VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 36920

Last change on this file since 36920 was 36912, checked in by vboxsync, 14 years ago

gcc-4.6 -Werror=int-to-pointer-cast fixes
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 277.2 KB
Line 
1/* $Id: DevATA.cpp 36912 2011-05-02 14:23:01Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "VBoxDD.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/* Media track type */
102#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
103#define ATA_MEDIA_TYPE_DATA 1 /**< Data CD */
104#define ATA_MEDIA_TYPE_CDDA 2 /**< CD-DA (audio) CD type */
105
106/**
107 * Length of the configurable VPD data (without termination)
108 */
109#define ATA_SERIAL_NUMBER_LENGTH 20
110#define ATA_FIRMWARE_REVISION_LENGTH 8
111#define ATA_MODEL_NUMBER_LENGTH 40
112#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
113#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
114#define ATAPI_INQUIRY_REVISION_LENGTH 4
115
116/*******************************************************************************
117* Structures and Typedefs *
118*******************************************************************************/
119/**
120 * The state of an ATA device.
121 *
122 * @implements PDMIBASE
123 * @implements PDMIBLOCKPORT
124 * @implements PDMIMOUNTNOTIFY
125 */
126typedef struct ATADevState
127{
128 /** Flag indicating whether the current command uses LBA48 mode. */
129 bool fLBA48;
130 /** Flag indicating whether this drive implements the ATAPI command set. */
131 bool fATAPI;
132 /** Set if this interface has asserted the IRQ. */
133 bool fIrqPending;
134 /** Currently configured number of sectors in a multi-sector transfer. */
135 uint8_t cMultSectors;
136 /** PCHS disk geometry. */
137 PDMMEDIAGEOMETRY PCHSGeometry;
138 /** Total number of sectors on this disk. */
139 uint64_t cTotalSectors;
140 /** Number of sectors to transfer per IRQ. */
141 uint32_t cSectorsPerIRQ;
142
143 /** ATA/ATAPI register 1: feature (write-only). */
144 uint8_t uATARegFeature;
145 /** ATA/ATAPI register 1: feature, high order byte. */
146 uint8_t uATARegFeatureHOB;
147 /** ATA/ATAPI register 1: error (read-only). */
148 uint8_t uATARegError;
149 /** ATA/ATAPI register 2: sector count (read/write). */
150 uint8_t uATARegNSector;
151 /** ATA/ATAPI register 2: sector count, high order byte. */
152 uint8_t uATARegNSectorHOB;
153 /** ATA/ATAPI register 3: sector (read/write). */
154 uint8_t uATARegSector;
155 /** ATA/ATAPI register 3: sector, high order byte. */
156 uint8_t uATARegSectorHOB;
157 /** ATA/ATAPI register 4: cylinder low (read/write). */
158 uint8_t uATARegLCyl;
159 /** ATA/ATAPI register 4: cylinder low, high order byte. */
160 uint8_t uATARegLCylHOB;
161 /** ATA/ATAPI register 5: cylinder high (read/write). */
162 uint8_t uATARegHCyl;
163 /** ATA/ATAPI register 5: cylinder high, high order byte. */
164 uint8_t uATARegHCylHOB;
165 /** ATA/ATAPI register 6: select drive/head (read/write). */
166 uint8_t uATARegSelect;
167 /** ATA/ATAPI register 7: status (read-only). */
168 uint8_t uATARegStatus;
169 /** ATA/ATAPI register 7: command (write-only). */
170 uint8_t uATARegCommand;
171 /** ATA/ATAPI drive control register (write-only). */
172 uint8_t uATARegDevCtl;
173
174 /** Currently active transfer mode (MDMA/UDMA) and speed. */
175 uint8_t uATATransferMode;
176 /** Current transfer direction. */
177 uint8_t uTxDir;
178 /** Index of callback for begin transfer. */
179 uint8_t iBeginTransfer;
180 /** Index of callback for source/sink of data. */
181 uint8_t iSourceSink;
182 /** Flag indicating whether the current command transfers data in DMA mode. */
183 bool fDMA;
184 /** Set to indicate that ATAPI transfer semantics must be used. */
185 bool fATAPITransfer;
186
187 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbTotalTransfer;
189 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
190 uint32_t cbElementaryTransfer;
191 /** Current read/write buffer position, shared PIO/DMA. */
192 uint32_t iIOBufferCur;
193 /** First element beyond end of valid buffer content, shared PIO/DMA. */
194 uint32_t iIOBufferEnd;
195
196 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataStart;
198 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
199 uint32_t iIOBufferPIODataEnd;
200
201 /** ATAPI current LBA position. */
202 uint32_t iATAPILBA;
203 /** ATAPI current sector size. */
204 uint32_t cbATAPISector;
205 /** ATAPI current command. */
206 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
207 /** ATAPI sense data. */
208 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
209 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
210 uint8_t cNotifiedMediaChange;
211 /** The same for GET_EVENT_STATUS for mechanism */
212 volatile uint32_t MediaEventStatus;
213
214 /** Media type if known. */
215 volatile uint32_t MediaTrackType;
216
217 /** The status LED state for this drive. */
218 PDMLED Led;
219
220 /** Size of I/O buffer. */
221 uint32_t cbIOBuffer;
222 /** Pointer to the I/O buffer. */
223 R3PTRTYPE(uint8_t *) pbIOBufferR3;
224 /** Pointer to the I/O buffer. */
225 R0PTRTYPE(uint8_t *) pbIOBufferR0;
226 /** Pointer to the I/O buffer. */
227 RCPTRTYPE(uint8_t *) pbIOBufferRC;
228
229 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
230
231 /*
232 * No data that is part of the saved state after this point!!!!!
233 */
234
235 /* Release statistics: number of ATA DMA commands. */
236 STAMCOUNTER StatATADMA;
237 /* Release statistics: number of ATA PIO commands. */
238 STAMCOUNTER StatATAPIO;
239 /* Release statistics: number of ATAPI PIO commands. */
240 STAMCOUNTER StatATAPIDMA;
241 /* Release statistics: number of ATAPI PIO commands. */
242 STAMCOUNTER StatATAPIPIO;
243#ifdef VBOX_INSTRUMENT_DMA_WRITES
244 /* Release statistics: number of DMA sector writes and the time spent. */
245 STAMPROFILEADV StatInstrVDWrites;
246#endif
247
248 /** Statistics: number of read operations and the time spent reading. */
249 STAMPROFILEADV StatReads;
250 /** Statistics: number of bytes read. */
251 STAMCOUNTER StatBytesRead;
252 /** Statistics: number of write operations and the time spent writing. */
253 STAMPROFILEADV StatWrites;
254 /** Statistics: number of bytes written. */
255 STAMCOUNTER StatBytesWritten;
256 /** Statistics: number of flush operations and the time spend flushing. */
257 STAMPROFILE StatFlushes;
258
259 /** Enable passing through commands directly to the ATAPI drive. */
260 bool fATAPIPassthrough;
261 /** Number of errors we've reported to the release log.
262 * This is to prevent flooding caused by something going horribly wrong.
263 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
264 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
265 uint32_t cErrors;
266 /** Timestamp of last started command. 0 if no command pending. */
267 uint64_t u64CmdTS;
268
269 /** Pointer to the attached driver's base interface. */
270 R3PTRTYPE(PPDMIBASE) pDrvBase;
271 /** Pointer to the attached driver's block interface. */
272 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
273 /** Pointer to the attached driver's block bios interface. */
274 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
275 /** Pointer to the attached driver's mount interface.
276 * This is NULL if the driver isn't a removable unit. */
277 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
278 /** The base interface. */
279 PDMIBASE IBase;
280 /** The block port interface. */
281 PDMIBLOCKPORT IPort;
282 /** The mount notify interface. */
283 PDMIMOUNTNOTIFY IMountNotify;
284 /** The LUN #. */
285 RTUINT iLUN;
286 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
287 /** Pointer to device instance. */
288 PPDMDEVINSR3 pDevInsR3;
289 /** Pointer to controller instance. */
290 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
291 /** Pointer to device instance. */
292 PPDMDEVINSR0 pDevInsR0;
293 /** Pointer to controller instance. */
294 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
295 /** Pointer to device instance. */
296 PPDMDEVINSRC pDevInsRC;
297 /** Pointer to controller instance. */
298 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
299
300 /** The serial number to use for IDENTIFY DEVICE commands. */
301 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
302 /** The firmware revision to use for IDENTIFY DEVICE commands. */
303 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
304 /** The model number to use for IDENTIFY DEVICE commands. */
305 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
306 /** The vendor identification string for SCSI INQUIRY commands. */
307 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
308 /** The product identification string for SCSI INQUIRY commands. */
309 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
310 /** The revision string for SCSI INQUIRY commands. */
311 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
312
313 uint8_t abAlignment3[7];
314} ATADevState;
315AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
316AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
317AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
318AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
319AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
320AssertCompileSizeAlignment(ATADevState, 8);
321
322
323typedef struct ATATransferRequest
324{
325 uint8_t iIf;
326 uint8_t iBeginTransfer;
327 uint8_t iSourceSink;
328 uint32_t cbTotalTransfer;
329 uint8_t uTxDir;
330} ATATransferRequest;
331
332
333typedef struct ATAAbortRequest
334{
335 uint8_t iIf;
336 bool fResetDrive;
337} ATAAbortRequest;
338
339
340typedef enum
341{
342 /** Begin a new transfer. */
343 ATA_AIO_NEW = 0,
344 /** Continue a DMA transfer. */
345 ATA_AIO_DMA,
346 /** Continue a PIO transfer. */
347 ATA_AIO_PIO,
348 /** Reset the drives on current controller, stop all transfer activity. */
349 ATA_AIO_RESET_ASSERTED,
350 /** Reset the drives on current controller, resume operation. */
351 ATA_AIO_RESET_CLEARED,
352 /** Abort the current transfer of a particular drive. */
353 ATA_AIO_ABORT
354} ATAAIO;
355
356
357typedef struct ATARequest
358{
359 ATAAIO ReqType;
360 union
361 {
362 ATATransferRequest t;
363 ATAAbortRequest a;
364 } u;
365} ATARequest;
366
367
368typedef struct ATACONTROLLER
369{
370 /** The base of the first I/O Port range. */
371 RTIOPORT IOPortBase1;
372 /** The base of the second I/O Port range. (0 if none) */
373 RTIOPORT IOPortBase2;
374 /** The assigned IRQ. */
375 RTUINT irq;
376 /** Access critical section */
377 PDMCRITSECT lock;
378
379 /** Selected drive. */
380 uint8_t iSelectedIf;
381 /** The interface on which to handle async I/O. */
382 uint8_t iAIOIf;
383 /** The state of the async I/O thread. */
384 uint8_t uAsyncIOState;
385 /** Flag indicating whether the next transfer is part of the current command. */
386 bool fChainedTransfer;
387 /** Set when the reset processing is currently active on this controller. */
388 bool fReset;
389 /** Flag whether the current transfer needs to be redone. */
390 bool fRedo;
391 /** Flag whether the redo suspend has been finished. */
392 bool fRedoIdle;
393 /** Flag whether the DMA operation to be redone is the final transfer. */
394 bool fRedoDMALastDesc;
395 /** The BusMaster DMA state. */
396 BMDMAState BmDma;
397 /** Pointer to first DMA descriptor. */
398 RTGCPHYS32 pFirstDMADesc;
399 /** Pointer to last DMA descriptor. */
400 RTGCPHYS32 pLastDMADesc;
401 /** Pointer to current DMA buffer (for redo operations). */
402 RTGCPHYS32 pRedoDMABuffer;
403 /** Size of current DMA buffer (for redo operations). */
404 uint32_t cbRedoDMABuffer;
405
406 /** The ATA/ATAPI interfaces of this controller. */
407 ATADevState aIfs[2];
408
409 /** Pointer to device instance. */
410 PPDMDEVINSR3 pDevInsR3;
411 /** Pointer to device instance. */
412 PPDMDEVINSR0 pDevInsR0;
413 /** Pointer to device instance. */
414 PPDMDEVINSRC pDevInsRC;
415
416 /** Set when the destroying the device instance and the thread must exit. */
417 uint32_t volatile fShutdown;
418 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
419 RTTHREAD AsyncIOThread;
420 /** The event semaphore the thread is waiting on for requests. */
421 RTSEMEVENT AsyncIOSem;
422 /** The request queue for the AIO thread. One element is always unused. */
423 ATARequest aAsyncIORequests[4];
424 /** The position at which to insert a new request for the AIO thread. */
425 volatile uint8_t AsyncIOReqHead;
426 /** The position at which to get a new request for the AIO thread. */
427 volatile uint8_t AsyncIOReqTail;
428 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
429 bool volatile fSignalIdle;
430 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
431 /** Magic delay before triggering interrupts in DMA mode. */
432 uint32_t DelayIRQMillies;
433 /** The mutex protecting the request queue. */
434 RTSEMMUTEX AsyncIORequestMutex;
435 /** The event semaphore the thread is waiting on during suspended I/O. */
436 RTSEMEVENT SuspendIOSem;
437#if 0 /*HC_ARCH_BITS == 32*/
438 uint32_t Alignment0;
439#endif
440
441 /** Timestamp we started the reset. */
442 uint64_t u64ResetTime;
443
444 /* Statistics */
445 STAMCOUNTER StatAsyncOps;
446 uint64_t StatAsyncMinWait;
447 uint64_t StatAsyncMaxWait;
448 STAMCOUNTER StatAsyncTimeUS;
449 STAMPROFILEADV StatAsyncTime;
450 STAMPROFILE StatLockWait;
451} ATACONTROLLER, *PATACONTROLLER;
452AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
453AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
456
457typedef enum CHIPSET
458{
459 /** PIIX3 chipset, must be 0 for saved state compatibility */
460 CHIPSET_PIIX3 = 0,
461 /** PIIX4 chipset, must be 1 for saved state compatibility */
462 CHIPSET_PIIX4 = 1,
463 /** ICH6 chipset */
464 CHIPSET_ICH6 = 2
465} CHIPSET;
466
467/**
468 * The state of the ATA PCI device.
469 *
470 * @extends PCIDEVICE
471 * @implements PDMILEDPORTS
472 */
473typedef struct PCIATAState
474{
475 PCIDEVICE dev;
476 /** The controllers. */
477 ATACONTROLLER aCts[2];
478 /** Pointer to device instance. */
479 PPDMDEVINSR3 pDevIns;
480 /** Status LUN: Base interface. */
481 PDMIBASE IBase;
482 /** Status LUN: Leds interface. */
483 PDMILEDPORTS ILeds;
484 /** Status LUN: Partner of ILeds. */
485 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
486 /** Flag whether GC is enabled. */
487 bool fGCEnabled;
488 /** Flag whether R0 is enabled. */
489 bool fR0Enabled;
490 /** Flag indicating chipset being emulated. */
491 uint8_t u8Type;
492 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
493} PCIATAState;
494
495#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
496#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
497#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
498#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
499#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
500#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
501
502#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
503
504#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
505#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
506#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
507#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
508#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
509
510#ifndef VBOX_DEVICE_STRUCT_TESTCASE
511/*******************************************************************************
512 * Internal Functions *
513 ******************************************************************************/
514RT_C_DECLS_BEGIN
515PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
516PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
517PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
518PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
521PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
522PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
523RT_C_DECLS_END
524
525
526
527DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
528{
529 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
530
531 /* Freeze status register contents while processing RESET. */
532 if (!pCtl->fReset)
533 {
534 s->uATARegStatus = stat;
535 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
536 }
537}
538
539
540DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
541{
542 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
543
544 /* Freeze status register contents while processing RESET. */
545 if (!pCtl->fReset)
546 {
547 s->uATARegStatus |= stat;
548 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
549 }
550}
551
552
553DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
554{
555 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
556
557 /* Freeze status register contents while processing RESET. */
558 if (!pCtl->fReset)
559 {
560 s->uATARegStatus &= ~stat;
561 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
562 }
563}
564
565#ifdef IN_RING3
566
567typedef void (*PBeginTransferFunc)(ATADevState *);
568typedef bool (*PSourceSinkFunc)(ATADevState *);
569
570static void ataReadWriteSectorsBT(ATADevState *);
571static void ataPacketBT(ATADevState *);
572static void atapiCmdBT(ATADevState *);
573static void atapiPassthroughCmdBT(ATADevState *);
574
575static bool ataIdentifySS(ATADevState *);
576static bool ataFlushSS(ATADevState *);
577static bool ataReadSectorsSS(ATADevState *);
578static bool ataWriteSectorsSS(ATADevState *);
579static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
580static bool ataPacketSS(ATADevState *);
581static bool atapiGetConfigurationSS(ATADevState *);
582static bool atapiGetEventStatusNotificationSS(ATADevState *);
583static bool atapiIdentifySS(ATADevState *);
584static bool atapiInquirySS(ATADevState *);
585static bool atapiMechanismStatusSS(ATADevState *);
586static bool atapiModeSenseErrorRecoverySS(ATADevState *);
587static bool atapiModeSenseCDStatusSS(ATADevState *);
588static bool atapiReadSS(ATADevState *);
589static bool atapiReadCapacitySS(ATADevState *);
590static bool atapiReadDiscInformationSS(ATADevState *);
591static bool atapiReadTOCNormalSS(ATADevState *);
592static bool atapiReadTOCMultiSS(ATADevState *);
593static bool atapiReadTOCRawSS(ATADevState *);
594static bool atapiReadTrackInformationSS(ATADevState *);
595static bool atapiRequestSenseSS(ATADevState *);
596static bool atapiPassthroughSS(ATADevState *);
597static bool atapiReadDVDStructureSS(ATADevState *);
598
599/**
600 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
601 */
602typedef enum ATAFNBT
603{
604 ATAFN_BT_NULL = 0,
605 ATAFN_BT_READ_WRITE_SECTORS,
606 ATAFN_BT_PACKET,
607 ATAFN_BT_ATAPI_CMD,
608 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
609 ATAFN_BT_MAX
610} ATAFNBT;
611
612/**
613 * Array of end transfer functions, the index is ATAFNET.
614 * Make sure ATAFNET and this array match!
615 */
616static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
617{
618 NULL,
619 ataReadWriteSectorsBT,
620 ataPacketBT,
621 atapiCmdBT,
622 atapiPassthroughCmdBT,
623};
624
625/**
626 * Source/sink function indexes for g_apfnSourceSinkFuncs.
627 */
628typedef enum ATAFNSS
629{
630 ATAFN_SS_NULL = 0,
631 ATAFN_SS_IDENTIFY,
632 ATAFN_SS_FLUSH,
633 ATAFN_SS_READ_SECTORS,
634 ATAFN_SS_WRITE_SECTORS,
635 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
636 ATAFN_SS_PACKET,
637 ATAFN_SS_ATAPI_GET_CONFIGURATION,
638 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
639 ATAFN_SS_ATAPI_IDENTIFY,
640 ATAFN_SS_ATAPI_INQUIRY,
641 ATAFN_SS_ATAPI_MECHANISM_STATUS,
642 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
643 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
644 ATAFN_SS_ATAPI_READ,
645 ATAFN_SS_ATAPI_READ_CAPACITY,
646 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
647 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
648 ATAFN_SS_ATAPI_READ_TOC_MULTI,
649 ATAFN_SS_ATAPI_READ_TOC_RAW,
650 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
651 ATAFN_SS_ATAPI_REQUEST_SENSE,
652 ATAFN_SS_ATAPI_PASSTHROUGH,
653 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
654 ATAFN_SS_MAX
655} ATAFNSS;
656
657/**
658 * Array of source/sink functions, the index is ATAFNSS.
659 * Make sure ATAFNSS and this array match!
660 */
661static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
662{
663 NULL,
664 ataIdentifySS,
665 ataFlushSS,
666 ataReadSectorsSS,
667 ataWriteSectorsSS,
668 ataExecuteDeviceDiagnosticSS,
669 ataPacketSS,
670 atapiGetConfigurationSS,
671 atapiGetEventStatusNotificationSS,
672 atapiIdentifySS,
673 atapiInquirySS,
674 atapiMechanismStatusSS,
675 atapiModeSenseErrorRecoverySS,
676 atapiModeSenseCDStatusSS,
677 atapiReadSS,
678 atapiReadCapacitySS,
679 atapiReadDiscInformationSS,
680 atapiReadTOCNormalSS,
681 atapiReadTOCMultiSS,
682 atapiReadTOCRawSS,
683 atapiReadTrackInformationSS,
684 atapiRequestSenseSS,
685 atapiPassthroughSS,
686 atapiReadDVDStructureSS
687};
688
689
690static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
691static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
692static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
693static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
694
695static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
696{
697 int rc;
698
699 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
700 AssertRC(rc);
701 pCtl->AsyncIOReqHead = 0;
702 pCtl->AsyncIOReqTail = 0;
703 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
704 AssertRC(rc);
705}
706
707
708static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
709{
710 int rc;
711
712 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
713 AssertRC(rc);
714 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
715 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
716 pCtl->AsyncIOReqHead++;
717 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
718 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
719 AssertRC(rc);
720 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
721 if (RT_FAILURE(rc))
722 {
723 rc = RTSemEventSignal(pCtl->AsyncIOSem);
724 AssertRC(rc);
725 }
726}
727
728
729static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
730{
731 int rc;
732 const ATARequest *pReq;
733
734 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
735 AssertRC(rc);
736 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
737 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
738 else
739 pReq = NULL;
740 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
741 AssertRC(rc);
742 return pReq;
743}
744
745
746/**
747 * Remove the request with the given type, as it's finished. The request
748 * is not removed blindly, as this could mean a RESET request that is not
749 * yet processed (but has cleared the request queue) is lost.
750 *
751 * @param pCtl Controller for which to remove the request.
752 * @param ReqType Type of the request to remove.
753 */
754static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
755{
756 int rc;
757
758 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
759 AssertRC(rc);
760 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
761 {
762 pCtl->AsyncIOReqTail++;
763 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
764 }
765 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
766 AssertRC(rc);
767}
768
769
770/**
771 * Dump the request queue for a particular controller. First dump the queue
772 * contents, then the already processed entries, as long as they haven't been
773 * overwritten.
774 *
775 * @param pCtl Controller for which to dump the queue.
776 */
777static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
778{
779 int rc;
780 uint8_t curr;
781
782 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
783 AssertRC(rc);
784 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
785 curr = pCtl->AsyncIOReqTail;
786 do
787 {
788 if (curr == pCtl->AsyncIOReqHead)
789 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
790 switch (pCtl->aAsyncIORequests[curr].ReqType)
791 {
792 case ATA_AIO_NEW:
793 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
794 break;
795 case ATA_AIO_DMA:
796 LogRel(("dma transfer continuation\n"));
797 break;
798 case ATA_AIO_PIO:
799 LogRel(("pio transfer continuation\n"));
800 break;
801 case ATA_AIO_RESET_ASSERTED:
802 LogRel(("reset asserted request\n"));
803 break;
804 case ATA_AIO_RESET_CLEARED:
805 LogRel(("reset cleared request\n"));
806 break;
807 case ATA_AIO_ABORT:
808 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
809 break;
810 default:
811 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
812 }
813 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
814 } while (curr != pCtl->AsyncIOReqTail);
815 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
816 AssertRC(rc);
817}
818
819
820/**
821 * Checks whether the request queue for a particular controller is empty
822 * or whether a particular controller is idle.
823 *
824 * @param pCtl Controller for which to check the queue.
825 * @param fStrict If set then the controller is checked to be idle.
826 */
827static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
828{
829 int rc;
830 bool fIdle;
831
832 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
833 AssertRC(rc);
834 fIdle = pCtl->fRedoIdle;
835 if (!fIdle)
836 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
837 if (fStrict)
838 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
839 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
840 AssertRC(rc);
841 return fIdle;
842}
843
844
845/**
846 * Send a transfer request to the async I/O thread.
847 *
848 * @param s Pointer to the ATA device state data.
849 * @param cbTotalTransfer Data transfer size.
850 * @param uTxDir Data transfer direction.
851 * @param iBeginTransfer Index of BeginTransfer callback.
852 * @param iSourceSink Index of SourceSink callback.
853 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
854 */
855static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
856{
857 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
858 ATARequest Req;
859
860 Assert(PDMCritSectIsOwner(&pCtl->lock));
861
862 /* Do not issue new requests while the RESET line is asserted. */
863 if (pCtl->fReset)
864 {
865 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
866 return;
867 }
868
869 /* If the controller is already doing something else right now, ignore
870 * the command that is being submitted. Some broken guests issue commands
871 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
872 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
873 {
874 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
875 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
876 return;
877 }
878
879 Req.ReqType = ATA_AIO_NEW;
880 if (fChainedTransfer)
881 Req.u.t.iIf = pCtl->iAIOIf;
882 else
883 Req.u.t.iIf = pCtl->iSelectedIf;
884 Req.u.t.cbTotalTransfer = cbTotalTransfer;
885 Req.u.t.uTxDir = uTxDir;
886 Req.u.t.iBeginTransfer = iBeginTransfer;
887 Req.u.t.iSourceSink = iSourceSink;
888 ataSetStatusValue(s, ATA_STAT_BUSY);
889 pCtl->fChainedTransfer = fChainedTransfer;
890
891 /*
892 * Kick the worker thread into action.
893 */
894 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
895 ataAsyncIOPutRequest(pCtl, &Req);
896}
897
898
899/**
900 * Send an abort command request to the async I/O thread.
901 *
902 * @param s Pointer to the ATA device state data.
903 * @param fResetDrive Whether to reset the drive or just abort a command.
904 */
905static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
906{
907 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
908 ATARequest Req;
909
910 Assert(PDMCritSectIsOwner(&pCtl->lock));
911
912 /* Do not issue new requests while the RESET line is asserted. */
913 if (pCtl->fReset)
914 {
915 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
916 return;
917 }
918
919 Req.ReqType = ATA_AIO_ABORT;
920 Req.u.a.iIf = pCtl->iSelectedIf;
921 Req.u.a.fResetDrive = fResetDrive;
922 ataSetStatus(s, ATA_STAT_BUSY);
923 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
924 ataAsyncIOPutRequest(pCtl, &Req);
925}
926
927
928static void ataSetIRQ(ATADevState *s)
929{
930 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
931 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
932
933 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
934 {
935 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
936 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
937 * line is asserted. It monitors the line for a rising edge. */
938 if (!s->fIrqPending)
939 pCtl->BmDma.u8Status |= BM_STATUS_INT;
940 /* Only actually set the IRQ line if updating the currently selected drive. */
941 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
942 {
943 /** @todo experiment with adaptive IRQ delivery: for reads it is
944 * better to wait for IRQ delivery, as it reduces latency. */
945 if (pCtl->irq == 16)
946 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
947 else
948 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
949 }
950 }
951 s->fIrqPending = true;
952}
953
954#endif /* IN_RING3 */
955
956static void ataUnsetIRQ(ATADevState *s)
957{
958 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
959 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
960
961 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
962 {
963 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
964 /* Only actually unset the IRQ line if updating the currently selected drive. */
965 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
966 {
967 if (pCtl->irq == 16)
968 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
969 else
970 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
971 }
972 }
973 s->fIrqPending = false;
974}
975
976#ifdef IN_RING3
977
978static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
979{
980 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
981 s->iIOBufferPIODataStart = start;
982 s->iIOBufferPIODataEnd = start + size;
983 ataSetStatus(s, ATA_STAT_DRQ);
984}
985
986
987static void ataPIOTransferStop(ATADevState *s)
988{
989 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
990 if (s->fATAPITransfer)
991 {
992 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
993 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
994 ataSetIRQ(s);
995 s->fATAPITransfer = false;
996 }
997 s->cbTotalTransfer = 0;
998 s->cbElementaryTransfer = 0;
999 s->iIOBufferPIODataStart = 0;
1000 s->iIOBufferPIODataEnd = 0;
1001 s->iBeginTransfer = ATAFN_BT_NULL;
1002 s->iSourceSink = ATAFN_SS_NULL;
1003}
1004
1005
1006static void ataPIOTransferLimitATAPI(ATADevState *s)
1007{
1008 uint32_t cbLimit, cbTransfer;
1009
1010 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1011 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1012 if (cbLimit == 0)
1013 cbLimit = 0xfffe;
1014 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1015 if (cbLimit == 0xffff)
1016 cbLimit--;
1017 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1018 if (cbTransfer > cbLimit)
1019 {
1020 /* Byte count limit for clipping must be even in this case */
1021 if (cbLimit & 1)
1022 cbLimit--;
1023 cbTransfer = cbLimit;
1024 }
1025 s->uATARegLCyl = cbTransfer;
1026 s->uATARegHCyl = cbTransfer >> 8;
1027 s->cbElementaryTransfer = cbTransfer;
1028}
1029
1030
1031static uint32_t ataGetNSectors(ATADevState *s)
1032{
1033 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1034 if (s->fLBA48)
1035 {
1036 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1037 return 65536;
1038 else
1039 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1040 }
1041 else
1042 {
1043 if (!s->uATARegNSector)
1044 return 256;
1045 else
1046 return s->uATARegNSector;
1047 }
1048}
1049
1050
1051static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1052{
1053 for (uint32_t i = 0; i < cbSize; i++)
1054 {
1055 if (*pbSrc)
1056 pbDst[i ^ 1] = *pbSrc++;
1057 else
1058 pbDst[i ^ 1] = ' ';
1059 }
1060}
1061
1062
1063static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1064{
1065 for (uint32_t i = 0; i < cbSize; i++)
1066 {
1067 if (*pbSrc)
1068 pbDst[i] = *pbSrc++;
1069 else
1070 pbDst[i] = ' ';
1071 }
1072}
1073
1074
1075DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1076{
1077 pbBuf[0] = val >> 8;
1078 pbBuf[1] = val;
1079}
1080
1081
1082DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1083{
1084 pbBuf[0] = val >> 16;
1085 pbBuf[1] = val >> 8;
1086 pbBuf[2] = val;
1087}
1088
1089
1090DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1091{
1092 pbBuf[0] = val >> 24;
1093 pbBuf[1] = val >> 16;
1094 pbBuf[2] = val >> 8;
1095 pbBuf[3] = val;
1096}
1097
1098
1099DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1100{
1101 return (pbBuf[0] << 8) | pbBuf[1];
1102}
1103
1104
1105DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1114}
1115
1116
1117DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1118{
1119 iATAPILBA += 150;
1120 pbBuf[0] = (iATAPILBA / 75) / 60;
1121 pbBuf[1] = (iATAPILBA / 75) % 60;
1122 pbBuf[2] = iATAPILBA % 75;
1123}
1124
1125
1126DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1127{
1128 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1129}
1130
1131
1132static void ataCmdOK(ATADevState *s, uint8_t status)
1133{
1134 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1135 ataSetStatusValue(s, ATA_STAT_READY | status);
1136}
1137
1138
1139static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1140{
1141 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1142 Assert(uErrorCode);
1143 s->uATARegError = uErrorCode;
1144 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1145 s->cbTotalTransfer = 0;
1146 s->cbElementaryTransfer = 0;
1147 s->iIOBufferCur = 0;
1148 s->iIOBufferEnd = 0;
1149 s->uTxDir = PDMBLOCKTXDIR_NONE;
1150 s->iBeginTransfer = ATAFN_BT_NULL;
1151 s->iSourceSink = ATAFN_SS_NULL;
1152}
1153
1154static uint32_t ataChecksum(void* ptr, size_t count)
1155{
1156 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1157 size_t i;
1158
1159 for (i = 0; i < count; i++)
1160 {
1161 u8Sum += *p++;
1162 }
1163
1164 return (uint8_t)-(int32_t)u8Sum;
1165}
1166
1167static bool ataIdentifySS(ATADevState *s)
1168{
1169 uint16_t *p;
1170
1171 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1172 Assert(s->cbElementaryTransfer == 512);
1173
1174 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1175 memset(p, 0, 512);
1176 p[0] = RT_H2LE_U16(0x0040);
1177 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1178 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1179 /* Block size; obsolete, but required for the BIOS. */
1180 p[5] = RT_H2LE_U16(512);
1181 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1182 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1183 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1184 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1185 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1186 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1187 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1188#if ATA_MAX_MULT_SECTORS > 1
1189 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1190#endif
1191 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1192 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1193 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1194 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1195 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1196 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1197 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1198 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1199 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1200 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1201 * s->PCHSGeometry.cHeads
1202 * s->PCHSGeometry.cSectors);
1203 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1204 * s->PCHSGeometry.cHeads
1205 * s->PCHSGeometry.cSectors >> 16);
1206 if (s->cMultSectors)
1207 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1208 if (s->cTotalSectors <= (1 << 28) - 1)
1209 {
1210 p[60] = RT_H2LE_U16(s->cTotalSectors);
1211 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1212 }
1213 else
1214 {
1215 /* Report maximum number of sectors possible with LBA28 */
1216 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1217 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1218 }
1219 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1220 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1221 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1222 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1223 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1224 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1225 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1226 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1227 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1228 if (s->cTotalSectors <= (1 << 28) - 1)
1229 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1230 else
1231 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1232 p[84] = RT_H2LE_U16(1 << 14);
1233 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1234 if (s->cTotalSectors <= (1 << 28) - 1)
1235 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1236 else
1237 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1238 p[87] = RT_H2LE_U16(1 << 14);
1239 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1240 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1241 if (s->cTotalSectors > (1 << 28) - 1)
1242 {
1243 p[100] = RT_H2LE_U16(s->cTotalSectors);
1244 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1245 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1246 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1247 }
1248 uint32_t uCsum = ataChecksum(p, 510);
1249 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1250 s->iSourceSink = ATAFN_SS_NULL;
1251 ataCmdOK(s, ATA_STAT_SEEK);
1252 return false;
1253}
1254
1255
1256static bool ataFlushSS(ATADevState *s)
1257{
1258 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1259 int rc;
1260
1261 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1262 Assert(!s->cbElementaryTransfer);
1263
1264 PDMCritSectLeave(&pCtl->lock);
1265
1266 STAM_PROFILE_START(&s->StatFlushes, f);
1267 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1268 AssertRC(rc);
1269 STAM_PROFILE_STOP(&s->StatFlushes, f);
1270
1271 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1272 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1273 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1274 ataCmdOK(s, 0);
1275 return false;
1276}
1277
1278static bool atapiIdentifySS(ATADevState *s)
1279{
1280 uint16_t *p;
1281
1282 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1283 Assert(s->cbElementaryTransfer == 512);
1284
1285 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1286 memset(p, 0, 512);
1287 /* Removable CDROM, 50us response, 12 byte packets */
1288 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1289 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1290 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1291 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1292 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1293 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1294 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1295 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1296 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1297 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1298 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1299 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1300 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1301 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1302 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1303 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1304 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1305 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1306 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1307 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1308 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1309 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1310 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1311 p[83] = RT_H2LE_U16(1 << 14);
1312 p[84] = RT_H2LE_U16(1 << 14);
1313 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1314 p[86] = RT_H2LE_U16(0);
1315 p[87] = RT_H2LE_U16(1 << 14);
1316 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1317 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1318 /* According to ATAPI-5 spec:
1319 *
1320 * The use of this word is optional.
1321 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1322 * contain the data
1323 * structure checksum.
1324 * The data structure checksum is the twos complement of the sum of
1325 * all bytes in words 0 through 254 and the byte consisting of
1326 * bits 7:0 in word 255.
1327 * Each byte shall be added with unsigned arithmetic,
1328 * and overflow shall be ignored.
1329 * The sum of all 512 bytes is zero when the checksum is correct.
1330 */
1331 uint32_t uCsum = ataChecksum(p, 510);
1332 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1333
1334 s->iSourceSink = ATAFN_SS_NULL;
1335 ataCmdOK(s, ATA_STAT_SEEK);
1336 return false;
1337}
1338
1339
1340static void ataSetSignature(ATADevState *s)
1341{
1342 s->uATARegSelect &= 0xf0; /* clear head */
1343 /* put signature */
1344 s->uATARegNSector = 1;
1345 s->uATARegSector = 1;
1346 if (s->fATAPI)
1347 {
1348 s->uATARegLCyl = 0x14;
1349 s->uATARegHCyl = 0xeb;
1350 }
1351 else if (s->pDrvBlock)
1352 {
1353 s->uATARegLCyl = 0;
1354 s->uATARegHCyl = 0;
1355 }
1356 else
1357 {
1358 s->uATARegLCyl = 0xff;
1359 s->uATARegHCyl = 0xff;
1360 }
1361}
1362
1363
1364static uint64_t ataGetSector(ATADevState *s)
1365{
1366 uint64_t iLBA;
1367 if (s->uATARegSelect & 0x40)
1368 {
1369 /* any LBA variant */
1370 if (s->fLBA48)
1371 {
1372 /* LBA48 */
1373 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1374 ((uint64_t)s->uATARegLCylHOB << 32) |
1375 ((uint64_t)s->uATARegSectorHOB << 24) |
1376 ((uint64_t)s->uATARegHCyl << 16) |
1377 ((uint64_t)s->uATARegLCyl << 8) |
1378 s->uATARegSector;
1379 }
1380 else
1381 {
1382 /* LBA */
1383 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1384 (s->uATARegLCyl << 8) | s->uATARegSector;
1385 }
1386 }
1387 else
1388 {
1389 /* CHS */
1390 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1391 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1392 (s->uATARegSector - 1);
1393 }
1394 return iLBA;
1395}
1396
1397static void ataSetSector(ATADevState *s, uint64_t iLBA)
1398{
1399 uint32_t cyl, r;
1400 if (s->uATARegSelect & 0x40)
1401 {
1402 /* any LBA variant */
1403 if (s->fLBA48)
1404 {
1405 /* LBA48 */
1406 s->uATARegHCylHOB = iLBA >> 40;
1407 s->uATARegLCylHOB = iLBA >> 32;
1408 s->uATARegSectorHOB = iLBA >> 24;
1409 s->uATARegHCyl = iLBA >> 16;
1410 s->uATARegLCyl = iLBA >> 8;
1411 s->uATARegSector = iLBA;
1412 }
1413 else
1414 {
1415 /* LBA */
1416 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1417 s->uATARegHCyl = (iLBA >> 16);
1418 s->uATARegLCyl = (iLBA >> 8);
1419 s->uATARegSector = (iLBA);
1420 }
1421 }
1422 else
1423 {
1424 /* CHS */
1425 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1426 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1427 s->uATARegHCyl = cyl >> 8;
1428 s->uATARegLCyl = cyl;
1429 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1430 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1431 }
1432}
1433
1434
1435static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1436{
1437 int rc;
1438 LogRel(("PIIX3 ATA: Host disk full\n"));
1439 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1440 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1441 AssertRC(rc);
1442}
1443
1444static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1445{
1446 int rc;
1447 LogRel(("PIIX3 ATA: File too big\n"));
1448 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1449 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1450 AssertRC(rc);
1451}
1452
1453static void ataWarningISCSI(PPDMDEVINS pDevIns)
1454{
1455 int rc;
1456 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1457 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1458 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1459 AssertRC(rc);
1460}
1461
1462static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1463{
1464 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1465 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1466 if (rc == VERR_DISK_FULL)
1467 {
1468 pCtl->fRedoIdle = true;
1469 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1470 return true;
1471 }
1472 if (rc == VERR_FILE_TOO_BIG)
1473 {
1474 pCtl->fRedoIdle = true;
1475 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1476 return true;
1477 }
1478 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1479 {
1480 pCtl->fRedoIdle = true;
1481 /* iSCSI connection abort (first error) or failure to reestablish
1482 * connection (second error). Pause VM. On resume we'll retry. */
1483 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1484 return true;
1485 }
1486 return false;
1487}
1488
1489
1490static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1491 uint32_t cSectors, bool *pfRedo)
1492{
1493 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1494 int rc;
1495
1496 PDMCritSectLeave(&pCtl->lock);
1497
1498 STAM_PROFILE_ADV_START(&s->StatReads, r);
1499 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1500 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1501 s->Led.Actual.s.fReading = 0;
1502 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1503
1504 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1505
1506 if (RT_SUCCESS(rc))
1507 *pfRedo = false;
1508 else
1509 *pfRedo = ataIsRedoSetWarning(s, rc);
1510
1511 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1512 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1513 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1514 return rc;
1515}
1516
1517
1518static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1519 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1520{
1521 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1522 int rc;
1523
1524 PDMCritSectLeave(&pCtl->lock);
1525
1526 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1527 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1528#ifdef VBOX_INSTRUMENT_DMA_WRITES
1529 if (s->fDMA)
1530 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1531#endif
1532 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1533#ifdef VBOX_INSTRUMENT_DMA_WRITES
1534 if (s->fDMA)
1535 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1536#endif
1537 s->Led.Actual.s.fWriting = 0;
1538 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1539
1540 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1541
1542 if (RT_SUCCESS(rc))
1543 *pfRedo = false;
1544 else
1545 *pfRedo = ataIsRedoSetWarning(s, rc);
1546
1547 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1548 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1549 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1550 return rc;
1551}
1552
1553
1554static void ataReadWriteSectorsBT(ATADevState *s)
1555{
1556 uint32_t cSectors;
1557
1558 cSectors = s->cbTotalTransfer / 512;
1559 if (cSectors > s->cSectorsPerIRQ)
1560 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1561 else
1562 s->cbElementaryTransfer = cSectors * 512;
1563 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1564 ataCmdOK(s, 0);
1565}
1566
1567
1568static bool ataReadSectorsSS(ATADevState *s)
1569{
1570 int rc;
1571 uint32_t cSectors;
1572 uint64_t iLBA;
1573 bool fRedo;
1574
1575 cSectors = s->cbElementaryTransfer / 512;
1576 Assert(cSectors);
1577 iLBA = ataGetSector(s);
1578 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1579 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1580 if (RT_SUCCESS(rc))
1581 {
1582 ataSetSector(s, iLBA + cSectors);
1583 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1584 s->iSourceSink = ATAFN_SS_NULL;
1585 ataCmdOK(s, ATA_STAT_SEEK);
1586 }
1587 else
1588 {
1589 if (fRedo)
1590 return fRedo;
1591 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1592 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1593 s->iLUN, rc, iLBA, cSectors));
1594
1595 /*
1596 * Check if we got interrupted. We don't need to set status variables
1597 * because the request was aborted.
1598 */
1599 if (rc != VERR_INTERRUPTED)
1600 ataCmdError(s, ID_ERR);
1601 }
1602 return false;
1603}
1604
1605
1606static bool ataWriteSectorsSS(ATADevState *s)
1607{
1608 int rc;
1609 uint32_t cSectors;
1610 uint64_t iLBA;
1611 bool fRedo;
1612
1613 cSectors = s->cbElementaryTransfer / 512;
1614 Assert(cSectors);
1615 iLBA = ataGetSector(s);
1616 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1617 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1618 if (RT_SUCCESS(rc))
1619 {
1620 ataSetSector(s, iLBA + cSectors);
1621 if (!s->cbTotalTransfer)
1622 s->iSourceSink = ATAFN_SS_NULL;
1623 ataCmdOK(s, ATA_STAT_SEEK);
1624 }
1625 else
1626 {
1627 if (fRedo)
1628 return fRedo;
1629 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1630 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1631 s->iLUN, rc, iLBA, cSectors));
1632
1633 /*
1634 * Check if we got interrupted. We don't need to set status variables
1635 * because the request was aborted.
1636 */
1637 if (rc != VERR_INTERRUPTED)
1638 ataCmdError(s, ID_ERR);
1639 }
1640 return false;
1641}
1642
1643
1644static void atapiCmdOK(ATADevState *s)
1645{
1646 s->uATARegError = 0;
1647 ataSetStatusValue(s, ATA_STAT_READY);
1648 s->uATARegNSector = (s->uATARegNSector & ~7)
1649 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1650 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1651 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1652
1653 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1654 s->abATAPISense[0] = 0x70 | (1 << 7);
1655 s->abATAPISense[7] = 10;
1656}
1657
1658
1659static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1660{
1661 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1662 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1663 s->uATARegError = pabATAPISense[2] << 4;
1664 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1665 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1666 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1667 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1668 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1669 s->cbTotalTransfer = 0;
1670 s->cbElementaryTransfer = 0;
1671 s->iIOBufferCur = 0;
1672 s->iIOBufferEnd = 0;
1673 s->uTxDir = PDMBLOCKTXDIR_NONE;
1674 s->iBeginTransfer = ATAFN_BT_NULL;
1675 s->iSourceSink = ATAFN_SS_NULL;
1676}
1677
1678
1679/** @todo deprecated function - doesn't provide enough info. Replace by direct
1680 * calls to atapiCmdError() with full data. */
1681static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1682{
1683 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1684 memset(abATAPISense, '\0', sizeof(abATAPISense));
1685 abATAPISense[0] = 0x70 | (1 << 7);
1686 abATAPISense[2] = uATAPISenseKey & 0x0f;
1687 abATAPISense[7] = 10;
1688 abATAPISense[12] = uATAPIASC;
1689 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1690}
1691
1692
1693static void atapiCmdBT(ATADevState *s)
1694{
1695 s->fATAPITransfer = true;
1696 s->cbElementaryTransfer = s->cbTotalTransfer;
1697 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1698 atapiCmdOK(s);
1699}
1700
1701
1702static void atapiPassthroughCmdBT(ATADevState *s)
1703{
1704 /* @todo implement an algorithm for correctly determining the read and
1705 * write sector size without sending additional commands to the drive.
1706 * This should be doable by saving processing the configuration requests
1707 * and replies. */
1708#if 0
1709 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1710 {
1711 uint8_t cmd = s->aATAPICmd[0];
1712 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1713 {
1714 uint8_t aModeSenseCmd[10];
1715 uint8_t aModeSenseResult[16];
1716 uint8_t uDummySense;
1717 uint32_t cbTransfer;
1718 int rc;
1719
1720 cbTransfer = sizeof(aModeSenseResult);
1721 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1722 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1723 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1724 aModeSenseCmd[3] = 0; /* subpage code */
1725 aModeSenseCmd[4] = 0; /* reserved */
1726 aModeSenseCmd[5] = 0; /* reserved */
1727 aModeSenseCmd[6] = 0; /* reserved */
1728 aModeSenseCmd[7] = cbTransfer >> 8;
1729 aModeSenseCmd[8] = cbTransfer & 0xff;
1730 aModeSenseCmd[9] = 0; /* control */
1731 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1732 if (RT_FAILURE(rc))
1733 {
1734 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1735 return;
1736 }
1737 /* Select sector size based on the current data block type. */
1738 switch (aModeSenseResult[12] & 0x0f)
1739 {
1740 case 0:
1741 s->cbATAPISector = 2352;
1742 break;
1743 case 1:
1744 s->cbATAPISector = 2368;
1745 break;
1746 case 2:
1747 case 3:
1748 s->cbATAPISector = 2448;
1749 break;
1750 case 8:
1751 case 10:
1752 s->cbATAPISector = 2048;
1753 break;
1754 case 9:
1755 s->cbATAPISector = 2336;
1756 break;
1757 case 11:
1758 s->cbATAPISector = 2056;
1759 break;
1760 case 12:
1761 s->cbATAPISector = 2324;
1762 break;
1763 case 13:
1764 s->cbATAPISector = 2332;
1765 break;
1766 default:
1767 s->cbATAPISector = 0;
1768 }
1769 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1770 s->cbTotalTransfer *= s->cbATAPISector;
1771 if (s->cbTotalTransfer == 0)
1772 s->uTxDir = PDMBLOCKTXDIR_NONE;
1773 }
1774 }
1775#endif
1776 atapiCmdBT(s);
1777}
1778
1779
1780static bool atapiReadSS(ATADevState *s)
1781{
1782 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1783 int rc = VINF_SUCCESS;
1784 uint32_t cbTransfer, cSectors;
1785
1786 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1787 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1788 cSectors = cbTransfer / s->cbATAPISector;
1789 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1790 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1791
1792 PDMCritSectLeave(&pCtl->lock);
1793
1794 STAM_PROFILE_ADV_START(&s->StatReads, r);
1795 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1796 switch (s->cbATAPISector)
1797 {
1798 case 2048:
1799 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1800 break;
1801 case 2352:
1802 {
1803 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1804
1805 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1806 {
1807 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1808 *pbBuf++ = 0x00;
1809 memset(pbBuf, 0xff, 10);
1810 pbBuf += 10;
1811 *pbBuf++ = 0x00;
1812 /* MSF */
1813 ataLBA2MSF(pbBuf, i);
1814 pbBuf += 3;
1815 *pbBuf++ = 0x01; /* mode 1 data */
1816 /* data */
1817 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1818 if (RT_FAILURE(rc))
1819 break;
1820 pbBuf += 2048;
1821 /**
1822 * @todo: maybe compute ECC and parity, layout is:
1823 * 2072 4 EDC
1824 * 2076 172 P parity symbols
1825 * 2248 104 Q parity symbols
1826 */
1827 memset(pbBuf, 0, 280);
1828 pbBuf += 280;
1829 }
1830 }
1831 break;
1832 default:
1833 break;
1834 }
1835 s->Led.Actual.s.fReading = 0;
1836 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1837
1838 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1839 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1840 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1841
1842 if (RT_SUCCESS(rc))
1843 {
1844 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1845
1846 /* The initial buffer end value has been set up based on the total
1847 * transfer size. But the I/O buffer size limits what can actually be
1848 * done in one transfer, so set the actual value of the buffer end. */
1849 s->cbElementaryTransfer = cbTransfer;
1850 if (cbTransfer >= s->cbTotalTransfer)
1851 s->iSourceSink = ATAFN_SS_NULL;
1852 atapiCmdOK(s);
1853 s->iATAPILBA += cSectors;
1854 }
1855 else
1856 {
1857 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1858 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1859
1860 /*
1861 * Check if we got interrupted. We don't need to set status variables
1862 * because the request was aborted.
1863 */
1864 if (rc != VERR_INTERRUPTED)
1865 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1866 }
1867 return false;
1868}
1869
1870/**
1871 * Sets the given media track type.
1872 */
1873static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1874{
1875 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1876}
1877
1878static bool atapiPassthroughSS(ATADevState *s)
1879{
1880 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1881 int rc = VINF_SUCCESS;
1882 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1883 uint32_t cbTransfer;
1884 PSTAMPROFILEADV pProf = NULL;
1885
1886 cbTransfer = s->cbElementaryTransfer;
1887
1888 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1889 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1890
1891 /* Simple heuristics: if there is at least one sector of data
1892 * to transfer, it's worth updating the LEDs. */
1893 if (cbTransfer >= 2048)
1894 {
1895 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1896 {
1897 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1898 pProf = &s->StatReads;
1899 }
1900 else
1901 {
1902 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1903 pProf = &s->StatWrites;
1904 }
1905 }
1906
1907 PDMCritSectLeave(&pCtl->lock);
1908
1909 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1910 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1911 {
1912 /* Linux accepts commands with up to 100KB of data, but expects
1913 * us to handle commands with up to 128KB of data. The usual
1914 * imbalance of powers. */
1915 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1916 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1917 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1918
1919 switch (s->aATAPICmd[0])
1920 {
1921 case SCSI_READ_10:
1922 case SCSI_WRITE_10:
1923 case SCSI_WRITE_AND_VERIFY_10:
1924 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1925 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1926 break;
1927 case SCSI_READ_12:
1928 case SCSI_WRITE_12:
1929 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1930 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1931 break;
1932 case SCSI_READ_CD:
1933 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1934 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
1935 break;
1936 case SCSI_READ_CD_MSF:
1937 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1938 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1939 break;
1940 default:
1941 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1942 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1943 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1944 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1945 {
1946 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1947 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1948 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1949 }
1950 return false;
1951 }
1952 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1953 cReqSectors = 0;
1954 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1955 {
1956 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1957 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1958 else
1959 cReqSectors = i;
1960 cbCurrTX = s->cbATAPISector * cReqSectors;
1961 switch (s->aATAPICmd[0])
1962 {
1963 case SCSI_READ_10:
1964 case SCSI_WRITE_10:
1965 case SCSI_WRITE_AND_VERIFY_10:
1966 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1967 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1968 break;
1969 case SCSI_READ_12:
1970 case SCSI_WRITE_12:
1971 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1972 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1973 break;
1974 case SCSI_READ_CD:
1975 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1976 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
1977 break;
1978 case SCSI_READ_CD_MSF:
1979 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1980 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1981 break;
1982 }
1983 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1984 if (rc != VINF_SUCCESS)
1985 break;
1986 iATAPILBA += cReqSectors;
1987 pbBuf += s->cbATAPISector * cReqSectors;
1988 }
1989 }
1990 else
1991 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1992 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1993
1994 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1995 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1996 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1997
1998 /* Update the LEDs and the read/write statistics. */
1999 if (cbTransfer >= 2048)
2000 {
2001 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2002 {
2003 s->Led.Actual.s.fReading = 0;
2004 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2005 }
2006 else
2007 {
2008 s->Led.Actual.s.fWriting = 0;
2009 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2010 }
2011 }
2012
2013 if (RT_SUCCESS(rc))
2014 {
2015 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2016 {
2017 Assert(cbTransfer <= s->cbTotalTransfer);
2018 /* Reply with the same amount of data as the real drive. */
2019 s->cbTotalTransfer = cbTransfer;
2020 /* The initial buffer end value has been set up based on the total
2021 * transfer size. But the I/O buffer size limits what can actually be
2022 * done in one transfer, so set the actual value of the buffer end. */
2023 s->cbElementaryTransfer = cbTransfer;
2024 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2025 {
2026 /* Make sure that the real drive cannot be identified.
2027 * Motivation: changing the VM configuration should be as
2028 * invisible as possible to the guest. */
2029 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2030 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2031 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2032 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2033 }
2034 else if (s->aATAPICmd[0] == SCSI_READ_TOC_PMA_ATIP)
2035 {
2036 /* Set the media type if we can detect it. */
2037 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2038
2039 /** @todo: Implemented only for formatted TOC now. */
2040 if ( (s->aATAPICmd[1] & 0xf) == 0
2041 && cbTransfer >= 6)
2042 {
2043 uint32_t NewMediaType;
2044 uint32_t OldMediaType;
2045
2046 if (pbBuf[5] & 0x4)
2047 NewMediaType = ATA_MEDIA_TYPE_DATA;
2048 else
2049 NewMediaType = ATA_MEDIA_TYPE_CDDA;
2050
2051 OldMediaType = ataMediumTypeSet(s, NewMediaType);
2052
2053 if (OldMediaType != NewMediaType)
2054 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough, detected %s CD\n",
2055 s->iLUN,
2056 NewMediaType == ATA_MEDIA_TYPE_DATA
2057 ? "data"
2058 : "audio"));
2059 }
2060 else /* Play safe and set to unknown. */
2061 ataMediumTypeSet(s, ATA_MEDIA_TYPE_UNKNOWN);
2062 }
2063 if (cbTransfer)
2064 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2065 }
2066 s->iSourceSink = ATAFN_SS_NULL;
2067 atapiCmdOK(s);
2068 }
2069 else
2070 {
2071 if (s->cErrors < MAX_LOG_REL_ERRORS)
2072 {
2073 uint8_t u8Cmd = s->aATAPICmd[0];
2074 do
2075 {
2076 /* don't log superfluous errors */
2077 if ( rc == VERR_DEV_IO_ERROR
2078 && ( u8Cmd == SCSI_TEST_UNIT_READY
2079 || u8Cmd == SCSI_READ_CAPACITY
2080 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2081 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2082 break;
2083 s->cErrors++;
2084 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2085 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2086 } while (0);
2087 }
2088 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2089 }
2090 return false;
2091}
2092
2093/** @todo: Revise ASAP. */
2094static bool atapiReadDVDStructureSS(ATADevState *s)
2095{
2096 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2097 int media = s->aATAPICmd[1];
2098 int format = s->aATAPICmd[7];
2099
2100 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2101
2102 memset(buf, 0, max_len);
2103
2104 switch (format) {
2105 case 0x00:
2106 case 0x01:
2107 case 0x02:
2108 case 0x03:
2109 case 0x04:
2110 case 0x05:
2111 case 0x06:
2112 case 0x07:
2113 case 0x08:
2114 case 0x09:
2115 case 0x0a:
2116 case 0x0b:
2117 case 0x0c:
2118 case 0x0d:
2119 case 0x0e:
2120 case 0x0f:
2121 case 0x10:
2122 case 0x11:
2123 case 0x30:
2124 case 0x31:
2125 case 0xff:
2126 if (media == 0)
2127 {
2128 int uASC = SCSI_ASC_NONE;
2129
2130 switch (format)
2131 {
2132 case 0x0: /* Physical format information */
2133 {
2134 int layer = s->aATAPICmd[6];
2135 uint64_t total_sectors;
2136
2137 if (layer != 0)
2138 {
2139 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2140 break;
2141 }
2142
2143 total_sectors = s->cTotalSectors;
2144 total_sectors >>= 2;
2145 if (total_sectors == 0)
2146 {
2147 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2148 break;
2149 }
2150
2151 buf[4] = 1; /* DVD-ROM, part version 1 */
2152 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2153 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2154 buf[7] = 0; /* default densities */
2155
2156 /* FIXME: 0x30000 per spec? */
2157 ataH2BE_U32(buf + 8, 0); /* start sector */
2158 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2159 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2160
2161 /* Size of buffer, not including 2 byte size field */
2162 ataH2BE_U32(&buf[0], 2048 + 2);
2163
2164 /* 2k data + 4 byte header */
2165 uASC = (2048 + 4);
2166 }
2167 break;
2168 case 0x01: /* DVD copyright information */
2169 buf[4] = 0; /* no copyright data */
2170 buf[5] = 0; /* no region restrictions */
2171
2172 /* Size of buffer, not including 2 byte size field */
2173 ataH2BE_U16(buf, 4 + 2);
2174
2175 /* 4 byte header + 4 byte data */
2176 uASC = (4 + 4);
2177
2178 case 0x03: /* BCA information - invalid field for no BCA info */
2179 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2180 break;
2181
2182 case 0x04: /* DVD disc manufacturing information */
2183 /* Size of buffer, not including 2 byte size field */
2184 ataH2BE_U16(buf, 2048 + 2);
2185
2186 /* 2k data + 4 byte header */
2187 uASC = (2048 + 4);
2188 break;
2189 case 0xff:
2190 /*
2191 * This lists all the command capabilities above. Add new ones
2192 * in order and update the length and buffer return values.
2193 */
2194
2195 buf[4] = 0x00; /* Physical format */
2196 buf[5] = 0x40; /* Not writable, is readable */
2197 ataH2BE_U16((buf + 6), 2048 + 4);
2198
2199 buf[8] = 0x01; /* Copyright info */
2200 buf[9] = 0x40; /* Not writable, is readable */
2201 ataH2BE_U16((buf + 10), 4 + 4);
2202
2203 buf[12] = 0x03; /* BCA info */
2204 buf[13] = 0x40; /* Not writable, is readable */
2205 ataH2BE_U16((buf + 14), 188 + 4);
2206
2207 buf[16] = 0x04; /* Manufacturing info */
2208 buf[17] = 0x40; /* Not writable, is readable */
2209 ataH2BE_U16((buf + 18), 2048 + 4);
2210
2211 /* Size of buffer, not including 2 byte size field */
2212 ataH2BE_U16(buf, 16 + 2);
2213
2214 /* data written + 4 byte header */
2215 uASC = (16 + 4);
2216 break;
2217 default: /* TODO: formats beyond DVD-ROM requires */
2218 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2219 }
2220
2221 if (uASC < 0)
2222 {
2223 s->iSourceSink = ATAFN_SS_NULL;
2224 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2225 return false;
2226 }
2227 break;
2228 }
2229 /* TODO: BD support, fall through for now */
2230
2231 /* Generic disk structures */
2232 case 0x80: /* TODO: AACS volume identifier */
2233 case 0x81: /* TODO: AACS media serial number */
2234 case 0x82: /* TODO: AACS media identifier */
2235 case 0x83: /* TODO: AACS media key block */
2236 case 0x90: /* TODO: List of recognized format layers */
2237 case 0xc0: /* TODO: Write protection status */
2238 default:
2239 s->iSourceSink = ATAFN_SS_NULL;
2240 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2241 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2242 return false;
2243 }
2244
2245 s->iSourceSink = ATAFN_SS_NULL;
2246 atapiCmdOK(s);
2247 return false;
2248}
2249
2250static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2251{
2252 Assert(cSectors > 0);
2253 s->iATAPILBA = iATAPILBA;
2254 s->cbATAPISector = cbSector;
2255 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2256 return false;
2257}
2258
2259
2260static bool atapiReadCapacitySS(ATADevState *s)
2261{
2262 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2263
2264 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2265 Assert(s->cbElementaryTransfer <= 8);
2266 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2267 ataH2BE_U32(pbBuf + 4, 2048);
2268 s->iSourceSink = ATAFN_SS_NULL;
2269 atapiCmdOK(s);
2270 return false;
2271}
2272
2273
2274static bool atapiReadDiscInformationSS(ATADevState *s)
2275{
2276 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2277
2278 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2279 Assert(s->cbElementaryTransfer <= 34);
2280 memset(pbBuf, '\0', 34);
2281 ataH2BE_U16(pbBuf, 32);
2282 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2283 pbBuf[3] = 1; /* number of first track */
2284 pbBuf[4] = 1; /* number of sessions (LSB) */
2285 pbBuf[5] = 1; /* first track number in last session (LSB) */
2286 pbBuf[6] = 1; /* last track number in last session (LSB) */
2287 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2288 pbBuf[8] = 0; /* disc type = CD-ROM */
2289 pbBuf[9] = 0; /* number of sessions (MSB) */
2290 pbBuf[10] = 0; /* number of sessions (MSB) */
2291 pbBuf[11] = 0; /* number of sessions (MSB) */
2292 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2293 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2294 s->iSourceSink = ATAFN_SS_NULL;
2295 atapiCmdOK(s);
2296 return false;
2297}
2298
2299
2300static bool atapiReadTrackInformationSS(ATADevState *s)
2301{
2302 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2303
2304 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2305 Assert(s->cbElementaryTransfer <= 36);
2306 /* Accept address/number type of 1 only, and only track 1 exists. */
2307 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2308 {
2309 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2310 return false;
2311 }
2312 memset(pbBuf, '\0', 36);
2313 ataH2BE_U16(pbBuf, 34);
2314 pbBuf[2] = 1; /* track number (LSB) */
2315 pbBuf[3] = 1; /* session number (LSB) */
2316 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2317 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2318 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2319 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2320 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2321 pbBuf[32] = 0; /* track number (MSB) */
2322 pbBuf[33] = 0; /* session number (MSB) */
2323 s->iSourceSink = ATAFN_SS_NULL;
2324 atapiCmdOK(s);
2325 return false;
2326}
2327
2328static size_t atapiGetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2329{
2330 if (cbBuf < 3*4)
2331 return 0;
2332
2333 ataH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2334 pbBuf[2] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2335 pbBuf[3] = 8; /* additional bytes for profiles */
2336 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2337 * before CD-ROM read capability. */
2338 ataH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2339 pbBuf[6] = (0 << 0); /* NOT current profile */
2340 ataH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2341 pbBuf[10] = (1 << 0); /* current profile */
2342
2343 return 3*4; /* Header + 2 profiles entries */
2344}
2345
2346static size_t atapiGetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2347{
2348 if (cbBuf < 12)
2349 return 0;
2350
2351 ataH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2352 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2353 pbBuf[3] = 8; /* Additional length */
2354 ataH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2355 pbBuf[8] = RT_BIT(0); /* DBE */
2356 /* Rest is reserved. */
2357
2358 return 12;
2359}
2360
2361static size_t atapiGetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2362{
2363 if (cbBuf < 8)
2364 return 0;
2365
2366 ataH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2367 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2368 pbBuf[3] = 4; /* Additional length */
2369 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2370 /* Rest is reserved. */
2371
2372 return 8;
2373}
2374
2375static size_t atapiGetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2376{
2377 if (cbBuf < 8)
2378 return 0;
2379
2380 ataH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2381 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2382 pbBuf[3] = 4; /* Additional length */
2383 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2384 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2385 /* Rest is reserved. */
2386
2387 return 8;
2388}
2389
2390static size_t atapiGetConfigurationFillFeatureRandomReadable(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2391{
2392 if (cbBuf < 12)
2393 return 0;
2394
2395 ataH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2396 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2397 pbBuf[3] = 8; /* Additional length */
2398 ataH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2399 ataH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2400 pbBuf[10] = 0; /* PP not present */
2401 /* Rest is reserved. */
2402
2403 return 12;
2404}
2405
2406static size_t atapiGetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2407{
2408 if (cbBuf < 8)
2409 return 0;
2410
2411 ataH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2412 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2413 pbBuf[3] = 0; /* Additional length */
2414 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2415 /* Rest is reserved. */
2416
2417 return 8;
2418}
2419
2420static size_t atapiGetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2421{
2422 if (cbBuf < 4)
2423 return 0;
2424
2425 ataH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2426 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2427 pbBuf[3] = 0; /* Additional length */
2428
2429 return 4;
2430}
2431
2432static size_t atapiGetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2433{
2434 if (cbBuf < 8)
2435 return 0;
2436
2437 ataH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2438 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2439 pbBuf[3] = 4; /* Additional length */
2440 pbBuf[4] = 0x0; /* !Group3 */
2441
2442 return 8;
2443}
2444
2445static bool atapiGetConfigurationSS(ATADevState *s)
2446{
2447 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2448 size_t cbBuf = s->cbIOBuffer;
2449 size_t cbCopied = 0;
2450 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2451
2452 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2453 Assert(s->cbElementaryTransfer <= 80);
2454 /* Accept valid request types only, and only starting feature 0. */
2455 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2456 {
2457 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2458 return false;
2459 }
2460 memset(pbBuf, '\0', cbBuf);
2461 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2462 * way to differentiate them right now is based on the image size). */
2463 if (s->cTotalSectors)
2464 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2465 else
2466 ataH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2467 cbBuf -= 8;
2468 pbBuf += 8;
2469
2470 cbCopied = atapiGetConfigurationFillFeatureListProfiles(s, pbBuf, cbBuf);
2471 cbBuf -= cbCopied;
2472 pbBuf += cbCopied;
2473
2474 cbCopied = atapiGetConfigurationFillFeatureCore(s, pbBuf, cbBuf);
2475 cbBuf -= cbCopied;
2476 pbBuf += cbCopied;
2477
2478 cbCopied = atapiGetConfigurationFillFeatureMorphing(s, pbBuf, cbBuf);
2479 cbBuf -= cbCopied;
2480 pbBuf += cbCopied;
2481
2482 cbCopied = atapiGetConfigurationFillFeatureRemovableMedium(s, pbBuf, cbBuf);
2483 cbBuf -= cbCopied;
2484 pbBuf += cbCopied;
2485
2486 cbCopied = atapiGetConfigurationFillFeatureRandomReadable(s, pbBuf, cbBuf);
2487 cbBuf -= cbCopied;
2488 pbBuf += cbCopied;
2489
2490 cbCopied = atapiGetConfigurationFillFeatureCDRead(s, pbBuf, cbBuf);
2491 cbBuf -= cbCopied;
2492 pbBuf += cbCopied;
2493
2494 cbCopied = atapiGetConfigurationFillFeaturePowerManagement(s, pbBuf, cbBuf);
2495 cbBuf -= cbCopied;
2496 pbBuf += cbCopied;
2497
2498 cbCopied = atapiGetConfigurationFillFeatureTimeout(s, pbBuf, cbBuf);
2499 cbBuf -= cbCopied;
2500 pbBuf += cbCopied;
2501
2502 /* Set data length now - the field is not included in the final length. */
2503 ataH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2504
2505 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2506 s->iSourceSink = ATAFN_SS_NULL;
2507 atapiCmdOK(s);
2508 return false;
2509}
2510
2511
2512static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2513{
2514 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2515
2516 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2517 Assert(s->cbElementaryTransfer <= 8);
2518
2519 if (!(s->aATAPICmd[1] & 1))
2520 {
2521 /* no asynchronous operation supported */
2522 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2523 return false;
2524 }
2525
2526 uint32_t OldStatus, NewStatus;
2527 do
2528 {
2529 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2530 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2531 switch (OldStatus)
2532 {
2533 case ATA_EVENT_STATUS_MEDIA_NEW:
2534 /* mount */
2535 ataH2BE_U16(pbBuf + 0, 6);
2536 pbBuf[2] = 0x04; /* media */
2537 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2538 pbBuf[4] = 0x02; /* new medium */
2539 pbBuf[5] = 0x02; /* medium present / door closed */
2540 pbBuf[6] = 0x00;
2541 pbBuf[7] = 0x00;
2542 break;
2543
2544 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2545 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2546 /* umount */
2547 ataH2BE_U16(pbBuf + 0, 6);
2548 pbBuf[2] = 0x04; /* media */
2549 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2550 pbBuf[4] = 0x03; /* media removal */
2551 pbBuf[5] = 0x00; /* medium absent / door closed */
2552 pbBuf[6] = 0x00;
2553 pbBuf[7] = 0x00;
2554 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2555 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2556 break;
2557
2558 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2559 ataH2BE_U16(pbBuf + 0, 6);
2560 pbBuf[2] = 0x04; /* media */
2561 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2562 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2563 pbBuf[5] = 0x02; /* medium present / door closed */
2564 pbBuf[6] = 0x00;
2565 pbBuf[7] = 0x00;
2566 break;
2567
2568 case ATA_EVENT_STATUS_UNCHANGED:
2569 default:
2570 ataH2BE_U16(pbBuf + 0, 6);
2571 pbBuf[2] = 0x01; /* operational change request / notification */
2572 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2573 pbBuf[4] = 0x00;
2574 pbBuf[5] = 0x00;
2575 pbBuf[6] = 0x00;
2576 pbBuf[7] = 0x00;
2577 break;
2578 }
2579 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2580
2581 s->iSourceSink = ATAFN_SS_NULL;
2582 atapiCmdOK(s);
2583 return false;
2584}
2585
2586
2587static bool atapiInquirySS(ATADevState *s)
2588{
2589 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2590
2591 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2592 Assert(s->cbElementaryTransfer <= 36);
2593 pbBuf[0] = 0x05; /* CD-ROM */
2594 pbBuf[1] = 0x80; /* removable */
2595#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2596 pbBuf[2] = 0x00; /* ISO */
2597 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2598#else
2599 pbBuf[2] = 0x00; /* ISO */
2600 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2601#endif
2602 pbBuf[4] = 31; /* additional length */
2603 pbBuf[5] = 0; /* reserved */
2604 pbBuf[6] = 0; /* reserved */
2605 pbBuf[7] = 0; /* reserved */
2606 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2607 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2608 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2609 s->iSourceSink = ATAFN_SS_NULL;
2610 atapiCmdOK(s);
2611 return false;
2612}
2613
2614
2615static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2616{
2617 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2618
2619 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2620 Assert(s->cbElementaryTransfer <= 16);
2621 ataH2BE_U16(&pbBuf[0], 16 + 6);
2622 pbBuf[2] = 0x70;
2623 pbBuf[3] = 0;
2624 pbBuf[4] = 0;
2625 pbBuf[5] = 0;
2626 pbBuf[6] = 0;
2627 pbBuf[7] = 0;
2628
2629 pbBuf[8] = 0x01;
2630 pbBuf[9] = 0x06;
2631 pbBuf[10] = 0x00;
2632 pbBuf[11] = 0x05;
2633 pbBuf[12] = 0x00;
2634 pbBuf[13] = 0x00;
2635 pbBuf[14] = 0x00;
2636 pbBuf[15] = 0x00;
2637 s->iSourceSink = ATAFN_SS_NULL;
2638 atapiCmdOK(s);
2639 return false;
2640}
2641
2642
2643static bool atapiModeSenseCDStatusSS(ATADevState *s)
2644{
2645 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2646
2647 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2648 Assert(s->cbElementaryTransfer <= 40);
2649 ataH2BE_U16(&pbBuf[0], 38);
2650 pbBuf[2] = 0x70;
2651 pbBuf[3] = 0;
2652 pbBuf[4] = 0;
2653 pbBuf[5] = 0;
2654 pbBuf[6] = 0;
2655 pbBuf[7] = 0;
2656
2657 pbBuf[8] = 0x2a;
2658 pbBuf[9] = 30; /* page length */
2659 pbBuf[10] = 0x08; /* DVD-ROM read support */
2660 pbBuf[11] = 0x00; /* no write support */
2661 /* The following claims we support audio play. This is obviously false,
2662 * but the Linux generic CDROM support makes many features depend on this
2663 * capability. If it's not set, this causes many things to be disabled. */
2664 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2665 pbBuf[13] = 0x00; /* no subchannel reads supported */
2666 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2667 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2668 pbBuf[14] |= 1 << 1; /* report lock state */
2669 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2670 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2671 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2672 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2673 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2674 pbBuf[24] = 0; /* reserved */
2675 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2676 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2677 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2678 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2679 pbBuf[32] = 0; /* reserved */
2680 pbBuf[33] = 0; /* reserved */
2681 pbBuf[34] = 0; /* reserved */
2682 pbBuf[35] = 1; /* rotation control CAV */
2683 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2684 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2685 s->iSourceSink = ATAFN_SS_NULL;
2686 atapiCmdOK(s);
2687 return false;
2688}
2689
2690
2691static bool atapiRequestSenseSS(ATADevState *s)
2692{
2693 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2694
2695 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2696 memset(pbBuf, '\0', s->cbElementaryTransfer);
2697 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2698 s->iSourceSink = ATAFN_SS_NULL;
2699 atapiCmdOK(s);
2700 return false;
2701}
2702
2703
2704static bool atapiMechanismStatusSS(ATADevState *s)
2705{
2706 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2707
2708 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2709 Assert(s->cbElementaryTransfer <= 8);
2710 ataH2BE_U16(pbBuf, 0);
2711 /* no current LBA */
2712 pbBuf[2] = 0;
2713 pbBuf[3] = 0;
2714 pbBuf[4] = 0;
2715 pbBuf[5] = 1;
2716 ataH2BE_U16(pbBuf + 6, 0);
2717 s->iSourceSink = ATAFN_SS_NULL;
2718 atapiCmdOK(s);
2719 return false;
2720}
2721
2722
2723static bool atapiReadTOCNormalSS(ATADevState *s)
2724{
2725 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2726 bool fMSF;
2727 uint32_t cbSize;
2728
2729 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2730 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2731 iStartTrack = s->aATAPICmd[6];
2732 if (iStartTrack > 1 && iStartTrack != 0xaa)
2733 {
2734 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2735 return false;
2736 }
2737 q = pbBuf + 2;
2738 *q++ = 1; /* first session */
2739 *q++ = 1; /* last session */
2740 if (iStartTrack <= 1)
2741 {
2742 *q++ = 0; /* reserved */
2743 *q++ = 0x14; /* ADR, control */
2744 *q++ = 1; /* track number */
2745 *q++ = 0; /* reserved */
2746 if (fMSF)
2747 {
2748 *q++ = 0; /* reserved */
2749 ataLBA2MSF(q, 0);
2750 q += 3;
2751 }
2752 else
2753 {
2754 /* sector 0 */
2755 ataH2BE_U32(q, 0);
2756 q += 4;
2757 }
2758 }
2759 /* lead out track */
2760 *q++ = 0; /* reserved */
2761 *q++ = 0x14; /* ADR, control */
2762 *q++ = 0xaa; /* track number */
2763 *q++ = 0; /* reserved */
2764 if (fMSF)
2765 {
2766 *q++ = 0; /* reserved */
2767 ataLBA2MSF(q, s->cTotalSectors);
2768 q += 3;
2769 }
2770 else
2771 {
2772 ataH2BE_U32(q, s->cTotalSectors);
2773 q += 4;
2774 }
2775 cbSize = q - pbBuf;
2776 ataH2BE_U16(pbBuf, cbSize - 2);
2777 if (cbSize < s->cbTotalTransfer)
2778 s->cbTotalTransfer = cbSize;
2779 s->iSourceSink = ATAFN_SS_NULL;
2780 atapiCmdOK(s);
2781 return false;
2782}
2783
2784
2785static bool atapiReadTOCMultiSS(ATADevState *s)
2786{
2787 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2788 bool fMSF;
2789
2790 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2791 Assert(s->cbElementaryTransfer <= 12);
2792 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2793 /* multi session: only a single session defined */
2794/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2795 memset(pbBuf, 0, 12);
2796 pbBuf[1] = 0x0a;
2797 pbBuf[2] = 0x01;
2798 pbBuf[3] = 0x01;
2799 pbBuf[5] = 0x14; /* ADR, control */
2800 pbBuf[6] = 1; /* first track in last complete session */
2801 if (fMSF)
2802 {
2803 pbBuf[8] = 0; /* reserved */
2804 ataLBA2MSF(&pbBuf[9], 0);
2805 }
2806 else
2807 {
2808 /* sector 0 */
2809 ataH2BE_U32(pbBuf + 8, 0);
2810 }
2811 s->iSourceSink = ATAFN_SS_NULL;
2812 atapiCmdOK(s);
2813 return false;
2814}
2815
2816
2817static bool atapiReadTOCRawSS(ATADevState *s)
2818{
2819 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2820 bool fMSF;
2821 uint32_t cbSize;
2822
2823 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2824 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2825 iStartTrack = s->aATAPICmd[6];
2826
2827 q = pbBuf + 2;
2828 *q++ = 1; /* first session */
2829 *q++ = 1; /* last session */
2830
2831 *q++ = 1; /* session number */
2832 *q++ = 0x14; /* data track */
2833 *q++ = 0; /* track number */
2834 *q++ = 0xa0; /* first track in program area */
2835 *q++ = 0; /* min */
2836 *q++ = 0; /* sec */
2837 *q++ = 0; /* frame */
2838 *q++ = 0;
2839 *q++ = 1; /* first track */
2840 *q++ = 0x00; /* disk type CD-DA or CD data */
2841 *q++ = 0;
2842
2843 *q++ = 1; /* session number */
2844 *q++ = 0x14; /* data track */
2845 *q++ = 0; /* track number */
2846 *q++ = 0xa1; /* last track in program area */
2847 *q++ = 0; /* min */
2848 *q++ = 0; /* sec */
2849 *q++ = 0; /* frame */
2850 *q++ = 0;
2851 *q++ = 1; /* last track */
2852 *q++ = 0;
2853 *q++ = 0;
2854
2855 *q++ = 1; /* session number */
2856 *q++ = 0x14; /* data track */
2857 *q++ = 0; /* track number */
2858 *q++ = 0xa2; /* lead-out */
2859 *q++ = 0; /* min */
2860 *q++ = 0; /* sec */
2861 *q++ = 0; /* frame */
2862 if (fMSF)
2863 {
2864 *q++ = 0; /* reserved */
2865 ataLBA2MSF(q, s->cTotalSectors);
2866 q += 3;
2867 }
2868 else
2869 {
2870 ataH2BE_U32(q, s->cTotalSectors);
2871 q += 4;
2872 }
2873
2874 *q++ = 1; /* session number */
2875 *q++ = 0x14; /* ADR, control */
2876 *q++ = 0; /* track number */
2877 *q++ = 1; /* point */
2878 *q++ = 0; /* min */
2879 *q++ = 0; /* sec */
2880 *q++ = 0; /* frame */
2881 if (fMSF)
2882 {
2883 *q++ = 0; /* reserved */
2884 ataLBA2MSF(q, 0);
2885 q += 3;
2886 }
2887 else
2888 {
2889 /* sector 0 */
2890 ataH2BE_U32(q, 0);
2891 q += 4;
2892 }
2893
2894 cbSize = q - pbBuf;
2895 ataH2BE_U16(pbBuf, cbSize - 2);
2896 if (cbSize < s->cbTotalTransfer)
2897 s->cbTotalTransfer = cbSize;
2898 s->iSourceSink = ATAFN_SS_NULL;
2899 atapiCmdOK(s);
2900 return false;
2901}
2902
2903
2904static void atapiParseCmdVirtualATAPI(ATADevState *s)
2905{
2906 const uint8_t *pbPacket;
2907 uint8_t *pbBuf;
2908 uint32_t cbMax;
2909
2910 pbPacket = s->aATAPICmd;
2911 pbBuf = s->CTX_SUFF(pbIOBuffer);
2912 switch (pbPacket[0])
2913 {
2914 case SCSI_TEST_UNIT_READY:
2915 if (s->cNotifiedMediaChange > 0)
2916 {
2917 if (s->cNotifiedMediaChange-- > 2)
2918 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2919 else
2920 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2921 }
2922 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2923 atapiCmdOK(s);
2924 else
2925 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2926 break;
2927 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2928 cbMax = ataBE2H_U16(pbPacket + 7);
2929 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2930 break;
2931 case SCSI_MODE_SENSE_10:
2932 {
2933 uint8_t uPageControl, uPageCode;
2934 cbMax = ataBE2H_U16(pbPacket + 7);
2935 uPageControl = pbPacket[2] >> 6;
2936 uPageCode = pbPacket[2] & 0x3f;
2937 switch (uPageControl)
2938 {
2939 case SCSI_PAGECONTROL_CURRENT:
2940 switch (uPageCode)
2941 {
2942 case SCSI_MODEPAGE_ERROR_RECOVERY:
2943 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2944 break;
2945 case SCSI_MODEPAGE_CD_STATUS:
2946 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2947 break;
2948 default:
2949 goto error_cmd;
2950 }
2951 break;
2952 case SCSI_PAGECONTROL_CHANGEABLE:
2953 goto error_cmd;
2954 case SCSI_PAGECONTROL_DEFAULT:
2955 goto error_cmd;
2956 default:
2957 case SCSI_PAGECONTROL_SAVED:
2958 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2959 break;
2960 }
2961 }
2962 break;
2963 case SCSI_REQUEST_SENSE:
2964 cbMax = pbPacket[4];
2965 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2966 break;
2967 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2968 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2969 {
2970 if (pbPacket[4] & 1)
2971 s->pDrvMount->pfnLock(s->pDrvMount);
2972 else
2973 s->pDrvMount->pfnUnlock(s->pDrvMount);
2974 atapiCmdOK(s);
2975 }
2976 else
2977 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2978 break;
2979 case SCSI_READ_10:
2980 case SCSI_READ_12:
2981 {
2982 uint32_t cSectors, iATAPILBA;
2983
2984 if (s->cNotifiedMediaChange > 0)
2985 {
2986 s->cNotifiedMediaChange-- ;
2987 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2988 break;
2989 }
2990 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2991 {
2992 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2993 break;
2994 }
2995 if (pbPacket[0] == SCSI_READ_10)
2996 cSectors = ataBE2H_U16(pbPacket + 7);
2997 else
2998 cSectors = ataBE2H_U32(pbPacket + 6);
2999 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3000 if (cSectors == 0)
3001 {
3002 atapiCmdOK(s);
3003 break;
3004 }
3005 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3006 {
3007 /* Rate limited logging, one log line per second. For
3008 * guests that insist on reading from places outside the
3009 * valid area this often generates too many release log
3010 * entries otherwise. */
3011 static uint64_t uLastLogTS = 0;
3012 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3013 {
3014 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3015 uLastLogTS = RTTimeMilliTS();
3016 }
3017 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3018 break;
3019 }
3020 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3021 }
3022 break;
3023 case SCSI_READ_CD:
3024 {
3025 uint32_t cSectors, iATAPILBA;
3026
3027 if (s->cNotifiedMediaChange > 0)
3028 {
3029 s->cNotifiedMediaChange-- ;
3030 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3031 break;
3032 }
3033 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3034 {
3035 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3036 break;
3037 }
3038 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3039 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3040 if (cSectors == 0)
3041 {
3042 atapiCmdOK(s);
3043 break;
3044 }
3045 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3046 {
3047 /* Rate limited logging, one log line per second. For
3048 * guests that insist on reading from places outside the
3049 * valid area this often generates too many release log
3050 * entries otherwise. */
3051 static uint64_t uLastLogTS = 0;
3052 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3053 {
3054 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3055 uLastLogTS = RTTimeMilliTS();
3056 }
3057 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3058 break;
3059 }
3060 switch (pbPacket[9] & 0xf8)
3061 {
3062 case 0x00:
3063 /* nothing */
3064 atapiCmdOK(s);
3065 break;
3066 case 0x10:
3067 /* normal read */
3068 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3069 break;
3070 case 0xf8:
3071 /* read all data */
3072 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
3073 break;
3074 default:
3075 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3076 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3077 break;
3078 }
3079 }
3080 break;
3081 case SCSI_SEEK_10:
3082 {
3083 uint32_t iATAPILBA;
3084 if (s->cNotifiedMediaChange > 0)
3085 {
3086 s->cNotifiedMediaChange-- ;
3087 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3088 break;
3089 }
3090 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3091 {
3092 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3093 break;
3094 }
3095 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3096 if (iATAPILBA > s->cTotalSectors)
3097 {
3098 /* Rate limited logging, one log line per second. For
3099 * guests that insist on seeking to places outside the
3100 * valid area this often generates too many release log
3101 * entries otherwise. */
3102 static uint64_t uLastLogTS = 0;
3103 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3104 {
3105 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3106 uLastLogTS = RTTimeMilliTS();
3107 }
3108 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3109 break;
3110 }
3111 atapiCmdOK(s);
3112 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3113 }
3114 break;
3115 case SCSI_START_STOP_UNIT:
3116 {
3117 int rc = VINF_SUCCESS;
3118 switch (pbPacket[4] & 3)
3119 {
3120 case 0: /* 00 - Stop motor */
3121 case 1: /* 01 - Start motor */
3122 break;
3123 case 2: /* 10 - Eject media */
3124 /* This must be done from EMT. */
3125 {
3126 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3127 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3128
3129 PDMCritSectLeave(&pCtl->lock);
3130 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3131 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3132 s->pDrvMount /*=fForce*/, true /*=fEject*/);
3133 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED) || (rc = VERR_PDM_MEDIA_NOT_MOUNTED));
3134 {
3135 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3136 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3137 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3138 }
3139 }
3140 break;
3141 case 3: /* 11 - Load media */
3142 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3143 break;
3144 }
3145 if (RT_SUCCESS(rc))
3146 atapiCmdOK(s);
3147 else
3148 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3149 }
3150 break;
3151 case SCSI_MECHANISM_STATUS:
3152 {
3153 cbMax = ataBE2H_U16(pbPacket + 8);
3154 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3155 }
3156 break;
3157 case SCSI_READ_TOC_PMA_ATIP:
3158 {
3159 uint8_t format;
3160
3161 if (s->cNotifiedMediaChange > 0)
3162 {
3163 s->cNotifiedMediaChange-- ;
3164 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3165 break;
3166 }
3167 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3168 {
3169 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3170 break;
3171 }
3172 cbMax = ataBE2H_U16(pbPacket + 7);
3173 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3174 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3175 * the other field is clear... */
3176 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3177 switch (format)
3178 {
3179 case 0:
3180 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3181 break;
3182 case 1:
3183 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3184 break;
3185 case 2:
3186 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3187 break;
3188 default:
3189 error_cmd:
3190 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3191 break;
3192 }
3193 }
3194 break;
3195 case SCSI_READ_CAPACITY:
3196 if (s->cNotifiedMediaChange > 0)
3197 {
3198 s->cNotifiedMediaChange-- ;
3199 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3200 break;
3201 }
3202 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3203 {
3204 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3205 break;
3206 }
3207 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3208 break;
3209 case SCSI_READ_DISC_INFORMATION:
3210 if (s->cNotifiedMediaChange > 0)
3211 {
3212 s->cNotifiedMediaChange-- ;
3213 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3214 break;
3215 }
3216 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3217 {
3218 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3219 break;
3220 }
3221 cbMax = ataBE2H_U16(pbPacket + 7);
3222 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3223 break;
3224 case SCSI_READ_TRACK_INFORMATION:
3225 if (s->cNotifiedMediaChange > 0)
3226 {
3227 s->cNotifiedMediaChange-- ;
3228 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3229 break;
3230 }
3231 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3232 {
3233 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3234 break;
3235 }
3236 cbMax = ataBE2H_U16(pbPacket + 7);
3237 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3238 break;
3239 case SCSI_GET_CONFIGURATION:
3240 /* No media change stuff here, it can confuse Linux guests. */
3241 cbMax = ataBE2H_U16(pbPacket + 7);
3242 ataStartTransfer(s, RT_MIN(cbMax, 80), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3243 break;
3244 case SCSI_INQUIRY:
3245 cbMax = ataBE2H_U16(pbPacket + 3);
3246 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3247 break;
3248 case SCSI_READ_DVD_STRUCTURE:
3249 {
3250 cbMax = ataBE2H_U16(pbPacket + 8);
3251 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3252 break;
3253 }
3254 default:
3255 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3256 break;
3257 }
3258}
3259
3260
3261/*
3262 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3263 */
3264static void atapiParseCmdPassthrough(ATADevState *s)
3265{
3266 const uint8_t *pbPacket;
3267 uint8_t *pbBuf;
3268 uint32_t cSectors, iATAPILBA;
3269 uint32_t cbTransfer = 0;
3270 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3271
3272 pbPacket = s->aATAPICmd;
3273 pbBuf = s->CTX_SUFF(pbIOBuffer);
3274 switch (pbPacket[0])
3275 {
3276 case SCSI_BLANK:
3277 goto sendcmd;
3278 case SCSI_CLOSE_TRACK_SESSION:
3279 goto sendcmd;
3280 case SCSI_ERASE_10:
3281 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3282 cbTransfer = ataBE2H_U16(pbPacket + 7);
3283 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3284 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3285 goto sendcmd;
3286 case SCSI_FORMAT_UNIT:
3287 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3288 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3289 goto sendcmd;
3290 case SCSI_GET_CONFIGURATION:
3291 cbTransfer = ataBE2H_U16(pbPacket + 7);
3292 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3293 goto sendcmd;
3294 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3295 cbTransfer = ataBE2H_U16(pbPacket + 7);
3296 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3297 {
3298 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3299 break;
3300 }
3301 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3302 goto sendcmd;
3303 case SCSI_GET_PERFORMANCE:
3304 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3305 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3306 goto sendcmd;
3307 case SCSI_INQUIRY:
3308 cbTransfer = ataBE2H_U16(pbPacket + 3);
3309 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3310 goto sendcmd;
3311 case SCSI_LOAD_UNLOAD_MEDIUM:
3312 goto sendcmd;
3313 case SCSI_MECHANISM_STATUS:
3314 cbTransfer = ataBE2H_U16(pbPacket + 8);
3315 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3316 goto sendcmd;
3317 case SCSI_MODE_SELECT_10:
3318 cbTransfer = ataBE2H_U16(pbPacket + 7);
3319 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3320 goto sendcmd;
3321 case SCSI_MODE_SENSE_10:
3322 cbTransfer = ataBE2H_U16(pbPacket + 7);
3323 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3324 goto sendcmd;
3325 case SCSI_PAUSE_RESUME:
3326 goto sendcmd;
3327 case SCSI_PLAY_AUDIO_10:
3328 goto sendcmd;
3329 case SCSI_PLAY_AUDIO_12:
3330 goto sendcmd;
3331 case SCSI_PLAY_AUDIO_MSF:
3332 goto sendcmd;
3333 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3334 /** @todo do not forget to unlock when a VM is shut down */
3335 goto sendcmd;
3336 case SCSI_READ_10:
3337 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3338 cSectors = ataBE2H_U16(pbPacket + 7);
3339 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3340 s->cbATAPISector = 2048;
3341 cbTransfer = cSectors * s->cbATAPISector;
3342 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3343 goto sendcmd;
3344 case SCSI_READ_12:
3345 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3346 cSectors = ataBE2H_U32(pbPacket + 6);
3347 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3348 s->cbATAPISector = 2048;
3349 cbTransfer = cSectors * s->cbATAPISector;
3350 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3351 goto sendcmd;
3352 case SCSI_READ_BUFFER:
3353 cbTransfer = ataBE2H_U24(pbPacket + 6);
3354 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3355 goto sendcmd;
3356 case SCSI_READ_BUFFER_CAPACITY:
3357 cbTransfer = ataBE2H_U16(pbPacket + 7);
3358 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3359 goto sendcmd;
3360 case SCSI_READ_CAPACITY:
3361 cbTransfer = 8;
3362 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3363 goto sendcmd;
3364 case SCSI_READ_CD:
3365 case SCSI_READ_CD_MSF:
3366 {
3367 /* Get sector size based on the expected sector type field. */
3368 switch ((pbPacket[1] >> 2) & 0x7)
3369 {
3370 case 0x0: /* All types. */
3371 if (ASMAtomicReadU32(&s->MediaTrackType) == ATA_MEDIA_TYPE_CDDA)
3372 s->cbATAPISector = 2352;
3373 else
3374 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3375 break;
3376 case 0x1: /* CD-DA */
3377 s->cbATAPISector = 2352;
3378 break;
3379 case 0x2: /* Mode 1 */
3380 s->cbATAPISector = 2048;
3381 break;
3382 case 0x3: /* Mode 2 formless */
3383 s->cbATAPISector = 2336;
3384 break;
3385 case 0x4: /* Mode 2 form 1 */
3386 s->cbATAPISector = 2048;
3387 break;
3388 case 0x5: /* Mode 2 form 2 */
3389 s->cbATAPISector = 2324;
3390 break;
3391 default: /* Reserved */
3392 AssertMsgFailed(("Unknown sector type\n"));
3393 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3394 }
3395
3396 if (pbPacket[0] == SCSI_READ_CD)
3397 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3398 else /* SCSI_READ_MSF */
3399 {
3400 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3401 if (cSectors > 32)
3402 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3403 cbTransfer = cSectors * s->cbATAPISector;
3404 }
3405 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3406 goto sendcmd;
3407 }
3408 case SCSI_READ_DISC_INFORMATION:
3409 cbTransfer = ataBE2H_U16(pbPacket + 7);
3410 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3411 goto sendcmd;
3412 case SCSI_READ_DVD_STRUCTURE:
3413 cbTransfer = ataBE2H_U16(pbPacket + 8);
3414 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3415 goto sendcmd;
3416 case SCSI_READ_FORMAT_CAPACITIES:
3417 cbTransfer = ataBE2H_U16(pbPacket + 7);
3418 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3419 goto sendcmd;
3420 case SCSI_READ_SUBCHANNEL:
3421 cbTransfer = ataBE2H_U16(pbPacket + 7);
3422 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3423 goto sendcmd;
3424 case SCSI_READ_TOC_PMA_ATIP:
3425 cbTransfer = ataBE2H_U16(pbPacket + 7);
3426 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3427 goto sendcmd;
3428 case SCSI_READ_TRACK_INFORMATION:
3429 cbTransfer = ataBE2H_U16(pbPacket + 7);
3430 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3431 goto sendcmd;
3432 case SCSI_REPAIR_TRACK:
3433 goto sendcmd;
3434 case SCSI_REPORT_KEY:
3435 cbTransfer = ataBE2H_U16(pbPacket + 8);
3436 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3437 goto sendcmd;
3438 case SCSI_REQUEST_SENSE:
3439 cbTransfer = pbPacket[4];
3440 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3441 {
3442 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3443 break;
3444 }
3445 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3446 goto sendcmd;
3447 case SCSI_RESERVE_TRACK:
3448 goto sendcmd;
3449 case SCSI_SCAN:
3450 goto sendcmd;
3451 case SCSI_SEEK_10:
3452 goto sendcmd;
3453 case SCSI_SEND_CUE_SHEET:
3454 cbTransfer = ataBE2H_U24(pbPacket + 6);
3455 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3456 goto sendcmd;
3457 case SCSI_SEND_DVD_STRUCTURE:
3458 cbTransfer = ataBE2H_U16(pbPacket + 8);
3459 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3460 goto sendcmd;
3461 case SCSI_SEND_EVENT:
3462 cbTransfer = ataBE2H_U16(pbPacket + 8);
3463 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3464 goto sendcmd;
3465 case SCSI_SEND_KEY:
3466 cbTransfer = ataBE2H_U16(pbPacket + 8);
3467 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3468 goto sendcmd;
3469 case SCSI_SEND_OPC_INFORMATION:
3470 cbTransfer = ataBE2H_U16(pbPacket + 7);
3471 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3472 goto sendcmd;
3473 case SCSI_SET_CD_SPEED:
3474 goto sendcmd;
3475 case SCSI_SET_READ_AHEAD:
3476 goto sendcmd;
3477 case SCSI_SET_STREAMING:
3478 cbTransfer = ataBE2H_U16(pbPacket + 9);
3479 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3480 goto sendcmd;
3481 case SCSI_START_STOP_UNIT:
3482 goto sendcmd;
3483 case SCSI_STOP_PLAY_SCAN:
3484 goto sendcmd;
3485 case SCSI_SYNCHRONIZE_CACHE:
3486 goto sendcmd;
3487 case SCSI_TEST_UNIT_READY:
3488 goto sendcmd;
3489 case SCSI_VERIFY_10:
3490 goto sendcmd;
3491 case SCSI_WRITE_10:
3492 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3493 cSectors = ataBE2H_U16(pbPacket + 7);
3494 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3495#if 0
3496 /* The sector size is determined by the async I/O thread. */
3497 s->cbATAPISector = 0;
3498 /* Preliminary, will be corrected once the sector size is known. */
3499 cbTransfer = cSectors;
3500#else
3501 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3502 cbTransfer = cSectors * s->cbATAPISector;
3503#endif
3504 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3505 goto sendcmd;
3506 case SCSI_WRITE_12:
3507 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3508 cSectors = ataBE2H_U32(pbPacket + 6);
3509 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3510#if 0
3511 /* The sector size is determined by the async I/O thread. */
3512 s->cbATAPISector = 0;
3513 /* Preliminary, will be corrected once the sector size is known. */
3514 cbTransfer = cSectors;
3515#else
3516 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3517 cbTransfer = cSectors * s->cbATAPISector;
3518#endif
3519 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3520 goto sendcmd;
3521 case SCSI_WRITE_AND_VERIFY_10:
3522 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3523 cSectors = ataBE2H_U16(pbPacket + 7);
3524 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3525 /* The sector size is determined by the async I/O thread. */
3526 s->cbATAPISector = 0;
3527 /* Preliminary, will be corrected once the sector size is known. */
3528 cbTransfer = cSectors;
3529 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3530 goto sendcmd;
3531 case SCSI_WRITE_BUFFER:
3532 switch (pbPacket[1] & 0x1f)
3533 {
3534 case 0x04: /* download microcode */
3535 case 0x05: /* download microcode and save */
3536 case 0x06: /* download microcode with offsets */
3537 case 0x07: /* download microcode with offsets and save */
3538 case 0x0e: /* download microcode with offsets and defer activation */
3539 case 0x0f: /* activate deferred microcode */
3540 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3541 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3542 break;
3543 default:
3544 cbTransfer = ataBE2H_U16(pbPacket + 6);
3545 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3546 goto sendcmd;
3547 }
3548 break;
3549 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3550 cbTransfer = ataBE2H_U32(pbPacket + 6);
3551 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3552 goto sendcmd;
3553 case SCSI_REZERO_UNIT:
3554 /* Obsolete command used by cdrecord. What else would one expect?
3555 * This command is not sent to the drive, it is handled internally,
3556 * as the Linux kernel doesn't like it (message "scsi: unknown
3557 * opcode 0x01" in syslog) and replies with a sense code of 0,
3558 * which sends cdrecord to an endless loop. */
3559 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3560 break;
3561 default:
3562 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3563 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3564 break;
3565 sendcmd:
3566 /* Send a command to the drive, passing data in/out as required. */
3567 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3568 Assert(cbTransfer <= s->cbIOBuffer);
3569 if (cbTransfer == 0)
3570 uTxDir = PDMBLOCKTXDIR_NONE;
3571 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3572 }
3573}
3574
3575
3576static void atapiParseCmd(ATADevState *s)
3577{
3578 const uint8_t *pbPacket;
3579
3580 pbPacket = s->aATAPICmd;
3581#ifdef DEBUG
3582 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3583#else /* !DEBUG */
3584 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3585#endif /* !DEBUG */
3586 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3587
3588 if (s->fATAPIPassthrough)
3589 atapiParseCmdPassthrough(s);
3590 else
3591 atapiParseCmdVirtualATAPI(s);
3592}
3593
3594
3595static bool ataPacketSS(ATADevState *s)
3596{
3597 s->fDMA = !!(s->uATARegFeature & 1);
3598 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3599 s->uTxDir = PDMBLOCKTXDIR_NONE;
3600 s->cbTotalTransfer = 0;
3601 s->cbElementaryTransfer = 0;
3602 atapiParseCmd(s);
3603 return false;
3604}
3605
3606
3607/**
3608 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3609 * from now on, regardless if there was a medium inserted or not.
3610 */
3611static void ataMediumRemoved(ATADevState *s)
3612{
3613 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3614}
3615
3616
3617/**
3618 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3619 * there was already a medium inserted, don't forget to send the "medium
3620 * removed" event first.
3621 */
3622static void ataMediumInserted(ATADevState *s)
3623{
3624 uint32_t OldStatus, NewStatus;
3625 do
3626 {
3627 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3628 switch (OldStatus)
3629 {
3630 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3631 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3632 /* no change, we will send "medium removed" + "medium inserted" */
3633 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3634 break;
3635 default:
3636 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3637 break;
3638 }
3639 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3640}
3641
3642/**
3643 * Called when a media is mounted.
3644 *
3645 * @param pInterface Pointer to the interface structure containing the called function pointer.
3646 */
3647static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3648{
3649 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3650 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3651
3652 /* Ignore the call if we're called while being attached. */
3653 if (!pIf->pDrvBlock)
3654 return;
3655
3656 if (pIf->fATAPI)
3657 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3658 else
3659 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3660
3661 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3662
3663 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3664 if (pIf->cNotifiedMediaChange < 2)
3665 pIf->cNotifiedMediaChange = 2;
3666 ataMediumInserted(pIf);
3667 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3668}
3669
3670/**
3671 * Called when a media is unmounted
3672 * @param pInterface Pointer to the interface structure containing the called function pointer.
3673 */
3674static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3675{
3676 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3677 Log(("%s:\n", __FUNCTION__));
3678 pIf->cTotalSectors = 0;
3679
3680 /*
3681 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3682 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3683 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3684 * present and 2 in which it is changed.
3685 */
3686 pIf->cNotifiedMediaChange = 4;
3687 ataMediumRemoved(pIf);
3688 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3689}
3690
3691static void ataPacketBT(ATADevState *s)
3692{
3693 s->cbElementaryTransfer = s->cbTotalTransfer;
3694 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3695 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3696 ataSetStatusValue(s, ATA_STAT_READY);
3697}
3698
3699
3700static void ataResetDevice(ATADevState *s)
3701{
3702 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3703 s->cNotifiedMediaChange = 0;
3704 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3705 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3706 ataUnsetIRQ(s);
3707
3708 s->uATARegSelect = 0x20;
3709 ataSetStatusValue(s, ATA_STAT_READY);
3710 ataSetSignature(s);
3711 s->cbTotalTransfer = 0;
3712 s->cbElementaryTransfer = 0;
3713 s->iIOBufferPIODataStart = 0;
3714 s->iIOBufferPIODataEnd = 0;
3715 s->iBeginTransfer = ATAFN_BT_NULL;
3716 s->iSourceSink = ATAFN_SS_NULL;
3717 s->fDMA = false;
3718 s->fATAPITransfer = false;
3719 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3720
3721 s->uATARegFeature = 0;
3722}
3723
3724
3725static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3726{
3727 ataSetSignature(s);
3728 if (s->fATAPI)
3729 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3730 else
3731 ataSetStatusValue(s, ATA_STAT_READY);
3732 s->uATARegError = 0x01;
3733 return false;
3734}
3735
3736
3737static void ataParseCmd(ATADevState *s, uint8_t cmd)
3738{
3739#ifdef DEBUG
3740 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3741#else /* !DEBUG */
3742 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3743#endif /* !DEBUG */
3744 s->fLBA48 = false;
3745 s->fDMA = false;
3746 if (cmd == ATA_IDLE_IMMEDIATE)
3747 {
3748 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3749 * would overwrite the failing command unfortunately), then RESET. */
3750 int32_t uCmdWait = -1;
3751 uint64_t uNow = RTTimeNanoTS();
3752 if (s->u64CmdTS)
3753 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3754 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3755 s->iLUN, s->uATARegCommand, uCmdWait));
3756 }
3757 s->uATARegCommand = cmd;
3758 switch (cmd)
3759 {
3760 case ATA_IDENTIFY_DEVICE:
3761 if (s->pDrvBlock && !s->fATAPI)
3762 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3763 else
3764 {
3765 if (s->fATAPI)
3766 ataSetSignature(s);
3767 ataCmdError(s, ABRT_ERR);
3768 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3769 }
3770 break;
3771 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3772 case ATA_RECALIBRATE:
3773 ataCmdOK(s, ATA_STAT_SEEK);
3774 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3775 break;
3776 case ATA_SET_MULTIPLE_MODE:
3777 if ( s->uATARegNSector != 0
3778 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3779 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3780 {
3781 ataCmdError(s, ABRT_ERR);
3782 }
3783 else
3784 {
3785 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3786 s->cMultSectors = s->uATARegNSector;
3787 ataCmdOK(s, 0);
3788 }
3789 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3790 break;
3791 case ATA_READ_VERIFY_SECTORS_EXT:
3792 s->fLBA48 = true;
3793 case ATA_READ_VERIFY_SECTORS:
3794 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3795 /* do sector number check ? */
3796 ataCmdOK(s, 0);
3797 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3798 break;
3799 case ATA_READ_SECTORS_EXT:
3800 s->fLBA48 = true;
3801 case ATA_READ_SECTORS:
3802 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3803 if (!s->pDrvBlock || s->fATAPI)
3804 goto abort_cmd;
3805 s->cSectorsPerIRQ = 1;
3806 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3807 break;
3808 case ATA_WRITE_SECTORS_EXT:
3809 s->fLBA48 = true;
3810 case ATA_WRITE_SECTORS:
3811 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3812 if (!s->pDrvBlock || s->fATAPI)
3813 goto abort_cmd;
3814 s->cSectorsPerIRQ = 1;
3815 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3816 break;
3817 case ATA_READ_MULTIPLE_EXT:
3818 s->fLBA48 = true;
3819 case ATA_READ_MULTIPLE:
3820 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
3821 goto abort_cmd;
3822 s->cSectorsPerIRQ = s->cMultSectors;
3823 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3824 break;
3825 case ATA_WRITE_MULTIPLE_EXT:
3826 s->fLBA48 = true;
3827 case ATA_WRITE_MULTIPLE:
3828 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
3829 goto abort_cmd;
3830 s->cSectorsPerIRQ = s->cMultSectors;
3831 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3832 break;
3833 case ATA_READ_DMA_EXT:
3834 s->fLBA48 = true;
3835 case ATA_READ_DMA:
3836 case ATA_READ_DMA_WITHOUT_RETRIES:
3837 if (!s->pDrvBlock || s->fATAPI)
3838 goto abort_cmd;
3839 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3840 s->fDMA = true;
3841 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3842 break;
3843 case ATA_WRITE_DMA_EXT:
3844 s->fLBA48 = true;
3845 case ATA_WRITE_DMA:
3846 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3847 if (!s->pDrvBlock || s->fATAPI)
3848 goto abort_cmd;
3849 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3850 s->fDMA = true;
3851 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3852 break;
3853 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3854 s->fLBA48 = true;
3855 ataSetSector(s, s->cTotalSectors - 1);
3856 ataCmdOK(s, 0);
3857 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3858 break;
3859 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3860 ataCmdOK(s, 0);
3861 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3862 break;
3863 case ATA_READ_NATIVE_MAX_ADDRESS:
3864 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3865 ataCmdOK(s, 0);
3866 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3867 break;
3868 case ATA_CHECK_POWER_MODE:
3869 s->uATARegNSector = 0xff; /* drive active or idle */
3870 ataCmdOK(s, 0);
3871 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3872 break;
3873 case ATA_SET_FEATURES:
3874 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3875 if (!s->pDrvBlock)
3876 goto abort_cmd;
3877 switch (s->uATARegFeature)
3878 {
3879 case 0x02: /* write cache enable */
3880 Log2(("%s: write cache enable\n", __FUNCTION__));
3881 ataCmdOK(s, ATA_STAT_SEEK);
3882 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3883 break;
3884 case 0xaa: /* read look-ahead enable */
3885 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3886 ataCmdOK(s, ATA_STAT_SEEK);
3887 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3888 break;
3889 case 0x55: /* read look-ahead disable */
3890 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3891 ataCmdOK(s, ATA_STAT_SEEK);
3892 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3893 break;
3894 case 0xcc: /* reverting to power-on defaults enable */
3895 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3896 ataCmdOK(s, ATA_STAT_SEEK);
3897 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3898 break;
3899 case 0x66: /* reverting to power-on defaults disable */
3900 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3901 ataCmdOK(s, ATA_STAT_SEEK);
3902 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3903 break;
3904 case 0x82: /* write cache disable */
3905 Log2(("%s: write cache disable\n", __FUNCTION__));
3906 /* As per the ATA/ATAPI-6 specs, a write cache disable
3907 * command MUST flush the write buffers to disc. */
3908 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3909 break;
3910 case 0x03: { /* set transfer mode */
3911 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3912 switch (s->uATARegNSector & 0xf8)
3913 {
3914 case 0x00: /* PIO default */
3915 case 0x08: /* PIO mode */
3916 break;
3917 case ATA_MODE_MDMA: /* MDMA mode */
3918 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3919 break;
3920 case ATA_MODE_UDMA: /* UDMA mode */
3921 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3922 break;
3923 default:
3924 goto abort_cmd;
3925 }
3926 ataCmdOK(s, ATA_STAT_SEEK);
3927 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3928 break;
3929 }
3930 default:
3931 goto abort_cmd;
3932 }
3933 /*
3934 * OS/2 workarond:
3935 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3936 * reset here. According to the specification, this is a driver bug as the register
3937 * contents are undefined after the call. This means we can just as well reset it.
3938 */
3939 s->uATARegFeature = 0;
3940 break;
3941 case ATA_FLUSH_CACHE_EXT:
3942 case ATA_FLUSH_CACHE:
3943 if (!s->pDrvBlock || s->fATAPI)
3944 goto abort_cmd;
3945 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3946 break;
3947 case ATA_STANDBY_IMMEDIATE:
3948 ataCmdOK(s, 0);
3949 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3950 break;
3951 case ATA_IDLE_IMMEDIATE:
3952 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3953 ataAbortCurrentCommand(s, false);
3954 break;
3955 case ATA_SLEEP:
3956 ataCmdOK(s, 0);
3957 ataSetIRQ(s);
3958 break;
3959 /* ATAPI commands */
3960 case ATA_IDENTIFY_PACKET_DEVICE:
3961 if (s->fATAPI)
3962 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3963 else
3964 {
3965 ataCmdError(s, ABRT_ERR);
3966 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3967 }
3968 break;
3969 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3970 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3971 break;
3972 case ATA_DEVICE_RESET:
3973 if (!s->fATAPI)
3974 goto abort_cmd;
3975 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3976 ataAbortCurrentCommand(s, true);
3977 break;
3978 case ATA_PACKET:
3979 if (!s->fATAPI)
3980 goto abort_cmd;
3981 /* overlapping commands not supported */
3982 if (s->uATARegFeature & 0x02)
3983 goto abort_cmd;
3984 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3985 break;
3986 default:
3987 abort_cmd:
3988 ataCmdError(s, ABRT_ERR);
3989 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3990 break;
3991 }
3992}
3993
3994#endif /* IN_RING3 */
3995
3996static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3997{
3998 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3999 addr &= 7;
4000 switch (addr)
4001 {
4002 case 0:
4003 break;
4004 case 1: /* feature register */
4005 /* NOTE: data is written to the two drives */
4006 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4007 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4008 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4009 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4010 pCtl->aIfs[0].uATARegFeature = val;
4011 pCtl->aIfs[1].uATARegFeature = val;
4012 break;
4013 case 2: /* sector count */
4014 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4015 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4016 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4017 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4018 pCtl->aIfs[0].uATARegNSector = val;
4019 pCtl->aIfs[1].uATARegNSector = val;
4020 break;
4021 case 3: /* sector number */
4022 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4023 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4024 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4025 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4026 pCtl->aIfs[0].uATARegSector = val;
4027 pCtl->aIfs[1].uATARegSector = val;
4028 break;
4029 case 4: /* cylinder low */
4030 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4031 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4032 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4033 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4034 pCtl->aIfs[0].uATARegLCyl = val;
4035 pCtl->aIfs[1].uATARegLCyl = val;
4036 break;
4037 case 5: /* cylinder high */
4038 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4039 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4040 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4041 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4042 pCtl->aIfs[0].uATARegHCyl = val;
4043 pCtl->aIfs[1].uATARegHCyl = val;
4044 break;
4045 case 6: /* drive/head */
4046 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4047 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4048 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4049 {
4050 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4051
4052 /* select another drive */
4053 pCtl->iSelectedIf = (val >> 4) & 1;
4054 /* The IRQ line is multiplexed between the two drives, so
4055 * update the state when switching to another drive. Only need
4056 * to update interrupt line if it is enabled and there is a
4057 * state change. */
4058 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4059 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4060 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4061 {
4062 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4063 {
4064 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4065 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4066 * the interrupt line is asserted. It monitors the line
4067 * for a rising edge. */
4068 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4069 if (pCtl->irq == 16)
4070 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4071 else
4072 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4073 }
4074 else
4075 {
4076 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4077 if (pCtl->irq == 16)
4078 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4079 else
4080 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4081 }
4082 }
4083 }
4084 break;
4085 default:
4086 case 7: /* command */
4087 /* ignore commands to non existant slave */
4088 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
4089 break;
4090#ifndef IN_RING3
4091 /* Don't do anything complicated in GC */
4092 return VINF_IOM_HC_IOPORT_WRITE;
4093#else /* IN_RING3 */
4094 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4095#endif /* !IN_RING3 */
4096 }
4097 return VINF_SUCCESS;
4098}
4099
4100
4101static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4102{
4103 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4104 uint32_t val;
4105 bool fHOB;
4106
4107 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4108 switch (addr & 7)
4109 {
4110 case 0: /* data register */
4111 val = 0xff;
4112 break;
4113 case 1: /* error register */
4114 /* The ATA specification is very terse when it comes to specifying
4115 * the precise effects of reading back the error/feature register.
4116 * The error register (read-only) shares the register number with
4117 * the feature register (write-only), so it seems that it's not
4118 * necessary to support the usual HOB readback here. */
4119 if (!s->pDrvBlock)
4120 val = 0;
4121 else
4122 val = s->uATARegError;
4123 break;
4124 case 2: /* sector count */
4125 if (!s->pDrvBlock)
4126 val = 0;
4127 else if (fHOB)
4128 val = s->uATARegNSectorHOB;
4129 else
4130 val = s->uATARegNSector;
4131 break;
4132 case 3: /* sector number */
4133 if (!s->pDrvBlock)
4134 val = 0;
4135 else if (fHOB)
4136 val = s->uATARegSectorHOB;
4137 else
4138 val = s->uATARegSector;
4139 break;
4140 case 4: /* cylinder low */
4141 if (!s->pDrvBlock)
4142 val = 0;
4143 else if (fHOB)
4144 val = s->uATARegLCylHOB;
4145 else
4146 val = s->uATARegLCyl;
4147 break;
4148 case 5: /* cylinder high */
4149 if (!s->pDrvBlock)
4150 val = 0;
4151 else if (fHOB)
4152 val = s->uATARegHCylHOB;
4153 else
4154 val = s->uATARegHCyl;
4155 break;
4156 case 6: /* drive/head */
4157 /* This register must always work as long as there is at least
4158 * one drive attached to the controller. It is common between
4159 * both drives anyway (completely identical content). */
4160 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4161 val = 0;
4162 else
4163 val = s->uATARegSelect;
4164 break;
4165 default:
4166 case 7: /* primary status */
4167 {
4168 /* Counter for number of busy status seen in GC in a row. */
4169 static unsigned cBusy = 0;
4170
4171 if (!s->pDrvBlock)
4172 val = 0;
4173 else
4174 val = s->uATARegStatus;
4175
4176 /* Give the async I/O thread an opportunity to make progress,
4177 * don't let it starve by guests polling frequently. EMT has a
4178 * lower priority than the async I/O thread, but sometimes the
4179 * host OS doesn't care. With some guests we are only allowed to
4180 * be busy for about 5 milliseconds in some situations. Note that
4181 * this is no guarantee for any other VBox thread getting
4182 * scheduled, so this just lowers the CPU load a bit when drives
4183 * are busy. It cannot help with timing problems. */
4184 if (val & ATA_STAT_BUSY)
4185 {
4186#ifdef IN_RING3
4187 cBusy = 0;
4188 PDMCritSectLeave(&pCtl->lock);
4189
4190#ifndef RT_OS_WINDOWS
4191 /*
4192 * The thread might be stuck in an I/O operation
4193 * due to a high I/O load on the host. (see @bugref{3301})
4194 * To perform the reset successfully
4195 * we interrupt the operation by sending a signal to the thread
4196 * if the thread didn't responded in 10ms.
4197 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4198 * does the same but it was introduced with Vista) but so far
4199 * this hang was only observed on Linux and Mac OS X.
4200 *
4201 * This is a workaround and needs to be solved properly.
4202 */
4203 if (pCtl->fReset)
4204 {
4205 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4206
4207 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4208 {
4209 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4210 pCtl->u64ResetTime = u64ResetTimeStop;
4211 RTThreadPoke(pCtl->AsyncIOThread);
4212 }
4213 }
4214#endif
4215
4216 RTThreadYield();
4217
4218 {
4219 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4220 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4221 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4222 }
4223
4224 val = s->uATARegStatus;
4225#else /* !IN_RING3 */
4226 /* Cannot yield CPU in guest context. And switching to host
4227 * context for each and every busy status is too costly,
4228 * especially on SMP systems where we don't gain much by
4229 * yielding the CPU to someone else. */
4230 if (++cBusy >= 20)
4231 {
4232 cBusy = 0;
4233 return VINF_IOM_HC_IOPORT_READ;
4234 }
4235#endif /* !IN_RING3 */
4236 }
4237 else
4238 cBusy = 0;
4239 ataUnsetIRQ(s);
4240 break;
4241 }
4242 }
4243 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4244 *pu32 = val;
4245 return VINF_SUCCESS;
4246}
4247
4248
4249static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4250{
4251 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4252 uint32_t val;
4253
4254 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4255 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4256 val = 0;
4257 else
4258 val = s->uATARegStatus;
4259 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4260 return val;
4261}
4262
4263static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4264{
4265#ifndef IN_RING3
4266 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4267 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4268#endif /* !IN_RING3 */
4269
4270 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4271 /* RESET is common for both drives attached to a controller. */
4272 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4273 (val & ATA_DEVCTL_RESET))
4274 {
4275#ifdef IN_RING3
4276 /* Software RESET low to high */
4277 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4278 uint64_t uNow = RTTimeNanoTS();
4279 if (pCtl->aIfs[0].u64CmdTS)
4280 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4281 if (pCtl->aIfs[1].u64CmdTS)
4282 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4283 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4284 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4285 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4286 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4287 pCtl->fReset = true;
4288 /* Everything must be done after the reset flag is set, otherwise
4289 * there are unavoidable races with the currently executing request
4290 * (which might just finish in the mean time). */
4291 pCtl->fChainedTransfer = false;
4292 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4293 {
4294 ataResetDevice(&pCtl->aIfs[i]);
4295 /* The following cannot be done using ataSetStatusValue() since the
4296 * reset flag is already set, which suppresses all status changes. */
4297 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4298 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4299 pCtl->aIfs[i].uATARegError = 0x01;
4300 }
4301 ataAsyncIOClearRequests(pCtl);
4302 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4303 if (val & ATA_DEVCTL_HOB)
4304 {
4305 val &= ~ATA_DEVCTL_HOB;
4306 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4307 }
4308
4309 /* Save the timestamp we started the reset. */
4310 pCtl->u64ResetTime = RTTimeMilliTS();
4311
4312 /* Issue the reset request now. */
4313 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4314#else /* !IN_RING3 */
4315 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4316#endif /* IN_RING3 */
4317 }
4318 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4319 !(val & ATA_DEVCTL_RESET))
4320 {
4321#ifdef IN_RING3
4322 /* Software RESET high to low */
4323 Log(("%s: deasserting RESET\n", __FUNCTION__));
4324 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4325 if (val & ATA_DEVCTL_HOB)
4326 {
4327 val &= ~ATA_DEVCTL_HOB;
4328 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4329 }
4330 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4331#else /* !IN_RING3 */
4332 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4333#endif /* IN_RING3 */
4334 }
4335
4336 /* Change of interrupt disable flag. Update interrupt line if interrupt
4337 * is pending on the current interface. */
4338 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4339 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4340 {
4341 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4342 {
4343 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4344 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4345 * interrupt line is asserted. It monitors the line for a rising
4346 * edge. */
4347 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4348 if (pCtl->irq == 16)
4349 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4350 else
4351 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4352 }
4353 else
4354 {
4355 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4356 if (pCtl->irq == 16)
4357 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4358 else
4359 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4360 }
4361 }
4362
4363 if (val & ATA_DEVCTL_HOB)
4364 Log2(("%s: set HOB\n", __FUNCTION__));
4365
4366 pCtl->aIfs[0].uATARegDevCtl = val;
4367 pCtl->aIfs[1].uATARegDevCtl = val;
4368
4369 return VINF_SUCCESS;
4370}
4371
4372#ifdef IN_RING3
4373
4374static void ataPIOTransfer(PATACONTROLLER pCtl)
4375{
4376 ATADevState *s;
4377
4378 s = &pCtl->aIfs[pCtl->iAIOIf];
4379 Log3(("%s: if=%p\n", __FUNCTION__, s));
4380
4381 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4382 {
4383 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4384 /* Any guest OS that triggers this case has a pathetic ATA driver.
4385 * In a real system it would block the CPU via IORDY, here we do it
4386 * very similarly by not continuing with the current instruction
4387 * until the transfer to/from the storage medium is completed. */
4388 if (s->iSourceSink != ATAFN_SS_NULL)
4389 {
4390 bool fRedo;
4391 uint8_t status = s->uATARegStatus;
4392 ataSetStatusValue(s, ATA_STAT_BUSY);
4393 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4394 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4395 pCtl->fRedo = fRedo;
4396 if (RT_UNLIKELY(fRedo))
4397 return;
4398 ataSetStatusValue(s, status);
4399 s->iIOBufferCur = 0;
4400 s->iIOBufferEnd = s->cbElementaryTransfer;
4401 }
4402 }
4403 if (s->cbTotalTransfer)
4404 {
4405 if (s->fATAPITransfer)
4406 ataPIOTransferLimitATAPI(s);
4407
4408 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4409 s->cbElementaryTransfer = s->cbTotalTransfer;
4410
4411 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4412 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4413 s->cbTotalTransfer, s->cbElementaryTransfer,
4414 s->iIOBufferCur, s->iIOBufferEnd));
4415 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4416 s->cbTotalTransfer -= s->cbElementaryTransfer;
4417 s->iIOBufferCur += s->cbElementaryTransfer;
4418
4419 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4420 s->cbElementaryTransfer = s->cbTotalTransfer;
4421 }
4422 else
4423 ataPIOTransferStop(s);
4424}
4425
4426
4427DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4428{
4429 /* Do not interfere with RESET processing if the PIO transfer finishes
4430 * while the RESET line is asserted. */
4431 if (pCtl->fReset)
4432 {
4433 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4434 return;
4435 }
4436
4437 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4438 || ( s->iSourceSink != ATAFN_SS_NULL
4439 && s->iIOBufferCur >= s->iIOBufferEnd))
4440 {
4441 /* Need to continue the transfer in the async I/O thread. This is
4442 * the case for write operations or generally for not yet finished
4443 * transfers (some data might need to be read). */
4444 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4445 ataSetStatus(s, ATA_STAT_BUSY);
4446
4447 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4448 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4449 }
4450 else
4451 {
4452 /* Either everything finished (though some data might still be pending)
4453 * or some data is pending before the next read is due. */
4454
4455 /* Continue a previously started transfer. */
4456 ataUnsetStatus(s, ATA_STAT_DRQ);
4457 ataSetStatus(s, ATA_STAT_READY);
4458
4459 if (s->cbTotalTransfer)
4460 {
4461 /* There is more to transfer, happens usually for large ATAPI
4462 * reads - the protocol limits the chunk size to 65534 bytes. */
4463 ataPIOTransfer(pCtl);
4464 ataSetIRQ(s);
4465 }
4466 else
4467 {
4468 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4469 /* Finish PIO transfer. */
4470 ataPIOTransfer(pCtl);
4471 Assert(!pCtl->fRedo);
4472 }
4473 }
4474}
4475
4476#endif /* IN_RING3 */
4477
4478static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4479{
4480 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4481 uint8_t *p;
4482
4483 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4484 {
4485 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4486 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4487#ifndef IN_RING3
4488 /* All but the last transfer unit is simple enough for GC, but
4489 * sending a request to the async IO thread is too complicated. */
4490 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4491 {
4492 memcpy(p, pbBuf, cbSize);
4493 s->iIOBufferPIODataStart += cbSize;
4494 }
4495 else
4496 return VINF_IOM_HC_IOPORT_WRITE;
4497#else /* IN_RING3 */
4498 memcpy(p, pbBuf, cbSize);
4499 s->iIOBufferPIODataStart += cbSize;
4500 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4501 ataPIOTransferFinish(pCtl, s);
4502#endif /* !IN_RING3 */
4503 }
4504 else
4505 Log2(("%s: DUMMY data\n", __FUNCTION__));
4506 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4507 return VINF_SUCCESS;
4508}
4509
4510static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4511{
4512 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4513 uint8_t *p;
4514
4515 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4516 {
4517 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4518 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4519#ifndef IN_RING3
4520 /* All but the last transfer unit is simple enough for GC, but
4521 * sending a request to the async IO thread is too complicated. */
4522 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4523 {
4524 memcpy(pbBuf, p, cbSize);
4525 s->iIOBufferPIODataStart += cbSize;
4526 }
4527 else
4528 return VINF_IOM_HC_IOPORT_READ;
4529#else /* IN_RING3 */
4530 memcpy(pbBuf, p, cbSize);
4531 s->iIOBufferPIODataStart += cbSize;
4532 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4533 ataPIOTransferFinish(pCtl, s);
4534#endif /* !IN_RING3 */
4535 }
4536 else
4537 {
4538 Log2(("%s: DUMMY data\n", __FUNCTION__));
4539 memset(pbBuf, '\xff', cbSize);
4540 }
4541 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4542 return VINF_SUCCESS;
4543}
4544
4545#ifdef IN_RING3
4546
4547static void ataDMATransferStop(ATADevState *s)
4548{
4549 s->cbTotalTransfer = 0;
4550 s->cbElementaryTransfer = 0;
4551 s->iBeginTransfer = ATAFN_BT_NULL;
4552 s->iSourceSink = ATAFN_SS_NULL;
4553}
4554
4555
4556/**
4557 * Perform the entire DMA transfer in one go (unless a source/sink operation
4558 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4559 * this function cannot handle empty transfers.
4560 *
4561 * @param pCtl Controller for which to perform the transfer.
4562 */
4563static void ataDMATransfer(PATACONTROLLER pCtl)
4564{
4565 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4566 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4567 bool fRedo;
4568 RTGCPHYS32 pDesc;
4569 uint32_t cbTotalTransfer, cbElementaryTransfer;
4570 uint32_t iIOBufferCur, iIOBufferEnd;
4571 uint32_t dmalen;
4572 PDMBLOCKTXDIR uTxDir;
4573 bool fLastDesc = false;
4574
4575 Assert(sizeof(BMDMADesc) == 8);
4576
4577 fRedo = pCtl->fRedo;
4578 if (RT_LIKELY(!fRedo))
4579 Assert(s->cbTotalTransfer);
4580 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4581 cbTotalTransfer = s->cbTotalTransfer;
4582 cbElementaryTransfer = s->cbElementaryTransfer;
4583 iIOBufferCur = s->iIOBufferCur;
4584 iIOBufferEnd = s->iIOBufferEnd;
4585
4586 /* The DMA loop is designed to hold the lock only when absolutely
4587 * necessary. This avoids long freezes should the guest access the
4588 * ATA registers etc. for some reason. */
4589 PDMCritSectLeave(&pCtl->lock);
4590
4591 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4592 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4593 cbTotalTransfer, cbElementaryTransfer,
4594 iIOBufferCur, iIOBufferEnd));
4595 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4596 {
4597 BMDMADesc DMADesc;
4598 RTGCPHYS32 pBuffer;
4599 uint32_t cbBuffer;
4600
4601 if (RT_UNLIKELY(fRedo))
4602 {
4603 pBuffer = pCtl->pRedoDMABuffer;
4604 cbBuffer = pCtl->cbRedoDMABuffer;
4605 fLastDesc = pCtl->fRedoDMALastDesc;
4606 }
4607 else
4608 {
4609 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4610 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4611 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4612 fLastDesc = !!(cbBuffer & 0x80000000);
4613 cbBuffer &= 0xfffe;
4614 if (cbBuffer == 0)
4615 cbBuffer = 0x10000;
4616 if (cbBuffer > cbTotalTransfer)
4617 cbBuffer = cbTotalTransfer;
4618 }
4619
4620 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4621 {
4622 if (RT_LIKELY(!fRedo))
4623 {
4624 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4625 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4626 (int)pDesc, pBuffer, cbBuffer));
4627 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4628 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4629 else
4630 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4631 iIOBufferCur += dmalen;
4632 cbTotalTransfer -= dmalen;
4633 cbBuffer -= dmalen;
4634 pBuffer += dmalen;
4635 }
4636 if ( iIOBufferCur == iIOBufferEnd
4637 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4638 {
4639 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4640 cbElementaryTransfer = cbTotalTransfer;
4641
4642 {
4643 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4644 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4645 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4646 }
4647
4648 /* The RESET handler could have cleared the DMA transfer
4649 * state (since we didn't hold the lock until just now
4650 * the guest can continue in parallel). If so, the state
4651 * is already set up so the loop is exited immediately. */
4652 if (s->iSourceSink != ATAFN_SS_NULL)
4653 {
4654 s->iIOBufferCur = iIOBufferCur;
4655 s->iIOBufferEnd = iIOBufferEnd;
4656 s->cbElementaryTransfer = cbElementaryTransfer;
4657 s->cbTotalTransfer = cbTotalTransfer;
4658 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4659 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4660 if (RT_UNLIKELY(fRedo))
4661 {
4662 pCtl->pFirstDMADesc = pDesc;
4663 pCtl->pRedoDMABuffer = pBuffer;
4664 pCtl->cbRedoDMABuffer = cbBuffer;
4665 pCtl->fRedoDMALastDesc = fLastDesc;
4666 }
4667 else
4668 {
4669 cbTotalTransfer = s->cbTotalTransfer;
4670 cbElementaryTransfer = s->cbElementaryTransfer;
4671
4672 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4673 cbElementaryTransfer = cbTotalTransfer;
4674 iIOBufferCur = 0;
4675 iIOBufferEnd = cbElementaryTransfer;
4676 }
4677 pCtl->fRedo = fRedo;
4678 }
4679 else
4680 {
4681 /* This forces the loop to exit immediately. */
4682 pDesc = pCtl->pLastDMADesc + 1;
4683 }
4684
4685 PDMCritSectLeave(&pCtl->lock);
4686 if (RT_UNLIKELY(fRedo))
4687 break;
4688 }
4689 }
4690
4691 if (RT_UNLIKELY(fRedo))
4692 break;
4693
4694 /* end of transfer */
4695 if (!cbTotalTransfer || fLastDesc)
4696 break;
4697
4698 {
4699 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4700 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4701 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4702 }
4703
4704 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4705 {
4706 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4707 if (!pCtl->fReset)
4708 ataDMATransferStop(s);
4709 /* This forces the loop to exit immediately. */
4710 pDesc = pCtl->pLastDMADesc + 1;
4711 }
4712
4713 PDMCritSectLeave(&pCtl->lock);
4714 }
4715
4716 {
4717 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4718 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4719 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4720 }
4721
4722 if (RT_UNLIKELY(fRedo))
4723 return;
4724
4725 if (fLastDesc)
4726 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4727 s->cbTotalTransfer = cbTotalTransfer;
4728 s->cbElementaryTransfer = cbElementaryTransfer;
4729 s->iIOBufferCur = iIOBufferCur;
4730 s->iIOBufferEnd = iIOBufferEnd;
4731}
4732
4733/**
4734 * Signal PDM that we're idle (if we actually are).
4735 *
4736 * @param pCtl The controller.
4737 */
4738static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4739{
4740 /*
4741 * Take the mutex here and recheck the idle indicator to avoid
4742 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4743 */
4744 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4745
4746 if ( pCtl->fSignalIdle
4747 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4748 {
4749 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4750 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4751 }
4752
4753 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4754}
4755
4756/** Async I/O thread for an interface. Once upon a time this was readable
4757 * code with several loops and a different semaphore for each purpose. But
4758 * then came the "how can one save the state in the middle of a PIO transfer"
4759 * question. The solution was to use an ASM, which is what's there now. */
4760static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4761{
4762 const ATARequest *pReq;
4763 uint64_t u64TS = 0; /* shut up gcc */
4764 uint64_t uWait;
4765 int rc = VINF_SUCCESS;
4766 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4767 ATADevState *s;
4768
4769 pReq = NULL;
4770 pCtl->fChainedTransfer = false;
4771 while (!pCtl->fShutdown)
4772 {
4773 /* Keep this thread from doing anything as long as EMT is suspended. */
4774 while (pCtl->fRedoIdle)
4775 {
4776 if (pCtl->fSignalIdle)
4777 ataR3AsyncSignalIdle(pCtl);
4778 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4779 /* Continue if we got a signal by RTThreadPoke().
4780 * We will get notified if there is a request to process.
4781 */
4782 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4783 continue;
4784 if (RT_FAILURE(rc) || pCtl->fShutdown)
4785 break;
4786
4787 pCtl->fRedoIdle = false;
4788 }
4789
4790 /* Wait for work. */
4791 while (pReq == NULL)
4792 {
4793 if (pCtl->fSignalIdle)
4794 ataR3AsyncSignalIdle(pCtl);
4795 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4796 /* Continue if we got a signal by RTThreadPoke().
4797 * We will get notified if there is a request to process.
4798 */
4799 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4800 continue;
4801 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4802 break;
4803
4804 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4805 }
4806
4807 if (RT_FAILURE(rc) || pCtl->fShutdown)
4808 break;
4809
4810 if (pReq == NULL)
4811 continue;
4812
4813 ATAAIO ReqType = pReq->ReqType;
4814
4815 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4816 if (pCtl->uAsyncIOState != ReqType)
4817 {
4818 /* The new state is not the state that was expected by the normal
4819 * state changes. This is either a RESET/ABORT or there's something
4820 * really strange going on. */
4821 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4822 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4823 {
4824 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4825 ataAsyncIODumpRequests(pCtl);
4826 }
4827 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4828 }
4829
4830 /* Do our work. */
4831 {
4832 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4833 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4834 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4835 }
4836
4837 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4838 {
4839 u64TS = RTTimeNanoTS();
4840#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4841 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4842#endif /* DEBUG || VBOX_WITH_STATISTICS */
4843 }
4844
4845 switch (ReqType)
4846 {
4847 case ATA_AIO_NEW:
4848
4849 pCtl->iAIOIf = pReq->u.t.iIf;
4850 s = &pCtl->aIfs[pCtl->iAIOIf];
4851 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4852 s->uTxDir = pReq->u.t.uTxDir;
4853 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4854 s->iSourceSink = pReq->u.t.iSourceSink;
4855 s->iIOBufferEnd = 0;
4856 s->u64CmdTS = u64TS;
4857
4858 if (s->fATAPI)
4859 {
4860 if (pCtl->fChainedTransfer)
4861 {
4862 /* Only count the actual transfers, not the PIO
4863 * transfer of the ATAPI command bytes. */
4864 if (s->fDMA)
4865 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4866 else
4867 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4868 }
4869 }
4870 else
4871 {
4872 if (s->fDMA)
4873 STAM_REL_COUNTER_INC(&s->StatATADMA);
4874 else
4875 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4876 }
4877
4878 pCtl->fChainedTransfer = false;
4879
4880 if (s->iBeginTransfer != ATAFN_BT_NULL)
4881 {
4882 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4883 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4884 s->iBeginTransfer = ATAFN_BT_NULL;
4885 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4886 s->iIOBufferEnd = s->cbElementaryTransfer;
4887 }
4888 else
4889 {
4890 s->cbElementaryTransfer = s->cbTotalTransfer;
4891 s->iIOBufferEnd = s->cbTotalTransfer;
4892 }
4893 s->iIOBufferCur = 0;
4894
4895 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4896 {
4897 if (s->iSourceSink != ATAFN_SS_NULL)
4898 {
4899 bool fRedo;
4900 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4901 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4902 pCtl->fRedo = fRedo;
4903 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4904 {
4905 /* Operation failed at the initial transfer, restart
4906 * everything from scratch by resending the current
4907 * request. Occurs very rarely, not worth optimizing. */
4908 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4909 ataAsyncIOPutRequest(pCtl, pReq);
4910 break;
4911 }
4912 }
4913 else
4914 ataCmdOK(s, 0);
4915 s->iIOBufferEnd = s->cbElementaryTransfer;
4916
4917 }
4918
4919 /* Do not go into the transfer phase if RESET is asserted.
4920 * The CritSect is released while waiting for the host OS
4921 * to finish the I/O, thus RESET is possible here. Most
4922 * important: do not change uAsyncIOState. */
4923 if (pCtl->fReset)
4924 break;
4925
4926 if (s->fDMA)
4927 {
4928 if (s->cbTotalTransfer)
4929 {
4930 ataSetStatus(s, ATA_STAT_DRQ);
4931
4932 pCtl->uAsyncIOState = ATA_AIO_DMA;
4933 /* If BMDMA is already started, do the transfer now. */
4934 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4935 {
4936 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4937 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4938 }
4939 }
4940 else
4941 {
4942 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4943 /* Finish DMA transfer. */
4944 ataDMATransferStop(s);
4945 ataSetIRQ(s);
4946 pCtl->uAsyncIOState = ATA_AIO_NEW;
4947 }
4948 }
4949 else
4950 {
4951 if (s->cbTotalTransfer)
4952 {
4953 ataPIOTransfer(pCtl);
4954 Assert(!pCtl->fRedo);
4955 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4956 ataSetIRQ(s);
4957
4958 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4959 {
4960 /* Write operations and not yet finished transfers
4961 * must be completed in the async I/O thread. */
4962 pCtl->uAsyncIOState = ATA_AIO_PIO;
4963 }
4964 else
4965 {
4966 /* Finished read operation can be handled inline
4967 * in the end of PIO transfer handling code. Linux
4968 * depends on this, as it waits only briefly for
4969 * devices to become ready after incoming data
4970 * transfer. Cannot find anything in the ATA spec
4971 * that backs this assumption, but as all kernels
4972 * are affected (though most of the time it does
4973 * not cause any harm) this must work. */
4974 pCtl->uAsyncIOState = ATA_AIO_NEW;
4975 }
4976 }
4977 else
4978 {
4979 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4980 /* Finish PIO transfer. */
4981 ataPIOTransfer(pCtl);
4982 Assert(!pCtl->fRedo);
4983 if (!s->fATAPITransfer)
4984 ataSetIRQ(s);
4985 pCtl->uAsyncIOState = ATA_AIO_NEW;
4986 }
4987 }
4988 break;
4989
4990 case ATA_AIO_DMA:
4991 {
4992 BMDMAState *bm = &pCtl->BmDma;
4993 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4994 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4995
4996 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4997 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4998 else
4999 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5000
5001 if (RT_LIKELY(!pCtl->fRedo))
5002 {
5003 /* The specs say that the descriptor table must not cross a
5004 * 4K boundary. */
5005 pCtl->pFirstDMADesc = bm->pvAddr;
5006 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
5007 }
5008 ataDMATransfer(pCtl);
5009
5010 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5011 {
5012 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5013 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5014 break;
5015 }
5016
5017 /* The infamous delay IRQ hack. */
5018 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5019 && s->cbTotalTransfer == 0
5020 && pCtl->DelayIRQMillies)
5021 {
5022 /* Delay IRQ for writing. Required to get the Win2K
5023 * installation work reliably (otherwise it crashes,
5024 * usually during component install). So far no better
5025 * solution has been found. */
5026 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5027 PDMCritSectLeave(&pCtl->lock);
5028 RTThreadSleep(pCtl->DelayIRQMillies);
5029 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5030 }
5031
5032 ataUnsetStatus(s, ATA_STAT_DRQ);
5033 Assert(!pCtl->fChainedTransfer);
5034 Assert(s->iSourceSink == ATAFN_SS_NULL);
5035 if (s->fATAPITransfer)
5036 {
5037 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5038 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5039 s->fATAPITransfer = false;
5040 }
5041 ataSetIRQ(s);
5042 pCtl->uAsyncIOState = ATA_AIO_NEW;
5043 break;
5044 }
5045
5046 case ATA_AIO_PIO:
5047 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5048
5049 if (s->iSourceSink != ATAFN_SS_NULL)
5050 {
5051 bool fRedo;
5052 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5053 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5054 pCtl->fRedo = fRedo;
5055 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5056 {
5057 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5058 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5059 break;
5060 }
5061 s->iIOBufferCur = 0;
5062 s->iIOBufferEnd = s->cbElementaryTransfer;
5063 }
5064 else
5065 {
5066 /* Continue a previously started transfer. */
5067 ataUnsetStatus(s, ATA_STAT_BUSY);
5068 ataSetStatus(s, ATA_STAT_READY);
5069 }
5070
5071 /* It is possible that the drives on this controller get RESET
5072 * during the above call to the source/sink function. If that's
5073 * the case, don't restart the transfer and don't finish it the
5074 * usual way. RESET handling took care of all that already.
5075 * Most important: do not change uAsyncIOState. */
5076 if (pCtl->fReset)
5077 break;
5078
5079 if (s->cbTotalTransfer)
5080 {
5081 ataPIOTransfer(pCtl);
5082 ataSetIRQ(s);
5083
5084 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5085 {
5086 /* Write operations and not yet finished transfers
5087 * must be completed in the async I/O thread. */
5088 pCtl->uAsyncIOState = ATA_AIO_PIO;
5089 }
5090 else
5091 {
5092 /* Finished read operation can be handled inline
5093 * in the end of PIO transfer handling code. Linux
5094 * depends on this, as it waits only briefly for
5095 * devices to become ready after incoming data
5096 * transfer. Cannot find anything in the ATA spec
5097 * that backs this assumption, but as all kernels
5098 * are affected (though most of the time it does
5099 * not cause any harm) this must work. */
5100 pCtl->uAsyncIOState = ATA_AIO_NEW;
5101 }
5102 }
5103 else
5104 {
5105 /* Finish PIO transfer. */
5106 ataPIOTransfer(pCtl);
5107 if ( !pCtl->fChainedTransfer
5108 && !s->fATAPITransfer
5109 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5110 {
5111 ataSetIRQ(s);
5112 }
5113 pCtl->uAsyncIOState = ATA_AIO_NEW;
5114 }
5115 break;
5116
5117 case ATA_AIO_RESET_ASSERTED:
5118 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5119 ataPIOTransferStop(&pCtl->aIfs[0]);
5120 ataPIOTransferStop(&pCtl->aIfs[1]);
5121 /* Do not change the DMA registers, they are not affected by the
5122 * ATA controller reset logic. It should be sufficient to issue a
5123 * new command, which is now possible as the state is cleared. */
5124 break;
5125
5126 case ATA_AIO_RESET_CLEARED:
5127 pCtl->uAsyncIOState = ATA_AIO_NEW;
5128 pCtl->fReset = false;
5129 /* Ensure that half-completed transfers are not redone. A reset
5130 * cancels the entire transfer, so continuing is wrong. */
5131 pCtl->fRedo = false;
5132 pCtl->fRedoDMALastDesc = false;
5133 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5134 ATACONTROLLER_IDX(pCtl)));
5135 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5136 {
5137 if (pCtl->aIfs[i].fATAPI)
5138 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5139 else
5140 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5141 ataSetSignature(&pCtl->aIfs[i]);
5142 }
5143 break;
5144
5145 case ATA_AIO_ABORT:
5146 /* Abort the current command no matter what. There cannot be
5147 * any command activity on the other drive otherwise using
5148 * one thread per controller wouldn't work at all. */
5149 s = &pCtl->aIfs[pReq->u.a.iIf];
5150
5151 pCtl->uAsyncIOState = ATA_AIO_NEW;
5152 /* Do not change the DMA registers, they are not affected by the
5153 * ATA controller reset logic. It should be sufficient to issue a
5154 * new command, which is now possible as the state is cleared. */
5155 if (pReq->u.a.fResetDrive)
5156 {
5157 ataResetDevice(s);
5158 ataExecuteDeviceDiagnosticSS(s);
5159 }
5160 else
5161 {
5162 /* Stop any pending DMA transfer. */
5163 s->fDMA = false;
5164 ataPIOTransferStop(s);
5165 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5166 ataSetStatus(s, ATA_STAT_READY);
5167 ataSetIRQ(s);
5168 }
5169 break;
5170
5171 default:
5172 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5173 }
5174
5175 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5176 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5177
5178 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5179 {
5180#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5181 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5182#endif /* DEBUG || VBOX_WITH_STATISTICS */
5183
5184 u64TS = RTTimeNanoTS() - u64TS;
5185 uWait = u64TS / 1000;
5186 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5187 /* Mark command as finished. */
5188 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5189
5190 /*
5191 * Release logging of command execution times depends on the
5192 * command type. ATAPI commands often take longer (due to CD/DVD
5193 * spin up time etc.) so the threshold is different.
5194 */
5195 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5196 {
5197 if (uWait > 8 * 1000 * 1000)
5198 {
5199 /*
5200 * Command took longer than 8 seconds. This is close
5201 * enough or over the guest's command timeout, so place
5202 * an entry in the release log to allow tracking such
5203 * timing errors (which are often caused by the host).
5204 */
5205 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5206 }
5207 }
5208 else
5209 {
5210 if (uWait > 20 * 1000 * 1000)
5211 {
5212 /*
5213 * Command took longer than 20 seconds. This is close
5214 * enough or over the guest's command timeout, so place
5215 * an entry in the release log to allow tracking such
5216 * timing errors (which are often caused by the host).
5217 */
5218 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5219 }
5220 }
5221
5222#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5223 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5224 pCtl->StatAsyncMinWait = uWait;
5225 if (uWait > pCtl->StatAsyncMaxWait)
5226 pCtl->StatAsyncMaxWait = uWait;
5227
5228 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5229 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5230#endif /* DEBUG || VBOX_WITH_STATISTICS */
5231 }
5232
5233 PDMCritSectLeave(&pCtl->lock);
5234 }
5235
5236 /* Signal the ultimate idleness. */
5237 RTThreadUserSignal(pCtl->AsyncIOThread);
5238 if (pCtl->fSignalIdle)
5239 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5240
5241 /* Cleanup the state. */
5242 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5243 pCtl->fShutdown = false;
5244
5245 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5246 return rc;
5247}
5248
5249#endif /* IN_RING3 */
5250
5251static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5252{
5253 uint32_t val = pCtl->BmDma.u8Cmd;
5254 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5255 return val;
5256}
5257
5258
5259static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5260{
5261 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5262 if (!(val & BM_CMD_START))
5263 {
5264 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5265 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5266 }
5267 else
5268 {
5269#ifdef IN_RING3
5270 /* Check whether the guest OS wants to change DMA direction in
5271 * mid-flight. Not allowed, according to the PIIX3 specs. */
5272 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5273 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5274 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5275 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5276
5277 /* Do not continue DMA transfers while the RESET line is asserted. */
5278 if (pCtl->fReset)
5279 {
5280 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5281 return;
5282 }
5283
5284 /* Do not start DMA transfers if there's a PIO transfer going on,
5285 * or if there is already a transfer started on this controller. */
5286 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5287 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5288 return;
5289
5290 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5291 {
5292 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5293 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5294 }
5295#else /* !IN_RING3 */
5296 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5297#endif /* IN_RING3 */
5298 }
5299}
5300
5301static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5302{
5303 uint32_t val = pCtl->BmDma.u8Status;
5304 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5305 return val;
5306}
5307
5308static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5309{
5310 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5311 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5312 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5313 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5314}
5315
5316static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5317{
5318 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5319 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5320 return val;
5321}
5322
5323static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5324{
5325 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5326 pCtl->BmDma.pvAddr = val & ~3;
5327}
5328
5329static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5330{
5331 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5332 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5333
5334}
5335
5336static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5337{
5338 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5339 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5340}
5341
5342#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5343
5344/**
5345 * Port I/O Handler for bus master DMA IN operations.
5346 * @see FNIOMIOPORTIN for details.
5347 */
5348PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5349{
5350 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5351 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5352 PATACONTROLLER pCtl = &pThis->aCts[i];
5353 int rc;
5354
5355 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5356 if (rc != VINF_SUCCESS)
5357 return rc;
5358 switch (VAL(Port, cb))
5359 {
5360 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5361 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5362 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5363 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5364 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5365 case VAL(0, 4):
5366 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5367 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5368 break;
5369 default:
5370 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5371 PDMCritSectLeave(&pCtl->lock);
5372 return VERR_IOM_IOPORT_UNUSED;
5373 }
5374 PDMCritSectLeave(&pCtl->lock);
5375 return rc;
5376}
5377
5378/**
5379 * Port I/O Handler for bus master DMA OUT operations.
5380 * @see FNIOMIOPORTOUT for details.
5381 */
5382PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5383{
5384 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5385 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5386 PATACONTROLLER pCtl = &pThis->aCts[i];
5387 int rc;
5388
5389 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5390 if (rc != VINF_SUCCESS)
5391 return rc;
5392 switch (VAL(Port, cb))
5393 {
5394 case VAL(0, 1):
5395#ifndef IN_RING3
5396 if (u32 & BM_CMD_START)
5397 {
5398 rc = VINF_IOM_HC_IOPORT_WRITE;
5399 break;
5400 }
5401#endif /* !IN_RING3 */
5402 ataBMDMACmdWriteB(pCtl, Port, u32);
5403 break;
5404 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5405 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5406 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5407 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5408 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5409 }
5410 PDMCritSectLeave(&pCtl->lock);
5411 return rc;
5412}
5413
5414#undef VAL
5415
5416#ifdef IN_RING3
5417
5418/**
5419 * Callback function for mapping an PCI I/O region.
5420 *
5421 * @return VBox status code.
5422 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5423 * @param iRegion The region number.
5424 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5425 * I/O port, else it's a physical address.
5426 * This address is *NOT* relative to pci_mem_base like earlier!
5427 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5428 */
5429static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5430{
5431 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5432 int rc = VINF_SUCCESS;
5433 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5434 Assert(iRegion == 4);
5435 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5436
5437 /* Register the port range. */
5438 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5439 {
5440 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5441 (RTHCPTR)(uintptr_t)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5442 AssertRC(rc2);
5443 if (rc2 < rc)
5444 rc = rc2;
5445
5446 if (pThis->fGCEnabled)
5447 {
5448 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5449 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5450 AssertRC(rc2);
5451 if (rc2 < rc)
5452 rc = rc2;
5453 }
5454 if (pThis->fR0Enabled)
5455 {
5456 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5457 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5458 AssertRC(rc2);
5459 if (rc2 < rc)
5460 rc = rc2;
5461 }
5462 }
5463 return rc;
5464}
5465
5466
5467/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5468
5469/**
5470 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5471 */
5472static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5473{
5474 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5475 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5476 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5477 return NULL;
5478}
5479
5480
5481/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5482
5483/**
5484 * Gets the pointer to the status LED of a unit.
5485 *
5486 * @returns VBox status code.
5487 * @param pInterface Pointer to the interface structure containing the called function pointer.
5488 * @param iLUN The unit which status LED we desire.
5489 * @param ppLed Where to store the LED pointer.
5490 */
5491static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5492{
5493 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5494 if (iLUN < 4)
5495 {
5496 switch (iLUN)
5497 {
5498 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5499 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5500 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5501 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5502 }
5503 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5504 return VINF_SUCCESS;
5505 }
5506 return VERR_PDM_LUN_NOT_FOUND;
5507}
5508
5509
5510/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5511
5512/**
5513 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5514 */
5515static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5516{
5517 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5518 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5519 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5520 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5521 return NULL;
5522}
5523
5524
5525/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5526
5527/**
5528 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5529 */
5530static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5531 uint32_t *piInstance, uint32_t *piLUN)
5532{
5533 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5534 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5535
5536 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5537 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5538 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5539
5540 *ppcszController = pDevIns->pReg->szName;
5541 *piInstance = pDevIns->iInstance;
5542 *piLUN = pIf->iLUN;
5543
5544 return VINF_SUCCESS;
5545}
5546#endif /* IN_RING3 */
5547
5548
5549/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5550
5551/**
5552 * Port I/O Handler for primary port range OUT operations.
5553 * @see FNIOMIOPORTOUT for details.
5554 */
5555PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5556{
5557 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5558 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5559 PATACONTROLLER pCtl = &pThis->aCts[i];
5560 int rc = VINF_SUCCESS;
5561
5562 Assert(i < 2);
5563
5564 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5565 if (rc != VINF_SUCCESS)
5566 return rc;
5567 if (cb == 1)
5568 rc = ataIOPortWriteU8(pCtl, Port, u32);
5569 else if (Port == pCtl->IOPortBase1)
5570 {
5571 Assert(cb == 2 || cb == 4);
5572 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5573 }
5574 else
5575 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5576 PDMCritSectLeave(&pCtl->lock);
5577 return rc;
5578}
5579
5580
5581/**
5582 * Port I/O Handler for primary port range IN operations.
5583 * @see FNIOMIOPORTIN for details.
5584 */
5585PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5586{
5587 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5588 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5589 PATACONTROLLER pCtl = &pThis->aCts[i];
5590 int rc = VINF_SUCCESS;
5591
5592 Assert(i < 2);
5593
5594 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5595 if (rc != VINF_SUCCESS)
5596 return rc;
5597 if (cb == 1)
5598 {
5599 rc = ataIOPortReadU8(pCtl, Port, pu32);
5600 }
5601 else if (Port == pCtl->IOPortBase1)
5602 {
5603 Assert(cb == 2 || cb == 4);
5604 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5605 if (cb == 2)
5606 *pu32 &= 0xffff;
5607 }
5608 else
5609 {
5610 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5611 rc = VERR_IOM_IOPORT_UNUSED;
5612 }
5613 PDMCritSectLeave(&pCtl->lock);
5614 return rc;
5615}
5616
5617#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5618/**
5619 * Port I/O Handler for primary port range IN string operations.
5620 * @see FNIOMIOPORTINSTRING for details.
5621 */
5622PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5623{
5624 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5625 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5626 PATACONTROLLER pCtl = &pThis->aCts[i];
5627 int rc = VINF_SUCCESS;
5628
5629 Assert(i < 2);
5630
5631 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5632 if (rc != VINF_SUCCESS)
5633 return rc;
5634 if (Port == pCtl->IOPortBase1)
5635 {
5636 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5637 RTGCPTR GCDst = *pGCPtrDst;
5638 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5639 Assert(cb == 2 || cb == 4);
5640
5641 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5642#ifndef IN_RING3
5643 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5644 if (!cTransAvailable)
5645 {
5646 PDMCritSectLeave(&pCtl->lock);
5647 return VINF_IOM_HC_IOPORT_READ;
5648 }
5649 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5650 cTransAvailable--;
5651#endif /* !IN_RING3 */
5652 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5653 * They are not performance-critical and generally shouldn't occur at all. */
5654 if (cTransAvailable > cTransfer)
5655 cTransAvailable = cTransfer;
5656 cbTransfer = cTransAvailable * cb;
5657
5658 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5659#ifndef IN_RING3
5660 /* Paranoia. */
5661 if (RT_FAILURE(rc))
5662 {
5663 PDMCritSectLeave(&pCtl->lock);
5664 AssertFailed();
5665 return VINF_IOM_HC_IOPORT_READ;
5666 }
5667#else
5668 Assert(rc == VINF_SUCCESS);
5669#endif
5670
5671 if (cbTransfer)
5672 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5673 s->iIOBufferPIODataStart += cbTransfer;
5674 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5675 *pcTransfer = cTransfer - cTransAvailable;
5676#ifdef IN_RING3
5677 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5678 ataPIOTransferFinish(pCtl, s);
5679#endif /* IN_RING3 */
5680 }
5681 PDMCritSectLeave(&pCtl->lock);
5682 return rc;
5683}
5684
5685
5686/**
5687 * Port I/O Handler for primary port range OUT string operations.
5688 * @see FNIOMIOPORTOUTSTRING for details.
5689 */
5690PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5691{
5692 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5693 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5694 PATACONTROLLER pCtl = &pThis->aCts[i];
5695 int rc;
5696
5697 Assert(i < 2);
5698
5699 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5700 if (rc != VINF_SUCCESS)
5701 return rc;
5702 if (Port == pCtl->IOPortBase1)
5703 {
5704 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5705 RTGCPTR GCSrc = *pGCPtrSrc;
5706 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5707 Assert(cb == 2 || cb == 4);
5708
5709 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5710#ifndef IN_RING3
5711 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5712 if (!cTransAvailable)
5713 {
5714 PDMCritSectLeave(&pCtl->lock);
5715 return VINF_IOM_HC_IOPORT_WRITE;
5716 }
5717 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5718 cTransAvailable--;
5719#endif /* !IN_RING3 */
5720 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5721 * They are not performance-critical and generally shouldn't occur at all. */
5722 if (cTransAvailable > cTransfer)
5723 cTransAvailable = cTransfer;
5724 cbTransfer = cTransAvailable * cb;
5725
5726 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5727#ifndef IN_RING3
5728 /* Paranoia. */
5729 if (RT_FAILURE(rc))
5730 {
5731 PDMCritSectLeave(&pCtl->lock);
5732 AssertFailed();
5733 return VINF_IOM_HC_IOPORT_WRITE;
5734 }
5735#else
5736 Assert(rc == VINF_SUCCESS);
5737#endif
5738
5739 if (cbTransfer)
5740 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5741 s->iIOBufferPIODataStart += cbTransfer;
5742 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5743 *pcTransfer = cTransfer - cTransAvailable;
5744#ifdef IN_RING3
5745 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5746 ataPIOTransferFinish(pCtl, s);
5747#endif /* IN_RING3 */
5748 }
5749 PDMCritSectLeave(&pCtl->lock);
5750 return rc;
5751}
5752#endif /* !IN_RING0 */
5753
5754/**
5755 * Port I/O Handler for secondary port range OUT operations.
5756 * @see FNIOMIOPORTOUT for details.
5757 */
5758PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5759{
5760 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5761 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5762 PATACONTROLLER pCtl = &pThis->aCts[i];
5763 int rc;
5764
5765 Assert(i < 2);
5766
5767 if (cb != 1)
5768 return VINF_SUCCESS;
5769 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5770 if (rc != VINF_SUCCESS)
5771 return rc;
5772 rc = ataControlWrite(pCtl, Port, u32);
5773 PDMCritSectLeave(&pCtl->lock);
5774 return rc;
5775}
5776
5777
5778/**
5779 * Port I/O Handler for secondary port range IN operations.
5780 * @see FNIOMIOPORTIN for details.
5781 */
5782PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5783{
5784 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5785 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5786 PATACONTROLLER pCtl = &pThis->aCts[i];
5787 int rc;
5788
5789 Assert(i < 2);
5790
5791 if (cb != 1)
5792 return VERR_IOM_IOPORT_UNUSED;
5793
5794 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5795 if (rc != VINF_SUCCESS)
5796 return rc;
5797 *pu32 = ataStatusRead(pCtl, Port);
5798 PDMCritSectLeave(&pCtl->lock);
5799 return VINF_SUCCESS;
5800}
5801
5802#ifdef IN_RING3
5803
5804
5805DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5806{
5807 if (s->pbIOBufferR3)
5808 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5809}
5810
5811
5812/**
5813 * @copydoc FNPDMDEVRELOCATE
5814 */
5815static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5816{
5817 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5818
5819 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5820 {
5821 pThis->aCts[i].pDevInsRC += offDelta;
5822 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5823 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5824 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5825 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5826 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5827 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5828 }
5829}
5830
5831
5832/**
5833 * Destroy a driver instance.
5834 *
5835 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5836 * resources can be freed correctly.
5837 *
5838 * @param pDevIns The device instance data.
5839 */
5840static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5841{
5842 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5843 int rc;
5844
5845 Log(("ataR3Destruct\n"));
5846 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
5847
5848 /*
5849 * Tell the async I/O threads to terminate.
5850 */
5851 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5852 {
5853 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5854 {
5855 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5856 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5857 AssertRC(rc);
5858 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5859 AssertRC(rc);
5860 }
5861 }
5862
5863 /*
5864 * Wait for the threads to terminate before destroying their resources.
5865 */
5866 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5867 {
5868 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5869 {
5870 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5871 if (RT_SUCCESS(rc))
5872 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5873 else
5874 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5875 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5876 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5877 }
5878 }
5879
5880 /*
5881 * Free resources.
5882 */
5883 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5884 {
5885 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5886 {
5887 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5888 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5889 }
5890 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5891 {
5892 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5893 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5894 }
5895 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5896 {
5897 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5898 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5899 }
5900
5901 /* try one final time */
5902 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5903 {
5904 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5905 if (RT_SUCCESS(rc))
5906 {
5907 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5908 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5909 }
5910 }
5911 }
5912
5913 return VINF_SUCCESS;
5914}
5915
5916
5917/**
5918 * Detach notification.
5919 *
5920 * The DVD drive has been unplugged.
5921 *
5922 * @param pDevIns The device instance.
5923 * @param iLUN The logical unit which is being detached.
5924 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5925 */
5926static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5927{
5928 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5929 PATACONTROLLER pCtl;
5930 ATADevState *pIf;
5931 unsigned iController;
5932 unsigned iInterface;
5933
5934 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5935 ("PIIX3IDE: Device does not support hotplugging\n"));
5936
5937 /*
5938 * Locate the controller and stuff.
5939 */
5940 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5941 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5942 pCtl = &pThis->aCts[iController];
5943
5944 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5945 pIf = &pCtl->aIfs[iInterface];
5946
5947 /*
5948 * Zero some important members.
5949 */
5950 pIf->pDrvBase = NULL;
5951 pIf->pDrvBlock = NULL;
5952 pIf->pDrvBlockBios = NULL;
5953 pIf->pDrvMount = NULL;
5954
5955 /*
5956 * In case there was a medium inserted.
5957 */
5958 ataMediumRemoved(pIf);
5959}
5960
5961
5962/**
5963 * Configure a LUN.
5964 *
5965 * @returns VBox status code.
5966 * @param pDevIns The device instance.
5967 * @param pIf The ATA unit state.
5968 */
5969static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5970{
5971 int rc = VINF_SUCCESS;
5972 PDMBLOCKTYPE enmType;
5973
5974 /*
5975 * Query Block, Bios and Mount interfaces.
5976 */
5977 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5978 if (!pIf->pDrvBlock)
5979 {
5980 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5981 return VERR_PDM_MISSING_INTERFACE;
5982 }
5983
5984 /** @todo implement the BIOS invisible code path. */
5985 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5986 if (!pIf->pDrvBlockBios)
5987 {
5988 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5989 return VERR_PDM_MISSING_INTERFACE;
5990 }
5991 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5992
5993 /*
5994 * Validate type.
5995 */
5996 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5997 if ( enmType != PDMBLOCKTYPE_CDROM
5998 && enmType != PDMBLOCKTYPE_DVD
5999 && enmType != PDMBLOCKTYPE_HARD_DISK)
6000 {
6001 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6002 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6003 }
6004 if ( ( enmType == PDMBLOCKTYPE_DVD
6005 || enmType == PDMBLOCKTYPE_CDROM)
6006 && !pIf->pDrvMount)
6007 {
6008 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6009 return VERR_INTERNAL_ERROR;
6010 }
6011 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
6012 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
6013
6014 /*
6015 * Allocate I/O buffer.
6016 */
6017 PVM pVM = PDMDevHlpGetVM(pDevIns);
6018 if (pIf->cbIOBuffer)
6019 {
6020 /* Buffer is (probably) already allocated. Validate the fields,
6021 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6022 if (pIf->fATAPI)
6023 AssertRelease(pIf->cbIOBuffer == _128K);
6024 else
6025 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
6026 Assert(pIf->pbIOBufferR3);
6027 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6028 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6029 }
6030 else
6031 {
6032 if (pIf->fATAPI)
6033 pIf->cbIOBuffer = _128K;
6034 else
6035 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
6036 Assert(!pIf->pbIOBufferR3);
6037 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6038 if (RT_FAILURE(rc))
6039 return VERR_NO_MEMORY;
6040 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6041 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6042 }
6043
6044 /*
6045 * Init geometry (only for non-CD/DVD media).
6046 */
6047 if (pIf->fATAPI)
6048 {
6049 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
6050 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6051 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6052 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6053 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6054 }
6055 else
6056 {
6057 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
6058 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
6059 &pIf->PCHSGeometry);
6060 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6061 {
6062 pIf->PCHSGeometry.cCylinders = 0;
6063 pIf->PCHSGeometry.cHeads = 16; /*??*/
6064 pIf->PCHSGeometry.cSectors = 63; /*??*/
6065 }
6066 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6067 {
6068 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6069 rc = VINF_SUCCESS;
6070 }
6071 AssertRC(rc);
6072
6073 if ( pIf->PCHSGeometry.cCylinders == 0
6074 || pIf->PCHSGeometry.cHeads == 0
6075 || pIf->PCHSGeometry.cSectors == 0
6076 )
6077 {
6078 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6079 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6080 pIf->PCHSGeometry.cHeads = 16;
6081 pIf->PCHSGeometry.cSectors = 63;
6082 /* Set the disk geometry information. Ignore errors. */
6083 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
6084 &pIf->PCHSGeometry);
6085 rc = VINF_SUCCESS;
6086 }
6087 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
6088 }
6089 return rc;
6090}
6091
6092
6093/**
6094 * Attach command.
6095 *
6096 * This is called when we change block driver for the DVD drive.
6097 *
6098 * @returns VBox status code.
6099 * @param pDevIns The device instance.
6100 * @param iLUN The logical unit which is being detached.
6101 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6102 */
6103static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6104{
6105 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6106 PATACONTROLLER pCtl;
6107 ATADevState *pIf;
6108 int rc;
6109 unsigned iController;
6110 unsigned iInterface;
6111
6112 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6113 ("PIIX3IDE: Device does not support hotplugging\n"),
6114 VERR_INVALID_PARAMETER);
6115
6116 /*
6117 * Locate the controller and stuff.
6118 */
6119 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6120 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6121 pCtl = &pThis->aCts[iController];
6122
6123 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6124 pIf = &pCtl->aIfs[iInterface];
6125
6126 /* the usual paranoia */
6127 AssertRelease(!pIf->pDrvBase);
6128 AssertRelease(!pIf->pDrvBlock);
6129 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6130 Assert(pIf->iLUN == iLUN);
6131
6132 /*
6133 * Try attach the block device and get the interfaces,
6134 * required as well as optional.
6135 */
6136 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6137 if (RT_SUCCESS(rc))
6138 {
6139 rc = ataConfigLun(pDevIns, pIf);
6140 /*
6141 * In case there is a medium inserted.
6142 */
6143 ataMediumInserted(pIf);
6144 }
6145 else
6146 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6147
6148 if (RT_FAILURE(rc))
6149 {
6150 pIf->pDrvBase = NULL;
6151 pIf->pDrvBlock = NULL;
6152 }
6153 return rc;
6154}
6155
6156
6157/**
6158 * Resume notification.
6159 *
6160 * @returns VBox status.
6161 * @param pDevIns The device instance data.
6162 */
6163static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6164{
6165 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6166 int rc;
6167
6168 Log(("%s:\n", __FUNCTION__));
6169 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6170 {
6171 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6172 {
6173 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6174 AssertRC(rc);
6175 }
6176 }
6177 return;
6178}
6179
6180
6181/**
6182 * Checks if all (both) the async I/O threads have quiesced.
6183 *
6184 * @returns true on success.
6185 * @returns false when one or more threads is still processing.
6186 * @param pThis Pointer to the instance data.
6187 */
6188static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6189{
6190 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6191
6192 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6193 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6194 {
6195 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6196 if (!fRc)
6197 {
6198 /* Make it signal PDM & itself when its done */
6199 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6200 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6201 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6202 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6203 if (!fRc)
6204 {
6205#if 0 /** @todo Need to do some time tracking here... */
6206 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6207 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6208 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6209#endif
6210 return false;
6211 }
6212 }
6213 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6214 }
6215 return true;
6216}
6217
6218
6219/**
6220 * Callback employed by ataSuspend and ataR3PowerOff.
6221 *
6222 * @returns true if we've quiesced, false if we're still working.
6223 * @param pDevIns The device instance.
6224 */
6225static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6226{
6227 return ataR3AllAsyncIOIsIdle(pDevIns);
6228}
6229
6230
6231/**
6232 * Common worker for ataSuspend and ataR3PowerOff.
6233 */
6234static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6235{
6236 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6237 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6238}
6239
6240
6241/**
6242 * Power Off notification.
6243 *
6244 * @returns VBox status.
6245 * @param pDevIns The device instance data.
6246 */
6247static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6248{
6249 Log(("%s:\n", __FUNCTION__));
6250 ataR3SuspendOrPowerOff(pDevIns);
6251}
6252
6253
6254/**
6255 * Suspend notification.
6256 *
6257 * @returns VBox status.
6258 * @param pDevIns The device instance data.
6259 */
6260static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6261{
6262 Log(("%s:\n", __FUNCTION__));
6263 ataR3SuspendOrPowerOff(pDevIns);
6264}
6265
6266
6267/**
6268 * Callback employed by ataR3Reset.
6269 *
6270 * @returns true if we've quiesced, false if we're still working.
6271 * @param pDevIns The device instance.
6272 */
6273static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6274{
6275 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6276
6277 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6278 return false;
6279
6280 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6281 {
6282 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6283 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6284 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6285 PDMCritSectLeave(&pThis->aCts[i].lock);
6286 }
6287 return true;
6288}
6289
6290
6291/**
6292 * Common reset worker for ataR3Reset and ataR3Construct.
6293 *
6294 * @returns VBox status.
6295 * @param pDevIns The device instance data.
6296 * @param fConstruct Indicates who is calling.
6297 */
6298static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6299{
6300 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6301
6302 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6303 {
6304 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6305
6306 pThis->aCts[i].iSelectedIf = 0;
6307 pThis->aCts[i].iAIOIf = 0;
6308 pThis->aCts[i].BmDma.u8Cmd = 0;
6309 /* Report that both drives present on the bus are in DMA mode. This
6310 * pretends that there is a BIOS that has set it up. Normal reset
6311 * default is 0x00. */
6312 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6313 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6314 pThis->aCts[i].BmDma.pvAddr = 0;
6315
6316 pThis->aCts[i].fReset = true;
6317 pThis->aCts[i].fRedo = false;
6318 pThis->aCts[i].fRedoIdle = false;
6319 ataAsyncIOClearRequests(&pThis->aCts[i]);
6320 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6321 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6322 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6323
6324 PDMCritSectLeave(&pThis->aCts[i].lock);
6325 }
6326
6327 int rcRet = VINF_SUCCESS;
6328 if (!fConstruct)
6329 {
6330 /*
6331 * Setup asynchronous notification completion if the requests haven't
6332 * completed yet.
6333 */
6334 if (!ataR3IsAsyncResetDone(pDevIns))
6335 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6336 }
6337 else
6338 {
6339 /*
6340 * Wait for the requests for complete.
6341 *
6342 * Would be real nice if we could do it all from EMT(0) and not
6343 * involve the worker threads, then we could dispense with all the
6344 * waiting and semaphore ping-pong here...
6345 */
6346 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6347 {
6348 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6349 {
6350 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6351 AssertRC(rc);
6352
6353 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6354 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6355 AssertRC(rc);
6356
6357 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6358 AssertRC(rc);
6359
6360 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6361 {
6362 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6363 if (RT_FAILURE(rc))
6364 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6365 if (RT_FAILURE(rc))
6366 {
6367 AssertRC(rc);
6368 rcRet = rc;
6369 }
6370 }
6371 }
6372 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6373 }
6374 if (RT_SUCCESS(rcRet))
6375 {
6376 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6377 AssertRC(rcRet);
6378 }
6379 }
6380 return rcRet;
6381}
6382
6383
6384/**
6385 * Reset notification.
6386 *
6387 * @param pDevIns The device instance data.
6388 */
6389static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6390{
6391 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6392}
6393
6394
6395/**
6396 * Prepare state save and load operation.
6397 *
6398 * @returns VBox status code.
6399 * @param pDevIns Device instance of the device which registered the data unit.
6400 * @param pSSM SSM operation handle.
6401 */
6402static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6403{
6404 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6405
6406 /* sanity - the suspend notification will wait on the async stuff. */
6407 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6408 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6409 ("i=%u\n", i),
6410 VERR_SSM_IDE_ASYNC_TIMEOUT);
6411 return VINF_SUCCESS;
6412}
6413
6414/**
6415 * @copydoc FNSSMDEVLIVEEXEC
6416 */
6417static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6418{
6419 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6420
6421 SSMR3PutU8(pSSM, pThis->u8Type);
6422 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6423 {
6424 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6425 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6426 {
6427 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6428 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6429 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6430 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6431 }
6432 }
6433
6434 return VINF_SSM_DONT_CALL_AGAIN;
6435}
6436
6437
6438/**
6439 * @copydoc FNSSMDEVSAVEEXEC
6440 */
6441static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6442{
6443 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6444
6445 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6446
6447 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6448 {
6449 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6450 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6451 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6452 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6453 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6454 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6455 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6456 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6457 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6458 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6459 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6460 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6461 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6462
6463 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6464 {
6465 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6466 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6467 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6468 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6469 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6470 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6471 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6472 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6473 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6474 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6475 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6476 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6477 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6478 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6479 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6480 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6481 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6482 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6483 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6484 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6485 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6486 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6487 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6488 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6489 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6490 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6491 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6492 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6493 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6494 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6495 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6496 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6497 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6498 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6499 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6500 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6501 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6502 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6503 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6504 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6505 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6506 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6507 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6508 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6509 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6510 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6511 else
6512 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6513 }
6514 }
6515
6516 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6517}
6518
6519/**
6520 * Converts the LUN number into a message string.
6521 */
6522static const char *ataStringifyLun(unsigned iLun)
6523{
6524 switch (iLun)
6525 {
6526 case 0: return "primary master";
6527 case 1: return "primary slave";
6528 case 2: return "secondary master";
6529 case 3: return "secondary slave";
6530 default: AssertFailedReturn("unknown lun");
6531 }
6532}
6533
6534/**
6535 * FNSSMDEVLOADEXEC
6536 */
6537static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6538{
6539 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6540 int rc;
6541 uint32_t u32;
6542
6543 if ( uVersion != ATA_SAVED_STATE_VERSION
6544 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6545 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6546 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6547 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6548 {
6549 AssertMsgFailed(("uVersion=%d\n", uVersion));
6550 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6551 }
6552
6553 /*
6554 * Verify the configuration.
6555 */
6556 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6557 {
6558 uint8_t u8Type;
6559 rc = SSMR3GetU8(pSSM, &u8Type);
6560 AssertRCReturn(rc, rc);
6561 if (u8Type != pThis->u8Type)
6562 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6563
6564 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6565 {
6566 bool fEnabled;
6567 rc = SSMR3GetBool(pSSM, &fEnabled);
6568 AssertRCReturn(rc, rc);
6569 if (!fEnabled)
6570 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6571
6572 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6573 {
6574 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6575
6576 bool fInUse;
6577 rc = SSMR3GetBool(pSSM, &fInUse);
6578 AssertRCReturn(rc, rc);
6579 if (fInUse != (pIf->pDrvBase != NULL))
6580 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6581 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6582 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6583
6584 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6585 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6586 AssertRCReturn(rc, rc);
6587 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6588 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6589 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6590
6591 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6592 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6593 AssertRCReturn(rc, rc);
6594 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6595 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6596 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6597
6598 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6599 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6600 AssertRCReturn(rc, rc);
6601 if (strcmp(szModelNumber, pIf->szModelNumber))
6602 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6603 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6604 }
6605 }
6606 }
6607 if (uPass != SSM_PASS_FINAL)
6608 return VINF_SUCCESS;
6609
6610 /*
6611 * Restore valid parts of the PCIATAState structure
6612 */
6613 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6614 {
6615 /* integrity check */
6616 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6617 {
6618 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6619 return VERR_INTERNAL_ERROR_4;
6620 }
6621
6622 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6623 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6624 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6625 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6626 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6627 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6628 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6629 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6630 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6631 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6632 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6633 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6634 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6635
6636 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6637 {
6638 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6639 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6640 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6641 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6642 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6643 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6644 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6645 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6646 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6647 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6648 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6649 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6650 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6651 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6652 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6653 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6654 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6655 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6656 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6657 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6658 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6659 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6660 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6661 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6662 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6663 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6664 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6665 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6666 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6667 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6668 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6669 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6670 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6671 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6672 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6673 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6674 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6675 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6676 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6677 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6678 {
6679 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6680 }
6681 else
6682 {
6683 uint8_t uATAPISenseKey, uATAPIASC;
6684 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6685 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6686 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6687 SSMR3GetU8(pSSM, &uATAPISenseKey);
6688 SSMR3GetU8(pSSM, &uATAPIASC);
6689 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6690 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6691 }
6692 /** @todo triple-check this hack after passthrough is working */
6693 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6694 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6695 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6696 else
6697 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6698 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6699 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6700 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6701 {
6702 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6703 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6704 else
6705 {
6706 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6707 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6708 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6709
6710 /* skip the buffer if we're loading for the debugger / animator. */
6711 uint8_t u8Ignored;
6712 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6713 while (cbLeft-- > 0)
6714 SSMR3GetU8(pSSM, &u8Ignored);
6715 }
6716 }
6717 else
6718 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6719 }
6720 }
6721 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6722 SSMR3GetU8(pSSM, &pThis->u8Type);
6723
6724 rc = SSMR3GetU32(pSSM, &u32);
6725 if (RT_FAILURE(rc))
6726 return rc;
6727 if (u32 != ~0U)
6728 {
6729 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6730 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6731 return rc;
6732 }
6733
6734 return VINF_SUCCESS;
6735}
6736
6737/**
6738 * Convert config value to DEVPCBIOSBOOT.
6739 *
6740 * @returns VBox status code.
6741 * @param pDevIns The device instance data.
6742 * @param pCfg Configuration handle.
6743 * @param penmChipset Where to store the chipset type.
6744 */
6745static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
6746{
6747 char szType[20];
6748
6749 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
6750 if (RT_FAILURE(rc))
6751 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6752 N_("Configuration error: Querying \"Type\" as a string failed"));
6753 if (!strcmp(szType, "PIIX3"))
6754 *penmChipset = CHIPSET_PIIX3;
6755 else if (!strcmp(szType, "PIIX4"))
6756 *penmChipset = CHIPSET_PIIX4;
6757 else if (!strcmp(szType, "ICH6"))
6758 *penmChipset = CHIPSET_ICH6;
6759 else
6760 {
6761 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6762 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6763 szType);
6764 rc = VERR_INTERNAL_ERROR;
6765 }
6766 return rc;
6767}
6768
6769
6770/**
6771 * @interface_method_impl{PDMDEVREG,pfnConstruct}
6772 */
6773static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
6774{
6775 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6776 PPDMIBASE pBase;
6777 int rc;
6778 bool fGCEnabled;
6779 bool fR0Enabled;
6780 uint32_t DelayIRQMillies;
6781
6782 Assert(iInstance == 0);
6783 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
6784
6785 /*
6786 * Initialize NIL handle values (for the destructor).
6787 */
6788 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6789 {
6790 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6791 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6792 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6793 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6794 }
6795
6796 /*
6797 * Validate and read configuration.
6798 */
6799 if (!CFGMR3AreValuesValid(pCfg,
6800 "GCEnabled\0"
6801 "R0Enabled\0"
6802 "IRQDelay\0"
6803 "Type\0")
6804 /** @todo || invalid keys */)
6805 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6806 N_("PIIX3 configuration error: unknown option specified"));
6807
6808 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
6809 if (RT_FAILURE(rc))
6810 return PDMDEV_SET_ERROR(pDevIns, rc,
6811 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6812 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6813
6814 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
6815 if (RT_FAILURE(rc))
6816 return PDMDEV_SET_ERROR(pDevIns, rc,
6817 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6818 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6819
6820 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
6821 if (RT_FAILURE(rc))
6822 return PDMDEV_SET_ERROR(pDevIns, rc,
6823 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6824 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6825 Assert(DelayIRQMillies < 50);
6826
6827 CHIPSET enmChipset = CHIPSET_PIIX3;
6828 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
6829 if (RT_FAILURE(rc))
6830 return rc;
6831 pThis->u8Type = (uint8_t)enmChipset;
6832
6833 /*
6834 * Initialize data (most of it anyway).
6835 */
6836 /* Status LUN. */
6837 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6838 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6839
6840 /* PCI configuration space. */
6841 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6842
6843 /*
6844 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6845 * as it explicitly checks for PCI id for IDE controllers.
6846 */
6847 switch (pThis->u8Type)
6848 {
6849 case CHIPSET_ICH6:
6850 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6851 /** @todo: do we need it? Do we need anything else? */
6852 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6853 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6854 pThis->dev.config[0x4B] = 0x00;
6855 {
6856 /*
6857 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6858 * Report
6859 * WR_Ping-Pong_EN: must be set
6860 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6861 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6862 */
6863 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6864 pThis->dev.config[0x54] = u16Config & 0xff;
6865 pThis->dev.config[0x55] = u16Config >> 8;
6866 }
6867 break;
6868 case CHIPSET_PIIX4:
6869 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6870 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6871 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6872 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6873 pThis->dev.config[0x4B] = 0x00;
6874 break;
6875 case CHIPSET_PIIX3:
6876 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6877 break;
6878 default:
6879 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6880 }
6881
6882 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6883 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6884 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6885 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6886 PCIDevSetHeaderType(&pThis->dev, 0x00);
6887
6888 pThis->pDevIns = pDevIns;
6889 pThis->fGCEnabled = fGCEnabled;
6890 pThis->fR0Enabled = fR0Enabled;
6891 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6892 {
6893 pThis->aCts[i].pDevInsR3 = pDevIns;
6894 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6895 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6896 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6897 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6898 {
6899 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6900
6901 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6902 pIf->pDevInsR3 = pDevIns;
6903 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6904 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6905 pIf->pControllerR3 = &pThis->aCts[i];
6906 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6907 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6908 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6909 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6910 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6911 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
6912 pIf->Led.u32Magic = PDMLED_MAGIC;
6913 }
6914 }
6915
6916 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6917 pThis->aCts[0].irq = 14;
6918 pThis->aCts[0].IOPortBase1 = 0x1f0;
6919 pThis->aCts[0].IOPortBase2 = 0x3f6;
6920 pThis->aCts[1].irq = 15;
6921 pThis->aCts[1].IOPortBase1 = 0x170;
6922 pThis->aCts[1].IOPortBase2 = 0x376;
6923
6924 /*
6925 * Register the PCI device.
6926 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6927 * device the slot next to itself.
6928 */
6929 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6930 if (RT_FAILURE(rc))
6931 return PDMDEV_SET_ERROR(pDevIns, rc,
6932 N_("PIIX3 cannot register PCI device"));
6933 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6934 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6935 if (RT_FAILURE(rc))
6936 return PDMDEV_SET_ERROR(pDevIns, rc,
6937 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6938
6939 /*
6940 * Register the I/O ports.
6941 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6942 */
6943 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6944 {
6945 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)(uintptr_t)i,
6946 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6947 if (RT_FAILURE(rc))
6948 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6949
6950 if (fGCEnabled)
6951 {
6952 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6953 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6954 if (RT_FAILURE(rc))
6955 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6956 }
6957
6958 if (fR0Enabled)
6959 {
6960#if 1
6961 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6962 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6963#else
6964 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6965 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6966#endif
6967 if (RT_FAILURE(rc))
6968 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6969 }
6970
6971 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
6972 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6973 if (RT_FAILURE(rc))
6974 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6975
6976 if (fGCEnabled)
6977 {
6978 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6979 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6980 if (RT_FAILURE(rc))
6981 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6982 }
6983 if (fR0Enabled)
6984 {
6985 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6986 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6987 if (RT_FAILURE(rc))
6988 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6989 }
6990
6991 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6992 {
6993 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6994 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6995 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6996 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6997 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6998 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6999 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7000 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7001 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7002#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7003 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7004 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7005#endif
7006 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7007 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7008#ifdef VBOX_INSTRUMENT_DMA_WRITES
7009 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7010 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7011#endif
7012#ifdef VBOX_WITH_STATISTICS
7013 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7014 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7015#endif
7016 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7017 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7018#ifdef VBOX_WITH_STATISTICS
7019 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7020 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7021#endif
7022 }
7023#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7024 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7025 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7026 /** @todo STAMUNIT_MICROSECS */
7027 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7028 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7029 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7030 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7031 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7032 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7033 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7034 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7035 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7036 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7037#endif /* VBOX_WITH_STATISTICS */
7038
7039 /* Initialize per-controller critical section */
7040 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
7041 if (RT_FAILURE(rc))
7042 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
7043 }
7044
7045 /*
7046 * Attach status driver (optional).
7047 */
7048 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7049 if (RT_SUCCESS(rc))
7050 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7051 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7052 {
7053 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7054 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7055 }
7056
7057 /*
7058 * Attach the units.
7059 */
7060 uint32_t cbTotalBuffer = 0;
7061 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7062 {
7063 PATACONTROLLER pCtl = &pThis->aCts[i];
7064
7065 /*
7066 * Start the worker thread.
7067 */
7068 pCtl->uAsyncIOState = ATA_AIO_NEW;
7069 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
7070 AssertLogRelRCReturn(rc, rc);
7071 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7072 AssertLogRelRCReturn(rc, rc);
7073 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
7074 AssertLogRelRCReturn(rc, rc);
7075 ataAsyncIOClearRequests(pCtl);
7076 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
7077 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7078 AssertLogRelRCReturn(rc, rc);
7079 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
7080 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
7081
7082 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7083 {
7084 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7085 {
7086 { "Primary Master", "Primary Slave" },
7087 { "Secondary Master", "Secondary Slave" }
7088 };
7089
7090 /*
7091 * Try attach the block device and get the interfaces,
7092 * required as well as optional.
7093 */
7094 ATADevState *pIf = &pCtl->aIfs[j];
7095
7096 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7097 if (RT_SUCCESS(rc))
7098 {
7099 rc = ataConfigLun(pDevIns, pIf);
7100 if (RT_SUCCESS(rc))
7101 {
7102 /*
7103 * Init vendor product data.
7104 */
7105 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7106 {
7107 { "PrimaryMaster", "PrimarySlave" },
7108 { "SecondaryMaster", "SecondarySlave" }
7109 };
7110
7111 /* Generate a default serial number. */
7112 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7113 RTUUID Uuid;
7114 if (pIf->pDrvBlock)
7115 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
7116 else
7117 RTUuidClear(&Uuid);
7118
7119 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7120 {
7121 /* Generate a predictable serial for drives which don't have a UUID. */
7122 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7123 pIf->iLUN + pDevIns->iInstance * 32,
7124 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7125 }
7126 else
7127 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7128
7129 /* Get user config if present using defaults otherwise. */
7130 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7131 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7132 szSerial);
7133 if (RT_FAILURE(rc))
7134 {
7135 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7136 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7137 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7138 return PDMDEV_SET_ERROR(pDevIns, rc,
7139 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7140 }
7141
7142 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7143 "1.0");
7144 if (RT_FAILURE(rc))
7145 {
7146 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7147 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7148 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7149 return PDMDEV_SET_ERROR(pDevIns, rc,
7150 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7151 }
7152
7153 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7154 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7155 if (RT_FAILURE(rc))
7156 {
7157 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7158 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7159 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7160 return PDMDEV_SET_ERROR(pDevIns, rc,
7161 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7162 }
7163
7164 /* There are three other identification strings for CD drives used for INQUIRY */
7165 if (pIf->fATAPI)
7166 {
7167 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7168 "VBOX");
7169 if (RT_FAILURE(rc))
7170 {
7171 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7172 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7173 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7174 return PDMDEV_SET_ERROR(pDevIns, rc,
7175 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7176 }
7177
7178 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7179 "CD-ROM");
7180 if (RT_FAILURE(rc))
7181 {
7182 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7183 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7184 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7185 return PDMDEV_SET_ERROR(pDevIns, rc,
7186 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7187 }
7188
7189 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7190 "1.0");
7191 if (RT_FAILURE(rc))
7192 {
7193 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7194 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7195 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7196 return PDMDEV_SET_ERROR(pDevIns, rc,
7197 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7198 }
7199 }
7200 }
7201
7202 }
7203 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7204 {
7205 pIf->pDrvBase = NULL;
7206 pIf->pDrvBlock = NULL;
7207 pIf->cbIOBuffer = 0;
7208 pIf->pbIOBufferR3 = NULL;
7209 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7210 pIf->pbIOBufferRC = NIL_RTGCPTR;
7211 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7212 }
7213 else
7214 {
7215 switch (rc)
7216 {
7217 case VERR_ACCESS_DENIED:
7218 /* Error already cached by DrvHostBase */
7219 return rc;
7220 default:
7221 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7222 N_("PIIX3 cannot attach drive to the %s"),
7223 s_apszDescs[i][j]);
7224 }
7225 }
7226 cbTotalBuffer += pIf->cbIOBuffer;
7227 }
7228 }
7229
7230 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7231 NULL, ataLiveExec, NULL,
7232 ataSaveLoadPrep, ataSaveExec, NULL,
7233 ataSaveLoadPrep, ataLoadExec, NULL);
7234 if (RT_FAILURE(rc))
7235 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7236
7237 /*
7238 * Initialize the device state.
7239 */
7240 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7241}
7242
7243
7244/**
7245 * The device registration structure.
7246 */
7247const PDMDEVREG g_DevicePIIX3IDE =
7248{
7249 /* u32Version */
7250 PDM_DEVREG_VERSION,
7251 /* szName */
7252 "piix3ide",
7253 /* szRCMod */
7254 "VBoxDDGC.gc",
7255 /* szR0Mod */
7256 "VBoxDDR0.r0",
7257 /* pszDescription */
7258 "Intel PIIX3 ATA controller.\n"
7259 " LUN #0 is primary master.\n"
7260 " LUN #1 is primary slave.\n"
7261 " LUN #2 is secondary master.\n"
7262 " LUN #3 is secondary slave.\n"
7263 " LUN #999 is the LED/Status connector.",
7264 /* fFlags */
7265 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7266 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7267 /* fClass */
7268 PDM_DEVREG_CLASS_STORAGE,
7269 /* cMaxInstances */
7270 1,
7271 /* cbInstance */
7272 sizeof(PCIATAState),
7273 /* pfnConstruct */
7274 ataR3Construct,
7275 /* pfnDestruct */
7276 ataR3Destruct,
7277 /* pfnRelocate */
7278 ataR3Relocate,
7279 /* pfnIOCtl */
7280 NULL,
7281 /* pfnPowerOn */
7282 NULL,
7283 /* pfnReset */
7284 ataR3Reset,
7285 /* pfnSuspend */
7286 ataR3Suspend,
7287 /* pfnResume */
7288 ataR3Resume,
7289 /* pfnAttach */
7290 ataR3Attach,
7291 /* pfnDetach */
7292 ataR3Detach,
7293 /* pfnQueryInterface. */
7294 NULL,
7295 /* pfnInitComplete */
7296 NULL,
7297 /* pfnPowerOff */
7298 ataR3PowerOff,
7299 /* pfnSoftReset */
7300 NULL,
7301 /* u32VersionEnd */
7302 PDM_DEVREG_VERSION
7303};
7304#endif /* IN_RING3 */
7305#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette