VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 35934

Last change on this file since 35934 was 35767, checked in by vboxsync, 14 years ago

Storage/DevATA: fix device reset handling, sanity check was wrong

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 272.5 KB
Line 
1/* $Id: DevATA.cpp 35767 2011-01-28 14:41:06Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "VBoxDD.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/* Media track type */
102#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
103#define ATA_MEDIA_TYPE_DATA 1 /**< Data CD */
104#define ATA_MEDIA_TYPE_CDDA 2 /**< CD-DA (audio) CD type */
105
106/**
107 * Length of the configurable VPD data (without termination)
108 */
109#define ATA_SERIAL_NUMBER_LENGTH 20
110#define ATA_FIRMWARE_REVISION_LENGTH 8
111#define ATA_MODEL_NUMBER_LENGTH 40
112#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
113#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
114#define ATAPI_INQUIRY_REVISION_LENGTH 4
115
116/*******************************************************************************
117* Structures and Typedefs *
118*******************************************************************************/
119/**
120 * The state of an ATA device.
121 *
122 * @implements PDMIBASE
123 * @implements PDMIBLOCKPORT
124 * @implements PDMIMOUNTNOTIFY
125 */
126typedef struct ATADevState
127{
128 /** Flag indicating whether the current command uses LBA48 mode. */
129 bool fLBA48;
130 /** Flag indicating whether this drive implements the ATAPI command set. */
131 bool fATAPI;
132 /** Set if this interface has asserted the IRQ. */
133 bool fIrqPending;
134 /** Currently configured number of sectors in a multi-sector transfer. */
135 uint8_t cMultSectors;
136 /** PCHS disk geometry. */
137 PDMMEDIAGEOMETRY PCHSGeometry;
138 /** Total number of sectors on this disk. */
139 uint64_t cTotalSectors;
140 /** Number of sectors to transfer per IRQ. */
141 uint32_t cSectorsPerIRQ;
142
143 /** ATA/ATAPI register 1: feature (write-only). */
144 uint8_t uATARegFeature;
145 /** ATA/ATAPI register 1: feature, high order byte. */
146 uint8_t uATARegFeatureHOB;
147 /** ATA/ATAPI register 1: error (read-only). */
148 uint8_t uATARegError;
149 /** ATA/ATAPI register 2: sector count (read/write). */
150 uint8_t uATARegNSector;
151 /** ATA/ATAPI register 2: sector count, high order byte. */
152 uint8_t uATARegNSectorHOB;
153 /** ATA/ATAPI register 3: sector (read/write). */
154 uint8_t uATARegSector;
155 /** ATA/ATAPI register 3: sector, high order byte. */
156 uint8_t uATARegSectorHOB;
157 /** ATA/ATAPI register 4: cylinder low (read/write). */
158 uint8_t uATARegLCyl;
159 /** ATA/ATAPI register 4: cylinder low, high order byte. */
160 uint8_t uATARegLCylHOB;
161 /** ATA/ATAPI register 5: cylinder high (read/write). */
162 uint8_t uATARegHCyl;
163 /** ATA/ATAPI register 5: cylinder high, high order byte. */
164 uint8_t uATARegHCylHOB;
165 /** ATA/ATAPI register 6: select drive/head (read/write). */
166 uint8_t uATARegSelect;
167 /** ATA/ATAPI register 7: status (read-only). */
168 uint8_t uATARegStatus;
169 /** ATA/ATAPI register 7: command (write-only). */
170 uint8_t uATARegCommand;
171 /** ATA/ATAPI drive control register (write-only). */
172 uint8_t uATARegDevCtl;
173
174 /** Currently active transfer mode (MDMA/UDMA) and speed. */
175 uint8_t uATATransferMode;
176 /** Current transfer direction. */
177 uint8_t uTxDir;
178 /** Index of callback for begin transfer. */
179 uint8_t iBeginTransfer;
180 /** Index of callback for source/sink of data. */
181 uint8_t iSourceSink;
182 /** Flag indicating whether the current command transfers data in DMA mode. */
183 bool fDMA;
184 /** Set to indicate that ATAPI transfer semantics must be used. */
185 bool fATAPITransfer;
186
187 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbTotalTransfer;
189 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
190 uint32_t cbElementaryTransfer;
191 /** Current read/write buffer position, shared PIO/DMA. */
192 uint32_t iIOBufferCur;
193 /** First element beyond end of valid buffer content, shared PIO/DMA. */
194 uint32_t iIOBufferEnd;
195
196 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataStart;
198 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
199 uint32_t iIOBufferPIODataEnd;
200
201 /** ATAPI current LBA position. */
202 uint32_t iATAPILBA;
203 /** ATAPI current sector size. */
204 uint32_t cbATAPISector;
205 /** ATAPI current command. */
206 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
207 /** ATAPI sense data. */
208 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
209 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
210 uint8_t cNotifiedMediaChange;
211 /** The same for GET_EVENT_STATUS for mechanism */
212 volatile uint32_t MediaEventStatus;
213
214 /** Media type if known. */
215 volatile uint32_t MediaTrackType;
216
217 /** The status LED state for this drive. */
218 PDMLED Led;
219
220 /** Size of I/O buffer. */
221 uint32_t cbIOBuffer;
222 /** Pointer to the I/O buffer. */
223 R3PTRTYPE(uint8_t *) pbIOBufferR3;
224 /** Pointer to the I/O buffer. */
225 R0PTRTYPE(uint8_t *) pbIOBufferR0;
226 /** Pointer to the I/O buffer. */
227 RCPTRTYPE(uint8_t *) pbIOBufferRC;
228
229 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
230
231 /*
232 * No data that is part of the saved state after this point!!!!!
233 */
234
235 /* Release statistics: number of ATA DMA commands. */
236 STAMCOUNTER StatATADMA;
237 /* Release statistics: number of ATA PIO commands. */
238 STAMCOUNTER StatATAPIO;
239 /* Release statistics: number of ATAPI PIO commands. */
240 STAMCOUNTER StatATAPIDMA;
241 /* Release statistics: number of ATAPI PIO commands. */
242 STAMCOUNTER StatATAPIPIO;
243#ifdef VBOX_INSTRUMENT_DMA_WRITES
244 /* Release statistics: number of DMA sector writes and the time spent. */
245 STAMPROFILEADV StatInstrVDWrites;
246#endif
247
248 /** Statistics: number of read operations and the time spent reading. */
249 STAMPROFILEADV StatReads;
250 /** Statistics: number of bytes read. */
251 STAMCOUNTER StatBytesRead;
252 /** Statistics: number of write operations and the time spent writing. */
253 STAMPROFILEADV StatWrites;
254 /** Statistics: number of bytes written. */
255 STAMCOUNTER StatBytesWritten;
256 /** Statistics: number of flush operations and the time spend flushing. */
257 STAMPROFILE StatFlushes;
258
259 /** Enable passing through commands directly to the ATAPI drive. */
260 bool fATAPIPassthrough;
261 /** Number of errors we've reported to the release log.
262 * This is to prevent flooding caused by something going horribly wrong.
263 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
264 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
265 uint32_t cErrors;
266 /** Timestamp of last started command. 0 if no command pending. */
267 uint64_t u64CmdTS;
268
269 /** Pointer to the attached driver's base interface. */
270 R3PTRTYPE(PPDMIBASE) pDrvBase;
271 /** Pointer to the attached driver's block interface. */
272 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
273 /** Pointer to the attached driver's block bios interface. */
274 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
275 /** Pointer to the attached driver's mount interface.
276 * This is NULL if the driver isn't a removable unit. */
277 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
278 /** The base interface. */
279 PDMIBASE IBase;
280 /** The block port interface. */
281 PDMIBLOCKPORT IPort;
282 /** The mount notify interface. */
283 PDMIMOUNTNOTIFY IMountNotify;
284 /** The LUN #. */
285 RTUINT iLUN;
286 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
287 /** Pointer to device instance. */
288 PPDMDEVINSR3 pDevInsR3;
289 /** Pointer to controller instance. */
290 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
291 /** Pointer to device instance. */
292 PPDMDEVINSR0 pDevInsR0;
293 /** Pointer to controller instance. */
294 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
295 /** Pointer to device instance. */
296 PPDMDEVINSRC pDevInsRC;
297 /** Pointer to controller instance. */
298 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
299
300 /** The serial number to use for IDENTIFY DEVICE commands. */
301 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
302 /** The firmware revision to use for IDENTIFY DEVICE commands. */
303 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
304 /** The model number to use for IDENTIFY DEVICE commands. */
305 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
306 /** The vendor identification string for SCSI INQUIRY commands. */
307 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
308 /** The product identification string for SCSI INQUIRY commands. */
309 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
310 /** The revision string for SCSI INQUIRY commands. */
311 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
312
313 uint8_t abAlignment3[7];
314} ATADevState;
315AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
316AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
317AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
318AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
319AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
320AssertCompileSizeAlignment(ATADevState, 8);
321
322
323typedef struct ATATransferRequest
324{
325 uint8_t iIf;
326 uint8_t iBeginTransfer;
327 uint8_t iSourceSink;
328 uint32_t cbTotalTransfer;
329 uint8_t uTxDir;
330} ATATransferRequest;
331
332
333typedef struct ATAAbortRequest
334{
335 uint8_t iIf;
336 bool fResetDrive;
337} ATAAbortRequest;
338
339
340typedef enum
341{
342 /** Begin a new transfer. */
343 ATA_AIO_NEW = 0,
344 /** Continue a DMA transfer. */
345 ATA_AIO_DMA,
346 /** Continue a PIO transfer. */
347 ATA_AIO_PIO,
348 /** Reset the drives on current controller, stop all transfer activity. */
349 ATA_AIO_RESET_ASSERTED,
350 /** Reset the drives on current controller, resume operation. */
351 ATA_AIO_RESET_CLEARED,
352 /** Abort the current transfer of a particular drive. */
353 ATA_AIO_ABORT
354} ATAAIO;
355
356
357typedef struct ATARequest
358{
359 ATAAIO ReqType;
360 union
361 {
362 ATATransferRequest t;
363 ATAAbortRequest a;
364 } u;
365} ATARequest;
366
367
368typedef struct ATACONTROLLER
369{
370 /** The base of the first I/O Port range. */
371 RTIOPORT IOPortBase1;
372 /** The base of the second I/O Port range. (0 if none) */
373 RTIOPORT IOPortBase2;
374 /** The assigned IRQ. */
375 RTUINT irq;
376 /** Access critical section */
377 PDMCRITSECT lock;
378
379 /** Selected drive. */
380 uint8_t iSelectedIf;
381 /** The interface on which to handle async I/O. */
382 uint8_t iAIOIf;
383 /** The state of the async I/O thread. */
384 uint8_t uAsyncIOState;
385 /** Flag indicating whether the next transfer is part of the current command. */
386 bool fChainedTransfer;
387 /** Set when the reset processing is currently active on this controller. */
388 bool fReset;
389 /** Flag whether the current transfer needs to be redone. */
390 bool fRedo;
391 /** Flag whether the redo suspend has been finished. */
392 bool fRedoIdle;
393 /** Flag whether the DMA operation to be redone is the final transfer. */
394 bool fRedoDMALastDesc;
395 /** The BusMaster DMA state. */
396 BMDMAState BmDma;
397 /** Pointer to first DMA descriptor. */
398 RTGCPHYS32 pFirstDMADesc;
399 /** Pointer to last DMA descriptor. */
400 RTGCPHYS32 pLastDMADesc;
401 /** Pointer to current DMA buffer (for redo operations). */
402 RTGCPHYS32 pRedoDMABuffer;
403 /** Size of current DMA buffer (for redo operations). */
404 uint32_t cbRedoDMABuffer;
405
406 /** The ATA/ATAPI interfaces of this controller. */
407 ATADevState aIfs[2];
408
409 /** Pointer to device instance. */
410 PPDMDEVINSR3 pDevInsR3;
411 /** Pointer to device instance. */
412 PPDMDEVINSR0 pDevInsR0;
413 /** Pointer to device instance. */
414 PPDMDEVINSRC pDevInsRC;
415
416 /** Set when the destroying the device instance and the thread must exit. */
417 uint32_t volatile fShutdown;
418 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
419 RTTHREAD AsyncIOThread;
420 /** The event semaphore the thread is waiting on for requests. */
421 RTSEMEVENT AsyncIOSem;
422 /** The request queue for the AIO thread. One element is always unused. */
423 ATARequest aAsyncIORequests[4];
424 /** The position at which to insert a new request for the AIO thread. */
425 volatile uint8_t AsyncIOReqHead;
426 /** The position at which to get a new request for the AIO thread. */
427 volatile uint8_t AsyncIOReqTail;
428 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
429 bool volatile fSignalIdle;
430 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
431 /** Magic delay before triggering interrupts in DMA mode. */
432 uint32_t DelayIRQMillies;
433 /** The mutex protecting the request queue. */
434 RTSEMMUTEX AsyncIORequestMutex;
435 /** The event semaphore the thread is waiting on during suspended I/O. */
436 RTSEMEVENT SuspendIOSem;
437#if 0 /*HC_ARCH_BITS == 32*/
438 uint32_t Alignment0;
439#endif
440
441 /** Timestamp we started the reset. */
442 uint64_t u64ResetTime;
443
444 /* Statistics */
445 STAMCOUNTER StatAsyncOps;
446 uint64_t StatAsyncMinWait;
447 uint64_t StatAsyncMaxWait;
448 STAMCOUNTER StatAsyncTimeUS;
449 STAMPROFILEADV StatAsyncTime;
450 STAMPROFILE StatLockWait;
451} ATACONTROLLER, *PATACONTROLLER;
452AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
453AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
456
457typedef enum CHIPSET
458{
459 /** PIIX3 chipset, must be 0 for saved state compatibility */
460 CHIPSET_PIIX3 = 0,
461 /** PIIX4 chipset, must be 1 for saved state compatibility */
462 CHIPSET_PIIX4 = 1,
463 /** ICH6 chipset */
464 CHIPSET_ICH6 = 2
465} CHIPSET;
466
467/**
468 * The state of the ATA PCI device.
469 *
470 * @extends PCIDEVICE
471 * @implements PDMILEDPORTS
472 */
473typedef struct PCIATAState
474{
475 PCIDEVICE dev;
476 /** The controllers. */
477 ATACONTROLLER aCts[2];
478 /** Pointer to device instance. */
479 PPDMDEVINSR3 pDevIns;
480 /** Status LUN: Base interface. */
481 PDMIBASE IBase;
482 /** Status LUN: Leds interface. */
483 PDMILEDPORTS ILeds;
484 /** Status LUN: Partner of ILeds. */
485 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
486 /** Flag whether GC is enabled. */
487 bool fGCEnabled;
488 /** Flag whether R0 is enabled. */
489 bool fR0Enabled;
490 /** Flag indicating chipset being emulated. */
491 uint8_t u8Type;
492 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
493} PCIATAState;
494
495#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
496#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
497#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
498#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
499#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
500#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
501
502#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
503
504#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
505#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
506#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
507#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
508#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
509
510#ifndef VBOX_DEVICE_STRUCT_TESTCASE
511/*******************************************************************************
512 * Internal Functions *
513 ******************************************************************************/
514RT_C_DECLS_BEGIN
515PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
516PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
517PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
518PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
521PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
522PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
523RT_C_DECLS_END
524
525
526
527DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
528{
529 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
530
531 /* Freeze status register contents while processing RESET. */
532 if (!pCtl->fReset)
533 {
534 s->uATARegStatus = stat;
535 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
536 }
537}
538
539
540DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
541{
542 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
543
544 /* Freeze status register contents while processing RESET. */
545 if (!pCtl->fReset)
546 {
547 s->uATARegStatus |= stat;
548 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
549 }
550}
551
552
553DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
554{
555 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
556
557 /* Freeze status register contents while processing RESET. */
558 if (!pCtl->fReset)
559 {
560 s->uATARegStatus &= ~stat;
561 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
562 }
563}
564
565#ifdef IN_RING3
566
567typedef void (*PBeginTransferFunc)(ATADevState *);
568typedef bool (*PSourceSinkFunc)(ATADevState *);
569
570static void ataReadWriteSectorsBT(ATADevState *);
571static void ataPacketBT(ATADevState *);
572static void atapiCmdBT(ATADevState *);
573static void atapiPassthroughCmdBT(ATADevState *);
574
575static bool ataIdentifySS(ATADevState *);
576static bool ataFlushSS(ATADevState *);
577static bool ataReadSectorsSS(ATADevState *);
578static bool ataWriteSectorsSS(ATADevState *);
579static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
580static bool ataPacketSS(ATADevState *);
581static bool atapiGetConfigurationSS(ATADevState *);
582static bool atapiGetEventStatusNotificationSS(ATADevState *);
583static bool atapiIdentifySS(ATADevState *);
584static bool atapiInquirySS(ATADevState *);
585static bool atapiMechanismStatusSS(ATADevState *);
586static bool atapiModeSenseErrorRecoverySS(ATADevState *);
587static bool atapiModeSenseCDStatusSS(ATADevState *);
588static bool atapiReadSS(ATADevState *);
589static bool atapiReadCapacitySS(ATADevState *);
590static bool atapiReadDiscInformationSS(ATADevState *);
591static bool atapiReadTOCNormalSS(ATADevState *);
592static bool atapiReadTOCMultiSS(ATADevState *);
593static bool atapiReadTOCRawSS(ATADevState *);
594static bool atapiReadTrackInformationSS(ATADevState *);
595static bool atapiRequestSenseSS(ATADevState *);
596static bool atapiPassthroughSS(ATADevState *);
597static bool atapiReadDVDStructureSS(ATADevState *);
598
599/**
600 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
601 */
602typedef enum ATAFNBT
603{
604 ATAFN_BT_NULL = 0,
605 ATAFN_BT_READ_WRITE_SECTORS,
606 ATAFN_BT_PACKET,
607 ATAFN_BT_ATAPI_CMD,
608 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
609 ATAFN_BT_MAX
610} ATAFNBT;
611
612/**
613 * Array of end transfer functions, the index is ATAFNET.
614 * Make sure ATAFNET and this array match!
615 */
616static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
617{
618 NULL,
619 ataReadWriteSectorsBT,
620 ataPacketBT,
621 atapiCmdBT,
622 atapiPassthroughCmdBT,
623};
624
625/**
626 * Source/sink function indexes for g_apfnSourceSinkFuncs.
627 */
628typedef enum ATAFNSS
629{
630 ATAFN_SS_NULL = 0,
631 ATAFN_SS_IDENTIFY,
632 ATAFN_SS_FLUSH,
633 ATAFN_SS_READ_SECTORS,
634 ATAFN_SS_WRITE_SECTORS,
635 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
636 ATAFN_SS_PACKET,
637 ATAFN_SS_ATAPI_GET_CONFIGURATION,
638 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
639 ATAFN_SS_ATAPI_IDENTIFY,
640 ATAFN_SS_ATAPI_INQUIRY,
641 ATAFN_SS_ATAPI_MECHANISM_STATUS,
642 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
643 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
644 ATAFN_SS_ATAPI_READ,
645 ATAFN_SS_ATAPI_READ_CAPACITY,
646 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
647 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
648 ATAFN_SS_ATAPI_READ_TOC_MULTI,
649 ATAFN_SS_ATAPI_READ_TOC_RAW,
650 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
651 ATAFN_SS_ATAPI_REQUEST_SENSE,
652 ATAFN_SS_ATAPI_PASSTHROUGH,
653 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
654 ATAFN_SS_MAX
655} ATAFNSS;
656
657/**
658 * Array of source/sink functions, the index is ATAFNSS.
659 * Make sure ATAFNSS and this array match!
660 */
661static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
662{
663 NULL,
664 ataIdentifySS,
665 ataFlushSS,
666 ataReadSectorsSS,
667 ataWriteSectorsSS,
668 ataExecuteDeviceDiagnosticSS,
669 ataPacketSS,
670 atapiGetConfigurationSS,
671 atapiGetEventStatusNotificationSS,
672 atapiIdentifySS,
673 atapiInquirySS,
674 atapiMechanismStatusSS,
675 atapiModeSenseErrorRecoverySS,
676 atapiModeSenseCDStatusSS,
677 atapiReadSS,
678 atapiReadCapacitySS,
679 atapiReadDiscInformationSS,
680 atapiReadTOCNormalSS,
681 atapiReadTOCMultiSS,
682 atapiReadTOCRawSS,
683 atapiReadTrackInformationSS,
684 atapiRequestSenseSS,
685 atapiPassthroughSS,
686 atapiReadDVDStructureSS
687};
688
689
690static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
691static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
692static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
693static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
694
695static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
696{
697 int rc;
698
699 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
700 AssertRC(rc);
701 pCtl->AsyncIOReqHead = 0;
702 pCtl->AsyncIOReqTail = 0;
703 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
704 AssertRC(rc);
705}
706
707
708static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
709{
710 int rc;
711
712 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
713 AssertRC(rc);
714 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
715 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
716 pCtl->AsyncIOReqHead++;
717 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
718 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
719 AssertRC(rc);
720 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
721 if (RT_FAILURE(rc))
722 {
723 rc = RTSemEventSignal(pCtl->AsyncIOSem);
724 AssertRC(rc);
725 }
726}
727
728
729static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
730{
731 int rc;
732 const ATARequest *pReq;
733
734 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
735 AssertRC(rc);
736 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
737 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
738 else
739 pReq = NULL;
740 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
741 AssertRC(rc);
742 return pReq;
743}
744
745
746/**
747 * Remove the request with the given type, as it's finished. The request
748 * is not removed blindly, as this could mean a RESET request that is not
749 * yet processed (but has cleared the request queue) is lost.
750 *
751 * @param pCtl Controller for which to remove the request.
752 * @param ReqType Type of the request to remove.
753 */
754static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
755{
756 int rc;
757
758 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
759 AssertRC(rc);
760 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
761 {
762 pCtl->AsyncIOReqTail++;
763 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
764 }
765 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
766 AssertRC(rc);
767}
768
769
770/**
771 * Dump the request queue for a particular controller. First dump the queue
772 * contents, then the already processed entries, as long as they haven't been
773 * overwritten.
774 *
775 * @param pCtl Controller for which to dump the queue.
776 */
777static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
778{
779 int rc;
780 uint8_t curr;
781
782 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
783 AssertRC(rc);
784 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
785 curr = pCtl->AsyncIOReqTail;
786 do
787 {
788 if (curr == pCtl->AsyncIOReqHead)
789 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
790 switch (pCtl->aAsyncIORequests[curr].ReqType)
791 {
792 case ATA_AIO_NEW:
793 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
794 break;
795 case ATA_AIO_DMA:
796 LogRel(("dma transfer continuation\n"));
797 break;
798 case ATA_AIO_PIO:
799 LogRel(("pio transfer continuation\n"));
800 break;
801 case ATA_AIO_RESET_ASSERTED:
802 LogRel(("reset asserted request\n"));
803 break;
804 case ATA_AIO_RESET_CLEARED:
805 LogRel(("reset cleared request\n"));
806 break;
807 case ATA_AIO_ABORT:
808 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
809 break;
810 default:
811 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
812 }
813 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
814 } while (curr != pCtl->AsyncIOReqTail);
815 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
816 AssertRC(rc);
817}
818
819
820/**
821 * Checks whether the request queue for a particular controller is empty
822 * or whether a particular controller is idle.
823 *
824 * @param pCtl Controller for which to check the queue.
825 * @param fStrict If set then the controller is checked to be idle.
826 */
827static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
828{
829 int rc;
830 bool fIdle;
831
832 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
833 AssertRC(rc);
834 fIdle = pCtl->fRedoIdle;
835 if (!fIdle)
836 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
837 if (fStrict)
838 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
839 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
840 AssertRC(rc);
841 return fIdle;
842}
843
844
845/**
846 * Send a transfer request to the async I/O thread.
847 *
848 * @param s Pointer to the ATA device state data.
849 * @param cbTotalTransfer Data transfer size.
850 * @param uTxDir Data transfer direction.
851 * @param iBeginTransfer Index of BeginTransfer callback.
852 * @param iSourceSink Index of SourceSink callback.
853 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
854 */
855static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
856{
857 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
858 ATARequest Req;
859
860 Assert(PDMCritSectIsOwner(&pCtl->lock));
861
862 /* Do not issue new requests while the RESET line is asserted. */
863 if (pCtl->fReset)
864 {
865 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
866 return;
867 }
868
869 /* If the controller is already doing something else right now, ignore
870 * the command that is being submitted. Some broken guests issue commands
871 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
872 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
873 {
874 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
875 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
876 return;
877 }
878
879 Req.ReqType = ATA_AIO_NEW;
880 if (fChainedTransfer)
881 Req.u.t.iIf = pCtl->iAIOIf;
882 else
883 Req.u.t.iIf = pCtl->iSelectedIf;
884 Req.u.t.cbTotalTransfer = cbTotalTransfer;
885 Req.u.t.uTxDir = uTxDir;
886 Req.u.t.iBeginTransfer = iBeginTransfer;
887 Req.u.t.iSourceSink = iSourceSink;
888 ataSetStatusValue(s, ATA_STAT_BUSY);
889 pCtl->fChainedTransfer = fChainedTransfer;
890
891 /*
892 * Kick the worker thread into action.
893 */
894 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
895 ataAsyncIOPutRequest(pCtl, &Req);
896}
897
898
899/**
900 * Send an abort command request to the async I/O thread.
901 *
902 * @param s Pointer to the ATA device state data.
903 * @param fResetDrive Whether to reset the drive or just abort a command.
904 */
905static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
906{
907 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
908 ATARequest Req;
909
910 Assert(PDMCritSectIsOwner(&pCtl->lock));
911
912 /* Do not issue new requests while the RESET line is asserted. */
913 if (pCtl->fReset)
914 {
915 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
916 return;
917 }
918
919 Req.ReqType = ATA_AIO_ABORT;
920 Req.u.a.iIf = pCtl->iSelectedIf;
921 Req.u.a.fResetDrive = fResetDrive;
922 ataSetStatus(s, ATA_STAT_BUSY);
923 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
924 ataAsyncIOPutRequest(pCtl, &Req);
925}
926
927
928static void ataSetIRQ(ATADevState *s)
929{
930 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
931 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
932
933 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
934 {
935 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
936 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
937 * line is asserted. It monitors the line for a rising edge. */
938 if (!s->fIrqPending)
939 pCtl->BmDma.u8Status |= BM_STATUS_INT;
940 /* Only actually set the IRQ line if updating the currently selected drive. */
941 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
942 {
943 /** @todo experiment with adaptive IRQ delivery: for reads it is
944 * better to wait for IRQ delivery, as it reduces latency. */
945 if (pCtl->irq == 16)
946 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
947 else
948 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
949 }
950 }
951 s->fIrqPending = true;
952}
953
954#endif /* IN_RING3 */
955
956static void ataUnsetIRQ(ATADevState *s)
957{
958 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
959 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
960
961 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
962 {
963 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
964 /* Only actually unset the IRQ line if updating the currently selected drive. */
965 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
966 {
967 if (pCtl->irq == 16)
968 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
969 else
970 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
971 }
972 }
973 s->fIrqPending = false;
974}
975
976#ifdef IN_RING3
977
978static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
979{
980 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
981 s->iIOBufferPIODataStart = start;
982 s->iIOBufferPIODataEnd = start + size;
983 ataSetStatus(s, ATA_STAT_DRQ);
984}
985
986
987static void ataPIOTransferStop(ATADevState *s)
988{
989 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
990 if (s->fATAPITransfer)
991 {
992 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
993 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
994 ataSetIRQ(s);
995 s->fATAPITransfer = false;
996 }
997 s->cbTotalTransfer = 0;
998 s->cbElementaryTransfer = 0;
999 s->iIOBufferPIODataStart = 0;
1000 s->iIOBufferPIODataEnd = 0;
1001 s->iBeginTransfer = ATAFN_BT_NULL;
1002 s->iSourceSink = ATAFN_SS_NULL;
1003}
1004
1005
1006static void ataPIOTransferLimitATAPI(ATADevState *s)
1007{
1008 uint32_t cbLimit, cbTransfer;
1009
1010 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1011 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1012 if (cbLimit == 0)
1013 cbLimit = 0xfffe;
1014 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1015 if (cbLimit == 0xffff)
1016 cbLimit--;
1017 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1018 if (cbTransfer > cbLimit)
1019 {
1020 /* Byte count limit for clipping must be even in this case */
1021 if (cbLimit & 1)
1022 cbLimit--;
1023 cbTransfer = cbLimit;
1024 }
1025 s->uATARegLCyl = cbTransfer;
1026 s->uATARegHCyl = cbTransfer >> 8;
1027 s->cbElementaryTransfer = cbTransfer;
1028}
1029
1030
1031static uint32_t ataGetNSectors(ATADevState *s)
1032{
1033 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1034 if (s->fLBA48)
1035 {
1036 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1037 return 65536;
1038 else
1039 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1040 }
1041 else
1042 {
1043 if (!s->uATARegNSector)
1044 return 256;
1045 else
1046 return s->uATARegNSector;
1047 }
1048}
1049
1050
1051static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1052{
1053 for (uint32_t i = 0; i < cbSize; i++)
1054 {
1055 if (*pbSrc)
1056 pbDst[i ^ 1] = *pbSrc++;
1057 else
1058 pbDst[i ^ 1] = ' ';
1059 }
1060}
1061
1062
1063static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1064{
1065 for (uint32_t i = 0; i < cbSize; i++)
1066 {
1067 if (*pbSrc)
1068 pbDst[i] = *pbSrc++;
1069 else
1070 pbDst[i] = ' ';
1071 }
1072}
1073
1074
1075DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1076{
1077 pbBuf[0] = val >> 8;
1078 pbBuf[1] = val;
1079}
1080
1081
1082DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1083{
1084 pbBuf[0] = val >> 16;
1085 pbBuf[1] = val >> 8;
1086 pbBuf[2] = val;
1087}
1088
1089
1090DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1091{
1092 pbBuf[0] = val >> 24;
1093 pbBuf[1] = val >> 16;
1094 pbBuf[2] = val >> 8;
1095 pbBuf[3] = val;
1096}
1097
1098
1099DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1100{
1101 return (pbBuf[0] << 8) | pbBuf[1];
1102}
1103
1104
1105DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1114}
1115
1116
1117DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1118{
1119 iATAPILBA += 150;
1120 pbBuf[0] = (iATAPILBA / 75) / 60;
1121 pbBuf[1] = (iATAPILBA / 75) % 60;
1122 pbBuf[2] = iATAPILBA % 75;
1123}
1124
1125
1126DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1127{
1128 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1129}
1130
1131
1132static void ataCmdOK(ATADevState *s, uint8_t status)
1133{
1134 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1135 ataSetStatusValue(s, ATA_STAT_READY | status);
1136}
1137
1138
1139static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1140{
1141 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1142 Assert(uErrorCode);
1143 s->uATARegError = uErrorCode;
1144 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1145 s->cbTotalTransfer = 0;
1146 s->cbElementaryTransfer = 0;
1147 s->iIOBufferCur = 0;
1148 s->iIOBufferEnd = 0;
1149 s->uTxDir = PDMBLOCKTXDIR_NONE;
1150 s->iBeginTransfer = ATAFN_BT_NULL;
1151 s->iSourceSink = ATAFN_SS_NULL;
1152}
1153
1154static uint32_t ataChecksum(void* ptr, size_t count)
1155{
1156 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1157 size_t i;
1158
1159 for (i = 0; i < count; i++)
1160 {
1161 u8Sum += *p++;
1162 }
1163
1164 return (uint8_t)-(int32_t)u8Sum;
1165}
1166
1167static bool ataIdentifySS(ATADevState *s)
1168{
1169 uint16_t *p;
1170
1171 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1172 Assert(s->cbElementaryTransfer == 512);
1173
1174 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1175 memset(p, 0, 512);
1176 p[0] = RT_H2LE_U16(0x0040);
1177 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1178 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1179 /* Block size; obsolete, but required for the BIOS. */
1180 p[5] = RT_H2LE_U16(512);
1181 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1182 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1183 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1184 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1185 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1186 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1187 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1188#if ATA_MAX_MULT_SECTORS > 1
1189 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1190#endif
1191 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1192 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1193 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1194 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1195 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1196 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1197 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1198 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1199 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1200 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1201 * s->PCHSGeometry.cHeads
1202 * s->PCHSGeometry.cSectors);
1203 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1204 * s->PCHSGeometry.cHeads
1205 * s->PCHSGeometry.cSectors >> 16);
1206 if (s->cMultSectors)
1207 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1208 if (s->cTotalSectors <= (1 << 28) - 1)
1209 {
1210 p[60] = RT_H2LE_U16(s->cTotalSectors);
1211 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1212 }
1213 else
1214 {
1215 /* Report maximum number of sectors possible with LBA28 */
1216 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1217 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1218 }
1219 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1220 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1221 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1222 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1223 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1224 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1225 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1226 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1227 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1228 if (s->cTotalSectors <= (1 << 28) - 1)
1229 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1230 else
1231 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1232 p[84] = RT_H2LE_U16(1 << 14);
1233 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1234 if (s->cTotalSectors <= (1 << 28) - 1)
1235 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1236 else
1237 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1238 p[87] = RT_H2LE_U16(1 << 14);
1239 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1240 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1241 if (s->cTotalSectors > (1 << 28) - 1)
1242 {
1243 p[100] = RT_H2LE_U16(s->cTotalSectors);
1244 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1245 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1246 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1247 }
1248 uint32_t uCsum = ataChecksum(p, 510);
1249 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1250 s->iSourceSink = ATAFN_SS_NULL;
1251 ataCmdOK(s, ATA_STAT_SEEK);
1252 return false;
1253}
1254
1255
1256static bool ataFlushSS(ATADevState *s)
1257{
1258 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1259 int rc;
1260
1261 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1262 Assert(!s->cbElementaryTransfer);
1263
1264 PDMCritSectLeave(&pCtl->lock);
1265
1266 STAM_PROFILE_START(&s->StatFlushes, f);
1267 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1268 AssertRC(rc);
1269 STAM_PROFILE_STOP(&s->StatFlushes, f);
1270
1271 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1272 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1273 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1274 ataCmdOK(s, 0);
1275 return false;
1276}
1277
1278static bool atapiIdentifySS(ATADevState *s)
1279{
1280 uint16_t *p;
1281
1282 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1283 Assert(s->cbElementaryTransfer == 512);
1284
1285 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1286 memset(p, 0, 512);
1287 /* Removable CDROM, 50us response, 12 byte packets */
1288 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1289 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1290 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1291 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1292 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1293 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1294 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1295 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1296 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1297 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1298 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1299 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1300 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1301 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1302 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1303 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1304 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1305 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1306 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1307 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1308 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1309 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1310 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1311 p[83] = RT_H2LE_U16(1 << 14);
1312 p[84] = RT_H2LE_U16(1 << 14);
1313 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1314 p[86] = RT_H2LE_U16(0);
1315 p[87] = RT_H2LE_U16(1 << 14);
1316 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1317 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1318 /* According to ATAPI-5 spec:
1319 *
1320 * The use of this word is optional.
1321 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1322 * contain the data
1323 * structure checksum.
1324 * The data structure checksum is the twos complement of the sum of
1325 * all bytes in words 0 through 254 and the byte consisting of
1326 * bits 7:0 in word 255.
1327 * Each byte shall be added with unsigned arithmetic,
1328 * and overflow shall be ignored.
1329 * The sum of all 512 bytes is zero when the checksum is correct.
1330 */
1331 uint32_t uCsum = ataChecksum(p, 510);
1332 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1333
1334 s->iSourceSink = ATAFN_SS_NULL;
1335 ataCmdOK(s, ATA_STAT_SEEK);
1336 return false;
1337}
1338
1339
1340static void ataSetSignature(ATADevState *s)
1341{
1342 s->uATARegSelect &= 0xf0; /* clear head */
1343 /* put signature */
1344 s->uATARegNSector = 1;
1345 s->uATARegSector = 1;
1346 if (s->fATAPI)
1347 {
1348 s->uATARegLCyl = 0x14;
1349 s->uATARegHCyl = 0xeb;
1350 }
1351 else if (s->pDrvBlock)
1352 {
1353 s->uATARegLCyl = 0;
1354 s->uATARegHCyl = 0;
1355 }
1356 else
1357 {
1358 s->uATARegLCyl = 0xff;
1359 s->uATARegHCyl = 0xff;
1360 }
1361}
1362
1363
1364static uint64_t ataGetSector(ATADevState *s)
1365{
1366 uint64_t iLBA;
1367 if (s->uATARegSelect & 0x40)
1368 {
1369 /* any LBA variant */
1370 if (s->fLBA48)
1371 {
1372 /* LBA48 */
1373 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1374 ((uint64_t)s->uATARegLCylHOB << 32) |
1375 ((uint64_t)s->uATARegSectorHOB << 24) |
1376 ((uint64_t)s->uATARegHCyl << 16) |
1377 ((uint64_t)s->uATARegLCyl << 8) |
1378 s->uATARegSector;
1379 }
1380 else
1381 {
1382 /* LBA */
1383 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1384 (s->uATARegLCyl << 8) | s->uATARegSector;
1385 }
1386 }
1387 else
1388 {
1389 /* CHS */
1390 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1391 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1392 (s->uATARegSector - 1);
1393 }
1394 return iLBA;
1395}
1396
1397static void ataSetSector(ATADevState *s, uint64_t iLBA)
1398{
1399 uint32_t cyl, r;
1400 if (s->uATARegSelect & 0x40)
1401 {
1402 /* any LBA variant */
1403 if (s->fLBA48)
1404 {
1405 /* LBA48 */
1406 s->uATARegHCylHOB = iLBA >> 40;
1407 s->uATARegLCylHOB = iLBA >> 32;
1408 s->uATARegSectorHOB = iLBA >> 24;
1409 s->uATARegHCyl = iLBA >> 16;
1410 s->uATARegLCyl = iLBA >> 8;
1411 s->uATARegSector = iLBA;
1412 }
1413 else
1414 {
1415 /* LBA */
1416 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1417 s->uATARegHCyl = (iLBA >> 16);
1418 s->uATARegLCyl = (iLBA >> 8);
1419 s->uATARegSector = (iLBA);
1420 }
1421 }
1422 else
1423 {
1424 /* CHS */
1425 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1426 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1427 s->uATARegHCyl = cyl >> 8;
1428 s->uATARegLCyl = cyl;
1429 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1430 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1431 }
1432}
1433
1434
1435static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1436{
1437 int rc;
1438 LogRel(("PIIX3 ATA: Host disk full\n"));
1439 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1440 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1441 AssertRC(rc);
1442}
1443
1444static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1445{
1446 int rc;
1447 LogRel(("PIIX3 ATA: File too big\n"));
1448 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1449 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1450 AssertRC(rc);
1451}
1452
1453static void ataWarningISCSI(PPDMDEVINS pDevIns)
1454{
1455 int rc;
1456 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1457 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1458 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1459 AssertRC(rc);
1460}
1461
1462static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1463{
1464 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1465 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1466 if (rc == VERR_DISK_FULL)
1467 {
1468 pCtl->fRedoIdle = true;
1469 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1470 return true;
1471 }
1472 if (rc == VERR_FILE_TOO_BIG)
1473 {
1474 pCtl->fRedoIdle = true;
1475 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1476 return true;
1477 }
1478 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1479 {
1480 pCtl->fRedoIdle = true;
1481 /* iSCSI connection abort (first error) or failure to reestablish
1482 * connection (second error). Pause VM. On resume we'll retry. */
1483 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1484 return true;
1485 }
1486 return false;
1487}
1488
1489
1490static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1491 uint32_t cSectors, bool *pfRedo)
1492{
1493 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1494 int rc;
1495
1496 PDMCritSectLeave(&pCtl->lock);
1497
1498 STAM_PROFILE_ADV_START(&s->StatReads, r);
1499 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1500 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1501 s->Led.Actual.s.fReading = 0;
1502 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1503
1504 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1505
1506 if (RT_SUCCESS(rc))
1507 *pfRedo = false;
1508 else
1509 *pfRedo = ataIsRedoSetWarning(s, rc);
1510
1511 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1512 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1513 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1514 return rc;
1515}
1516
1517
1518static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1519 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1520{
1521 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1522 int rc;
1523
1524 PDMCritSectLeave(&pCtl->lock);
1525
1526 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1527 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1528#ifdef VBOX_INSTRUMENT_DMA_WRITES
1529 if (s->fDMA)
1530 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1531#endif
1532 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1533#ifdef VBOX_INSTRUMENT_DMA_WRITES
1534 if (s->fDMA)
1535 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1536#endif
1537 s->Led.Actual.s.fWriting = 0;
1538 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1539
1540 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1541
1542 if (RT_SUCCESS(rc))
1543 *pfRedo = false;
1544 else
1545 *pfRedo = ataIsRedoSetWarning(s, rc);
1546
1547 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1548 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1549 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1550 return rc;
1551}
1552
1553
1554static void ataReadWriteSectorsBT(ATADevState *s)
1555{
1556 uint32_t cSectors;
1557
1558 cSectors = s->cbTotalTransfer / 512;
1559 if (cSectors > s->cSectorsPerIRQ)
1560 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1561 else
1562 s->cbElementaryTransfer = cSectors * 512;
1563 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1564 ataCmdOK(s, 0);
1565}
1566
1567
1568static bool ataReadSectorsSS(ATADevState *s)
1569{
1570 int rc;
1571 uint32_t cSectors;
1572 uint64_t iLBA;
1573 bool fRedo;
1574
1575 cSectors = s->cbElementaryTransfer / 512;
1576 Assert(cSectors);
1577 iLBA = ataGetSector(s);
1578 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1579 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1580 if (RT_SUCCESS(rc))
1581 {
1582 ataSetSector(s, iLBA + cSectors);
1583 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1584 s->iSourceSink = ATAFN_SS_NULL;
1585 ataCmdOK(s, ATA_STAT_SEEK);
1586 }
1587 else
1588 {
1589 if (fRedo)
1590 return fRedo;
1591 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1592 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1593 s->iLUN, rc, iLBA, cSectors));
1594
1595 /*
1596 * Check if we got interrupted. We don't need to set status variables
1597 * because the request was aborted.
1598 */
1599 if (rc != VERR_INTERRUPTED)
1600 ataCmdError(s, ID_ERR);
1601 }
1602 return false;
1603}
1604
1605
1606static bool ataWriteSectorsSS(ATADevState *s)
1607{
1608 int rc;
1609 uint32_t cSectors;
1610 uint64_t iLBA;
1611 bool fRedo;
1612
1613 cSectors = s->cbElementaryTransfer / 512;
1614 Assert(cSectors);
1615 iLBA = ataGetSector(s);
1616 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1617 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1618 if (RT_SUCCESS(rc))
1619 {
1620 ataSetSector(s, iLBA + cSectors);
1621 if (!s->cbTotalTransfer)
1622 s->iSourceSink = ATAFN_SS_NULL;
1623 ataCmdOK(s, ATA_STAT_SEEK);
1624 }
1625 else
1626 {
1627 if (fRedo)
1628 return fRedo;
1629 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1630 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1631 s->iLUN, rc, iLBA, cSectors));
1632
1633 /*
1634 * Check if we got interrupted. We don't need to set status variables
1635 * because the request was aborted.
1636 */
1637 if (rc != VERR_INTERRUPTED)
1638 ataCmdError(s, ID_ERR);
1639 }
1640 return false;
1641}
1642
1643
1644static void atapiCmdOK(ATADevState *s)
1645{
1646 s->uATARegError = 0;
1647 ataSetStatusValue(s, ATA_STAT_READY);
1648 s->uATARegNSector = (s->uATARegNSector & ~7)
1649 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1650 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1651 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1652
1653 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1654 s->abATAPISense[0] = 0x70 | (1 << 7);
1655 s->abATAPISense[7] = 10;
1656}
1657
1658
1659static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1660{
1661 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1662 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1663 s->uATARegError = pabATAPISense[2] << 4;
1664 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1665 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1666 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1667 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1668 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1669 s->cbTotalTransfer = 0;
1670 s->cbElementaryTransfer = 0;
1671 s->iIOBufferCur = 0;
1672 s->iIOBufferEnd = 0;
1673 s->uTxDir = PDMBLOCKTXDIR_NONE;
1674 s->iBeginTransfer = ATAFN_BT_NULL;
1675 s->iSourceSink = ATAFN_SS_NULL;
1676}
1677
1678
1679/** @todo deprecated function - doesn't provide enough info. Replace by direct
1680 * calls to atapiCmdError() with full data. */
1681static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1682{
1683 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1684 memset(abATAPISense, '\0', sizeof(abATAPISense));
1685 abATAPISense[0] = 0x70 | (1 << 7);
1686 abATAPISense[2] = uATAPISenseKey & 0x0f;
1687 abATAPISense[7] = 10;
1688 abATAPISense[12] = uATAPIASC;
1689 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1690}
1691
1692
1693static void atapiCmdBT(ATADevState *s)
1694{
1695 s->fATAPITransfer = true;
1696 s->cbElementaryTransfer = s->cbTotalTransfer;
1697 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1698 atapiCmdOK(s);
1699}
1700
1701
1702static void atapiPassthroughCmdBT(ATADevState *s)
1703{
1704 /* @todo implement an algorithm for correctly determining the read and
1705 * write sector size without sending additional commands to the drive.
1706 * This should be doable by saving processing the configuration requests
1707 * and replies. */
1708#if 0
1709 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1710 {
1711 uint8_t cmd = s->aATAPICmd[0];
1712 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1713 {
1714 uint8_t aModeSenseCmd[10];
1715 uint8_t aModeSenseResult[16];
1716 uint8_t uDummySense;
1717 uint32_t cbTransfer;
1718 int rc;
1719
1720 cbTransfer = sizeof(aModeSenseResult);
1721 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1722 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1723 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1724 aModeSenseCmd[3] = 0; /* subpage code */
1725 aModeSenseCmd[4] = 0; /* reserved */
1726 aModeSenseCmd[5] = 0; /* reserved */
1727 aModeSenseCmd[6] = 0; /* reserved */
1728 aModeSenseCmd[7] = cbTransfer >> 8;
1729 aModeSenseCmd[8] = cbTransfer & 0xff;
1730 aModeSenseCmd[9] = 0; /* control */
1731 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1732 if (RT_FAILURE(rc))
1733 {
1734 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1735 return;
1736 }
1737 /* Select sector size based on the current data block type. */
1738 switch (aModeSenseResult[12] & 0x0f)
1739 {
1740 case 0:
1741 s->cbATAPISector = 2352;
1742 break;
1743 case 1:
1744 s->cbATAPISector = 2368;
1745 break;
1746 case 2:
1747 case 3:
1748 s->cbATAPISector = 2448;
1749 break;
1750 case 8:
1751 case 10:
1752 s->cbATAPISector = 2048;
1753 break;
1754 case 9:
1755 s->cbATAPISector = 2336;
1756 break;
1757 case 11:
1758 s->cbATAPISector = 2056;
1759 break;
1760 case 12:
1761 s->cbATAPISector = 2324;
1762 break;
1763 case 13:
1764 s->cbATAPISector = 2332;
1765 break;
1766 default:
1767 s->cbATAPISector = 0;
1768 }
1769 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1770 s->cbTotalTransfer *= s->cbATAPISector;
1771 if (s->cbTotalTransfer == 0)
1772 s->uTxDir = PDMBLOCKTXDIR_NONE;
1773 }
1774 }
1775#endif
1776 atapiCmdBT(s);
1777}
1778
1779
1780static bool atapiReadSS(ATADevState *s)
1781{
1782 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1783 int rc = VINF_SUCCESS;
1784 uint32_t cbTransfer, cSectors;
1785
1786 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1787 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1788 cSectors = cbTransfer / s->cbATAPISector;
1789 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1790 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1791
1792 PDMCritSectLeave(&pCtl->lock);
1793
1794 STAM_PROFILE_ADV_START(&s->StatReads, r);
1795 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1796 switch (s->cbATAPISector)
1797 {
1798 case 2048:
1799 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1800 break;
1801 case 2352:
1802 {
1803 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1804
1805 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1806 {
1807 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1808 *pbBuf++ = 0x00;
1809 memset(pbBuf, 0xff, 10);
1810 pbBuf += 10;
1811 *pbBuf++ = 0x00;
1812 /* MSF */
1813 ataLBA2MSF(pbBuf, i);
1814 pbBuf += 3;
1815 *pbBuf++ = 0x01; /* mode 1 data */
1816 /* data */
1817 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1818 if (RT_FAILURE(rc))
1819 break;
1820 pbBuf += 2048;
1821 /**
1822 * @todo: maybe compute ECC and parity, layout is:
1823 * 2072 4 EDC
1824 * 2076 172 P parity symbols
1825 * 2248 104 Q parity symbols
1826 */
1827 memset(pbBuf, 0, 280);
1828 pbBuf += 280;
1829 }
1830 }
1831 break;
1832 default:
1833 break;
1834 }
1835 s->Led.Actual.s.fReading = 0;
1836 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1837
1838 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1839 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1840 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1841
1842 if (RT_SUCCESS(rc))
1843 {
1844 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1845
1846 /* The initial buffer end value has been set up based on the total
1847 * transfer size. But the I/O buffer size limits what can actually be
1848 * done in one transfer, so set the actual value of the buffer end. */
1849 s->cbElementaryTransfer = cbTransfer;
1850 if (cbTransfer >= s->cbTotalTransfer)
1851 s->iSourceSink = ATAFN_SS_NULL;
1852 atapiCmdOK(s);
1853 s->iATAPILBA += cSectors;
1854 }
1855 else
1856 {
1857 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1858 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1859
1860 /*
1861 * Check if we got interrupted. We don't need to set status variables
1862 * because the request was aborted.
1863 */
1864 if (rc != VERR_INTERRUPTED)
1865 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1866 }
1867 return false;
1868}
1869
1870/**
1871 * Sets the given media track type.
1872 */
1873static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1874{
1875 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1876}
1877
1878static bool atapiPassthroughSS(ATADevState *s)
1879{
1880 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1881 int rc = VINF_SUCCESS;
1882 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1883 uint32_t cbTransfer;
1884 PSTAMPROFILEADV pProf = NULL;
1885
1886 cbTransfer = s->cbElementaryTransfer;
1887
1888 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1889 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1890
1891 /* Simple heuristics: if there is at least one sector of data
1892 * to transfer, it's worth updating the LEDs. */
1893 if (cbTransfer >= 2048)
1894 {
1895 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1896 {
1897 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1898 pProf = &s->StatReads;
1899 }
1900 else
1901 {
1902 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1903 pProf = &s->StatWrites;
1904 }
1905 }
1906
1907 PDMCritSectLeave(&pCtl->lock);
1908
1909 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1910 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1911 {
1912 /* Linux accepts commands with up to 100KB of data, but expects
1913 * us to handle commands with up to 128KB of data. The usual
1914 * imbalance of powers. */
1915 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1916 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1917 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1918
1919 switch (s->aATAPICmd[0])
1920 {
1921 case SCSI_READ_10:
1922 case SCSI_WRITE_10:
1923 case SCSI_WRITE_AND_VERIFY_10:
1924 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1925 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1926 break;
1927 case SCSI_READ_12:
1928 case SCSI_WRITE_12:
1929 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1930 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1931 break;
1932 case SCSI_READ_CD:
1933 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1934 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
1935 break;
1936 case SCSI_READ_CD_MSF:
1937 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1938 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1939 break;
1940 default:
1941 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1942 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1943 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1944 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1945 {
1946 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1947 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1948 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1949 }
1950 return false;
1951 }
1952 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1953 cReqSectors = 0;
1954 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1955 {
1956 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1957 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1958 else
1959 cReqSectors = i;
1960 cbCurrTX = s->cbATAPISector * cReqSectors;
1961 switch (s->aATAPICmd[0])
1962 {
1963 case SCSI_READ_10:
1964 case SCSI_WRITE_10:
1965 case SCSI_WRITE_AND_VERIFY_10:
1966 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1967 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1968 break;
1969 case SCSI_READ_12:
1970 case SCSI_WRITE_12:
1971 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1972 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1973 break;
1974 case SCSI_READ_CD:
1975 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1976 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
1977 break;
1978 case SCSI_READ_CD_MSF:
1979 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1980 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1981 break;
1982 }
1983 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1984 if (rc != VINF_SUCCESS)
1985 break;
1986 iATAPILBA += cReqSectors;
1987 pbBuf += s->cbATAPISector * cReqSectors;
1988 }
1989 }
1990 else
1991 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1992 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1993
1994 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1995 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1996 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1997
1998 /* Update the LEDs and the read/write statistics. */
1999 if (cbTransfer >= 2048)
2000 {
2001 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2002 {
2003 s->Led.Actual.s.fReading = 0;
2004 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2005 }
2006 else
2007 {
2008 s->Led.Actual.s.fWriting = 0;
2009 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2010 }
2011 }
2012
2013 if (RT_SUCCESS(rc))
2014 {
2015 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2016 {
2017 Assert(cbTransfer <= s->cbTotalTransfer);
2018 /* Reply with the same amount of data as the real drive. */
2019 s->cbTotalTransfer = cbTransfer;
2020 /* The initial buffer end value has been set up based on the total
2021 * transfer size. But the I/O buffer size limits what can actually be
2022 * done in one transfer, so set the actual value of the buffer end. */
2023 s->cbElementaryTransfer = cbTransfer;
2024 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2025 {
2026 /* Make sure that the real drive cannot be identified.
2027 * Motivation: changing the VM configuration should be as
2028 * invisible as possible to the guest. */
2029 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2030 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2031 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2032 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2033 }
2034 else if (s->aATAPICmd[0] == SCSI_READ_TOC_PMA_ATIP)
2035 {
2036 /* Set the media type if we can detect it. */
2037 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2038
2039 /** @todo: Implemented only for formatted TOC now. */
2040 if ( (s->aATAPICmd[1] & 0xf) == 0
2041 && cbTransfer >= 6)
2042 {
2043 uint32_t NewMediaType;
2044 uint32_t OldMediaType;
2045
2046 if (pbBuf[5] & 0x4)
2047 NewMediaType = ATA_MEDIA_TYPE_DATA;
2048 else
2049 NewMediaType = ATA_MEDIA_TYPE_CDDA;
2050
2051 OldMediaType = ataMediumTypeSet(s, NewMediaType);
2052
2053 if (OldMediaType != NewMediaType)
2054 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough, detected %s CD\n",
2055 s->iLUN,
2056 NewMediaType == ATA_MEDIA_TYPE_DATA
2057 ? "data"
2058 : "audio"));
2059 }
2060 else /* Play safe and set to unknown. */
2061 ataMediumTypeSet(s, ATA_MEDIA_TYPE_UNKNOWN);
2062 }
2063 if (cbTransfer)
2064 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2065 }
2066 s->iSourceSink = ATAFN_SS_NULL;
2067 atapiCmdOK(s);
2068 }
2069 else
2070 {
2071 if (s->cErrors < MAX_LOG_REL_ERRORS)
2072 {
2073 uint8_t u8Cmd = s->aATAPICmd[0];
2074 do
2075 {
2076 /* don't log superfluous errors */
2077 if ( rc == VERR_DEV_IO_ERROR
2078 && ( u8Cmd == SCSI_TEST_UNIT_READY
2079 || u8Cmd == SCSI_READ_CAPACITY
2080 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2081 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2082 break;
2083 s->cErrors++;
2084 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2085 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2086 } while (0);
2087 }
2088 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2089 }
2090 return false;
2091}
2092
2093/** @todo: Revise ASAP. */
2094static bool atapiReadDVDStructureSS(ATADevState *s)
2095{
2096 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2097 int media = s->aATAPICmd[1];
2098 int format = s->aATAPICmd[7];
2099
2100 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2101
2102 memset(buf, 0, max_len);
2103
2104 switch (format) {
2105 case 0x00:
2106 case 0x01:
2107 case 0x02:
2108 case 0x03:
2109 case 0x04:
2110 case 0x05:
2111 case 0x06:
2112 case 0x07:
2113 case 0x08:
2114 case 0x09:
2115 case 0x0a:
2116 case 0x0b:
2117 case 0x0c:
2118 case 0x0d:
2119 case 0x0e:
2120 case 0x0f:
2121 case 0x10:
2122 case 0x11:
2123 case 0x30:
2124 case 0x31:
2125 case 0xff:
2126 if (media == 0)
2127 {
2128 int uASC = SCSI_ASC_NONE;
2129
2130 switch (format)
2131 {
2132 case 0x0: /* Physical format information */
2133 {
2134 int layer = s->aATAPICmd[6];
2135 uint64_t total_sectors;
2136
2137 if (layer != 0)
2138 {
2139 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2140 break;
2141 }
2142
2143 total_sectors = s->cTotalSectors;
2144 total_sectors >>= 2;
2145 if (total_sectors == 0)
2146 {
2147 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2148 break;
2149 }
2150
2151 buf[4] = 1; /* DVD-ROM, part version 1 */
2152 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2153 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2154 buf[7] = 0; /* default densities */
2155
2156 /* FIXME: 0x30000 per spec? */
2157 ataH2BE_U32(buf + 8, 0); /* start sector */
2158 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2159 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2160
2161 /* Size of buffer, not including 2 byte size field */
2162 ataH2BE_U32(&buf[0], 2048 + 2);
2163
2164 /* 2k data + 4 byte header */
2165 uASC = (2048 + 4);
2166 }
2167 break;
2168 case 0x01: /* DVD copyright information */
2169 buf[4] = 0; /* no copyright data */
2170 buf[5] = 0; /* no region restrictions */
2171
2172 /* Size of buffer, not including 2 byte size field */
2173 ataH2BE_U16(buf, 4 + 2);
2174
2175 /* 4 byte header + 4 byte data */
2176 uASC = (4 + 4);
2177
2178 case 0x03: /* BCA information - invalid field for no BCA info */
2179 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2180 break;
2181
2182 case 0x04: /* DVD disc manufacturing information */
2183 /* Size of buffer, not including 2 byte size field */
2184 ataH2BE_U16(buf, 2048 + 2);
2185
2186 /* 2k data + 4 byte header */
2187 uASC = (2048 + 4);
2188 break;
2189 case 0xff:
2190 /*
2191 * This lists all the command capabilities above. Add new ones
2192 * in order and update the length and buffer return values.
2193 */
2194
2195 buf[4] = 0x00; /* Physical format */
2196 buf[5] = 0x40; /* Not writable, is readable */
2197 ataH2BE_U16((buf + 6), 2048 + 4);
2198
2199 buf[8] = 0x01; /* Copyright info */
2200 buf[9] = 0x40; /* Not writable, is readable */
2201 ataH2BE_U16((buf + 10), 4 + 4);
2202
2203 buf[12] = 0x03; /* BCA info */
2204 buf[13] = 0x40; /* Not writable, is readable */
2205 ataH2BE_U16((buf + 14), 188 + 4);
2206
2207 buf[16] = 0x04; /* Manufacturing info */
2208 buf[17] = 0x40; /* Not writable, is readable */
2209 ataH2BE_U16((buf + 18), 2048 + 4);
2210
2211 /* Size of buffer, not including 2 byte size field */
2212 ataH2BE_U16(buf, 16 + 2);
2213
2214 /* data written + 4 byte header */
2215 uASC = (16 + 4);
2216 break;
2217 default: /* TODO: formats beyond DVD-ROM requires */
2218 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2219 }
2220
2221 if (uASC < 0)
2222 {
2223 s->iSourceSink = ATAFN_SS_NULL;
2224 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2225 return false;
2226 }
2227 break;
2228 }
2229 /* TODO: BD support, fall through for now */
2230
2231 /* Generic disk structures */
2232 case 0x80: /* TODO: AACS volume identifier */
2233 case 0x81: /* TODO: AACS media serial number */
2234 case 0x82: /* TODO: AACS media identifier */
2235 case 0x83: /* TODO: AACS media key block */
2236 case 0x90: /* TODO: List of recognized format layers */
2237 case 0xc0: /* TODO: Write protection status */
2238 default:
2239 s->iSourceSink = ATAFN_SS_NULL;
2240 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2241 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2242 return false;
2243 }
2244
2245 s->iSourceSink = ATAFN_SS_NULL;
2246 atapiCmdOK(s);
2247 return false;
2248}
2249
2250static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2251{
2252 Assert(cSectors > 0);
2253 s->iATAPILBA = iATAPILBA;
2254 s->cbATAPISector = cbSector;
2255 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2256 return false;
2257}
2258
2259
2260static bool atapiReadCapacitySS(ATADevState *s)
2261{
2262 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2263
2264 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2265 Assert(s->cbElementaryTransfer <= 8);
2266 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2267 ataH2BE_U32(pbBuf + 4, 2048);
2268 s->iSourceSink = ATAFN_SS_NULL;
2269 atapiCmdOK(s);
2270 return false;
2271}
2272
2273
2274static bool atapiReadDiscInformationSS(ATADevState *s)
2275{
2276 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2277
2278 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2279 Assert(s->cbElementaryTransfer <= 34);
2280 memset(pbBuf, '\0', 34);
2281 ataH2BE_U16(pbBuf, 32);
2282 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2283 pbBuf[3] = 1; /* number of first track */
2284 pbBuf[4] = 1; /* number of sessions (LSB) */
2285 pbBuf[5] = 1; /* first track number in last session (LSB) */
2286 pbBuf[6] = 1; /* last track number in last session (LSB) */
2287 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2288 pbBuf[8] = 0; /* disc type = CD-ROM */
2289 pbBuf[9] = 0; /* number of sessions (MSB) */
2290 pbBuf[10] = 0; /* number of sessions (MSB) */
2291 pbBuf[11] = 0; /* number of sessions (MSB) */
2292 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2293 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2294 s->iSourceSink = ATAFN_SS_NULL;
2295 atapiCmdOK(s);
2296 return false;
2297}
2298
2299
2300static bool atapiReadTrackInformationSS(ATADevState *s)
2301{
2302 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2303
2304 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2305 Assert(s->cbElementaryTransfer <= 36);
2306 /* Accept address/number type of 1 only, and only track 1 exists. */
2307 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2308 {
2309 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2310 return false;
2311 }
2312 memset(pbBuf, '\0', 36);
2313 ataH2BE_U16(pbBuf, 34);
2314 pbBuf[2] = 1; /* track number (LSB) */
2315 pbBuf[3] = 1; /* session number (LSB) */
2316 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2317 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2318 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2319 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2320 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2321 pbBuf[32] = 0; /* track number (MSB) */
2322 pbBuf[33] = 0; /* session number (MSB) */
2323 s->iSourceSink = ATAFN_SS_NULL;
2324 atapiCmdOK(s);
2325 return false;
2326}
2327
2328
2329static bool atapiGetConfigurationSS(ATADevState *s)
2330{
2331 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2332 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2333
2334 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2335 Assert(s->cbElementaryTransfer <= 32);
2336 /* Accept valid request types only, and only starting feature 0. */
2337 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2338 {
2339 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2340 return false;
2341 }
2342 memset(pbBuf, '\0', 32);
2343 ataH2BE_U32(pbBuf, 16);
2344 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2345 * way to differentiate them right now is based on the image size). Also
2346 * implement signalling "no current profile" if no medium is loaded. */
2347 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2348
2349 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2350 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2351 pbBuf[11] = 8; /* additional bytes for profiles */
2352 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2353 * before CD-ROM read capability. */
2354 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2355 pbBuf[14] = (0 << 0); /* NOT current profile */
2356 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2357 pbBuf[18] = (1 << 0); /* current profile */
2358 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2359 s->iSourceSink = ATAFN_SS_NULL;
2360 atapiCmdOK(s);
2361 return false;
2362}
2363
2364
2365static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2366{
2367 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2368
2369 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2370 Assert(s->cbElementaryTransfer <= 8);
2371
2372 if (!(s->aATAPICmd[1] & 1))
2373 {
2374 /* no asynchronous operation supported */
2375 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2376 return false;
2377 }
2378
2379 uint32_t OldStatus, NewStatus;
2380 do
2381 {
2382 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2383 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2384 switch (OldStatus)
2385 {
2386 case ATA_EVENT_STATUS_MEDIA_NEW:
2387 /* mount */
2388 ataH2BE_U16(pbBuf + 0, 6);
2389 pbBuf[2] = 0x04; /* media */
2390 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2391 pbBuf[4] = 0x02; /* new medium */
2392 pbBuf[5] = 0x02; /* medium present / door closed */
2393 pbBuf[6] = 0x00;
2394 pbBuf[7] = 0x00;
2395 break;
2396
2397 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2398 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2399 /* umount */
2400 ataH2BE_U16(pbBuf + 0, 6);
2401 pbBuf[2] = 0x04; /* media */
2402 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2403 pbBuf[4] = 0x03; /* media removal */
2404 pbBuf[5] = 0x00; /* medium absent / door closed */
2405 pbBuf[6] = 0x00;
2406 pbBuf[7] = 0x00;
2407 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2408 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2409 break;
2410
2411 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2412 ataH2BE_U16(pbBuf + 0, 6);
2413 pbBuf[2] = 0x04; /* media */
2414 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2415 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2416 pbBuf[5] = 0x02; /* medium present / door closed */
2417 pbBuf[6] = 0x00;
2418 pbBuf[7] = 0x00;
2419 break;
2420
2421 case ATA_EVENT_STATUS_UNCHANGED:
2422 default:
2423 ataH2BE_U16(pbBuf + 0, 6);
2424 pbBuf[2] = 0x01; /* operational change request / notification */
2425 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2426 pbBuf[4] = 0x00;
2427 pbBuf[5] = 0x00;
2428 pbBuf[6] = 0x00;
2429 pbBuf[7] = 0x00;
2430 break;
2431 }
2432 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2433
2434 s->iSourceSink = ATAFN_SS_NULL;
2435 atapiCmdOK(s);
2436 return false;
2437}
2438
2439
2440static bool atapiInquirySS(ATADevState *s)
2441{
2442 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2443
2444 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2445 Assert(s->cbElementaryTransfer <= 36);
2446 pbBuf[0] = 0x05; /* CD-ROM */
2447 pbBuf[1] = 0x80; /* removable */
2448#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2449 pbBuf[2] = 0x00; /* ISO */
2450 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2451#else
2452 pbBuf[2] = 0x00; /* ISO */
2453 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2454#endif
2455 pbBuf[4] = 31; /* additional length */
2456 pbBuf[5] = 0; /* reserved */
2457 pbBuf[6] = 0; /* reserved */
2458 pbBuf[7] = 0; /* reserved */
2459 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2460 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2461 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2462 s->iSourceSink = ATAFN_SS_NULL;
2463 atapiCmdOK(s);
2464 return false;
2465}
2466
2467
2468static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2469{
2470 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2471
2472 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2473 Assert(s->cbElementaryTransfer <= 16);
2474 ataH2BE_U16(&pbBuf[0], 16 + 6);
2475 pbBuf[2] = 0x70;
2476 pbBuf[3] = 0;
2477 pbBuf[4] = 0;
2478 pbBuf[5] = 0;
2479 pbBuf[6] = 0;
2480 pbBuf[7] = 0;
2481
2482 pbBuf[8] = 0x01;
2483 pbBuf[9] = 0x06;
2484 pbBuf[10] = 0x00;
2485 pbBuf[11] = 0x05;
2486 pbBuf[12] = 0x00;
2487 pbBuf[13] = 0x00;
2488 pbBuf[14] = 0x00;
2489 pbBuf[15] = 0x00;
2490 s->iSourceSink = ATAFN_SS_NULL;
2491 atapiCmdOK(s);
2492 return false;
2493}
2494
2495
2496static bool atapiModeSenseCDStatusSS(ATADevState *s)
2497{
2498 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2499
2500 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2501 Assert(s->cbElementaryTransfer <= 40);
2502 ataH2BE_U16(&pbBuf[0], 38);
2503 pbBuf[2] = 0x70;
2504 pbBuf[3] = 0;
2505 pbBuf[4] = 0;
2506 pbBuf[5] = 0;
2507 pbBuf[6] = 0;
2508 pbBuf[7] = 0;
2509
2510 pbBuf[8] = 0x2a;
2511 pbBuf[9] = 30; /* page length */
2512 pbBuf[10] = 0x08; /* DVD-ROM read support */
2513 pbBuf[11] = 0x00; /* no write support */
2514 /* The following claims we support audio play. This is obviously false,
2515 * but the Linux generic CDROM support makes many features depend on this
2516 * capability. If it's not set, this causes many things to be disabled. */
2517 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2518 pbBuf[13] = 0x00; /* no subchannel reads supported */
2519 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2520 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2521 pbBuf[14] |= 1 << 1; /* report lock state */
2522 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2523 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2524 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2525 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2526 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2527 pbBuf[24] = 0; /* reserved */
2528 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2529 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2530 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2531 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2532 pbBuf[32] = 0; /* reserved */
2533 pbBuf[33] = 0; /* reserved */
2534 pbBuf[34] = 0; /* reserved */
2535 pbBuf[35] = 1; /* rotation control CAV */
2536 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2537 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2538 s->iSourceSink = ATAFN_SS_NULL;
2539 atapiCmdOK(s);
2540 return false;
2541}
2542
2543
2544static bool atapiRequestSenseSS(ATADevState *s)
2545{
2546 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2547
2548 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2549 memset(pbBuf, '\0', s->cbElementaryTransfer);
2550 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2551 s->iSourceSink = ATAFN_SS_NULL;
2552 atapiCmdOK(s);
2553 return false;
2554}
2555
2556
2557static bool atapiMechanismStatusSS(ATADevState *s)
2558{
2559 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2560
2561 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2562 Assert(s->cbElementaryTransfer <= 8);
2563 ataH2BE_U16(pbBuf, 0);
2564 /* no current LBA */
2565 pbBuf[2] = 0;
2566 pbBuf[3] = 0;
2567 pbBuf[4] = 0;
2568 pbBuf[5] = 1;
2569 ataH2BE_U16(pbBuf + 6, 0);
2570 s->iSourceSink = ATAFN_SS_NULL;
2571 atapiCmdOK(s);
2572 return false;
2573}
2574
2575
2576static bool atapiReadTOCNormalSS(ATADevState *s)
2577{
2578 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2579 bool fMSF;
2580 uint32_t cbSize;
2581
2582 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2583 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2584 iStartTrack = s->aATAPICmd[6];
2585 if (iStartTrack > 1 && iStartTrack != 0xaa)
2586 {
2587 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2588 return false;
2589 }
2590 q = pbBuf + 2;
2591 *q++ = 1; /* first session */
2592 *q++ = 1; /* last session */
2593 if (iStartTrack <= 1)
2594 {
2595 *q++ = 0; /* reserved */
2596 *q++ = 0x14; /* ADR, control */
2597 *q++ = 1; /* track number */
2598 *q++ = 0; /* reserved */
2599 if (fMSF)
2600 {
2601 *q++ = 0; /* reserved */
2602 ataLBA2MSF(q, 0);
2603 q += 3;
2604 }
2605 else
2606 {
2607 /* sector 0 */
2608 ataH2BE_U32(q, 0);
2609 q += 4;
2610 }
2611 }
2612 /* lead out track */
2613 *q++ = 0; /* reserved */
2614 *q++ = 0x14; /* ADR, control */
2615 *q++ = 0xaa; /* track number */
2616 *q++ = 0; /* reserved */
2617 if (fMSF)
2618 {
2619 *q++ = 0; /* reserved */
2620 ataLBA2MSF(q, s->cTotalSectors);
2621 q += 3;
2622 }
2623 else
2624 {
2625 ataH2BE_U32(q, s->cTotalSectors);
2626 q += 4;
2627 }
2628 cbSize = q - pbBuf;
2629 ataH2BE_U16(pbBuf, cbSize - 2);
2630 if (cbSize < s->cbTotalTransfer)
2631 s->cbTotalTransfer = cbSize;
2632 s->iSourceSink = ATAFN_SS_NULL;
2633 atapiCmdOK(s);
2634 return false;
2635}
2636
2637
2638static bool atapiReadTOCMultiSS(ATADevState *s)
2639{
2640 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2641 bool fMSF;
2642
2643 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2644 Assert(s->cbElementaryTransfer <= 12);
2645 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2646 /* multi session: only a single session defined */
2647/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2648 memset(pbBuf, 0, 12);
2649 pbBuf[1] = 0x0a;
2650 pbBuf[2] = 0x01;
2651 pbBuf[3] = 0x01;
2652 pbBuf[5] = 0x14; /* ADR, control */
2653 pbBuf[6] = 1; /* first track in last complete session */
2654 if (fMSF)
2655 {
2656 pbBuf[8] = 0; /* reserved */
2657 ataLBA2MSF(&pbBuf[9], 0);
2658 }
2659 else
2660 {
2661 /* sector 0 */
2662 ataH2BE_U32(pbBuf + 8, 0);
2663 }
2664 s->iSourceSink = ATAFN_SS_NULL;
2665 atapiCmdOK(s);
2666 return false;
2667}
2668
2669
2670static bool atapiReadTOCRawSS(ATADevState *s)
2671{
2672 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2673 bool fMSF;
2674 uint32_t cbSize;
2675
2676 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2677 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2678 iStartTrack = s->aATAPICmd[6];
2679
2680 q = pbBuf + 2;
2681 *q++ = 1; /* first session */
2682 *q++ = 1; /* last session */
2683
2684 *q++ = 1; /* session number */
2685 *q++ = 0x14; /* data track */
2686 *q++ = 0; /* track number */
2687 *q++ = 0xa0; /* first track in program area */
2688 *q++ = 0; /* min */
2689 *q++ = 0; /* sec */
2690 *q++ = 0; /* frame */
2691 *q++ = 0;
2692 *q++ = 1; /* first track */
2693 *q++ = 0x00; /* disk type CD-DA or CD data */
2694 *q++ = 0;
2695
2696 *q++ = 1; /* session number */
2697 *q++ = 0x14; /* data track */
2698 *q++ = 0; /* track number */
2699 *q++ = 0xa1; /* last track in program area */
2700 *q++ = 0; /* min */
2701 *q++ = 0; /* sec */
2702 *q++ = 0; /* frame */
2703 *q++ = 0;
2704 *q++ = 1; /* last track */
2705 *q++ = 0;
2706 *q++ = 0;
2707
2708 *q++ = 1; /* session number */
2709 *q++ = 0x14; /* data track */
2710 *q++ = 0; /* track number */
2711 *q++ = 0xa2; /* lead-out */
2712 *q++ = 0; /* min */
2713 *q++ = 0; /* sec */
2714 *q++ = 0; /* frame */
2715 if (fMSF)
2716 {
2717 *q++ = 0; /* reserved */
2718 ataLBA2MSF(q, s->cTotalSectors);
2719 q += 3;
2720 }
2721 else
2722 {
2723 ataH2BE_U32(q, s->cTotalSectors);
2724 q += 4;
2725 }
2726
2727 *q++ = 1; /* session number */
2728 *q++ = 0x14; /* ADR, control */
2729 *q++ = 0; /* track number */
2730 *q++ = 1; /* point */
2731 *q++ = 0; /* min */
2732 *q++ = 0; /* sec */
2733 *q++ = 0; /* frame */
2734 if (fMSF)
2735 {
2736 *q++ = 0; /* reserved */
2737 ataLBA2MSF(q, 0);
2738 q += 3;
2739 }
2740 else
2741 {
2742 /* sector 0 */
2743 ataH2BE_U32(q, 0);
2744 q += 4;
2745 }
2746
2747 cbSize = q - pbBuf;
2748 ataH2BE_U16(pbBuf, cbSize - 2);
2749 if (cbSize < s->cbTotalTransfer)
2750 s->cbTotalTransfer = cbSize;
2751 s->iSourceSink = ATAFN_SS_NULL;
2752 atapiCmdOK(s);
2753 return false;
2754}
2755
2756
2757static void atapiParseCmdVirtualATAPI(ATADevState *s)
2758{
2759 const uint8_t *pbPacket;
2760 uint8_t *pbBuf;
2761 uint32_t cbMax;
2762
2763 pbPacket = s->aATAPICmd;
2764 pbBuf = s->CTX_SUFF(pbIOBuffer);
2765 switch (pbPacket[0])
2766 {
2767 case SCSI_TEST_UNIT_READY:
2768 if (s->cNotifiedMediaChange > 0)
2769 {
2770 if (s->cNotifiedMediaChange-- > 2)
2771 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2772 else
2773 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2774 }
2775 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2776 atapiCmdOK(s);
2777 else
2778 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2779 break;
2780 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2781 cbMax = ataBE2H_U16(pbPacket + 7);
2782 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2783 break;
2784 case SCSI_MODE_SENSE_10:
2785 {
2786 uint8_t uPageControl, uPageCode;
2787 cbMax = ataBE2H_U16(pbPacket + 7);
2788 uPageControl = pbPacket[2] >> 6;
2789 uPageCode = pbPacket[2] & 0x3f;
2790 switch (uPageControl)
2791 {
2792 case SCSI_PAGECONTROL_CURRENT:
2793 switch (uPageCode)
2794 {
2795 case SCSI_MODEPAGE_ERROR_RECOVERY:
2796 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2797 break;
2798 case SCSI_MODEPAGE_CD_STATUS:
2799 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2800 break;
2801 default:
2802 goto error_cmd;
2803 }
2804 break;
2805 case SCSI_PAGECONTROL_CHANGEABLE:
2806 goto error_cmd;
2807 case SCSI_PAGECONTROL_DEFAULT:
2808 goto error_cmd;
2809 default:
2810 case SCSI_PAGECONTROL_SAVED:
2811 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2812 break;
2813 }
2814 }
2815 break;
2816 case SCSI_REQUEST_SENSE:
2817 cbMax = pbPacket[4];
2818 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2819 break;
2820 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2821 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2822 {
2823 if (pbPacket[4] & 1)
2824 s->pDrvMount->pfnLock(s->pDrvMount);
2825 else
2826 s->pDrvMount->pfnUnlock(s->pDrvMount);
2827 atapiCmdOK(s);
2828 }
2829 else
2830 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2831 break;
2832 case SCSI_READ_10:
2833 case SCSI_READ_12:
2834 {
2835 uint32_t cSectors, iATAPILBA;
2836
2837 if (s->cNotifiedMediaChange > 0)
2838 {
2839 s->cNotifiedMediaChange-- ;
2840 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2841 break;
2842 }
2843 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2844 {
2845 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2846 break;
2847 }
2848 if (pbPacket[0] == SCSI_READ_10)
2849 cSectors = ataBE2H_U16(pbPacket + 7);
2850 else
2851 cSectors = ataBE2H_U32(pbPacket + 6);
2852 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2853 if (cSectors == 0)
2854 {
2855 atapiCmdOK(s);
2856 break;
2857 }
2858 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2859 {
2860 /* Rate limited logging, one log line per second. For
2861 * guests that insist on reading from places outside the
2862 * valid area this often generates too many release log
2863 * entries otherwise. */
2864 static uint64_t uLastLogTS = 0;
2865 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2866 {
2867 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2868 uLastLogTS = RTTimeMilliTS();
2869 }
2870 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2871 break;
2872 }
2873 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2874 }
2875 break;
2876 case SCSI_READ_CD:
2877 {
2878 uint32_t cSectors, iATAPILBA;
2879
2880 if (s->cNotifiedMediaChange > 0)
2881 {
2882 s->cNotifiedMediaChange-- ;
2883 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2884 break;
2885 }
2886 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2887 {
2888 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2889 break;
2890 }
2891 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2892 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2893 if (cSectors == 0)
2894 {
2895 atapiCmdOK(s);
2896 break;
2897 }
2898 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2899 {
2900 /* Rate limited logging, one log line per second. For
2901 * guests that insist on reading from places outside the
2902 * valid area this often generates too many release log
2903 * entries otherwise. */
2904 static uint64_t uLastLogTS = 0;
2905 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2906 {
2907 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2908 uLastLogTS = RTTimeMilliTS();
2909 }
2910 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2911 break;
2912 }
2913 switch (pbPacket[9] & 0xf8)
2914 {
2915 case 0x00:
2916 /* nothing */
2917 atapiCmdOK(s);
2918 break;
2919 case 0x10:
2920 /* normal read */
2921 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2922 break;
2923 case 0xf8:
2924 /* read all data */
2925 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2926 break;
2927 default:
2928 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2929 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2930 break;
2931 }
2932 }
2933 break;
2934 case SCSI_SEEK_10:
2935 {
2936 uint32_t iATAPILBA;
2937 if (s->cNotifiedMediaChange > 0)
2938 {
2939 s->cNotifiedMediaChange-- ;
2940 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2941 break;
2942 }
2943 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2944 {
2945 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2946 break;
2947 }
2948 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2949 if (iATAPILBA > s->cTotalSectors)
2950 {
2951 /* Rate limited logging, one log line per second. For
2952 * guests that insist on seeking to places outside the
2953 * valid area this often generates too many release log
2954 * entries otherwise. */
2955 static uint64_t uLastLogTS = 0;
2956 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2957 {
2958 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2959 uLastLogTS = RTTimeMilliTS();
2960 }
2961 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2962 break;
2963 }
2964 atapiCmdOK(s);
2965 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2966 }
2967 break;
2968 case SCSI_START_STOP_UNIT:
2969 {
2970 int rc = VINF_SUCCESS;
2971 switch (pbPacket[4] & 3)
2972 {
2973 case 0: /* 00 - Stop motor */
2974 case 1: /* 01 - Start motor */
2975 break;
2976 case 2: /* 10 - Eject media */
2977 /* This must be done from EMT. */
2978 {
2979 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2980 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2981
2982 PDMCritSectLeave(&pCtl->lock);
2983 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
2984 (PFNRT)s->pDrvMount->pfnUnmount, 3,
2985 s->pDrvMount /*=fForce*/, true /*=fEject*/);
2986 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED));
2987 {
2988 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2989 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2990 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2991 }
2992 }
2993 break;
2994 case 3: /* 11 - Load media */
2995 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2996 break;
2997 }
2998 if (RT_SUCCESS(rc))
2999 atapiCmdOK(s);
3000 else
3001 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3002 }
3003 break;
3004 case SCSI_MECHANISM_STATUS:
3005 {
3006 cbMax = ataBE2H_U16(pbPacket + 8);
3007 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3008 }
3009 break;
3010 case SCSI_READ_TOC_PMA_ATIP:
3011 {
3012 uint8_t format;
3013
3014 if (s->cNotifiedMediaChange > 0)
3015 {
3016 s->cNotifiedMediaChange-- ;
3017 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3018 break;
3019 }
3020 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3021 {
3022 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3023 break;
3024 }
3025 cbMax = ataBE2H_U16(pbPacket + 7);
3026 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3027 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3028 * the other field is clear... */
3029 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3030 switch (format)
3031 {
3032 case 0:
3033 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3034 break;
3035 case 1:
3036 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3037 break;
3038 case 2:
3039 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3040 break;
3041 default:
3042 error_cmd:
3043 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3044 break;
3045 }
3046 }
3047 break;
3048 case SCSI_READ_CAPACITY:
3049 if (s->cNotifiedMediaChange > 0)
3050 {
3051 s->cNotifiedMediaChange-- ;
3052 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3053 break;
3054 }
3055 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3056 {
3057 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3058 break;
3059 }
3060 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3061 break;
3062 case SCSI_READ_DISC_INFORMATION:
3063 if (s->cNotifiedMediaChange > 0)
3064 {
3065 s->cNotifiedMediaChange-- ;
3066 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3067 break;
3068 }
3069 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3070 {
3071 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3072 break;
3073 }
3074 cbMax = ataBE2H_U16(pbPacket + 7);
3075 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3076 break;
3077 case SCSI_READ_TRACK_INFORMATION:
3078 if (s->cNotifiedMediaChange > 0)
3079 {
3080 s->cNotifiedMediaChange-- ;
3081 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3082 break;
3083 }
3084 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3085 {
3086 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3087 break;
3088 }
3089 cbMax = ataBE2H_U16(pbPacket + 7);
3090 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3091 break;
3092 case SCSI_GET_CONFIGURATION:
3093 /* No media change stuff here, it can confuse Linux guests. */
3094 cbMax = ataBE2H_U16(pbPacket + 7);
3095 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3096 break;
3097 case SCSI_INQUIRY:
3098 cbMax = ataBE2H_U16(pbPacket + 3);
3099 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3100 break;
3101 case SCSI_READ_DVD_STRUCTURE:
3102 {
3103 cbMax = ataBE2H_U16(pbPacket + 8);
3104 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3105 break;
3106 }
3107 default:
3108 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3109 break;
3110 }
3111}
3112
3113
3114/*
3115 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3116 */
3117static void atapiParseCmdPassthrough(ATADevState *s)
3118{
3119 const uint8_t *pbPacket;
3120 uint8_t *pbBuf;
3121 uint32_t cSectors, iATAPILBA;
3122 uint32_t cbTransfer = 0;
3123 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3124
3125 pbPacket = s->aATAPICmd;
3126 pbBuf = s->CTX_SUFF(pbIOBuffer);
3127 switch (pbPacket[0])
3128 {
3129 case SCSI_BLANK:
3130 goto sendcmd;
3131 case SCSI_CLOSE_TRACK_SESSION:
3132 goto sendcmd;
3133 case SCSI_ERASE_10:
3134 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3135 cbTransfer = ataBE2H_U16(pbPacket + 7);
3136 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3137 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3138 goto sendcmd;
3139 case SCSI_FORMAT_UNIT:
3140 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3141 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3142 goto sendcmd;
3143 case SCSI_GET_CONFIGURATION:
3144 cbTransfer = ataBE2H_U16(pbPacket + 7);
3145 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3146 goto sendcmd;
3147 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3148 cbTransfer = ataBE2H_U16(pbPacket + 7);
3149 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3150 {
3151 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3152 break;
3153 }
3154 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3155 goto sendcmd;
3156 case SCSI_GET_PERFORMANCE:
3157 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3158 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3159 goto sendcmd;
3160 case SCSI_INQUIRY:
3161 cbTransfer = ataBE2H_U16(pbPacket + 3);
3162 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3163 goto sendcmd;
3164 case SCSI_LOAD_UNLOAD_MEDIUM:
3165 goto sendcmd;
3166 case SCSI_MECHANISM_STATUS:
3167 cbTransfer = ataBE2H_U16(pbPacket + 8);
3168 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3169 goto sendcmd;
3170 case SCSI_MODE_SELECT_10:
3171 cbTransfer = ataBE2H_U16(pbPacket + 7);
3172 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3173 goto sendcmd;
3174 case SCSI_MODE_SENSE_10:
3175 cbTransfer = ataBE2H_U16(pbPacket + 7);
3176 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3177 goto sendcmd;
3178 case SCSI_PAUSE_RESUME:
3179 goto sendcmd;
3180 case SCSI_PLAY_AUDIO_10:
3181 goto sendcmd;
3182 case SCSI_PLAY_AUDIO_12:
3183 goto sendcmd;
3184 case SCSI_PLAY_AUDIO_MSF:
3185 goto sendcmd;
3186 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3187 /** @todo do not forget to unlock when a VM is shut down */
3188 goto sendcmd;
3189 case SCSI_READ_10:
3190 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3191 cSectors = ataBE2H_U16(pbPacket + 7);
3192 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3193 s->cbATAPISector = 2048;
3194 cbTransfer = cSectors * s->cbATAPISector;
3195 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3196 goto sendcmd;
3197 case SCSI_READ_12:
3198 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3199 cSectors = ataBE2H_U32(pbPacket + 6);
3200 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3201 s->cbATAPISector = 2048;
3202 cbTransfer = cSectors * s->cbATAPISector;
3203 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3204 goto sendcmd;
3205 case SCSI_READ_BUFFER:
3206 cbTransfer = ataBE2H_U24(pbPacket + 6);
3207 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3208 goto sendcmd;
3209 case SCSI_READ_BUFFER_CAPACITY:
3210 cbTransfer = ataBE2H_U16(pbPacket + 7);
3211 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3212 goto sendcmd;
3213 case SCSI_READ_CAPACITY:
3214 cbTransfer = 8;
3215 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3216 goto sendcmd;
3217 case SCSI_READ_CD:
3218 case SCSI_READ_CD_MSF:
3219 {
3220 /* Get sector size based on the expected sector type field. */
3221 switch ((pbPacket[1] >> 2) & 0x7)
3222 {
3223 case 0x0: /* All types. */
3224 if (ASMAtomicReadU32(&s->MediaTrackType) == ATA_MEDIA_TYPE_CDDA)
3225 s->cbATAPISector = 2352;
3226 else
3227 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3228 break;
3229 case 0x1: /* CD-DA */
3230 s->cbATAPISector = 2352;
3231 break;
3232 case 0x2: /* Mode 1 */
3233 s->cbATAPISector = 2048;
3234 break;
3235 case 0x3: /* Mode 2 formless */
3236 s->cbATAPISector = 2336;
3237 break;
3238 case 0x4: /* Mode 2 form 1 */
3239 s->cbATAPISector = 2048;
3240 break;
3241 case 0x5: /* Mode 2 form 2 */
3242 s->cbATAPISector = 2324;
3243 break;
3244 default: /* Reserved */
3245 AssertMsgFailed(("Unknown sector type\n"));
3246 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3247 }
3248
3249 if (pbPacket[0] == SCSI_READ_CD)
3250 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3251 else /* SCSI_READ_MSF */
3252 {
3253 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3254 if (cSectors > 32)
3255 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3256 cbTransfer = cSectors * s->cbATAPISector;
3257 }
3258 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3259 goto sendcmd;
3260 }
3261 case SCSI_READ_DISC_INFORMATION:
3262 cbTransfer = ataBE2H_U16(pbPacket + 7);
3263 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3264 goto sendcmd;
3265 case SCSI_READ_DVD_STRUCTURE:
3266 cbTransfer = ataBE2H_U16(pbPacket + 8);
3267 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3268 goto sendcmd;
3269 case SCSI_READ_FORMAT_CAPACITIES:
3270 cbTransfer = ataBE2H_U16(pbPacket + 7);
3271 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3272 goto sendcmd;
3273 case SCSI_READ_SUBCHANNEL:
3274 cbTransfer = ataBE2H_U16(pbPacket + 7);
3275 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3276 goto sendcmd;
3277 case SCSI_READ_TOC_PMA_ATIP:
3278 cbTransfer = ataBE2H_U16(pbPacket + 7);
3279 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3280 goto sendcmd;
3281 case SCSI_READ_TRACK_INFORMATION:
3282 cbTransfer = ataBE2H_U16(pbPacket + 7);
3283 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3284 goto sendcmd;
3285 case SCSI_REPAIR_TRACK:
3286 goto sendcmd;
3287 case SCSI_REPORT_KEY:
3288 cbTransfer = ataBE2H_U16(pbPacket + 8);
3289 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3290 goto sendcmd;
3291 case SCSI_REQUEST_SENSE:
3292 cbTransfer = pbPacket[4];
3293 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3294 {
3295 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3296 break;
3297 }
3298 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3299 goto sendcmd;
3300 case SCSI_RESERVE_TRACK:
3301 goto sendcmd;
3302 case SCSI_SCAN:
3303 goto sendcmd;
3304 case SCSI_SEEK_10:
3305 goto sendcmd;
3306 case SCSI_SEND_CUE_SHEET:
3307 cbTransfer = ataBE2H_U24(pbPacket + 6);
3308 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3309 goto sendcmd;
3310 case SCSI_SEND_DVD_STRUCTURE:
3311 cbTransfer = ataBE2H_U16(pbPacket + 8);
3312 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3313 goto sendcmd;
3314 case SCSI_SEND_EVENT:
3315 cbTransfer = ataBE2H_U16(pbPacket + 8);
3316 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3317 goto sendcmd;
3318 case SCSI_SEND_KEY:
3319 cbTransfer = ataBE2H_U16(pbPacket + 8);
3320 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3321 goto sendcmd;
3322 case SCSI_SEND_OPC_INFORMATION:
3323 cbTransfer = ataBE2H_U16(pbPacket + 7);
3324 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3325 goto sendcmd;
3326 case SCSI_SET_CD_SPEED:
3327 goto sendcmd;
3328 case SCSI_SET_READ_AHEAD:
3329 goto sendcmd;
3330 case SCSI_SET_STREAMING:
3331 cbTransfer = ataBE2H_U16(pbPacket + 9);
3332 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3333 goto sendcmd;
3334 case SCSI_START_STOP_UNIT:
3335 goto sendcmd;
3336 case SCSI_STOP_PLAY_SCAN:
3337 goto sendcmd;
3338 case SCSI_SYNCHRONIZE_CACHE:
3339 goto sendcmd;
3340 case SCSI_TEST_UNIT_READY:
3341 goto sendcmd;
3342 case SCSI_VERIFY_10:
3343 goto sendcmd;
3344 case SCSI_WRITE_10:
3345 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3346 cSectors = ataBE2H_U16(pbPacket + 7);
3347 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3348#if 0
3349 /* The sector size is determined by the async I/O thread. */
3350 s->cbATAPISector = 0;
3351 /* Preliminary, will be corrected once the sector size is known. */
3352 cbTransfer = cSectors;
3353#else
3354 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3355 cbTransfer = cSectors * s->cbATAPISector;
3356#endif
3357 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3358 goto sendcmd;
3359 case SCSI_WRITE_12:
3360 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3361 cSectors = ataBE2H_U32(pbPacket + 6);
3362 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3363#if 0
3364 /* The sector size is determined by the async I/O thread. */
3365 s->cbATAPISector = 0;
3366 /* Preliminary, will be corrected once the sector size is known. */
3367 cbTransfer = cSectors;
3368#else
3369 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3370 cbTransfer = cSectors * s->cbATAPISector;
3371#endif
3372 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3373 goto sendcmd;
3374 case SCSI_WRITE_AND_VERIFY_10:
3375 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3376 cSectors = ataBE2H_U16(pbPacket + 7);
3377 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3378 /* The sector size is determined by the async I/O thread. */
3379 s->cbATAPISector = 0;
3380 /* Preliminary, will be corrected once the sector size is known. */
3381 cbTransfer = cSectors;
3382 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3383 goto sendcmd;
3384 case SCSI_WRITE_BUFFER:
3385 switch (pbPacket[1] & 0x1f)
3386 {
3387 case 0x04: /* download microcode */
3388 case 0x05: /* download microcode and save */
3389 case 0x06: /* download microcode with offsets */
3390 case 0x07: /* download microcode with offsets and save */
3391 case 0x0e: /* download microcode with offsets and defer activation */
3392 case 0x0f: /* activate deferred microcode */
3393 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3394 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3395 break;
3396 default:
3397 cbTransfer = ataBE2H_U16(pbPacket + 6);
3398 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3399 goto sendcmd;
3400 }
3401 break;
3402 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3403 cbTransfer = ataBE2H_U32(pbPacket + 6);
3404 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3405 goto sendcmd;
3406 case SCSI_REZERO_UNIT:
3407 /* Obsolete command used by cdrecord. What else would one expect?
3408 * This command is not sent to the drive, it is handled internally,
3409 * as the Linux kernel doesn't like it (message "scsi: unknown
3410 * opcode 0x01" in syslog) and replies with a sense code of 0,
3411 * which sends cdrecord to an endless loop. */
3412 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3413 break;
3414 default:
3415 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3416 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3417 break;
3418 sendcmd:
3419 /* Send a command to the drive, passing data in/out as required. */
3420 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3421 Assert(cbTransfer <= s->cbIOBuffer);
3422 if (cbTransfer == 0)
3423 uTxDir = PDMBLOCKTXDIR_NONE;
3424 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3425 }
3426}
3427
3428
3429static void atapiParseCmd(ATADevState *s)
3430{
3431 const uint8_t *pbPacket;
3432
3433 pbPacket = s->aATAPICmd;
3434#ifdef DEBUG
3435 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3436#else /* !DEBUG */
3437 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3438#endif /* !DEBUG */
3439 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3440
3441 if (s->fATAPIPassthrough)
3442 atapiParseCmdPassthrough(s);
3443 else
3444 atapiParseCmdVirtualATAPI(s);
3445}
3446
3447
3448static bool ataPacketSS(ATADevState *s)
3449{
3450 s->fDMA = !!(s->uATARegFeature & 1);
3451 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3452 s->uTxDir = PDMBLOCKTXDIR_NONE;
3453 s->cbTotalTransfer = 0;
3454 s->cbElementaryTransfer = 0;
3455 atapiParseCmd(s);
3456 return false;
3457}
3458
3459
3460/**
3461 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3462 * from now on, regardless if there was a medium inserted or not.
3463 */
3464static void ataMediumRemoved(ATADevState *s)
3465{
3466 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3467}
3468
3469
3470/**
3471 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3472 * there was already a medium inserted, don't forget to send the "medium
3473 * removed" event first.
3474 */
3475static void ataMediumInserted(ATADevState *s)
3476{
3477 uint32_t OldStatus, NewStatus;
3478 do
3479 {
3480 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3481 switch (OldStatus)
3482 {
3483 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3484 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3485 /* no change, we will send "medium removed" + "medium inserted" */
3486 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3487 break;
3488 default:
3489 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3490 break;
3491 }
3492 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3493}
3494
3495/**
3496 * Called when a media is mounted.
3497 *
3498 * @param pInterface Pointer to the interface structure containing the called function pointer.
3499 */
3500static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3501{
3502 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3503 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3504
3505 /* Ignore the call if we're called while being attached. */
3506 if (!pIf->pDrvBlock)
3507 return;
3508
3509 if (pIf->fATAPI)
3510 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3511 else
3512 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3513
3514 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3515
3516 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3517 if (pIf->cNotifiedMediaChange < 2)
3518 pIf->cNotifiedMediaChange = 2;
3519 ataMediumInserted(pIf);
3520 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3521}
3522
3523/**
3524 * Called when a media is unmounted
3525 * @param pInterface Pointer to the interface structure containing the called function pointer.
3526 */
3527static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3528{
3529 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3530 Log(("%s:\n", __FUNCTION__));
3531 pIf->cTotalSectors = 0;
3532
3533 /*
3534 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3535 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3536 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3537 * present and 2 in which it is changed.
3538 */
3539 pIf->cNotifiedMediaChange = 4;
3540 ataMediumRemoved(pIf);
3541 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3542}
3543
3544static void ataPacketBT(ATADevState *s)
3545{
3546 s->cbElementaryTransfer = s->cbTotalTransfer;
3547 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3548 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3549 ataSetStatusValue(s, ATA_STAT_READY);
3550}
3551
3552
3553static void ataResetDevice(ATADevState *s)
3554{
3555 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3556 s->cNotifiedMediaChange = 0;
3557 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3558 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3559 ataUnsetIRQ(s);
3560
3561 s->uATARegSelect = 0x20;
3562 ataSetStatusValue(s, ATA_STAT_READY);
3563 ataSetSignature(s);
3564 s->cbTotalTransfer = 0;
3565 s->cbElementaryTransfer = 0;
3566 s->iIOBufferPIODataStart = 0;
3567 s->iIOBufferPIODataEnd = 0;
3568 s->iBeginTransfer = ATAFN_BT_NULL;
3569 s->iSourceSink = ATAFN_SS_NULL;
3570 s->fDMA = false;
3571 s->fATAPITransfer = false;
3572 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3573
3574 s->uATARegFeature = 0;
3575}
3576
3577
3578static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3579{
3580 ataSetSignature(s);
3581 if (s->fATAPI)
3582 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3583 else
3584 ataSetStatusValue(s, ATA_STAT_READY);
3585 s->uATARegError = 0x01;
3586 return false;
3587}
3588
3589
3590static void ataParseCmd(ATADevState *s, uint8_t cmd)
3591{
3592#ifdef DEBUG
3593 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3594#else /* !DEBUG */
3595 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3596#endif /* !DEBUG */
3597 s->fLBA48 = false;
3598 s->fDMA = false;
3599 if (cmd == ATA_IDLE_IMMEDIATE)
3600 {
3601 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3602 * would overwrite the failing command unfortunately), then RESET. */
3603 int32_t uCmdWait = -1;
3604 uint64_t uNow = RTTimeNanoTS();
3605 if (s->u64CmdTS)
3606 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3607 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3608 s->iLUN, s->uATARegCommand, uCmdWait));
3609 }
3610 s->uATARegCommand = cmd;
3611 switch (cmd)
3612 {
3613 case ATA_IDENTIFY_DEVICE:
3614 if (s->pDrvBlock && !s->fATAPI)
3615 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3616 else
3617 {
3618 if (s->fATAPI)
3619 ataSetSignature(s);
3620 ataCmdError(s, ABRT_ERR);
3621 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3622 }
3623 break;
3624 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3625 case ATA_RECALIBRATE:
3626 ataCmdOK(s, ATA_STAT_SEEK);
3627 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3628 break;
3629 case ATA_SET_MULTIPLE_MODE:
3630 if ( s->uATARegNSector != 0
3631 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3632 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3633 {
3634 ataCmdError(s, ABRT_ERR);
3635 }
3636 else
3637 {
3638 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3639 s->cMultSectors = s->uATARegNSector;
3640 ataCmdOK(s, 0);
3641 }
3642 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3643 break;
3644 case ATA_READ_VERIFY_SECTORS_EXT:
3645 s->fLBA48 = true;
3646 case ATA_READ_VERIFY_SECTORS:
3647 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3648 /* do sector number check ? */
3649 ataCmdOK(s, 0);
3650 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3651 break;
3652 case ATA_READ_SECTORS_EXT:
3653 s->fLBA48 = true;
3654 case ATA_READ_SECTORS:
3655 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3656 if (!s->pDrvBlock || s->fATAPI)
3657 goto abort_cmd;
3658 s->cSectorsPerIRQ = 1;
3659 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3660 break;
3661 case ATA_WRITE_SECTORS_EXT:
3662 s->fLBA48 = true;
3663 case ATA_WRITE_SECTORS:
3664 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3665 if (!s->pDrvBlock || s->fATAPI)
3666 goto abort_cmd;
3667 s->cSectorsPerIRQ = 1;
3668 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3669 break;
3670 case ATA_READ_MULTIPLE_EXT:
3671 s->fLBA48 = true;
3672 case ATA_READ_MULTIPLE:
3673 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
3674 goto abort_cmd;
3675 s->cSectorsPerIRQ = s->cMultSectors;
3676 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3677 break;
3678 case ATA_WRITE_MULTIPLE_EXT:
3679 s->fLBA48 = true;
3680 case ATA_WRITE_MULTIPLE:
3681 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
3682 goto abort_cmd;
3683 s->cSectorsPerIRQ = s->cMultSectors;
3684 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3685 break;
3686 case ATA_READ_DMA_EXT:
3687 s->fLBA48 = true;
3688 case ATA_READ_DMA:
3689 case ATA_READ_DMA_WITHOUT_RETRIES:
3690 if (!s->pDrvBlock || s->fATAPI)
3691 goto abort_cmd;
3692 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3693 s->fDMA = true;
3694 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3695 break;
3696 case ATA_WRITE_DMA_EXT:
3697 s->fLBA48 = true;
3698 case ATA_WRITE_DMA:
3699 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3700 if (!s->pDrvBlock || s->fATAPI)
3701 goto abort_cmd;
3702 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3703 s->fDMA = true;
3704 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3705 break;
3706 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3707 s->fLBA48 = true;
3708 ataSetSector(s, s->cTotalSectors - 1);
3709 ataCmdOK(s, 0);
3710 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3711 break;
3712 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3713 ataCmdOK(s, 0);
3714 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3715 break;
3716 case ATA_READ_NATIVE_MAX_ADDRESS:
3717 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3718 ataCmdOK(s, 0);
3719 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3720 break;
3721 case ATA_CHECK_POWER_MODE:
3722 s->uATARegNSector = 0xff; /* drive active or idle */
3723 ataCmdOK(s, 0);
3724 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3725 break;
3726 case ATA_SET_FEATURES:
3727 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3728 if (!s->pDrvBlock)
3729 goto abort_cmd;
3730 switch (s->uATARegFeature)
3731 {
3732 case 0x02: /* write cache enable */
3733 Log2(("%s: write cache enable\n", __FUNCTION__));
3734 ataCmdOK(s, ATA_STAT_SEEK);
3735 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3736 break;
3737 case 0xaa: /* read look-ahead enable */
3738 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3739 ataCmdOK(s, ATA_STAT_SEEK);
3740 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3741 break;
3742 case 0x55: /* read look-ahead disable */
3743 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3744 ataCmdOK(s, ATA_STAT_SEEK);
3745 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3746 break;
3747 case 0xcc: /* reverting to power-on defaults enable */
3748 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3749 ataCmdOK(s, ATA_STAT_SEEK);
3750 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3751 break;
3752 case 0x66: /* reverting to power-on defaults disable */
3753 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3754 ataCmdOK(s, ATA_STAT_SEEK);
3755 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3756 break;
3757 case 0x82: /* write cache disable */
3758 Log2(("%s: write cache disable\n", __FUNCTION__));
3759 /* As per the ATA/ATAPI-6 specs, a write cache disable
3760 * command MUST flush the write buffers to disc. */
3761 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3762 break;
3763 case 0x03: { /* set transfer mode */
3764 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3765 switch (s->uATARegNSector & 0xf8)
3766 {
3767 case 0x00: /* PIO default */
3768 case 0x08: /* PIO mode */
3769 break;
3770 case ATA_MODE_MDMA: /* MDMA mode */
3771 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3772 break;
3773 case ATA_MODE_UDMA: /* UDMA mode */
3774 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3775 break;
3776 default:
3777 goto abort_cmd;
3778 }
3779 ataCmdOK(s, ATA_STAT_SEEK);
3780 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3781 break;
3782 }
3783 default:
3784 goto abort_cmd;
3785 }
3786 /*
3787 * OS/2 workarond:
3788 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3789 * reset here. According to the specification, this is a driver bug as the register
3790 * contents are undefined after the call. This means we can just as well reset it.
3791 */
3792 s->uATARegFeature = 0;
3793 break;
3794 case ATA_FLUSH_CACHE_EXT:
3795 case ATA_FLUSH_CACHE:
3796 if (!s->pDrvBlock || s->fATAPI)
3797 goto abort_cmd;
3798 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3799 break;
3800 case ATA_STANDBY_IMMEDIATE:
3801 ataCmdOK(s, 0);
3802 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3803 break;
3804 case ATA_IDLE_IMMEDIATE:
3805 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3806 ataAbortCurrentCommand(s, false);
3807 break;
3808 case ATA_SLEEP:
3809 ataCmdOK(s, 0);
3810 ataSetIRQ(s);
3811 break;
3812 /* ATAPI commands */
3813 case ATA_IDENTIFY_PACKET_DEVICE:
3814 if (s->fATAPI)
3815 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3816 else
3817 {
3818 ataCmdError(s, ABRT_ERR);
3819 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3820 }
3821 break;
3822 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3823 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3824 break;
3825 case ATA_DEVICE_RESET:
3826 if (!s->fATAPI)
3827 goto abort_cmd;
3828 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3829 ataAbortCurrentCommand(s, true);
3830 break;
3831 case ATA_PACKET:
3832 if (!s->fATAPI)
3833 goto abort_cmd;
3834 /* overlapping commands not supported */
3835 if (s->uATARegFeature & 0x02)
3836 goto abort_cmd;
3837 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3838 break;
3839 default:
3840 abort_cmd:
3841 ataCmdError(s, ABRT_ERR);
3842 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3843 break;
3844 }
3845}
3846
3847#endif /* IN_RING3 */
3848
3849static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3850{
3851 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3852 addr &= 7;
3853 switch (addr)
3854 {
3855 case 0:
3856 break;
3857 case 1: /* feature register */
3858 /* NOTE: data is written to the two drives */
3859 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3860 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3861 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3862 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3863 pCtl->aIfs[0].uATARegFeature = val;
3864 pCtl->aIfs[1].uATARegFeature = val;
3865 break;
3866 case 2: /* sector count */
3867 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3868 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3869 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3870 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3871 pCtl->aIfs[0].uATARegNSector = val;
3872 pCtl->aIfs[1].uATARegNSector = val;
3873 break;
3874 case 3: /* sector number */
3875 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3876 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3877 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3878 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3879 pCtl->aIfs[0].uATARegSector = val;
3880 pCtl->aIfs[1].uATARegSector = val;
3881 break;
3882 case 4: /* cylinder low */
3883 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3884 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3885 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3886 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3887 pCtl->aIfs[0].uATARegLCyl = val;
3888 pCtl->aIfs[1].uATARegLCyl = val;
3889 break;
3890 case 5: /* cylinder high */
3891 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3892 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3893 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3894 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3895 pCtl->aIfs[0].uATARegHCyl = val;
3896 pCtl->aIfs[1].uATARegHCyl = val;
3897 break;
3898 case 6: /* drive/head */
3899 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3900 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3901 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3902 {
3903 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3904
3905 /* select another drive */
3906 pCtl->iSelectedIf = (val >> 4) & 1;
3907 /* The IRQ line is multiplexed between the two drives, so
3908 * update the state when switching to another drive. Only need
3909 * to update interrupt line if it is enabled and there is a
3910 * state change. */
3911 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3912 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3913 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3914 {
3915 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3916 {
3917 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3918 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3919 * the interrupt line is asserted. It monitors the line
3920 * for a rising edge. */
3921 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3922 if (pCtl->irq == 16)
3923 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
3924 else
3925 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
3926 }
3927 else
3928 {
3929 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3930 if (pCtl->irq == 16)
3931 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
3932 else
3933 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
3934 }
3935 }
3936 }
3937 break;
3938 default:
3939 case 7: /* command */
3940 /* ignore commands to non existant slave */
3941 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3942 break;
3943#ifndef IN_RING3
3944 /* Don't do anything complicated in GC */
3945 return VINF_IOM_HC_IOPORT_WRITE;
3946#else /* IN_RING3 */
3947 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3948#endif /* !IN_RING3 */
3949 }
3950 return VINF_SUCCESS;
3951}
3952
3953
3954static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3955{
3956 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3957 uint32_t val;
3958 bool fHOB;
3959
3960 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3961 switch (addr & 7)
3962 {
3963 case 0: /* data register */
3964 val = 0xff;
3965 break;
3966 case 1: /* error register */
3967 /* The ATA specification is very terse when it comes to specifying
3968 * the precise effects of reading back the error/feature register.
3969 * The error register (read-only) shares the register number with
3970 * the feature register (write-only), so it seems that it's not
3971 * necessary to support the usual HOB readback here. */
3972 if (!s->pDrvBlock)
3973 val = 0;
3974 else
3975 val = s->uATARegError;
3976 break;
3977 case 2: /* sector count */
3978 if (!s->pDrvBlock)
3979 val = 0;
3980 else if (fHOB)
3981 val = s->uATARegNSectorHOB;
3982 else
3983 val = s->uATARegNSector;
3984 break;
3985 case 3: /* sector number */
3986 if (!s->pDrvBlock)
3987 val = 0;
3988 else if (fHOB)
3989 val = s->uATARegSectorHOB;
3990 else
3991 val = s->uATARegSector;
3992 break;
3993 case 4: /* cylinder low */
3994 if (!s->pDrvBlock)
3995 val = 0;
3996 else if (fHOB)
3997 val = s->uATARegLCylHOB;
3998 else
3999 val = s->uATARegLCyl;
4000 break;
4001 case 5: /* cylinder high */
4002 if (!s->pDrvBlock)
4003 val = 0;
4004 else if (fHOB)
4005 val = s->uATARegHCylHOB;
4006 else
4007 val = s->uATARegHCyl;
4008 break;
4009 case 6: /* drive/head */
4010 /* This register must always work as long as there is at least
4011 * one drive attached to the controller. It is common between
4012 * both drives anyway (completely identical content). */
4013 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4014 val = 0;
4015 else
4016 val = s->uATARegSelect;
4017 break;
4018 default:
4019 case 7: /* primary status */
4020 {
4021 /* Counter for number of busy status seen in GC in a row. */
4022 static unsigned cBusy = 0;
4023
4024 if (!s->pDrvBlock)
4025 val = 0;
4026 else
4027 val = s->uATARegStatus;
4028
4029 /* Give the async I/O thread an opportunity to make progress,
4030 * don't let it starve by guests polling frequently. EMT has a
4031 * lower priority than the async I/O thread, but sometimes the
4032 * host OS doesn't care. With some guests we are only allowed to
4033 * be busy for about 5 milliseconds in some situations. Note that
4034 * this is no guarantee for any other VBox thread getting
4035 * scheduled, so this just lowers the CPU load a bit when drives
4036 * are busy. It cannot help with timing problems. */
4037 if (val & ATA_STAT_BUSY)
4038 {
4039#ifdef IN_RING3
4040 cBusy = 0;
4041 PDMCritSectLeave(&pCtl->lock);
4042
4043#ifndef RT_OS_WINDOWS
4044 /*
4045 * The thread might be stuck in an I/O operation
4046 * due to a high I/O load on the host. (see @bugref{3301})
4047 * To perform the reset successfully
4048 * we interrupt the operation by sending a signal to the thread
4049 * if the thread didn't responded in 10ms.
4050 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4051 * does the same but it was introduced with Vista) but so far
4052 * this hang was only observed on Linux and Mac OS X.
4053 *
4054 * This is a workaround and needs to be solved properly.
4055 */
4056 if (pCtl->fReset)
4057 {
4058 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4059
4060 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4061 {
4062 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4063 pCtl->u64ResetTime = u64ResetTimeStop;
4064 RTThreadPoke(pCtl->AsyncIOThread);
4065 }
4066 }
4067#endif
4068
4069 RTThreadYield();
4070
4071 {
4072 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4073 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4074 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4075 }
4076
4077 val = s->uATARegStatus;
4078#else /* !IN_RING3 */
4079 /* Cannot yield CPU in guest context. And switching to host
4080 * context for each and every busy status is too costly,
4081 * especially on SMP systems where we don't gain much by
4082 * yielding the CPU to someone else. */
4083 if (++cBusy >= 20)
4084 {
4085 cBusy = 0;
4086 return VINF_IOM_HC_IOPORT_READ;
4087 }
4088#endif /* !IN_RING3 */
4089 }
4090 else
4091 cBusy = 0;
4092 ataUnsetIRQ(s);
4093 break;
4094 }
4095 }
4096 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4097 *pu32 = val;
4098 return VINF_SUCCESS;
4099}
4100
4101
4102static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4103{
4104 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4105 uint32_t val;
4106
4107 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4108 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4109 val = 0;
4110 else
4111 val = s->uATARegStatus;
4112 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4113 return val;
4114}
4115
4116static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4117{
4118#ifndef IN_RING3
4119 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4120 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4121#endif /* !IN_RING3 */
4122
4123 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4124 /* RESET is common for both drives attached to a controller. */
4125 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4126 (val & ATA_DEVCTL_RESET))
4127 {
4128#ifdef IN_RING3
4129 /* Software RESET low to high */
4130 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4131 uint64_t uNow = RTTimeNanoTS();
4132 if (pCtl->aIfs[0].u64CmdTS)
4133 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4134 if (pCtl->aIfs[1].u64CmdTS)
4135 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4136 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4137 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4138 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4139 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4140 pCtl->fReset = true;
4141 /* Everything must be done after the reset flag is set, otherwise
4142 * there are unavoidable races with the currently executing request
4143 * (which might just finish in the mean time). */
4144 pCtl->fChainedTransfer = false;
4145 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4146 {
4147 ataResetDevice(&pCtl->aIfs[i]);
4148 /* The following cannot be done using ataSetStatusValue() since the
4149 * reset flag is already set, which suppresses all status changes. */
4150 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4151 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4152 pCtl->aIfs[i].uATARegError = 0x01;
4153 }
4154 ataAsyncIOClearRequests(pCtl);
4155 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4156 if (val & ATA_DEVCTL_HOB)
4157 {
4158 val &= ~ATA_DEVCTL_HOB;
4159 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4160 }
4161
4162 /* Save the timestamp we started the reset. */
4163 pCtl->u64ResetTime = RTTimeMilliTS();
4164
4165 /* Issue the reset request now. */
4166 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4167#else /* !IN_RING3 */
4168 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4169#endif /* IN_RING3 */
4170 }
4171 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4172 !(val & ATA_DEVCTL_RESET))
4173 {
4174#ifdef IN_RING3
4175 /* Software RESET high to low */
4176 Log(("%s: deasserting RESET\n", __FUNCTION__));
4177 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4178 if (val & ATA_DEVCTL_HOB)
4179 {
4180 val &= ~ATA_DEVCTL_HOB;
4181 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4182 }
4183 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4184#else /* !IN_RING3 */
4185 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4186#endif /* IN_RING3 */
4187 }
4188
4189 /* Change of interrupt disable flag. Update interrupt line if interrupt
4190 * is pending on the current interface. */
4191 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4192 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4193 {
4194 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4195 {
4196 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4197 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4198 * interrupt line is asserted. It monitors the line for a rising
4199 * edge. */
4200 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4201 if (pCtl->irq == 16)
4202 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4203 else
4204 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4205 }
4206 else
4207 {
4208 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4209 if (pCtl->irq == 16)
4210 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4211 else
4212 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4213 }
4214 }
4215
4216 if (val & ATA_DEVCTL_HOB)
4217 Log2(("%s: set HOB\n", __FUNCTION__));
4218
4219 pCtl->aIfs[0].uATARegDevCtl = val;
4220 pCtl->aIfs[1].uATARegDevCtl = val;
4221
4222 return VINF_SUCCESS;
4223}
4224
4225#ifdef IN_RING3
4226
4227static void ataPIOTransfer(PATACONTROLLER pCtl)
4228{
4229 ATADevState *s;
4230
4231 s = &pCtl->aIfs[pCtl->iAIOIf];
4232 Log3(("%s: if=%p\n", __FUNCTION__, s));
4233
4234 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4235 {
4236 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4237 /* Any guest OS that triggers this case has a pathetic ATA driver.
4238 * In a real system it would block the CPU via IORDY, here we do it
4239 * very similarly by not continuing with the current instruction
4240 * until the transfer to/from the storage medium is completed. */
4241 if (s->iSourceSink != ATAFN_SS_NULL)
4242 {
4243 bool fRedo;
4244 uint8_t status = s->uATARegStatus;
4245 ataSetStatusValue(s, ATA_STAT_BUSY);
4246 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4247 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4248 pCtl->fRedo = fRedo;
4249 if (RT_UNLIKELY(fRedo))
4250 return;
4251 ataSetStatusValue(s, status);
4252 s->iIOBufferCur = 0;
4253 s->iIOBufferEnd = s->cbElementaryTransfer;
4254 }
4255 }
4256 if (s->cbTotalTransfer)
4257 {
4258 if (s->fATAPITransfer)
4259 ataPIOTransferLimitATAPI(s);
4260
4261 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4262 s->cbElementaryTransfer = s->cbTotalTransfer;
4263
4264 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4265 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4266 s->cbTotalTransfer, s->cbElementaryTransfer,
4267 s->iIOBufferCur, s->iIOBufferEnd));
4268 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4269 s->cbTotalTransfer -= s->cbElementaryTransfer;
4270 s->iIOBufferCur += s->cbElementaryTransfer;
4271
4272 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4273 s->cbElementaryTransfer = s->cbTotalTransfer;
4274 }
4275 else
4276 ataPIOTransferStop(s);
4277}
4278
4279
4280DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4281{
4282 /* Do not interfere with RESET processing if the PIO transfer finishes
4283 * while the RESET line is asserted. */
4284 if (pCtl->fReset)
4285 {
4286 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4287 return;
4288 }
4289
4290 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4291 || ( s->iSourceSink != ATAFN_SS_NULL
4292 && s->iIOBufferCur >= s->iIOBufferEnd))
4293 {
4294 /* Need to continue the transfer in the async I/O thread. This is
4295 * the case for write operations or generally for not yet finished
4296 * transfers (some data might need to be read). */
4297 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4298 ataSetStatus(s, ATA_STAT_BUSY);
4299
4300 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4301 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4302 }
4303 else
4304 {
4305 /* Either everything finished (though some data might still be pending)
4306 * or some data is pending before the next read is due. */
4307
4308 /* Continue a previously started transfer. */
4309 ataUnsetStatus(s, ATA_STAT_DRQ);
4310 ataSetStatus(s, ATA_STAT_READY);
4311
4312 if (s->cbTotalTransfer)
4313 {
4314 /* There is more to transfer, happens usually for large ATAPI
4315 * reads - the protocol limits the chunk size to 65534 bytes. */
4316 ataPIOTransfer(pCtl);
4317 ataSetIRQ(s);
4318 }
4319 else
4320 {
4321 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4322 /* Finish PIO transfer. */
4323 ataPIOTransfer(pCtl);
4324 Assert(!pCtl->fRedo);
4325 }
4326 }
4327}
4328
4329#endif /* IN_RING3 */
4330
4331static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4332{
4333 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4334 uint8_t *p;
4335
4336 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4337 {
4338 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4339 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4340#ifndef IN_RING3
4341 /* All but the last transfer unit is simple enough for GC, but
4342 * sending a request to the async IO thread is too complicated. */
4343 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4344 {
4345 memcpy(p, pbBuf, cbSize);
4346 s->iIOBufferPIODataStart += cbSize;
4347 }
4348 else
4349 return VINF_IOM_HC_IOPORT_WRITE;
4350#else /* IN_RING3 */
4351 memcpy(p, pbBuf, cbSize);
4352 s->iIOBufferPIODataStart += cbSize;
4353 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4354 ataPIOTransferFinish(pCtl, s);
4355#endif /* !IN_RING3 */
4356 }
4357 else
4358 Log2(("%s: DUMMY data\n", __FUNCTION__));
4359 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4360 return VINF_SUCCESS;
4361}
4362
4363static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4364{
4365 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4366 uint8_t *p;
4367
4368 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4369 {
4370 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4371 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4372#ifndef IN_RING3
4373 /* All but the last transfer unit is simple enough for GC, but
4374 * sending a request to the async IO thread is too complicated. */
4375 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4376 {
4377 memcpy(pbBuf, p, cbSize);
4378 s->iIOBufferPIODataStart += cbSize;
4379 }
4380 else
4381 return VINF_IOM_HC_IOPORT_READ;
4382#else /* IN_RING3 */
4383 memcpy(pbBuf, p, cbSize);
4384 s->iIOBufferPIODataStart += cbSize;
4385 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4386 ataPIOTransferFinish(pCtl, s);
4387#endif /* !IN_RING3 */
4388 }
4389 else
4390 {
4391 Log2(("%s: DUMMY data\n", __FUNCTION__));
4392 memset(pbBuf, '\xff', cbSize);
4393 }
4394 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4395 return VINF_SUCCESS;
4396}
4397
4398#ifdef IN_RING3
4399
4400static void ataDMATransferStop(ATADevState *s)
4401{
4402 s->cbTotalTransfer = 0;
4403 s->cbElementaryTransfer = 0;
4404 s->iBeginTransfer = ATAFN_BT_NULL;
4405 s->iSourceSink = ATAFN_SS_NULL;
4406}
4407
4408
4409/**
4410 * Perform the entire DMA transfer in one go (unless a source/sink operation
4411 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4412 * this function cannot handle empty transfers.
4413 *
4414 * @param pCtl Controller for which to perform the transfer.
4415 */
4416static void ataDMATransfer(PATACONTROLLER pCtl)
4417{
4418 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4419 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4420 bool fRedo;
4421 RTGCPHYS32 pDesc;
4422 uint32_t cbTotalTransfer, cbElementaryTransfer;
4423 uint32_t iIOBufferCur, iIOBufferEnd;
4424 uint32_t dmalen;
4425 PDMBLOCKTXDIR uTxDir;
4426 bool fLastDesc = false;
4427
4428 Assert(sizeof(BMDMADesc) == 8);
4429
4430 fRedo = pCtl->fRedo;
4431 if (RT_LIKELY(!fRedo))
4432 Assert(s->cbTotalTransfer);
4433 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4434 cbTotalTransfer = s->cbTotalTransfer;
4435 cbElementaryTransfer = s->cbElementaryTransfer;
4436 iIOBufferCur = s->iIOBufferCur;
4437 iIOBufferEnd = s->iIOBufferEnd;
4438
4439 /* The DMA loop is designed to hold the lock only when absolutely
4440 * necessary. This avoids long freezes should the guest access the
4441 * ATA registers etc. for some reason. */
4442 PDMCritSectLeave(&pCtl->lock);
4443
4444 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4445 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4446 cbTotalTransfer, cbElementaryTransfer,
4447 iIOBufferCur, iIOBufferEnd));
4448 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4449 {
4450 BMDMADesc DMADesc;
4451 RTGCPHYS32 pBuffer;
4452 uint32_t cbBuffer;
4453
4454 if (RT_UNLIKELY(fRedo))
4455 {
4456 pBuffer = pCtl->pRedoDMABuffer;
4457 cbBuffer = pCtl->cbRedoDMABuffer;
4458 fLastDesc = pCtl->fRedoDMALastDesc;
4459 }
4460 else
4461 {
4462 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4463 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4464 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4465 fLastDesc = !!(cbBuffer & 0x80000000);
4466 cbBuffer &= 0xfffe;
4467 if (cbBuffer == 0)
4468 cbBuffer = 0x10000;
4469 if (cbBuffer > cbTotalTransfer)
4470 cbBuffer = cbTotalTransfer;
4471 }
4472
4473 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4474 {
4475 if (RT_LIKELY(!fRedo))
4476 {
4477 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4478 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4479 (int)pDesc, pBuffer, cbBuffer));
4480 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4481 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4482 else
4483 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4484 iIOBufferCur += dmalen;
4485 cbTotalTransfer -= dmalen;
4486 cbBuffer -= dmalen;
4487 pBuffer += dmalen;
4488 }
4489 if ( iIOBufferCur == iIOBufferEnd
4490 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4491 {
4492 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4493 cbElementaryTransfer = cbTotalTransfer;
4494
4495 {
4496 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4497 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4498 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4499 }
4500
4501 /* The RESET handler could have cleared the DMA transfer
4502 * state (since we didn't hold the lock until just now
4503 * the guest can continue in parallel). If so, the state
4504 * is already set up so the loop is exited immediately. */
4505 if (s->iSourceSink != ATAFN_SS_NULL)
4506 {
4507 s->iIOBufferCur = iIOBufferCur;
4508 s->iIOBufferEnd = iIOBufferEnd;
4509 s->cbElementaryTransfer = cbElementaryTransfer;
4510 s->cbTotalTransfer = cbTotalTransfer;
4511 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4512 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4513 if (RT_UNLIKELY(fRedo))
4514 {
4515 pCtl->pFirstDMADesc = pDesc;
4516 pCtl->pRedoDMABuffer = pBuffer;
4517 pCtl->cbRedoDMABuffer = cbBuffer;
4518 pCtl->fRedoDMALastDesc = fLastDesc;
4519 }
4520 else
4521 {
4522 cbTotalTransfer = s->cbTotalTransfer;
4523 cbElementaryTransfer = s->cbElementaryTransfer;
4524
4525 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4526 cbElementaryTransfer = cbTotalTransfer;
4527 iIOBufferCur = 0;
4528 iIOBufferEnd = cbElementaryTransfer;
4529 }
4530 pCtl->fRedo = fRedo;
4531 }
4532 else
4533 {
4534 /* This forces the loop to exit immediately. */
4535 pDesc = pCtl->pLastDMADesc + 1;
4536 }
4537
4538 PDMCritSectLeave(&pCtl->lock);
4539 if (RT_UNLIKELY(fRedo))
4540 break;
4541 }
4542 }
4543
4544 if (RT_UNLIKELY(fRedo))
4545 break;
4546
4547 /* end of transfer */
4548 if (!cbTotalTransfer || fLastDesc)
4549 break;
4550
4551 {
4552 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4553 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4554 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4555 }
4556
4557 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4558 {
4559 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4560 if (!pCtl->fReset)
4561 ataDMATransferStop(s);
4562 /* This forces the loop to exit immediately. */
4563 pDesc = pCtl->pLastDMADesc + 1;
4564 }
4565
4566 PDMCritSectLeave(&pCtl->lock);
4567 }
4568
4569 {
4570 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4571 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4572 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4573 }
4574
4575 if (RT_UNLIKELY(fRedo))
4576 return;
4577
4578 if (fLastDesc)
4579 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4580 s->cbTotalTransfer = cbTotalTransfer;
4581 s->cbElementaryTransfer = cbElementaryTransfer;
4582 s->iIOBufferCur = iIOBufferCur;
4583 s->iIOBufferEnd = iIOBufferEnd;
4584}
4585
4586/**
4587 * Signal PDM that we're idle (if we actually are).
4588 *
4589 * @param pCtl The controller.
4590 */
4591static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4592{
4593 /*
4594 * Take the mutex here and recheck the idle indicator to avoid
4595 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4596 */
4597 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4598
4599 if ( pCtl->fSignalIdle
4600 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4601 {
4602 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4603 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4604 }
4605
4606 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4607}
4608
4609/** Async I/O thread for an interface. Once upon a time this was readable
4610 * code with several loops and a different semaphore for each purpose. But
4611 * then came the "how can one save the state in the middle of a PIO transfer"
4612 * question. The solution was to use an ASM, which is what's there now. */
4613static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4614{
4615 const ATARequest *pReq;
4616 uint64_t u64TS = 0; /* shut up gcc */
4617 uint64_t uWait;
4618 int rc = VINF_SUCCESS;
4619 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4620 ATADevState *s;
4621
4622 pReq = NULL;
4623 pCtl->fChainedTransfer = false;
4624 while (!pCtl->fShutdown)
4625 {
4626 /* Keep this thread from doing anything as long as EMT is suspended. */
4627 while (pCtl->fRedoIdle)
4628 {
4629 if (pCtl->fSignalIdle)
4630 ataR3AsyncSignalIdle(pCtl);
4631 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4632 /* Continue if we got a signal by RTThreadPoke().
4633 * We will get notified if there is a request to process.
4634 */
4635 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4636 continue;
4637 if (RT_FAILURE(rc) || pCtl->fShutdown)
4638 break;
4639
4640 pCtl->fRedoIdle = false;
4641 }
4642
4643 /* Wait for work. */
4644 while (pReq == NULL)
4645 {
4646 if (pCtl->fSignalIdle)
4647 ataR3AsyncSignalIdle(pCtl);
4648 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4649 /* Continue if we got a signal by RTThreadPoke().
4650 * We will get notified if there is a request to process.
4651 */
4652 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4653 continue;
4654 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4655 break;
4656
4657 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4658 }
4659
4660 if (RT_FAILURE(rc) || pCtl->fShutdown)
4661 break;
4662
4663 if (pReq == NULL)
4664 continue;
4665
4666 ATAAIO ReqType = pReq->ReqType;
4667
4668 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4669 if (pCtl->uAsyncIOState != ReqType)
4670 {
4671 /* The new state is not the state that was expected by the normal
4672 * state changes. This is either a RESET/ABORT or there's something
4673 * really strange going on. */
4674 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4675 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4676 {
4677 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4678 ataAsyncIODumpRequests(pCtl);
4679 }
4680 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4681 }
4682
4683 /* Do our work. */
4684 {
4685 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4686 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4687 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4688 }
4689
4690 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4691 {
4692 u64TS = RTTimeNanoTS();
4693#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4694 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4695#endif /* DEBUG || VBOX_WITH_STATISTICS */
4696 }
4697
4698 switch (ReqType)
4699 {
4700 case ATA_AIO_NEW:
4701
4702 pCtl->iAIOIf = pReq->u.t.iIf;
4703 s = &pCtl->aIfs[pCtl->iAIOIf];
4704 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4705 s->uTxDir = pReq->u.t.uTxDir;
4706 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4707 s->iSourceSink = pReq->u.t.iSourceSink;
4708 s->iIOBufferEnd = 0;
4709 s->u64CmdTS = u64TS;
4710
4711 if (s->fATAPI)
4712 {
4713 if (pCtl->fChainedTransfer)
4714 {
4715 /* Only count the actual transfers, not the PIO
4716 * transfer of the ATAPI command bytes. */
4717 if (s->fDMA)
4718 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4719 else
4720 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4721 }
4722 }
4723 else
4724 {
4725 if (s->fDMA)
4726 STAM_REL_COUNTER_INC(&s->StatATADMA);
4727 else
4728 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4729 }
4730
4731 pCtl->fChainedTransfer = false;
4732
4733 if (s->iBeginTransfer != ATAFN_BT_NULL)
4734 {
4735 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4736 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4737 s->iBeginTransfer = ATAFN_BT_NULL;
4738 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4739 s->iIOBufferEnd = s->cbElementaryTransfer;
4740 }
4741 else
4742 {
4743 s->cbElementaryTransfer = s->cbTotalTransfer;
4744 s->iIOBufferEnd = s->cbTotalTransfer;
4745 }
4746 s->iIOBufferCur = 0;
4747
4748 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4749 {
4750 if (s->iSourceSink != ATAFN_SS_NULL)
4751 {
4752 bool fRedo;
4753 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4754 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4755 pCtl->fRedo = fRedo;
4756 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4757 {
4758 /* Operation failed at the initial transfer, restart
4759 * everything from scratch by resending the current
4760 * request. Occurs very rarely, not worth optimizing. */
4761 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4762 ataAsyncIOPutRequest(pCtl, pReq);
4763 break;
4764 }
4765 }
4766 else
4767 ataCmdOK(s, 0);
4768 s->iIOBufferEnd = s->cbElementaryTransfer;
4769
4770 }
4771
4772 /* Do not go into the transfer phase if RESET is asserted.
4773 * The CritSect is released while waiting for the host OS
4774 * to finish the I/O, thus RESET is possible here. Most
4775 * important: do not change uAsyncIOState. */
4776 if (pCtl->fReset)
4777 break;
4778
4779 if (s->fDMA)
4780 {
4781 if (s->cbTotalTransfer)
4782 {
4783 ataSetStatus(s, ATA_STAT_DRQ);
4784
4785 pCtl->uAsyncIOState = ATA_AIO_DMA;
4786 /* If BMDMA is already started, do the transfer now. */
4787 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4788 {
4789 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4790 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4791 }
4792 }
4793 else
4794 {
4795 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4796 /* Finish DMA transfer. */
4797 ataDMATransferStop(s);
4798 ataSetIRQ(s);
4799 pCtl->uAsyncIOState = ATA_AIO_NEW;
4800 }
4801 }
4802 else
4803 {
4804 if (s->cbTotalTransfer)
4805 {
4806 ataPIOTransfer(pCtl);
4807 Assert(!pCtl->fRedo);
4808 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4809 ataSetIRQ(s);
4810
4811 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4812 {
4813 /* Write operations and not yet finished transfers
4814 * must be completed in the async I/O thread. */
4815 pCtl->uAsyncIOState = ATA_AIO_PIO;
4816 }
4817 else
4818 {
4819 /* Finished read operation can be handled inline
4820 * in the end of PIO transfer handling code. Linux
4821 * depends on this, as it waits only briefly for
4822 * devices to become ready after incoming data
4823 * transfer. Cannot find anything in the ATA spec
4824 * that backs this assumption, but as all kernels
4825 * are affected (though most of the time it does
4826 * not cause any harm) this must work. */
4827 pCtl->uAsyncIOState = ATA_AIO_NEW;
4828 }
4829 }
4830 else
4831 {
4832 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4833 /* Finish PIO transfer. */
4834 ataPIOTransfer(pCtl);
4835 Assert(!pCtl->fRedo);
4836 if (!s->fATAPITransfer)
4837 ataSetIRQ(s);
4838 pCtl->uAsyncIOState = ATA_AIO_NEW;
4839 }
4840 }
4841 break;
4842
4843 case ATA_AIO_DMA:
4844 {
4845 BMDMAState *bm = &pCtl->BmDma;
4846 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4847 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4848
4849 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4850 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4851 else
4852 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4853
4854 if (RT_LIKELY(!pCtl->fRedo))
4855 {
4856 /* The specs say that the descriptor table must not cross a
4857 * 4K boundary. */
4858 pCtl->pFirstDMADesc = bm->pvAddr;
4859 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4860 }
4861 ataDMATransfer(pCtl);
4862
4863 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
4864 {
4865 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4866 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4867 break;
4868 }
4869
4870 /* The infamous delay IRQ hack. */
4871 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4872 && s->cbTotalTransfer == 0
4873 && pCtl->DelayIRQMillies)
4874 {
4875 /* Delay IRQ for writing. Required to get the Win2K
4876 * installation work reliably (otherwise it crashes,
4877 * usually during component install). So far no better
4878 * solution has been found. */
4879 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4880 PDMCritSectLeave(&pCtl->lock);
4881 RTThreadSleep(pCtl->DelayIRQMillies);
4882 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4883 }
4884
4885 ataUnsetStatus(s, ATA_STAT_DRQ);
4886 Assert(!pCtl->fChainedTransfer);
4887 Assert(s->iSourceSink == ATAFN_SS_NULL);
4888 if (s->fATAPITransfer)
4889 {
4890 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4891 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4892 s->fATAPITransfer = false;
4893 }
4894 ataSetIRQ(s);
4895 pCtl->uAsyncIOState = ATA_AIO_NEW;
4896 break;
4897 }
4898
4899 case ATA_AIO_PIO:
4900 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4901
4902 if (s->iSourceSink != ATAFN_SS_NULL)
4903 {
4904 bool fRedo;
4905 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4906 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4907 pCtl->fRedo = fRedo;
4908 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4909 {
4910 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4911 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4912 break;
4913 }
4914 s->iIOBufferCur = 0;
4915 s->iIOBufferEnd = s->cbElementaryTransfer;
4916 }
4917 else
4918 {
4919 /* Continue a previously started transfer. */
4920 ataUnsetStatus(s, ATA_STAT_BUSY);
4921 ataSetStatus(s, ATA_STAT_READY);
4922 }
4923
4924 /* It is possible that the drives on this controller get RESET
4925 * during the above call to the source/sink function. If that's
4926 * the case, don't restart the transfer and don't finish it the
4927 * usual way. RESET handling took care of all that already.
4928 * Most important: do not change uAsyncIOState. */
4929 if (pCtl->fReset)
4930 break;
4931
4932 if (s->cbTotalTransfer)
4933 {
4934 ataPIOTransfer(pCtl);
4935 ataSetIRQ(s);
4936
4937 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4938 {
4939 /* Write operations and not yet finished transfers
4940 * must be completed in the async I/O thread. */
4941 pCtl->uAsyncIOState = ATA_AIO_PIO;
4942 }
4943 else
4944 {
4945 /* Finished read operation can be handled inline
4946 * in the end of PIO transfer handling code. Linux
4947 * depends on this, as it waits only briefly for
4948 * devices to become ready after incoming data
4949 * transfer. Cannot find anything in the ATA spec
4950 * that backs this assumption, but as all kernels
4951 * are affected (though most of the time it does
4952 * not cause any harm) this must work. */
4953 pCtl->uAsyncIOState = ATA_AIO_NEW;
4954 }
4955 }
4956 else
4957 {
4958 /* Finish PIO transfer. */
4959 ataPIOTransfer(pCtl);
4960 if ( !pCtl->fChainedTransfer
4961 && !s->fATAPITransfer
4962 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4963 {
4964 ataSetIRQ(s);
4965 }
4966 pCtl->uAsyncIOState = ATA_AIO_NEW;
4967 }
4968 break;
4969
4970 case ATA_AIO_RESET_ASSERTED:
4971 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4972 ataPIOTransferStop(&pCtl->aIfs[0]);
4973 ataPIOTransferStop(&pCtl->aIfs[1]);
4974 /* Do not change the DMA registers, they are not affected by the
4975 * ATA controller reset logic. It should be sufficient to issue a
4976 * new command, which is now possible as the state is cleared. */
4977 break;
4978
4979 case ATA_AIO_RESET_CLEARED:
4980 pCtl->uAsyncIOState = ATA_AIO_NEW;
4981 pCtl->fReset = false;
4982 /* Ensure that half-completed transfers are not redone. A reset
4983 * cancels the entire transfer, so continuing is wrong. */
4984 pCtl->fRedo = false;
4985 pCtl->fRedoDMALastDesc = false;
4986 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4987 ATACONTROLLER_IDX(pCtl)));
4988 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4989 {
4990 if (pCtl->aIfs[i].fATAPI)
4991 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4992 else
4993 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4994 ataSetSignature(&pCtl->aIfs[i]);
4995 }
4996 break;
4997
4998 case ATA_AIO_ABORT:
4999 /* Abort the current command no matter what. There cannot be
5000 * any command activity on the other drive otherwise using
5001 * one thread per controller wouldn't work at all. */
5002 s = &pCtl->aIfs[pReq->u.a.iIf];
5003
5004 pCtl->uAsyncIOState = ATA_AIO_NEW;
5005 /* Do not change the DMA registers, they are not affected by the
5006 * ATA controller reset logic. It should be sufficient to issue a
5007 * new command, which is now possible as the state is cleared. */
5008 if (pReq->u.a.fResetDrive)
5009 {
5010 ataResetDevice(s);
5011 ataExecuteDeviceDiagnosticSS(s);
5012 }
5013 else
5014 {
5015 /* Stop any pending DMA transfer. */
5016 s->fDMA = false;
5017 ataPIOTransferStop(s);
5018 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5019 ataSetStatus(s, ATA_STAT_READY);
5020 ataSetIRQ(s);
5021 }
5022 break;
5023
5024 default:
5025 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5026 }
5027
5028 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5029 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5030
5031 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5032 {
5033#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5034 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5035#endif /* DEBUG || VBOX_WITH_STATISTICS */
5036
5037 u64TS = RTTimeNanoTS() - u64TS;
5038 uWait = u64TS / 1000;
5039 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5040 /* Mark command as finished. */
5041 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5042
5043 /*
5044 * Release logging of command execution times depends on the
5045 * command type. ATAPI commands often take longer (due to CD/DVD
5046 * spin up time etc.) so the threshold is different.
5047 */
5048 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5049 {
5050 if (uWait > 8 * 1000 * 1000)
5051 {
5052 /*
5053 * Command took longer than 8 seconds. This is close
5054 * enough or over the guest's command timeout, so place
5055 * an entry in the release log to allow tracking such
5056 * timing errors (which are often caused by the host).
5057 */
5058 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5059 }
5060 }
5061 else
5062 {
5063 if (uWait > 20 * 1000 * 1000)
5064 {
5065 /*
5066 * Command took longer than 20 seconds. This is close
5067 * enough or over the guest's command timeout, so place
5068 * an entry in the release log to allow tracking such
5069 * timing errors (which are often caused by the host).
5070 */
5071 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5072 }
5073 }
5074
5075#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5076 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5077 pCtl->StatAsyncMinWait = uWait;
5078 if (uWait > pCtl->StatAsyncMaxWait)
5079 pCtl->StatAsyncMaxWait = uWait;
5080
5081 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5082 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5083#endif /* DEBUG || VBOX_WITH_STATISTICS */
5084 }
5085
5086 PDMCritSectLeave(&pCtl->lock);
5087 }
5088
5089 /* Signal the ultimate idleness. */
5090 RTThreadUserSignal(pCtl->AsyncIOThread);
5091 if (pCtl->fSignalIdle)
5092 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5093
5094 /* Cleanup the state. */
5095 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5096 pCtl->fShutdown = false;
5097
5098 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5099 return rc;
5100}
5101
5102#endif /* IN_RING3 */
5103
5104static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5105{
5106 uint32_t val = pCtl->BmDma.u8Cmd;
5107 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5108 return val;
5109}
5110
5111
5112static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5113{
5114 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5115 if (!(val & BM_CMD_START))
5116 {
5117 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5118 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5119 }
5120 else
5121 {
5122#ifdef IN_RING3
5123 /* Check whether the guest OS wants to change DMA direction in
5124 * mid-flight. Not allowed, according to the PIIX3 specs. */
5125 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5126 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5127 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5128 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5129
5130 /* Do not continue DMA transfers while the RESET line is asserted. */
5131 if (pCtl->fReset)
5132 {
5133 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5134 return;
5135 }
5136
5137 /* Do not start DMA transfers if there's a PIO transfer going on,
5138 * or if there is already a transfer started on this controller. */
5139 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5140 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5141 return;
5142
5143 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5144 {
5145 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5146 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5147 }
5148#else /* !IN_RING3 */
5149 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5150#endif /* IN_RING3 */
5151 }
5152}
5153
5154static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5155{
5156 uint32_t val = pCtl->BmDma.u8Status;
5157 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5158 return val;
5159}
5160
5161static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5162{
5163 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5164 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5165 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5166 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5167}
5168
5169static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5170{
5171 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5172 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5173 return val;
5174}
5175
5176static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5177{
5178 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5179 pCtl->BmDma.pvAddr = val & ~3;
5180}
5181
5182static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5183{
5184 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5185 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5186
5187}
5188
5189static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5190{
5191 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5192 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5193}
5194
5195#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5196
5197/**
5198 * Port I/O Handler for bus master DMA IN operations.
5199 * @see FNIOMIOPORTIN for details.
5200 */
5201PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5202{
5203 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5204 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5205 PATACONTROLLER pCtl = &pThis->aCts[i];
5206 int rc;
5207
5208 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5209 if (rc != VINF_SUCCESS)
5210 return rc;
5211 switch (VAL(Port, cb))
5212 {
5213 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5214 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5215 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5216 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5217 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5218 case VAL(0, 4):
5219 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5220 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5221 break;
5222 default:
5223 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5224 PDMCritSectLeave(&pCtl->lock);
5225 return VERR_IOM_IOPORT_UNUSED;
5226 }
5227 PDMCritSectLeave(&pCtl->lock);
5228 return rc;
5229}
5230
5231/**
5232 * Port I/O Handler for bus master DMA OUT operations.
5233 * @see FNIOMIOPORTOUT for details.
5234 */
5235PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5236{
5237 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5238 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5239 PATACONTROLLER pCtl = &pThis->aCts[i];
5240 int rc;
5241
5242 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5243 if (rc != VINF_SUCCESS)
5244 return rc;
5245 switch (VAL(Port, cb))
5246 {
5247 case VAL(0, 1):
5248#ifndef IN_RING3
5249 if (u32 & BM_CMD_START)
5250 {
5251 rc = VINF_IOM_HC_IOPORT_WRITE;
5252 break;
5253 }
5254#endif /* !IN_RING3 */
5255 ataBMDMACmdWriteB(pCtl, Port, u32);
5256 break;
5257 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5258 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5259 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5260 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5261 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5262 }
5263 PDMCritSectLeave(&pCtl->lock);
5264 return rc;
5265}
5266
5267#undef VAL
5268
5269#ifdef IN_RING3
5270
5271/**
5272 * Callback function for mapping an PCI I/O region.
5273 *
5274 * @return VBox status code.
5275 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5276 * @param iRegion The region number.
5277 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5278 * I/O port, else it's a physical address.
5279 * This address is *NOT* relative to pci_mem_base like earlier!
5280 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5281 */
5282static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5283{
5284 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5285 int rc = VINF_SUCCESS;
5286 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5287 Assert(iRegion == 4);
5288 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5289
5290 /* Register the port range. */
5291 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5292 {
5293 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5294 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5295 AssertRC(rc2);
5296 if (rc2 < rc)
5297 rc = rc2;
5298
5299 if (pThis->fGCEnabled)
5300 {
5301 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5302 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5303 AssertRC(rc2);
5304 if (rc2 < rc)
5305 rc = rc2;
5306 }
5307 if (pThis->fR0Enabled)
5308 {
5309 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5310 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5311 AssertRC(rc2);
5312 if (rc2 < rc)
5313 rc = rc2;
5314 }
5315 }
5316 return rc;
5317}
5318
5319
5320/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5321
5322/**
5323 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5324 */
5325static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5326{
5327 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5328 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5329 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5330 return NULL;
5331}
5332
5333
5334/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5335
5336/**
5337 * Gets the pointer to the status LED of a unit.
5338 *
5339 * @returns VBox status code.
5340 * @param pInterface Pointer to the interface structure containing the called function pointer.
5341 * @param iLUN The unit which status LED we desire.
5342 * @param ppLed Where to store the LED pointer.
5343 */
5344static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5345{
5346 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5347 if (iLUN < 4)
5348 {
5349 switch (iLUN)
5350 {
5351 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5352 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5353 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5354 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5355 }
5356 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5357 return VINF_SUCCESS;
5358 }
5359 return VERR_PDM_LUN_NOT_FOUND;
5360}
5361
5362
5363/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5364
5365/**
5366 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5367 */
5368static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5369{
5370 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5371 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5372 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5373 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5374 return NULL;
5375}
5376
5377
5378/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5379
5380/**
5381 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5382 */
5383static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5384 uint32_t *piInstance, uint32_t *piLUN)
5385{
5386 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5387 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5388
5389 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5390 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5391 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5392
5393 *ppcszController = pDevIns->pReg->szName;
5394 *piInstance = pDevIns->iInstance;
5395 *piLUN = pIf->iLUN;
5396
5397 return VINF_SUCCESS;
5398}
5399#endif /* IN_RING3 */
5400
5401
5402/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5403
5404/**
5405 * Port I/O Handler for primary port range OUT operations.
5406 * @see FNIOMIOPORTOUT for details.
5407 */
5408PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5409{
5410 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5411 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5412 PATACONTROLLER pCtl = &pThis->aCts[i];
5413 int rc = VINF_SUCCESS;
5414
5415 Assert(i < 2);
5416
5417 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5418 if (rc != VINF_SUCCESS)
5419 return rc;
5420 if (cb == 1)
5421 rc = ataIOPortWriteU8(pCtl, Port, u32);
5422 else if (Port == pCtl->IOPortBase1)
5423 {
5424 Assert(cb == 2 || cb == 4);
5425 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5426 }
5427 else
5428 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5429 PDMCritSectLeave(&pCtl->lock);
5430 return rc;
5431}
5432
5433
5434/**
5435 * Port I/O Handler for primary port range IN operations.
5436 * @see FNIOMIOPORTIN for details.
5437 */
5438PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5439{
5440 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5441 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5442 PATACONTROLLER pCtl = &pThis->aCts[i];
5443 int rc = VINF_SUCCESS;
5444
5445 Assert(i < 2);
5446
5447 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5448 if (rc != VINF_SUCCESS)
5449 return rc;
5450 if (cb == 1)
5451 {
5452 rc = ataIOPortReadU8(pCtl, Port, pu32);
5453 }
5454 else if (Port == pCtl->IOPortBase1)
5455 {
5456 Assert(cb == 2 || cb == 4);
5457 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5458 if (cb == 2)
5459 *pu32 &= 0xffff;
5460 }
5461 else
5462 {
5463 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5464 rc = VERR_IOM_IOPORT_UNUSED;
5465 }
5466 PDMCritSectLeave(&pCtl->lock);
5467 return rc;
5468}
5469
5470#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5471/**
5472 * Port I/O Handler for primary port range IN string operations.
5473 * @see FNIOMIOPORTINSTRING for details.
5474 */
5475PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5476{
5477 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5478 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5479 PATACONTROLLER pCtl = &pThis->aCts[i];
5480 int rc = VINF_SUCCESS;
5481
5482 Assert(i < 2);
5483
5484 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5485 if (rc != VINF_SUCCESS)
5486 return rc;
5487 if (Port == pCtl->IOPortBase1)
5488 {
5489 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5490 RTGCPTR GCDst = *pGCPtrDst;
5491 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5492 Assert(cb == 2 || cb == 4);
5493
5494 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5495#ifndef IN_RING3
5496 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5497 if (!cTransAvailable)
5498 {
5499 PDMCritSectLeave(&pCtl->lock);
5500 return VINF_IOM_HC_IOPORT_READ;
5501 }
5502 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5503 cTransAvailable--;
5504#endif /* !IN_RING3 */
5505 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5506 * They are not performance-critical and generally shouldn't occur at all. */
5507 if (cTransAvailable > cTransfer)
5508 cTransAvailable = cTransfer;
5509 cbTransfer = cTransAvailable * cb;
5510
5511 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5512#ifndef IN_RING3
5513 /* Paranoia. */
5514 if (RT_FAILURE(rc))
5515 {
5516 PDMCritSectLeave(&pCtl->lock);
5517 AssertFailed();
5518 return VINF_IOM_HC_IOPORT_READ;
5519 }
5520#else
5521 Assert(rc == VINF_SUCCESS);
5522#endif
5523
5524 if (cbTransfer)
5525 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5526 s->iIOBufferPIODataStart += cbTransfer;
5527 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5528 *pcTransfer = cTransfer - cTransAvailable;
5529#ifdef IN_RING3
5530 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5531 ataPIOTransferFinish(pCtl, s);
5532#endif /* IN_RING3 */
5533 }
5534 PDMCritSectLeave(&pCtl->lock);
5535 return rc;
5536}
5537
5538
5539/**
5540 * Port I/O Handler for primary port range OUT string operations.
5541 * @see FNIOMIOPORTOUTSTRING for details.
5542 */
5543PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5544{
5545 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5546 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5547 PATACONTROLLER pCtl = &pThis->aCts[i];
5548 int rc;
5549
5550 Assert(i < 2);
5551
5552 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5553 if (rc != VINF_SUCCESS)
5554 return rc;
5555 if (Port == pCtl->IOPortBase1)
5556 {
5557 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5558 RTGCPTR GCSrc = *pGCPtrSrc;
5559 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5560 Assert(cb == 2 || cb == 4);
5561
5562 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5563#ifndef IN_RING3
5564 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5565 if (!cTransAvailable)
5566 {
5567 PDMCritSectLeave(&pCtl->lock);
5568 return VINF_IOM_HC_IOPORT_WRITE;
5569 }
5570 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5571 cTransAvailable--;
5572#endif /* !IN_RING3 */
5573 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5574 * They are not performance-critical and generally shouldn't occur at all. */
5575 if (cTransAvailable > cTransfer)
5576 cTransAvailable = cTransfer;
5577 cbTransfer = cTransAvailable * cb;
5578
5579 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5580#ifndef IN_RING3
5581 /* Paranoia. */
5582 if (RT_FAILURE(rc))
5583 {
5584 PDMCritSectLeave(&pCtl->lock);
5585 AssertFailed();
5586 return VINF_IOM_HC_IOPORT_WRITE;
5587 }
5588#else
5589 Assert(rc == VINF_SUCCESS);
5590#endif
5591
5592 if (cbTransfer)
5593 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5594 s->iIOBufferPIODataStart += cbTransfer;
5595 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5596 *pcTransfer = cTransfer - cTransAvailable;
5597#ifdef IN_RING3
5598 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5599 ataPIOTransferFinish(pCtl, s);
5600#endif /* IN_RING3 */
5601 }
5602 PDMCritSectLeave(&pCtl->lock);
5603 return rc;
5604}
5605#endif /* !IN_RING0 */
5606
5607/**
5608 * Port I/O Handler for secondary port range OUT operations.
5609 * @see FNIOMIOPORTOUT for details.
5610 */
5611PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5612{
5613 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5614 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5615 PATACONTROLLER pCtl = &pThis->aCts[i];
5616 int rc;
5617
5618 Assert(i < 2);
5619
5620 if (cb != 1)
5621 return VINF_SUCCESS;
5622 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5623 if (rc != VINF_SUCCESS)
5624 return rc;
5625 rc = ataControlWrite(pCtl, Port, u32);
5626 PDMCritSectLeave(&pCtl->lock);
5627 return rc;
5628}
5629
5630
5631/**
5632 * Port I/O Handler for secondary port range IN operations.
5633 * @see FNIOMIOPORTIN for details.
5634 */
5635PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5636{
5637 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5638 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5639 PATACONTROLLER pCtl = &pThis->aCts[i];
5640 int rc;
5641
5642 Assert(i < 2);
5643
5644 if (cb != 1)
5645 return VERR_IOM_IOPORT_UNUSED;
5646
5647 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5648 if (rc != VINF_SUCCESS)
5649 return rc;
5650 *pu32 = ataStatusRead(pCtl, Port);
5651 PDMCritSectLeave(&pCtl->lock);
5652 return VINF_SUCCESS;
5653}
5654
5655#ifdef IN_RING3
5656
5657
5658DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5659{
5660 if (s->pbIOBufferR3)
5661 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5662}
5663
5664
5665/**
5666 * @copydoc FNPDMDEVRELOCATE
5667 */
5668static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5669{
5670 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5671
5672 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5673 {
5674 pThis->aCts[i].pDevInsRC += offDelta;
5675 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5676 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5677 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5678 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5679 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5680 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5681 }
5682}
5683
5684
5685/**
5686 * Destroy a driver instance.
5687 *
5688 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5689 * resources can be freed correctly.
5690 *
5691 * @param pDevIns The device instance data.
5692 */
5693static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5694{
5695 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5696 int rc;
5697
5698 Log(("ataR3Destruct\n"));
5699 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
5700
5701 /*
5702 * Tell the async I/O threads to terminate.
5703 */
5704 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5705 {
5706 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5707 {
5708 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5709 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5710 AssertRC(rc);
5711 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5712 AssertRC(rc);
5713 }
5714 }
5715
5716 /*
5717 * Wait for the threads to terminate before destroying their resources.
5718 */
5719 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5720 {
5721 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5722 {
5723 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5724 if (RT_SUCCESS(rc))
5725 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5726 else
5727 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5728 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5729 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5730 }
5731 }
5732
5733 /*
5734 * Free resources.
5735 */
5736 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5737 {
5738 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5739 {
5740 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5741 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5742 }
5743 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5744 {
5745 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5746 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5747 }
5748 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5749 {
5750 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5751 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5752 }
5753
5754 /* try one final time */
5755 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5756 {
5757 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5758 if (RT_SUCCESS(rc))
5759 {
5760 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5761 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5762 }
5763 }
5764 }
5765
5766 return VINF_SUCCESS;
5767}
5768
5769
5770/**
5771 * Detach notification.
5772 *
5773 * The DVD drive has been unplugged.
5774 *
5775 * @param pDevIns The device instance.
5776 * @param iLUN The logical unit which is being detached.
5777 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5778 */
5779static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5780{
5781 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5782 PATACONTROLLER pCtl;
5783 ATADevState *pIf;
5784 unsigned iController;
5785 unsigned iInterface;
5786
5787 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5788 ("PIIX3IDE: Device does not support hotplugging\n"));
5789
5790 /*
5791 * Locate the controller and stuff.
5792 */
5793 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5794 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5795 pCtl = &pThis->aCts[iController];
5796
5797 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5798 pIf = &pCtl->aIfs[iInterface];
5799
5800 /*
5801 * Zero some important members.
5802 */
5803 pIf->pDrvBase = NULL;
5804 pIf->pDrvBlock = NULL;
5805 pIf->pDrvBlockBios = NULL;
5806 pIf->pDrvMount = NULL;
5807
5808 /*
5809 * In case there was a medium inserted.
5810 */
5811 ataMediumRemoved(pIf);
5812}
5813
5814
5815/**
5816 * Configure a LUN.
5817 *
5818 * @returns VBox status code.
5819 * @param pDevIns The device instance.
5820 * @param pIf The ATA unit state.
5821 */
5822static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5823{
5824 int rc = VINF_SUCCESS;
5825 PDMBLOCKTYPE enmType;
5826
5827 /*
5828 * Query Block, Bios and Mount interfaces.
5829 */
5830 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5831 if (!pIf->pDrvBlock)
5832 {
5833 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5834 return VERR_PDM_MISSING_INTERFACE;
5835 }
5836
5837 /** @todo implement the BIOS invisible code path. */
5838 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5839 if (!pIf->pDrvBlockBios)
5840 {
5841 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5842 return VERR_PDM_MISSING_INTERFACE;
5843 }
5844 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5845
5846 /*
5847 * Validate type.
5848 */
5849 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5850 if ( enmType != PDMBLOCKTYPE_CDROM
5851 && enmType != PDMBLOCKTYPE_DVD
5852 && enmType != PDMBLOCKTYPE_HARD_DISK)
5853 {
5854 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5855 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5856 }
5857 if ( ( enmType == PDMBLOCKTYPE_DVD
5858 || enmType == PDMBLOCKTYPE_CDROM)
5859 && !pIf->pDrvMount)
5860 {
5861 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5862 return VERR_INTERNAL_ERROR;
5863 }
5864 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5865 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5866
5867 /*
5868 * Allocate I/O buffer.
5869 */
5870 PVM pVM = PDMDevHlpGetVM(pDevIns);
5871 if (pIf->cbIOBuffer)
5872 {
5873 /* Buffer is (probably) already allocated. Validate the fields,
5874 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5875 if (pIf->fATAPI)
5876 AssertRelease(pIf->cbIOBuffer == _128K);
5877 else
5878 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5879 Assert(pIf->pbIOBufferR3);
5880 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5881 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5882 }
5883 else
5884 {
5885 if (pIf->fATAPI)
5886 pIf->cbIOBuffer = _128K;
5887 else
5888 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5889 Assert(!pIf->pbIOBufferR3);
5890 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5891 if (RT_FAILURE(rc))
5892 return VERR_NO_MEMORY;
5893 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5894 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5895 }
5896
5897 /*
5898 * Init geometry (only for non-CD/DVD media).
5899 */
5900 if (pIf->fATAPI)
5901 {
5902 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5903 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5904 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5905 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5906 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5907 }
5908 else
5909 {
5910 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5911 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5912 &pIf->PCHSGeometry);
5913 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5914 {
5915 pIf->PCHSGeometry.cCylinders = 0;
5916 pIf->PCHSGeometry.cHeads = 16; /*??*/
5917 pIf->PCHSGeometry.cSectors = 63; /*??*/
5918 }
5919 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5920 {
5921 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5922 rc = VINF_SUCCESS;
5923 }
5924 AssertRC(rc);
5925
5926 if ( pIf->PCHSGeometry.cCylinders == 0
5927 || pIf->PCHSGeometry.cHeads == 0
5928 || pIf->PCHSGeometry.cSectors == 0
5929 )
5930 {
5931 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5932 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5933 pIf->PCHSGeometry.cHeads = 16;
5934 pIf->PCHSGeometry.cSectors = 63;
5935 /* Set the disk geometry information. Ignore errors. */
5936 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5937 &pIf->PCHSGeometry);
5938 rc = VINF_SUCCESS;
5939 }
5940 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5941 }
5942 return rc;
5943}
5944
5945
5946/**
5947 * Attach command.
5948 *
5949 * This is called when we change block driver for the DVD drive.
5950 *
5951 * @returns VBox status code.
5952 * @param pDevIns The device instance.
5953 * @param iLUN The logical unit which is being detached.
5954 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5955 */
5956static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5957{
5958 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5959 PATACONTROLLER pCtl;
5960 ATADevState *pIf;
5961 int rc;
5962 unsigned iController;
5963 unsigned iInterface;
5964
5965 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5966 ("PIIX3IDE: Device does not support hotplugging\n"),
5967 VERR_INVALID_PARAMETER);
5968
5969 /*
5970 * Locate the controller and stuff.
5971 */
5972 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5973 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5974 pCtl = &pThis->aCts[iController];
5975
5976 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5977 pIf = &pCtl->aIfs[iInterface];
5978
5979 /* the usual paranoia */
5980 AssertRelease(!pIf->pDrvBase);
5981 AssertRelease(!pIf->pDrvBlock);
5982 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5983 Assert(pIf->iLUN == iLUN);
5984
5985 /*
5986 * Try attach the block device and get the interfaces,
5987 * required as well as optional.
5988 */
5989 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5990 if (RT_SUCCESS(rc))
5991 {
5992 rc = ataConfigLun(pDevIns, pIf);
5993 /*
5994 * In case there is a medium inserted.
5995 */
5996 ataMediumInserted(pIf);
5997 }
5998 else
5999 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6000
6001 if (RT_FAILURE(rc))
6002 {
6003 pIf->pDrvBase = NULL;
6004 pIf->pDrvBlock = NULL;
6005 }
6006 return rc;
6007}
6008
6009
6010/**
6011 * Resume notification.
6012 *
6013 * @returns VBox status.
6014 * @param pDevIns The device instance data.
6015 */
6016static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6017{
6018 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6019 int rc;
6020
6021 Log(("%s:\n", __FUNCTION__));
6022 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6023 {
6024 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6025 {
6026 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6027 AssertRC(rc);
6028 }
6029 }
6030 return;
6031}
6032
6033
6034/**
6035 * Checks if all (both) the async I/O threads have quiesced.
6036 *
6037 * @returns true on success.
6038 * @returns false when one or more threads is still processing.
6039 * @param pThis Pointer to the instance data.
6040 */
6041static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6042{
6043 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6044
6045 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6046 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6047 {
6048 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6049 if (!fRc)
6050 {
6051 /* Make it signal PDM & itself when its done */
6052 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6053 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6054 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6055 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6056 if (!fRc)
6057 {
6058#if 0 /** @todo Need to do some time tracking here... */
6059 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6060 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6061 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6062#endif
6063 return false;
6064 }
6065 }
6066 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6067 }
6068 return true;
6069}
6070
6071
6072/**
6073 * Callback employed by ataSuspend and ataR3PowerOff.
6074 *
6075 * @returns true if we've quiesced, false if we're still working.
6076 * @param pDevIns The device instance.
6077 */
6078static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6079{
6080 return ataR3AllAsyncIOIsIdle(pDevIns);
6081}
6082
6083
6084/**
6085 * Common worker for ataSuspend and ataR3PowerOff.
6086 */
6087static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6088{
6089 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6090 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6091}
6092
6093
6094/**
6095 * Power Off notification.
6096 *
6097 * @returns VBox status.
6098 * @param pDevIns The device instance data.
6099 */
6100static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6101{
6102 Log(("%s:\n", __FUNCTION__));
6103 ataR3SuspendOrPowerOff(pDevIns);
6104}
6105
6106
6107/**
6108 * Suspend notification.
6109 *
6110 * @returns VBox status.
6111 * @param pDevIns The device instance data.
6112 */
6113static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6114{
6115 Log(("%s:\n", __FUNCTION__));
6116 ataR3SuspendOrPowerOff(pDevIns);
6117}
6118
6119
6120/**
6121 * Callback employed by ataR3Reset.
6122 *
6123 * @returns true if we've quiesced, false if we're still working.
6124 * @param pDevIns The device instance.
6125 */
6126static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6127{
6128 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6129
6130 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6131 return false;
6132
6133 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6134 {
6135 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6136 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6137 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6138 PDMCritSectLeave(&pThis->aCts[i].lock);
6139 }
6140 return true;
6141}
6142
6143
6144/**
6145 * Common reset worker for ataR3Reset and ataR3Construct.
6146 *
6147 * @returns VBox status.
6148 * @param pDevIns The device instance data.
6149 * @param fConstruct Indicates who is calling.
6150 */
6151static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6152{
6153 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6154
6155 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6156 {
6157 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6158
6159 pThis->aCts[i].iSelectedIf = 0;
6160 pThis->aCts[i].iAIOIf = 0;
6161 pThis->aCts[i].BmDma.u8Cmd = 0;
6162 /* Report that both drives present on the bus are in DMA mode. This
6163 * pretends that there is a BIOS that has set it up. Normal reset
6164 * default is 0x00. */
6165 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6166 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6167 pThis->aCts[i].BmDma.pvAddr = 0;
6168
6169 pThis->aCts[i].fReset = true;
6170 pThis->aCts[i].fRedo = false;
6171 pThis->aCts[i].fRedoIdle = false;
6172 ataAsyncIOClearRequests(&pThis->aCts[i]);
6173 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6174 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6175 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6176
6177 PDMCritSectLeave(&pThis->aCts[i].lock);
6178 }
6179
6180 int rcRet = VINF_SUCCESS;
6181 if (!fConstruct)
6182 {
6183 /*
6184 * Setup asynchronous notification completion if the requests haven't
6185 * completed yet.
6186 */
6187 if (!ataR3IsAsyncResetDone(pDevIns))
6188 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6189 }
6190 else
6191 {
6192 /*
6193 * Wait for the requests for complete.
6194 *
6195 * Would be real nice if we could do it all from EMT(0) and not
6196 * involve the worker threads, then we could dispense with all the
6197 * waiting and semaphore ping-pong here...
6198 */
6199 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6200 {
6201 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6202 {
6203 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6204 AssertRC(rc);
6205
6206 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6207 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6208 AssertRC(rc);
6209
6210 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6211 AssertRC(rc);
6212
6213 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6214 {
6215 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6216 if (RT_FAILURE(rc))
6217 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6218 if (RT_FAILURE(rc))
6219 {
6220 AssertRC(rc);
6221 rcRet = rc;
6222 }
6223 }
6224 }
6225 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6226 }
6227 if (RT_SUCCESS(rcRet))
6228 {
6229 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6230 AssertRC(rcRet);
6231 }
6232 }
6233 return rcRet;
6234}
6235
6236
6237/**
6238 * Reset notification.
6239 *
6240 * @param pDevIns The device instance data.
6241 */
6242static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6243{
6244 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6245}
6246
6247
6248/**
6249 * Prepare state save and load operation.
6250 *
6251 * @returns VBox status code.
6252 * @param pDevIns Device instance of the device which registered the data unit.
6253 * @param pSSM SSM operation handle.
6254 */
6255static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6256{
6257 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6258
6259 /* sanity - the suspend notification will wait on the async stuff. */
6260 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6261 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6262 ("i=%u\n", i),
6263 VERR_SSM_IDE_ASYNC_TIMEOUT);
6264 return VINF_SUCCESS;
6265}
6266
6267/**
6268 * @copydoc FNSSMDEVLIVEEXEC
6269 */
6270static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6271{
6272 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6273
6274 SSMR3PutU8(pSSM, pThis->u8Type);
6275 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6276 {
6277 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6278 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6279 {
6280 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6281 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6282 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6283 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6284 }
6285 }
6286
6287 return VINF_SSM_DONT_CALL_AGAIN;
6288}
6289
6290
6291/**
6292 * @copydoc FNSSMDEVSAVEEXEC
6293 */
6294static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6295{
6296 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6297
6298 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6299
6300 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6301 {
6302 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6303 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6304 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6305 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6306 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6307 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6308 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6309 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6310 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6311 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6312 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6313 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6314 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6315
6316 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6317 {
6318 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6319 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6320 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6321 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6322 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6323 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6324 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6325 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6326 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6327 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6328 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6329 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6330 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6331 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6332 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6333 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6334 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6335 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6336 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6337 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6338 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6339 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6340 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6341 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6342 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6343 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6344 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6345 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6346 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6347 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6348 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6349 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6350 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6351 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6352 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6353 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6354 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6355 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6356 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6357 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6358 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6359 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6360 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6361 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6362 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6363 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6364 else
6365 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6366 }
6367 }
6368
6369 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6370}
6371
6372/**
6373 * Converts the LUN number into a message string.
6374 */
6375static const char *ataStringifyLun(unsigned iLun)
6376{
6377 switch (iLun)
6378 {
6379 case 0: return "primary master";
6380 case 1: return "primary slave";
6381 case 2: return "secondary master";
6382 case 3: return "secondary slave";
6383 default: AssertFailedReturn("unknown lun");
6384 }
6385}
6386
6387/**
6388 * FNSSMDEVLOADEXEC
6389 */
6390static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6391{
6392 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6393 int rc;
6394 uint32_t u32;
6395
6396 if ( uVersion != ATA_SAVED_STATE_VERSION
6397 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6398 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6399 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6400 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6401 {
6402 AssertMsgFailed(("uVersion=%d\n", uVersion));
6403 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6404 }
6405
6406 /*
6407 * Verify the configuration.
6408 */
6409 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6410 {
6411 uint8_t u8Type;
6412 rc = SSMR3GetU8(pSSM, &u8Type);
6413 AssertRCReturn(rc, rc);
6414 if (u8Type != pThis->u8Type)
6415 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6416
6417 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6418 {
6419 bool fEnabled;
6420 rc = SSMR3GetBool(pSSM, &fEnabled);
6421 AssertRCReturn(rc, rc);
6422 if (!fEnabled)
6423 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6424
6425 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6426 {
6427 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6428
6429 bool fInUse;
6430 rc = SSMR3GetBool(pSSM, &fInUse);
6431 AssertRCReturn(rc, rc);
6432 if (fInUse != (pIf->pDrvBase != NULL))
6433 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6434 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6435 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6436
6437 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6438 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6439 AssertRCReturn(rc, rc);
6440 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6441 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6442 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6443
6444 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6445 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6446 AssertRCReturn(rc, rc);
6447 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6448 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6449 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6450
6451 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6452 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6453 AssertRCReturn(rc, rc);
6454 if (strcmp(szModelNumber, pIf->szModelNumber))
6455 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6456 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6457 }
6458 }
6459 }
6460 if (uPass != SSM_PASS_FINAL)
6461 return VINF_SUCCESS;
6462
6463 /*
6464 * Restore valid parts of the PCIATAState structure
6465 */
6466 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6467 {
6468 /* integrity check */
6469 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6470 {
6471 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6472 return VERR_INTERNAL_ERROR_4;
6473 }
6474
6475 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6476 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6477 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6478 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6479 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6480 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6481 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6482 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6483 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6484 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6485 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6486 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6487 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6488
6489 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6490 {
6491 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6492 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6493 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6494 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6495 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6496 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6497 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6498 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6499 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6500 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6501 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6502 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6503 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6504 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6505 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6506 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6507 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6508 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6509 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6510 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6511 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6512 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6513 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6514 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6515 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6516 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6517 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6518 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6519 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6520 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6521 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6522 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6523 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6524 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6525 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6526 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6527 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6528 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6529 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6530 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6531 {
6532 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6533 }
6534 else
6535 {
6536 uint8_t uATAPISenseKey, uATAPIASC;
6537 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6538 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6539 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6540 SSMR3GetU8(pSSM, &uATAPISenseKey);
6541 SSMR3GetU8(pSSM, &uATAPIASC);
6542 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6543 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6544 }
6545 /** @todo triple-check this hack after passthrough is working */
6546 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6547 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6548 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6549 else
6550 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6551 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6552 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6553 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6554 {
6555 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6556 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6557 else
6558 {
6559 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6560 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6561 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6562
6563 /* skip the buffer if we're loading for the debugger / animator. */
6564 uint8_t u8Ignored;
6565 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6566 while (cbLeft-- > 0)
6567 SSMR3GetU8(pSSM, &u8Ignored);
6568 }
6569 }
6570 else
6571 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6572 }
6573 }
6574 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6575 SSMR3GetU8(pSSM, &pThis->u8Type);
6576
6577 rc = SSMR3GetU32(pSSM, &u32);
6578 if (RT_FAILURE(rc))
6579 return rc;
6580 if (u32 != ~0U)
6581 {
6582 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6583 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6584 return rc;
6585 }
6586
6587 return VINF_SUCCESS;
6588}
6589
6590/**
6591 * Convert config value to DEVPCBIOSBOOT.
6592 *
6593 * @returns VBox status code.
6594 * @param pDevIns The device instance data.
6595 * @param pCfg Configuration handle.
6596 * @param penmChipset Where to store the chipset type.
6597 */
6598static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
6599{
6600 char szType[20];
6601
6602 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
6603 if (RT_FAILURE(rc))
6604 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6605 N_("Configuration error: Querying \"Type\" as a string failed"));
6606 if (!strcmp(szType, "PIIX3"))
6607 *penmChipset = CHIPSET_PIIX3;
6608 else if (!strcmp(szType, "PIIX4"))
6609 *penmChipset = CHIPSET_PIIX4;
6610 else if (!strcmp(szType, "ICH6"))
6611 *penmChipset = CHIPSET_ICH6;
6612 else
6613 {
6614 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6615 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6616 szType);
6617 rc = VERR_INTERNAL_ERROR;
6618 }
6619 return rc;
6620}
6621
6622
6623/**
6624 * @interface_method_impl{PDMDEVREG,pfnConstruct}
6625 */
6626static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
6627{
6628 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6629 PPDMIBASE pBase;
6630 int rc;
6631 bool fGCEnabled;
6632 bool fR0Enabled;
6633 uint32_t DelayIRQMillies;
6634
6635 Assert(iInstance == 0);
6636 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
6637
6638 /*
6639 * Initialize NIL handle values (for the destructor).
6640 */
6641 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6642 {
6643 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6644 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6645 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6646 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6647 }
6648
6649 /*
6650 * Validate and read configuration.
6651 */
6652 if (!CFGMR3AreValuesValid(pCfg,
6653 "GCEnabled\0"
6654 "R0Enabled\0"
6655 "IRQDelay\0"
6656 "Type\0")
6657 /** @todo || invalid keys */)
6658 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6659 N_("PIIX3 configuration error: unknown option specified"));
6660
6661 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
6662 if (RT_FAILURE(rc))
6663 return PDMDEV_SET_ERROR(pDevIns, rc,
6664 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6665 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6666
6667 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
6668 if (RT_FAILURE(rc))
6669 return PDMDEV_SET_ERROR(pDevIns, rc,
6670 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6671 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6672
6673 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
6674 if (RT_FAILURE(rc))
6675 return PDMDEV_SET_ERROR(pDevIns, rc,
6676 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6677 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6678 Assert(DelayIRQMillies < 50);
6679
6680 CHIPSET enmChipset = CHIPSET_PIIX3;
6681 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
6682 if (RT_FAILURE(rc))
6683 return rc;
6684 pThis->u8Type = (uint8_t)enmChipset;
6685
6686 /*
6687 * Initialize data (most of it anyway).
6688 */
6689 /* Status LUN. */
6690 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6691 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6692
6693 /* PCI configuration space. */
6694 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6695
6696 /*
6697 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6698 * as it explicitly checks for PCI id for IDE controllers.
6699 */
6700 switch (pThis->u8Type)
6701 {
6702 case CHIPSET_ICH6:
6703 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6704 /** @todo: do we need it? Do we need anything else? */
6705 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6706 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6707 pThis->dev.config[0x4B] = 0x00;
6708 {
6709 /*
6710 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6711 * Report
6712 * WR_Ping-Pong_EN: must be set
6713 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6714 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6715 */
6716 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6717 pThis->dev.config[0x54] = u16Config & 0xff;
6718 pThis->dev.config[0x55] = u16Config >> 8;
6719 }
6720 break;
6721 case CHIPSET_PIIX4:
6722 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6723 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6724 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6725 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6726 pThis->dev.config[0x4B] = 0x00;
6727 break;
6728 case CHIPSET_PIIX3:
6729 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6730 break;
6731 default:
6732 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6733 }
6734
6735 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6736 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6737 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6738 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6739 PCIDevSetHeaderType(&pThis->dev, 0x00);
6740
6741 pThis->pDevIns = pDevIns;
6742 pThis->fGCEnabled = fGCEnabled;
6743 pThis->fR0Enabled = fR0Enabled;
6744 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6745 {
6746 pThis->aCts[i].pDevInsR3 = pDevIns;
6747 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6748 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6749 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6750 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6751 {
6752 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6753
6754 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6755 pIf->pDevInsR3 = pDevIns;
6756 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6757 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6758 pIf->pControllerR3 = &pThis->aCts[i];
6759 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6760 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6761 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6762 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6763 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6764 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
6765 pIf->Led.u32Magic = PDMLED_MAGIC;
6766 }
6767 }
6768
6769 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6770 pThis->aCts[0].irq = 14;
6771 pThis->aCts[0].IOPortBase1 = 0x1f0;
6772 pThis->aCts[0].IOPortBase2 = 0x3f6;
6773 pThis->aCts[1].irq = 15;
6774 pThis->aCts[1].IOPortBase1 = 0x170;
6775 pThis->aCts[1].IOPortBase2 = 0x376;
6776
6777 /*
6778 * Register the PCI device.
6779 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6780 * device the slot next to itself.
6781 */
6782 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6783 if (RT_FAILURE(rc))
6784 return PDMDEV_SET_ERROR(pDevIns, rc,
6785 N_("PIIX3 cannot register PCI device"));
6786 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6787 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6788 if (RT_FAILURE(rc))
6789 return PDMDEV_SET_ERROR(pDevIns, rc,
6790 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6791
6792 /*
6793 * Register the I/O ports.
6794 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6795 */
6796 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6797 {
6798 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6799 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6800 if (RT_FAILURE(rc))
6801 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6802
6803 if (fGCEnabled)
6804 {
6805 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6806 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6807 if (RT_FAILURE(rc))
6808 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6809 }
6810
6811 if (fR0Enabled)
6812 {
6813#if 1
6814 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6815 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6816#else
6817 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6818 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6819#endif
6820 if (RT_FAILURE(rc))
6821 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6822 }
6823
6824 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6825 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6826 if (RT_FAILURE(rc))
6827 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6828
6829 if (fGCEnabled)
6830 {
6831 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6832 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6833 if (RT_FAILURE(rc))
6834 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6835 }
6836 if (fR0Enabled)
6837 {
6838 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6839 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6840 if (RT_FAILURE(rc))
6841 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6842 }
6843
6844 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6845 {
6846 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6847 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6848 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6849 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6850 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6851 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6852 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
6853 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6854 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
6855#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6856 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6857 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
6858#endif
6859 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6860 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
6861#ifdef VBOX_INSTRUMENT_DMA_WRITES
6862 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6863 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
6864#endif
6865#ifdef VBOX_WITH_STATISTICS
6866 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6867 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
6868#endif
6869 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6870 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
6871#ifdef VBOX_WITH_STATISTICS
6872 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6873 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
6874#endif
6875 }
6876#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6877 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6878 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
6879 /** @todo STAMUNIT_MICROSECS */
6880 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6881 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
6882 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6883 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
6884 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6885 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
6886 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6887 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
6888 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6889 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
6890#endif /* VBOX_WITH_STATISTICS */
6891
6892 /* Initialize per-controller critical section */
6893 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
6894 if (RT_FAILURE(rc))
6895 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6896 }
6897
6898 /*
6899 * Attach status driver (optional).
6900 */
6901 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6902 if (RT_SUCCESS(rc))
6903 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
6904 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6905 {
6906 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6907 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6908 }
6909
6910 /*
6911 * Attach the units.
6912 */
6913 uint32_t cbTotalBuffer = 0;
6914 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6915 {
6916 PATACONTROLLER pCtl = &pThis->aCts[i];
6917
6918 /*
6919 * Start the worker thread.
6920 */
6921 pCtl->uAsyncIOState = ATA_AIO_NEW;
6922 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6923 AssertLogRelRCReturn(rc, rc);
6924 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6925 AssertLogRelRCReturn(rc, rc);
6926 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6927 AssertLogRelRCReturn(rc, rc);
6928 ataAsyncIOClearRequests(pCtl);
6929 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
6930 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6931 AssertLogRelRCReturn(rc, rc);
6932 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6933 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6934
6935 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6936 {
6937 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6938 {
6939 { "Primary Master", "Primary Slave" },
6940 { "Secondary Master", "Secondary Slave" }
6941 };
6942
6943 /*
6944 * Try attach the block device and get the interfaces,
6945 * required as well as optional.
6946 */
6947 ATADevState *pIf = &pCtl->aIfs[j];
6948
6949 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6950 if (RT_SUCCESS(rc))
6951 {
6952 rc = ataConfigLun(pDevIns, pIf);
6953 if (RT_SUCCESS(rc))
6954 {
6955 /*
6956 * Init vendor product data.
6957 */
6958 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6959 {
6960 { "PrimaryMaster", "PrimarySlave" },
6961 { "SecondaryMaster", "SecondarySlave" }
6962 };
6963
6964 /* Generate a default serial number. */
6965 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6966 RTUUID Uuid;
6967 if (pIf->pDrvBlock)
6968 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6969 else
6970 RTUuidClear(&Uuid);
6971
6972 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6973 {
6974 /* Generate a predictable serial for drives which don't have a UUID. */
6975 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6976 pIf->iLUN + pDevIns->iInstance * 32,
6977 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6978 }
6979 else
6980 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6981
6982 /* Get user config if present using defaults otherwise. */
6983 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
6984 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6985 szSerial);
6986 if (RT_FAILURE(rc))
6987 {
6988 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6989 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6990 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6991 return PDMDEV_SET_ERROR(pDevIns, rc,
6992 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6993 }
6994
6995 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6996 "1.0");
6997 if (RT_FAILURE(rc))
6998 {
6999 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7000 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7001 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7002 return PDMDEV_SET_ERROR(pDevIns, rc,
7003 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7004 }
7005
7006 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7007 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7008 if (RT_FAILURE(rc))
7009 {
7010 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7011 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7012 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7013 return PDMDEV_SET_ERROR(pDevIns, rc,
7014 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7015 }
7016
7017 /* There are three other identification strings for CD drives used for INQUIRY */
7018 if (pIf->fATAPI)
7019 {
7020 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7021 "VBOX");
7022 if (RT_FAILURE(rc))
7023 {
7024 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7025 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7026 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7027 return PDMDEV_SET_ERROR(pDevIns, rc,
7028 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7029 }
7030
7031 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7032 "CD-ROM");
7033 if (RT_FAILURE(rc))
7034 {
7035 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7036 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7037 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7038 return PDMDEV_SET_ERROR(pDevIns, rc,
7039 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7040 }
7041
7042 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7043 "1.0");
7044 if (RT_FAILURE(rc))
7045 {
7046 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7047 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7048 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7049 return PDMDEV_SET_ERROR(pDevIns, rc,
7050 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7051 }
7052 }
7053 }
7054
7055 }
7056 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7057 {
7058 pIf->pDrvBase = NULL;
7059 pIf->pDrvBlock = NULL;
7060 pIf->cbIOBuffer = 0;
7061 pIf->pbIOBufferR3 = NULL;
7062 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7063 pIf->pbIOBufferRC = NIL_RTGCPTR;
7064 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7065 }
7066 else
7067 {
7068 switch (rc)
7069 {
7070 case VERR_ACCESS_DENIED:
7071 /* Error already cached by DrvHostBase */
7072 return rc;
7073 default:
7074 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7075 N_("PIIX3 cannot attach drive to the %s"),
7076 s_apszDescs[i][j]);
7077 }
7078 }
7079 cbTotalBuffer += pIf->cbIOBuffer;
7080 }
7081 }
7082
7083 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7084 NULL, ataLiveExec, NULL,
7085 ataSaveLoadPrep, ataSaveExec, NULL,
7086 ataSaveLoadPrep, ataLoadExec, NULL);
7087 if (RT_FAILURE(rc))
7088 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7089
7090 /*
7091 * Initialize the device state.
7092 */
7093 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7094}
7095
7096
7097/**
7098 * The device registration structure.
7099 */
7100const PDMDEVREG g_DevicePIIX3IDE =
7101{
7102 /* u32Version */
7103 PDM_DEVREG_VERSION,
7104 /* szName */
7105 "piix3ide",
7106 /* szRCMod */
7107 "VBoxDDGC.gc",
7108 /* szR0Mod */
7109 "VBoxDDR0.r0",
7110 /* pszDescription */
7111 "Intel PIIX3 ATA controller.\n"
7112 " LUN #0 is primary master.\n"
7113 " LUN #1 is primary slave.\n"
7114 " LUN #2 is secondary master.\n"
7115 " LUN #3 is secondary slave.\n"
7116 " LUN #999 is the LED/Status connector.",
7117 /* fFlags */
7118 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7119 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7120 /* fClass */
7121 PDM_DEVREG_CLASS_STORAGE,
7122 /* cMaxInstances */
7123 1,
7124 /* cbInstance */
7125 sizeof(PCIATAState),
7126 /* pfnConstruct */
7127 ataR3Construct,
7128 /* pfnDestruct */
7129 ataR3Destruct,
7130 /* pfnRelocate */
7131 ataR3Relocate,
7132 /* pfnIOCtl */
7133 NULL,
7134 /* pfnPowerOn */
7135 NULL,
7136 /* pfnReset */
7137 ataR3Reset,
7138 /* pfnSuspend */
7139 ataR3Suspend,
7140 /* pfnResume */
7141 ataR3Resume,
7142 /* pfnAttach */
7143 ataR3Attach,
7144 /* pfnDetach */
7145 ataR3Detach,
7146 /* pfnQueryInterface. */
7147 NULL,
7148 /* pfnInitComplete */
7149 NULL,
7150 /* pfnPowerOff */
7151 ataR3PowerOff,
7152 /* pfnSoftReset */
7153 NULL,
7154 /* u32VersionEnd */
7155 PDM_DEVREG_VERSION
7156};
7157#endif /* IN_RING3 */
7158#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette