 if (media == 0)
2127 {
2128 int uASC = SCSI_ASC_NONE;
2129
2130 switch (format)
2131 {
2132 case 0x0: /* Physical format information */
2133 {
2134 int layer = s->aATAPICmd[6];
2135 uint64_t total_sectors;
2136
2137 if (layer != 0)
2138 {
2139 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2140 break;
2141 }
2142
2143 total_sectors = s->cTotalSectors;
2144 total_sectors >>= 2;
2145 if (total_sectors == 0)
2146 {
2147 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2148 break;
2149 }
2150
2151 buf[4] = 1; /* DVD-ROM, part version 1 */
2152 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2153 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2154 buf[7] = 0; /* default densities */
2155
2156 /* FIXME: 0x30000 per spec? */
2157 ataH2BE_U32(buf + 8, 0); /* start sector */
2158 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2159 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2160
2161 /* Size of buffer, not including 2 byte size field */
2162 ataH2BE_U32(&buf[0], 2048 + 2);
2163
2164 /* 2k data + 4 byte header */
2165 uASC = (2048 + 4);
2166 }
2167 break;
2168 case 0x01: /* DVD copyright information */
2169 buf[4] = 0; /* no copyright data */
2170 buf[5] = 0; /* no region restrictions */
2171
2172 /* Size of buffer, not including 2 byte size field */
2173 ataH2BE_U16(buf, 4 + 2);
2174
2175 /* 4 byte header + 4 byte data */
2176 uASC = (4 + 4);
2177
2178 case 0x03: /* BCA information - invalid field for no BCA info */
2179 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2180 break;
2181
2182 case 0x04: /* DVD disc manufacturing information */
2183 /* Size of buffer, not including 2 byte size field */
2184 ataH2BE_U16(buf, 2048 + 2);
2185
2186 /* 2k data + 4 byte header */
2187 uASC = (2048 + 4);
2188 break;
2189 case 0xff:
2190 /*
2191 * This lists all the command capabilities above. Add new ones
2192 * in order and update the length and buffer return values.
2193 */
2194
2195 buf[4] = 0x00; /* Physical format */
2196 buf[5] = 0x40; /* Not writable, is readable */
2197 ataH2BE_U16((buf + 6), 2048 + 4);
2198
2199 buf[8] = 0x01; /* Copyright info */
2200 buf[9] = 0x40; /* Not writable, is readable */
2201 ataH2BE_U16((buf + 10), 4 + 4);
2202
2203 buf[12] = 0x03; /* BCA info */
2204 buf[13] = 0x40; /* Not writable, is readable */
2205 ataH2BE_U16((buf + 14), 188 + 4);
2206
2207 buf[16] = 0x04; /* Manufacturing info */
2208 buf[17] = 0x40; /* Not writable, is readable */
2209 ataH2BE_U16((buf + 18), 2048 + 4);
2210
2211 /* Size of buffer, not including 2 byte size field */
2212 ataH2BE_U16(buf, 16 + 2);
2213
2214 /* data written + 4 byte header */
2215 uASC = (16 + 4);
2216 break;
2217 default: /* TODO: formats beyond DVD-ROM requires */
2218 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2219 }
2220
2221 if (uASC < 0)
2222 {
2223 s->iSourceSink = ATAFN_SS_NULL;
2224 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2225 return false;
2226 }
2227 break;
2228 }
2229 /* TODO: BD support, fall through for now */
2230
2231 /* Generic disk structures */
2232 case 0x80: /* TODO: AACS volume identifier */
2233 case 0x81: /* TODO: AACS media serial number */
2234 case 0x82: /* TODO: AACS media identifier */
2235 case 0x83: /* TODO: AACS media key block */
2236 case 0x90: /* TODO: List of recognized format layers */
2237 case 0xc0: /* TODO: Write protection status */
2238 default:
2239 s->iSourceSink = ATAFN_SS_NULL;
2240 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2241 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2242 return false;
2243 }
2244
2245 s->iSourceSink = ATAFN_SS_NULL;
2246 atapiCmdOK(s);
2247 return false;
2248}
2249
2250static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2251{
2252 Assert(cSectors > 0);
2253 s->iATAPILBA = iATAPILBA;
2254 s->cbATAPISector = cbSector;
2255 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2256 return false;
2257}
2258
2259
2260static bool atapiReadCapacitySS(ATADevState *s)
2261{
2262 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2263
2264 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2265 Assert(s->cbElementaryTransfer <= 8);
2266 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2267 ataH2BE_U32(pbBuf + 4, 2048);
2268 s->iSourceSink = ATAFN_SS_NULL;
2269 atapiCmdOK(s);
2270 return false;
2271}
2272
2273
2274static bool atapiReadDiscInformationSS(ATADevState *s)
2275{
2276 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2277
2278 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2279 Assert(s->cbElementaryTransfer <= 34);
2280 memset(pbBuf, '\0', 34);
2281 ataH2BE_U16(pbBuf, 32);
2282 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2283 pbBuf[3] = 1; /* number of first track */
2284 pbBuf[4] = 1; /* number of sessions (LSB) */
2285 pbBuf[5] = 1; /* first track number in last session (LSB) */
2286 pbBuf[6] = 1; /* last track number in last session (LSB) */
2287 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2288 pbBuf[8] = 0; /* disc type = CD-ROM */
2289 pbBuf[9] = 0; /* number of sessions (MSB) */
2290 pbBuf[10] = 0; /* number of sessions (MSB) */
2291 pbBuf[11] = 0; /* number of sessions (MSB) */
2292 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2293 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2294 s->iSourceSink = ATAFN_SS_NULL;
2295 atapiCmdOK(s);
2296 return false;
2297}
2298
2299
2300static bool atapiReadTrackInformationSS(ATADevState *s)
2301{
2302 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2303
2304 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2305 Assert(s->cbElementaryTransfer <= 36);
2306 /* Accept address/number type of 1 only, and only track 1 exists. */
2307 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2308 {
2309 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2310 return false;
2311 }
2312 memset(pbBuf, '\0', 36);
2313 ataH2BE_U16(pbBuf, 34);
2314 pbBuf[2] = 1; /* track number (LSB) */
2315 pbBuf[3] = 1; /* session number (LSB) */
2316 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2317 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2318 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2319 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2320 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2321 pbBuf[32] = 0; /* track number (MSB) */
2322 pbBuf[33] = 0; /* session number (MSB) */
2323 s->iSourceSink = ATAFN_SS_NULL;
2324 atapiCmdOK(s);
2325 return false;
2326}
2327
2328
2329static bool atapiGetConfigurationSS(ATADevState *s)
2330{
2331 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2332 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2333
2334 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2335 Assert(s->cbElementaryTransfer <= 32);
2336 /* Accept valid request types only, and only starting feature 0. */
2337 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2338 {
2339 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2340 return false;
2341 }
2342 memset(pbBuf, '\0', 32);
2343 ataH2BE_U32(pbBuf, 16);
2344 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2345 * way to differentiate them right now is based on the image size). Also
2346 * implement signalling "no current profile" if no medium is loaded. */
2347 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2348
2349 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2350 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2351 pbBuf[11] = 8; /* additional bytes for profiles */
2352 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2353 * before CD-ROM read capability. */
2354 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2355 pbBuf[14] = (0 << 0); /* NOT current profile */
2356 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2357 pbBuf[18] = (1 << 0); /* current profile */
2358 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2359 s->iSourceSink = ATAFN_SS_NULL;
2360 atapiCmdOK(s);
2361 return false;
2362}
2363
2364
2365static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2366{
2367 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2368
2369 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2370 Assert(s->cbElementaryTransfer <= 8);
2371
2372 if (!(s->aATAPICmd[1] & 1))
2373 {
2374 /* no asynchronous operation supported */
2375 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2376 return false;
2377 }
2378
2379 uint32_t OldStatus, NewStatus;
2380 do
2381 {
2382 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2383 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2384 switch (OldStatus)
2385 {
2386 case ATA_EVENT_STATUS_MEDIA_NEW:
2387 /* mount */
2388 ataH2BE_U16(pbBuf + 0, 6);
2389 pbBuf[2] = 0x04; /* media */
2390 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2391 pbBuf[4] = 0x02; /* new medium */
2392 pbBuf[5] = 0x02; /* medium present / door closed */
2393 pbBuf[6] = 0x00;
2394 pbBuf[7] = 0x00;
2395 break;
2396
2397 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2398 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2399 /* umount */
2400 ataH2BE_U16(pbBuf + 0, 6);
2401 pbBuf[2] = 0x04; /* media */
2402 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2403 pbBuf[4] = 0x03; /* media removal */
2404 pbBuf[5] = 0x00; /* medium absent / door closed */
2405 pbBuf[6] = 0x00;
2406 pbBuf[7] = 0x00;
2407 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2408 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2409 break;
2410
2411 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2412 ataH2BE_U16(pbBuf + 0, 6);
2413 pbBuf[2] = 0x04; /* media */
2414 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2415 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2416 pbBuf[5] = 0x02; /* medium present / door closed */
2417 pbBuf[6] = 0x00;
2418 pbBuf[7] = 0x00;
2419 break;
2420
2421 case ATA_EVENT_STATUS_UNCHANGED:
2422 default:
2423 ataH2BE_U16(pbBuf + 0, 6);
2424 pbBuf[2] = 0x01; /* operational change request / notification */
2425 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2426 pbBuf[4] = 0x00;
2427 pbBuf[5] = 0x00;
2428 pbBuf[6] = 0x00;
2429 pbBuf[7] = 0x00;
2430 break;
2431 }
2432 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2433
2434 s->iSourceSink = ATAFN_SS_NULL;
2435 atapiCmdOK(s);
2436 return false;
2437}
2438
2439
2440static bool atapiInquirySS(ATADevState *s)
2441{
2442 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2443
2444 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2445 Assert(s->cbElementaryTransfer <= 36);
2446 pbBuf[0] = 0x05; /* CD-ROM */
2447 pbBuf[1] = 0x80; /* removable */
2448#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2449 pbBuf[2] = 0x00; /* ISO */
2450 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2451#else
2452 pbBuf[2] = 0x00; /* ISO */
2453 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2454#endif
2455 pbBuf[4] = 31; /* additional length */
2456 pbBuf[5] = 0; /* reserved */
2457 pbBuf[6] = 0; /* reserved */
2458 pbBuf[7] = 0; /* reserved */
2459 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2460 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2461 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2462 s->iSourceSink = ATAFN_SS_NULL;
2463 atapiCmdOK(s);
2464 return false;
2465}
2466
2467
2468static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2469{
2470 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2471
2472 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2473 Assert(s->cbElementaryTransfer <= 16);
2474 ataH2BE_U16(&pbBuf[0], 16 + 6);
2475 pbBuf[2] = 0x70;
2476 pbBuf[3] = 0;
2477 pbBuf[4] = 0;
2478 pbBuf[5] = 0;
2479 pbBuf[6] = 0;
2480 pbBuf[7] = 0;
2481
2482 pbBuf[8] = 0x01;
2483 pbBuf[9] = 0x06;
2484 pbBuf[10] = 0x00;
2485 pbBuf[11] = 0x05;
2486 pbBuf[12] = 0x00;
2487 pbBuf[13] = 0x00;
2488 pbBuf[14] = 0x00;
2489 pbBuf[15] = 0x00;
2490 s->iSourceSink = ATAFN_SS_NULL;
2491 atapiCmdOK(s);
2492 return false;
2493}
2494
2495
2496static bool atapiModeSenseCDStatusSS(ATADevState *s)
2497{
2498 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2499
2500 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2501 Assert(s->cbElementaryTransfer <= 40);
2502 ataH2BE_U16(&pbBuf[0], 38);
2503 pbBuf[2] = 0x70;
2504 pbBuf[3] = 0;
2505 pbBuf[4] = 0;
2506 pbBuf[5] = 0;
2507 pbBuf[6] = 0;
2508 pbBuf[7] = 0;
2509
2510 pbBuf[8] = 0x2a;
2511 pbBuf[9] = 30; /* page length */
2512 pbBuf[10] = 0x08; /* DVD-ROM read support */
2513 pbBuf[11] = 0x00; /* no write support */
2514 /* The following claims we support audio play. This is obviously false,
2515 * but the Linux generic CDROM support makes many features depend on this
2516 * capability. If it's not set, this causes many things to be disabled. */
2517 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2518 pbBuf[13] = 0x00; /* no subchannel reads supported */
2519 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2520 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2521 pbBuf[14] |= 1 << 1; /* report lock state */
2522 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2523 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2524 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2525 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2526 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2527 pbBuf[24] = 0; /* reserved */
2528 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2529 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2530 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2531 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2532 pbBuf[32] = 0; /* reserved */
2533 pbBuf[33] = 0; /* reserved */
2534 pbBuf[34] = 0; /* reserved */
2535 pbBuf[35] = 1; /* rotation control CAV */
2536 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2537 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2538 s->iSourceSink = ATAFN_SS_NULL;
2539 atapiCmdOK(s);
2540 return false;
2541}
2542
2543
2544static bool atapiRequestSenseSS(ATADevState *s)
2545{
2546 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2547
2548 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2549 memset(pbBuf, '\0', s->cbElementaryTransfer);
2550 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2551 s->iSourceSink = ATAFN_SS_NULL;
2552 atapiCmdOK(s);
2553 return false;
2554}
2555
2556
2557static bool atapiMechanismStatusSS(ATADevState *s)
2558{
2559 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2560
2561 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2562 Assert(s->cbElementaryTransfer <= 8);
2563 ataH2BE_U16(pbBuf, 0);
2564 /* no current LBA */
2565 pbBuf[2] = 0;
2566 pbBuf[3] = 0;
2567 pbBuf[4] = 0;
2568 pbBuf[5] = 1;
2569 ataH2BE_U16(pbBuf + 6, 0);
2570 s->iSourceSink = ATAFN_SS_NULL;
2571 atapiCmdOK(s);
2572 return false;
2573}
2574
2575
2576static bool atapiReadTOCNormalSS(ATADevState *s)
2577{
2578 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2579 bool fMSF;
2580 uint32_t cbSize;
2581
2582 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2583 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2584 iStartTrack = s->aATAPICmd[6];
2585 if (iStartTrack > 1 && iStartTrack != 0xaa)
2586 {
2587 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2588 return false;
2589 }
2590 q = pbBuf + 2;
2591 *q++ = 1; /* first session */
2592 *q++ = 1; /* last session */
2593 if (iStartTrack <= 1)
2594 {
2595 *q++ = 0; /* reserved */
2596 *q++ = 0x14; /* ADR, control */
2597 *q++ = 1; /* track number */
2598 *q++ = 0; /* reserved */
2599 if (fMSF)
2600 {
2601 *q++ = 0; /* reserved */
2602 ataLBA2MSF(q, 0);
2603 q += 3;
2604 }
2605 else
2606 {
2607 /* sector 0 */
2608 ataH2BE_U32(q, 0);
2609 q += 4;
2610 }
2611 }
2612 /* lead out track */
2613 *q++ = 0; /* reserved */
2614 *q++ = 0x14; /* ADR, control */
2615 *q++ = 0xaa; /* track number */
2616 *q++ = 0; /* reserved */
2617 if (fMSF)
2618 {
2619 *q++ = 0; /* reserved */
2620 ataLBA2MSF(q, s->cTotalSectors);
2621 q += 3;
2622 }
2623 else
2624 {
2625 ataH2BE_U32(q, s->cTotalSectors);
2626 q += 4;
2627 }
2628 cbSize = q - pbBuf;
2629 ataH2BE_U16(pbBuf, cbSize - 2);
2630 if (cbSize < s->cbTotalTransfer)
2631 s->cbTotalTransfer = cbSize;
2632 s->iSourceSink = ATAFN_SS_NULL;
2633 atapiCmdOK(s);
2634 return false;
2635}
2636
2637
2638static bool atapiReadTOCMultiSS(ATADevState *s)
2639{
2640 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2641 bool fMSF;
2642
2643 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2644 Assert(s->cbElementaryTransfer <= 12);
2645 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2646 /* multi session: only a single session defined */
2647/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2648 memset(pbBuf, 0, 12);
2649 pbBuf[1] = 0x0a;
2650 pbBuf[2] = 0x01;
2651 pbBuf[3] = 0x01;
2652 pbBuf[5] = 0x14; /* ADR, control */
2653 pbBuf[6] = 1; /* first track in last complete session */
2654 if (fMSF)
2655 {
2656 pbBuf[8] = 0; /* reserved */
2657 ataLBA2MSF(&pbBuf[9], 0);
2658 }
2659 else
2660 {
2661 /* sector 0 */
2662 ataH2BE_U32(pbBuf + 8, 0);
2663 }
2664 s->iSourceSink = ATAFN_SS_NULL;
2665 atapiCmdOK(s);
2666 return false;
2667}
2668
2669
2670static bool atapiReadTOCRawSS(ATADevState *s)
2671{
2672 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2673 bool fMSF;
2674 uint32_t cbSize;
2675
2676 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2677 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2678 iStartTrack = s->aATAPICmd[6];
2679
2680 q = pbBuf + 2;
2681 *q++ = 1; /* first session */
2682 *q++ = 1; /* last session */
2683
2684 *q++ = 1; /* session number */
2685 *q++ = 0x14; /* data track */
2686 *q++ = 0; /* track number */
2687 *q++ = 0xa0; /* first track in program area */
2688 *q++ = 0; /* min */
2689 *q++ = 0; /* sec */
2690 *q++ = 0; /* frame */
2691 *q++ = 0;
2692 *q++ = 1; /* first track */
2693 *q++ = 0x00; /* disk type CD-DA or CD data */
2694 *q++ = 0;
2695
2696 *q++ = 1; /* session number */
2697 *q++ = 0x14; /* data track */
2698 *q++ = 0; /* track number */
2699 *q++ = 0xa1; /* last track in program area */
2700 *q++ = 0; /* min */
2701 *q++ = 0; /* sec */
2702 *q++ = 0; /* frame */
2703 *q++ = 0;
2704 *q++ = 1; /* last track */
2705 *q++ = 0;
2706 *q++ = 0;
2707
2708 *q++ = 1; /* session number */
2709 *q++ = 0x14; /* data track */
2710 *q++ = 0; /* track number */
2711 *q++ = 0xa2; /* lead-out */
2712 *q++ = 0; /* min */
2713 *q++ = 0; /* sec */
2714 *q++ = 0; /* frame */
2715 if (fMSF)
2716 {
2717 *q++ = 0; /* reserved */
2718 ataLBA2MSF(q, s->cTotalSectors);
2719 q += 3;
2720 }
2721 else
2722 {
2723 ataH2BE_U32(q, s->cTotalSectors);
2724 q += 4;
2725 }
2726
2727 *q++ = 1; /* session number */
2728 *q++ = 0x14; /* ADR, control */
2729 *q++ = 0; /* track number */
2730 *q++ = 1; /* point */
2731 *q++ = 0; /* min */
2732 *q++ = 0; /* sec */
2733 *q++ = 0; /* frame */
2734 if (fMSF)
2735 {
2736 *q++ = 0; /* reserved */
2737 ataLBA2MSF(q, 0);
2738 q += 3;
2739 }
2740 else
2741 {
2742 /* sector 0 */
2743 ataH2BE_U32(q, 0);
2744 q += 4;
2745 }
2746
2747 cbSize = q - pbBuf;
2748 ataH2BE_U16(pbBuf, cbSize - 2);
2749 if (cbSize < s->cbTotalTransfer)
2750 s->cbTotalTransfer = cbSize;
2751 s->iSourceSink = ATAFN_SS_NULL;
2752 atapiCmdOK(s);
2753 return false;
2754}
2755
2756
2757static void atapiParseCmdVirtualATAPI(ATADevState *s)
2758{
2759 const uint8_t *pbPacket;
2760 uint8_t *pbBuf;
2761 uint32_t cbMax;
2762
2763 pbPacket = s->aATAPICmd;
2764 pbBuf = s->CTX_SUFF(pbIOBuffer);
2765 switch (pbPacket[0])
2766 {
2767 case SCSI_TEST_UNIT_READY:
2768 if (s->cNotifiedMediaChange > 0)
2769 {
2770 if (s->cNotifiedMediaChange-- > 2)
2771 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2772 else
2773 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2774 }
2775 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2776 atapiCmdOK(s);
2777 else
2778 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2779 break;
2780 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2781 cbMax = ataBE2H_U16(pbPacket + 7);
2782 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2783 break;
2784 case SCSI_MODE_SENSE_10:
2785 {
2786 uint8_t uPageControl, uPageCode;
2787 cbMax = ataBE2H_U16(pbPacket + 7);
2788 uPageControl = pbPacket[2] >> 6;
2789 uPageCode = pbPacket[2] & 0x3f;
2790 switch (uPageControl)
2791 {
2792 case SCSI_PAGECONTROL_CURRENT:
2793 switch (uPageCode)
2794 {
2795 case SCSI_MODEPAGE_ERROR_RECOVERY:
2796 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2797 break;
2798 case SCSI_MODEPAGE_CD_STATUS:
2799 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2800 break;
2801 default:
2802 goto error_cmd;
2803 }
2804 break;
2805 case SCSI_PAGECONTROL_CHANGEABLE:
2806 goto error_cmd;
2807 case SCSI_PAGECONTROL_DEFAULT:
2808 goto error_cmd;
2809 default:
2810 case SCSI_PAGECONTROL_SAVED:
2811 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2812 break;
2813 }
2814 }
2815 break;
2816 case SCSI_REQUEST_SENSE:
2817 cbMax = pbPacket[4];
2818 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2819 break;
2820 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2821 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2822 {
2823 if (pbPacket[4] & 1)
2824 s->pDrvMount->pfnLock(s->pDrvMount);
2825 else
2826 s->pDrvMount->pfnUnlock(s->pDrvMount);
2827 atapiCmdOK(s);
2828 }
2829 else
2830 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2831 break;
2832 case SCSI_READ_10:
2833 case SCSI_READ_12:
2834 {
2835 uint32_t cSectors, iATAPILBA;
2836
2837 if (s->cNotifiedMediaChange > 0)
2838 {
2839 s->cNotifiedMediaChange-- ;
2840 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2841 break;
2842 }
2843 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2844 {
2845 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2846 break;
2847 }
2848 if (pbPacket[0] == SCSI_READ_10)
2849 cSectors = ataBE2H_U16(pbPacket + 7);
2850 else
2851 cSectors = ataBE2H_U32(pbPacket + 6);
2852 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2853 if (cSectors == 0)
2854 {
2855 atapiCmdOK(s);
2856 break;
2857 }
2858 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2859 {
2860 /* Rate limited logging, one log line per second. For
2861 * guests that insist on reading from places outside the
2862 * valid area this often generates too many release log
2863 * entries otherwise. */
2864 static uint64_t uLastLogTS = 0;
2865 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2866 {
2867 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2868 uLastLogTS = RTTimeMilliTS();
2869 }
2870 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2871 break;
2872 }
2873 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2874 }
2875 break;
2876 case SCSI_READ_CD:
2877 {
2878 uint32_t cSectors, iATAPILBA;
2879
2880 if (s->cNotifiedMediaChange > 0)
2881 {
2882 s->cNotifiedMediaChange-- ;
2883 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2884 break;
2885 }
2886 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2887 {
2888 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2889 break;
2890 }
2891 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2892 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2893 if (cSectors == 0)
2894 {
2895 atapiCmdOK(s);
2896 break;
2897 }
2898 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2899 {
2900 /* Rate limited logging, one log line per second. For
2901 * guests that insist on reading from places outside the
2902 * valid area this often generates too many release log
2903 * entries otherwise. */
2904 static uint64_t uLastLogTS = 0;
2905 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2906 {
2907 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2908 uLastLogTS = RTTimeMilliTS();
2909 }
2910 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2911 break;
2912 }
2913 switch (pbPacket[9] & 0xf8)
2914 {
2915 case 0x00:
2916 /* nothing */
2917 atapiCmdOK(s);
2918 break;
2919 case 0x10:
2920 /* normal read */
2921 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2922 break;
2923 case 0xf8:
2924 /* read all data */
2925 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2926 break;
2927 default:
2928 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2929 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2930 break;
2931 }
2932 }
2933 break;
2934 case SCSI_SEEK_10:
2935 {
2936 uint32_t iATAPILBA;
2937 if (s->cNotifiedMediaChange > 0)
2938 {
2939 s->cNotifiedMediaChange-- ;
2940 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2941 break;
2942 }
2943 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2944 {
2945 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2946 break;
2947 }
2948 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2949 if (iATAPILBA > s->cTotalSectors)
2950 {
2951 /* Rate limited logging, one log line per second. For
2952 * guests that insist on seeking to places outside the
2953 * valid area this often generates too many release log
2954 * entries otherwise. */
2955 static uint64_t uLastLogTS = 0;
2956 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2957 {
2958 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2959 uLastLogTS = RTTimeMilliTS();
2960 }
2961 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2962 break;
2963 }
2964 atapiCmdOK(s);
2965 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2966 }
2967 break;
2968 case SCSI_START_STOP_UNIT:
2969 {
2970 int rc = VINF_SUCCESS;
2971 switch (pbPacket[4] & 3)
2972 {
2973 case 0: /* 00 - Stop motor */
2974 case 1: /* 01 - Start motor */
2975 break;
2976 case 2: /* 10 - Eject media */
2977 /* This must be done from EMT. */
2978 {
2979 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2980 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2981
2982 PDMCritSectLeave(&pCtl->lock);
2983 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
2984 (PFNRT)s->pDrvMount->pfnUnmount, 3,
2985 s->pDrvMount /*=fForce*/, true /*=fEject*/);
2986 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED));
2987 {
2988 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2989 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2990 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2991 }
2992 }
2993 break;
2994 case 3: /* 11 - Load media */
2995 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2996 break;
2997 }
2998 if (RT_SUCCESS(rc))
2999 atapiCmdOK(s);
3000 else
3001 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3002 }
3003 break;
3004 case SCSI_MECHANISM_STATUS:
3005 {
3006 cbMax = ataBE2H_U16(pbPacket + 8);
3007 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3008 }
3009 break;
3010 case SCSI_READ_TOC_PMA_ATIP:
3011 {
3012 uint8_t format;
3013
3014 if (s->cNotifiedMediaChange > 0)
3015 {
3016 s->cNotifiedMediaChange-- ;
3017 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3018 break;
3019 }
3020 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3021 {
3022 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3023 break;
3024 }
3025 cbMax = ataBE2H_U16(pbPacket + 7);
3026 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3027 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3028 * the other field is clear... */
3029 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3030 switch (format)
3031 {
3032 case 0:
3033 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3034 break;
3035 case 1:
3036 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3037 break;
3038 case 2:
3039 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3040 break;
3041 default:
3042 error_cmd:
3043 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3044 break;
3045 }
3046 }
3047 break;
3048 case SCSI_READ_CAPACITY:
3049 if (s->cNotifiedMediaChange > 0)
3050 {
3051 s->cNotifiedMediaChange-- ;
3052 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3053 break;
3054 }
3055 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3056 {
3057 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3058 break;
3059 }
3060 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3061 break;
3062 case SCSI_READ_DISC_INFORMATION:
3063 if (s->cNotifiedMediaChange > 0)
3064 {
3065 s->cNotifiedMediaChange-- ;
3066 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3067 break;
3068 }
3069 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3070 {
3071 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3072 break;
3073 }
3074 cbMax = ataBE2H_U16(pbPacket + 7);
3075 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3076 break;
3077 case SCSI_READ_TRACK_INFORMATION:
3078 if (s->cNotifiedMediaChange > 0)
3079 {
3080 s->cNotifiedMediaChange-- ;
3081 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3082 break;
3083 }
3084 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3085 {
3086 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3087 break;
3088 }
3089 cbMax = ataBE2H_U16(pbPacket + 7);
3090 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3091 break;
3092 case SCSI_GET_CONFIGURATION:
3093 /* No media change stuff here, it can confuse Linux guests. */
3094 cbMax = ataBE2H_U16(pbPacket + 7);
3095 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3096 break;
3097 case SCSI_INQUIRY:
3098 cbMax = ataBE2H_U16(pbPacket + 3);
3099 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3100 break;
3101 case SCSI_READ_DVD_STRUCTURE:
3102 {
3103 cbMax = ataBE2H_U16(pbPacket + 8);
3104 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3105 break;
3106 }
3107 default:
3108 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3109 break;
3110 }
3111}
3112
3113
3114/*
3115 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3116 */
3117static void atapiParseCmdPassthrough(ATADevState *s)
3118{
3119 const uint8_t *pbPacket;
3120 uint8_t *pbBuf;
3121 uint32_t cSectors, iATAPILBA;
3122 uint32_t cbTransfer = 0;
3123 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3124
3125 pbPacket = s->aATAPICmd;
3126 pbBuf = s->CTX_SUFF(pbIOBuffer);
3127 switch (pbPacket[0])
3128 {
3129 case SCSI_BLANK:
3130 goto sendcmd;
3131 case SCSI_CLOSE_TRACK_SESSION:
3132 goto sendcmd;
3133 case SCSI_ERASE_10:
3134 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3135 cbTransfer = ataBE2H_U16(pbPacket + 7);
3136 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3137 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3138 goto sendcmd;
3139 case SCSI_FORMAT_UNIT:
3140 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3141 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3142 goto sendcmd;
3143 case SCSI_GET_CONFIGURATION:
3144 cbTransfer = ataBE2H_U16(pbPacket + 7);
3145 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3146 goto sendcmd;
3147 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3148 cbTransfer = ataBE2H_U16(pbPacket + 7);
3149 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3150 {
3151 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3152 break;
3153 }
3154 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3155 goto sendcmd;
3156 case SCSI_GET_PERFORMANCE:
3157 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3158 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3159 goto sendcmd;
3160 case SCSI_INQUIRY:
3161 cbTransfer = ataBE2H_U16(pbPacket + 3);
3162 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3163 goto sendcmd;
3164 case SCSI_LOAD_UNLOAD_MEDIUM:
3165 goto sendcmd;
3166 case SCSI_MECHANISM_STATUS:
3167 cbTransfer = ataBE2H_U16(pbPacket + 8);
3168 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3169 goto sendcmd;
3170 case SCSI_MODE_SELECT_10:
3171 cbTransfer = ataBE2H_U16(pbPacket + 7);
3172 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3173 goto sendcmd;
3174 case SCSI_MODE_SENSE_10:
3175 cbTransfer = ataBE2H_U16(pbPacket + 7);
3176 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3177 goto sendcmd;
3178 case SCSI_PAUSE_RESUME:
3179 goto sendcmd;
3180 case SCSI_PLAY_AUDIO_10:
3181 goto sendcmd;
3182 case SCSI_PLAY_AUDIO_12:
3183 goto sendcmd;
3184 case SCSI_PLAY_AUDIO_MSF:
3185 goto sendcmd;
3186 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3187 /** @todo do not forget to unlock when a VM is shut down */
3188 goto sendcmd;
3189 case SCSI_READ_10:
3190 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3191 cSectors = ataBE2H_U16(pbPacket + 7);
3192 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3193 s->cbATAPISector = 2048;
3194 cbTransfer = cSectors * s->cbATAPISector;
3195 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3196 goto sendcmd;
3197 case SCSI_READ_12:
3198 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3199 cSectors = ataBE2H_U32(pbPacket + 6);
3200 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3201 s->cbATAPISector = 2048;
3202 cbTransfer = cSectors * s->cbATAPISector;
3203 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3204 goto sendcmd;
3205 case SCSI_READ_BUFFER:
3206 cbTransfer = ataBE2H_U24(pbPacket + 6);
3207 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3208 goto sendcmd;
3209 case SCSI_READ_BUFFER_CAPACITY:
3210 cbTransfer = ataBE2H_U16(pbPacket + 7);
3211 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3212 goto sendcmd;
3213 case SCSI_READ_CAPACITY:
3214 cbTransfer = 8;
3215 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3216 goto sendcmd;
3217 case SCSI_READ_CD:
3218 case SCSI_READ_CD_MSF:
3219 {
3220 /* Get sector size based on the expected sector type field. */
3221 switch ((pbPacket[1] >> 2) & 0x7)
3222 {
3223 case 0x0: /* All types. */
3224 if (ASMAtomicReadU32(&s->MediaTrackType) == ATA_MEDIA_TYPE_CDDA)
3225 s->cbATAPISector = 2352;
3226 else
3227 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3228 break;
3229 case 0x1: /* CD-DA */
3230 s->cbATAPISector = 2352;
3231 break;
3232 case 0x2: /* Mode 1 */
3233 s->cbATAPISector = 2048;
3234 break;
3235 case 0x3: /* Mode 2 formless */
3236 s->cbATAPISector = 2336;
3237 break;
3238 case 0x4: /* Mode 2 form 1 */
3239 s->cbATAPISector = 2048;
3240 break;
3241 case 0x5: /* Mode 2 form 2 */
3242 s->cbATAPISector = 2324;
3243 break;
3244 default: /* Reserved */
3245 AssertMsgFailed(("Unknown sector type\n"));
3246 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3247 }
3248
3249 if (pbPacket[0] == SCSI_READ_CD)
3250 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3251 else /* SCSI_READ_MSF */
3252 {
3253 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3254 if (cSectors > 32)
3255 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3256 cbTransfer = cSectors * s->cbATAPISector;
3257 }
3258 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3259 goto sendcmd;
3260 }
3261 case SCSI_READ_DISC_INFORMATION:
3262 cbTransfer = ataBE2H_U16(pbPacket + 7);
3263 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3264 goto sendcmd;
3265 case SCSI_READ_DVD_STRUCTURE:
3266 cbTransfer = ataBE2H_U16(pbPacket + 8);
3267 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3268 goto sendcmd;
3269 case SCSI_READ_FORMAT_CAPACITIES:
3270 cbTransfer = ataBE2H_U16(pbPacket + 7);
3271 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3272 goto sendcmd;
3273 case SCSI_READ_SUBCHANNEL:
3274 cbTransfer = ataBE2H_U16(pbPacket + 7);
3275 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3276 goto sendcmd;
3277 case SCSI_READ_TOC_PMA_ATIP:
3278 cbTransfer = ataBE2H_U16(pbPacket + 7);
3279 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3280 goto sendcmd;
3281 case SCSI_READ_TRACK_INFORMATION:
3282 cbTransfer = ataBE2H_U16(pbPacket + 7);
3283 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3284 goto sendcmd;
3285 case SCSI_REPAIR_TRACK:
3286 goto sendcmd;
3287 case SCSI_REPORT_KEY:
3288 cbTransfer = ataBE2H_U16(pbPacket + 8);
3289 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3290 goto sendcmd;
3291 case SCSI_REQUEST_SENSE:
3292 cbTransfer = pbPacket[4];
3293 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3294 {
3295 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3296 break;
3297 }
3298 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3299 goto sendcmd;
3300 case SCSI_RESERVE_TRACK:
3301 goto sendcmd;
3302 case SCSI_SCAN:
3303 goto sendcmd;
3304 case SCSI_SEEK_10:
3305 goto sendcmd;
3306 case SCSI_SEND_CUE_SHEET:
3307 cbTransfer = ataBE2H_U24(pbPacket + 6);
3308 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3309 goto sendcmd;
3310 case SCSI_SEND_DVD_STRUCTURE:
3311 cbTransfer = ataBE2H_U16(pbPacket + 8);
3312 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3313 goto sendcmd;
3314 case SCSI_SEND_EVENT:
3315 cbTransfer = ataBE2H_U16(pbPacket + 8);
3316 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3317 goto sendcmd;
3318 case SCSI_SEND_KEY:
3319 cbTransfer = ataBE2H_U16(pbPacket + 8);
3320 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3321 goto sendcmd;
3322 case SCSI_SEND_OPC_INFORMATION:
3323 cbTransfer = ataBE2H_U16(pbPacket + 7);
3324 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3325 goto sendcmd;
3326 case SCSI_SET_CD_SPEED:
3327 goto sendcmd;
3328 case SCSI_SET_READ_AHEAD:
3329 goto sendcmd;
3330 case SCSI_SET_STREAMING:
3331 cbTransfer = ataBE2H_U16(pbPacket + 9);
3332 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3333 goto sendcmd;
3334 case SCSI_START_STOP_UNIT:
3335 goto sendcmd;
3336 case SCSI_STOP_PLAY_SCAN:
3337 goto sendcmd;
3338 case SCSI_SYNCHRONIZE_CACHE:
3339 goto sendcmd;
3340 case SCSI_TEST_UNIT_READY:
3341 goto sendcmd;
3342 case SCSI_VERIFY_10:
3343 goto sendcmd;
3344 case SCSI_WRITE_10:
3345 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3346 cSectors = ataBE2H_U16(pbPacket + 7);
3347 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3348#if 0
3349 /* The sector size is determined by the async I/O thread. */
3350 s->cbATAPISector = 0;
3351 /* Preliminary, will be corrected once the sector size is known. */
3352 cbTransfer = cSectors;
3353#else
3354 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3355 cbTransfer = cSectors * s->cbATAPISector;
3356#endif
3357 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3358 goto sendcmd;
3359 case SCSI_WRITE_12:
3360 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3361 cSectors = ataBE2H_U32(pbPacket + 6);
3362 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3363#if 0
3364 /* The sector size is determined by the async I/O thread. */
3365 s->cbATAPISector = 0;
3366 /* Preliminary, will be corrected once the sector size is known. */
3367 cbTransfer = cSectors;
3368#else
3369 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3370 cbTransfer = cSectors * s->cbATAPISector;
3371#endif
3372 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3373 goto sendcmd;
3374 case SCSI_WRITE_AND_VERIFY_10:
3375 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3376 cSectors = ataBE2H_U16(pbPacket + 7);
3377 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3378 /* The sector size is determined by the async I/O thread. */
3379 s->cbATAPISector = 0;
3380 /* Preliminary, will be corrected once the sector size is known. */
3381 cbTransfer = cSectors;
3382 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3383 goto sendcmd;
3384 case SCSI_WRITE_BUFFER:
3385 switch (pbPacket[1] & 0x1f)
3386 {
3387 case 0x04: /* download microcode */
3388 case 0x05: /* download microcode and save */
3389 case 0x06: /* download microcode with offsets */
3390 case 0x07: /* download microcode with offsets and save */
3391 case 0x0e: /* download microcode with offsets and defer activation */
3392 case 0x0f: /* activate deferred microcode */
3393 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3394 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3395 break;
3396 default:
3397 cbTransfer = ataBE2H_U16(pbPacket + 6);
3398 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3399 goto sendcmd;
3400 }
3401 break;
3402 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3403 cbTransfer = ataBE2H_U32(pbPacket + 6);
3404 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3405 goto sendcmd;
3406 case SCSI_REZERO_UNIT:
3407 /* Obsolete command used by cdrecord. What else would one expect?
3408 * This command is not sent to the drive, it is handled internally,
3409 * as the Linux kernel doesn't like it (message "scsi: unknown
3410 * opcode 0x01" in syslog) and replies with a sense code of 0,
3411 * which sends cdrecord to an endless loop. */
3412 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3413 break;
3414 default:
3415 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3416 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3417 break;
3418 sendcmd:
3419 /* Send a command to the drive, passing data in/out as required. */
3420 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3421 Assert(cbTransfer <= s->cbIOBuffer);
3422 if (cbTransfer == 0)
3423 uTxDir = PDMBLOCKTXDIR_NONE;
3424 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3425 }
3426}
3427
3428
3429static void atapiParseCmd(ATADevState *s)
3430{
3431 const uint8_t *pbPacket;
3432
3433 pbPacket = s->aATAPICmd;
3434#ifdef DEBUG
3435 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3436#else /* !DEBUG */
3437 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3438#endif /* !DEBUG */
3439 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3440
3441 if (s->fATAPIPassthrough)
3442 atapiParseCmdPassthrough(s);
3443 else
3444 atapiParseCmdVirtualATAPI(s);
3445}
3446
3447
3448static bool ataPacketSS(ATADevState *s)
3449{
3450 s->fDMA = !!(s->uATARegFeature & 1);
3451 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3452 s->uTxDir = PDMBLOCKTXDIR_NONE;
3453 s->cbTotalTransfer = 0;
3454 s->cbElementaryTransfer = 0;
3455 atapiParseCmd(s);
3456 return false;
3457}
3458
3459
3460/**
3461 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3462 * from now on, regardless if there was a medium inserted or not.
3463 */
3464static void ataMediumRemoved(ATADevState *s)
3465{
3466 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3467}
3468
3469
3470/**
3471 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3472 * there was already a medium inserted, don't forget to send the "medium
3473 * removed" event first.
3474 */
3475static void ataMediumInserted(ATADevState *s)
3476{
3477 uint32_t OldStatus, NewStatus;
3478 do
3479 {
3480 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3481 switch (OldStatus)
3482 {
3483 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3484 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3485 /* no change, we will send "medium removed" + "medium inserted" */
3486 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3487 break;
3488 default:
3489 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3490 break;
3491 }
3492 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3493}
3494
3495/**
3496 * Called when a media is mounted.
3497 *
3498 * @param pInterface Pointer to the interface structure containing the called function pointer.
3499 */
3500static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3501{
3502 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3503 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3504
3505 /* Ignore the call if we're called while being attached. */
3506 if (!pIf->pDrvBlock)
3507 return;
3508
3509 if (pIf->fATAPI)
3510 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3511 else
3512 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3513
3514 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3515
3516 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3517 if (pIf->cNotifiedMediaChange < 2)
3518 pIf->cNotifiedMediaChange = 2;
3519 ataMediumInserted(pIf);
3520 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3521}
3522
3523/**
3524 * Called when a media is unmounted
3525 * @param pInterface Pointer to the interface structure containing the called function pointer.
3526 */
3527static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3528{
3529 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3530 Log(("%s:\n", __FUNCTION__));
3531 pIf->cTotalSectors = 0;
3532
3533 /*
3534 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3535 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3536 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3537 * present and 2 in which it is changed.
3538 */
3539 pIf->cNotifiedMediaChange = 4;
3540 ataMediumRemoved(pIf);
3541 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3542}
3543
3544static void ataPacketBT(ATADevState *s)
3545{
3546 s->cbElementaryTransfer = s->cbTotalTransfer;
3547 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3548 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3549 ataSetStatusValue(s, ATA_STAT_READY);
3550}
3551
3552
3553static void ataResetDevice(ATADevState *s)
3554{
3555 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3556 s->cNotifiedMediaChange = 0;
3557 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3558 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3559 ataUnsetIRQ(s);
3560
3561 s->uATARegSelect = 0x20;
3562 ataSetStatusValue(s, ATA_STAT_READY);
3563 ataSetSignature(s);
3564 s->cbTotalTransfer = 0;
3565 s->cbElementaryTransfer = 0;
3566 s->iIOBufferPIODataStart = 0;
3567 s->iIOBufferPIODataEnd = 0;
3568 s->iBeginTransfer = ATAFN_BT_NULL;
3569 s->iSourceSink = ATAFN_SS_NULL;
3570 s->fDMA = false;
3571 s->fATAPITransfer = false;
3572 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3573
3574 s->uATARegFeature = 0;
3575}
3576
3577
3578static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3579{
3580 ataSetSignature(s);
3581 if (s->fATAPI)
3582 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3583 else
3584 ataSetStatusValue(s, ATA_STAT_READY);
3585 s->uATARegError = 0x01;
3586 return false;
3587}
3588
3589
3590static void ataParseCmd(ATADevState *s, uint8_t cmd)
3591{
3592#ifdef DEBUG
3593 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3594#else /* !DEBUG */
3595 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3596#endif /* !DEBUG */
3597 s->fLBA48 = false;
3598 s->fDMA = false;
3599 if (cmd == ATA_IDLE_IMMEDIATE)
3600 {
3601 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3602 * would overwrite the failing command unfortunately), then RESET. */
3603 int32_t uCmdWait = -1;
3604 uint64_t uNow = RTTimeNanoTS();
3605 if (s->u64CmdTS)
3606 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3607 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3608 s->iLUN, s->uATARegCommand, uCmdWait));
3609 }
3610 s->uATARegCommand = cmd;
3611 switch (cmd)
3612 {
3613 case ATA_IDENTIFY_DEVICE:
3614 if (s->pDrvBlock && !s->fATAPI)
3615 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3616 else
3617 {
3618 if (s->fATAPI)
3619 ataSetSignature(s);
3620 ataCmdError(s, ABRT_ERR);
3621 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3622 }
3623 break;
3624 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3625 case ATA_RECALIBRATE:
3626 ataCmdOK(s, ATA_STAT_SEEK);
3627 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3628 break;
3629 case ATA_SET_MULTIPLE_MODE:
3630 if ( s->uATARegNSector != 0
3631 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3632 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3633 {
3634 ataCmdError(s, ABRT_ERR);
3635 }
3636 else
3637 {
3638 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3639 s->cMultSectors = s->uATARegNSector;
3640 ataCmdOK(s, 0);
3641 }
3642 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3643 break;
3644 case ATA_READ_VERIFY_SECTORS_EXT:
3645 s->fLBA48 = true;
3646 case ATA_READ_VERIFY_SECTORS:
3647 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3648 /* do sector number check ? */
3649 ataCmdOK(s, 0);
3650 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3651 break;
3652 case ATA_READ_SECTORS_EXT:
3653 s->fLBA48 = true;
3654 case ATA_READ_SECTORS:
3655 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3656 if (!s->pDrvBlock || s->fATAPI)
3657 goto abort_cmd;
3658 s->cSectorsPerIRQ = 1;
3659 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3660 break;
3661 case ATA_WRITE_SECTORS_EXT:
3662 s->fLBA48 = true;
3663 case ATA_WRITE_SECTORS:
3664 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3665 if (!s->pDrvBlock || s->fATAPI)
3666 goto abort_cmd;
3667 s->cSectorsPerIRQ = 1;
3668 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3669 break;
3670 case ATA_READ_MULTIPLE_EXT:
3671 s->fLBA48 = true;
3672 case ATA_READ_MULTIPLE:
3673 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
3674 goto abort_cmd;
3675 s->cSectorsPerIRQ = s->cMultSectors;
3676 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3677 break;
3678 case ATA_WRITE_MULTIPLE_EXT:
3679 s->fLBA48 = true;
3680 case ATA_WRITE_MULTIPLE:
3681 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
3682 goto abort_cmd;
3683 s->cSectorsPerIRQ = s->cMultSectors;
3684 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3685 break;
3686 case ATA_READ_DMA_EXT:
3687 s->fLBA48 = true;
3688 case ATA_READ_DMA:
3689 case ATA_READ_DMA_WITHOUT_RETRIES:
3690 if (!s->pDrvBlock || s->fATAPI)
3691 goto abort_cmd;
3692 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3693 s->fDMA = true;
3694 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3695 break;
3696 case ATA_WRITE_DMA_EXT:
3697 s->fLBA48 = true;
3698 case ATA_WRITE_DMA:
3699 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3700 if (!s->pDrvBlock || s->fATAPI)
3701 goto abort_cmd;
3702 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3703 s->fDMA = true;
3704 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3705 break;
3706 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3707 s->fLBA48 = true;
3708 ataSetSector(s, s->cTotalSectors - 1);
3709 ataCmdOK(s, 0);
3710 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3711 break;
3712 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3713 ataCmdOK(s, 0);
3714 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3715 break;
3716 case ATA_READ_NATIVE_MAX_ADDRESS:
3717 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3718 ataCmdOK(s, 0);
3719 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3720 break;
3721 case ATA_CHECK_POWER_MODE:
3722 s->uATARegNSector = 0xff; /* drive active or idle */
3723 ataCmdOK(s, 0);
3724 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3725 break;
3726 case ATA_SET_FEATURES:
3727 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3728 if (!s->pDrvBlock)
3729 goto abort_cmd;
3730 switch (s->uATARegFeature)
3731 {
3732 case 0x02: /* write cache enable */
3733 Log2(("%s: write cache enable\n", __FUNCTION__));
3734 ataCmdOK(s, ATA_STAT_SEEK);
3735 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3736 break;
3737 case 0xaa: /* read look-ahead enable */
3738 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3739 ataCmdOK(s, ATA_STAT_SEEK);
3740 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3741 break;
3742 case 0x55: /* read look-ahead disable */
3743 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3744 ataCmdOK(s, ATA_STAT_SEEK);
3745 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3746 break;
3747 case 0xcc: /* reverting to power-on defaults enable */
3748 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3749 ataCmdOK(s, ATA_STAT_SEEK);
3750 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3751 break;
3752 case 0x66: /* reverting to power-on defaults disable */
3753 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3754 ataCmdOK(s, ATA_STAT_SEEK);
3755 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3756 break;
3757 case 0x82: /* write cache disable */
3758 Log2(("%s: write cache disable\n", __FUNCTION__));
3759 /* As per the ATA/ATAPI-6 specs, a write cache disable
3760 * command MUST flush the write buffers to disc. */
3761 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3762 break;
3763 case 0x03: { /* set transfer mode */
3764 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3765 switch (s->uATARegNSector & 0xf8)
3766 {
3767 case 0x00: /* PIO default */
3768 case 0x08: /* PIO mode */
3769 break;
3770 case ATA_MODE_MDMA: /* MDMA mode */
3771 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3772 break;
3773 case ATA_MODE_UDMA: /* UDMA mode */
3774 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3775 break;
3776 default:
3777 goto abort_cmd;
3778 }
3779 ataCmdOK(s, ATA_STAT_SEEK);
3780 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3781 break;
3782 }
3783 default:
3784 goto abort_cmd;
3785 }
3786 /*
3787 * OS/2 workarond:
3788 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3789 * reset here. According to the specification, this is a driver bug as the register
3790 * contents are undefined after the call. This means we can just as well reset it.
3791 */
3792 s->uATARegFeature = 0;
3793 break;
3794 case ATA_FLUSH_CACHE_EXT:
3795 case ATA_FLUSH_CACHE:
3796 if (!s->pDrvBlock || s->fATAPI)
3797 goto abort_cmd;
3798 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3799 break;
3800 case ATA_STANDBY_IMMEDIATE:
3801 ataCmdOK(s, 0);
3802 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3803 break;
3804 case ATA_IDLE_IMMEDIATE:
3805 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3806 ataAbortCurrentCommand(s, false);
3807 break;
3808 case ATA_SLEEP:
3809 ataCmdOK(s, 0);
3810 ataSetIRQ(s);
3811 break;
3812 /* ATAPI commands */
3813 case ATA_IDENTIFY_PACKET_DEVICE:
3814 if (s->fATAPI)
3815 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3816 else
3817 {
3818 ataCmdError(s, ABRT_ERR);
3819 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3820 }
3821 break;
3822 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3823 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3824 break;
3825 case ATA_DEVICE_RESET:
3826 if (!s->fATAPI)
3827 goto abort_cmd;
3828 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3829 ataAbortCurrentCommand(s, true);
3830 break;
3831 case ATA_PACKET:
3832 if (!s->fATAPI)
3833 goto abort_cmd;
3834 /* overlapping commands not supported */
3835 if (s->uATARegFeature & 0x02)
3836 goto abort_cmd;
3837 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3838 break;
3839 default:
3840 abort_cmd:
3841 ataCmdError(s, ABRT_ERR);
3842 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3843 break;
3844 }
3845}
3846
3847#endif /* IN_RING3 */
3848
3849static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3850{
3851 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3852 addr &= 7;
3853 switch (addr)
3854 {
3855 case 0:
3856 break;
3857 case 1: /* feature register */
3858 /* NOTE: data is written to the two drives */
3859 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3860 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3861 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3862 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3863 pCtl->aIfs[0].uATARegFeature = val;
3864 pCtl->aIfs[1].uATARegFeature = val;
3865 break;
3866 case 2: /* sector count */
3867 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3868 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3869 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3870 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3871 pCtl->aIfs[0].uATARegNSector = val;
3872 pCtl->aIfs[1].uATARegNSector = val;
3873 break;
3874 case 3: /* sector number */
3875 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3876 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3877 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3878 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3879 pCtl->aIfs[0].uATARegSector = val;
3880 pCtl->aIfs[1].uATARegSector = val;
3881 break;
3882 case 4: /* cylinder low */
3883 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3884 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3885 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3886 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3887 pCtl->aIfs[0].uATARegLCyl = val;
3888 pCtl->aIfs[1].uATARegLCyl = val;
3889 break;
3890 case 5: /* cylinder high */
3891 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3892 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3893 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3894 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3895 pCtl->aIfs[0].uATARegHCyl = val;
3896 pCtl->aIfs[1].uATARegHCyl = val;
3897 break;
3898 case 6: /* drive/head */
3899 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3900 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3901 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3902 {
3903 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3904
3905 /* select another drive */
3906 pCtl->iSelectedIf = (val >> 4) & 1;
3907 /* The IRQ line is multiplexed between the two drives, so
3908 * update the state when switching to another drive. Only need
3909 * to update interrupt line if it is enabled and there is a
3910 * state change. */
3911 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3912 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3913 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3914 {
3915 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3916 {
3917 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3918 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3919 * the interrupt line is asserted. It monitors the line
3920 * for a rising edge. */
3921 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3922 if (pCtl->irq == 16)
3923 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
3924 else
3925 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
3926 }
3927 else
3928 {
3929 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3930 if (pCtl->irq == 16)
3931 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
3932 else
3933 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
3934 }
3935 }
3936 }
3937 break;
3938 default:
3939 case 7: /* command */
3940 /* ignore commands to non existant slave */
3941 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3942 break;
3943#ifndef IN_RING3
3944 /* Don't do anything complicated in GC */
3945 return VINF_IOM_HC_IOPORT_WRITE;
3946#else /* IN_RING3 */
3947 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3948#endif /* !IN_RING3 */
3949 }
3950 return VINF_SUCCESS;
3951}
3952
3953
3954static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3955{
3956 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3957 uint32_t val;
3958 bool fHOB;
3959
3960 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3961 switch (addr & 7)
3962 {
3963 case 0: /* data register */
3964 val = 0xff;
3965 break;
3966 case 1: /* error register */
3967 /* The ATA specification is very terse when it comes to specifying
3968 * the precise effects of reading back the error/feature register.
3969 * The error register (read-only) shares the register number with
3970 * the feature register (write-only), so it seems that it's not
3971 * necessary to support the usual HOB readback here. */
3972 if (!s->pDrvBlock)
3973 val = 0;
3974 else
3975 val = s->uATARegError;
3976 break;
3977 case 2: /* sector count */
3978 if (!s->pDrvBlock)
3979 val = 0;
3980 else if (fHOB)
3981 val = s->uATARegNSectorHOB;
3982 else
3983 val = s->uATARegNSector;
3984 break;
3985 case 3: /* sector number */
3986 if (!s->pDrvBlock)
3987 val = 0;
3988 else if (fHOB)
3989 val = s->uATARegSectorHOB;
3990 else
3991 val = s->uATARegSector;
3992 break;
3993 case 4: /* cylinder low */
3994 if (!s->pDrvBlock)
3995 val = 0;
3996 else if (fHOB)
3997 val = s->uATARegLCylHOB;
3998 else
3999 val = s->uATARegLCyl;
4000 break;
4001 case 5: /* cylinder high */
4002 if (!s->pDrvBlock)
4003 val = 0;
4004 else if (fHOB)
4005 val = s->uATARegHCylHOB;
4006 else
4007 val = s->uATARegHCyl;
4008 break;
4009 case 6: /* drive/head */
4010 /* This register must always work as long as there is at least
4011 * one drive attached to the controller. It is common between
4012 * both drives anyway (completely identical content). */
4013 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4014 val = 0;
4015 else
4016 val = s->uATARegSelect;
4017 break;
4018 default:
4019 case 7: /* primary status */
4020 {
4021 /* Counter for number of busy status seen in GC in a row. */
4022 static unsigned cBusy = 0;
4023
4024 if (!s->pDrvBlock)
4025 val = 0;
4026 else
4027 val = s->uATARegStatus;
4028
4029 /* Give the async I/O thread an opportunity to make progress,
4030 * don't let it starve by guests polling frequently. EMT has a
4031 * lower priority than the async I/O thread, but sometimes the
4032 * host OS doesn't care. With some guests we are only allowed to
4033 * be busy for about 5 milliseconds in some situations. Note that
4034 * this is no guarantee for any other VBox thread getting
4035 * scheduled, so this just lowers the CPU load a bit when drives
4036 * are busy. It cannot help with timing problems. */
4037 if (val & ATA_STAT_BUSY)
4038 {
4039#ifdef IN_RING3
4040 cBusy = 0;
4041 PDMCritSectLeave(&pCtl->lock);
4042
4043#ifndef RT_OS_WINDOWS
4044 /*
4045 * The thread might be stuck in an I/O operation
4046 * due to a high I/O load on the host. (see @bugref{3301})
4047 * To perform the reset successfully
4048 * we interrupt the operation by sending a signal to the thread
4049 * if the thread didn't responded in 10ms.
4050 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4051 * does the same but it was introduced with Vista) but so far
4052 * this hang was only observed on Linux and Mac OS X.
4053 *
4054 * This is a workaround and needs to be solved properly.
4055 */
4056 if (pCtl->fReset)
4057 {
4058 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4059
4060 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4061 {
4062 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4063 pCtl->u64ResetTime = u64ResetTimeStop;
4064 RTThreadPoke(pCtl->AsyncIOThread);
4065 }
4066 }
4067#endif
4068
4069 RTThreadYield();
4070
4071 {
4072 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4073 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4074 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4075 }
4076
4077 val = s->uATARegStatus;
4078#else /* !IN_RING3 */
4079 /* Cannot yield CPU in guest context. And switching to host
4080 * context for each and every busy status is too costly,
4081 * especially on SMP systems where we don't gain much by
4082 * yielding the CPU to someone else. */
4083 if (++cBusy >= 20)
4084 {
4085 cBusy = 0;
4086 return VINF_IOM_HC_IOPORT_READ;
4087 }
4088#endif /* !IN_RING3 */
4089 }
4090 else
4091 cBusy = 0;
4092 ataUnsetIRQ(s);
4093 break;
4094 }
4095 }
4096 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4097 *pu32 = val;
4098 return VINF_SUCCESS;
4099}
4100
4101
4102static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4103{
4104 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4105 uint32_t val;
4106
4107 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4108 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4109 val = 0;
4110 else
4111 val = s->uATARegStatus;
4112 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4113 return val;
4114}
4115
4116static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4117{
4118#ifndef IN_RING3
4119 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4120 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4121#endif /* !IN_RING3 */
4122
4123 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4124 /* RESET is common for both drives attached to a controller. */
4125 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4126 (val & ATA_DEVCTL_RESET))
4127 {
4128#ifdef IN_RING3
4129 /* Software RESET low to high */
4130 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4131 uint64_t uNow = RTTimeNanoTS();
4132 if (pCtl->aIfs[0].u64CmdTS)
4133 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4134 if (pCtl->aIfs[1].u64CmdTS)
4135 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4136 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4137 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4138 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4139 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4140 pCtl->fReset = true;
4141 /* Everything must be done after the reset flag is set, otherwise
4142 * there are unavoidable races with the currently executing request
4143 * (which might just finish in the mean time). */
4144 pCtl->fChainedTransfer = false;
4145 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4146 {
4147 ataResetDevice(&pCtl->aIfs[i]);
4148 /* The following cannot be done using ataSetStatusValue() since the
4149 * reset flag is already set, which suppresses all status changes. */
4150 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4151 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4152 pCtl->aIfs[i].uATARegError = 0x01;
4153 }
4154 ataAsyncIOClearRequests(pCtl);
4155 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4156 if (val & ATA_DEVCTL_HOB)
4157 {
4158 val &= ~ATA_DEVCTL_HOB;
4159 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4160 }
4161
4162 /* Save the timestamp we started the reset. */
4163 pCtl->u64ResetTime = RTTimeMilliTS();
4164
4165 /* Issue the reset request now. */
4166 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4167#else /* !IN_RING3 */
4168 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4169#endif /* IN_RING3 */
4170 }
4171 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4172 !(val & ATA_DEVCTL_RESET))
4173 {
4174#ifdef IN_RING3
4175 /* Software RESET high to low */
4176 Log(("%s: deasserting RESET\n", __FUNCTION__));
4177 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4178 if (val & ATA_DEVCTL_HOB)
4179 {
4180 val &= ~ATA_DEVCTL_HOB;
4181 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4182 }
4183 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4184#else /* !IN_RING3 */
4185 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4186#endif /* IN_RING3 */
4187 }
4188
4189 /* Change of interrupt disable flag. Update interrupt line if interrupt
4190 * is pending on the current interface. */
4191 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4192 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4193 {
4194 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4195 {
4196 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4197 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4198 * interrupt line is asserted. It monitors the line for a rising
4199 * edge. */
4200 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4201 if (pCtl->irq == 16)
4202 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4203 else
4204 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4205 }
4206 else
4207 {
4208 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4209 if (pCtl->irq == 16)
4210 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4211 else
4212 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4213 }
4214 }
4215
4216 if (val & ATA_DEVCTL_HOB)
4217 Log2(("%s: set HOB\n", __FUNCTION__));
4218
4219 pCtl->aIfs[0].uATARegDevCtl = val;
4220 pCtl->aIfs[1].uATARegDevCtl = val;
4221
4222 return VINF_SUCCESS;
4223}
4224
4225#ifdef IN_RING3
4226
4227static void ataPIOTransfer(PATACONTROLLER pCtl)
4228{
4229 ATADevState *s;
4230
4231 s = &pCtl->aIfs[pCtl->iAIOIf];
4232 Log3(("%s: if=%p\n", __FUNCTION__, s));
4233
4234 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4235 {
4236 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4237 /* Any guest OS that triggers this case has a pathetic ATA driver.
4238 * In a real system it would block the CPU via IORDY, here we do it
4239 * very similarly by not continuing with the current instruction
4240 * until the transfer to/from the storage medium is completed. */
4241 if (s->iSourceSink != ATAFN_SS_NULL)
4242 {
4243 bool fRedo;
4244 uint8_t status = s->uATARegStatus;
4245 ataSetStatusValue(s, ATA_STAT_BUSY);
4246 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4247 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4248 pCtl->fRedo = fRedo;
4249 if (RT_UNLIKELY(fRedo))
4250 return;
4251 ataSetStatusValue(s, status);
4252 s->iIOBufferCur = 0;
4253 s->iIOBufferEnd = s->cbElementaryTransfer;
4254 }
4255 }
4256 if (s->cbTotalTransfer)
4257 {
4258 if (s->fATAPITransfer)
4259 ataPIOTransferLimitATAPI(s);
4260
4261 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4262 s->cbElementaryTransfer = s->cbTotalTransfer;
4263
4264 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4265 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4266 s->cbTotalTransfer, s->cbElementaryTransfer,
4267 s->iIOBufferCur, s->iIOBufferEnd));
4268 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4269 s->cbTotalTransfer -= s->cbElementaryTransfer;
4270 s->iIOBufferCur += s->cbElementaryTransfer;
4271
4272 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4273 s->cbElementaryTransfer = s->cbTotalTransfer;
4274 }
4275 else
4276 ataPIOTransferStop(s);
4277}
4278
4279
4280DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4281{
4282 /* Do not interfere with RESET processing if the PIO transfer finishes
4283 * while the RESET line is asserted. */
4284 if (pCtl->fReset)
4285 {
4286 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4287 return;
4288 }
4289
4290 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4291 || ( s->iSourceSink != ATAFN_SS_NULL
4292 && s->iIOBufferCur >= s->iIOBufferEnd))
4293 {
4294 /* Need to continue the transfer in the async I/O thread. This is
4295 * the case for write operations or generally for not yet finished
4296 * transfers (some data might need to be read). */
4297 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4298 ataSetStatus(s, ATA_STAT_BUSY);
4299
4300 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4301 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4302 }
4303 else
4304 {
4305 /* Either everything finished (though some data might still be pending)
4306 * or some data is pending before the next read is due. */
4307
4308 /* Continue a previously started transfer. */
4309 ataUnsetStatus(s, ATA_STAT_DRQ);
4310 ataSetStatus(s, ATA_STAT_READY);
4311
4312 if (s->cbTotalTransfer)
4313 {
4314 /* There is more to transfer, happens usually for large ATAPI
4315 * reads - the protocol limits the chunk size to 65534 bytes. */
4316 ataPIOTransfer(pCtl);
4317 ataSetIRQ(s);
4318 }
4319 else
4320 {
4321 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4322 /* Finish PIO transfer. */
4323 ataPIOTransfer(pCtl);
4324 Assert(!pCtl->fRedo);
4325 }
4326 }
4327}
4328
4329#endif /* IN_RING3 */
4330
4331static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4332{
4333 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4334 uint8_t *p;
4335
4336 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4337 {
4338 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4339 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4340#ifndef IN_RING3
4341 /* All but the last transfer unit is simple enough for GC, but
4342 * sending a request to the async IO thread is too complicated. */
4343 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4344 {
4345 memcpy(p, pbBuf, cbSize);
4346 s->iIOBufferPIODataStart += cbSize;
4347 }
4348 else
4349 return VINF_IOM_HC_IOPORT_WRITE;
4350#else /* IN_RING3 */
4351 memcpy(p, pbBuf, cbSize);
4352 s->iIOBufferPIODataStart += cbSize;
4353 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4354 ataPIOTransferFinish(pCtl, s);
4355#endif /* !IN_RING3 */
4356 }
4357 else
4358 Log2(("%s: DUMMY data\n", __FUNCTION__));
4359 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4360 return VINF_SUCCESS;
4361}
4362
4363static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4364{
4365 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4366 uint8_t *p;
4367
4368 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4369 {
4370 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4371 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4372#ifndef IN_RING3
4373 /* All but the last transfer unit is simple enough for GC, but
4374 * sending a request to the async IO thread is too complicated. */
4375 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4376 {
4377 memcpy(pbBuf, p, cbSize);
4378 s->iIOBufferPIODataStart += cbSize;
4379 }
4380 else
4381 return VINF_IOM_HC_IOPORT_READ;
4382#else /* IN_RING3 */
4383 memcpy(pbBuf, p, cbSize);
4384 s->iIOBufferPIODataStart += cbSize;
4385 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4386 ataPIOTransferFinish(pCtl, s);
4387#endif /* !IN_RING3 */
4388 }
4389 else
4390 {
4391 Log2(("%s: DUMMY data\n", __FUNCTION__));
4392 memset(pbBuf, '\xff', cbSize);
4393 }
4394 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4395 return VINF_SUCCESS;
4396}
4397
4398#ifdef IN_RING3
4399
4400static void ataDMATransferStop(ATADevState *s)
4401{
4402 s->cbTotalTransfer = 0;
4403 s->cbElementaryTransfer = 0;
4404 s->iBeginTransfer = ATAFN_BT_NULL;
4405 s->iSourceSink = ATAFN_SS_NULL;
4406}
4407
4408
4409/**
4410 * Perform the entire DMA transfer in one go (unless a source/sink operation
4411 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4412 * this function cannot handle empty transfers.
4413 *
4414 * @param pCtl Controller for which to perform the transfer.
4415 */
4416static void ataDMATransfer(PATACONTROLLER pCtl)
4417{
4418 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4419 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4420 bool fRedo;
4421 RTGCPHYS32 pDesc;
4422 uint32_t cbTotalTransfer, cbElementaryTransfer;
4423 uint32_t iIOBufferCur, iIOBufferEnd;
4424 uint32_t dmalen;
4425 PDMBLOCKTXDIR uTxDir;
4426 bool fLastDesc = false;
4427
4428 Assert(sizeof(BMDMADesc) == 8);
4429
4430 fRedo = pCtl->fRedo;
4431 if (RT_LIKELY(!fRedo))
4432 Assert(s->cbTotalTransfer);
4433 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4434 cbTotalTransfer = s->cbTotalTransfer;
4435 cbElementaryTransfer = s->cbElementaryTransfer;
4436 iIOBufferCur = s->iIOBufferCur;
4437 iIOBufferEnd = s->iIOBufferEnd;
4438
4439 /* The DMA loop is designed to hold the lock only when absolutely
4440 * necessary. This avoids long freezes should the guest access the
4441 * ATA registers etc. for some reason. */
4442 PDMCritSectLeave(&pCtl->lock);
4443
4444 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4445 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4446 cbTotalTransfer, cbElementaryTransfer,
4447 iIOBufferCur, iIOBufferEnd));
4448 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4449 {
4450 BMDMADesc DMADesc;
4451 RTGCPHYS32 pBuffer;
4452 uint32_t cbBuffer;
4453
4454 if (RT_UNLIKELY(fRedo))
4455 {
4456 pBuffer = pCtl->pRedoDMABuffer;
4457 cbBuffer = pCtl->cbRedoDMABuffer;
4458 fLastDesc = pCtl->fRedoDMALastDesc;
4459 }
4460 else
4461 {
4462 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4463 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4464 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4465 fLastDesc = !!(cbBuffer & 0x80000000);
4466 cbBuffer &= 0xfffe;
4467 if (cbBuffer == 0)
4468 cbBuffer = 0x10000;
4469 if (cbBuffer > cbTotalTransfer)
4470 cbBuffer = cbTotalTransfer;
4471 }
4472
4473 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4474 {
4475 if (RT_LIKELY(!fRedo))
4476 {
4477 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4478 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4479 (int)pDesc, pBuffer, cbBuffer));
4480 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4481 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4482 else
4483 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4484 iIOBufferCur += dmalen;
4485 cbTotalTransfer -= dmalen;
4486 cbBuffer -= dmalen;
4487 pBuffer += dmalen;
4488 }
4489 if ( iIOBufferCur == iIOBufferEnd
4490 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4491 {
4492 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4493 cbElementaryTransfer = cbTotalTransfer;
4494
4495 {
4496 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4497 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4498 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4499 }
4500
4501 /* The RESET handler could have cleared the DMA transfer
4502 * state (since we didn't hold the lock until just now
4503 * the guest can continue in parallel). If so, the state
4504 * is already set up so the loop is exited immediately. */
4505 if (s->iSourceSink != ATAFN_SS_NULL)
4506 {
4507 s->iIOBufferCur = iIOBufferCur;
4508 s->iIOBufferEnd = iIOBufferEnd;
4509 s->cbElementaryTransfer = cbElementaryTransfer;
4510 s->cbTotalTransfer = cbTotalTransfer;
4511 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4512 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4513 if (RT_UNLIKELY(fRedo))
4514 {
4515 pCtl->pFirstDMADesc = pDesc;
4516 pCtl->pRedoDMABuffer = pBuffer;
4517 pCtl->cbRedoDMABuffer = cbBuffer;
4518 pCtl->fRedoDMALastDesc = fLastDesc;
4519 }
4520 else
4521 {
4522 cbTotalTransfer = s->cbTotalTransfer;
4523 cbElementaryTransfer = s->cbElementaryTransfer;
4524
4525 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4526 cbElementaryTransfer = cbTotalTransfer;
4527 iIOBufferCur = 0;
4528 iIOBufferEnd = cbElementaryTransfer;
4529 }
4530 pCtl->fRedo = fRedo;
4531 }
4532 else
4533 {
4534 /* This forces the loop to exit immediately. */
4535 pDesc = pCtl->pLastDMADesc + 1;
4536 }
4537
4538 PDMCritSectLeave(&pCtl->lock);
4539 if (RT_UNLIKELY(fRedo))
4540 break;
4541 }
4542 }
4543
4544 if (RT_UNLIKELY(fRedo))
4545 break;
4546
4547 /* end of transfer */
4548 if (!cbTotalTransfer || fLastDesc)
4549 break;
4550
4551 {
4552 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4553 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4554 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4555 }
4556
4557 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4558 {
4559 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4560 if (!pCtl->fReset)
4561 ataDMATransferStop(s);
4562 /* This forces the loop to exit immediately. */
4563 pDesc = pCtl->pLastDMADesc + 1;
4564 }
4565
4566 PDMCritSectLeave(&pCtl->lock);
4567 }
4568
4569 {
4570 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4571 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4572 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4573 }
4574
4575 if (RT_UNLIKELY(fRedo))
4576 return;
4577
4578 if (fLastDesc)
4579 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4580 s->cbTotalTransfer = cbTotalTransfer;
4581 s->cbElementaryTransfer = cbElementaryTransfer;
4582 s->iIOBufferCur = iIOBufferCur;
4583 s->iIOBufferEnd = iIOBufferEnd;
4584}
4585
4586/**
4587 * Signal PDM that we're idle (if we actually are).
4588 *
4589 * @param pCtl The controller.
4590 */
4591static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4592{
4593 /*
4594 * Take the mutex here and recheck the idle indicator to avoid
4595 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4596 */
4597 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4598
4599 if ( pCtl->fSignalIdle
4600 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4601 {
4602 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4603 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4604 }
4605
4606 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4607}
4608
4609/** Async I/O thread for an interface. Once upon a time this was readable
4610 * code with several loops and a different semaphore for each purpose. But
4611 * then came the "how can one save the state in the middle of a PIO transfer"
4612 * question. The solution was to use an ASM, which is what's there now. */
4613static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4614{
4615 const ATARequest *pReq;
4616 uint64_t u64TS = 0; /* shut up gcc */
4617 uint64_t uWait;
4618 int rc = VINF_SUCCESS;
4619 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4620 ATADevState *s;
4621
4622 pReq = NULL;
4623 pCtl->fChainedTransfer = false;
4624 while (!pCtl->fShutdown)
4625 {
4626 /* Keep this thread from doing anything as long as EMT is suspended. */
4627 while (pCtl->fRedoIdle)
4628 {
4629 if (pCtl->fSignalIdle)
4630 ataR3AsyncSignalIdle(pCtl);
4631 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4632 /* Continue if we got a signal by RTThreadPoke().
4633 * We will get notified if there is a request to process.
4634 */
4635 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4636 continue;
4637 if (RT_FAILURE(rc) || pCtl->fShutdown)
4638 break;
4639
4640 pCtl->fRedoIdle = false;
4641 }
4642
4643 /* Wait for work. */
4644 while (pReq == NULL)
4645 {
4646 if (pCtl->fSignalIdle)
4647 ataR3AsyncSignalIdle(pCtl);
4648 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4649 /* Continue if we got a signal by RTThreadPoke().
4650 * We will get notified if there is a request to process.
4651 */
4652 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4653 continue;
4654 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4655 break;
4656
4657 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4658 }
4659
4660 if (RT_FAILURE(rc) || pCtl->fShutdown)
4661 break;
4662
4663 if (pReq == NULL)
4664 continue;
4665
4666 ATAAIO ReqType = pReq->ReqType;
4667
4668 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4669 if (pCtl->uAsyncIOState != ReqType)
4670 {
4671 /* The new state is not the state that was expected by the normal
4672 * state changes. This is either a RESET/ABORT or there's something
4673 * really strange going on. */
4674 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4675 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4676 {
4677 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4678 ataAsyncIODumpRequests(pCtl);
4679 }
4680 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4681 }
4682
4683 /* Do our work. */
4684 {
4685 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4686 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4687 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4688 }
4689
4690 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4691 {
4692 u64TS = RTTimeNanoTS();
4693#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4694 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4695#endif /* DEBUG || VBOX_WITH_STATISTICS */
4696 }
4697
4698 switch (ReqType)
4699 {
4700 case ATA_AIO_NEW:
4701
4702 pCtl->iAIOIf = pReq->u.t.iIf;
4703 s = &pCtl->aIfs[pCtl->iAIOIf];
4704 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4705 s->uTxDir = pReq->u.t.uTxDir;
4706 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4707 s->iSourceSink = pReq->u.t.iSourceSink;
4708 s->iIOBufferEnd = 0;
4709 s->u64CmdTS = u64TS;
4710
4711 if (s->fATAPI)
4712 {
4713 if (pCtl->fChainedTransfer)
4714 {
4715 /* Only count the actual transfers, not the PIO
4716 * transfer of the ATAPI command bytes. */
4717 if (s->fDMA)
4718 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4719 else
4720 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4721 }
4722 }
4723 else
4724 {
4725 if (s->fDMA)
4726 STAM_REL_COUNTER_INC(&s->StatATADMA);
4727 else
4728 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4729 }
4730
4731 pCtl->fChainedTransfer = false;
4732
4733 if (s->iBeginTransfer != ATAFN_BT_NULL)
4734 {
4735 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4736 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4737 s->iBeginTransfer = ATAFN_BT_NULL;
4738 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4739 s->iIOBufferEnd = s->cbElementaryTransfer;
4740 }
4741 else
4742 {
4743 s->cbElementaryTransfer = s->cbTotalTransfer;
4744 s->iIOBufferEnd = s->cbTotalTransfer;
4745 }
4746 s->iIOBufferCur = 0;
4747
4748 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4749 {
4750 if (s->iSourceSink != ATAFN_SS_NULL)
4751 {
4752 bool fRedo;
4753 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4754 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4755 pCtl->fRedo = fRedo;
4756 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4757 {
4758 /* Operation failed at the initial transfer, restart
4759 * everything from scratch by resending the current
4760 * request. Occurs very rarely, not worth optimizing. */
4761 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4762 ataAsyncIOPutRequest(pCtl, pReq);
4763 break;
4764 }
4765 }
4766 else
4767 ataCmdOK(s, 0);
4768 s->iIOBufferEnd = s->cbElementaryTransfer;
4769
4770 }
4771
4772 /* Do not go into the transfer phase if RESET is asserted.
4773 * The CritSect is released while waiting for the host OS
4774 * to finish the I/O, thus RESET is possible here. Most
4775 * important: do not change uAsyncIOState. */
4776 if (pCtl->fReset)
4777 break;
4778
4779 if (s->fDMA)
4780 {
4781 if (s->cbTotalTransfer)
4782 {
4783 ataSetStatus(s, ATA_STAT_DRQ);
4784
4785 pCtl->uAsyncIOState = ATA_AIO_DMA;
4786 /* If BMDMA is already started, do the transfer now. */
4787 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4788 {
4789 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4790 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4791 }
4792 }
4793 else
4794 {
4795 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4796 /* Finish DMA transfer. */
4797 ataDMATransferStop(s);
4798 ataSetIRQ(s);
4799 pCtl->uAsyncIOState = ATA_AIO_NEW;
4800 }
4801 }
4802 else
4803 {
4804 if (s->cbTotalTransfer)
4805 {
4806 ataPIOTransfer(pCtl);
4807 Assert(!pCtl->fRedo);
4808 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4809 ataSetIRQ(s);
4810
4811 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4812 {
4813 /* Write operations and not yet finished transfers
4814 * must be completed in the async I/O thread. */
4815 pCtl->uAsyncIOState = ATA_AIO_PIO;
4816 }
4817 else
4818 {
4819 /* Finished read operation can be handled inline
4820 * in the end of PIO transfer handling code. Linux
4821 * depends on this, as it waits only briefly for
4822 * devices to become ready after incoming data
4823 * transfer. Cannot find anything in the ATA spec
4824 * that backs this assumption, but as all kernels
4825 * are affected (though most of the time it does
4826 * not cause any harm) this must work. */
4827 pCtl->uAsyncIOState = ATA_AIO_NEW;
4828 }
4829 }
4830 else
4831 {
4832 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4833 /* Finish PIO transfer. */
4834 ataPIOTransfer(pCtl);
4835 Assert(!pCtl->fRedo);
4836 if (!s->fATAPITransfer)
4837 ataSetIRQ(s);
4838 pCtl->uAsyncIOState = ATA_AIO_NEW;
4839 }
4840 }
4841 break;
4842
4843 case ATA_AIO_DMA:
4844 {
4845 BMDMAState *bm = &pCtl->BmDma;
4846 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4847 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4848
4849 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4850 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4851 else
4852 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4853
4854 if (RT_LIKELY(!pCtl->fRedo))
4855 {
4856 /* The specs say that the descriptor table must not cross a
4857 * 4K boundary. */
4858 pCtl->pFirstDMADesc = bm->pvAddr;
4859 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4860 }
4861 ataDMATransfer(pCtl);
4862
4863 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
4864 {
4865 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4866 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4867 break;
4868 }
4869
4870 /* The infamous delay IRQ hack. */
4871 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4872 && s->cbTotalTransfer == 0
4873 && pCtl->DelayIRQMillies)
4874 {
4875 /* Delay IRQ for writing. Required to get the Win2K
4876 * installation work reliably (otherwise it crashes,
4877 * usually during component install). So far no better
4878 * solution has been found. */
4879 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4880 PDMCritSectLeave(&pCtl->lock);
4881 RTThreadSleep(pCtl->DelayIRQMillies);
4882 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4883 }
4884
4885 ataUnsetStatus(s, ATA_STAT_DRQ);
4886 Assert(!pCtl->fChainedTransfer);
4887 Assert(s->iSourceSink == ATAFN_SS_NULL);
4888 if (s->fATAPITransfer)
4889 {
4890 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4891 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4892 s->fATAPITransfer = false;
4893 }
4894 ataSetIRQ(s);
4895 pCtl->uAsyncIOState = ATA_AIO_NEW;
4896 break;
4897 }
4898
4899 case ATA_AIO_PIO:
4900 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4901
4902 if (s->iSourceSink != ATAFN_SS_NULL)
4903 {
4904 bool fRedo;
4905 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4906 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4907 pCtl->fRedo = fRedo;
4908 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4909 {
4910 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4911 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4912 break;
4913 }
4914 s->iIOBufferCur = 0;
4915 s->iIOBufferEnd = s->cbElementaryTransfer;
4916 }
4917 else
4918 {
4919 /* Continue a previously started transfer. */
4920 ataUnsetStatus(s, ATA_STAT_BUSY);
4921 ataSetStatus(s, ATA_STAT_READY);
4922 }
4923
4924 /* It is possible that the drives on this controller get RESET
4925 * during the above call to the source/sink function. If that's
4926 * the case, don't restart the transfer and don't finish it the
4927 * usual way. RESET handling took care of all that already.
4928 * Most important: do not change uAsyncIOState. */
4929 if (pCtl->fReset)
4930 break;
4931
4932 if (s->cbTotalTransfer)
4933 {
4934 ataPIOTransfer(pCtl);
4935 ataSetIRQ(s);
4936
4937 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4938 {
4939 /* Write operations and not yet finished transfers
4940 * must be completed in the async I/O thread. */
4941 pCtl->uAsyncIOState = ATA_AIO_PIO;
4942 }
4943 else
4944 {
4945 /* Finished read operation can be handled inline
4946 * in the end of PIO transfer handling code. Linux
4947 * depends on this, as it waits only briefly for
4948 * devices to become ready after incoming data
4949 * transfer. Cannot find anything in the ATA spec
4950 * that backs this assumption, but as all kernels
4951 * are affected (though most of the time it does
4952 * not cause any harm) this must work. */
4953 pCtl->uAsyncIOState = ATA_AIO_NEW;
4954 }
4955 }
4956 else
4957 {
4958 /* Finish PIO transfer. */
4959 ataPIOTransfer(pCtl);
4960 if ( !pCtl->fChainedTransfer
4961 && !s->fATAPITransfer
4962 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4963 {
4964 ataSetIRQ(s);
4965 }
4966 pCtl->uAsyncIOState = ATA_AIO_NEW;
4967 }
4968 break;
4969
4970 case ATA_AIO_RESET_ASSERTED:
4971 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4972 ataPIOTransferStop(&pCtl->aIfs[0]);
4973 ataPIOTransferStop(&pCtl->aIfs[1]);
4974 /* Do not change the DMA registers, they are not affected by the
4975 * ATA controller reset logic. It should be sufficient to issue a
4976 * new command, which is now possible as the state is cleared. */
4977 break;
4978
4979 case ATA_AIO_RESET_CLEARED:
4980 pCtl->uAsyncIOState = ATA_AIO_NEW;
4981 pCtl->fReset = false;
4982 /* Ensure that half-completed transfers are not redone. A reset
4983 * cancels the entire transfer, so continuing is wrong. */
4984 pCtl->fRedo = false;
4985 pCtl->fRedoDMALastDesc = false;
4986 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4987 ATACONTROLLER_IDX(pCtl)));
4988 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4989 {
4990 if (pCtl->aIfs[i].fATAPI)
4991 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4992 else
4993 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4994 ataSetSignature(&pCtl->aIfs[i]);
4995 }
4996 break;
4997
4998 case ATA_AIO_ABORT:
4999 /* Abort the current command only if it operates on the same interface. */
5000 if (pCtl->iAIOIf == pReq->u.a.iIf)
5001 {
5002 s = &pCtl->aIfs[pCtl->iAIOIf];
5003
5004 pCtl->uAsyncIOState = ATA_AIO_NEW;
5005 /* Do not change the DMA registers, they are not affected by the
5006 * ATA controller reset logic. It should be sufficient to issue a
5007 * new command, which is now possible as the state is cleared. */
5008 if (pReq->u.a.fResetDrive)
5009 {
5010 ataResetDevice(s);
5011 ataExecuteDeviceDiagnosticSS(s);
5012 }
5013 else
5014 {
5015 /* Stop any pending DMA transfer. */
5016 s->fDMA = false;
5017 ataPIOTransferStop(s);
5018 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5019 ataSetStatus(s, ATA_STAT_READY);
5020 ataSetIRQ(s);
5021 }
5022 }
5023 break;
5024
5025 default:
5026 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5027 }
5028
5029 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5030 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5031
5032 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5033 {
5034#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5035 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5036#endif /* DEBUG || VBOX_WITH_STATISTICS */
5037
5038 u64TS = RTTimeNanoTS() - u64TS;
5039 uWait = u64TS / 1000;
5040 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5041 /* Mark command as finished. */
5042 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5043
5044 /*
5045 * Release logging of command execution times depends on the
5046 * command type. ATAPI commands often take longer (due to CD/DVD
5047 * spin up time etc.) so the threshold is different.
5048 */
5049 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5050 {
5051 if (uWait > 8 * 1000 * 1000)
5052 {
5053 /*
5054 * Command took longer than 8 seconds. This is close
5055 * enough or over the guest's command timeout, so place
5056 * an entry in the release log to allow tracking such
5057 * timing errors (which are often caused by the host).
5058 */
5059 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5060 }
5061 }
5062 else
5063 {
5064 if (uWait > 20 * 1000 * 1000)
5065 {
5066 /*
5067 * Command took longer than 20 seconds. This is close
5068 * enough or over the guest's command timeout, so place
5069 * an entry in the release log to allow tracking such
5070 * timing errors (which are often caused by the host).
5071 */
5072 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5073 }
5074 }
5075
5076#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5077 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5078 pCtl->StatAsyncMinWait = uWait;
5079 if (uWait > pCtl->StatAsyncMaxWait)
5080 pCtl->StatAsyncMaxWait = uWait;
5081
5082 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5083 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5084#endif /* DEBUG || VBOX_WITH_STATISTICS */
5085 }
5086
5087 PDMCritSectLeave(&pCtl->lock);
5088 }
5089
5090 /* Signal the ultimate idleness. */
5091 RTThreadUserSignal(pCtl->AsyncIOThread);
5092 if (pCtl->fSignalIdle)
5093 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5094
5095 /* Cleanup the state. */
5096 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5097 pCtl->fShutdown = false;
5098
5099 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5100 return rc;
5101}
5102
5103#endif /* IN_RING3 */
5104
5105static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5106{
5107 uint32_t val = pCtl->BmDma.u8Cmd;
5108 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5109 return val;
5110}
5111
5112
5113static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5114{
5115 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5116 if (!(val & BM_CMD_START))
5117 {
5118 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5119 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5120 }
5121 else
5122 {
5123#ifdef IN_RING3
5124 /* Check whether the guest OS wants to change DMA direction in
5125 * mid-flight. Not allowed, according to the PIIX3 specs. */
5126 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5127 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5128 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5129 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5130
5131 /* Do not continue DMA transfers while the RESET line is asserted. */
5132 if (pCtl->fReset)
5133 {
5134 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5135 return;
5136 }
5137
5138 /* Do not start DMA transfers if there's a PIO transfer going on,
5139 * or if there is already a transfer started on this controller. */
5140 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5141 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5142 return;
5143
5144 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5145 {
5146 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5147 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5148 }
5149#else /* !IN_RING3 */
5150 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5151#endif /* IN_RING3 */
5152 }
5153}
5154
5155static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5156{
5157 uint32_t val = pCtl->BmDma.u8Status;
5158 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5159 return val;
5160}
5161
5162static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5163{
5164 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5165 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5166 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5167 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5168}
5169
5170static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5171{
5172 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5173 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5174 return val;
5175}
5176
5177static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5178{
5179 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5180 pCtl->BmDma.pvAddr = val & ~3;
5181}
5182
5183static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5184{
5185 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5186 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5187
5188}
5189
5190static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5191{
5192 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5193 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5194}
5195
5196#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5197
5198/**
5199 * Port I/O Handler for bus master DMA IN operations.
5200 * @see FNIOMIOPORTIN for details.
5201 */
5202PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5203{
5204 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5205 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5206 PATACONTROLLER pCtl = &pThis->aCts[i];
5207 int rc;
5208
5209 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5210 if (rc != VINF_SUCCESS)
5211 return rc;
5212 switch (VAL(Port, cb))
5213 {
5214 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5215 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5216 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5217 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5218 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5219 case VAL(0, 4):
5220 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5221 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5222 break;
5223 default:
5224 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5225 PDMCritSectLeave(&pCtl->lock);
5226 return VERR_IOM_IOPORT_UNUSED;
5227 }
5228 PDMCritSectLeave(&pCtl->lock);
5229 return rc;
5230}
5231
5232/**
5233 * Port I/O Handler for bus master DMA OUT operations.
5234 * @see FNIOMIOPORTOUT for details.
5235 */
5236PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5237{
5238 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5239 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5240 PATACONTROLLER pCtl = &pThis->aCts[i];
5241 int rc;
5242
5243 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5244 if (rc != VINF_SUCCESS)
5245 return rc;
5246 switch (VAL(Port, cb))
5247 {
5248 case VAL(0, 1):
5249#ifndef IN_RING3
5250 if (u32 & BM_CMD_START)
5251 {
5252 rc = VINF_IOM_HC_IOPORT_WRITE;
5253 break;
5254 }
5255#endif /* !IN_RING3 */
5256 ataBMDMACmdWriteB(pCtl, Port, u32);
5257 break;
5258 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5259 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5260 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5261 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5262 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5263 }
5264 PDMCritSectLeave(&pCtl->lock);
5265 return rc;
5266}
5267
5268#undef VAL
5269
5270#ifdef IN_RING3
5271
5272/**
5273 * Callback function for mapping an PCI I/O region.
5274 *
5275 * @return VBox status code.
5276 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5277 * @param iRegion The region number.
5278 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5279 * I/O port, else it's a physical address.
5280 * This address is *NOT* relative to pci_mem_base like earlier!
5281 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5282 */
5283static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5284{
5285 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5286 int rc = VINF_SUCCESS;
5287 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5288 Assert(iRegion == 4);
5289 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5290
5291 /* Register the port range. */
5292 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5293 {
5294 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5295 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5296 AssertRC(rc2);
5297 if (rc2 < rc)
5298 rc = rc2;
5299
5300 if (pThis->fGCEnabled)
5301 {
5302 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5303 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5304 AssertRC(rc2);
5305 if (rc2 < rc)
5306 rc = rc2;
5307 }
5308 if (pThis->fR0Enabled)
5309 {
5310 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5311 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5312 AssertRC(rc2);
5313 if (rc2 < rc)
5314 rc = rc2;
5315 }
5316 }
5317 return rc;
5318}
5319
5320
5321/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5322
5323/**
5324 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5325 */
5326static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5327{
5328 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5329 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5330 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5331 return NULL;
5332}
5333
5334
5335/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5336
5337/**
5338 * Gets the pointer to the status LED of a unit.
5339 *
5340 * @returns VBox status code.
5341 * @param pInterface Pointer to the interface structure containing the called function pointer.
5342 * @param iLUN The unit which status LED we desire.
5343 * @param ppLed Where to store the LED pointer.
5344 */
5345static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5346{
5347 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5348 if (iLUN < 4)
5349 {
5350 switch (iLUN)
5351 {
5352 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5353 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5354 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5355 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5356 }
5357 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5358 return VINF_SUCCESS;
5359 }
5360 return VERR_PDM_LUN_NOT_FOUND;
5361}
5362
5363
5364/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5365
5366/**
5367 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5368 */
5369static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5370{
5371 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5372 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5373 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5374 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5375 return NULL;
5376}
5377
5378
5379/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5380
5381/**
5382 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5383 */
5384static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5385 uint32_t *piInstance, uint32_t *piLUN)
5386{
5387 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5388 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5389
5390 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5391 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5392 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5393
5394 *ppcszController = pDevIns->pReg->szName;
5395 *piInstance = pDevIns->iInstance;
5396 *piLUN = pIf->iLUN;
5397
5398 return VINF_SUCCESS;
5399}
5400#endif /* IN_RING3 */
5401
5402
5403/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5404
5405/**
5406 * Port I/O Handler for primary port range OUT operations.
5407 * @see FNIOMIOPORTOUT for details.
5408 */
5409PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5410{
5411 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5412 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5413 PATACONTROLLER pCtl = &pThis->aCts[i];
5414 int rc = VINF_SUCCESS;
5415
5416 Assert(i < 2);
5417
5418 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5419 if (rc != VINF_SUCCESS)
5420 return rc;
5421 if (cb == 1)
5422 rc = ataIOPortWriteU8(pCtl, Port, u32);
5423 else if (Port == pCtl->IOPortBase1)
5424 {
5425 Assert(cb == 2 || cb == 4);
5426 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5427 }
5428 else
5429 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5430 PDMCritSectLeave(&pCtl->lock);
5431 return rc;
5432}
5433
5434
5435/**
5436 * Port I/O Handler for primary port range IN operations.
5437 * @see FNIOMIOPORTIN for details.
5438 */
5439PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5440{
5441 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5442 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5443 PATACONTROLLER pCtl = &pThis->aCts[i];
5444 int rc = VINF_SUCCESS;
5445
5446 Assert(i < 2);
5447
5448 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5449 if (rc != VINF_SUCCESS)
5450 return rc;
5451 if (cb == 1)
5452 {
5453 rc = ataIOPortReadU8(pCtl, Port, pu32);
5454 }
5455 else if (Port == pCtl->IOPortBase1)
5456 {
5457 Assert(cb == 2 || cb == 4);
5458 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5459 if (cb == 2)
5460 *pu32 &= 0xffff;
5461 }
5462 else
5463 {
5464 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5465 rc = VERR_IOM_IOPORT_UNUSED;
5466 }
5467 PDMCritSectLeave(&pCtl->lock);
5468 return rc;
5469}
5470
5471#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5472/**
5473 * Port I/O Handler for primary port range IN string operations.
5474 * @see FNIOMIOPORTINSTRING for details.
5475 */
5476PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5477{
5478 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5479 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5480 PATACONTROLLER pCtl = &pThis->aCts[i];
5481 int rc = VINF_SUCCESS;
5482
5483 Assert(i < 2);
5484
5485 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5486 if (rc != VINF_SUCCESS)
5487 return rc;
5488 if (Port == pCtl->IOPortBase1)
5489 {
5490 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5491 RTGCPTR GCDst = *pGCPtrDst;
5492 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5493 Assert(cb == 2 || cb == 4);
5494
5495 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5496#ifndef IN_RING3
5497 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5498 if (!cTransAvailable)
5499 {
5500 PDMCritSectLeave(&pCtl->lock);
5501 return VINF_IOM_HC_IOPORT_READ;
5502 }
5503 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5504 cTransAvailable--;
5505#endif /* !IN_RING3 */
5506 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5507 * They are not performance-critical and generally shouldn't occur at all. */
5508 if (cTransAvailable > cTransfer)
5509 cTransAvailable = cTransfer;
5510 cbTransfer = cTransAvailable * cb;
5511
5512 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5513#ifndef IN_RING3
5514 /* Paranoia. */
5515 if (RT_FAILURE(rc))
5516 {
5517 PDMCritSectLeave(&pCtl->lock);
5518 AssertFailed();
5519 return VINF_IOM_HC_IOPORT_READ;
5520 }
5521#else
5522 Assert(rc == VINF_SUCCESS);
5523#endif
5524
5525 if (cbTransfer)
5526 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5527 s->iIOBufferPIODataStart += cbTransfer;
5528 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5529 *pcTransfer = cTransfer - cTransAvailable;
5530#ifdef IN_RING3
5531 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5532 ataPIOTransferFinish(pCtl, s);
5533#endif /* IN_RING3 */
5534 }
5535 PDMCritSectLeave(&pCtl->lock);
5536 return rc;
5537}
5538
5539
5540/**
5541 * Port I/O Handler for primary port range OUT string operations.
5542 * @see FNIOMIOPORTOUTSTRING for details.
5543 */
5544PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5545{
5546 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5547 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5548 PATACONTROLLER pCtl = &pThis->aCts[i];
5549 int rc;
5550
5551 Assert(i < 2);
5552
5553 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5554 if (rc != VINF_SUCCESS)
5555 return rc;
5556 if (Port == pCtl->IOPortBase1)
5557 {
5558 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5559 RTGCPTR GCSrc = *pGCPtrSrc;
5560 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5561 Assert(cb == 2 || cb == 4);
5562
5563 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5564#ifndef IN_RING3
5565 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5566 if (!cTransAvailable)
5567 {
5568 PDMCritSectLeave(&pCtl->lock);
5569 return VINF_IOM_HC_IOPORT_WRITE;
5570 }
5571 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5572 cTransAvailable--;
5573#endif /* !IN_RING3 */
5574 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5575 * They are not performance-critical and generally shouldn't occur at all. */
5576 if (cTransAvailable > cTransfer)
5577 cTransAvailable = cTransfer;
5578 cbTransfer = cTransAvailable * cb;
5579
5580 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5581#ifndef IN_RING3
5582 /* Paranoia. */
5583 if (RT_FAILURE(rc))
5584 {
5585 PDMCritSectLeave(&pCtl->lock);
5586 AssertFailed();
5587 return VINF_IOM_HC_IOPORT_WRITE;
5588 }
5589#else
5590 Assert(rc == VINF_SUCCESS);
5591#endif
5592
5593 if (cbTransfer)
5594 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5595 s->iIOBufferPIODataStart += cbTransfer;
5596 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5597 *pcTransfer = cTransfer - cTransAvailable;
5598#ifdef IN_RING3
5599 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5600 ataPIOTransferFinish(pCtl, s);
5601#endif /* IN_RING3 */
5602 }
5603 PDMCritSectLeave(&pCtl->lock);
5604 return rc;
5605}
5606#endif /* !IN_RING0 */
5607
5608/**
5609 * Port I/O Handler for secondary port range OUT operations.
5610 * @see FNIOMIOPORTOUT for details.
5611 */
5612PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5613{
5614 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5615 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5616 PATACONTROLLER pCtl = &pThis->aCts[i];
5617 int rc;
5618
5619 Assert(i < 2);
5620
5621 if (cb != 1)
5622 return VINF_SUCCESS;
5623 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5624 if (rc != VINF_SUCCESS)
5625 return rc;
5626 rc = ataControlWrite(pCtl, Port, u32);
5627 PDMCritSectLeave(&pCtl->lock);
5628 return rc;
5629}
5630
5631
5632/**
5633 * Port I/O Handler for secondary port range IN operations.
5634 * @see FNIOMIOPORTIN for details.
5635 */
5636PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5637{
5638 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5639 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5640 PATACONTROLLER pCtl = &pThis->aCts[i];
5641 int rc;
5642
5643 Assert(i < 2);
5644
5645 if (cb != 1)
5646 return VERR_IOM_IOPORT_UNUSED;
5647
5648 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5649 if (rc != VINF_SUCCESS)
5650 return rc;
5651 *pu32 = ataStatusRead(pCtl, Port);
5652 PDMCritSectLeave(&pCtl->lock);
5653 return VINF_SUCCESS;
5654}
5655
5656#ifdef IN_RING3
5657
5658
5659DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5660{
5661 if (s->pbIOBufferR3)
5662 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5663}
5664
5665
5666/**
5667 * @copydoc FNPDMDEVRELOCATE
5668 */
5669static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5670{
5671 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5672
5673 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5674 {
5675 pThis->aCts[i].pDevInsRC += offDelta;
5676 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5677 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5678 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5679 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5680 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5681 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5682 }
5683}
5684
5685
5686/**
5687 * Destroy a driver instance.
5688 *
5689 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5690 * resources can be freed correctly.
5691 *
5692 * @param pDevIns The device instance data.
5693 */
5694static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5695{
5696 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5697 int rc;
5698
5699 Log(("ataR3Destruct\n"));
5700 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
5701
5702 /*
5703 * Tell the async I/O threads to terminate.
5704 */
5705 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5706 {
5707 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5708 {
5709 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5710 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5711 AssertRC(rc);
5712 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5713 AssertRC(rc);
5714 }
5715 }
5716
5717 /*
5718 * Wait for the threads to terminate before destroying their resources.
5719 */
5720 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5721 {
5722 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5723 {
5724 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5725 if (RT_SUCCESS(rc))
5726 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5727 else
5728 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5729 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5730 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5731 }
5732 }
5733
5734 /*
5735 * Free resources.
5736 */
5737 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5738 {
5739 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5740 {
5741 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5742 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5743 }
5744 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5745 {
5746 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5747 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5748 }
5749 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5750 {
5751 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5752 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5753 }
5754
5755 /* try one final time */
5756 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5757 {
5758 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5759 if (RT_SUCCESS(rc))
5760 {
5761 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5762 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5763 }
5764 }
5765 }
5766
5767 return VINF_SUCCESS;
5768}
5769
5770
5771/**
5772 * Detach notification.
5773 *
5774 * The DVD drive has been unplugged.
5775 *
5776 * @param pDevIns The device instance.
5777 * @param iLUN The logical unit which is being detached.
5778 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5779 */
5780static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5781{
5782 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5783 PATACONTROLLER pCtl;
5784 ATADevState *pIf;
5785 unsigned iController;
5786 unsigned iInterface;
5787
5788 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5789 ("PIIX3IDE: Device does not support hotplugging\n"));
5790
5791 /*
5792 * Locate the controller and stuff.
5793 */
5794 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5795 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5796 pCtl = &pThis->aCts[iController];
5797
5798 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5799 pIf = &pCtl->aIfs[iInterface];
5800
5801 /*
5802 * Zero some important members.
5803 */
5804 pIf->pDrvBase = NULL;
5805 pIf->pDrvBlock = NULL;
5806 pIf->pDrvBlockBios = NULL;
5807 pIf->pDrvMount = NULL;
5808
5809 /*
5810 * In case there was a medium inserted.
5811 */
5812 ataMediumRemoved(pIf);
5813}
5814
5815
5816/**
5817 * Configure a LUN.
5818 *
5819 * @returns VBox status code.
5820 * @param pDevIns The device instance.
5821 * @param pIf The ATA unit state.
5822 */
5823static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5824{
5825 int rc = VINF_SUCCESS;
5826 PDMBLOCKTYPE enmType;
5827
5828 /*
5829 * Query Block, Bios and Mount interfaces.
5830 */
5831 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5832 if (!pIf->pDrvBlock)
5833 {
5834 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5835 return VERR_PDM_MISSING_INTERFACE;
5836 }
5837
5838 /** @todo implement the BIOS invisible code path. */
5839 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5840 if (!pIf->pDrvBlockBios)
5841 {
5842 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5843 return VERR_PDM_MISSING_INTERFACE;
5844 }
5845 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5846
5847 /*
5848 * Validate type.
5849 */
5850 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5851 if ( enmType != PDMBLOCKTYPE_CDROM
5852 && enmType != PDMBLOCKTYPE_DVD
5853 && enmType != PDMBLOCKTYPE_HARD_DISK)
5854 {
5855 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5856 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5857 }
5858 if ( ( enmType == PDMBLOCKTYPE_DVD
5859 || enmType == PDMBLOCKTYPE_CDROM)
5860 && !pIf->pDrvMount)
5861 {
5862 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5863 return VERR_INTERNAL_ERROR;
5864 }
5865 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5866 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5867
5868 /*
5869 * Allocate I/O buffer.
5870 */
5871 PVM pVM = PDMDevHlpGetVM(pDevIns);
5872 if (pIf->cbIOBuffer)
5873 {
5874 /* Buffer is (probably) already allocated. Validate the fields,
5875 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5876 if (pIf->fATAPI)
5877 AssertRelease(pIf->cbIOBuffer == _128K);
5878 else
5879 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5880 Assert(pIf->pbIOBufferR3);
5881 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5882 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5883 }
5884 else
5885 {
5886 if (pIf->fATAPI)
5887 pIf->cbIOBuffer = _128K;
5888 else
5889 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5890 Assert(!pIf->pbIOBufferR3);
5891 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5892 if (RT_FAILURE(rc))
5893 return VERR_NO_MEMORY;
5894 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5895 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5896 }
5897
5898 /*
5899 * Init geometry (only for non-CD/DVD media).
5900 */
5901 if (pIf->fATAPI)
5902 {
5903 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5904 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5905 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5906 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5907 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5908 }
5909 else
5910 {
5911 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5912 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5913 &pIf->PCHSGeometry);
5914 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5915 {
5916 pIf->PCHSGeometry.cCylinders = 0;
5917 pIf->PCHSGeometry.cHeads = 16; /*??*/
5918 pIf->PCHSGeometry.cSectors = 63; /*??*/
5919 }
5920 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5921 {
5922 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5923 rc = VINF_SUCCESS;
5924 }
5925 AssertRC(rc);
5926
5927 if ( pIf->PCHSGeometry.cCylinders == 0
5928 || pIf->PCHSGeometry.cHeads == 0
5929 || pIf->PCHSGeometry.cSectors == 0
5930 )
5931 {
5932 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5933 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5934 pIf->PCHSGeometry.cHeads = 16;
5935 pIf->PCHSGeometry.cSectors = 63;
5936 /* Set the disk geometry information. Ignore errors. */
5937 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5938 &pIf->PCHSGeometry);
5939 rc = VINF_SUCCESS;
5940 }
5941 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5942 }
5943 return rc;
5944}
5945
5946
5947/**
5948 * Attach command.
5949 *
5950 * This is called when we change block driver for the DVD drive.
5951 *
5952 * @returns VBox status code.
5953 * @param pDevIns The device instance.
5954 * @param iLUN The logical unit which is being detached.
5955 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5956 */
5957static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5958{
5959 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5960 PATACONTROLLER pCtl;
5961 ATADevState *pIf;
5962 int rc;
5963 unsigned iController;
5964 unsigned iInterface;
5965
5966 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5967 ("PIIX3IDE: Device does not support hotplugging\n"),
5968 VERR_INVALID_PARAMETER);
5969
5970 /*
5971 * Locate the controller and stuff.
5972 */
5973 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5974 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5975 pCtl = &pThis->aCts[iController];
5976
5977 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5978 pIf = &pCtl->aIfs[iInterface];
5979
5980 /* the usual paranoia */
5981 AssertRelease(!pIf->pDrvBase);
5982 AssertRelease(!pIf->pDrvBlock);
5983 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5984 Assert(pIf->iLUN == iLUN);
5985
5986 /*
5987 * Try attach the block device and get the interfaces,
5988 * required as well as optional.
5989 */
5990 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5991 if (RT_SUCCESS(rc))
5992 {
5993 rc = ataConfigLun(pDevIns, pIf);
5994 /*
5995 * In case there is a medium inserted.
5996 */
5997 ataMediumInserted(pIf);
5998 }
5999 else
6000 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6001
6002 if (RT_FAILURE(rc))
6003 {
6004 pIf->pDrvBase = NULL;
6005 pIf->pDrvBlock = NULL;
6006 }
6007 return rc;
6008}
6009
6010
6011/**
6012 * Resume notification.
6013 *
6014 * @returns VBox status.
6015 * @param pDevIns The device instance data.
6016 */
6017static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6018{
6019 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6020 int rc;
6021
6022 Log(("%s:\n", __FUNCTION__));
6023 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6024 {
6025 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6026 {
6027 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6028 AssertRC(rc);
6029 }
6030 }
6031 return;
6032}
6033
6034
6035/**
6036 * Checks if all (both) the async I/O threads have quiesced.
6037 *
6038 * @returns true on success.
6039 * @returns false when one or more threads is still processing.
6040 * @param pThis Pointer to the instance data.
6041 */
6042static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6043{
6044 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6045
6046 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6047 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6048 {
6049 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6050 if (!fRc)
6051 {
6052 /* Make it signal PDM & itself when its done */
6053 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6054 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6055 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6056 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6057 if (!fRc)
6058 {
6059#if 0 /** @todo Need to do some time tracking here... */
6060 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6061 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6062 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6063#endif
6064 return false;
6065 }
6066 }
6067 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6068 }
6069 return true;
6070}
6071
6072
6073/**
6074 * Callback employed by ataSuspend and ataR3PowerOff.
6075 *
6076 * @returns true if we've quiesced, false if we're still working.
6077 * @param pDevIns The device instance.
6078 */
6079static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6080{
6081 return ataR3AllAsyncIOIsIdle(pDevIns);
6082}
6083
6084
6085/**
6086 * Common worker for ataSuspend and ataR3PowerOff.
6087 */
6088static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6089{
6090 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6091 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6092}
6093
6094
6095/**
6096 * Power Off notification.
6097 *
6098 * @returns VBox status.
6099 * @param pDevIns The device instance data.
6100 */
6101static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6102{
6103 Log(("%s:\n", __FUNCTION__));
6104 ataR3SuspendOrPowerOff(pDevIns);
6105}
6106
6107
6108/**
6109 * Suspend notification.
6110 *
6111 * @returns VBox status.
6112 * @param pDevIns The device instance data.
6113 */
6114static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6115{
6116 Log(("%s:\n", __FUNCTION__));
6117 ataR3SuspendOrPowerOff(pDevIns);
6118}
6119
6120
6121/**
6122 * Callback employed by ataR3Reset.
6123 *
6124 * @returns true if we've quiesced, false if we're still working.
6125 * @param pDevIns The device instance.
6126 */
6127static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6128{
6129 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6130
6131 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6132 return false;
6133
6134 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6135 {
6136 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6137 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6138 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6139 PDMCritSectLeave(&pThis->aCts[i].lock);
6140 }
6141 return true;
6142}
6143
6144
6145/**
6146 * Common reset worker for ataR3Reset and ataR3Construct.
6147 *
6148 * @returns VBox status.
6149 * @param pDevIns The device instance data.
6150 * @param fConstruct Indicates who is calling.
6151 */
6152static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6153{
6154 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6155
6156 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6157 {
6158 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6159
6160 pThis->aCts[i].iSelectedIf = 0;
6161 pThis->aCts[i].iAIOIf = 0;
6162 pThis->aCts[i].BmDma.u8Cmd = 0;
6163 /* Report that both drives present on the bus are in DMA mode. This
6164 * pretends that there is a BIOS that has set it up. Normal reset
6165 * default is 0x00. */
6166 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6167 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6168 pThis->aCts[i].BmDma.pvAddr = 0;
6169
6170 pThis->aCts[i].fReset = true;
6171 pThis->aCts[i].fRedo = false;
6172 pThis->aCts[i].fRedoIdle = false;
6173 ataAsyncIOClearRequests(&pThis->aCts[i]);
6174 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6175 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6176 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6177
6178 PDMCritSectLeave(&pThis->aCts[i].lock);
6179 }
6180
6181 int rcRet = VINF_SUCCESS;
6182 if (!fConstruct)
6183 {
6184 /*
6185 * Setup asynchronous notification completion if the requests haven't
6186 * completed yet.
6187 */
6188 if (!ataR3IsAsyncResetDone(pDevIns))
6189 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6190 }
6191 else
6192 {
6193 /*
6194 * Wait for the requests for complete.
6195 *
6196 * Would be real nice if we could do it all from EMT(0) and not
6197 * involve the worker threads, then we could dispense with all the
6198 * waiting and semaphore ping-pong here...
6199 */
6200 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6201 {
6202 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6203 {
6204 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6205 AssertRC(rc);
6206
6207 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6208 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6209 AssertRC(rc);
6210
6211 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6212 AssertRC(rc);
6213
6214 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6215 {
6216 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6217 if (RT_FAILURE(rc))
6218 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6219 if (RT_FAILURE(rc))
6220 {
6221 AssertRC(rc);
6222 rcRet = rc;
6223 }
6224 }
6225 }
6226 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6227 }
6228 if (RT_SUCCESS(rcRet))
6229 {
6230 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6231 AssertRC(rcRet);
6232 }
6233 }
6234 return rcRet;
6235}
6236
6237
6238/**
6239 * Reset notification.
6240 *
6241 * @param pDevIns The device instance data.
6242 */
6243static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6244{
6245 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6246}
6247
6248
6249/**
6250 * Prepare state save and load operation.
6251 *
6252 * @returns VBox status code.
6253 * @param pDevIns Device instance of the device which registered the data unit.
6254 * @param pSSM SSM operation handle.
6255 */
6256static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6257{
6258 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6259
6260 /* sanity - the suspend notification will wait on the async stuff. */
6261 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6262 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6263 ("i=%u\n", i),
6264 VERR_SSM_IDE_ASYNC_TIMEOUT);
6265 return VINF_SUCCESS;
6266}
6267
6268/**
6269 * @copydoc FNSSMDEVLIVEEXEC
6270 */
6271static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6272{
6273 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6274
6275 SSMR3PutU8(pSSM, pThis->u8Type);
6276 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6277 {
6278 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6279 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6280 {
6281 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6282 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6283 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6284 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6285 }
6286 }
6287
6288 return VINF_SSM_DONT_CALL_AGAIN;
6289}
6290
6291
6292/**
6293 * @copydoc FNSSMDEVSAVEEXEC
6294 */
6295static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6296{
6297 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6298
6299 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6300
6301 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6302 {
6303 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6304 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6305 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6306 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6307 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6308 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6309 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6310 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6311 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6312 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6313 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6314 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6315 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6316
6317 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6318 {
6319 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6320 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6321 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6322 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6323 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6324 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6325 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6326 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6327 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6328 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6329 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6330 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6331 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6332 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6333 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6334 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6335 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6336 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6337 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6338 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6339 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6340 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6341 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6342 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6343 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6344 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6345 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6346 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6347 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6348 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6349 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6350 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6351 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6352 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6353 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6354 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6355 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6356 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6357 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6358 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6359 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6360 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6361 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6362 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6363 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6364 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6365 else
6366 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6367 }
6368 }
6369
6370 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6371}
6372
6373/**
6374 * Converts the LUN number into a message string.
6375 */
6376static const char *ataStringifyLun(unsigned iLun)
6377{
6378 switch (iLun)
6379 {
6380 case 0: return "primary master";
6381 case 1: return "primary slave";
6382 case 2: return "secondary master";
6383 case 3: return "secondary slave";
6384 default: AssertFailedReturn("unknown lun");
6385 }
6386}
6387
6388/**
6389 * FNSSMDEVLOADEXEC
6390 */
6391static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6392{
6393 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6394 int rc;
6395 uint32_t u32;
6396
6397 if ( uVersion != ATA_SAVED_STATE_VERSION
6398 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6399 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6400 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6401 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6402 {
6403 AssertMsgFailed(("uVersion=%d\n", uVersion));
6404 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6405 }
6406
6407 /*
6408 * Verify the configuration.
6409 */
6410 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6411 {
6412 uint8_t u8Type;
6413 rc = SSMR3GetU8(pSSM, &u8Type);
6414 AssertRCReturn(rc, rc);
6415 if (u8Type != pThis->u8Type)
6416 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6417
6418 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6419 {
6420 bool fEnabled;
6421 rc = SSMR3GetBool(pSSM, &fEnabled);
6422 AssertRCReturn(rc, rc);
6423 if (!fEnabled)
6424 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6425
6426 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6427 {
6428 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6429
6430 bool fInUse;
6431 rc = SSMR3GetBool(pSSM, &fInUse);
6432 AssertRCReturn(rc, rc);
6433 if (fInUse != (pIf->pDrvBase != NULL))
6434 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6435 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6436 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6437
6438 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6439 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6440 AssertRCReturn(rc, rc);
6441 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6442 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6443 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6444
6445 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6446 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6447 AssertRCReturn(rc, rc);
6448 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6449 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6450 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6451
6452 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6453 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6454 AssertRCReturn(rc, rc);
6455 if (strcmp(szModelNumber, pIf->szModelNumber))
6456 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6457 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6458 }
6459 }
6460 }
6461 if (uPass != SSM_PASS_FINAL)
6462 return VINF_SUCCESS;
6463
6464 /*
6465 * Restore valid parts of the PCIATAState structure
6466 */
6467 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6468 {
6469 /* integrity check */
6470 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6471 {
6472 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6473 return VERR_INTERNAL_ERROR_4;
6474 }
6475
6476 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6477 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6478 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6479 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6480 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6481 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6482 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6483 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6484 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6485 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6486 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6487 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6488 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6489
6490 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6491 {
6492 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6493 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6494 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6495 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6496 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6497 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6498 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6499 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6500 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6501 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6502 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6503 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6504 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6505 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6506 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6507 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6508 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6509 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6510 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6511 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6512 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6513 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6514 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6515 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6516 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6517 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6518 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6519 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6520 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6521 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6522 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6523 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6524 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6525 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6526 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6527 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6528 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6529 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6530 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6531 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6532 {
6533 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6534 }
6535 else
6536 {
6537 uint8_t uATAPISenseKey, uATAPIASC;
6538 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6539 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6540 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6541 SSMR3GetU8(pSSM, &uATAPISenseKey);
6542 SSMR3GetU8(pSSM, &uATAPIASC);
6543 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6544 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6545 }
6546 /** @todo triple-check this hack after passthrough is working */
6547 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6548 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6549 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6550 else
6551 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6552 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6553 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6554 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6555 {
6556 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6557 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6558 else
6559 {
6560 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6561 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6562 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6563
6564 /* skip the buffer if we're loading for the debugger / animator. */
6565 uint8_t u8Ignored;
6566 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6567 while (cbLeft-- > 0)
6568 SSMR3GetU8(pSSM, &u8Ignored);
6569 }
6570 }
6571 else
6572 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6573 }
6574 }
6575 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6576 SSMR3GetU8(pSSM, &pThis->u8Type);
6577
6578 rc = SSMR3GetU32(pSSM, &u32);
6579 if (RT_FAILURE(rc))
6580 return rc;
6581 if (u32 != ~0U)
6582 {
6583 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6584 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6585 return rc;
6586 }
6587
6588 return VINF_SUCCESS;
6589}
6590
6591/**
6592 * Convert config value to DEVPCBIOSBOOT.
6593 *
6594 * @returns VBox status code.
6595 * @param pDevIns The device instance data.
6596 * @param pCfg Configuration handle.
6597 * @param penmChipset Where to store the chipset type.
6598 */
6599static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
6600{
6601 char szType[20];
6602
6603 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
6604 if (RT_FAILURE(rc))
6605 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6606 N_("Configuration error: Querying \"Type\" as a string failed"));
6607 if (!strcmp(szType, "PIIX3"))
6608 *penmChipset = CHIPSET_PIIX3;
6609 else if (!strcmp(szType, "PIIX4"))
6610 *penmChipset = CHIPSET_PIIX4;
6611 else if (!strcmp(szType, "ICH6"))
6612 *penmChipset = CHIPSET_ICH6;
6613 else
6614 {
6615 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6616 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6617 szType);
6618 rc = VERR_INTERNAL_ERROR;
6619 }
6620 return rc;
6621}
6622
6623
6624/**
6625 * @interface_method_impl{PDMDEVREG,pfnConstruct}
6626 */
6627static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
6628{
6629 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6630 PPDMIBASE pBase;
6631 int rc;
6632 bool fGCEnabled;
6633 bool fR0Enabled;
6634 uint32_t DelayIRQMillies;
6635
6636 Assert(iInstance == 0);
6637 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
6638
6639 /*
6640 * Initialize NIL handle values (for the destructor).
6641 */
6642 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6643 {
6644 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6645 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6646 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6647 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6648 }
6649
6650 /*
6651 * Validate and read configuration.
6652 */
6653 if (!CFGMR3AreValuesValid(pCfg,
6654 "GCEnabled\0"
6655 "R0Enabled\0"
6656 "IRQDelay\0"
6657 "Type\0")
6658 /** @todo || invalid keys */)
6659 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6660 N_("PIIX3 configuration error: unknown option specified"));
6661
6662 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
6663 if (RT_FAILURE(rc))
6664 return PDMDEV_SET_ERROR(pDevIns, rc,
6665 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6666 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6667
6668 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
6669 if (RT_FAILURE(rc))
6670 return PDMDEV_SET_ERROR(pDevIns, rc,
6671 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6672 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6673
6674 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
6675 if (RT_FAILURE(rc))
6676 return PDMDEV_SET_ERROR(pDevIns, rc,
6677 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6678 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6679 Assert(DelayIRQMillies < 50);
6680
6681 CHIPSET enmChipset = CHIPSET_PIIX3;
6682 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
6683 if (RT_FAILURE(rc))
6684 return rc;
6685 pThis->u8Type = (uint8_t)enmChipset;
6686
6687 /*
6688 * Initialize data (most of it anyway).
6689 */
6690 /* Status LUN. */
6691 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6692 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6693
6694 /* PCI configuration space. */
6695 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6696
6697 /*
6698 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6699 * as it explicitly checks for PCI id for IDE controllers.
6700 */
6701 switch (pThis->u8Type)
6702 {
6703 case CHIPSET_ICH6:
6704 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6705 /** @todo: do we need it? Do we need anything else? */
6706 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6707 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6708 pThis->dev.config[0x4B] = 0x00;
6709 {
6710 /*
6711 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6712 * Report
6713 * WR_Ping-Pong_EN: must be set
6714 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6715 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6716 */
6717 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6718 pThis->dev.config[0x54] = u16Config & 0xff;
6719 pThis->dev.config[0x55] = u16Config >> 8;
6720 }
6721 break;
6722 case CHIPSET_PIIX4:
6723 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6724 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6725 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6726 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6727 pThis->dev.config[0x4B] = 0x00;
6728 break;
6729 case CHIPSET_PIIX3:
6730 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6731 break;
6732 default:
6733 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6734 }
6735
6736 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6737 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6738 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6739 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6740 PCIDevSetHeaderType(&pThis->dev, 0x00);
6741
6742 pThis->pDevIns = pDevIns;
6743 pThis->fGCEnabled = fGCEnabled;
6744 pThis->fR0Enabled = fR0Enabled;
6745 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6746 {
6747 pThis->aCts[i].pDevInsR3 = pDevIns;
6748 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6749 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6750 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6751 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6752 {
6753 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6754
6755 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6756 pIf->pDevInsR3 = pDevIns;
6757 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6758 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6759 pIf->pControllerR3 = &pThis->aCts[i];
6760 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6761 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6762 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6763 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6764 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6765 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
6766 pIf->Led.u32Magic = PDMLED_MAGIC;
6767 }
6768 }
6769
6770 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6771 pThis->aCts[0].irq = 14;
6772 pThis->aCts[0].IOPortBase1 = 0x1f0;
6773 pThis->aCts[0].IOPortBase2 = 0x3f6;
6774 pThis->aCts[1].irq = 15;
6775 pThis->aCts[1].IOPortBase1 = 0x170;
6776 pThis->aCts[1].IOPortBase2 = 0x376;
6777
6778 /*
6779 * Register the PCI device.
6780 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6781 * device the slot next to itself.
6782 */
6783 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6784 if (RT_FAILURE(rc))
6785 return PDMDEV_SET_ERROR(pDevIns, rc,
6786 N_("PIIX3 cannot register PCI device"));
6787 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6788 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6789 if (RT_FAILURE(rc))
6790 return PDMDEV_SET_ERROR(pDevIns, rc,
6791 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6792
6793 /*
6794 * Register the I/O ports.
6795 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6796 */
6797 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6798 {
6799 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6800 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6801 if (RT_FAILURE(rc))
6802 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6803
6804 if (fGCEnabled)
6805 {
6806 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6807 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6808 if (RT_FAILURE(rc))
6809 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6810 }
6811
6812 if (fR0Enabled)
6813 {
6814#if 1
6815 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6816 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6817#else
6818 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6819 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6820#endif
6821 if (RT_FAILURE(rc))
6822 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6823 }
6824
6825 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6826 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6827 if (RT_FAILURE(rc))
6828 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6829
6830 if (fGCEnabled)
6831 {
6832 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6833 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6834 if (RT_FAILURE(rc))
6835 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6836 }
6837 if (fR0Enabled)
6838 {
6839 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6840 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6841 if (RT_FAILURE(rc))
6842 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6843 }
6844
6845 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6846 {
6847 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6848 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6849 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6850 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6851 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6852 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6853 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
6854 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6855 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
6856#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6857 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6858 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
6859#endif
6860 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6861 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
6862#ifdef VBOX_INSTRUMENT_DMA_WRITES
6863 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6864 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
6865#endif
6866#ifdef VBOX_WITH_STATISTICS
6867 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6868 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
6869#endif
6870 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6871 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
6872#ifdef VBOX_WITH_STATISTICS
6873 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6874 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
6875#endif
6876 }
6877#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6878 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6879 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
6880 /** @todo STAMUNIT_MICROSECS */
6881 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6882 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
6883 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6884 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
6885 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6886 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
6887 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6888 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
6889 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6890 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
6891#endif /* VBOX_WITH_STATISTICS */
6892
6893 /* Initialize per-controller critical section */
6894 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
6895 if (RT_FAILURE(rc))
6896 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6897 }
6898
6899 /*
6900 * Attach status driver (optional).
6901 */
6902 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6903 if (RT_SUCCESS(rc))
6904 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
6905 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6906 {
6907 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6908 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6909 }
6910
6911 /*
6912 * Attach the units.
6913 */
6914 uint32_t cbTotalBuffer = 0;
6915 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6916 {
6917 PATACONTROLLER pCtl = &pThis->aCts[i];
6918
6919 /*
6920 * Start the worker thread.
6921 */
6922 pCtl->uAsyncIOState = ATA_AIO_NEW;
6923 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6924 AssertLogRelRCReturn(rc, rc);
6925 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6926 AssertLogRelRCReturn(rc, rc);
6927 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6928 AssertLogRelRCReturn(rc, rc);
6929 ataAsyncIOClearRequests(pCtl);
6930 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
6931 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6932 AssertLogRelRCReturn(rc, rc);
6933 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6934 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6935
6936 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6937 {
6938 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6939 {
6940 { "Primary Master", "Primary Slave" },
6941 { "Secondary Master", "Secondary Slave" }
6942 };
6943
6944 /*
6945 * Try attach the block device and get the interfaces,
6946 * required as well as optional.
6947 */
6948 ATADevState *pIf = &pCtl->aIfs[j];
6949
6950 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6951 if (RT_SUCCESS(rc))
6952 {
6953 rc = ataConfigLun(pDevIns, pIf);
6954 if (RT_SUCCESS(rc))
6955 {
6956 /*
6957 * Init vendor product data.
6958 */
6959 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6960 {
6961 { "PrimaryMaster", "PrimarySlave" },
6962 { "SecondaryMaster", "SecondarySlave" }
6963 };
6964
6965 /* Generate a default serial number. */
6966 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6967 RTUUID Uuid;
6968 if (pIf->pDrvBlock)
6969 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6970 else
6971 RTUuidClear(&Uuid);
6972
6973 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6974 {
6975 /* Generate a predictable serial for drives which don't have a UUID. */
6976 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6977 pIf->iLUN + pDevIns->iInstance * 32,
6978 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6979 }
6980 else
6981 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6982
6983 /* Get user config if present using defaults otherwise. */
6984 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
6985 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6986 szSerial);
6987 if (RT_FAILURE(rc))
6988 {
6989 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6990 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6991 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6992 return PDMDEV_SET_ERROR(pDevIns, rc,
6993 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6994 }
6995
6996 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6997 "1.0");
6998 if (RT_FAILURE(rc))
6999 {
7000 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7001 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7002 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7003 return PDMDEV_SET_ERROR(pDevIns, rc,
7004 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7005 }
7006
7007 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7008 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7009 if (RT_FAILURE(rc))
7010 {
7011 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7012 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7013 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7014 return PDMDEV_SET_ERROR(pDevIns, rc,
7015 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7016 }
7017
7018 /* There are three other identification strings for CD drives used for INQUIRY */
7019 if (pIf->fATAPI)
7020 {
7021 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7022 "VBOX");
7023 if (RT_FAILURE(rc))
7024 {
7025 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7026 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7027 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7028 return PDMDEV_SET_ERROR(pDevIns, rc,
7029 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7030 }
7031
7032 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7033 "CD-ROM");
7034 if (RT_FAILURE(rc))
7035 {
7036 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7037 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7038 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7039 return PDMDEV_SET_ERROR(pDevIns, rc,
7040 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7041 }
7042
7043 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7044 "1.0");
7045 if (RT_FAILURE(rc))
7046 {
7047 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7048 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7049 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7050 return PDMDEV_SET_ERROR(pDevIns, rc,
7051 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7052 }
7053 }
7054 }
7055
7056 }
7057 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7058 {
7059 pIf->pDrvBase = NULL;
7060 pIf->pDrvBlock = NULL;
7061 pIf->cbIOBuffer = 0;
7062 pIf->pbIOBufferR3 = NULL;
7063 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7064 pIf->pbIOBufferRC = NIL_RTGCPTR;
7065 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7066 }
7067 else
7068 {
7069 switch (rc)
7070 {
7071 case VERR_ACCESS_DENIED:
7072 /* Error already cached by DrvHostBase */
7073 return rc;
7074 default:
7075 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7076 N_("PIIX3 cannot attach drive to the %s"),
7077 s_apszDescs[i][j]);
7078 }
7079 }
7080 cbTotalBuffer += pIf->cbIOBuffer;
7081 }
7082 }
7083
7084 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7085 NULL, ataLiveExec, NULL,
7086 ataSaveLoadPrep, ataSaveExec, NULL,
7087 ataSaveLoadPrep, ataLoadExec, NULL);
7088 if (RT_FAILURE(rc))
7089 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7090
7091 /*
7092 * Initialize the device state.
7093 */
7094 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7095}
7096
7097
7098/**
7099 * The device registration structure.
7100 */
7101const PDMDEVREG g_DevicePIIX3IDE =
7102{
7103 /* u32Version */
7104 PDM_DEVREG_VERSION,
7105 /* szName */
7106 "piix3ide",
7107 /* szRCMod */
7108 "VBoxDDGC.gc",
7109 /* szR0Mod */
7110 "VBoxDDR0.r0",
7111 /* pszDescription */
7112 "Intel PIIX3 ATA controller.\n"
7113 " LUN #0 is primary master.\n"
7114 " LUN #1 is primary slave.\n"
7115 " LUN #2 is secondary master.\n"
7116 " LUN #3 is secondary slave.\n"
7117 " LUN #999 is the LED/Status connector.",
7118 /* fFlags */
7119 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7120 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7121 /* fClass */
7122 PDM_DEVREG_CLASS_STORAGE,
7123 /* cMaxInstances */
7124 1,
7125 /* cbInstance */
7126 sizeof(PCIATAState),
7127 /* pfnConstruct */
7128 ataR3Construct,
7129 /* pfnDestruct */
7130 ataR3Destruct,
7131 /* pfnRelocate */
7132 ataR3Relocate,
7133 /* pfnIOCtl */
7134 NULL,
7135 /* pfnPowerOn */
7136 NULL,
7137 /* pfnReset */
7138 ataR3Reset,
7139 /* pfnSuspend */
7140 ataR3Suspend,
7141 /* pfnResume */
7142 ataR3Resume,
7143 /* pfnAttach */
7144 ataR3Attach,
7145 /* pfnDetach */
7146 ataR3Detach,
7147 /* pfnQueryInterface. */
7148 NULL,
7149 /* pfnInitComplete */
7150 NULL,
7151 /* pfnPowerOff */
7152 ataR3PowerOff,
7153 /* pfnSoftReset */
7154 NULL,
7155 /* u32VersionEnd */
7156 PDM_DEVREG_VERSION
7157};
7158#endif /* IN_RING3 */
7159#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette