VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 42401

Last change on this file since 42401 was 42324, checked in by vboxsync, 13 years ago

ATA: Handle some off-size port accesses.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 293.2 KB
Line 
1/* $Id: DevATA.cpp 42324 2012-07-23 13:42:08Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2011 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "VBoxDD.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/* Media track type */
102#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
103#define ATA_MEDIA_TYPE_DATA 1 /**< Data CD */
104#define ATA_MEDIA_TYPE_CDDA 2 /**< CD-DA (audio) CD type */
105#define ATA_MEDIA_NO_DISC 0x70 /**< Door closed, no medium */
106
107/*******************************************************************************
108* Structures and Typedefs *
109*******************************************************************************/
110/**
111 * The state of an ATA device.
112 *
113 * @implements PDMIBASE
114 * @implements PDMIBLOCKPORT
115 * @implements PDMIMOUNTNOTIFY
116 */
117typedef struct ATADevState
118{
119 /** Flag indicating whether the current command uses LBA48 mode. */
120 bool fLBA48;
121 /** Flag indicating whether this drive implements the ATAPI command set. */
122 bool fATAPI;
123 /** Set if this interface has asserted the IRQ. */
124 bool fIrqPending;
125 /** Currently configured number of sectors in a multi-sector transfer. */
126 uint8_t cMultSectors;
127 /** PCHS disk geometry. */
128 PDMMEDIAGEOMETRY PCHSGeometry;
129 /** Total number of sectors on this disk. */
130 uint64_t cTotalSectors;
131 /** Number of sectors to transfer per IRQ. */
132 uint32_t cSectorsPerIRQ;
133
134 /** ATA/ATAPI register 1: feature (write-only). */
135 uint8_t uATARegFeature;
136 /** ATA/ATAPI register 1: feature, high order byte. */
137 uint8_t uATARegFeatureHOB;
138 /** ATA/ATAPI register 1: error (read-only). */
139 uint8_t uATARegError;
140 /** ATA/ATAPI register 2: sector count (read/write). */
141 uint8_t uATARegNSector;
142 /** ATA/ATAPI register 2: sector count, high order byte. */
143 uint8_t uATARegNSectorHOB;
144 /** ATA/ATAPI register 3: sector (read/write). */
145 uint8_t uATARegSector;
146 /** ATA/ATAPI register 3: sector, high order byte. */
147 uint8_t uATARegSectorHOB;
148 /** ATA/ATAPI register 4: cylinder low (read/write). */
149 uint8_t uATARegLCyl;
150 /** ATA/ATAPI register 4: cylinder low, high order byte. */
151 uint8_t uATARegLCylHOB;
152 /** ATA/ATAPI register 5: cylinder high (read/write). */
153 uint8_t uATARegHCyl;
154 /** ATA/ATAPI register 5: cylinder high, high order byte. */
155 uint8_t uATARegHCylHOB;
156 /** ATA/ATAPI register 6: select drive/head (read/write). */
157 uint8_t uATARegSelect;
158 /** ATA/ATAPI register 7: status (read-only). */
159 uint8_t uATARegStatus;
160 /** ATA/ATAPI register 7: command (write-only). */
161 uint8_t uATARegCommand;
162 /** ATA/ATAPI drive control register (write-only). */
163 uint8_t uATARegDevCtl;
164
165 /** Currently active transfer mode (MDMA/UDMA) and speed. */
166 uint8_t uATATransferMode;
167 /** Current transfer direction. */
168 uint8_t uTxDir;
169 /** Index of callback for begin transfer. */
170 uint8_t iBeginTransfer;
171 /** Index of callback for source/sink of data. */
172 uint8_t iSourceSink;
173 /** Flag indicating whether the current command transfers data in DMA mode. */
174 bool fDMA;
175 /** Set to indicate that ATAPI transfer semantics must be used. */
176 bool fATAPITransfer;
177
178 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
179 uint32_t cbTotalTransfer;
180 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
181 uint32_t cbElementaryTransfer;
182 /** Current read/write buffer position, shared PIO/DMA. */
183 uint32_t iIOBufferCur;
184 /** First element beyond end of valid buffer content, shared PIO/DMA. */
185 uint32_t iIOBufferEnd;
186
187 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
188 uint32_t iIOBufferPIODataStart;
189 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
190 uint32_t iIOBufferPIODataEnd;
191
192 /** ATAPI current LBA position. */
193 uint32_t iATAPILBA;
194 /** ATAPI current sector size. */
195 uint32_t cbATAPISector;
196 /** ATAPI current command. */
197 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
198 /** ATAPI sense data. */
199 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
200 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
201 uint8_t cNotifiedMediaChange;
202 /** The same for GET_EVENT_STATUS for mechanism */
203 volatile uint32_t MediaEventStatus;
204
205 /** Media type if known. */
206 volatile uint32_t MediaTrackType;
207
208 /** The status LED state for this drive. */
209 PDMLED Led;
210
211 /** Size of I/O buffer. */
212 uint32_t cbIOBuffer;
213 /** Pointer to the I/O buffer. */
214 R3PTRTYPE(uint8_t *) pbIOBufferR3;
215 /** Pointer to the I/O buffer. */
216 R0PTRTYPE(uint8_t *) pbIOBufferR0;
217 /** Pointer to the I/O buffer. */
218 RCPTRTYPE(uint8_t *) pbIOBufferRC;
219
220 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
221
222 /*
223 * No data that is part of the saved state after this point!!!!!
224 */
225
226 /* Release statistics: number of ATA DMA commands. */
227 STAMCOUNTER StatATADMA;
228 /* Release statistics: number of ATA PIO commands. */
229 STAMCOUNTER StatATAPIO;
230 /* Release statistics: number of ATAPI PIO commands. */
231 STAMCOUNTER StatATAPIDMA;
232 /* Release statistics: number of ATAPI PIO commands. */
233 STAMCOUNTER StatATAPIPIO;
234#ifdef VBOX_INSTRUMENT_DMA_WRITES
235 /* Release statistics: number of DMA sector writes and the time spent. */
236 STAMPROFILEADV StatInstrVDWrites;
237#endif
238
239 /** Statistics: number of read operations and the time spent reading. */
240 STAMPROFILEADV StatReads;
241 /** Statistics: number of bytes read. */
242 STAMCOUNTER StatBytesRead;
243 /** Statistics: number of write operations and the time spent writing. */
244 STAMPROFILEADV StatWrites;
245 /** Statistics: number of bytes written. */
246 STAMCOUNTER StatBytesWritten;
247 /** Statistics: number of flush operations and the time spend flushing. */
248 STAMPROFILE StatFlushes;
249
250 /** Mark the drive as having a non-rotational medium (i.e. as a SSD). */
251 bool fNonRotational;
252 /** Enable passing through commands directly to the ATAPI drive. */
253 bool fATAPIPassthrough;
254 /** Flag whether to overwrite inquiry data in passthrough mode. */
255 bool fOverwriteInquiry;
256 /** Number of errors we've reported to the release log.
257 * This is to prevent flooding caused by something going horribly wrong.
258 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
259 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
260 uint32_t cErrors;
261 /** Timestamp of last started command. 0 if no command pending. */
262 uint64_t u64CmdTS;
263
264 /** Pointer to the attached driver's base interface. */
265 R3PTRTYPE(PPDMIBASE) pDrvBase;
266 /** Pointer to the attached driver's block interface. */
267 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
268 /** Pointer to the attached driver's block bios interface. */
269 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
270 /** Pointer to the attached driver's mount interface.
271 * This is NULL if the driver isn't a removable unit. */
272 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
273 /** The base interface. */
274 PDMIBASE IBase;
275 /** The block port interface. */
276 PDMIBLOCKPORT IPort;
277 /** The mount notify interface. */
278 PDMIMOUNTNOTIFY IMountNotify;
279 /** The LUN #. */
280 RTUINT iLUN;
281 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
282 /** Pointer to device instance. */
283 PPDMDEVINSR3 pDevInsR3;
284 /** Pointer to controller instance. */
285 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
286 /** Pointer to device instance. */
287 PPDMDEVINSR0 pDevInsR0;
288 /** Pointer to controller instance. */
289 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
290 /** Pointer to device instance. */
291 PPDMDEVINSRC pDevInsRC;
292 /** Pointer to controller instance. */
293 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
294
295 /** The serial number to use for IDENTIFY DEVICE commands. */
296 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
297 /** The firmware revision to use for IDENTIFY DEVICE commands. */
298 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
299 /** The model number to use for IDENTIFY DEVICE commands. */
300 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
301 /** The vendor identification string for SCSI INQUIRY commands. */
302 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
303 /** The product identification string for SCSI INQUIRY commands. */
304 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
305 /** The revision string for SCSI INQUIRY commands. */
306 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
307 /** Size of the current CUE sheet in bytes. */
308 uint32_t cbCueSheet;
309 /** Align pbCueSheet correctly. */
310 uint32_t u32Alignment3;
311 /** The current CUE Sheet if passthrough is used. */
312 R3PTRTYPE(uint8_t *) pbCueSheet;
313
314 uint8_t abAlignment4[HC_ARCH_BITS == 64 ? 7 : 3];
315} ATADevState;
316AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
317AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
318AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
319AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
320AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
321AssertCompileSizeAlignment(ATADevState, 8);
322
323
324typedef struct ATATransferRequest
325{
326 uint8_t iIf;
327 uint8_t iBeginTransfer;
328 uint8_t iSourceSink;
329 uint32_t cbTotalTransfer;
330 uint8_t uTxDir;
331} ATATransferRequest;
332
333
334typedef struct ATAAbortRequest
335{
336 uint8_t iIf;
337 bool fResetDrive;
338} ATAAbortRequest;
339
340
341typedef enum
342{
343 /** Begin a new transfer. */
344 ATA_AIO_NEW = 0,
345 /** Continue a DMA transfer. */
346 ATA_AIO_DMA,
347 /** Continue a PIO transfer. */
348 ATA_AIO_PIO,
349 /** Reset the drives on current controller, stop all transfer activity. */
350 ATA_AIO_RESET_ASSERTED,
351 /** Reset the drives on current controller, resume operation. */
352 ATA_AIO_RESET_CLEARED,
353 /** Abort the current transfer of a particular drive. */
354 ATA_AIO_ABORT
355} ATAAIO;
356
357
358typedef struct ATARequest
359{
360 ATAAIO ReqType;
361 union
362 {
363 ATATransferRequest t;
364 ATAAbortRequest a;
365 } u;
366} ATARequest;
367
368
369typedef struct ATACONTROLLER
370{
371 /** The base of the first I/O Port range. */
372 RTIOPORT IOPortBase1;
373 /** The base of the second I/O Port range. (0 if none) */
374 RTIOPORT IOPortBase2;
375 /** The assigned IRQ. */
376 RTUINT irq;
377 /** Access critical section */
378 PDMCRITSECT lock;
379
380 /** Selected drive. */
381 uint8_t iSelectedIf;
382 /** The interface on which to handle async I/O. */
383 uint8_t iAIOIf;
384 /** The state of the async I/O thread. */
385 uint8_t uAsyncIOState;
386 /** Flag indicating whether the next transfer is part of the current command. */
387 bool fChainedTransfer;
388 /** Set when the reset processing is currently active on this controller. */
389 bool fReset;
390 /** Flag whether the current transfer needs to be redone. */
391 bool fRedo;
392 /** Flag whether the redo suspend has been finished. */
393 bool fRedoIdle;
394 /** Flag whether the DMA operation to be redone is the final transfer. */
395 bool fRedoDMALastDesc;
396 /** The BusMaster DMA state. */
397 BMDMAState BmDma;
398 /** Pointer to first DMA descriptor. */
399 RTGCPHYS32 pFirstDMADesc;
400 /** Pointer to last DMA descriptor. */
401 RTGCPHYS32 pLastDMADesc;
402 /** Pointer to current DMA buffer (for redo operations). */
403 RTGCPHYS32 pRedoDMABuffer;
404 /** Size of current DMA buffer (for redo operations). */
405 uint32_t cbRedoDMABuffer;
406
407 /** The ATA/ATAPI interfaces of this controller. */
408 ATADevState aIfs[2];
409
410 /** Pointer to device instance. */
411 PPDMDEVINSR3 pDevInsR3;
412 /** Pointer to device instance. */
413 PPDMDEVINSR0 pDevInsR0;
414 /** Pointer to device instance. */
415 PPDMDEVINSRC pDevInsRC;
416
417 /** Set when the destroying the device instance and the thread must exit. */
418 uint32_t volatile fShutdown;
419 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
420 RTTHREAD AsyncIOThread;
421 /** The event semaphore the thread is waiting on for requests. */
422 RTSEMEVENT AsyncIOSem;
423 /** The request queue for the AIO thread. One element is always unused. */
424 ATARequest aAsyncIORequests[4];
425 /** The position at which to insert a new request for the AIO thread. */
426 volatile uint8_t AsyncIOReqHead;
427 /** The position at which to get a new request for the AIO thread. */
428 volatile uint8_t AsyncIOReqTail;
429 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
430 bool volatile fSignalIdle;
431 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
432 /** Magic delay before triggering interrupts in DMA mode. */
433 uint32_t DelayIRQMillies;
434 /** The mutex protecting the request queue. */
435 RTSEMMUTEX AsyncIORequestMutex;
436 /** The event semaphore the thread is waiting on during suspended I/O. */
437 RTSEMEVENT SuspendIOSem;
438#if 0 /*HC_ARCH_BITS == 32*/
439 uint32_t Alignment0;
440#endif
441
442 /** Timestamp we started the reset. */
443 uint64_t u64ResetTime;
444
445 /* Statistics */
446 STAMCOUNTER StatAsyncOps;
447 uint64_t StatAsyncMinWait;
448 uint64_t StatAsyncMaxWait;
449 STAMCOUNTER StatAsyncTimeUS;
450 STAMPROFILEADV StatAsyncTime;
451 STAMPROFILE StatLockWait;
452} ATACONTROLLER, *PATACONTROLLER;
453AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
456AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
457
458typedef enum CHIPSET
459{
460 /** PIIX3 chipset, must be 0 for saved state compatibility */
461 CHIPSET_PIIX3 = 0,
462 /** PIIX4 chipset, must be 1 for saved state compatibility */
463 CHIPSET_PIIX4 = 1,
464 /** ICH6 chipset */
465 CHIPSET_ICH6 = 2
466} CHIPSET;
467
468/**
469 * The state of the ATA PCI device.
470 *
471 * @extends PCIDEVICE
472 * @implements PDMILEDPORTS
473 */
474typedef struct PCIATAState
475{
476 PCIDEVICE dev;
477 /** The controllers. */
478 ATACONTROLLER aCts[2];
479 /** Pointer to device instance. */
480 PPDMDEVINSR3 pDevIns;
481 /** Status LUN: Base interface. */
482 PDMIBASE IBase;
483 /** Status LUN: Leds interface. */
484 PDMILEDPORTS ILeds;
485 /** Status LUN: Partner of ILeds. */
486 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
487 /** Status LUN: Media Notify. */
488 R3PTRTYPE(PPDMIMEDIANOTIFY) pMediaNotify;
489 /** Flag whether GC is enabled. */
490 bool fGCEnabled;
491 /** Flag whether R0 is enabled. */
492 bool fR0Enabled;
493 /** Flag indicating chipset being emulated. */
494 uint8_t u8Type;
495 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
496} PCIATAState;
497
498#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
499#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
500#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
501#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
502#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
503#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
504
505#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
506
507#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
508#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
509#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
510#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
511#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
512
513#ifndef VBOX_DEVICE_STRUCT_TESTCASE
514/*******************************************************************************
515 * Internal Functions *
516 ******************************************************************************/
517RT_C_DECLS_BEGIN
518PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
521PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
522PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
523PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
524PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
525PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
526RT_C_DECLS_END
527
528
529
530DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
531{
532 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
533
534 /* Freeze status register contents while processing RESET. */
535 if (!pCtl->fReset)
536 {
537 s->uATARegStatus = stat;
538 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
539 }
540}
541
542
543DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
544{
545 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
546
547 /* Freeze status register contents while processing RESET. */
548 if (!pCtl->fReset)
549 {
550 s->uATARegStatus |= stat;
551 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
552 }
553}
554
555
556DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
557{
558 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
559
560 /* Freeze status register contents while processing RESET. */
561 if (!pCtl->fReset)
562 {
563 s->uATARegStatus &= ~stat;
564 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
565 }
566}
567
568#ifdef IN_RING3
569
570typedef void (*PBeginTransferFunc)(ATADevState *);
571typedef bool (*PSourceSinkFunc)(ATADevState *);
572
573static void ataReadWriteSectorsBT(ATADevState *);
574static void ataPacketBT(ATADevState *);
575static void atapiCmdBT(ATADevState *);
576static void atapiPassthroughCmdBT(ATADevState *);
577
578static bool ataIdentifySS(ATADevState *);
579static bool ataFlushSS(ATADevState *);
580static bool ataReadSectorsSS(ATADevState *);
581static bool ataWriteSectorsSS(ATADevState *);
582static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
583static bool ataTrimSS(ATADevState *);
584static bool ataPacketSS(ATADevState *);
585static bool atapiGetConfigurationSS(ATADevState *);
586static bool atapiGetEventStatusNotificationSS(ATADevState *);
587static bool atapiIdentifySS(ATADevState *);
588static bool atapiInquirySS(ATADevState *);
589static bool atapiMechanismStatusSS(ATADevState *);
590static bool atapiModeSenseErrorRecoverySS(ATADevState *);
591static bool atapiModeSenseCDStatusSS(ATADevState *);
592static bool atapiReadSS(ATADevState *);
593static bool atapiReadCapacitySS(ATADevState *);
594static bool atapiReadDiscInformationSS(ATADevState *);
595static bool atapiReadTOCNormalSS(ATADevState *);
596static bool atapiReadTOCMultiSS(ATADevState *);
597static bool atapiReadTOCRawSS(ATADevState *);
598static bool atapiReadTrackInformationSS(ATADevState *);
599static bool atapiRequestSenseSS(ATADevState *);
600static bool atapiPassthroughSS(ATADevState *);
601static bool atapiReadDVDStructureSS(ATADevState *);
602
603/**
604 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
605 */
606typedef enum ATAFNBT
607{
608 ATAFN_BT_NULL = 0,
609 ATAFN_BT_READ_WRITE_SECTORS,
610 ATAFN_BT_PACKET,
611 ATAFN_BT_ATAPI_CMD,
612 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
613 ATAFN_BT_MAX
614} ATAFNBT;
615
616/**
617 * Array of end transfer functions, the index is ATAFNET.
618 * Make sure ATAFNET and this array match!
619 */
620static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
621{
622 NULL,
623 ataReadWriteSectorsBT,
624 ataPacketBT,
625 atapiCmdBT,
626 atapiPassthroughCmdBT,
627};
628
629/**
630 * Source/sink function indexes for g_apfnSourceSinkFuncs.
631 */
632typedef enum ATAFNSS
633{
634 ATAFN_SS_NULL = 0,
635 ATAFN_SS_IDENTIFY,
636 ATAFN_SS_FLUSH,
637 ATAFN_SS_READ_SECTORS,
638 ATAFN_SS_WRITE_SECTORS,
639 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
640 ATAFN_SS_TRIM,
641 ATAFN_SS_PACKET,
642 ATAFN_SS_ATAPI_GET_CONFIGURATION,
643 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
644 ATAFN_SS_ATAPI_IDENTIFY,
645 ATAFN_SS_ATAPI_INQUIRY,
646 ATAFN_SS_ATAPI_MECHANISM_STATUS,
647 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
648 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
649 ATAFN_SS_ATAPI_READ,
650 ATAFN_SS_ATAPI_READ_CAPACITY,
651 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
652 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
653 ATAFN_SS_ATAPI_READ_TOC_MULTI,
654 ATAFN_SS_ATAPI_READ_TOC_RAW,
655 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
656 ATAFN_SS_ATAPI_REQUEST_SENSE,
657 ATAFN_SS_ATAPI_PASSTHROUGH,
658 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
659 ATAFN_SS_MAX
660} ATAFNSS;
661
662/**
663 * Array of source/sink functions, the index is ATAFNSS.
664 * Make sure ATAFNSS and this array match!
665 */
666static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
667{
668 NULL,
669 ataIdentifySS,
670 ataFlushSS,
671 ataReadSectorsSS,
672 ataWriteSectorsSS,
673 ataExecuteDeviceDiagnosticSS,
674 ataTrimSS,
675 ataPacketSS,
676 atapiGetConfigurationSS,
677 atapiGetEventStatusNotificationSS,
678 atapiIdentifySS,
679 atapiInquirySS,
680 atapiMechanismStatusSS,
681 atapiModeSenseErrorRecoverySS,
682 atapiModeSenseCDStatusSS,
683 atapiReadSS,
684 atapiReadCapacitySS,
685 atapiReadDiscInformationSS,
686 atapiReadTOCNormalSS,
687 atapiReadTOCMultiSS,
688 atapiReadTOCRawSS,
689 atapiReadTrackInformationSS,
690 atapiRequestSenseSS,
691 atapiPassthroughSS,
692 atapiReadDVDStructureSS
693};
694
695
696static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
697static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
698static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
699static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
700
701static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
702{
703 int rc;
704
705 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
706 AssertRC(rc);
707 pCtl->AsyncIOReqHead = 0;
708 pCtl->AsyncIOReqTail = 0;
709 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
710 AssertRC(rc);
711}
712
713
714static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
715{
716 int rc;
717
718 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
719 AssertRC(rc);
720 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
721 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
722 pCtl->AsyncIOReqHead++;
723 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
724 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
725 AssertRC(rc);
726 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
727 if (RT_FAILURE(rc))
728 {
729 rc = RTSemEventSignal(pCtl->AsyncIOSem);
730 AssertRC(rc);
731 }
732}
733
734
735static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
736{
737 int rc;
738 const ATARequest *pReq;
739
740 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
741 AssertRC(rc);
742 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
743 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
744 else
745 pReq = NULL;
746 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
747 AssertRC(rc);
748 return pReq;
749}
750
751
752/**
753 * Remove the request with the given type, as it's finished. The request
754 * is not removed blindly, as this could mean a RESET request that is not
755 * yet processed (but has cleared the request queue) is lost.
756 *
757 * @param pCtl Controller for which to remove the request.
758 * @param ReqType Type of the request to remove.
759 */
760static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
761{
762 int rc;
763
764 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
765 AssertRC(rc);
766 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
767 {
768 pCtl->AsyncIOReqTail++;
769 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
770 }
771 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
772 AssertRC(rc);
773}
774
775
776/**
777 * Dump the request queue for a particular controller. First dump the queue
778 * contents, then the already processed entries, as long as they haven't been
779 * overwritten.
780 *
781 * @param pCtl Controller for which to dump the queue.
782 */
783static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
784{
785 int rc;
786 uint8_t curr;
787
788 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
789 AssertRC(rc);
790 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
791 curr = pCtl->AsyncIOReqTail;
792 do
793 {
794 if (curr == pCtl->AsyncIOReqHead)
795 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
796 switch (pCtl->aAsyncIORequests[curr].ReqType)
797 {
798 case ATA_AIO_NEW:
799 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
800 break;
801 case ATA_AIO_DMA:
802 LogRel(("dma transfer continuation\n"));
803 break;
804 case ATA_AIO_PIO:
805 LogRel(("pio transfer continuation\n"));
806 break;
807 case ATA_AIO_RESET_ASSERTED:
808 LogRel(("reset asserted request\n"));
809 break;
810 case ATA_AIO_RESET_CLEARED:
811 LogRel(("reset cleared request\n"));
812 break;
813 case ATA_AIO_ABORT:
814 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
815 break;
816 default:
817 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
818 }
819 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
820 } while (curr != pCtl->AsyncIOReqTail);
821 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
822 AssertRC(rc);
823}
824
825
826/**
827 * Checks whether the request queue for a particular controller is empty
828 * or whether a particular controller is idle.
829 *
830 * @param pCtl Controller for which to check the queue.
831 * @param fStrict If set then the controller is checked to be idle.
832 */
833static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
834{
835 int rc;
836 bool fIdle;
837
838 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
839 AssertRC(rc);
840 fIdle = pCtl->fRedoIdle;
841 if (!fIdle)
842 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
843 if (fStrict)
844 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
845 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
846 AssertRC(rc);
847 return fIdle;
848}
849
850
851/**
852 * Send a transfer request to the async I/O thread.
853 *
854 * @param s Pointer to the ATA device state data.
855 * @param cbTotalTransfer Data transfer size.
856 * @param uTxDir Data transfer direction.
857 * @param iBeginTransfer Index of BeginTransfer callback.
858 * @param iSourceSink Index of SourceSink callback.
859 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
860 */
861static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
862{
863 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
864 ATARequest Req;
865
866 Assert(PDMCritSectIsOwner(&pCtl->lock));
867
868 /* Do not issue new requests while the RESET line is asserted. */
869 if (pCtl->fReset)
870 {
871 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
872 return;
873 }
874
875 /* If the controller is already doing something else right now, ignore
876 * the command that is being submitted. Some broken guests issue commands
877 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
878 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
879 {
880 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
881 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
882 return;
883 }
884
885 Req.ReqType = ATA_AIO_NEW;
886 if (fChainedTransfer)
887 Req.u.t.iIf = pCtl->iAIOIf;
888 else
889 Req.u.t.iIf = pCtl->iSelectedIf;
890 Req.u.t.cbTotalTransfer = cbTotalTransfer;
891 Req.u.t.uTxDir = uTxDir;
892 Req.u.t.iBeginTransfer = iBeginTransfer;
893 Req.u.t.iSourceSink = iSourceSink;
894 ataSetStatusValue(s, ATA_STAT_BUSY);
895 pCtl->fChainedTransfer = fChainedTransfer;
896
897 /*
898 * Kick the worker thread into action.
899 */
900 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
901 ataAsyncIOPutRequest(pCtl, &Req);
902}
903
904
905/**
906 * Send an abort command request to the async I/O thread.
907 *
908 * @param s Pointer to the ATA device state data.
909 * @param fResetDrive Whether to reset the drive or just abort a command.
910 */
911static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
912{
913 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
914 ATARequest Req;
915
916 Assert(PDMCritSectIsOwner(&pCtl->lock));
917
918 /* Do not issue new requests while the RESET line is asserted. */
919 if (pCtl->fReset)
920 {
921 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
922 return;
923 }
924
925 Req.ReqType = ATA_AIO_ABORT;
926 Req.u.a.iIf = pCtl->iSelectedIf;
927 Req.u.a.fResetDrive = fResetDrive;
928 ataSetStatus(s, ATA_STAT_BUSY);
929 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
930 ataAsyncIOPutRequest(pCtl, &Req);
931}
932
933
934static void ataSetIRQ(ATADevState *s)
935{
936 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
937 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
938
939 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
940 {
941 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
942 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
943 * line is asserted. It monitors the line for a rising edge. */
944 if (!s->fIrqPending)
945 pCtl->BmDma.u8Status |= BM_STATUS_INT;
946 /* Only actually set the IRQ line if updating the currently selected drive. */
947 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
948 {
949 /** @todo experiment with adaptive IRQ delivery: for reads it is
950 * better to wait for IRQ delivery, as it reduces latency. */
951 if (pCtl->irq == 16)
952 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
953 else
954 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
955 }
956 }
957 s->fIrqPending = true;
958}
959
960#endif /* IN_RING3 */
961
962static void ataUnsetIRQ(ATADevState *s)
963{
964 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
965 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
966
967 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
968 {
969 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
970 /* Only actually unset the IRQ line if updating the currently selected drive. */
971 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
972 {
973 if (pCtl->irq == 16)
974 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
975 else
976 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
977 }
978 }
979 s->fIrqPending = false;
980}
981
982#ifdef IN_RING3
983
984static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
985{
986 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
987 s->iIOBufferPIODataStart = start;
988 s->iIOBufferPIODataEnd = start + size;
989 ataSetStatus(s, ATA_STAT_DRQ | ATA_STAT_SEEK);
990}
991
992
993static void ataPIOTransferStop(ATADevState *s)
994{
995 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
996 if (s->fATAPITransfer)
997 {
998 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
999 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1000 ataSetIRQ(s);
1001 s->fATAPITransfer = false;
1002 }
1003 s->cbTotalTransfer = 0;
1004 s->cbElementaryTransfer = 0;
1005 s->iIOBufferPIODataStart = 0;
1006 s->iIOBufferPIODataEnd = 0;
1007 s->iBeginTransfer = ATAFN_BT_NULL;
1008 s->iSourceSink = ATAFN_SS_NULL;
1009}
1010
1011
1012static void ataPIOTransferLimitATAPI(ATADevState *s)
1013{
1014 uint32_t cbLimit, cbTransfer;
1015
1016 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1017 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1018 if (cbLimit == 0)
1019 cbLimit = 0xfffe;
1020 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1021 if (cbLimit == 0xffff)
1022 cbLimit--;
1023 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1024 if (cbTransfer > cbLimit)
1025 {
1026 /* Byte count limit for clipping must be even in this case */
1027 if (cbLimit & 1)
1028 cbLimit--;
1029 cbTransfer = cbLimit;
1030 }
1031 s->uATARegLCyl = cbTransfer;
1032 s->uATARegHCyl = cbTransfer >> 8;
1033 s->cbElementaryTransfer = cbTransfer;
1034}
1035
1036
1037static uint32_t ataGetNSectors(ATADevState *s)
1038{
1039 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1040 if (s->fLBA48)
1041 {
1042 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1043 return 65536;
1044 else
1045 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1046 }
1047 else
1048 {
1049 if (!s->uATARegNSector)
1050 return 256;
1051 else
1052 return s->uATARegNSector;
1053 }
1054}
1055
1056
1057static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1058{
1059 for (uint32_t i = 0; i < cbSize; i++)
1060 {
1061 if (*pbSrc)
1062 pbDst[i ^ 1] = *pbSrc++;
1063 else
1064 pbDst[i ^ 1] = ' ';
1065 }
1066}
1067
1068
1069static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1070{
1071 for (uint32_t i = 0; i < cbSize; i++)
1072 {
1073 if (*pbSrc)
1074 pbDst[i] = *pbSrc++;
1075 else
1076 pbDst[i] = ' ';
1077 }
1078}
1079
1080
1081DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1082{
1083 pbBuf[0] = val >> 8;
1084 pbBuf[1] = val;
1085}
1086
1087
1088DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1089{
1090 pbBuf[0] = val >> 16;
1091 pbBuf[1] = val >> 8;
1092 pbBuf[2] = val;
1093}
1094
1095
1096DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1097{
1098 pbBuf[0] = val >> 24;
1099 pbBuf[1] = val >> 16;
1100 pbBuf[2] = val >> 8;
1101 pbBuf[3] = val;
1102}
1103
1104
1105DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 8) | pbBuf[1];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1114}
1115
1116
1117DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1118{
1119 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1120}
1121
1122
1123DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1124{
1125 iATAPILBA += 150;
1126 pbBuf[0] = (iATAPILBA / 75) / 60;
1127 pbBuf[1] = (iATAPILBA / 75) % 60;
1128 pbBuf[2] = iATAPILBA % 75;
1129}
1130
1131
1132DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1133{
1134 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1135}
1136
1137/**
1138 * Compares two MSF values.
1139 *
1140 * @returns 1 if the first value is greater than the second value.
1141 * 0 if both are equal
1142 * -1 if the first value is smaller than the second value.
1143 */
1144DECLINLINE(int) atapiCmpMSF(const uint8_t *pbMSF1, const uint8_t *pbMSF2)
1145{
1146 int iRes = 0;
1147
1148 for (unsigned i = 0; i < 3; i++)
1149 {
1150 if (pbMSF1[i] < pbMSF2[i])
1151 {
1152 iRes = -1;
1153 break;
1154 }
1155 else if (pbMSF1[i] > pbMSF2[i])
1156 {
1157 iRes = 1;
1158 break;
1159 }
1160 }
1161
1162 return iRes;
1163}
1164
1165/**
1166 * Return the correct sector size from the given LBA.
1167 *
1168 * @returns Sector size.
1169 * @param s ATA Device state.
1170 * @param iATAPILBA The LBA.
1171 */
1172static size_t atapiGetSectorSizeFromLba(ATADevState *s, uint32_t iATAPILBA)
1173{
1174 size_t cbATAPISector = 2048;
1175
1176 /*
1177 * Check if there is a valid CUE Sheet we can use,
1178 * otherwise we just return the standard sector size.
1179 */
1180 if (s->pbCueSheet)
1181 {
1182 uint8_t *pbCueSheetEntry = NULL;
1183 uint8_t iMSF[3];
1184
1185 /*
1186 * Convert the LBA to the MSF format so we can look it up in the cue sheet.
1187 * Note that it is possible to have negative LBA values for the Lead-In area.
1188 * See MMC6 spec chapter 6.46.3.3 for more details.
1189 */
1190 LogFlowFunc(("iATAPILBA=%#x (signed: %d unsigned: %u)\n",
1191 iATAPILBA, (int32_t)iATAPILBA, iATAPILBA));
1192
1193 if ( iATAPILBA > UINT32_C(0xffff4fa1)
1194 && (int32_t)iATAPILBA < -150)
1195 {
1196 /* Lead-In area, this is always the first entry in the cue sheet. */
1197 pbCueSheetEntry = s->pbCueSheet;
1198 LogFlowFunc(("Selected Lead-In area\n"));
1199 }
1200 else
1201 {
1202 iATAPILBA += 150;
1203 iMSF[0] = (iATAPILBA / 75) / 60;
1204 iMSF[1] = (iATAPILBA / 75) % 60;
1205 iMSF[2] = iATAPILBA % 75;
1206
1207 pbCueSheetEntry = s->pbCueSheet + 8; /* Start after the Lead-in track. */
1208
1209 /* Go through the CUE sheet and find the correct entry. */
1210 for (unsigned i = 0; i < (s->cbCueSheet / 8) - 2; i++)
1211 {
1212 if ( atapiCmpMSF(&pbCueSheetEntry[5], iMSF) != 1
1213 && atapiCmpMSF(&pbCueSheetEntry[8+5], iMSF) == 1)
1214 break;
1215 pbCueSheetEntry += 8;
1216 }
1217 LogFlowFunc(("Selected CUE sheet entry iMin=%u iSec=%u iFrame=%u\n",
1218 pbCueSheetEntry[5], pbCueSheetEntry[6], pbCueSheetEntry[7]));
1219 }
1220
1221 if (pbCueSheetEntry)
1222 {
1223 /* Determine size of main data based on the data form field. */
1224 switch (pbCueSheetEntry[3] & 0x3f)
1225 {
1226 case 0x00: /* CD-DA with data. */
1227 case 0x11: /* CD-ROM mode 1 */
1228 case 0x13:
1229 case 0x21: /* CD-ROM XA, CD-I */
1230 case 0x23:
1231 case 0x31: /* CD-ROM Mode 2 */
1232 case 0x33:
1233 cbATAPISector = 2352;
1234 break;
1235 case 0x01: /* CD-DA without data (used for pauses between tracks). */
1236 case 0x14:
1237 case 0x24:
1238 case 0x34:
1239 cbATAPISector = 0;
1240 break;
1241 case 0x10: /* CD-ROM mode 1 */
1242 case 0x12:
1243 cbATAPISector = 2048;
1244 break;
1245 case 0x20: /* CD-ROM XA, CD-I */
1246 case 0x22:
1247 case 0x30: /* CD-ROM Mode 2 */
1248 case 0x32:
1249 cbATAPISector = 2336;
1250 break;
1251 default: /* Reserved, invalid mode. Log and leave default sector size. */
1252 LogRel(("ATA: Invalid data form mode %u for current CUE sheet\n",
1253 pbCueSheetEntry[3] & 0x3f));
1254 }
1255
1256 /* Determine size of sub channel data based on data form field. */
1257 switch ((pbCueSheetEntry[3] & 0xc0) >> 6)
1258 {
1259 case 0x00: /* Sub channel all zeroes, autogenerated by the drive. */
1260 break;
1261 case 0x01:
1262 case 0x03:
1263 cbATAPISector += 96;
1264 break;
1265 default:
1266 LogRel(("ATA: Invalid sub-channel data form mode %u for current CUE sheet\n",
1267 pbCueSheetEntry[3] & 0xc0));
1268 }
1269 }
1270 }
1271
1272 LogFlowFunc(("cbATAPISector=%zu\n", cbATAPISector));
1273 return cbATAPISector;
1274}
1275
1276static void ataCmdOK(ATADevState *s, uint8_t status)
1277{
1278 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1279 ataSetStatusValue(s, ATA_STAT_READY | status);
1280}
1281
1282
1283static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1284{
1285 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1286 Assert(uErrorCode);
1287 s->uATARegError = uErrorCode;
1288 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1289 s->cbTotalTransfer = 0;
1290 s->cbElementaryTransfer = 0;
1291 s->iIOBufferCur = 0;
1292 s->iIOBufferEnd = 0;
1293 s->uTxDir = PDMBLOCKTXDIR_NONE;
1294 s->iBeginTransfer = ATAFN_BT_NULL;
1295 s->iSourceSink = ATAFN_SS_NULL;
1296}
1297
1298static uint32_t ataChecksum(void* ptr, size_t count)
1299{
1300 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1301 size_t i;
1302
1303 for (i = 0; i < count; i++)
1304 {
1305 u8Sum += *p++;
1306 }
1307
1308 return (uint8_t)-(int32_t)u8Sum;
1309}
1310
1311static bool ataIdentifySS(ATADevState *s)
1312{
1313 uint16_t *p;
1314
1315 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1316 Assert(s->cbElementaryTransfer == 512);
1317
1318 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1319 memset(p, 0, 512);
1320 p[0] = RT_H2LE_U16(0x0040);
1321 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1322 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1323 /* Block size; obsolete, but required for the BIOS. */
1324 p[5] = RT_H2LE_U16(512);
1325 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1326 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1327 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1328 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1329 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1330 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1331 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1332#if ATA_MAX_MULT_SECTORS > 1
1333 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1334#endif
1335 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1336 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1337 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1338 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1339 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1340 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1341 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1342 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1343 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1344 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1345 * s->PCHSGeometry.cHeads
1346 * s->PCHSGeometry.cSectors);
1347 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1348 * s->PCHSGeometry.cHeads
1349 * s->PCHSGeometry.cSectors >> 16);
1350 if (s->cMultSectors)
1351 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1352 if (s->cTotalSectors <= (1 << 28) - 1)
1353 {
1354 p[60] = RT_H2LE_U16(s->cTotalSectors);
1355 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1356 }
1357 else
1358 {
1359 /* Report maximum number of sectors possible with LBA28 */
1360 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1361 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1362 }
1363 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1364 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1365 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1366 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1367 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1368 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1369 if (s->pDrvBlock->pfnDiscard)
1370 {
1371 p[80] = RT_H2LE_U16(0x1f0); /* support everything up to ATA/ATAPI-8 ACS */
1372 p[81] = RT_H2LE_U16(0x28); /* conforms to ATA/ATAPI-8 ACS */
1373 }
1374 else
1375 {
1376 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1377 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1378 }
1379 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1380 if (s->cTotalSectors <= (1 << 28) - 1)
1381 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1382 else
1383 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1384 p[84] = RT_H2LE_U16(1 << 14);
1385 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1386 if (s->cTotalSectors <= (1 << 28) - 1)
1387 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1388 else
1389 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1390 p[87] = RT_H2LE_U16(1 << 14);
1391 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1392 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1393 if (s->cTotalSectors > (1 << 28) - 1)
1394 {
1395 p[100] = RT_H2LE_U16(s->cTotalSectors);
1396 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1397 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1398 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1399 }
1400 if (s->pDrvBlock->pfnDiscard) /** @todo: Set bit 14 in word 69 too? (Deterministic read after TRIM). */
1401 p[169] = RT_H2LE_U16(1); /* DATA SET MANAGEMENT command supported. */
1402 if (s->fNonRotational)
1403 p[217] = RT_H2LE_U16(1); /* Non-rotational medium */
1404 uint32_t uCsum = ataChecksum(p, 510);
1405 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1406 s->iSourceSink = ATAFN_SS_NULL;
1407 ataCmdOK(s, ATA_STAT_SEEK);
1408 return false;
1409}
1410
1411
1412static bool ataFlushSS(ATADevState *s)
1413{
1414 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1415 int rc;
1416
1417 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1418 Assert(!s->cbElementaryTransfer);
1419
1420 PDMCritSectLeave(&pCtl->lock);
1421
1422 STAM_PROFILE_START(&s->StatFlushes, f);
1423 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1424 AssertRC(rc);
1425 STAM_PROFILE_STOP(&s->StatFlushes, f);
1426
1427 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1428 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1429 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1430 ataCmdOK(s, 0);
1431 return false;
1432}
1433
1434static bool atapiIdentifySS(ATADevState *s)
1435{
1436 uint16_t *p;
1437
1438 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1439 Assert(s->cbElementaryTransfer == 512);
1440
1441 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1442 memset(p, 0, 512);
1443 /* Removable CDROM, 50us response, 12 byte packets */
1444 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1445 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1446 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1447 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1448 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1449 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1450 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1451 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1452 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1453 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1454 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1455 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1456 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1457 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1458 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1459 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1460 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1461 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1462 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1463 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1464 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1465 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1466 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1467 p[83] = RT_H2LE_U16(1 << 14);
1468 p[84] = RT_H2LE_U16(1 << 14);
1469 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1470 p[86] = RT_H2LE_U16(0);
1471 p[87] = RT_H2LE_U16(1 << 14);
1472 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1473 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1474 /* According to ATAPI-5 spec:
1475 *
1476 * The use of this word is optional.
1477 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1478 * contain the data
1479 * structure checksum.
1480 * The data structure checksum is the twos complement of the sum of
1481 * all bytes in words 0 through 254 and the byte consisting of
1482 * bits 7:0 in word 255.
1483 * Each byte shall be added with unsigned arithmetic,
1484 * and overflow shall be ignored.
1485 * The sum of all 512 bytes is zero when the checksum is correct.
1486 */
1487 uint32_t uCsum = ataChecksum(p, 510);
1488 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1489
1490 s->iSourceSink = ATAFN_SS_NULL;
1491 ataCmdOK(s, ATA_STAT_SEEK);
1492 return false;
1493}
1494
1495
1496static void ataSetSignature(ATADevState *s)
1497{
1498 s->uATARegSelect &= 0xf0; /* clear head */
1499 /* put signature */
1500 s->uATARegNSector = 1;
1501 s->uATARegSector = 1;
1502 if (s->fATAPI)
1503 {
1504 s->uATARegLCyl = 0x14;
1505 s->uATARegHCyl = 0xeb;
1506 }
1507 else if (s->pDrvBlock)
1508 {
1509 s->uATARegLCyl = 0;
1510 s->uATARegHCyl = 0;
1511 }
1512 else
1513 {
1514 s->uATARegLCyl = 0xff;
1515 s->uATARegHCyl = 0xff;
1516 }
1517}
1518
1519
1520static uint64_t ataGetSector(ATADevState *s)
1521{
1522 uint64_t iLBA;
1523 if (s->uATARegSelect & 0x40)
1524 {
1525 /* any LBA variant */
1526 if (s->fLBA48)
1527 {
1528 /* LBA48 */
1529 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1530 ((uint64_t)s->uATARegLCylHOB << 32) |
1531 ((uint64_t)s->uATARegSectorHOB << 24) |
1532 ((uint64_t)s->uATARegHCyl << 16) |
1533 ((uint64_t)s->uATARegLCyl << 8) |
1534 s->uATARegSector;
1535 }
1536 else
1537 {
1538 /* LBA */
1539 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1540 (s->uATARegLCyl << 8) | s->uATARegSector;
1541 }
1542 }
1543 else
1544 {
1545 /* CHS */
1546 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1547 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1548 (s->uATARegSector - 1);
1549 }
1550 return iLBA;
1551}
1552
1553static void ataSetSector(ATADevState *s, uint64_t iLBA)
1554{
1555 uint32_t cyl, r;
1556 if (s->uATARegSelect & 0x40)
1557 {
1558 /* any LBA variant */
1559 if (s->fLBA48)
1560 {
1561 /* LBA48 */
1562 s->uATARegHCylHOB = iLBA >> 40;
1563 s->uATARegLCylHOB = iLBA >> 32;
1564 s->uATARegSectorHOB = iLBA >> 24;
1565 s->uATARegHCyl = iLBA >> 16;
1566 s->uATARegLCyl = iLBA >> 8;
1567 s->uATARegSector = iLBA;
1568 }
1569 else
1570 {
1571 /* LBA */
1572 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1573 s->uATARegHCyl = (iLBA >> 16);
1574 s->uATARegLCyl = (iLBA >> 8);
1575 s->uATARegSector = (iLBA);
1576 }
1577 }
1578 else
1579 {
1580 /* CHS */
1581 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1582 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1583 s->uATARegHCyl = cyl >> 8;
1584 s->uATARegLCyl = cyl;
1585 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1586 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1587 }
1588}
1589
1590
1591static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1592{
1593 int rc;
1594 LogRel(("PIIX3 ATA: Host disk full\n"));
1595 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1596 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1597 AssertRC(rc);
1598}
1599
1600static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1601{
1602 int rc;
1603 LogRel(("PIIX3 ATA: File too big\n"));
1604 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1605 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1606 AssertRC(rc);
1607}
1608
1609static void ataWarningISCSI(PPDMDEVINS pDevIns)
1610{
1611 int rc;
1612 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1613 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1614 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1615 AssertRC(rc);
1616}
1617
1618static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1619{
1620 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1621 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1622 if (rc == VERR_DISK_FULL)
1623 {
1624 pCtl->fRedoIdle = true;
1625 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1626 return true;
1627 }
1628 if (rc == VERR_FILE_TOO_BIG)
1629 {
1630 pCtl->fRedoIdle = true;
1631 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1632 return true;
1633 }
1634 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1635 {
1636 pCtl->fRedoIdle = true;
1637 /* iSCSI connection abort (first error) or failure to reestablish
1638 * connection (second error). Pause VM. On resume we'll retry. */
1639 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1640 return true;
1641 }
1642 return false;
1643}
1644
1645
1646static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1647 uint32_t cSectors, bool *pfRedo)
1648{
1649 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1650 int rc;
1651
1652 PDMCritSectLeave(&pCtl->lock);
1653
1654 STAM_PROFILE_ADV_START(&s->StatReads, r);
1655 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1656 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1657 s->Led.Actual.s.fReading = 0;
1658 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1659
1660 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1661
1662 if (RT_SUCCESS(rc))
1663 *pfRedo = false;
1664 else
1665 *pfRedo = ataIsRedoSetWarning(s, rc);
1666
1667 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1668 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1669 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1670 return rc;
1671}
1672
1673
1674static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1675 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1676{
1677 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1678 int rc;
1679
1680 PDMCritSectLeave(&pCtl->lock);
1681
1682 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1683 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1684#ifdef VBOX_INSTRUMENT_DMA_WRITES
1685 if (s->fDMA)
1686 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1687#endif
1688 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1689#ifdef VBOX_INSTRUMENT_DMA_WRITES
1690 if (s->fDMA)
1691 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1692#endif
1693 s->Led.Actual.s.fWriting = 0;
1694 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1695
1696 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1697
1698 if (RT_SUCCESS(rc))
1699 *pfRedo = false;
1700 else
1701 *pfRedo = ataIsRedoSetWarning(s, rc);
1702
1703 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1704 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1705 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1706 return rc;
1707}
1708
1709
1710static void ataReadWriteSectorsBT(ATADevState *s)
1711{
1712 uint32_t cSectors;
1713
1714 cSectors = s->cbTotalTransfer / 512;
1715 if (cSectors > s->cSectorsPerIRQ)
1716 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1717 else
1718 s->cbElementaryTransfer = cSectors * 512;
1719 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1720 ataCmdOK(s, 0);
1721}
1722
1723
1724static bool ataReadSectorsSS(ATADevState *s)
1725{
1726 int rc;
1727 uint32_t cSectors;
1728 uint64_t iLBA;
1729 bool fRedo;
1730
1731 cSectors = s->cbElementaryTransfer / 512;
1732 Assert(cSectors);
1733 iLBA = ataGetSector(s);
1734 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1735 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1736 if (RT_SUCCESS(rc))
1737 {
1738 ataSetSector(s, iLBA + cSectors);
1739 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1740 s->iSourceSink = ATAFN_SS_NULL;
1741 ataCmdOK(s, ATA_STAT_SEEK);
1742 }
1743 else
1744 {
1745 if (fRedo)
1746 return fRedo;
1747 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1748 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1749 s->iLUN, rc, iLBA, cSectors));
1750
1751 /*
1752 * Check if we got interrupted. We don't need to set status variables
1753 * because the request was aborted.
1754 */
1755 if (rc != VERR_INTERRUPTED)
1756 ataCmdError(s, ID_ERR);
1757 }
1758 return false;
1759}
1760
1761
1762static bool ataWriteSectorsSS(ATADevState *s)
1763{
1764 int rc;
1765 uint32_t cSectors;
1766 uint64_t iLBA;
1767 bool fRedo;
1768
1769 cSectors = s->cbElementaryTransfer / 512;
1770 Assert(cSectors);
1771 iLBA = ataGetSector(s);
1772 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1773 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1774 if (RT_SUCCESS(rc))
1775 {
1776 ataSetSector(s, iLBA + cSectors);
1777 if (!s->cbTotalTransfer)
1778 s->iSourceSink = ATAFN_SS_NULL;
1779 ataCmdOK(s, ATA_STAT_SEEK);
1780 }
1781 else
1782 {
1783 if (fRedo)
1784 return fRedo;
1785 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1786 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1787 s->iLUN, rc, iLBA, cSectors));
1788
1789 /*
1790 * Check if we got interrupted. We don't need to set status variables
1791 * because the request was aborted.
1792 */
1793 if (rc != VERR_INTERRUPTED)
1794 ataCmdError(s, ID_ERR);
1795 }
1796 return false;
1797}
1798
1799
1800static void atapiCmdOK(ATADevState *s)
1801{
1802 s->uATARegError = 0;
1803 ataSetStatusValue(s, ATA_STAT_READY);
1804 s->uATARegNSector = (s->uATARegNSector & ~7)
1805 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1806 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1807 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1808
1809 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1810 s->abATAPISense[0] = 0x70 | (1 << 7);
1811 s->abATAPISense[7] = 10;
1812}
1813
1814
1815static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1816{
1817 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1818 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1819 s->uATARegError = pabATAPISense[2] << 4;
1820 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1821 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1822 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1823 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1824 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1825 s->cbTotalTransfer = 0;
1826 s->cbElementaryTransfer = 0;
1827 s->iIOBufferCur = 0;
1828 s->iIOBufferEnd = 0;
1829 s->uTxDir = PDMBLOCKTXDIR_NONE;
1830 s->iBeginTransfer = ATAFN_BT_NULL;
1831 s->iSourceSink = ATAFN_SS_NULL;
1832}
1833
1834
1835/** @todo deprecated function - doesn't provide enough info. Replace by direct
1836 * calls to atapiCmdError() with full data. */
1837static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1838{
1839 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1840 memset(abATAPISense, '\0', sizeof(abATAPISense));
1841 abATAPISense[0] = 0x70 | (1 << 7);
1842 abATAPISense[2] = uATAPISenseKey & 0x0f;
1843 abATAPISense[7] = 10;
1844 abATAPISense[12] = uATAPIASC;
1845 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1846}
1847
1848
1849static void atapiCmdBT(ATADevState *s)
1850{
1851 s->fATAPITransfer = true;
1852 s->cbElementaryTransfer = s->cbTotalTransfer;
1853 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1854 atapiCmdOK(s);
1855}
1856
1857
1858static void atapiPassthroughCmdBT(ATADevState *s)
1859{
1860 /* @todo implement an algorithm for correctly determining the read and
1861 * write sector size without sending additional commands to the drive.
1862 * This should be doable by saving processing the configuration requests
1863 * and replies. */
1864#if 0
1865 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1866 {
1867 uint8_t cmd = s->aATAPICmd[0];
1868 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1869 {
1870 uint8_t aModeSenseCmd[10];
1871 uint8_t aModeSenseResult[16];
1872 uint8_t uDummySense;
1873 uint32_t cbTransfer;
1874 int rc;
1875
1876 cbTransfer = sizeof(aModeSenseResult);
1877 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1878 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1879 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1880 aModeSenseCmd[3] = 0; /* subpage code */
1881 aModeSenseCmd[4] = 0; /* reserved */
1882 aModeSenseCmd[5] = 0; /* reserved */
1883 aModeSenseCmd[6] = 0; /* reserved */
1884 aModeSenseCmd[7] = cbTransfer >> 8;
1885 aModeSenseCmd[8] = cbTransfer & 0xff;
1886 aModeSenseCmd[9] = 0; /* control */
1887 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1888 if (RT_FAILURE(rc))
1889 {
1890 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1891 return;
1892 }
1893 /* Select sector size based on the current data block type. */
1894 switch (aModeSenseResult[12] & 0x0f)
1895 {
1896 case 0:
1897 s->cbATAPISector = 2352;
1898 break;
1899 case 1:
1900 s->cbATAPISector = 2368;
1901 break;
1902 case 2:
1903 case 3:
1904 s->cbATAPISector = 2448;
1905 break;
1906 case 8:
1907 case 10:
1908 s->cbATAPISector = 2048;
1909 break;
1910 case 9:
1911 s->cbATAPISector = 2336;
1912 break;
1913 case 11:
1914 s->cbATAPISector = 2056;
1915 break;
1916 case 12:
1917 s->cbATAPISector = 2324;
1918 break;
1919 case 13:
1920 s->cbATAPISector = 2332;
1921 break;
1922 default:
1923 s->cbATAPISector = 0;
1924 }
1925 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1926 s->cbTotalTransfer *= s->cbATAPISector;
1927 if (s->cbTotalTransfer == 0)
1928 s->uTxDir = PDMBLOCKTXDIR_NONE;
1929 }
1930 }
1931#endif
1932 atapiCmdBT(s);
1933}
1934
1935
1936static bool atapiReadSS(ATADevState *s)
1937{
1938 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1939 int rc = VINF_SUCCESS;
1940 uint32_t cbTransfer, cSectors;
1941
1942 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1943 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1944 cSectors = cbTransfer / s->cbATAPISector;
1945 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1946 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1947
1948 PDMCritSectLeave(&pCtl->lock);
1949
1950 STAM_PROFILE_ADV_START(&s->StatReads, r);
1951 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1952 switch (s->cbATAPISector)
1953 {
1954 case 2048:
1955 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1956 break;
1957 case 2352:
1958 {
1959 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1960
1961 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1962 {
1963 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1964 *pbBuf++ = 0x00;
1965 memset(pbBuf, 0xff, 10);
1966 pbBuf += 10;
1967 *pbBuf++ = 0x00;
1968 /* MSF */
1969 ataLBA2MSF(pbBuf, i);
1970 pbBuf += 3;
1971 *pbBuf++ = 0x01; /* mode 1 data */
1972 /* data */
1973 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1974 if (RT_FAILURE(rc))
1975 break;
1976 pbBuf += 2048;
1977 /**
1978 * @todo: maybe compute ECC and parity, layout is:
1979 * 2072 4 EDC
1980 * 2076 172 P parity symbols
1981 * 2248 104 Q parity symbols
1982 */
1983 memset(pbBuf, 0, 280);
1984 pbBuf += 280;
1985 }
1986 }
1987 break;
1988 default:
1989 break;
1990 }
1991 s->Led.Actual.s.fReading = 0;
1992 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1993
1994 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1995 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1996 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1997
1998 if (RT_SUCCESS(rc))
1999 {
2000 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
2001
2002 /* The initial buffer end value has been set up based on the total
2003 * transfer size. But the I/O buffer size limits what can actually be
2004 * done in one transfer, so set the actual value of the buffer end. */
2005 s->cbElementaryTransfer = cbTransfer;
2006 if (cbTransfer >= s->cbTotalTransfer)
2007 s->iSourceSink = ATAFN_SS_NULL;
2008 atapiCmdOK(s);
2009 s->iATAPILBA += cSectors;
2010 }
2011 else
2012 {
2013 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2014 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
2015
2016 /*
2017 * Check if we got interrupted. We don't need to set status variables
2018 * because the request was aborted.
2019 */
2020 if (rc != VERR_INTERRUPTED)
2021 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
2022 }
2023 return false;
2024}
2025
2026/**
2027 * Sets the given media track type.
2028 */
2029static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
2030{
2031 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
2032}
2033
2034static bool atapiPassthroughSS(ATADevState *s)
2035{
2036 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2037 int rc = VINF_SUCCESS;
2038 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
2039 uint32_t cbTransfer;
2040 PSTAMPROFILEADV pProf = NULL;
2041
2042 cbTransfer = RT_MIN(s->cbElementaryTransfer, s->cbIOBuffer);
2043
2044 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
2045 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2046
2047 /* Simple heuristics: if there is at least one sector of data
2048 * to transfer, it's worth updating the LEDs. */
2049 if (cbTransfer >= 2048)
2050 {
2051 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2052 {
2053 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
2054 pProf = &s->StatReads;
2055 }
2056 else
2057 {
2058 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
2059 pProf = &s->StatWrites;
2060 }
2061 }
2062
2063 PDMCritSectLeave(&pCtl->lock);
2064
2065#if defined(LOG_ENABLED)
2066 char szBuf[1024];
2067
2068 memset(szBuf, 0, sizeof(szBuf));
2069
2070 switch (s->aATAPICmd[0])
2071 {
2072 case SCSI_MODE_SELECT_10:
2073 {
2074 size_t cbBlkDescLength = ataBE2H_U16(&s->CTX_SUFF(pbIOBuffer)[6]);
2075
2076 SCSILogModePage(szBuf, sizeof(szBuf) - 1,
2077 s->CTX_SUFF(pbIOBuffer) + 8 + cbBlkDescLength,
2078 cbTransfer - 8 - cbBlkDescLength);
2079 break;
2080 }
2081 case SCSI_SEND_CUE_SHEET:
2082 {
2083 SCSILogCueSheet(szBuf, sizeof(szBuf) - 1,
2084 s->CTX_SUFF(pbIOBuffer), cbTransfer);
2085 break;
2086 }
2087 default:
2088 break;
2089 }
2090
2091 Log2(("%s\n", szBuf));
2092#endif
2093
2094 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
2095 if ( cbTransfer > SCSI_MAX_BUFFER_SIZE
2096 || s->cbElementaryTransfer > s->cbIOBuffer)
2097 {
2098 /* Linux accepts commands with up to 100KB of data, but expects
2099 * us to handle commands with up to 128KB of data. The usual
2100 * imbalance of powers. */
2101 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
2102 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
2103 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2104 uint32_t cSectorsMax; /**< Maximum amount of sectors to read without exceeding the I/O buffer. */
2105
2106 Assert(s->cbATAPISector);
2107 cSectorsMax = cbTransfer / s->cbATAPISector;
2108 Assert(cSectorsMax * s->cbATAPISector <= s->cbIOBuffer);
2109
2110 switch (s->aATAPICmd[0])
2111 {
2112 case SCSI_READ_10:
2113 case SCSI_WRITE_10:
2114 case SCSI_WRITE_AND_VERIFY_10:
2115 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2116 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
2117 break;
2118 case SCSI_READ_12:
2119 case SCSI_WRITE_12:
2120 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2121 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
2122 break;
2123 case SCSI_READ_CD:
2124 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2125 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
2126 break;
2127 case SCSI_READ_CD_MSF:
2128 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
2129 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
2130 break;
2131 default:
2132 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2133 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2134 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2135 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2136 {
2137 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2138 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2139 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2140 }
2141 return false;
2142 }
2143 cSectorsMax = RT_MIN(cSectorsMax, cSectors);
2144 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
2145 cReqSectors = 0;
2146 for (uint32_t i = cSectorsMax; i > 0; i -= cReqSectors)
2147 {
2148 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
2149 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
2150 else
2151 cReqSectors = i;
2152 cbCurrTX = s->cbATAPISector * cReqSectors;
2153 switch (s->aATAPICmd[0])
2154 {
2155 case SCSI_READ_10:
2156 case SCSI_WRITE_10:
2157 case SCSI_WRITE_AND_VERIFY_10:
2158 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2159 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
2160 break;
2161 case SCSI_READ_12:
2162 case SCSI_WRITE_12:
2163 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2164 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
2165 break;
2166 case SCSI_READ_CD:
2167 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2168 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
2169 break;
2170 case SCSI_READ_CD_MSF:
2171 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
2172 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
2173 break;
2174 }
2175 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2176 if (rc != VINF_SUCCESS)
2177 break;
2178 iATAPILBA += cReqSectors;
2179 pbBuf += s->cbATAPISector * cReqSectors;
2180 }
2181
2182 if (RT_SUCCESS(rc))
2183 {
2184 /* Adjust ATAPI command for the next call. */
2185 switch (s->aATAPICmd[0])
2186 {
2187 case SCSI_READ_10:
2188 case SCSI_WRITE_10:
2189 case SCSI_WRITE_AND_VERIFY_10:
2190 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2191 ataH2BE_U16(s->aATAPICmd + 7, cSectors - cSectorsMax);
2192 break;
2193 case SCSI_READ_12:
2194 case SCSI_WRITE_12:
2195 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2196 ataH2BE_U32(s->aATAPICmd + 6, cSectors - cSectorsMax);
2197 break;
2198 case SCSI_READ_CD:
2199 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2200 ataH2BE_U24(s->aATAPICmd + 6, cSectors - cSectorsMax);
2201 break;
2202 case SCSI_READ_CD_MSF:
2203 ataLBA2MSF(s->aATAPICmd + 3, iATAPILBA);
2204 ataLBA2MSF(s->aATAPICmd + 6, iATAPILBA + cSectors - cSectorsMax);
2205 break;
2206 default:
2207 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2208 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2209 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2210 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2211 return false;
2212 }
2213 }
2214 }
2215 else
2216 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2217 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2218
2219 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2220 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2221 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2222
2223 /* Update the LEDs and the read/write statistics. */
2224 if (cbTransfer >= 2048)
2225 {
2226 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2227 {
2228 s->Led.Actual.s.fReading = 0;
2229 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2230 }
2231 else
2232 {
2233 s->Led.Actual.s.fWriting = 0;
2234 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2235 }
2236 }
2237
2238 if (RT_SUCCESS(rc))
2239 {
2240 /* Do post processing for certain commands. */
2241 switch (s->aATAPICmd[0])
2242 {
2243 case SCSI_SEND_CUE_SHEET:
2244 {
2245 /* Save the CUE sheet to determine sector sizes during writes */
2246 if (s->pbCueSheet)
2247 {
2248 s->cbCueSheet = 0;
2249 RTMemFree(s->pbCueSheet);
2250 }
2251
2252 s->pbCueSheet = (uint8_t *)RTMemAllocZ(s->cbElementaryTransfer);
2253 if (s->pbCueSheet)
2254 {
2255 s->cbCueSheet = s->cbElementaryTransfer;
2256 memcpy(s->pbCueSheet, s->CTX_SUFF(pbIOBuffer), s->cbElementaryTransfer);
2257 }
2258 else if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2259 LogRel(("ATA: Out of memory while saving the CUE sheet, burning disc might fail\n"));
2260 break;
2261 }
2262 case SCSI_SYNCHRONIZE_CACHE:
2263 {
2264 /* Free the current CUE sheet after session at once recording. */
2265 if (s->pbCueSheet)
2266 {
2267 s->cbCueSheet = 0;
2268 RTMemFree(s->pbCueSheet);
2269 s->pbCueSheet = NULL;
2270 }
2271 break;
2272 }
2273 }
2274
2275 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2276 {
2277 Assert(cbTransfer <= s->cbTotalTransfer);
2278 /*
2279 * Reply with the same amount of data as the real drive
2280 * but only if the command wasn't splitted.
2281 */
2282 if (s->cbElementaryTransfer < s->cbIOBuffer)
2283 s->cbTotalTransfer = cbTransfer;
2284
2285 if ( s->aATAPICmd[0] == SCSI_INQUIRY
2286 && s->fOverwriteInquiry)
2287 {
2288 /* Make sure that the real drive cannot be identified.
2289 * Motivation: changing the VM configuration should be as
2290 * invisible as possible to the guest. */
2291 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2292 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2293 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2294 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2295 }
2296 else if (s->aATAPICmd[0] == SCSI_READ_TOC_PMA_ATIP)
2297 {
2298 /* Set the media type if we can detect it. */
2299 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2300
2301 /** @todo: Implemented only for formatted TOC now. */
2302 if ( (s->aATAPICmd[1] & 0xf) == 0
2303 && cbTransfer >= 6)
2304 {
2305 uint32_t NewMediaType;
2306 uint32_t OldMediaType;
2307
2308 if (pbBuf[5] & 0x4)
2309 NewMediaType = ATA_MEDIA_TYPE_DATA;
2310 else
2311 NewMediaType = ATA_MEDIA_TYPE_CDDA;
2312
2313 OldMediaType = ataMediumTypeSet(s, NewMediaType);
2314
2315 if (OldMediaType != NewMediaType)
2316 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough, detected %s CD\n",
2317 s->iLUN,
2318 NewMediaType == ATA_MEDIA_TYPE_DATA
2319 ? "data"
2320 : "audio"));
2321 }
2322 else /* Play safe and set to unknown. */
2323 ataMediumTypeSet(s, ATA_MEDIA_TYPE_UNKNOWN);
2324 }
2325 if (cbTransfer)
2326 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2327 }
2328
2329 /* The initial buffer end value has been set up based on the total
2330 * transfer size. But the I/O buffer size limits what can actually be
2331 * done in one transfer, so set the actual value of the buffer end. */
2332 s->cbElementaryTransfer = cbTransfer;
2333 if (cbTransfer >= s->cbTotalTransfer)
2334 {
2335 s->iSourceSink = ATAFN_SS_NULL;
2336 atapiCmdOK(s);
2337 }
2338 }
2339 else
2340 {
2341 if (s->cErrors < MAX_LOG_REL_ERRORS)
2342 {
2343 uint8_t u8Cmd = s->aATAPICmd[0];
2344 do
2345 {
2346 /* don't log superfluous errors */
2347 if ( rc == VERR_DEV_IO_ERROR
2348 && ( u8Cmd == SCSI_TEST_UNIT_READY
2349 || u8Cmd == SCSI_READ_CAPACITY
2350 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2351 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2352 break;
2353 s->cErrors++;
2354 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2355 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2356 } while (0);
2357 }
2358 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2359 }
2360 return false;
2361}
2362
2363/** @todo: Revise ASAP. */
2364static bool atapiReadDVDStructureSS(ATADevState *s)
2365{
2366 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2367 int media = s->aATAPICmd[1];
2368 int format = s->aATAPICmd[7];
2369
2370 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2371
2372 memset(buf, 0, max_len);
2373
2374 switch (format) {
2375 case 0x00:
2376 case 0x01:
2377 case 0x02:
2378 case 0x03:
2379 case 0x04:
2380 case 0x05:
2381 case 0x06:
2382 case 0x07:
2383 case 0x08:
2384 case 0x09:
2385 case 0x0a:
2386 case 0x0b:
2387 case 0x0c:
2388 case 0x0d:
2389 case 0x0e:
2390 case 0x0f:
2391 case 0x10:
2392 case 0x11:
2393 case 0x30:
2394 case 0x31:
2395 case 0xff:
2396 if (media == 0)
2397 {
2398 int uASC = SCSI_ASC_NONE;
2399
2400 switch (format)
2401 {
2402 case 0x0: /* Physical format information */
2403 {
2404 int layer = s->aATAPICmd[6];
2405 uint64_t total_sectors;
2406
2407 if (layer != 0)
2408 {
2409 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2410 break;
2411 }
2412
2413 total_sectors = s->cTotalSectors;
2414 total_sectors >>= 2;
2415 if (total_sectors == 0)
2416 {
2417 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2418 break;
2419 }
2420
2421 buf[4] = 1; /* DVD-ROM, part version 1 */
2422 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2423 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2424 buf[7] = 0; /* default densities */
2425
2426 /* FIXME: 0x30000 per spec? */
2427 ataH2BE_U32(buf + 8, 0); /* start sector */
2428 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2429 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2430
2431 /* Size of buffer, not including 2 byte size field */
2432 ataH2BE_U32(&buf[0], 2048 + 2);
2433
2434 /* 2k data + 4 byte header */
2435 uASC = (2048 + 4);
2436 }
2437 break;
2438 case 0x01: /* DVD copyright information */
2439 buf[4] = 0; /* no copyright data */
2440 buf[5] = 0; /* no region restrictions */
2441
2442 /* Size of buffer, not including 2 byte size field */
2443 ataH2BE_U16(buf, 4 + 2);
2444
2445 /* 4 byte header + 4 byte data */
2446 uASC = (4 + 4);
2447
2448 case 0x03: /* BCA information - invalid field for no BCA info */
2449 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2450 break;
2451
2452 case 0x04: /* DVD disc manufacturing information */
2453 /* Size of buffer, not including 2 byte size field */
2454 ataH2BE_U16(buf, 2048 + 2);
2455
2456 /* 2k data + 4 byte header */
2457 uASC = (2048 + 4);
2458 break;
2459 case 0xff:
2460 /*
2461 * This lists all the command capabilities above. Add new ones
2462 * in order and update the length and buffer return values.
2463 */
2464
2465 buf[4] = 0x00; /* Physical format */
2466 buf[5] = 0x40; /* Not writable, is readable */
2467 ataH2BE_U16((buf + 6), 2048 + 4);
2468
2469 buf[8] = 0x01; /* Copyright info */
2470 buf[9] = 0x40; /* Not writable, is readable */
2471 ataH2BE_U16((buf + 10), 4 + 4);
2472
2473 buf[12] = 0x03; /* BCA info */
2474 buf[13] = 0x40; /* Not writable, is readable */
2475 ataH2BE_U16((buf + 14), 188 + 4);
2476
2477 buf[16] = 0x04; /* Manufacturing info */
2478 buf[17] = 0x40; /* Not writable, is readable */
2479 ataH2BE_U16((buf + 18), 2048 + 4);
2480
2481 /* Size of buffer, not including 2 byte size field */
2482 ataH2BE_U16(buf, 16 + 2);
2483
2484 /* data written + 4 byte header */
2485 uASC = (16 + 4);
2486 break;
2487 default: /* TODO: formats beyond DVD-ROM requires */
2488 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2489 }
2490
2491 if (uASC < 0)
2492 {
2493 s->iSourceSink = ATAFN_SS_NULL;
2494 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2495 return false;
2496 }
2497 break;
2498 }
2499 /* TODO: BD support, fall through for now */
2500
2501 /* Generic disk structures */
2502 case 0x80: /* TODO: AACS volume identifier */
2503 case 0x81: /* TODO: AACS media serial number */
2504 case 0x82: /* TODO: AACS media identifier */
2505 case 0x83: /* TODO: AACS media key block */
2506 case 0x90: /* TODO: List of recognized format layers */
2507 case 0xc0: /* TODO: Write protection status */
2508 default:
2509 s->iSourceSink = ATAFN_SS_NULL;
2510 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2511 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2512 return false;
2513 }
2514
2515 s->iSourceSink = ATAFN_SS_NULL;
2516 atapiCmdOK(s);
2517 return false;
2518}
2519
2520static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2521{
2522 Assert(cSectors > 0);
2523 s->iATAPILBA = iATAPILBA;
2524 s->cbATAPISector = cbSector;
2525 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2526 return false;
2527}
2528
2529
2530static bool atapiReadCapacitySS(ATADevState *s)
2531{
2532 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2533
2534 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2535 Assert(s->cbElementaryTransfer <= 8);
2536 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2537 ataH2BE_U32(pbBuf + 4, 2048);
2538 s->iSourceSink = ATAFN_SS_NULL;
2539 atapiCmdOK(s);
2540 return false;
2541}
2542
2543
2544static bool atapiReadDiscInformationSS(ATADevState *s)
2545{
2546 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2547
2548 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2549 Assert(s->cbElementaryTransfer <= 34);
2550 memset(pbBuf, '\0', 34);
2551 ataH2BE_U16(pbBuf, 32);
2552 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2553 pbBuf[3] = 1; /* number of first track */
2554 pbBuf[4] = 1; /* number of sessions (LSB) */
2555 pbBuf[5] = 1; /* first track number in last session (LSB) */
2556 pbBuf[6] = 1; /* last track number in last session (LSB) */
2557 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2558 pbBuf[8] = 0; /* disc type = CD-ROM */
2559 pbBuf[9] = 0; /* number of sessions (MSB) */
2560 pbBuf[10] = 0; /* number of sessions (MSB) */
2561 pbBuf[11] = 0; /* number of sessions (MSB) */
2562 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2563 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2564 s->iSourceSink = ATAFN_SS_NULL;
2565 atapiCmdOK(s);
2566 return false;
2567}
2568
2569
2570static bool atapiReadTrackInformationSS(ATADevState *s)
2571{
2572 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2573
2574 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2575 Assert(s->cbElementaryTransfer <= 36);
2576 /* Accept address/number type of 1 only, and only track 1 exists. */
2577 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2578 {
2579 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2580 return false;
2581 }
2582 memset(pbBuf, '\0', 36);
2583 ataH2BE_U16(pbBuf, 34);
2584 pbBuf[2] = 1; /* track number (LSB) */
2585 pbBuf[3] = 1; /* session number (LSB) */
2586 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2587 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2588 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2589 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2590 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2591 pbBuf[32] = 0; /* track number (MSB) */
2592 pbBuf[33] = 0; /* session number (MSB) */
2593 s->iSourceSink = ATAFN_SS_NULL;
2594 atapiCmdOK(s);
2595 return false;
2596}
2597
2598static size_t atapiGetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2599{
2600 if (cbBuf < 3*4)
2601 return 0;
2602
2603 ataH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2604 pbBuf[2] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2605 pbBuf[3] = 8; /* additional bytes for profiles */
2606 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2607 * before CD-ROM read capability. */
2608 ataH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2609 pbBuf[6] = (0 << 0); /* NOT current profile */
2610 ataH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2611 pbBuf[10] = (1 << 0); /* current profile */
2612
2613 return 3*4; /* Header + 2 profiles entries */
2614}
2615
2616static size_t atapiGetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2617{
2618 if (cbBuf < 12)
2619 return 0;
2620
2621 ataH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2622 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2623 pbBuf[3] = 8; /* Additional length */
2624 ataH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2625 pbBuf[8] = RT_BIT(0); /* DBE */
2626 /* Rest is reserved. */
2627
2628 return 12;
2629}
2630
2631static size_t atapiGetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2632{
2633 if (cbBuf < 8)
2634 return 0;
2635
2636 ataH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2637 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2638 pbBuf[3] = 4; /* Additional length */
2639 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2640 /* Rest is reserved. */
2641
2642 return 8;
2643}
2644
2645static size_t atapiGetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2646{
2647 if (cbBuf < 8)
2648 return 0;
2649
2650 ataH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2651 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2652 pbBuf[3] = 4; /* Additional length */
2653 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2654 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2655 /* Rest is reserved. */
2656
2657 return 8;
2658}
2659
2660static size_t atapiGetConfigurationFillFeatureRandomReadable(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2661{
2662 if (cbBuf < 12)
2663 return 0;
2664
2665 ataH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2666 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2667 pbBuf[3] = 8; /* Additional length */
2668 ataH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2669 ataH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2670 pbBuf[10] = 0; /* PP not present */
2671 /* Rest is reserved. */
2672
2673 return 12;
2674}
2675
2676static size_t atapiGetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2677{
2678 if (cbBuf < 8)
2679 return 0;
2680
2681 ataH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2682 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2683 pbBuf[3] = 0; /* Additional length */
2684 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2685 /* Rest is reserved. */
2686
2687 return 8;
2688}
2689
2690static size_t atapiGetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2691{
2692 if (cbBuf < 4)
2693 return 0;
2694
2695 ataH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2696 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2697 pbBuf[3] = 0; /* Additional length */
2698
2699 return 4;
2700}
2701
2702static size_t atapiGetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2703{
2704 if (cbBuf < 8)
2705 return 0;
2706
2707 ataH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2708 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2709 pbBuf[3] = 4; /* Additional length */
2710 pbBuf[4] = 0x0; /* !Group3 */
2711
2712 return 8;
2713}
2714
2715static bool atapiGetConfigurationSS(ATADevState *s)
2716{
2717 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2718 size_t cbBuf = s->cbIOBuffer;
2719 size_t cbCopied = 0;
2720 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2721
2722 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2723 Assert(s->cbElementaryTransfer <= 80);
2724 /* Accept valid request types only, and only starting feature 0. */
2725 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2726 {
2727 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2728 return false;
2729 }
2730 memset(pbBuf, '\0', cbBuf);
2731 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2732 * way to differentiate them right now is based on the image size). */
2733 if (s->cTotalSectors)
2734 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2735 else
2736 ataH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2737 cbBuf -= 8;
2738 pbBuf += 8;
2739
2740 cbCopied = atapiGetConfigurationFillFeatureListProfiles(s, pbBuf, cbBuf);
2741 cbBuf -= cbCopied;
2742 pbBuf += cbCopied;
2743
2744 cbCopied = atapiGetConfigurationFillFeatureCore(s, pbBuf, cbBuf);
2745 cbBuf -= cbCopied;
2746 pbBuf += cbCopied;
2747
2748 cbCopied = atapiGetConfigurationFillFeatureMorphing(s, pbBuf, cbBuf);
2749 cbBuf -= cbCopied;
2750 pbBuf += cbCopied;
2751
2752 cbCopied = atapiGetConfigurationFillFeatureRemovableMedium(s, pbBuf, cbBuf);
2753 cbBuf -= cbCopied;
2754 pbBuf += cbCopied;
2755
2756 cbCopied = atapiGetConfigurationFillFeatureRandomReadable(s, pbBuf, cbBuf);
2757 cbBuf -= cbCopied;
2758 pbBuf += cbCopied;
2759
2760 cbCopied = atapiGetConfigurationFillFeatureCDRead(s, pbBuf, cbBuf);
2761 cbBuf -= cbCopied;
2762 pbBuf += cbCopied;
2763
2764 cbCopied = atapiGetConfigurationFillFeaturePowerManagement(s, pbBuf, cbBuf);
2765 cbBuf -= cbCopied;
2766 pbBuf += cbCopied;
2767
2768 cbCopied = atapiGetConfigurationFillFeatureTimeout(s, pbBuf, cbBuf);
2769 cbBuf -= cbCopied;
2770 pbBuf += cbCopied;
2771
2772 /* Set data length now - the field is not included in the final length. */
2773 ataH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2774
2775 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2776 s->iSourceSink = ATAFN_SS_NULL;
2777 atapiCmdOK(s);
2778 return false;
2779}
2780
2781
2782static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2783{
2784 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2785
2786 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2787 Assert(s->cbElementaryTransfer <= 8);
2788
2789 if (!(s->aATAPICmd[1] & 1))
2790 {
2791 /* no asynchronous operation supported */
2792 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2793 return false;
2794 }
2795
2796 uint32_t OldStatus, NewStatus;
2797 do
2798 {
2799 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2800 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2801 switch (OldStatus)
2802 {
2803 case ATA_EVENT_STATUS_MEDIA_NEW:
2804 /* mount */
2805 ataH2BE_U16(pbBuf + 0, 6);
2806 pbBuf[2] = 0x04; /* media */
2807 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2808 pbBuf[4] = 0x02; /* new medium */
2809 pbBuf[5] = 0x02; /* medium present / door closed */
2810 pbBuf[6] = 0x00;
2811 pbBuf[7] = 0x00;
2812 break;
2813
2814 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2815 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2816 /* umount */
2817 ataH2BE_U16(pbBuf + 0, 6);
2818 pbBuf[2] = 0x04; /* media */
2819 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2820 pbBuf[4] = 0x03; /* media removal */
2821 pbBuf[5] = 0x00; /* medium absent / door closed */
2822 pbBuf[6] = 0x00;
2823 pbBuf[7] = 0x00;
2824 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2825 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2826 break;
2827
2828 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2829 ataH2BE_U16(pbBuf + 0, 6);
2830 pbBuf[2] = 0x04; /* media */
2831 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2832 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2833 pbBuf[5] = 0x02; /* medium present / door closed */
2834 pbBuf[6] = 0x00;
2835 pbBuf[7] = 0x00;
2836 break;
2837
2838 case ATA_EVENT_STATUS_UNCHANGED:
2839 default:
2840 ataH2BE_U16(pbBuf + 0, 6);
2841 pbBuf[2] = 0x01; /* operational change request / notification */
2842 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2843 pbBuf[4] = 0x00;
2844 pbBuf[5] = 0x00;
2845 pbBuf[6] = 0x00;
2846 pbBuf[7] = 0x00;
2847 break;
2848 }
2849 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2850
2851 s->iSourceSink = ATAFN_SS_NULL;
2852 atapiCmdOK(s);
2853 return false;
2854}
2855
2856
2857static bool atapiInquirySS(ATADevState *s)
2858{
2859 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2860
2861 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2862 Assert(s->cbElementaryTransfer <= 36);
2863 pbBuf[0] = 0x05; /* CD-ROM */
2864 pbBuf[1] = 0x80; /* removable */
2865#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2866 pbBuf[2] = 0x00; /* ISO */
2867 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2868#else
2869 pbBuf[2] = 0x00; /* ISO */
2870 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2871#endif
2872 pbBuf[4] = 31; /* additional length */
2873 pbBuf[5] = 0; /* reserved */
2874 pbBuf[6] = 0; /* reserved */
2875 pbBuf[7] = 0; /* reserved */
2876 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2877 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2878 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2879 s->iSourceSink = ATAFN_SS_NULL;
2880 atapiCmdOK(s);
2881 return false;
2882}
2883
2884
2885static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2886{
2887 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2888
2889 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2890 Assert(s->cbElementaryTransfer <= 16);
2891 ataH2BE_U16(&pbBuf[0], 16 + 6);
2892 pbBuf[2] = (uint8_t)s->MediaTrackType;
2893 pbBuf[3] = 0;
2894 pbBuf[4] = 0;
2895 pbBuf[5] = 0;
2896 pbBuf[6] = 0;
2897 pbBuf[7] = 0;
2898
2899 pbBuf[8] = 0x01;
2900 pbBuf[9] = 0x06;
2901 pbBuf[10] = 0x00; /* Maximum error recovery */
2902 pbBuf[11] = 0x05; /* 5 retries */
2903 pbBuf[12] = 0x00;
2904 pbBuf[13] = 0x00;
2905 pbBuf[14] = 0x00;
2906 pbBuf[15] = 0x00;
2907 s->iSourceSink = ATAFN_SS_NULL;
2908 atapiCmdOK(s);
2909 return false;
2910}
2911
2912
2913static bool atapiModeSenseCDStatusSS(ATADevState *s)
2914{
2915 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2916
2917 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2918 Assert(s->cbElementaryTransfer <= 40);
2919 ataH2BE_U16(&pbBuf[0], 38);
2920 pbBuf[2] = (uint8_t)s->MediaTrackType;
2921 pbBuf[3] = 0;
2922 pbBuf[4] = 0;
2923 pbBuf[5] = 0;
2924 pbBuf[6] = 0;
2925 pbBuf[7] = 0;
2926
2927 pbBuf[8] = 0x2a;
2928 pbBuf[9] = 30; /* page length */
2929 pbBuf[10] = 0x08; /* DVD-ROM read support */
2930 pbBuf[11] = 0x00; /* no write support */
2931 /* The following claims we support audio play. This is obviously false,
2932 * but the Linux generic CDROM support makes many features depend on this
2933 * capability. If it's not set, this causes many things to be disabled. */
2934 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2935 pbBuf[13] = 0x00; /* no subchannel reads supported */
2936 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2937 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2938 pbBuf[14] |= 1 << 1; /* report lock state */
2939 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2940 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2941 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2942 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2943 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2944 pbBuf[24] = 0; /* reserved */
2945 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2946 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2947 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2948 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2949 pbBuf[32] = 0; /* reserved */
2950 pbBuf[33] = 0; /* reserved */
2951 pbBuf[34] = 0; /* reserved */
2952 pbBuf[35] = 1; /* rotation control CAV */
2953 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2954 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2955 s->iSourceSink = ATAFN_SS_NULL;
2956 atapiCmdOK(s);
2957 return false;
2958}
2959
2960
2961static bool atapiRequestSenseSS(ATADevState *s)
2962{
2963 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2964
2965 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2966 memset(pbBuf, '\0', s->cbElementaryTransfer);
2967 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2968 s->iSourceSink = ATAFN_SS_NULL;
2969 atapiCmdOK(s);
2970 return false;
2971}
2972
2973
2974static bool atapiMechanismStatusSS(ATADevState *s)
2975{
2976 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2977
2978 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2979 Assert(s->cbElementaryTransfer <= 8);
2980 ataH2BE_U16(pbBuf, 0);
2981 /* no current LBA */
2982 pbBuf[2] = 0;
2983 pbBuf[3] = 0;
2984 pbBuf[4] = 0;
2985 pbBuf[5] = 1;
2986 ataH2BE_U16(pbBuf + 6, 0);
2987 s->iSourceSink = ATAFN_SS_NULL;
2988 atapiCmdOK(s);
2989 return false;
2990}
2991
2992
2993static bool atapiReadTOCNormalSS(ATADevState *s)
2994{
2995 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2996 bool fMSF;
2997 uint32_t cbSize;
2998
2999 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
3000 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3001 iStartTrack = s->aATAPICmd[6];
3002 if (iStartTrack > 1 && iStartTrack != 0xaa)
3003 {
3004 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3005 return false;
3006 }
3007 q = pbBuf + 2;
3008 *q++ = 1; /* first session */
3009 *q++ = 1; /* last session */
3010 if (iStartTrack <= 1)
3011 {
3012 *q++ = 0; /* reserved */
3013 *q++ = 0x14; /* ADR, control */
3014 *q++ = 1; /* track number */
3015 *q++ = 0; /* reserved */
3016 if (fMSF)
3017 {
3018 *q++ = 0; /* reserved */
3019 ataLBA2MSF(q, 0);
3020 q += 3;
3021 }
3022 else
3023 {
3024 /* sector 0 */
3025 ataH2BE_U32(q, 0);
3026 q += 4;
3027 }
3028 }
3029 /* lead out track */
3030 *q++ = 0; /* reserved */
3031 *q++ = 0x14; /* ADR, control */
3032 *q++ = 0xaa; /* track number */
3033 *q++ = 0; /* reserved */
3034 if (fMSF)
3035 {
3036 *q++ = 0; /* reserved */
3037 ataLBA2MSF(q, s->cTotalSectors);
3038 q += 3;
3039 }
3040 else
3041 {
3042 ataH2BE_U32(q, s->cTotalSectors);
3043 q += 4;
3044 }
3045 cbSize = q - pbBuf;
3046 ataH2BE_U16(pbBuf, cbSize - 2);
3047 if (cbSize < s->cbTotalTransfer)
3048 s->cbTotalTransfer = cbSize;
3049 s->iSourceSink = ATAFN_SS_NULL;
3050 atapiCmdOK(s);
3051 return false;
3052}
3053
3054
3055static bool atapiReadTOCMultiSS(ATADevState *s)
3056{
3057 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
3058 bool fMSF;
3059
3060 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
3061 Assert(s->cbElementaryTransfer <= 12);
3062 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3063 /* multi session: only a single session defined */
3064/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
3065 memset(pbBuf, 0, 12);
3066 pbBuf[1] = 0x0a;
3067 pbBuf[2] = 0x01;
3068 pbBuf[3] = 0x01;
3069 pbBuf[5] = 0x14; /* ADR, control */
3070 pbBuf[6] = 1; /* first track in last complete session */
3071 if (fMSF)
3072 {
3073 pbBuf[8] = 0; /* reserved */
3074 ataLBA2MSF(&pbBuf[9], 0);
3075 }
3076 else
3077 {
3078 /* sector 0 */
3079 ataH2BE_U32(pbBuf + 8, 0);
3080 }
3081 s->iSourceSink = ATAFN_SS_NULL;
3082 atapiCmdOK(s);
3083 return false;
3084}
3085
3086
3087static bool atapiReadTOCRawSS(ATADevState *s)
3088{
3089 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
3090 bool fMSF;
3091 uint32_t cbSize;
3092
3093 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
3094 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3095 iStartTrack = s->aATAPICmd[6];
3096
3097 q = pbBuf + 2;
3098 *q++ = 1; /* first session */
3099 *q++ = 1; /* last session */
3100
3101 *q++ = 1; /* session number */
3102 *q++ = 0x14; /* data track */
3103 *q++ = 0; /* track number */
3104 *q++ = 0xa0; /* first track in program area */
3105 *q++ = 0; /* min */
3106 *q++ = 0; /* sec */
3107 *q++ = 0; /* frame */
3108 *q++ = 0;
3109 *q++ = 1; /* first track */
3110 *q++ = 0x00; /* disk type CD-DA or CD data */
3111 *q++ = 0;
3112
3113 *q++ = 1; /* session number */
3114 *q++ = 0x14; /* data track */
3115 *q++ = 0; /* track number */
3116 *q++ = 0xa1; /* last track in program area */
3117 *q++ = 0; /* min */
3118 *q++ = 0; /* sec */
3119 *q++ = 0; /* frame */
3120 *q++ = 0;
3121 *q++ = 1; /* last track */
3122 *q++ = 0;
3123 *q++ = 0;
3124
3125 *q++ = 1; /* session number */
3126 *q++ = 0x14; /* data track */
3127 *q++ = 0; /* track number */
3128 *q++ = 0xa2; /* lead-out */
3129 *q++ = 0; /* min */
3130 *q++ = 0; /* sec */
3131 *q++ = 0; /* frame */
3132 if (fMSF)
3133 {
3134 *q++ = 0; /* reserved */
3135 ataLBA2MSF(q, s->cTotalSectors);
3136 q += 3;
3137 }
3138 else
3139 {
3140 ataH2BE_U32(q, s->cTotalSectors);
3141 q += 4;
3142 }
3143
3144 *q++ = 1; /* session number */
3145 *q++ = 0x14; /* ADR, control */
3146 *q++ = 0; /* track number */
3147 *q++ = 1; /* point */
3148 *q++ = 0; /* min */
3149 *q++ = 0; /* sec */
3150 *q++ = 0; /* frame */
3151 if (fMSF)
3152 {
3153 *q++ = 0; /* reserved */
3154 ataLBA2MSF(q, 0);
3155 q += 3;
3156 }
3157 else
3158 {
3159 /* sector 0 */
3160 ataH2BE_U32(q, 0);
3161 q += 4;
3162 }
3163
3164 cbSize = q - pbBuf;
3165 ataH2BE_U16(pbBuf, cbSize - 2);
3166 if (cbSize < s->cbTotalTransfer)
3167 s->cbTotalTransfer = cbSize;
3168 s->iSourceSink = ATAFN_SS_NULL;
3169 atapiCmdOK(s);
3170 return false;
3171}
3172
3173
3174static void atapiParseCmdVirtualATAPI(ATADevState *s)
3175{
3176 const uint8_t *pbPacket;
3177 uint8_t *pbBuf;
3178 uint32_t cbMax;
3179
3180 pbPacket = s->aATAPICmd;
3181 pbBuf = s->CTX_SUFF(pbIOBuffer);
3182 switch (pbPacket[0])
3183 {
3184 case SCSI_TEST_UNIT_READY:
3185 if (s->cNotifiedMediaChange > 0)
3186 {
3187 if (s->cNotifiedMediaChange-- > 2)
3188 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3189 else
3190 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3191 }
3192 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3193 atapiCmdOK(s);
3194 else
3195 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3196 break;
3197 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3198 cbMax = ataBE2H_U16(pbPacket + 7);
3199 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3200 break;
3201 case SCSI_MODE_SENSE_10:
3202 {
3203 uint8_t uPageControl, uPageCode;
3204 cbMax = ataBE2H_U16(pbPacket + 7);
3205 uPageControl = pbPacket[2] >> 6;
3206 uPageCode = pbPacket[2] & 0x3f;
3207 switch (uPageControl)
3208 {
3209 case SCSI_PAGECONTROL_CURRENT:
3210 switch (uPageCode)
3211 {
3212 case SCSI_MODEPAGE_ERROR_RECOVERY:
3213 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
3214 break;
3215 case SCSI_MODEPAGE_CD_STATUS:
3216 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
3217 break;
3218 default:
3219 goto error_cmd;
3220 }
3221 break;
3222 case SCSI_PAGECONTROL_CHANGEABLE:
3223 goto error_cmd;
3224 case SCSI_PAGECONTROL_DEFAULT:
3225 goto error_cmd;
3226 default:
3227 case SCSI_PAGECONTROL_SAVED:
3228 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
3229 break;
3230 }
3231 }
3232 break;
3233 case SCSI_REQUEST_SENSE:
3234 cbMax = pbPacket[4];
3235 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3236 break;
3237 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3238 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3239 {
3240 if (pbPacket[4] & 1)
3241 s->pDrvMount->pfnLock(s->pDrvMount);
3242 else
3243 s->pDrvMount->pfnUnlock(s->pDrvMount);
3244 atapiCmdOK(s);
3245 }
3246 else
3247 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3248 break;
3249 case SCSI_READ_10:
3250 case SCSI_READ_12:
3251 {
3252 uint32_t cSectors, iATAPILBA;
3253
3254 if (s->cNotifiedMediaChange > 0)
3255 {
3256 s->cNotifiedMediaChange-- ;
3257 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3258 break;
3259 }
3260 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3261 {
3262 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3263 break;
3264 }
3265 if (pbPacket[0] == SCSI_READ_10)
3266 cSectors = ataBE2H_U16(pbPacket + 7);
3267 else
3268 cSectors = ataBE2H_U32(pbPacket + 6);
3269 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3270 if (cSectors == 0)
3271 {
3272 atapiCmdOK(s);
3273 break;
3274 }
3275 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3276 {
3277 /* Rate limited logging, one log line per second. For
3278 * guests that insist on reading from places outside the
3279 * valid area this often generates too many release log
3280 * entries otherwise. */
3281 static uint64_t uLastLogTS = 0;
3282 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3283 {
3284 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3285 uLastLogTS = RTTimeMilliTS();
3286 }
3287 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3288 break;
3289 }
3290 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3291 }
3292 break;
3293 case SCSI_READ_CD:
3294 {
3295 uint32_t cSectors, iATAPILBA;
3296
3297 if (s->cNotifiedMediaChange > 0)
3298 {
3299 s->cNotifiedMediaChange-- ;
3300 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3301 break;
3302 }
3303 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3304 {
3305 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3306 break;
3307 }
3308 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3309 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3310 if (cSectors == 0)
3311 {
3312 atapiCmdOK(s);
3313 break;
3314 }
3315 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3316 {
3317 /* Rate limited logging, one log line per second. For
3318 * guests that insist on reading from places outside the
3319 * valid area this often generates too many release log
3320 * entries otherwise. */
3321 static uint64_t uLastLogTS = 0;
3322 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3323 {
3324 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3325 uLastLogTS = RTTimeMilliTS();
3326 }
3327 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3328 break;
3329 }
3330 switch (pbPacket[9] & 0xf8)
3331 {
3332 case 0x00:
3333 /* nothing */
3334 atapiCmdOK(s);
3335 break;
3336 case 0x10:
3337 /* normal read */
3338 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3339 break;
3340 case 0xf8:
3341 /* read all data */
3342 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
3343 break;
3344 default:
3345 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3346 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3347 break;
3348 }
3349 }
3350 break;
3351 case SCSI_SEEK_10:
3352 {
3353 uint32_t iATAPILBA;
3354 if (s->cNotifiedMediaChange > 0)
3355 {
3356 s->cNotifiedMediaChange-- ;
3357 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3358 break;
3359 }
3360 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3361 {
3362 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3363 break;
3364 }
3365 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3366 if (iATAPILBA > s->cTotalSectors)
3367 {
3368 /* Rate limited logging, one log line per second. For
3369 * guests that insist on seeking to places outside the
3370 * valid area this often generates too many release log
3371 * entries otherwise. */
3372 static uint64_t uLastLogTS = 0;
3373 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3374 {
3375 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3376 uLastLogTS = RTTimeMilliTS();
3377 }
3378 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3379 break;
3380 }
3381 atapiCmdOK(s);
3382 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3383 }
3384 break;
3385 case SCSI_START_STOP_UNIT:
3386 {
3387 int rc = VINF_SUCCESS;
3388 switch (pbPacket[4] & 3)
3389 {
3390 case 0: /* 00 - Stop motor */
3391 case 1: /* 01 - Start motor */
3392 break;
3393 case 2: /* 10 - Eject media */
3394 {
3395 /* This must be done from EMT. */
3396 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3397 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3398 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
3399
3400 PDMCritSectLeave(&pCtl->lock);
3401 rc = VMR3ReqPriorityCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3402 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3403 s->pDrvMount, false /*=fForce*/, true /*=fEject*/);
3404 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED) || (rc = VERR_PDM_MEDIA_NOT_MOUNTED));
3405 if (RT_SUCCESS(rc) && pThis->pMediaNotify)
3406 {
3407 rc = VMR3ReqCallNoWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3408 (PFNRT)pThis->pMediaNotify->pfnEjected, 2,
3409 pThis->pMediaNotify, s->iLUN);
3410 AssertRC(rc);
3411 }
3412 {
3413 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3414 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3415 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3416 }
3417 break;
3418 }
3419 case 3: /* 11 - Load media */
3420 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3421 break;
3422 }
3423 if (RT_SUCCESS(rc))
3424 atapiCmdOK(s);
3425 else
3426 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3427 }
3428 break;
3429 case SCSI_MECHANISM_STATUS:
3430 {
3431 cbMax = ataBE2H_U16(pbPacket + 8);
3432 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3433 }
3434 break;
3435 case SCSI_READ_TOC_PMA_ATIP:
3436 {
3437 uint8_t format;
3438
3439 if (s->cNotifiedMediaChange > 0)
3440 {
3441 s->cNotifiedMediaChange-- ;
3442 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3443 break;
3444 }
3445 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3446 {
3447 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3448 break;
3449 }
3450 cbMax = ataBE2H_U16(pbPacket + 7);
3451 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3452 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3453 * the other field is clear... */
3454 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3455 switch (format)
3456 {
3457 case 0:
3458 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3459 break;
3460 case 1:
3461 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3462 break;
3463 case 2:
3464 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3465 break;
3466 default:
3467 error_cmd:
3468 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3469 break;
3470 }
3471 }
3472 break;
3473 case SCSI_READ_CAPACITY:
3474 if (s->cNotifiedMediaChange > 0)
3475 {
3476 s->cNotifiedMediaChange-- ;
3477 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3478 break;
3479 }
3480 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3481 {
3482 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3483 break;
3484 }
3485 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3486 break;
3487 case SCSI_READ_DISC_INFORMATION:
3488 if (s->cNotifiedMediaChange > 0)
3489 {
3490 s->cNotifiedMediaChange-- ;
3491 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3492 break;
3493 }
3494 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3495 {
3496 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3497 break;
3498 }
3499 cbMax = ataBE2H_U16(pbPacket + 7);
3500 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3501 break;
3502 case SCSI_READ_TRACK_INFORMATION:
3503 if (s->cNotifiedMediaChange > 0)
3504 {
3505 s->cNotifiedMediaChange-- ;
3506 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3507 break;
3508 }
3509 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3510 {
3511 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3512 break;
3513 }
3514 cbMax = ataBE2H_U16(pbPacket + 7);
3515 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3516 break;
3517 case SCSI_GET_CONFIGURATION:
3518 /* No media change stuff here, it can confuse Linux guests. */
3519 cbMax = ataBE2H_U16(pbPacket + 7);
3520 ataStartTransfer(s, RT_MIN(cbMax, 80), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3521 break;
3522 case SCSI_INQUIRY:
3523 cbMax = ataBE2H_U16(pbPacket + 3);
3524 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3525 break;
3526 case SCSI_READ_DVD_STRUCTURE:
3527 {
3528 cbMax = ataBE2H_U16(pbPacket + 8);
3529 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3530 break;
3531 }
3532 default:
3533 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3534 break;
3535 }
3536}
3537
3538
3539/*
3540 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3541 */
3542static void atapiParseCmdPassthrough(ATADevState *s)
3543{
3544 const uint8_t *pbPacket;
3545 uint8_t *pbBuf;
3546 uint32_t cSectors, iATAPILBA;
3547 uint32_t cbTransfer = 0;
3548 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3549
3550 pbPacket = s->aATAPICmd;
3551 pbBuf = s->CTX_SUFF(pbIOBuffer);
3552 switch (pbPacket[0])
3553 {
3554 case SCSI_BLANK:
3555 goto sendcmd;
3556 case SCSI_CLOSE_TRACK_SESSION:
3557 goto sendcmd;
3558 case SCSI_ERASE_10:
3559 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3560 cbTransfer = ataBE2H_U16(pbPacket + 7);
3561 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3562 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3563 goto sendcmd;
3564 case SCSI_FORMAT_UNIT:
3565 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3566 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3567 goto sendcmd;
3568 case SCSI_GET_CONFIGURATION:
3569 cbTransfer = ataBE2H_U16(pbPacket + 7);
3570 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3571 goto sendcmd;
3572 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3573 cbTransfer = ataBE2H_U16(pbPacket + 7);
3574 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3575 {
3576 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3577 break;
3578 }
3579 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3580 goto sendcmd;
3581 case SCSI_GET_PERFORMANCE:
3582 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3583 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3584 goto sendcmd;
3585 case SCSI_INQUIRY:
3586 cbTransfer = ataBE2H_U16(pbPacket + 3);
3587 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3588 goto sendcmd;
3589 case SCSI_LOAD_UNLOAD_MEDIUM:
3590 goto sendcmd;
3591 case SCSI_MECHANISM_STATUS:
3592 cbTransfer = ataBE2H_U16(pbPacket + 8);
3593 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3594 goto sendcmd;
3595 case SCSI_MODE_SELECT_10:
3596 cbTransfer = ataBE2H_U16(pbPacket + 7);
3597 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3598 goto sendcmd;
3599 case SCSI_MODE_SENSE_10:
3600 cbTransfer = ataBE2H_U16(pbPacket + 7);
3601 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3602 goto sendcmd;
3603 case SCSI_PAUSE_RESUME:
3604 goto sendcmd;
3605 case SCSI_PLAY_AUDIO_10:
3606 goto sendcmd;
3607 case SCSI_PLAY_AUDIO_12:
3608 goto sendcmd;
3609 case SCSI_PLAY_AUDIO_MSF:
3610 goto sendcmd;
3611 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3612 /** @todo do not forget to unlock when a VM is shut down */
3613 goto sendcmd;
3614 case SCSI_READ_10:
3615 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3616 cSectors = ataBE2H_U16(pbPacket + 7);
3617 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3618 s->cbATAPISector = 2048;
3619 cbTransfer = cSectors * s->cbATAPISector;
3620 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3621 goto sendcmd;
3622 case SCSI_READ_12:
3623 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3624 cSectors = ataBE2H_U32(pbPacket + 6);
3625 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3626 s->cbATAPISector = 2048;
3627 cbTransfer = cSectors * s->cbATAPISector;
3628 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3629 goto sendcmd;
3630 case SCSI_READ_BUFFER:
3631 cbTransfer = ataBE2H_U24(pbPacket + 6);
3632 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3633 goto sendcmd;
3634 case SCSI_READ_BUFFER_CAPACITY:
3635 cbTransfer = ataBE2H_U16(pbPacket + 7);
3636 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3637 goto sendcmd;
3638 case SCSI_READ_CAPACITY:
3639 cbTransfer = 8;
3640 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3641 goto sendcmd;
3642 case SCSI_READ_CD:
3643 case SCSI_READ_CD_MSF:
3644 {
3645 /* Get sector size based on the expected sector type field. */
3646 switch ((pbPacket[1] >> 2) & 0x7)
3647 {
3648 case 0x0: /* All types. */
3649 if (ASMAtomicReadU32(&s->MediaTrackType) == ATA_MEDIA_TYPE_CDDA)
3650 s->cbATAPISector = 2352;
3651 else
3652 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3653 break;
3654 case 0x1: /* CD-DA */
3655 s->cbATAPISector = 2352;
3656 break;
3657 case 0x2: /* Mode 1 */
3658 s->cbATAPISector = 2048;
3659 break;
3660 case 0x3: /* Mode 2 formless */
3661 s->cbATAPISector = 2336;
3662 break;
3663 case 0x4: /* Mode 2 form 1 */
3664 s->cbATAPISector = 2048;
3665 break;
3666 case 0x5: /* Mode 2 form 2 */
3667 s->cbATAPISector = 2324;
3668 break;
3669 default: /* Reserved */
3670 AssertMsgFailed(("Unknown sector type\n"));
3671 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3672 }
3673
3674 if (pbPacket[0] == SCSI_READ_CD)
3675 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3676 else /* SCSI_READ_MSF */
3677 {
3678 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3679 if (cSectors > 32)
3680 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3681 cbTransfer = cSectors * s->cbATAPISector;
3682 }
3683 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3684 goto sendcmd;
3685 }
3686 case SCSI_READ_DISC_INFORMATION:
3687 cbTransfer = ataBE2H_U16(pbPacket + 7);
3688 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3689 goto sendcmd;
3690 case SCSI_READ_DVD_STRUCTURE:
3691 cbTransfer = ataBE2H_U16(pbPacket + 8);
3692 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3693 goto sendcmd;
3694 case SCSI_READ_FORMAT_CAPACITIES:
3695 cbTransfer = ataBE2H_U16(pbPacket + 7);
3696 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3697 goto sendcmd;
3698 case SCSI_READ_SUBCHANNEL:
3699 cbTransfer = ataBE2H_U16(pbPacket + 7);
3700 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3701 goto sendcmd;
3702 case SCSI_READ_TOC_PMA_ATIP:
3703 cbTransfer = ataBE2H_U16(pbPacket + 7);
3704 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3705 goto sendcmd;
3706 case SCSI_READ_TRACK_INFORMATION:
3707 cbTransfer = ataBE2H_U16(pbPacket + 7);
3708 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3709 goto sendcmd;
3710 case SCSI_REPAIR_TRACK:
3711 goto sendcmd;
3712 case SCSI_REPORT_KEY:
3713 cbTransfer = ataBE2H_U16(pbPacket + 8);
3714 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3715 goto sendcmd;
3716 case SCSI_REQUEST_SENSE:
3717 cbTransfer = pbPacket[4];
3718 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3719 {
3720 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3721 break;
3722 }
3723 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3724 goto sendcmd;
3725 case SCSI_RESERVE_TRACK:
3726 goto sendcmd;
3727 case SCSI_SCAN:
3728 goto sendcmd;
3729 case SCSI_SEEK_10:
3730 goto sendcmd;
3731 case SCSI_SEND_CUE_SHEET:
3732 cbTransfer = ataBE2H_U24(pbPacket + 6);
3733 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3734 goto sendcmd;
3735 case SCSI_SEND_DVD_STRUCTURE:
3736 cbTransfer = ataBE2H_U16(pbPacket + 8);
3737 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3738 goto sendcmd;
3739 case SCSI_SEND_EVENT:
3740 cbTransfer = ataBE2H_U16(pbPacket + 8);
3741 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3742 goto sendcmd;
3743 case SCSI_SEND_KEY:
3744 cbTransfer = ataBE2H_U16(pbPacket + 8);
3745 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3746 goto sendcmd;
3747 case SCSI_SEND_OPC_INFORMATION:
3748 cbTransfer = ataBE2H_U16(pbPacket + 7);
3749 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3750 goto sendcmd;
3751 case SCSI_SET_CD_SPEED:
3752 goto sendcmd;
3753 case SCSI_SET_READ_AHEAD:
3754 goto sendcmd;
3755 case SCSI_SET_STREAMING:
3756 cbTransfer = ataBE2H_U16(pbPacket + 9);
3757 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3758 goto sendcmd;
3759 case SCSI_START_STOP_UNIT:
3760 goto sendcmd;
3761 case SCSI_STOP_PLAY_SCAN:
3762 goto sendcmd;
3763 case SCSI_SYNCHRONIZE_CACHE:
3764 goto sendcmd;
3765 case SCSI_TEST_UNIT_READY:
3766 goto sendcmd;
3767 case SCSI_VERIFY_10:
3768 goto sendcmd;
3769 case SCSI_WRITE_10:
3770 case SCSI_WRITE_AND_VERIFY_10:
3771 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3772 cSectors = ataBE2H_U16(pbPacket + 7);
3773 s->cbATAPISector = atapiGetSectorSizeFromLba(s, iATAPILBA);
3774 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3775 cbTransfer = cSectors * s->cbATAPISector;
3776 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3777 goto sendcmd;
3778 case SCSI_WRITE_12:
3779 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3780 cSectors = ataBE2H_U32(pbPacket + 6);
3781 s->cbATAPISector = atapiGetSectorSizeFromLba(s, iATAPILBA);
3782 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3783 cbTransfer = cSectors * s->cbATAPISector;
3784 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3785 goto sendcmd;
3786 case SCSI_WRITE_BUFFER:
3787 switch (pbPacket[1] & 0x1f)
3788 {
3789 case 0x04: /* download microcode */
3790 case 0x05: /* download microcode and save */
3791 case 0x06: /* download microcode with offsets */
3792 case 0x07: /* download microcode with offsets and save */
3793 case 0x0e: /* download microcode with offsets and defer activation */
3794 case 0x0f: /* activate deferred microcode */
3795 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3796 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3797 break;
3798 default:
3799 cbTransfer = ataBE2H_U16(pbPacket + 6);
3800 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3801 goto sendcmd;
3802 }
3803 break;
3804 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3805 cbTransfer = ataBE2H_U32(pbPacket + 6);
3806 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3807 goto sendcmd;
3808 case SCSI_REZERO_UNIT:
3809 /* Obsolete command used by cdrecord. What else would one expect?
3810 * This command is not sent to the drive, it is handled internally,
3811 * as the Linux kernel doesn't like it (message "scsi: unknown
3812 * opcode 0x01" in syslog) and replies with a sense code of 0,
3813 * which sends cdrecord to an endless loop. */
3814 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3815 break;
3816 default:
3817 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3818 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3819 break;
3820 sendcmd:
3821 /*
3822 * Send a command to the drive, passing data in/out as required.
3823 * Commands which exceed the I/O buffer size are splitted below
3824 * or aborted if splitting is not implemented.
3825 */
3826 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3827 if (cbTransfer == 0)
3828 uTxDir = PDMBLOCKTXDIR_NONE;
3829 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3830 }
3831}
3832
3833
3834static void atapiParseCmd(ATADevState *s)
3835{
3836 const uint8_t *pbPacket;
3837
3838 pbPacket = s->aATAPICmd;
3839#ifdef DEBUG
3840 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3841#else /* !DEBUG */
3842 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3843#endif /* !DEBUG */
3844 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3845
3846 if (s->fATAPIPassthrough)
3847 atapiParseCmdPassthrough(s);
3848 else
3849 atapiParseCmdVirtualATAPI(s);
3850}
3851
3852
3853static bool ataPacketSS(ATADevState *s)
3854{
3855 s->fDMA = !!(s->uATARegFeature & 1);
3856 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3857 s->uTxDir = PDMBLOCKTXDIR_NONE;
3858 s->cbTotalTransfer = 0;
3859 s->cbElementaryTransfer = 0;
3860 atapiParseCmd(s);
3861 return false;
3862}
3863
3864
3865/**
3866 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3867 * from now on, regardless if there was a medium inserted or not.
3868 */
3869static void ataMediumRemoved(ATADevState *s)
3870{
3871 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3872}
3873
3874
3875/**
3876 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3877 * there was already a medium inserted, don't forget to send the "medium
3878 * removed" event first.
3879 */
3880static void ataMediumInserted(ATADevState *s)
3881{
3882 uint32_t OldStatus, NewStatus;
3883 do
3884 {
3885 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3886 switch (OldStatus)
3887 {
3888 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3889 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3890 /* no change, we will send "medium removed" + "medium inserted" */
3891 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3892 break;
3893 default:
3894 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3895 break;
3896 }
3897 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3898}
3899
3900/**
3901 * Called when a media is mounted.
3902 *
3903 * @param pInterface Pointer to the interface structure containing the called function pointer.
3904 */
3905static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3906{
3907 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3908 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3909
3910 /* Ignore the call if we're called while being attached. */
3911 if (!pIf->pDrvBlock)
3912 return;
3913
3914 if (pIf->fATAPI)
3915 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3916 else
3917 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3918
3919 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3920
3921 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3922 if (pIf->cNotifiedMediaChange < 2)
3923 pIf->cNotifiedMediaChange = 2;
3924 ataMediumInserted(pIf);
3925 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3926}
3927
3928/**
3929 * Called when a media is unmounted
3930 * @param pInterface Pointer to the interface structure containing the called function pointer.
3931 */
3932static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3933{
3934 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3935 Log(("%s:\n", __FUNCTION__));
3936 pIf->cTotalSectors = 0;
3937
3938 /*
3939 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3940 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3941 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3942 * present and 2 in which it is changed.
3943 */
3944 pIf->cNotifiedMediaChange = 4;
3945 ataMediumRemoved(pIf);
3946 ataMediumTypeSet(pIf, ATA_MEDIA_NO_DISC);
3947}
3948
3949static void ataPacketBT(ATADevState *s)
3950{
3951 s->cbElementaryTransfer = s->cbTotalTransfer;
3952 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3953 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3954 ataSetStatusValue(s, ATA_STAT_READY);
3955}
3956
3957
3958static void ataResetDevice(ATADevState *s)
3959{
3960 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3961 s->cNotifiedMediaChange = 0;
3962 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3963 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3964 ataUnsetIRQ(s);
3965
3966 s->uATARegSelect = 0x20;
3967 ataSetStatusValue(s, ATA_STAT_READY);
3968 ataSetSignature(s);
3969 s->cbTotalTransfer = 0;
3970 s->cbElementaryTransfer = 0;
3971 s->iIOBufferPIODataStart = 0;
3972 s->iIOBufferPIODataEnd = 0;
3973 s->iBeginTransfer = ATAFN_BT_NULL;
3974 s->iSourceSink = ATAFN_SS_NULL;
3975 s->fDMA = false;
3976 s->fATAPITransfer = false;
3977 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3978
3979 s->uATARegFeature = 0;
3980}
3981
3982
3983static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3984{
3985 ataSetSignature(s);
3986 if (s->fATAPI)
3987 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3988 else
3989 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_SEEK);
3990 s->uATARegError = 0x01;
3991 return false;
3992}
3993
3994
3995static int ataTrimSectors(ATADevState *s, uint64_t u64Sector, uint32_t cSectors,
3996 bool *pfRedo)
3997{
3998 RTRANGE TrimRange;
3999 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
4000 int rc;
4001
4002 PDMCritSectLeave(&pCtl->lock);
4003
4004 TrimRange.offStart = u64Sector * 512;
4005 TrimRange.cbRange = cSectors * 512;
4006
4007 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
4008 rc = s->pDrvBlock->pfnDiscard(s->pDrvBlock, &TrimRange, 1);
4009 s->Led.Actual.s.fWriting = 0;
4010
4011 if (RT_SUCCESS(rc))
4012 *pfRedo = false;
4013 else
4014 *pfRedo = ataIsRedoSetWarning(s, rc);
4015
4016 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4017 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4018 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4019 return rc;
4020}
4021
4022
4023static bool ataTrimSS(ATADevState *s)
4024{
4025 int rc = VERR_GENERAL_FAILURE;
4026 uint32_t cRangesMax;
4027 uint64_t *pu64Range = (uint64_t *)s->CTX_SUFF(pbIOBuffer);
4028 bool fRedo = false;
4029
4030 cRangesMax = s->cbElementaryTransfer / sizeof(uint64_t);
4031 Assert(cRangesMax);
4032
4033 while (cRangesMax-- > 0)
4034 {
4035 if (ATA_RANGE_LENGTH_GET(*pu64Range) == 0)
4036 break;
4037
4038 rc = ataTrimSectors(s, *pu64Range & ATA_RANGE_LBA_MASK,
4039 ATA_RANGE_LENGTH_GET(*pu64Range), &fRedo);
4040 if (RT_FAILURE(rc))
4041 break;
4042
4043 pu64Range++;
4044 }
4045
4046 if (RT_SUCCESS(rc))
4047 {
4048 s->iSourceSink = ATAFN_SS_NULL;
4049 ataCmdOK(s, ATA_STAT_SEEK);
4050 }
4051 else
4052 {
4053 if (fRedo)
4054 return fRedo;
4055 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
4056 LogRel(("PIIX3 ATA: LUN#%d: disk trim error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
4057 s->iLUN, rc, *pu64Range & ATA_RANGE_LBA_MASK, ATA_RANGE_LENGTH_GET(*pu64Range)));
4058
4059 /*
4060 * Check if we got interrupted. We don't need to set status variables
4061 * because the request was aborted.
4062 */
4063 if (rc != VERR_INTERRUPTED)
4064 ataCmdError(s, ID_ERR);
4065 }
4066
4067 return false;
4068}
4069
4070
4071static void ataParseCmd(ATADevState *s, uint8_t cmd)
4072{
4073#ifdef DEBUG
4074 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
4075#else /* !DEBUG */
4076 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
4077#endif /* !DEBUG */
4078 s->fLBA48 = false;
4079 s->fDMA = false;
4080 if (cmd == ATA_IDLE_IMMEDIATE)
4081 {
4082 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
4083 * would overwrite the failing command unfortunately), then RESET. */
4084 int32_t uCmdWait = -1;
4085 uint64_t uNow = RTTimeNanoTS();
4086 if (s->u64CmdTS)
4087 uCmdWait = (uNow - s->u64CmdTS) / 1000;
4088 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
4089 s->iLUN, s->uATARegCommand, uCmdWait));
4090 }
4091 s->uATARegCommand = cmd;
4092 switch (cmd)
4093 {
4094 case ATA_IDENTIFY_DEVICE:
4095 if (s->pDrvBlock && !s->fATAPI)
4096 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
4097 else
4098 {
4099 if (s->fATAPI)
4100 ataSetSignature(s);
4101 ataCmdError(s, ABRT_ERR);
4102 ataUnsetStatus(s, ATA_STAT_READY);
4103 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4104 }
4105 break;
4106 case ATA_RECALIBRATE:
4107 if (s->fATAPI)
4108 goto abort_cmd;
4109 /* fall through */
4110 case ATA_INITIALIZE_DEVICE_PARAMETERS:
4111 ataCmdOK(s, ATA_STAT_SEEK);
4112 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4113 break;
4114 case ATA_SET_MULTIPLE_MODE:
4115 if ( s->uATARegNSector != 0
4116 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
4117 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
4118 {
4119 ataCmdError(s, ABRT_ERR);
4120 }
4121 else
4122 {
4123 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
4124 s->cMultSectors = s->uATARegNSector;
4125 ataCmdOK(s, 0);
4126 }
4127 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4128 break;
4129 case ATA_READ_VERIFY_SECTORS_EXT:
4130 s->fLBA48 = true;
4131 case ATA_READ_VERIFY_SECTORS:
4132 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
4133 /* do sector number check ? */
4134 ataCmdOK(s, ATA_STAT_SEEK);
4135 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4136 break;
4137 case ATA_READ_SECTORS_EXT:
4138 s->fLBA48 = true;
4139 case ATA_READ_SECTORS:
4140 case ATA_READ_SECTORS_WITHOUT_RETRIES:
4141 if (!s->pDrvBlock || s->fATAPI)
4142 goto abort_cmd;
4143 s->cSectorsPerIRQ = 1;
4144 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4145 break;
4146 case ATA_WRITE_SECTORS_EXT:
4147 s->fLBA48 = true;
4148 case ATA_WRITE_SECTORS:
4149 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
4150 if (!s->pDrvBlock || s->fATAPI)
4151 goto abort_cmd;
4152 s->cSectorsPerIRQ = 1;
4153 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4154 break;
4155 case ATA_READ_MULTIPLE_EXT:
4156 s->fLBA48 = true;
4157 case ATA_READ_MULTIPLE:
4158 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4159 goto abort_cmd;
4160 s->cSectorsPerIRQ = s->cMultSectors;
4161 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4162 break;
4163 case ATA_WRITE_MULTIPLE_EXT:
4164 s->fLBA48 = true;
4165 case ATA_WRITE_MULTIPLE:
4166 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4167 goto abort_cmd;
4168 s->cSectorsPerIRQ = s->cMultSectors;
4169 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4170 break;
4171 case ATA_READ_DMA_EXT:
4172 s->fLBA48 = true;
4173 case ATA_READ_DMA:
4174 case ATA_READ_DMA_WITHOUT_RETRIES:
4175 if (!s->pDrvBlock || s->fATAPI)
4176 goto abort_cmd;
4177 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4178 s->fDMA = true;
4179 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4180 break;
4181 case ATA_WRITE_DMA_EXT:
4182 s->fLBA48 = true;
4183 case ATA_WRITE_DMA:
4184 case ATA_WRITE_DMA_WITHOUT_RETRIES:
4185 if (!s->pDrvBlock || s->fATAPI)
4186 goto abort_cmd;
4187 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4188 s->fDMA = true;
4189 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4190 break;
4191 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
4192 s->fLBA48 = true;
4193 ataSetSector(s, s->cTotalSectors - 1);
4194 ataCmdOK(s, 0);
4195 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4196 break;
4197 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
4198 ataCmdOK(s, 0);
4199 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4200 break;
4201 case ATA_READ_NATIVE_MAX_ADDRESS:
4202 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
4203 ataCmdOK(s, 0);
4204 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4205 break;
4206 case ATA_CHECK_POWER_MODE:
4207 s->uATARegNSector = 0xff; /* drive active or idle */
4208 ataCmdOK(s, 0);
4209 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4210 break;
4211 case ATA_SET_FEATURES:
4212 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
4213 if (!s->pDrvBlock)
4214 goto abort_cmd;
4215 switch (s->uATARegFeature)
4216 {
4217 case 0x02: /* write cache enable */
4218 Log2(("%s: write cache enable\n", __FUNCTION__));
4219 ataCmdOK(s, ATA_STAT_SEEK);
4220 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4221 break;
4222 case 0xaa: /* read look-ahead enable */
4223 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
4224 ataCmdOK(s, ATA_STAT_SEEK);
4225 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4226 break;
4227 case 0x55: /* read look-ahead disable */
4228 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
4229 ataCmdOK(s, ATA_STAT_SEEK);
4230 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4231 break;
4232 case 0xcc: /* reverting to power-on defaults enable */
4233 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
4234 ataCmdOK(s, ATA_STAT_SEEK);
4235 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4236 break;
4237 case 0x66: /* reverting to power-on defaults disable */
4238 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
4239 ataCmdOK(s, ATA_STAT_SEEK);
4240 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4241 break;
4242 case 0x82: /* write cache disable */
4243 Log2(("%s: write cache disable\n", __FUNCTION__));
4244 /* As per the ATA/ATAPI-6 specs, a write cache disable
4245 * command MUST flush the write buffers to disc. */
4246 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4247 break;
4248 case 0x03: { /* set transfer mode */
4249 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
4250 switch (s->uATARegNSector & 0xf8)
4251 {
4252 case 0x00: /* PIO default */
4253 case 0x08: /* PIO mode */
4254 break;
4255 case ATA_MODE_MDMA: /* MDMA mode */
4256 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
4257 break;
4258 case ATA_MODE_UDMA: /* UDMA mode */
4259 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
4260 break;
4261 default:
4262 goto abort_cmd;
4263 }
4264 ataCmdOK(s, ATA_STAT_SEEK);
4265 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4266 break;
4267 }
4268 default:
4269 goto abort_cmd;
4270 }
4271 /*
4272 * OS/2 workarond:
4273 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
4274 * reset here. According to the specification, this is a driver bug as the register
4275 * contents are undefined after the call. This means we can just as well reset it.
4276 */
4277 s->uATARegFeature = 0;
4278 break;
4279 case ATA_FLUSH_CACHE_EXT:
4280 case ATA_FLUSH_CACHE:
4281 if (!s->pDrvBlock || s->fATAPI)
4282 goto abort_cmd;
4283 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4284 break;
4285 case ATA_STANDBY_IMMEDIATE:
4286 ataCmdOK(s, 0);
4287 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4288 break;
4289 case ATA_IDLE_IMMEDIATE:
4290 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
4291 ataAbortCurrentCommand(s, false);
4292 break;
4293 case ATA_SLEEP:
4294 ataCmdOK(s, 0);
4295 ataSetIRQ(s);
4296 break;
4297 /* ATAPI commands */
4298 case ATA_IDENTIFY_PACKET_DEVICE:
4299 if (s->fATAPI)
4300 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
4301 else
4302 {
4303 ataCmdError(s, ABRT_ERR);
4304 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4305 }
4306 break;
4307 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
4308 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
4309 break;
4310 case ATA_DEVICE_RESET:
4311 if (!s->fATAPI)
4312 goto abort_cmd;
4313 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
4314 ataAbortCurrentCommand(s, true);
4315 break;
4316 case ATA_PACKET:
4317 if (!s->fATAPI)
4318 goto abort_cmd;
4319 /* overlapping commands not supported */
4320 if (s->uATARegFeature & 0x02)
4321 goto abort_cmd;
4322 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
4323 break;
4324 case ATA_DATA_SET_MANAGEMENT:
4325 if (!s->pDrvBlock || !s->pDrvBlock->pfnDiscard)
4326 goto abort_cmd;
4327 if ( !(s->uATARegFeature & UINT8_C(0x01))
4328 || (s->uATARegFeature & ~UINT8_C(0x01)))
4329 goto abort_cmd;
4330 s->fDMA = true;
4331 ataStartTransfer(s, (s->uATARegNSectorHOB << 8 | s->uATARegNSector) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_NULL, ATAFN_SS_TRIM, false);
4332 break;
4333 default:
4334 abort_cmd:
4335 ataCmdError(s, ABRT_ERR);
4336 if (s->fATAPI)
4337 ataUnsetStatus(s, ATA_STAT_READY);
4338 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4339 break;
4340 }
4341}
4342
4343#endif /* IN_RING3 */
4344
4345/*
4346 * Note: There are four distinct cases of port I/O handling depending on
4347 * which devices (if any) are attached to an IDE channel:
4348 *
4349 * 1) No device attached. No response to writes or reads (i.e. reads return
4350 * all bits set).
4351 *
4352 * 2) Both devices attached. Reads and writes are processed normally.
4353 *
4354 * 3) Device 0 only. If device 0 is selected, normal behavior applies. But
4355 * if Device 1 is selected, writes are still directed to Device 0 (except
4356 * commands are not executed), reads from control/command registers are
4357 * directed to Device 0, but status/alt status reads return 0. If Device 1
4358 * is a PACKET device, all reads return 0. See ATAPI-6 clause 9.16.1 and
4359 * Table 18 in clause 7.1.
4360 *
4361 * 4) Device 1 only - non-standard(!). Device 1 can't tell if Device 0 is
4362 * present or not and behaves the same. That means if Device 0 is selected,
4363 * Device 1 responds to writes (except commands are not executed) but does
4364 * not respond to reads. If Device 1 selected, normal behavior applies.
4365 * See ATAPI-6 clause 9.16.2 and Table 15 in clause 7.1.
4366 */
4367
4368static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4369{
4370 Log2(("%s: LUN#%d write addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4371 addr &= 7;
4372 switch (addr)
4373 {
4374 case 0:
4375 break;
4376 case 1: /* feature register */
4377 /* NOTE: data is written to the two drives */
4378 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4379 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4380 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4381 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4382 pCtl->aIfs[0].uATARegFeature = val;
4383 pCtl->aIfs[1].uATARegFeature = val;
4384 break;
4385 case 2: /* sector count */
4386 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4387 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4388 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4389 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4390 pCtl->aIfs[0].uATARegNSector = val;
4391 pCtl->aIfs[1].uATARegNSector = val;
4392 break;
4393 case 3: /* sector number */
4394 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4395 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4396 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4397 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4398 pCtl->aIfs[0].uATARegSector = val;
4399 pCtl->aIfs[1].uATARegSector = val;
4400 break;
4401 case 4: /* cylinder low */
4402 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4403 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4404 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4405 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4406 pCtl->aIfs[0].uATARegLCyl = val;
4407 pCtl->aIfs[1].uATARegLCyl = val;
4408 break;
4409 case 5: /* cylinder high */
4410 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4411 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4412 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4413 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4414 pCtl->aIfs[0].uATARegHCyl = val;
4415 pCtl->aIfs[1].uATARegHCyl = val;
4416 break;
4417 case 6: /* drive/head */
4418 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4419 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4420 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4421 {
4422 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4423
4424 /* select another drive */
4425 pCtl->iSelectedIf = (val >> 4) & 1;
4426 /* The IRQ line is multiplexed between the two drives, so
4427 * update the state when switching to another drive. Only need
4428 * to update interrupt line if it is enabled and there is a
4429 * state change. */
4430 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4431 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4432 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4433 {
4434 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4435 {
4436 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4437 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4438 * the interrupt line is asserted. It monitors the line
4439 * for a rising edge. */
4440 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4441 if (pCtl->irq == 16)
4442 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4443 else
4444 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4445 }
4446 else
4447 {
4448 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4449 if (pCtl->irq == 16)
4450 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4451 else
4452 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4453 }
4454 }
4455 }
4456 break;
4457 default:
4458 case 7: /* command */
4459 /* ignore commands to non-existent device */
4460 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
4461 break;
4462#ifndef IN_RING3
4463 /* Don't do anything complicated in GC */
4464 return VINF_IOM_R3_IOPORT_WRITE;
4465#else /* IN_RING3 */
4466 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4467#endif /* !IN_RING3 */
4468 }
4469 return VINF_SUCCESS;
4470}
4471
4472
4473static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4474{
4475 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4476 uint32_t val;
4477 bool fHOB;
4478
4479 /* Check if the guest is reading from a non-existent device. */
4480 if (!s->pDrvBlock)
4481 {
4482 if (pCtl->iSelectedIf) /* Device 1 selected, Device 0 responding for it. */
4483 {
4484 if (!pCtl->aIfs[0].pDrvBlock) /* @todo: this case should never get here! */
4485 {
4486 Log2(("%s: addr=%#x: no device on channel\n", __FUNCTION__, addr));
4487 return VERR_IOM_IOPORT_UNUSED;
4488 }
4489 if (((addr & 7) != 1) && pCtl->aIfs[0].fATAPI) {
4490 Log2(("%s: addr=%#x, val=0: LUN#%d not attached/LUN#%d ATAPI\n", __FUNCTION__, addr,
4491 s->iLUN, pCtl->aIfs[0].iLUN));
4492 *pu32 = 0;
4493 return VINF_SUCCESS;
4494 }
4495 /* Else handle normally. */
4496 }
4497 else /* Device 0 selected (but not present). */
4498 {
4499 Log2(("%s: addr=%#x: LUN#%d not attached\n", __FUNCTION__, addr, s->iLUN));
4500 return VERR_IOM_IOPORT_UNUSED;
4501 }
4502 }
4503 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4504 switch (addr & 7)
4505 {
4506 case 0: /* data register */
4507 val = 0xff;
4508 break;
4509 case 1: /* error register */
4510 /* The ATA specification is very terse when it comes to specifying
4511 * the precise effects of reading back the error/feature register.
4512 * The error register (read-only) shares the register number with
4513 * the feature register (write-only), so it seems that it's not
4514 * necessary to support the usual HOB readback here. */
4515 if (!s->pDrvBlock)
4516 val = 0;
4517 else
4518 val = s->uATARegError;
4519 break;
4520 case 2: /* sector count */
4521 if (fHOB)
4522 val = s->uATARegNSectorHOB;
4523 else
4524 val = s->uATARegNSector;
4525 break;
4526 case 3: /* sector number */
4527 if (fHOB)
4528 val = s->uATARegSectorHOB;
4529 else
4530 val = s->uATARegSector;
4531 break;
4532 case 4: /* cylinder low */
4533 if (fHOB)
4534 val = s->uATARegLCylHOB;
4535 else
4536 val = s->uATARegLCyl;
4537 break;
4538 case 5: /* cylinder high */
4539 if (fHOB)
4540 val = s->uATARegHCylHOB;
4541 else
4542 val = s->uATARegHCyl;
4543 break;
4544 case 6: /* drive/head */
4545 /* This register must always work as long as there is at least
4546 * one drive attached to the controller. It is common between
4547 * both drives anyway (completely identical content). */
4548 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4549 val = 0;
4550 else
4551 val = s->uATARegSelect;
4552 break;
4553 default:
4554 case 7: /* primary status */
4555 {
4556 /* Counter for number of busy status seen in GC in a row. */
4557 static unsigned cBusy = 0;
4558
4559 if (!s->pDrvBlock)
4560 val = 0;
4561 else
4562 val = s->uATARegStatus;
4563
4564 /* Give the async I/O thread an opportunity to make progress,
4565 * don't let it starve by guests polling frequently. EMT has a
4566 * lower priority than the async I/O thread, but sometimes the
4567 * host OS doesn't care. With some guests we are only allowed to
4568 * be busy for about 5 milliseconds in some situations. Note that
4569 * this is no guarantee for any other VBox thread getting
4570 * scheduled, so this just lowers the CPU load a bit when drives
4571 * are busy. It cannot help with timing problems. */
4572 if (val & ATA_STAT_BUSY)
4573 {
4574#ifdef IN_RING3
4575 cBusy = 0;
4576 PDMCritSectLeave(&pCtl->lock);
4577
4578#ifndef RT_OS_WINDOWS
4579 /*
4580 * The thread might be stuck in an I/O operation
4581 * due to a high I/O load on the host. (see @bugref{3301})
4582 * To perform the reset successfully
4583 * we interrupt the operation by sending a signal to the thread
4584 * if the thread didn't responded in 10ms.
4585 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4586 * does the same but it was introduced with Vista) but so far
4587 * this hang was only observed on Linux and Mac OS X.
4588 *
4589 * This is a workaround and needs to be solved properly.
4590 */
4591 if (pCtl->fReset)
4592 {
4593 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4594
4595 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4596 {
4597 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4598 pCtl->u64ResetTime = u64ResetTimeStop;
4599 RTThreadPoke(pCtl->AsyncIOThread);
4600 }
4601 }
4602#endif
4603
4604 RTThreadYield();
4605
4606 {
4607 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4608 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4609 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4610 }
4611
4612 val = s->uATARegStatus;
4613#else /* !IN_RING3 */
4614 /* Cannot yield CPU in guest context. And switching to host
4615 * context for each and every busy status is too costly,
4616 * especially on SMP systems where we don't gain much by
4617 * yielding the CPU to someone else. */
4618 if (++cBusy >= 20)
4619 {
4620 cBusy = 0;
4621 return VINF_IOM_R3_IOPORT_READ;
4622 }
4623#endif /* !IN_RING3 */
4624 }
4625 else
4626 cBusy = 0;
4627 ataUnsetIRQ(s);
4628 break;
4629 }
4630 }
4631 Log2(("%s: LUN#%d addr=%#x val=%#04x\n", __FUNCTION__, s->iLUN, addr, val));
4632 *pu32 = val;
4633 return VINF_SUCCESS;
4634}
4635
4636
4637static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4638{
4639 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4640 uint32_t val;
4641
4642 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4643 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4644 val = 0;
4645 else
4646 val = s->uATARegStatus;
4647 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4648 return val;
4649}
4650
4651static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4652{
4653#ifndef IN_RING3
4654 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4655 return VINF_IOM_R3_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4656#endif /* !IN_RING3 */
4657
4658 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4659 /* RESET is common for both drives attached to a controller. */
4660 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4661 (val & ATA_DEVCTL_RESET))
4662 {
4663#ifdef IN_RING3
4664 /* Software RESET low to high */
4665 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4666 uint64_t uNow = RTTimeNanoTS();
4667 if (pCtl->aIfs[0].u64CmdTS)
4668 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4669 if (pCtl->aIfs[1].u64CmdTS)
4670 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4671 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4672 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4673 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4674 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4675 pCtl->fReset = true;
4676 /* Everything must be done after the reset flag is set, otherwise
4677 * there are unavoidable races with the currently executing request
4678 * (which might just finish in the mean time). */
4679 pCtl->fChainedTransfer = false;
4680 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4681 {
4682 ataResetDevice(&pCtl->aIfs[i]);
4683 /* The following cannot be done using ataSetStatusValue() since the
4684 * reset flag is already set, which suppresses all status changes. */
4685 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4686 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4687 pCtl->aIfs[i].uATARegError = 0x01;
4688 }
4689 ataAsyncIOClearRequests(pCtl);
4690 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4691 if (val & ATA_DEVCTL_HOB)
4692 {
4693 val &= ~ATA_DEVCTL_HOB;
4694 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4695 }
4696
4697 /* Save the timestamp we started the reset. */
4698 pCtl->u64ResetTime = RTTimeMilliTS();
4699
4700 /* Issue the reset request now. */
4701 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4702#else /* !IN_RING3 */
4703 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4704#endif /* IN_RING3 */
4705 }
4706 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4707 !(val & ATA_DEVCTL_RESET))
4708 {
4709#ifdef IN_RING3
4710 /* Software RESET high to low */
4711 Log(("%s: deasserting RESET\n", __FUNCTION__));
4712 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4713 if (val & ATA_DEVCTL_HOB)
4714 {
4715 val &= ~ATA_DEVCTL_HOB;
4716 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4717 }
4718 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4719#else /* !IN_RING3 */
4720 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4721#endif /* IN_RING3 */
4722 }
4723
4724 /* Change of interrupt disable flag. Update interrupt line if interrupt
4725 * is pending on the current interface. */
4726 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4727 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4728 {
4729 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4730 {
4731 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4732 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4733 * interrupt line is asserted. It monitors the line for a rising
4734 * edge. */
4735 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4736 if (pCtl->irq == 16)
4737 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4738 else
4739 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4740 }
4741 else
4742 {
4743 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4744 if (pCtl->irq == 16)
4745 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4746 else
4747 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4748 }
4749 }
4750
4751 if (val & ATA_DEVCTL_HOB)
4752 Log2(("%s: set HOB\n", __FUNCTION__));
4753
4754 pCtl->aIfs[0].uATARegDevCtl = val;
4755 pCtl->aIfs[1].uATARegDevCtl = val;
4756
4757 return VINF_SUCCESS;
4758}
4759
4760#ifdef IN_RING3
4761
4762static void ataPIOTransfer(PATACONTROLLER pCtl)
4763{
4764 ATADevState *s;
4765
4766 s = &pCtl->aIfs[pCtl->iAIOIf];
4767 Log3(("%s: if=%p\n", __FUNCTION__, s));
4768
4769 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4770 {
4771 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4772 /* Any guest OS that triggers this case has a pathetic ATA driver.
4773 * In a real system it would block the CPU via IORDY, here we do it
4774 * very similarly by not continuing with the current instruction
4775 * until the transfer to/from the storage medium is completed. */
4776 if (s->iSourceSink != ATAFN_SS_NULL)
4777 {
4778 bool fRedo;
4779 uint8_t status = s->uATARegStatus;
4780 ataSetStatusValue(s, ATA_STAT_BUSY);
4781 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4782 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4783 pCtl->fRedo = fRedo;
4784 if (RT_UNLIKELY(fRedo))
4785 return;
4786 ataSetStatusValue(s, status);
4787 s->iIOBufferCur = 0;
4788 s->iIOBufferEnd = s->cbElementaryTransfer;
4789 }
4790 }
4791 if (s->cbTotalTransfer)
4792 {
4793 if (s->fATAPITransfer)
4794 ataPIOTransferLimitATAPI(s);
4795
4796 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4797 s->cbElementaryTransfer = s->cbTotalTransfer;
4798
4799 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4800 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4801 s->cbTotalTransfer, s->cbElementaryTransfer,
4802 s->iIOBufferCur, s->iIOBufferEnd));
4803 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4804 s->cbTotalTransfer -= s->cbElementaryTransfer;
4805 s->iIOBufferCur += s->cbElementaryTransfer;
4806
4807 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4808 s->cbElementaryTransfer = s->cbTotalTransfer;
4809 }
4810 else
4811 ataPIOTransferStop(s);
4812}
4813
4814
4815DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4816{
4817 /* Do not interfere with RESET processing if the PIO transfer finishes
4818 * while the RESET line is asserted. */
4819 if (pCtl->fReset)
4820 {
4821 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4822 return;
4823 }
4824
4825 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4826 || ( s->iSourceSink != ATAFN_SS_NULL
4827 && s->iIOBufferCur >= s->iIOBufferEnd))
4828 {
4829 /* Need to continue the transfer in the async I/O thread. This is
4830 * the case for write operations or generally for not yet finished
4831 * transfers (some data might need to be read). */
4832 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4833 ataSetStatus(s, ATA_STAT_BUSY);
4834
4835 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4836 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4837 }
4838 else
4839 {
4840 /* Either everything finished (though some data might still be pending)
4841 * or some data is pending before the next read is due. */
4842
4843 /* Continue a previously started transfer. */
4844 ataUnsetStatus(s, ATA_STAT_DRQ);
4845 ataSetStatus(s, ATA_STAT_READY);
4846
4847 if (s->cbTotalTransfer)
4848 {
4849 /* There is more to transfer, happens usually for large ATAPI
4850 * reads - the protocol limits the chunk size to 65534 bytes. */
4851 ataPIOTransfer(pCtl);
4852 ataSetIRQ(s);
4853 }
4854 else
4855 {
4856 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4857 /* Finish PIO transfer. */
4858 ataPIOTransfer(pCtl);
4859 Assert(!pCtl->fRedo);
4860 }
4861 }
4862}
4863
4864#endif /* IN_RING3 */
4865
4866static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4867{
4868 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4869 uint8_t *p;
4870
4871 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4872 {
4873 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4874 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4875#ifndef IN_RING3
4876 /* All but the last transfer unit is simple enough for GC, but
4877 * sending a request to the async IO thread is too complicated. */
4878 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4879 {
4880 memcpy(p, pbBuf, cbSize);
4881 s->iIOBufferPIODataStart += cbSize;
4882 }
4883 else
4884 return VINF_IOM_R3_IOPORT_WRITE;
4885#else /* IN_RING3 */
4886 memcpy(p, pbBuf, cbSize);
4887 s->iIOBufferPIODataStart += cbSize;
4888 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4889 ataPIOTransferFinish(pCtl, s);
4890#endif /* !IN_RING3 */
4891 }
4892 else
4893 Log2(("%s: DUMMY data\n", __FUNCTION__));
4894 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4895 return VINF_SUCCESS;
4896}
4897
4898static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4899{
4900 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4901 uint8_t *p;
4902
4903 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4904 {
4905 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4906 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4907#ifndef IN_RING3
4908 /* All but the last transfer unit is simple enough for GC, but
4909 * sending a request to the async IO thread is too complicated. */
4910 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4911 {
4912 memcpy(pbBuf, p, cbSize);
4913 s->iIOBufferPIODataStart += cbSize;
4914 }
4915 else
4916 return VINF_IOM_R3_IOPORT_READ;
4917#else /* IN_RING3 */
4918 memcpy(pbBuf, p, cbSize);
4919 s->iIOBufferPIODataStart += cbSize;
4920 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4921 ataPIOTransferFinish(pCtl, s);
4922#endif /* !IN_RING3 */
4923 }
4924 else
4925 {
4926 Log2(("%s: DUMMY data\n", __FUNCTION__));
4927 memset(pbBuf, '\xff', cbSize);
4928 }
4929 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4930 return VINF_SUCCESS;
4931}
4932
4933#ifdef IN_RING3
4934
4935static void ataDMATransferStop(ATADevState *s)
4936{
4937 s->cbTotalTransfer = 0;
4938 s->cbElementaryTransfer = 0;
4939 s->iBeginTransfer = ATAFN_BT_NULL;
4940 s->iSourceSink = ATAFN_SS_NULL;
4941}
4942
4943
4944/**
4945 * Perform the entire DMA transfer in one go (unless a source/sink operation
4946 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4947 * this function cannot handle empty transfers.
4948 *
4949 * @param pCtl Controller for which to perform the transfer.
4950 */
4951static void ataDMATransfer(PATACONTROLLER pCtl)
4952{
4953 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4954 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4955 bool fRedo;
4956 RTGCPHYS32 pDesc;
4957 uint32_t cbTotalTransfer, cbElementaryTransfer;
4958 uint32_t iIOBufferCur, iIOBufferEnd;
4959 uint32_t dmalen;
4960 PDMBLOCKTXDIR uTxDir;
4961 bool fLastDesc = false;
4962
4963 Assert(sizeof(BMDMADesc) == 8);
4964
4965 fRedo = pCtl->fRedo;
4966 if (RT_LIKELY(!fRedo))
4967 Assert(s->cbTotalTransfer);
4968 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4969 cbTotalTransfer = s->cbTotalTransfer;
4970 cbElementaryTransfer = s->cbElementaryTransfer;
4971 iIOBufferCur = s->iIOBufferCur;
4972 iIOBufferEnd = s->iIOBufferEnd;
4973
4974 /* The DMA loop is designed to hold the lock only when absolutely
4975 * necessary. This avoids long freezes should the guest access the
4976 * ATA registers etc. for some reason. */
4977 PDMCritSectLeave(&pCtl->lock);
4978
4979 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4980 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4981 cbTotalTransfer, cbElementaryTransfer,
4982 iIOBufferCur, iIOBufferEnd));
4983 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4984 {
4985 BMDMADesc DMADesc;
4986 RTGCPHYS32 pBuffer;
4987 uint32_t cbBuffer;
4988
4989 if (RT_UNLIKELY(fRedo))
4990 {
4991 pBuffer = pCtl->pRedoDMABuffer;
4992 cbBuffer = pCtl->cbRedoDMABuffer;
4993 fLastDesc = pCtl->fRedoDMALastDesc;
4994 }
4995 else
4996 {
4997 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4998 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4999 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
5000 fLastDesc = !!(cbBuffer & 0x80000000);
5001 cbBuffer &= 0xfffe;
5002 if (cbBuffer == 0)
5003 cbBuffer = 0x10000;
5004 if (cbBuffer > cbTotalTransfer)
5005 cbBuffer = cbTotalTransfer;
5006 }
5007
5008 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
5009 {
5010 if (RT_LIKELY(!fRedo))
5011 {
5012 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
5013 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x orig_size=%#010x\n", __FUNCTION__,
5014 (int)pDesc, pBuffer, cbBuffer, RT_LE2H_U32(DMADesc.cbBuffer) & 0xfffe));
5015
5016 PCIATAState *pATAState = PDMINS_2_DATA(pDevIns, PCIATAState *);
5017 AssertPtr(pATAState);
5018 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
5019 PDMDevHlpPCIDevPhysWrite(&pATAState->dev, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
5020 else
5021 PDMDevHlpPCIDevPhysRead(&pATAState->dev, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
5022
5023 iIOBufferCur += dmalen;
5024 cbTotalTransfer -= dmalen;
5025 cbBuffer -= dmalen;
5026 pBuffer += dmalen;
5027 }
5028 if ( iIOBufferCur == iIOBufferEnd
5029 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
5030 {
5031 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
5032 cbElementaryTransfer = cbTotalTransfer;
5033
5034 {
5035 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5036 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5037 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5038 }
5039
5040 /* The RESET handler could have cleared the DMA transfer
5041 * state (since we didn't hold the lock until just now
5042 * the guest can continue in parallel). If so, the state
5043 * is already set up so the loop is exited immediately. */
5044 if (s->iSourceSink != ATAFN_SS_NULL)
5045 {
5046 s->iIOBufferCur = iIOBufferCur;
5047 s->iIOBufferEnd = iIOBufferEnd;
5048 s->cbElementaryTransfer = cbElementaryTransfer;
5049 s->cbTotalTransfer = cbTotalTransfer;
5050 Log2(("%s: calling source/sink function\n", __FUNCTION__));
5051 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5052 if (RT_UNLIKELY(fRedo))
5053 {
5054 pCtl->pFirstDMADesc = pDesc;
5055 pCtl->pRedoDMABuffer = pBuffer;
5056 pCtl->cbRedoDMABuffer = cbBuffer;
5057 pCtl->fRedoDMALastDesc = fLastDesc;
5058 }
5059 else
5060 {
5061 cbTotalTransfer = s->cbTotalTransfer;
5062 cbElementaryTransfer = s->cbElementaryTransfer;
5063
5064 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
5065 cbElementaryTransfer = cbTotalTransfer;
5066 iIOBufferCur = 0;
5067 iIOBufferEnd = cbElementaryTransfer;
5068 }
5069 pCtl->fRedo = fRedo;
5070 }
5071 else
5072 {
5073 /* This forces the loop to exit immediately. */
5074 pDesc = pCtl->pLastDMADesc + 1;
5075 }
5076
5077 PDMCritSectLeave(&pCtl->lock);
5078 if (RT_UNLIKELY(fRedo))
5079 break;
5080 }
5081 }
5082
5083 if (RT_UNLIKELY(fRedo))
5084 break;
5085
5086 /* end of transfer */
5087 if (!cbTotalTransfer || fLastDesc)
5088 break;
5089
5090 {
5091 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5092 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5093 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5094 }
5095
5096 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
5097 {
5098 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
5099 if (!pCtl->fReset)
5100 ataDMATransferStop(s);
5101 /* This forces the loop to exit immediately. */
5102 pDesc = pCtl->pLastDMADesc + 1;
5103 }
5104
5105 PDMCritSectLeave(&pCtl->lock);
5106 }
5107
5108 {
5109 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5110 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5111 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5112 }
5113
5114 if (RT_UNLIKELY(fRedo))
5115 return;
5116
5117 if (fLastDesc)
5118 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5119 s->cbTotalTransfer = cbTotalTransfer;
5120 s->cbElementaryTransfer = cbElementaryTransfer;
5121 s->iIOBufferCur = iIOBufferCur;
5122 s->iIOBufferEnd = iIOBufferEnd;
5123}
5124
5125/**
5126 * Signal PDM that we're idle (if we actually are).
5127 *
5128 * @param pCtl The controller.
5129 */
5130static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
5131{
5132 /*
5133 * Take the mutex here and recheck the idle indicator to avoid
5134 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
5135 */
5136 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
5137
5138 if ( pCtl->fSignalIdle
5139 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
5140 {
5141 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5142 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
5143 }
5144
5145 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
5146}
5147
5148/** Async I/O thread for an interface. Once upon a time this was readable
5149 * code with several loops and a different semaphore for each purpose. But
5150 * then came the "how can one save the state in the middle of a PIO transfer"
5151 * question. The solution was to use an ASM, which is what's there now. */
5152static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
5153{
5154 const ATARequest *pReq;
5155 uint64_t u64TS = 0; /* shut up gcc */
5156 uint64_t uWait;
5157 int rc = VINF_SUCCESS;
5158 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
5159 ATADevState *s;
5160
5161 pReq = NULL;
5162 pCtl->fChainedTransfer = false;
5163 while (!pCtl->fShutdown)
5164 {
5165 /* Keep this thread from doing anything as long as EMT is suspended. */
5166 while (pCtl->fRedoIdle)
5167 {
5168 if (pCtl->fSignalIdle)
5169 ataR3AsyncSignalIdle(pCtl);
5170 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
5171 /* Continue if we got a signal by RTThreadPoke().
5172 * We will get notified if there is a request to process.
5173 */
5174 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5175 continue;
5176 if (RT_FAILURE(rc) || pCtl->fShutdown)
5177 break;
5178
5179 pCtl->fRedoIdle = false;
5180 }
5181
5182 /* Wait for work. */
5183 while (pReq == NULL)
5184 {
5185 if (pCtl->fSignalIdle)
5186 ataR3AsyncSignalIdle(pCtl);
5187 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
5188 /* Continue if we got a signal by RTThreadPoke().
5189 * We will get notified if there is a request to process.
5190 */
5191 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5192 continue;
5193 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
5194 break;
5195
5196 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5197 }
5198
5199 if (RT_FAILURE(rc) || pCtl->fShutdown)
5200 break;
5201
5202 if (pReq == NULL)
5203 continue;
5204
5205 ATAAIO ReqType = pReq->ReqType;
5206
5207 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
5208 if (pCtl->uAsyncIOState != ReqType)
5209 {
5210 /* The new state is not the state that was expected by the normal
5211 * state changes. This is either a RESET/ABORT or there's something
5212 * really strange going on. */
5213 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
5214 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
5215 {
5216 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
5217 ataAsyncIODumpRequests(pCtl);
5218 }
5219 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
5220 }
5221
5222 /* Do our work. */
5223 {
5224 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5225 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5226 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5227 }
5228
5229 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5230 {
5231 u64TS = RTTimeNanoTS();
5232#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5233 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
5234#endif /* DEBUG || VBOX_WITH_STATISTICS */
5235 }
5236
5237 switch (ReqType)
5238 {
5239 case ATA_AIO_NEW:
5240
5241 pCtl->iAIOIf = pReq->u.t.iIf;
5242 s = &pCtl->aIfs[pCtl->iAIOIf];
5243 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
5244 s->uTxDir = pReq->u.t.uTxDir;
5245 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
5246 s->iSourceSink = pReq->u.t.iSourceSink;
5247 s->iIOBufferEnd = 0;
5248 s->u64CmdTS = u64TS;
5249
5250 if (s->fATAPI)
5251 {
5252 if (pCtl->fChainedTransfer)
5253 {
5254 /* Only count the actual transfers, not the PIO
5255 * transfer of the ATAPI command bytes. */
5256 if (s->fDMA)
5257 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
5258 else
5259 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
5260 }
5261 }
5262 else
5263 {
5264 if (s->fDMA)
5265 STAM_REL_COUNTER_INC(&s->StatATADMA);
5266 else
5267 STAM_REL_COUNTER_INC(&s->StatATAPIO);
5268 }
5269
5270 pCtl->fChainedTransfer = false;
5271
5272 if (s->iBeginTransfer != ATAFN_BT_NULL)
5273 {
5274 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5275 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
5276 s->iBeginTransfer = ATAFN_BT_NULL;
5277 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5278 s->iIOBufferEnd = s->cbElementaryTransfer;
5279 }
5280 else
5281 {
5282 s->cbElementaryTransfer = s->cbTotalTransfer;
5283 s->iIOBufferEnd = s->cbTotalTransfer;
5284 }
5285 s->iIOBufferCur = 0;
5286
5287 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5288 {
5289 if (s->iSourceSink != ATAFN_SS_NULL)
5290 {
5291 bool fRedo;
5292 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5293 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5294 pCtl->fRedo = fRedo;
5295 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5296 {
5297 /* Operation failed at the initial transfer, restart
5298 * everything from scratch by resending the current
5299 * request. Occurs very rarely, not worth optimizing. */
5300 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5301 ataAsyncIOPutRequest(pCtl, pReq);
5302 break;
5303 }
5304 }
5305 else
5306 ataCmdOK(s, 0);
5307 s->iIOBufferEnd = s->cbElementaryTransfer;
5308
5309 }
5310
5311 /* Do not go into the transfer phase if RESET is asserted.
5312 * The CritSect is released while waiting for the host OS
5313 * to finish the I/O, thus RESET is possible here. Most
5314 * important: do not change uAsyncIOState. */
5315 if (pCtl->fReset)
5316 break;
5317
5318 if (s->fDMA)
5319 {
5320 if (s->cbTotalTransfer)
5321 {
5322 ataSetStatus(s, ATA_STAT_DRQ);
5323
5324 pCtl->uAsyncIOState = ATA_AIO_DMA;
5325 /* If BMDMA is already started, do the transfer now. */
5326 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
5327 {
5328 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5329 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5330 }
5331 }
5332 else
5333 {
5334 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5335 /* Finish DMA transfer. */
5336 ataDMATransferStop(s);
5337 ataSetIRQ(s);
5338 pCtl->uAsyncIOState = ATA_AIO_NEW;
5339 }
5340 }
5341 else
5342 {
5343 if (s->cbTotalTransfer)
5344 {
5345 ataPIOTransfer(pCtl);
5346 Assert(!pCtl->fRedo);
5347 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5348 ataSetIRQ(s);
5349
5350 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5351 {
5352 /* Write operations and not yet finished transfers
5353 * must be completed in the async I/O thread. */
5354 pCtl->uAsyncIOState = ATA_AIO_PIO;
5355 }
5356 else
5357 {
5358 /* Finished read operation can be handled inline
5359 * in the end of PIO transfer handling code. Linux
5360 * depends on this, as it waits only briefly for
5361 * devices to become ready after incoming data
5362 * transfer. Cannot find anything in the ATA spec
5363 * that backs this assumption, but as all kernels
5364 * are affected (though most of the time it does
5365 * not cause any harm) this must work. */
5366 pCtl->uAsyncIOState = ATA_AIO_NEW;
5367 }
5368 }
5369 else
5370 {
5371 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5372 /* Finish PIO transfer. */
5373 ataPIOTransfer(pCtl);
5374 Assert(!pCtl->fRedo);
5375 if (!s->fATAPITransfer)
5376 ataSetIRQ(s);
5377 pCtl->uAsyncIOState = ATA_AIO_NEW;
5378 }
5379 }
5380 break;
5381
5382 case ATA_AIO_DMA:
5383 {
5384 BMDMAState *bm = &pCtl->BmDma;
5385 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5386 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
5387
5388 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
5389 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
5390 else
5391 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5392
5393 if (RT_LIKELY(!pCtl->fRedo))
5394 {
5395 /* The specs say that the descriptor table must not cross a
5396 * 4K boundary. */
5397 pCtl->pFirstDMADesc = bm->pvAddr;
5398 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
5399 }
5400 ataDMATransfer(pCtl);
5401
5402 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5403 {
5404 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5405 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5406 break;
5407 }
5408
5409 /* The infamous delay IRQ hack. */
5410 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5411 && s->cbTotalTransfer == 0
5412 && pCtl->DelayIRQMillies)
5413 {
5414 /* Delay IRQ for writing. Required to get the Win2K
5415 * installation work reliably (otherwise it crashes,
5416 * usually during component install). So far no better
5417 * solution has been found. */
5418 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5419 PDMCritSectLeave(&pCtl->lock);
5420 RTThreadSleep(pCtl->DelayIRQMillies);
5421 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5422 }
5423
5424 ataUnsetStatus(s, ATA_STAT_DRQ);
5425 Assert(!pCtl->fChainedTransfer);
5426 Assert(s->iSourceSink == ATAFN_SS_NULL);
5427 if (s->fATAPITransfer)
5428 {
5429 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5430 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5431 s->fATAPITransfer = false;
5432 }
5433 ataSetIRQ(s);
5434 pCtl->uAsyncIOState = ATA_AIO_NEW;
5435 break;
5436 }
5437
5438 case ATA_AIO_PIO:
5439 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5440
5441 if (s->iSourceSink != ATAFN_SS_NULL)
5442 {
5443 bool fRedo;
5444 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5445 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5446 pCtl->fRedo = fRedo;
5447 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5448 {
5449 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5450 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5451 break;
5452 }
5453 s->iIOBufferCur = 0;
5454 s->iIOBufferEnd = s->cbElementaryTransfer;
5455 }
5456 else
5457 {
5458 /* Continue a previously started transfer. */
5459 ataUnsetStatus(s, ATA_STAT_BUSY);
5460 ataSetStatus(s, ATA_STAT_READY);
5461 }
5462
5463 /* It is possible that the drives on this controller get RESET
5464 * during the above call to the source/sink function. If that's
5465 * the case, don't restart the transfer and don't finish it the
5466 * usual way. RESET handling took care of all that already.
5467 * Most important: do not change uAsyncIOState. */
5468 if (pCtl->fReset)
5469 break;
5470
5471 if (s->cbTotalTransfer)
5472 {
5473 ataPIOTransfer(pCtl);
5474 ataSetIRQ(s);
5475
5476 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5477 {
5478 /* Write operations and not yet finished transfers
5479 * must be completed in the async I/O thread. */
5480 pCtl->uAsyncIOState = ATA_AIO_PIO;
5481 }
5482 else
5483 {
5484 /* Finished read operation can be handled inline
5485 * in the end of PIO transfer handling code. Linux
5486 * depends on this, as it waits only briefly for
5487 * devices to become ready after incoming data
5488 * transfer. Cannot find anything in the ATA spec
5489 * that backs this assumption, but as all kernels
5490 * are affected (though most of the time it does
5491 * not cause any harm) this must work. */
5492 pCtl->uAsyncIOState = ATA_AIO_NEW;
5493 }
5494 }
5495 else
5496 {
5497 /* Finish PIO transfer. */
5498 ataPIOTransfer(pCtl);
5499 if ( !pCtl->fChainedTransfer
5500 && !s->fATAPITransfer
5501 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5502 {
5503 ataSetIRQ(s);
5504 }
5505 pCtl->uAsyncIOState = ATA_AIO_NEW;
5506 }
5507 break;
5508
5509 case ATA_AIO_RESET_ASSERTED:
5510 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5511 ataPIOTransferStop(&pCtl->aIfs[0]);
5512 ataPIOTransferStop(&pCtl->aIfs[1]);
5513 /* Do not change the DMA registers, they are not affected by the
5514 * ATA controller reset logic. It should be sufficient to issue a
5515 * new command, which is now possible as the state is cleared. */
5516 break;
5517
5518 case ATA_AIO_RESET_CLEARED:
5519 pCtl->uAsyncIOState = ATA_AIO_NEW;
5520 pCtl->fReset = false;
5521 /* Ensure that half-completed transfers are not redone. A reset
5522 * cancels the entire transfer, so continuing is wrong. */
5523 pCtl->fRedo = false;
5524 pCtl->fRedoDMALastDesc = false;
5525 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5526 ATACONTROLLER_IDX(pCtl)));
5527 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5528 {
5529 if (pCtl->aIfs[i].fATAPI)
5530 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5531 else
5532 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5533 ataSetSignature(&pCtl->aIfs[i]);
5534 }
5535 break;
5536
5537 case ATA_AIO_ABORT:
5538 /* Abort the current command no matter what. There cannot be
5539 * any command activity on the other drive otherwise using
5540 * one thread per controller wouldn't work at all. */
5541 s = &pCtl->aIfs[pReq->u.a.iIf];
5542
5543 pCtl->uAsyncIOState = ATA_AIO_NEW;
5544 /* Do not change the DMA registers, they are not affected by the
5545 * ATA controller reset logic. It should be sufficient to issue a
5546 * new command, which is now possible as the state is cleared. */
5547 if (pReq->u.a.fResetDrive)
5548 {
5549 ataResetDevice(s);
5550 ataExecuteDeviceDiagnosticSS(s);
5551 }
5552 else
5553 {
5554 /* Stop any pending DMA transfer. */
5555 s->fDMA = false;
5556 ataPIOTransferStop(s);
5557 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5558 ataSetStatus(s, ATA_STAT_READY);
5559 ataSetIRQ(s);
5560 }
5561 break;
5562
5563 default:
5564 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5565 }
5566
5567 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5568 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5569
5570 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5571 {
5572#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5573 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5574#endif /* DEBUG || VBOX_WITH_STATISTICS */
5575
5576 u64TS = RTTimeNanoTS() - u64TS;
5577 uWait = u64TS / 1000;
5578 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5579 /* Mark command as finished. */
5580 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5581
5582 /*
5583 * Release logging of command execution times depends on the
5584 * command type. ATAPI commands often take longer (due to CD/DVD
5585 * spin up time etc.) so the threshold is different.
5586 */
5587 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5588 {
5589 if (uWait > 8 * 1000 * 1000)
5590 {
5591 /*
5592 * Command took longer than 8 seconds. This is close
5593 * enough or over the guest's command timeout, so place
5594 * an entry in the release log to allow tracking such
5595 * timing errors (which are often caused by the host).
5596 */
5597 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5598 }
5599 }
5600 else
5601 {
5602 if (uWait > 20 * 1000 * 1000)
5603 {
5604 /*
5605 * Command took longer than 20 seconds. This is close
5606 * enough or over the guest's command timeout, so place
5607 * an entry in the release log to allow tracking such
5608 * timing errors (which are often caused by the host).
5609 */
5610 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5611 }
5612 }
5613
5614#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5615 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5616 pCtl->StatAsyncMinWait = uWait;
5617 if (uWait > pCtl->StatAsyncMaxWait)
5618 pCtl->StatAsyncMaxWait = uWait;
5619
5620 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5621 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5622#endif /* DEBUG || VBOX_WITH_STATISTICS */
5623 }
5624
5625 PDMCritSectLeave(&pCtl->lock);
5626 }
5627
5628 /* Signal the ultimate idleness. */
5629 RTThreadUserSignal(pCtl->AsyncIOThread);
5630 if (pCtl->fSignalIdle)
5631 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5632
5633 /* Cleanup the state. */
5634 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5635 pCtl->fShutdown = false;
5636
5637 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5638 return rc;
5639}
5640
5641#endif /* IN_RING3 */
5642
5643static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5644{
5645 uint32_t val = pCtl->BmDma.u8Cmd;
5646 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5647 return val;
5648}
5649
5650
5651static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5652{
5653 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5654 if (!(val & BM_CMD_START))
5655 {
5656 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5657 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5658 }
5659 else
5660 {
5661#ifdef IN_RING3
5662 /* Check whether the guest OS wants to change DMA direction in
5663 * mid-flight. Not allowed, according to the PIIX3 specs. */
5664 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5665 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5666 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5667 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5668
5669 /* Do not continue DMA transfers while the RESET line is asserted. */
5670 if (pCtl->fReset)
5671 {
5672 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5673 return;
5674 }
5675
5676 /* Do not start DMA transfers if there's a PIO transfer going on,
5677 * or if there is already a transfer started on this controller. */
5678 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5679 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5680 return;
5681
5682 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5683 {
5684 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5685 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5686 }
5687#else /* !IN_RING3 */
5688 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5689#endif /* IN_RING3 */
5690 }
5691}
5692
5693static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5694{
5695 uint32_t val = pCtl->BmDma.u8Status;
5696 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5697 return val;
5698}
5699
5700static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5701{
5702 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5703 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5704 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5705 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5706}
5707
5708static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5709{
5710 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5711 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5712 return val;
5713}
5714
5715static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5716{
5717 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5718 pCtl->BmDma.pvAddr = val & ~3;
5719}
5720
5721static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5722{
5723 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5724 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5725
5726}
5727
5728static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5729{
5730 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5731 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5732}
5733
5734#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5735
5736/**
5737 * Port I/O Handler for bus master DMA IN operations.
5738 * @see FNIOMIOPORTIN for details.
5739 */
5740PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5741{
5742 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5743 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5744 PATACONTROLLER pCtl = &pThis->aCts[i];
5745
5746 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5747 if (rc != VINF_SUCCESS)
5748 return rc;
5749 switch (VAL(Port, cb))
5750 {
5751 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5752 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5753 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5754 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5755 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5756 case VAL(0, 4):
5757 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5758 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5759 break;
5760 default:
5761 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5762 PDMCritSectLeave(&pCtl->lock);
5763 return VERR_IOM_IOPORT_UNUSED;
5764 }
5765 PDMCritSectLeave(&pCtl->lock);
5766 return rc;
5767}
5768
5769/**
5770 * Port I/O Handler for bus master DMA OUT operations.
5771 * @see FNIOMIOPORTOUT for details.
5772 */
5773PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5774{
5775 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5776 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5777 PATACONTROLLER pCtl = &pThis->aCts[i];
5778
5779 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5780 if (rc != VINF_SUCCESS)
5781 return rc;
5782 switch (VAL(Port, cb))
5783 {
5784 case VAL(0, 1):
5785#ifndef IN_RING3
5786 if (u32 & BM_CMD_START)
5787 {
5788 rc = VINF_IOM_R3_IOPORT_WRITE;
5789 break;
5790 }
5791#endif /* !IN_RING3 */
5792 ataBMDMACmdWriteB(pCtl, Port, u32);
5793 break;
5794 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5795 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5796 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5797 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5798 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5799 }
5800 PDMCritSectLeave(&pCtl->lock);
5801 return rc;
5802}
5803
5804#undef VAL
5805
5806#ifdef IN_RING3
5807
5808/**
5809 * Callback function for mapping an PCI I/O region.
5810 *
5811 * @return VBox status code.
5812 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5813 * @param iRegion The region number.
5814 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5815 * I/O port, else it's a physical address.
5816 * This address is *NOT* relative to pci_mem_base like earlier!
5817 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5818 */
5819static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5820{
5821 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5822 int rc = VINF_SUCCESS;
5823 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5824 Assert(iRegion == 4);
5825 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5826
5827 /* Register the port range. */
5828 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5829 {
5830 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5831 (RTHCPTR)(uintptr_t)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5832 AssertRC(rc2);
5833 if (rc2 < rc)
5834 rc = rc2;
5835
5836 if (pThis->fGCEnabled)
5837 {
5838 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5839 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5840 AssertRC(rc2);
5841 if (rc2 < rc)
5842 rc = rc2;
5843 }
5844 if (pThis->fR0Enabled)
5845 {
5846 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5847 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5848 AssertRC(rc2);
5849 if (rc2 < rc)
5850 rc = rc2;
5851 }
5852 }
5853 return rc;
5854}
5855
5856
5857/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5858
5859/**
5860 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5861 */
5862static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5863{
5864 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5865 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5866 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5867 return NULL;
5868}
5869
5870
5871/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5872
5873/**
5874 * Gets the pointer to the status LED of a unit.
5875 *
5876 * @returns VBox status code.
5877 * @param pInterface Pointer to the interface structure containing the called function pointer.
5878 * @param iLUN The unit which status LED we desire.
5879 * @param ppLed Where to store the LED pointer.
5880 */
5881static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5882{
5883 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5884 if (iLUN < 4)
5885 {
5886 switch (iLUN)
5887 {
5888 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5889 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5890 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5891 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5892 }
5893 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5894 return VINF_SUCCESS;
5895 }
5896 return VERR_PDM_LUN_NOT_FOUND;
5897}
5898
5899
5900/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5901
5902/**
5903 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5904 */
5905static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5906{
5907 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5908 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5909 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5910 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5911 return NULL;
5912}
5913
5914
5915/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5916
5917/**
5918 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5919 */
5920static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5921 uint32_t *piInstance, uint32_t *piLUN)
5922{
5923 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5924 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5925
5926 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5927 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5928 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5929
5930 *ppcszController = pDevIns->pReg->szName;
5931 *piInstance = pDevIns->iInstance;
5932 *piLUN = pIf->iLUN;
5933
5934 return VINF_SUCCESS;
5935}
5936#endif /* IN_RING3 */
5937
5938
5939/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5940
5941/**
5942 * Port I/O Handler for primary port range OUT operations.
5943 * @see FNIOMIOPORTOUT for details.
5944 */
5945PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5946{
5947 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5948 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5949 PATACONTROLLER pCtl = &pThis->aCts[i];
5950 int rc = VINF_SUCCESS;
5951
5952 Assert(i < 2);
5953
5954 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5955 if (rc != VINF_SUCCESS)
5956 return rc;
5957 if (Port == pCtl->IOPortBase1)
5958 {
5959 /* Writes to the data port may be 16-bit or 32-bit. */
5960 Assert(cb == 2 || cb == 4);
5961 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5962 }
5963 else
5964 {
5965 /* Writes to the other command block ports should be 8-bit only. If they
5966 * are not, the high bits are simply discarded. Undocumented, but observed
5967 * on a real PIIX4 system.
5968 */
5969 if (cb > 1)
5970 Log(("ataIOPortWrite1: suspect write to port %x val=%x size=%d\n", Port, u32, cb));
5971
5972 rc = ataIOPortWriteU8(pCtl, Port, u32);
5973 }
5974 PDMCritSectLeave(&pCtl->lock);
5975 return rc;
5976}
5977
5978
5979/**
5980 * Port I/O Handler for primary port range IN operations.
5981 * @see FNIOMIOPORTIN for details.
5982 */
5983PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5984{
5985 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5986 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5987 PATACONTROLLER pCtl = &pThis->aCts[i];
5988 int rc = VINF_SUCCESS;
5989
5990 Assert(i < 2);
5991
5992 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5993 if (rc != VINF_SUCCESS)
5994 return rc;
5995 if (Port == pCtl->IOPortBase1)
5996 {
5997 /* Reads from the data register may be 16-bit or 32-bit. */
5998 Assert(cb == 2 || cb == 4);
5999 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
6000 if (cb == 2)
6001 *pu32 &= 0xffff;
6002 }
6003 else
6004 {
6005 /* Reads from the other command block registers should be 8-bit only.
6006 * If they are not, the low byte is propagated to the high bits.
6007 * Undocumented, but observed on a real PIIX4 system.
6008 */
6009 rc = ataIOPortReadU8(pCtl, Port, pu32);
6010 if (cb > 1)
6011 {
6012 uint32_t pad;
6013
6014 /* Replicate the 8-bit result into the upper three bytes. */
6015 pad = *pu32 & 0xff;
6016 pad = pad | (pad << 8);
6017 pad = pad | (pad << 16);
6018 *pu32 = pad;
6019 Log(("ataIOPortRead1: suspect read from port %x size=%d\n", Port, cb));
6020 }
6021 }
6022 PDMCritSectLeave(&pCtl->lock);
6023 return rc;
6024}
6025
6026#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
6027/**
6028 * Port I/O Handler for primary port range IN string operations.
6029 * @see FNIOMIOPORTINSTRING for details.
6030 */
6031PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
6032{
6033 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6034 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6035 PATACONTROLLER pCtl = &pThis->aCts[i];
6036 int rc = VINF_SUCCESS;
6037
6038 Assert(i < 2);
6039
6040 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6041 if (rc != VINF_SUCCESS)
6042 return rc;
6043 if (Port == pCtl->IOPortBase1)
6044 {
6045 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
6046 RTGCPTR GCDst = *pGCPtrDst;
6047 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
6048 Assert(cb == 2 || cb == 4);
6049
6050 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
6051#ifndef IN_RING3
6052 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
6053 if (!cTransAvailable)
6054 {
6055 PDMCritSectLeave(&pCtl->lock);
6056 return VINF_IOM_R3_IOPORT_READ;
6057 }
6058 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
6059 cTransAvailable--;
6060#endif /* !IN_RING3 */
6061 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
6062 * They are not performance-critical and generally shouldn't occur at all. */
6063 if (cTransAvailable > cTransfer)
6064 cTransAvailable = cTransfer;
6065 cbTransfer = cTransAvailable * cb;
6066
6067 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
6068#ifndef IN_RING3
6069 /* Paranoia. */
6070 if (RT_FAILURE(rc))
6071 {
6072 PDMCritSectLeave(&pCtl->lock);
6073 AssertFailed();
6074 return VINF_IOM_R3_IOPORT_READ;
6075 }
6076#else
6077 Assert(rc == VINF_SUCCESS);
6078#endif
6079
6080 if (cbTransfer)
6081 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
6082 s->iIOBufferPIODataStart += cbTransfer;
6083 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
6084 *pcTransfer = cTransfer - cTransAvailable;
6085#ifdef IN_RING3
6086 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
6087 ataPIOTransferFinish(pCtl, s);
6088#endif /* IN_RING3 */
6089 }
6090 PDMCritSectLeave(&pCtl->lock);
6091 return rc;
6092}
6093
6094
6095/**
6096 * Port I/O Handler for primary port range OUT string operations.
6097 * @see FNIOMIOPORTOUTSTRING for details.
6098 */
6099PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
6100{
6101 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6102 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6103 PATACONTROLLER pCtl = &pThis->aCts[i];
6104 int rc;
6105
6106 Assert(i < 2);
6107
6108 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6109 if (rc != VINF_SUCCESS)
6110 return rc;
6111 if (Port == pCtl->IOPortBase1)
6112 {
6113 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
6114 RTGCPTR GCSrc = *pGCPtrSrc;
6115 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
6116 Assert(cb == 2 || cb == 4);
6117
6118 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
6119#ifndef IN_RING3
6120 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
6121 if (!cTransAvailable)
6122 {
6123 PDMCritSectLeave(&pCtl->lock);
6124 return VINF_IOM_R3_IOPORT_WRITE;
6125 }
6126 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
6127 cTransAvailable--;
6128#endif /* !IN_RING3 */
6129 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
6130 * They are not performance-critical and generally shouldn't occur at all. */
6131 if (cTransAvailable > cTransfer)
6132 cTransAvailable = cTransfer;
6133 cbTransfer = cTransAvailable * cb;
6134
6135 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
6136#ifndef IN_RING3
6137 /* Paranoia. */
6138 if (RT_FAILURE(rc))
6139 {
6140 PDMCritSectLeave(&pCtl->lock);
6141 AssertFailed();
6142 return VINF_IOM_R3_IOPORT_WRITE;
6143 }
6144#else
6145 Assert(rc == VINF_SUCCESS);
6146#endif
6147
6148 if (cbTransfer)
6149 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
6150 s->iIOBufferPIODataStart += cbTransfer;
6151 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
6152 *pcTransfer = cTransfer - cTransAvailable;
6153#ifdef IN_RING3
6154 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
6155 ataPIOTransferFinish(pCtl, s);
6156#endif /* IN_RING3 */
6157 }
6158 PDMCritSectLeave(&pCtl->lock);
6159 return rc;
6160}
6161#endif /* !IN_RING0 */
6162
6163/**
6164 * Port I/O Handler for secondary port range OUT operations.
6165 * @see FNIOMIOPORTOUT for details.
6166 */
6167PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6168{
6169 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6170 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6171 PATACONTROLLER pCtl = &pThis->aCts[i];
6172 int rc;
6173
6174 Assert(i < 2);
6175
6176 if (cb != 1)
6177 return VINF_SUCCESS;
6178 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6179 if (rc != VINF_SUCCESS)
6180 return rc;
6181 rc = ataControlWrite(pCtl, Port, u32);
6182 PDMCritSectLeave(&pCtl->lock);
6183 return rc;
6184}
6185
6186
6187/**
6188 * Port I/O Handler for secondary port range IN operations.
6189 * @see FNIOMIOPORTIN for details.
6190 */
6191PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6192{
6193 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6194 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6195 PATACONTROLLER pCtl = &pThis->aCts[i];
6196 int rc;
6197
6198 Assert(i < 2);
6199
6200 if (cb != 1)
6201 return VERR_IOM_IOPORT_UNUSED;
6202
6203 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6204 if (rc != VINF_SUCCESS)
6205 return rc;
6206 *pu32 = ataStatusRead(pCtl, Port);
6207 PDMCritSectLeave(&pCtl->lock);
6208 return VINF_SUCCESS;
6209}
6210
6211#ifdef IN_RING3
6212
6213
6214DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
6215{
6216 if (s->pbIOBufferR3)
6217 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
6218}
6219
6220
6221/**
6222 * @copydoc FNPDMDEVRELOCATE
6223 */
6224static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
6225{
6226 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6227
6228 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6229 {
6230 pThis->aCts[i].pDevInsRC += offDelta;
6231 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
6232 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
6233 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
6234 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
6235 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
6236 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
6237 }
6238}
6239
6240
6241/**
6242 * Destroy a driver instance.
6243 *
6244 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
6245 * resources can be freed correctly.
6246 *
6247 * @param pDevIns The device instance data.
6248 */
6249static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
6250{
6251 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6252 int rc;
6253
6254 Log(("ataR3Destruct\n"));
6255 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
6256
6257 /*
6258 * Tell the async I/O threads to terminate.
6259 */
6260 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6261 {
6262 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6263 {
6264 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
6265 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
6266 AssertRC(rc);
6267 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6268 AssertRC(rc);
6269 }
6270 }
6271
6272 /*
6273 * Wait for the threads to terminate before destroying their resources.
6274 */
6275 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6276 {
6277 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6278 {
6279 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
6280 if (RT_SUCCESS(rc))
6281 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6282 else
6283 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
6284 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6285 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
6286 }
6287 }
6288
6289 /*
6290 * Free resources.
6291 */
6292 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6293 {
6294 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
6295 {
6296 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
6297 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6298 }
6299 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
6300 {
6301 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
6302 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6303 }
6304 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
6305 {
6306 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
6307 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6308 }
6309
6310 /* try one final time */
6311 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6312 {
6313 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
6314 if (RT_SUCCESS(rc))
6315 {
6316 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6317 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
6318 }
6319 }
6320
6321 for (uint32_t iIf = 0; iIf < RT_ELEMENTS(pThis->aCts[i].aIfs); iIf++)
6322 {
6323 if (pThis->aCts[i].aIfs[iIf].pbCueSheet)
6324 {
6325 RTMemFree(pThis->aCts[i].aIfs[iIf].pbCueSheet);
6326 pThis->aCts[i].aIfs[iIf].pbCueSheet = NULL;
6327 }
6328 }
6329 }
6330
6331 return VINF_SUCCESS;
6332}
6333
6334
6335/**
6336 * Detach notification.
6337 *
6338 * The DVD drive has been unplugged.
6339 *
6340 * @param pDevIns The device instance.
6341 * @param iLUN The logical unit which is being detached.
6342 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6343 */
6344static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6345{
6346 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6347 PATACONTROLLER pCtl;
6348 ATADevState *pIf;
6349 unsigned iController;
6350 unsigned iInterface;
6351
6352 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6353 ("PIIX3IDE: Device does not support hotplugging\n"));
6354
6355 /*
6356 * Locate the controller and stuff.
6357 */
6358 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6359 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6360 pCtl = &pThis->aCts[iController];
6361
6362 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6363 pIf = &pCtl->aIfs[iInterface];
6364
6365 /*
6366 * Zero some important members.
6367 */
6368 pIf->pDrvBase = NULL;
6369 pIf->pDrvBlock = NULL;
6370 pIf->pDrvBlockBios = NULL;
6371 pIf->pDrvMount = NULL;
6372
6373 /*
6374 * In case there was a medium inserted.
6375 */
6376 ataMediumRemoved(pIf);
6377}
6378
6379
6380/**
6381 * Configure a LUN.
6382 *
6383 * @returns VBox status code.
6384 * @param pDevIns The device instance.
6385 * @param pIf The ATA unit state.
6386 */
6387static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
6388{
6389 int rc = VINF_SUCCESS;
6390 PDMBLOCKTYPE enmType;
6391
6392 /*
6393 * Query Block, Bios and Mount interfaces.
6394 */
6395 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
6396 if (!pIf->pDrvBlock)
6397 {
6398 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
6399 return VERR_PDM_MISSING_INTERFACE;
6400 }
6401
6402 /** @todo implement the BIOS invisible code path. */
6403 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
6404 if (!pIf->pDrvBlockBios)
6405 {
6406 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
6407 return VERR_PDM_MISSING_INTERFACE;
6408 }
6409 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
6410
6411 /*
6412 * Validate type.
6413 */
6414 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
6415 if ( enmType != PDMBLOCKTYPE_CDROM
6416 && enmType != PDMBLOCKTYPE_DVD
6417 && enmType != PDMBLOCKTYPE_HARD_DISK)
6418 {
6419 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6420 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6421 }
6422 if ( ( enmType == PDMBLOCKTYPE_DVD
6423 || enmType == PDMBLOCKTYPE_CDROM)
6424 && !pIf->pDrvMount)
6425 {
6426 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6427 return VERR_INTERNAL_ERROR;
6428 }
6429 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
6430 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
6431
6432 /*
6433 * Allocate I/O buffer.
6434 */
6435 PVM pVM = PDMDevHlpGetVM(pDevIns);
6436 if (pIf->cbIOBuffer)
6437 {
6438 /* Buffer is (probably) already allocated. Validate the fields,
6439 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6440 if (pIf->fATAPI)
6441 AssertRelease(pIf->cbIOBuffer == _128K);
6442 else
6443 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
6444 Assert(pIf->pbIOBufferR3);
6445 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6446 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6447 }
6448 else
6449 {
6450 if (pIf->fATAPI)
6451 pIf->cbIOBuffer = _128K;
6452 else
6453 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
6454 Assert(!pIf->pbIOBufferR3);
6455 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6456 if (RT_FAILURE(rc))
6457 return VERR_NO_MEMORY;
6458 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6459 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6460 }
6461
6462 /*
6463 * Init geometry (only for non-CD/DVD media).
6464 */
6465 if (pIf->fATAPI)
6466 {
6467 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
6468 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6469 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6470 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6471 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6472 }
6473 else
6474 {
6475 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
6476 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
6477 &pIf->PCHSGeometry);
6478 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6479 {
6480 pIf->PCHSGeometry.cCylinders = 0;
6481 pIf->PCHSGeometry.cHeads = 16; /*??*/
6482 pIf->PCHSGeometry.cSectors = 63; /*??*/
6483 }
6484 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6485 {
6486 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6487 rc = VINF_SUCCESS;
6488 }
6489 AssertRC(rc);
6490
6491 if ( pIf->PCHSGeometry.cCylinders == 0
6492 || pIf->PCHSGeometry.cHeads == 0
6493 || pIf->PCHSGeometry.cSectors == 0
6494 )
6495 {
6496 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6497 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6498 pIf->PCHSGeometry.cHeads = 16;
6499 pIf->PCHSGeometry.cSectors = 63;
6500 /* Set the disk geometry information. Ignore errors. */
6501 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
6502 &pIf->PCHSGeometry);
6503 rc = VINF_SUCCESS;
6504 }
6505 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
6506
6507 if (pIf->pDrvBlock->pfnDiscard)
6508 LogRel(("PIIX3 ATA: LUN#%d: TRIM enabled\n", pIf->iLUN));
6509 }
6510 return rc;
6511}
6512
6513
6514/**
6515 * Attach command.
6516 *
6517 * This is called when we change block driver for the DVD drive.
6518 *
6519 * @returns VBox status code.
6520 * @param pDevIns The device instance.
6521 * @param iLUN The logical unit which is being detached.
6522 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6523 */
6524static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6525{
6526 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6527 PATACONTROLLER pCtl;
6528 ATADevState *pIf;
6529 int rc;
6530 unsigned iController;
6531 unsigned iInterface;
6532
6533 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6534 ("PIIX3IDE: Device does not support hotplugging\n"),
6535 VERR_INVALID_PARAMETER);
6536
6537 /*
6538 * Locate the controller and stuff.
6539 */
6540 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6541 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6542 pCtl = &pThis->aCts[iController];
6543
6544 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6545 pIf = &pCtl->aIfs[iInterface];
6546
6547 /* the usual paranoia */
6548 AssertRelease(!pIf->pDrvBase);
6549 AssertRelease(!pIf->pDrvBlock);
6550 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6551 Assert(pIf->iLUN == iLUN);
6552
6553 /*
6554 * Try attach the block device and get the interfaces,
6555 * required as well as optional.
6556 */
6557 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6558 if (RT_SUCCESS(rc))
6559 {
6560 rc = ataConfigLun(pDevIns, pIf);
6561 /*
6562 * In case there is a medium inserted.
6563 */
6564 ataMediumInserted(pIf);
6565 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
6566 }
6567 else
6568 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6569
6570 if (RT_FAILURE(rc))
6571 {
6572 pIf->pDrvBase = NULL;
6573 pIf->pDrvBlock = NULL;
6574 }
6575 return rc;
6576}
6577
6578
6579/**
6580 * Resume notification.
6581 *
6582 * @returns VBox status.
6583 * @param pDevIns The device instance data.
6584 */
6585static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6586{
6587 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6588 int rc;
6589
6590 Log(("%s:\n", __FUNCTION__));
6591 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6592 {
6593 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6594 {
6595 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6596 AssertRC(rc);
6597 }
6598 }
6599 return;
6600}
6601
6602
6603/**
6604 * Checks if all (both) the async I/O threads have quiesced.
6605 *
6606 * @returns true on success.
6607 * @returns false when one or more threads is still processing.
6608 * @param pThis Pointer to the instance data.
6609 */
6610static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6611{
6612 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6613
6614 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6615 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6616 {
6617 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6618 if (!fRc)
6619 {
6620 /* Make it signal PDM & itself when its done */
6621 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6622 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6623 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6624 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6625 if (!fRc)
6626 {
6627#if 0 /** @todo Need to do some time tracking here... */
6628 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6629 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6630 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6631#endif
6632 return false;
6633 }
6634 }
6635 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6636 }
6637 return true;
6638}
6639
6640
6641/**
6642 * Callback employed by ataSuspend and ataR3PowerOff.
6643 *
6644 * @returns true if we've quiesced, false if we're still working.
6645 * @param pDevIns The device instance.
6646 */
6647static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6648{
6649 return ataR3AllAsyncIOIsIdle(pDevIns);
6650}
6651
6652
6653/**
6654 * Common worker for ataSuspend and ataR3PowerOff.
6655 */
6656static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6657{
6658 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6659 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6660}
6661
6662
6663/**
6664 * Power Off notification.
6665 *
6666 * @returns VBox status.
6667 * @param pDevIns The device instance data.
6668 */
6669static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6670{
6671 Log(("%s:\n", __FUNCTION__));
6672 ataR3SuspendOrPowerOff(pDevIns);
6673}
6674
6675
6676/**
6677 * Suspend notification.
6678 *
6679 * @returns VBox status.
6680 * @param pDevIns The device instance data.
6681 */
6682static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6683{
6684 Log(("%s:\n", __FUNCTION__));
6685 ataR3SuspendOrPowerOff(pDevIns);
6686}
6687
6688
6689/**
6690 * Callback employed by ataR3Reset.
6691 *
6692 * @returns true if we've quiesced, false if we're still working.
6693 * @param pDevIns The device instance.
6694 */
6695static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6696{
6697 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6698
6699 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6700 return false;
6701
6702 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6703 {
6704 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6705 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6706 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6707 PDMCritSectLeave(&pThis->aCts[i].lock);
6708 }
6709 return true;
6710}
6711
6712
6713/**
6714 * Common reset worker for ataR3Reset and ataR3Construct.
6715 *
6716 * @returns VBox status.
6717 * @param pDevIns The device instance data.
6718 * @param fConstruct Indicates who is calling.
6719 */
6720static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6721{
6722 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6723
6724 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6725 {
6726 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6727
6728 pThis->aCts[i].iSelectedIf = 0;
6729 pThis->aCts[i].iAIOIf = 0;
6730 pThis->aCts[i].BmDma.u8Cmd = 0;
6731 /* Report that both drives present on the bus are in DMA mode. This
6732 * pretends that there is a BIOS that has set it up. Normal reset
6733 * default is 0x00. */
6734 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6735 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6736 pThis->aCts[i].BmDma.pvAddr = 0;
6737
6738 pThis->aCts[i].fReset = true;
6739 pThis->aCts[i].fRedo = false;
6740 pThis->aCts[i].fRedoIdle = false;
6741 ataAsyncIOClearRequests(&pThis->aCts[i]);
6742 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6743 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6744 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6745
6746 PDMCritSectLeave(&pThis->aCts[i].lock);
6747 }
6748
6749 int rcRet = VINF_SUCCESS;
6750 if (!fConstruct)
6751 {
6752 /*
6753 * Setup asynchronous notification completion if the requests haven't
6754 * completed yet.
6755 */
6756 if (!ataR3IsAsyncResetDone(pDevIns))
6757 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6758 }
6759 else
6760 {
6761 /*
6762 * Wait for the requests for complete.
6763 *
6764 * Would be real nice if we could do it all from EMT(0) and not
6765 * involve the worker threads, then we could dispense with all the
6766 * waiting and semaphore ping-pong here...
6767 */
6768 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6769 {
6770 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6771 {
6772 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6773 AssertRC(rc);
6774
6775 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6776 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6777 AssertRC(rc);
6778
6779 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6780 AssertRC(rc);
6781
6782 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6783 {
6784 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6785 if (RT_FAILURE(rc))
6786 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6787 if (RT_FAILURE(rc))
6788 {
6789 AssertRC(rc);
6790 rcRet = rc;
6791 }
6792 }
6793 }
6794 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6795 }
6796 if (RT_SUCCESS(rcRet))
6797 {
6798 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6799 AssertRC(rcRet);
6800 }
6801 }
6802 return rcRet;
6803}
6804
6805
6806/**
6807 * Reset notification.
6808 *
6809 * @param pDevIns The device instance data.
6810 */
6811static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6812{
6813 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6814}
6815
6816
6817/**
6818 * Prepare state save and load operation.
6819 *
6820 * @returns VBox status code.
6821 * @param pDevIns Device instance of the device which registered the data unit.
6822 * @param pSSM SSM operation handle.
6823 */
6824static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6825{
6826 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6827
6828 /* sanity - the suspend notification will wait on the async stuff. */
6829 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6830 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6831 ("i=%u\n", i),
6832 VERR_SSM_IDE_ASYNC_TIMEOUT);
6833 return VINF_SUCCESS;
6834}
6835
6836/**
6837 * @copydoc FNSSMDEVLIVEEXEC
6838 */
6839static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6840{
6841 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6842
6843 SSMR3PutU8(pSSM, pThis->u8Type);
6844 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6845 {
6846 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6847 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6848 {
6849 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6850 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6851 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6852 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6853 }
6854 }
6855
6856 return VINF_SSM_DONT_CALL_AGAIN;
6857}
6858
6859
6860/**
6861 * @copydoc FNSSMDEVSAVEEXEC
6862 */
6863static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6864{
6865 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6866
6867 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6868
6869 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6870 {
6871 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6872 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6873 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6874 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6875 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6876 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6877 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6878 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6879 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6880 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6881 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6882 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6883 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6884
6885 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6886 {
6887 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6888 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6889 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6890 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6891 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6892 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6893 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6894 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6895 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6896 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6897 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6898 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6899 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6900 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6901 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6902 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6903 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6904 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6905 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6906 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6907 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6908 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6909 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6910 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6911 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6912 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6913 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6914 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6915 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6916 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6917 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6918 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6919 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6920 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6921 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6922 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6923 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6924 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6925 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6926 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6927 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6928 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6929 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6930 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6931 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6932 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6933 else
6934 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6935 }
6936 }
6937
6938 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6939}
6940
6941/**
6942 * Converts the LUN number into a message string.
6943 */
6944static const char *ataStringifyLun(unsigned iLun)
6945{
6946 switch (iLun)
6947 {
6948 case 0: return "primary master";
6949 case 1: return "primary slave";
6950 case 2: return "secondary master";
6951 case 3: return "secondary slave";
6952 default: AssertFailedReturn("unknown lun");
6953 }
6954}
6955
6956/**
6957 * FNSSMDEVLOADEXEC
6958 */
6959static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6960{
6961 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6962 int rc;
6963 uint32_t u32;
6964
6965 if ( uVersion != ATA_SAVED_STATE_VERSION
6966 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6967 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6968 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6969 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6970 {
6971 AssertMsgFailed(("uVersion=%d\n", uVersion));
6972 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6973 }
6974
6975 /*
6976 * Verify the configuration.
6977 */
6978 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6979 {
6980 uint8_t u8Type;
6981 rc = SSMR3GetU8(pSSM, &u8Type);
6982 AssertRCReturn(rc, rc);
6983 if (u8Type != pThis->u8Type)
6984 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6985
6986 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6987 {
6988 bool fEnabled;
6989 rc = SSMR3GetBool(pSSM, &fEnabled);
6990 AssertRCReturn(rc, rc);
6991 if (!fEnabled)
6992 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6993
6994 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6995 {
6996 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6997
6998 bool fInUse;
6999 rc = SSMR3GetBool(pSSM, &fInUse);
7000 AssertRCReturn(rc, rc);
7001 if (fInUse != (pIf->pDrvBase != NULL))
7002 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
7003 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
7004 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
7005
7006 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
7007 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
7008 AssertRCReturn(rc, rc);
7009 if (strcmp(szSerialNumber, pIf->szSerialNumber))
7010 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
7011 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
7012
7013 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
7014 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
7015 AssertRCReturn(rc, rc);
7016 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
7017 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
7018 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
7019
7020 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
7021 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
7022 AssertRCReturn(rc, rc);
7023 if (strcmp(szModelNumber, pIf->szModelNumber))
7024 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
7025 pIf->iLUN, szModelNumber, pIf->szModelNumber));
7026 }
7027 }
7028 }
7029 if (uPass != SSM_PASS_FINAL)
7030 return VINF_SUCCESS;
7031
7032 /*
7033 * Restore valid parts of the PCIATAState structure
7034 */
7035 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7036 {
7037 /* integrity check */
7038 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
7039 {
7040 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
7041 return VERR_INTERNAL_ERROR_4;
7042 }
7043
7044 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
7045 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
7046 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
7047 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
7048 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
7049 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
7050 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
7051 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
7052 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
7053 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
7054 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
7055 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
7056 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
7057
7058 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7059 {
7060 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
7061 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
7062 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
7063 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
7064 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
7065 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
7066 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
7067 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
7068 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
7069 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
7070 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
7071 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
7072 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
7073 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
7074 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
7075 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
7076 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
7077 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
7078 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
7079 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
7080 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
7081 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
7082 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
7083 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
7084 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
7085 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
7086 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
7087 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
7088 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
7089 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
7090 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
7091 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
7092 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
7093 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
7094 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
7095 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
7096 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
7097 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
7098 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
7099 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
7100 {
7101 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
7102 }
7103 else
7104 {
7105 uint8_t uATAPISenseKey, uATAPIASC;
7106 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
7107 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
7108 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
7109 SSMR3GetU8(pSSM, &uATAPISenseKey);
7110 SSMR3GetU8(pSSM, &uATAPIASC);
7111 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
7112 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
7113 }
7114 /** @todo triple-check this hack after passthrough is working */
7115 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
7116 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
7117 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
7118 else
7119 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
7120 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
7121 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
7122 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
7123 {
7124 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
7125 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
7126 else
7127 {
7128 LogRel(("ATA: No buffer for %d/%d\n", i, j));
7129 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
7130 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
7131
7132 /* skip the buffer if we're loading for the debugger / animator. */
7133 uint8_t u8Ignored;
7134 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
7135 while (cbLeft-- > 0)
7136 SSMR3GetU8(pSSM, &u8Ignored);
7137 }
7138 }
7139 else
7140 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
7141 }
7142 }
7143 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
7144 SSMR3GetU8(pSSM, &pThis->u8Type);
7145
7146 rc = SSMR3GetU32(pSSM, &u32);
7147 if (RT_FAILURE(rc))
7148 return rc;
7149 if (u32 != ~0U)
7150 {
7151 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
7152 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
7153 return rc;
7154 }
7155
7156 return VINF_SUCCESS;
7157}
7158
7159/**
7160 * Convert config value to DEVPCBIOSBOOT.
7161 *
7162 * @returns VBox status code.
7163 * @param pDevIns The device instance data.
7164 * @param pCfg Configuration handle.
7165 * @param penmChipset Where to store the chipset type.
7166 */
7167static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
7168{
7169 char szType[20];
7170
7171 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
7172 if (RT_FAILURE(rc))
7173 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7174 N_("Configuration error: Querying \"Type\" as a string failed"));
7175 if (!strcmp(szType, "PIIX3"))
7176 *penmChipset = CHIPSET_PIIX3;
7177 else if (!strcmp(szType, "PIIX4"))
7178 *penmChipset = CHIPSET_PIIX4;
7179 else if (!strcmp(szType, "ICH6"))
7180 *penmChipset = CHIPSET_ICH6;
7181 else
7182 {
7183 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7184 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
7185 szType);
7186 rc = VERR_INTERNAL_ERROR;
7187 }
7188 return rc;
7189}
7190
7191
7192/**
7193 * @interface_method_impl{PDMDEVREG,pfnConstruct}
7194 */
7195static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
7196{
7197 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7198 PPDMIBASE pBase;
7199 int rc;
7200 bool fGCEnabled;
7201 bool fR0Enabled;
7202 uint32_t DelayIRQMillies;
7203
7204 Assert(iInstance == 0);
7205 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
7206
7207 /*
7208 * Initialize NIL handle values (for the destructor).
7209 */
7210 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7211 {
7212 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
7213 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7214 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
7215 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7216 }
7217
7218 /*
7219 * Validate and read configuration.
7220 */
7221 if (!CFGMR3AreValuesValid(pCfg,
7222 "GCEnabled\0"
7223 "R0Enabled\0"
7224 "IRQDelay\0"
7225 "Type\0")
7226 /** @todo || invalid keys */)
7227 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
7228 N_("PIIX3 configuration error: unknown option specified"));
7229
7230 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
7231 if (RT_FAILURE(rc))
7232 return PDMDEV_SET_ERROR(pDevIns, rc,
7233 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
7234 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
7235
7236 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
7237 if (RT_FAILURE(rc))
7238 return PDMDEV_SET_ERROR(pDevIns, rc,
7239 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
7240 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
7241
7242 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
7243 if (RT_FAILURE(rc))
7244 return PDMDEV_SET_ERROR(pDevIns, rc,
7245 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
7246 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
7247 Assert(DelayIRQMillies < 50);
7248
7249 CHIPSET enmChipset = CHIPSET_PIIX3;
7250 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
7251 if (RT_FAILURE(rc))
7252 return rc;
7253 pThis->u8Type = (uint8_t)enmChipset;
7254
7255 /*
7256 * Initialize data (most of it anyway).
7257 */
7258 /* Status LUN. */
7259 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
7260 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
7261
7262 /* PCI configuration space. */
7263 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
7264
7265 /*
7266 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
7267 * as it explicitly checks for PCI id for IDE controllers.
7268 */
7269 switch (pThis->u8Type)
7270 {
7271 case CHIPSET_ICH6:
7272 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
7273 /** @todo: do we need it? Do we need anything else? */
7274 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7275 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7276 pThis->dev.config[0x4B] = 0x00;
7277 {
7278 /*
7279 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
7280 * Report
7281 * WR_Ping-Pong_EN: must be set
7282 * PCR0, PCR1: 80-pin primary cable reporting for both disks
7283 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
7284 */
7285 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
7286 pThis->dev.config[0x54] = u16Config & 0xff;
7287 pThis->dev.config[0x55] = u16Config >> 8;
7288 }
7289 break;
7290 case CHIPSET_PIIX4:
7291 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
7292 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
7293 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7294 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7295 pThis->dev.config[0x4B] = 0x00;
7296 break;
7297 case CHIPSET_PIIX3:
7298 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
7299 break;
7300 default:
7301 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
7302 }
7303
7304 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
7305 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
7306 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
7307 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
7308 PCIDevSetHeaderType(&pThis->dev, 0x00);
7309
7310 pThis->pDevIns = pDevIns;
7311 pThis->fGCEnabled = fGCEnabled;
7312 pThis->fR0Enabled = fR0Enabled;
7313 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7314 {
7315 pThis->aCts[i].pDevInsR3 = pDevIns;
7316 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7317 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7318 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
7319 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7320 {
7321 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7322
7323 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
7324 pIf->pDevInsR3 = pDevIns;
7325 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7326 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7327 pIf->pControllerR3 = &pThis->aCts[i];
7328 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7329 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7330 pIf->IBase.pfnQueryInterface = ataQueryInterface;
7331 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
7332 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
7333 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
7334 pIf->Led.u32Magic = PDMLED_MAGIC;
7335 }
7336 }
7337
7338 Assert(RT_ELEMENTS(pThis->aCts) == 2);
7339 pThis->aCts[0].irq = 14;
7340 pThis->aCts[0].IOPortBase1 = 0x1f0;
7341 pThis->aCts[0].IOPortBase2 = 0x3f6;
7342 pThis->aCts[1].irq = 15;
7343 pThis->aCts[1].IOPortBase1 = 0x170;
7344 pThis->aCts[1].IOPortBase2 = 0x376;
7345
7346 /*
7347 * Register the PCI device.
7348 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
7349 * device the slot next to itself.
7350 */
7351 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
7352 if (RT_FAILURE(rc))
7353 return PDMDEV_SET_ERROR(pDevIns, rc,
7354 N_("PIIX3 cannot register PCI device"));
7355 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
7356 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
7357 if (RT_FAILURE(rc))
7358 return PDMDEV_SET_ERROR(pDevIns, rc,
7359 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
7360
7361 /*
7362 * Register the I/O ports.
7363 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
7364 */
7365 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7366 {
7367 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)(uintptr_t)i,
7368 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
7369 if (RT_FAILURE(rc))
7370 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
7371
7372 if (fGCEnabled)
7373 {
7374 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
7375 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7376 if (RT_FAILURE(rc))
7377 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
7378 }
7379
7380 if (fR0Enabled)
7381 {
7382#if 1
7383 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7384 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
7385#else
7386 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7387 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7388#endif
7389 if (RT_FAILURE(rc))
7390 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
7391 }
7392
7393 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
7394 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
7395 if (RT_FAILURE(rc))
7396 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
7397
7398 if (fGCEnabled)
7399 {
7400 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
7401 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7402 if (RT_FAILURE(rc))
7403 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
7404 }
7405 if (fR0Enabled)
7406 {
7407 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
7408 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7409 if (RT_FAILURE(rc))
7410 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
7411 }
7412
7413 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7414 {
7415 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7416 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7417 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
7418 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7419 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
7420 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7421 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7422 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7423 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7424#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7425 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7426 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7427#endif
7428 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7429 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7430#ifdef VBOX_INSTRUMENT_DMA_WRITES
7431 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7432 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7433#endif
7434#ifdef VBOX_WITH_STATISTICS
7435 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7436 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7437#endif
7438 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7439 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7440#ifdef VBOX_WITH_STATISTICS
7441 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7442 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7443#endif
7444 }
7445#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7446 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7447 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7448 /** @todo STAMUNIT_MICROSECS */
7449 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7450 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7451 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7452 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7453 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7454 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7455 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7456 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7457 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7458 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7459#endif /* VBOX_WITH_STATISTICS */
7460
7461 /* Initialize per-controller critical section */
7462 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA#%u", i);
7463 if (RT_FAILURE(rc))
7464 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
7465 }
7466
7467 /*
7468 * Attach status driver (optional).
7469 */
7470 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7471 if (RT_SUCCESS(rc))
7472 {
7473 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7474 pThis->pMediaNotify = PDMIBASE_QUERY_INTERFACE(pBase, PDMIMEDIANOTIFY);
7475 }
7476 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7477 {
7478 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7479 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7480 }
7481
7482 /*
7483 * Attach the units.
7484 */
7485 uint32_t cbTotalBuffer = 0;
7486 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7487 {
7488 PATACONTROLLER pCtl = &pThis->aCts[i];
7489
7490 /*
7491 * Start the worker thread.
7492 */
7493 pCtl->uAsyncIOState = ATA_AIO_NEW;
7494 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
7495 AssertLogRelRCReturn(rc, rc);
7496 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7497 AssertLogRelRCReturn(rc, rc);
7498 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
7499 AssertLogRelRCReturn(rc, rc);
7500 ataAsyncIOClearRequests(pCtl);
7501 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
7502 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7503 AssertLogRelRCReturn(rc, rc);
7504 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
7505 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
7506
7507 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7508 {
7509 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7510 {
7511 { "Primary Master", "Primary Slave" },
7512 { "Secondary Master", "Secondary Slave" }
7513 };
7514
7515 /*
7516 * Try attach the block device and get the interfaces,
7517 * required as well as optional.
7518 */
7519 ATADevState *pIf = &pCtl->aIfs[j];
7520
7521 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7522 if (RT_SUCCESS(rc))
7523 {
7524 rc = ataConfigLun(pDevIns, pIf);
7525 if (RT_SUCCESS(rc))
7526 {
7527 /*
7528 * Init vendor product data.
7529 */
7530 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7531 {
7532 { "PrimaryMaster", "PrimarySlave" },
7533 { "SecondaryMaster", "SecondarySlave" }
7534 };
7535
7536 /* Generate a default serial number. */
7537 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7538 RTUUID Uuid;
7539 if (pIf->pDrvBlock)
7540 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
7541 else
7542 RTUuidClear(&Uuid);
7543
7544 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7545 {
7546 /* Generate a predictable serial for drives which don't have a UUID. */
7547 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7548 pIf->iLUN + pDevIns->iInstance * 32,
7549 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7550 }
7551 else
7552 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7553
7554 /* Get user config if present using defaults otherwise. */
7555 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7556 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7557 szSerial);
7558 if (RT_FAILURE(rc))
7559 {
7560 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7561 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7562 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7563 return PDMDEV_SET_ERROR(pDevIns, rc,
7564 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7565 }
7566
7567 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7568 "1.0");
7569 if (RT_FAILURE(rc))
7570 {
7571 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7572 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7573 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7574 return PDMDEV_SET_ERROR(pDevIns, rc,
7575 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7576 }
7577
7578 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7579 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7580 if (RT_FAILURE(rc))
7581 {
7582 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7583 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7584 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7585 return PDMDEV_SET_ERROR(pDevIns, rc,
7586 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7587 }
7588
7589 rc = CFGMR3QueryBoolDef(pCfgNode, "NonRotationalMedium", &pIf->fNonRotational, false);
7590 if (RT_FAILURE(rc))
7591 return PDMDEV_SET_ERROR(pDevIns, rc,
7592 N_("PIIX3 configuration error: failed to read \"NonRotationalMedium\" as boolean"));
7593
7594 /* There are three other identification strings for CD drives used for INQUIRY */
7595 if (pIf->fATAPI)
7596 {
7597 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7598 "VBOX");
7599 if (RT_FAILURE(rc))
7600 {
7601 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7602 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7603 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7604 return PDMDEV_SET_ERROR(pDevIns, rc,
7605 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7606 }
7607
7608 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7609 "CD-ROM");
7610 if (RT_FAILURE(rc))
7611 {
7612 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7613 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7614 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7615 return PDMDEV_SET_ERROR(pDevIns, rc,
7616 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7617 }
7618
7619 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7620 "1.0");
7621 if (RT_FAILURE(rc))
7622 {
7623 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7624 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7625 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7626 return PDMDEV_SET_ERROR(pDevIns, rc,
7627 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7628 }
7629
7630 rc = CFGMR3QueryBoolDef(pCfgNode, "OverwriteInquiry", &pIf->fOverwriteInquiry, true);
7631 if (RT_FAILURE(rc))
7632 return PDMDEV_SET_ERROR(pDevIns, rc,
7633 N_("PIIX3 configuration error: failed to read \"OverwriteInquiry\" as boolean"));
7634 }
7635 }
7636
7637 }
7638 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7639 {
7640 pIf->pDrvBase = NULL;
7641 pIf->pDrvBlock = NULL;
7642 pIf->cbIOBuffer = 0;
7643 pIf->pbIOBufferR3 = NULL;
7644 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7645 pIf->pbIOBufferRC = NIL_RTGCPTR;
7646 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7647 }
7648 else
7649 {
7650 switch (rc)
7651 {
7652 case VERR_ACCESS_DENIED:
7653 /* Error already cached by DrvHostBase */
7654 return rc;
7655 default:
7656 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7657 N_("PIIX3 cannot attach drive to the %s"),
7658 s_apszDescs[i][j]);
7659 }
7660 }
7661 cbTotalBuffer += pIf->cbIOBuffer;
7662 }
7663 }
7664
7665 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7666 NULL, ataLiveExec, NULL,
7667 ataSaveLoadPrep, ataSaveExec, NULL,
7668 ataSaveLoadPrep, ataLoadExec, NULL);
7669 if (RT_FAILURE(rc))
7670 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7671
7672 /*
7673 * Initialize the device state.
7674 */
7675 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7676}
7677
7678
7679/**
7680 * The device registration structure.
7681 */
7682const PDMDEVREG g_DevicePIIX3IDE =
7683{
7684 /* u32Version */
7685 PDM_DEVREG_VERSION,
7686 /* szName */
7687 "piix3ide",
7688 /* szRCMod */
7689 "VBoxDDGC.gc",
7690 /* szR0Mod */
7691 "VBoxDDR0.r0",
7692 /* pszDescription */
7693 "Intel PIIX3 ATA controller.\n"
7694 " LUN #0 is primary master.\n"
7695 " LUN #1 is primary slave.\n"
7696 " LUN #2 is secondary master.\n"
7697 " LUN #3 is secondary slave.\n"
7698 " LUN #999 is the LED/Status connector.",
7699 /* fFlags */
7700 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7701 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7702 /* fClass */
7703 PDM_DEVREG_CLASS_STORAGE,
7704 /* cMaxInstances */
7705 1,
7706 /* cbInstance */
7707 sizeof(PCIATAState),
7708 /* pfnConstruct */
7709 ataR3Construct,
7710 /* pfnDestruct */
7711 ataR3Destruct,
7712 /* pfnRelocate */
7713 ataR3Relocate,
7714 /* pfnIOCtl */
7715 NULL,
7716 /* pfnPowerOn */
7717 NULL,
7718 /* pfnReset */
7719 ataR3Reset,
7720 /* pfnSuspend */
7721 ataR3Suspend,
7722 /* pfnResume */
7723 ataR3Resume,
7724 /* pfnAttach */
7725 ataR3Attach,
7726 /* pfnDetach */
7727 ataR3Detach,
7728 /* pfnQueryInterface. */
7729 NULL,
7730 /* pfnInitComplete */
7731 NULL,
7732 /* pfnPowerOff */
7733 ataR3PowerOff,
7734 /* pfnSoftReset */
7735 NULL,
7736 /* u32VersionEnd */
7737 PDM_DEVREG_VERSION
7738};
7739#endif /* IN_RING3 */
7740#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette