VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 42975

Last change on this file since 42975 was 42959, checked in by vboxsync, 12 years ago

ATAPI/Passthrough: Revert decrease of required transfer size when detecting the disk type
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 293.3 KB
Line 
1/* $Id: DevATA.cpp 42959 2012-08-23 18:27:02Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2011 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "VBoxDD.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/* Media track type */
102#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
103#define ATA_MEDIA_TYPE_DATA 1 /**< Data CD */
104#define ATA_MEDIA_TYPE_CDDA 2 /**< CD-DA (audio) CD type */
105#define ATA_MEDIA_NO_DISC 0x70 /**< Door closed, no medium */
106
107/*******************************************************************************
108* Structures and Typedefs *
109*******************************************************************************/
110/**
111 * The state of an ATA device.
112 *
113 * @implements PDMIBASE
114 * @implements PDMIBLOCKPORT
115 * @implements PDMIMOUNTNOTIFY
116 */
117typedef struct ATADevState
118{
119 /** Flag indicating whether the current command uses LBA48 mode. */
120 bool fLBA48;
121 /** Flag indicating whether this drive implements the ATAPI command set. */
122 bool fATAPI;
123 /** Set if this interface has asserted the IRQ. */
124 bool fIrqPending;
125 /** Currently configured number of sectors in a multi-sector transfer. */
126 uint8_t cMultSectors;
127 /** PCHS disk geometry. */
128 PDMMEDIAGEOMETRY PCHSGeometry;
129 /** Total number of sectors on this disk. */
130 uint64_t cTotalSectors;
131 /** Number of sectors to transfer per IRQ. */
132 uint32_t cSectorsPerIRQ;
133
134 /** ATA/ATAPI register 1: feature (write-only). */
135 uint8_t uATARegFeature;
136 /** ATA/ATAPI register 1: feature, high order byte. */
137 uint8_t uATARegFeatureHOB;
138 /** ATA/ATAPI register 1: error (read-only). */
139 uint8_t uATARegError;
140 /** ATA/ATAPI register 2: sector count (read/write). */
141 uint8_t uATARegNSector;
142 /** ATA/ATAPI register 2: sector count, high order byte. */
143 uint8_t uATARegNSectorHOB;
144 /** ATA/ATAPI register 3: sector (read/write). */
145 uint8_t uATARegSector;
146 /** ATA/ATAPI register 3: sector, high order byte. */
147 uint8_t uATARegSectorHOB;
148 /** ATA/ATAPI register 4: cylinder low (read/write). */
149 uint8_t uATARegLCyl;
150 /** ATA/ATAPI register 4: cylinder low, high order byte. */
151 uint8_t uATARegLCylHOB;
152 /** ATA/ATAPI register 5: cylinder high (read/write). */
153 uint8_t uATARegHCyl;
154 /** ATA/ATAPI register 5: cylinder high, high order byte. */
155 uint8_t uATARegHCylHOB;
156 /** ATA/ATAPI register 6: select drive/head (read/write). */
157 uint8_t uATARegSelect;
158 /** ATA/ATAPI register 7: status (read-only). */
159 uint8_t uATARegStatus;
160 /** ATA/ATAPI register 7: command (write-only). */
161 uint8_t uATARegCommand;
162 /** ATA/ATAPI drive control register (write-only). */
163 uint8_t uATARegDevCtl;
164
165 /** Currently active transfer mode (MDMA/UDMA) and speed. */
166 uint8_t uATATransferMode;
167 /** Current transfer direction. */
168 uint8_t uTxDir;
169 /** Index of callback for begin transfer. */
170 uint8_t iBeginTransfer;
171 /** Index of callback for source/sink of data. */
172 uint8_t iSourceSink;
173 /** Flag indicating whether the current command transfers data in DMA mode. */
174 bool fDMA;
175 /** Set to indicate that ATAPI transfer semantics must be used. */
176 bool fATAPITransfer;
177
178 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
179 uint32_t cbTotalTransfer;
180 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
181 uint32_t cbElementaryTransfer;
182 /** Current read/write buffer position, shared PIO/DMA. */
183 uint32_t iIOBufferCur;
184 /** First element beyond end of valid buffer content, shared PIO/DMA. */
185 uint32_t iIOBufferEnd;
186
187 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
188 uint32_t iIOBufferPIODataStart;
189 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
190 uint32_t iIOBufferPIODataEnd;
191
192 /** ATAPI current LBA position. */
193 uint32_t iATAPILBA;
194 /** ATAPI current sector size. */
195 uint32_t cbATAPISector;
196 /** ATAPI current command. */
197 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
198 /** ATAPI sense data. */
199 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
200 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
201 uint8_t cNotifiedMediaChange;
202 /** The same for GET_EVENT_STATUS for mechanism */
203 volatile uint32_t MediaEventStatus;
204
205 /** Media type if known. */
206 volatile uint32_t MediaTrackType;
207
208 /** The status LED state for this drive. */
209 PDMLED Led;
210
211 /** Size of I/O buffer. */
212 uint32_t cbIOBuffer;
213 /** Pointer to the I/O buffer. */
214 R3PTRTYPE(uint8_t *) pbIOBufferR3;
215 /** Pointer to the I/O buffer. */
216 R0PTRTYPE(uint8_t *) pbIOBufferR0;
217 /** Pointer to the I/O buffer. */
218 RCPTRTYPE(uint8_t *) pbIOBufferRC;
219
220 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
221
222 /*
223 * No data that is part of the saved state after this point!!!!!
224 */
225
226 /* Release statistics: number of ATA DMA commands. */
227 STAMCOUNTER StatATADMA;
228 /* Release statistics: number of ATA PIO commands. */
229 STAMCOUNTER StatATAPIO;
230 /* Release statistics: number of ATAPI PIO commands. */
231 STAMCOUNTER StatATAPIDMA;
232 /* Release statistics: number of ATAPI PIO commands. */
233 STAMCOUNTER StatATAPIPIO;
234#ifdef VBOX_INSTRUMENT_DMA_WRITES
235 /* Release statistics: number of DMA sector writes and the time spent. */
236 STAMPROFILEADV StatInstrVDWrites;
237#endif
238
239 /** Statistics: number of read operations and the time spent reading. */
240 STAMPROFILEADV StatReads;
241 /** Statistics: number of bytes read. */
242 STAMCOUNTER StatBytesRead;
243 /** Statistics: number of write operations and the time spent writing. */
244 STAMPROFILEADV StatWrites;
245 /** Statistics: number of bytes written. */
246 STAMCOUNTER StatBytesWritten;
247 /** Statistics: number of flush operations and the time spend flushing. */
248 STAMPROFILE StatFlushes;
249
250 /** Mark the drive as having a non-rotational medium (i.e. as a SSD). */
251 bool fNonRotational;
252 /** Enable passing through commands directly to the ATAPI drive. */
253 bool fATAPIPassthrough;
254 /** Flag whether to overwrite inquiry data in passthrough mode. */
255 bool fOverwriteInquiry;
256 /** Number of errors we've reported to the release log.
257 * This is to prevent flooding caused by something going horribly wrong.
258 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
259 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
260 uint32_t cErrors;
261 /** Timestamp of last started command. 0 if no command pending. */
262 uint64_t u64CmdTS;
263
264 /** Pointer to the attached driver's base interface. */
265 R3PTRTYPE(PPDMIBASE) pDrvBase;
266 /** Pointer to the attached driver's block interface. */
267 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
268 /** Pointer to the attached driver's block bios interface. */
269 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
270 /** Pointer to the attached driver's mount interface.
271 * This is NULL if the driver isn't a removable unit. */
272 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
273 /** The base interface. */
274 PDMIBASE IBase;
275 /** The block port interface. */
276 PDMIBLOCKPORT IPort;
277 /** The mount notify interface. */
278 PDMIMOUNTNOTIFY IMountNotify;
279 /** The LUN #. */
280 RTUINT iLUN;
281 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
282 /** Pointer to device instance. */
283 PPDMDEVINSR3 pDevInsR3;
284 /** Pointer to controller instance. */
285 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
286 /** Pointer to device instance. */
287 PPDMDEVINSR0 pDevInsR0;
288 /** Pointer to controller instance. */
289 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
290 /** Pointer to device instance. */
291 PPDMDEVINSRC pDevInsRC;
292 /** Pointer to controller instance. */
293 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
294
295 /** The serial number to use for IDENTIFY DEVICE commands. */
296 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
297 /** The firmware revision to use for IDENTIFY DEVICE commands. */
298 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
299 /** The model number to use for IDENTIFY DEVICE commands. */
300 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
301 /** The vendor identification string for SCSI INQUIRY commands. */
302 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
303 /** The product identification string for SCSI INQUIRY commands. */
304 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
305 /** The revision string for SCSI INQUIRY commands. */
306 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
307 /** Size of the current CUE sheet in bytes. */
308 uint32_t cbCueSheet;
309 /** Align pbCueSheet correctly. */
310 uint32_t u32Alignment3;
311 /** The current CUE Sheet if passthrough is used. */
312 R3PTRTYPE(uint8_t *) pbCueSheet;
313
314 uint8_t abAlignment4[HC_ARCH_BITS == 64 ? 7 : 3];
315} ATADevState;
316AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
317AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
318AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
319AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
320AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
321AssertCompileSizeAlignment(ATADevState, 8);
322
323
324typedef struct ATATransferRequest
325{
326 uint8_t iIf;
327 uint8_t iBeginTransfer;
328 uint8_t iSourceSink;
329 uint32_t cbTotalTransfer;
330 uint8_t uTxDir;
331} ATATransferRequest;
332
333
334typedef struct ATAAbortRequest
335{
336 uint8_t iIf;
337 bool fResetDrive;
338} ATAAbortRequest;
339
340
341typedef enum
342{
343 /** Begin a new transfer. */
344 ATA_AIO_NEW = 0,
345 /** Continue a DMA transfer. */
346 ATA_AIO_DMA,
347 /** Continue a PIO transfer. */
348 ATA_AIO_PIO,
349 /** Reset the drives on current controller, stop all transfer activity. */
350 ATA_AIO_RESET_ASSERTED,
351 /** Reset the drives on current controller, resume operation. */
352 ATA_AIO_RESET_CLEARED,
353 /** Abort the current transfer of a particular drive. */
354 ATA_AIO_ABORT
355} ATAAIO;
356
357
358typedef struct ATARequest
359{
360 ATAAIO ReqType;
361 union
362 {
363 ATATransferRequest t;
364 ATAAbortRequest a;
365 } u;
366} ATARequest;
367
368
369typedef struct ATACONTROLLER
370{
371 /** The base of the first I/O Port range. */
372 RTIOPORT IOPortBase1;
373 /** The base of the second I/O Port range. (0 if none) */
374 RTIOPORT IOPortBase2;
375 /** The assigned IRQ. */
376 RTUINT irq;
377 /** Access critical section */
378 PDMCRITSECT lock;
379
380 /** Selected drive. */
381 uint8_t iSelectedIf;
382 /** The interface on which to handle async I/O. */
383 uint8_t iAIOIf;
384 /** The state of the async I/O thread. */
385 uint8_t uAsyncIOState;
386 /** Flag indicating whether the next transfer is part of the current command. */
387 bool fChainedTransfer;
388 /** Set when the reset processing is currently active on this controller. */
389 bool fReset;
390 /** Flag whether the current transfer needs to be redone. */
391 bool fRedo;
392 /** Flag whether the redo suspend has been finished. */
393 bool fRedoIdle;
394 /** Flag whether the DMA operation to be redone is the final transfer. */
395 bool fRedoDMALastDesc;
396 /** The BusMaster DMA state. */
397 BMDMAState BmDma;
398 /** Pointer to first DMA descriptor. */
399 RTGCPHYS32 pFirstDMADesc;
400 /** Pointer to last DMA descriptor. */
401 RTGCPHYS32 pLastDMADesc;
402 /** Pointer to current DMA buffer (for redo operations). */
403 RTGCPHYS32 pRedoDMABuffer;
404 /** Size of current DMA buffer (for redo operations). */
405 uint32_t cbRedoDMABuffer;
406
407 /** The ATA/ATAPI interfaces of this controller. */
408 ATADevState aIfs[2];
409
410 /** Pointer to device instance. */
411 PPDMDEVINSR3 pDevInsR3;
412 /** Pointer to device instance. */
413 PPDMDEVINSR0 pDevInsR0;
414 /** Pointer to device instance. */
415 PPDMDEVINSRC pDevInsRC;
416
417 /** Set when the destroying the device instance and the thread must exit. */
418 uint32_t volatile fShutdown;
419 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
420 RTTHREAD AsyncIOThread;
421 /** The event semaphore the thread is waiting on for requests. */
422 RTSEMEVENT AsyncIOSem;
423 /** The request queue for the AIO thread. One element is always unused. */
424 ATARequest aAsyncIORequests[4];
425 /** The position at which to insert a new request for the AIO thread. */
426 volatile uint8_t AsyncIOReqHead;
427 /** The position at which to get a new request for the AIO thread. */
428 volatile uint8_t AsyncIOReqTail;
429 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
430 bool volatile fSignalIdle;
431 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
432 /** Magic delay before triggering interrupts in DMA mode. */
433 uint32_t DelayIRQMillies;
434 /** The mutex protecting the request queue. */
435 RTSEMMUTEX AsyncIORequestMutex;
436 /** The event semaphore the thread is waiting on during suspended I/O. */
437 RTSEMEVENT SuspendIOSem;
438#if 0 /*HC_ARCH_BITS == 32*/
439 uint32_t Alignment0;
440#endif
441
442 /** Timestamp we started the reset. */
443 uint64_t u64ResetTime;
444
445 /* Statistics */
446 STAMCOUNTER StatAsyncOps;
447 uint64_t StatAsyncMinWait;
448 uint64_t StatAsyncMaxWait;
449 STAMCOUNTER StatAsyncTimeUS;
450 STAMPROFILEADV StatAsyncTime;
451 STAMPROFILE StatLockWait;
452} ATACONTROLLER, *PATACONTROLLER;
453AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
456AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
457
458typedef enum CHIPSET
459{
460 /** PIIX3 chipset, must be 0 for saved state compatibility */
461 CHIPSET_PIIX3 = 0,
462 /** PIIX4 chipset, must be 1 for saved state compatibility */
463 CHIPSET_PIIX4 = 1,
464 /** ICH6 chipset */
465 CHIPSET_ICH6 = 2
466} CHIPSET;
467
468/**
469 * The state of the ATA PCI device.
470 *
471 * @extends PCIDEVICE
472 * @implements PDMILEDPORTS
473 */
474typedef struct PCIATAState
475{
476 PCIDEVICE dev;
477 /** The controllers. */
478 ATACONTROLLER aCts[2];
479 /** Pointer to device instance. */
480 PPDMDEVINSR3 pDevIns;
481 /** Status LUN: Base interface. */
482 PDMIBASE IBase;
483 /** Status LUN: Leds interface. */
484 PDMILEDPORTS ILeds;
485 /** Status LUN: Partner of ILeds. */
486 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
487 /** Status LUN: Media Notify. */
488 R3PTRTYPE(PPDMIMEDIANOTIFY) pMediaNotify;
489 /** Flag whether GC is enabled. */
490 bool fGCEnabled;
491 /** Flag whether R0 is enabled. */
492 bool fR0Enabled;
493 /** Flag indicating chipset being emulated. */
494 uint8_t u8Type;
495 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
496} PCIATAState;
497
498#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
499#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
500#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
501#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
502#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
503#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
504
505#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
506
507#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
508#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
509#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
510#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
511#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
512
513#ifndef VBOX_DEVICE_STRUCT_TESTCASE
514/*******************************************************************************
515 * Internal Functions *
516 ******************************************************************************/
517RT_C_DECLS_BEGIN
518PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
521PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
522PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
523PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
524PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
525PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
526RT_C_DECLS_END
527
528
529
530DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
531{
532 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
533
534 /* Freeze status register contents while processing RESET. */
535 if (!pCtl->fReset)
536 {
537 s->uATARegStatus = stat;
538 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
539 }
540}
541
542
543DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
544{
545 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
546
547 /* Freeze status register contents while processing RESET. */
548 if (!pCtl->fReset)
549 {
550 s->uATARegStatus |= stat;
551 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
552 }
553}
554
555
556DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
557{
558 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
559
560 /* Freeze status register contents while processing RESET. */
561 if (!pCtl->fReset)
562 {
563 s->uATARegStatus &= ~stat;
564 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
565 }
566}
567
568#ifdef IN_RING3
569
570typedef void (*PBeginTransferFunc)(ATADevState *);
571typedef bool (*PSourceSinkFunc)(ATADevState *);
572
573static void ataReadWriteSectorsBT(ATADevState *);
574static void ataPacketBT(ATADevState *);
575static void atapiCmdBT(ATADevState *);
576static void atapiPassthroughCmdBT(ATADevState *);
577
578static bool ataIdentifySS(ATADevState *);
579static bool ataFlushSS(ATADevState *);
580static bool ataReadSectorsSS(ATADevState *);
581static bool ataWriteSectorsSS(ATADevState *);
582static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
583static bool ataTrimSS(ATADevState *);
584static bool ataPacketSS(ATADevState *);
585static bool atapiGetConfigurationSS(ATADevState *);
586static bool atapiGetEventStatusNotificationSS(ATADevState *);
587static bool atapiIdentifySS(ATADevState *);
588static bool atapiInquirySS(ATADevState *);
589static bool atapiMechanismStatusSS(ATADevState *);
590static bool atapiModeSenseErrorRecoverySS(ATADevState *);
591static bool atapiModeSenseCDStatusSS(ATADevState *);
592static bool atapiReadSS(ATADevState *);
593static bool atapiReadCapacitySS(ATADevState *);
594static bool atapiReadDiscInformationSS(ATADevState *);
595static bool atapiReadTOCNormalSS(ATADevState *);
596static bool atapiReadTOCMultiSS(ATADevState *);
597static bool atapiReadTOCRawSS(ATADevState *);
598static bool atapiReadTrackInformationSS(ATADevState *);
599static bool atapiRequestSenseSS(ATADevState *);
600static bool atapiPassthroughSS(ATADevState *);
601static bool atapiReadDVDStructureSS(ATADevState *);
602
603/**
604 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
605 */
606typedef enum ATAFNBT
607{
608 ATAFN_BT_NULL = 0,
609 ATAFN_BT_READ_WRITE_SECTORS,
610 ATAFN_BT_PACKET,
611 ATAFN_BT_ATAPI_CMD,
612 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
613 ATAFN_BT_MAX
614} ATAFNBT;
615
616/**
617 * Array of end transfer functions, the index is ATAFNET.
618 * Make sure ATAFNET and this array match!
619 */
620static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
621{
622 NULL,
623 ataReadWriteSectorsBT,
624 ataPacketBT,
625 atapiCmdBT,
626 atapiPassthroughCmdBT,
627};
628
629/**
630 * Source/sink function indexes for g_apfnSourceSinkFuncs.
631 */
632typedef enum ATAFNSS
633{
634 ATAFN_SS_NULL = 0,
635 ATAFN_SS_IDENTIFY,
636 ATAFN_SS_FLUSH,
637 ATAFN_SS_READ_SECTORS,
638 ATAFN_SS_WRITE_SECTORS,
639 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
640 ATAFN_SS_TRIM,
641 ATAFN_SS_PACKET,
642 ATAFN_SS_ATAPI_GET_CONFIGURATION,
643 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
644 ATAFN_SS_ATAPI_IDENTIFY,
645 ATAFN_SS_ATAPI_INQUIRY,
646 ATAFN_SS_ATAPI_MECHANISM_STATUS,
647 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
648 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
649 ATAFN_SS_ATAPI_READ,
650 ATAFN_SS_ATAPI_READ_CAPACITY,
651 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
652 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
653 ATAFN_SS_ATAPI_READ_TOC_MULTI,
654 ATAFN_SS_ATAPI_READ_TOC_RAW,
655 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
656 ATAFN_SS_ATAPI_REQUEST_SENSE,
657 ATAFN_SS_ATAPI_PASSTHROUGH,
658 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
659 ATAFN_SS_MAX
660} ATAFNSS;
661
662/**
663 * Array of source/sink functions, the index is ATAFNSS.
664 * Make sure ATAFNSS and this array match!
665 */
666static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
667{
668 NULL,
669 ataIdentifySS,
670 ataFlushSS,
671 ataReadSectorsSS,
672 ataWriteSectorsSS,
673 ataExecuteDeviceDiagnosticSS,
674 ataTrimSS,
675 ataPacketSS,
676 atapiGetConfigurationSS,
677 atapiGetEventStatusNotificationSS,
678 atapiIdentifySS,
679 atapiInquirySS,
680 atapiMechanismStatusSS,
681 atapiModeSenseErrorRecoverySS,
682 atapiModeSenseCDStatusSS,
683 atapiReadSS,
684 atapiReadCapacitySS,
685 atapiReadDiscInformationSS,
686 atapiReadTOCNormalSS,
687 atapiReadTOCMultiSS,
688 atapiReadTOCRawSS,
689 atapiReadTrackInformationSS,
690 atapiRequestSenseSS,
691 atapiPassthroughSS,
692 atapiReadDVDStructureSS
693};
694
695
696static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
697static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
698static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
699static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
700
701static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
702{
703 int rc;
704
705 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
706 AssertRC(rc);
707 pCtl->AsyncIOReqHead = 0;
708 pCtl->AsyncIOReqTail = 0;
709 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
710 AssertRC(rc);
711}
712
713
714static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
715{
716 int rc;
717
718 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
719 AssertRC(rc);
720 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
721 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
722 pCtl->AsyncIOReqHead++;
723 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
724 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
725 AssertRC(rc);
726 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
727 if (RT_FAILURE(rc))
728 {
729 rc = RTSemEventSignal(pCtl->AsyncIOSem);
730 AssertRC(rc);
731 }
732}
733
734
735static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
736{
737 int rc;
738 const ATARequest *pReq;
739
740 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
741 AssertRC(rc);
742 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
743 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
744 else
745 pReq = NULL;
746 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
747 AssertRC(rc);
748 return pReq;
749}
750
751
752/**
753 * Remove the request with the given type, as it's finished. The request
754 * is not removed blindly, as this could mean a RESET request that is not
755 * yet processed (but has cleared the request queue) is lost.
756 *
757 * @param pCtl Controller for which to remove the request.
758 * @param ReqType Type of the request to remove.
759 */
760static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
761{
762 int rc;
763
764 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
765 AssertRC(rc);
766 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
767 {
768 pCtl->AsyncIOReqTail++;
769 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
770 }
771 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
772 AssertRC(rc);
773}
774
775
776/**
777 * Dump the request queue for a particular controller. First dump the queue
778 * contents, then the already processed entries, as long as they haven't been
779 * overwritten.
780 *
781 * @param pCtl Controller for which to dump the queue.
782 */
783static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
784{
785 int rc;
786 uint8_t curr;
787
788 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
789 AssertRC(rc);
790 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
791 curr = pCtl->AsyncIOReqTail;
792 do
793 {
794 if (curr == pCtl->AsyncIOReqHead)
795 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
796 switch (pCtl->aAsyncIORequests[curr].ReqType)
797 {
798 case ATA_AIO_NEW:
799 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
800 break;
801 case ATA_AIO_DMA:
802 LogRel(("dma transfer continuation\n"));
803 break;
804 case ATA_AIO_PIO:
805 LogRel(("pio transfer continuation\n"));
806 break;
807 case ATA_AIO_RESET_ASSERTED:
808 LogRel(("reset asserted request\n"));
809 break;
810 case ATA_AIO_RESET_CLEARED:
811 LogRel(("reset cleared request\n"));
812 break;
813 case ATA_AIO_ABORT:
814 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
815 break;
816 default:
817 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
818 }
819 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
820 } while (curr != pCtl->AsyncIOReqTail);
821 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
822 AssertRC(rc);
823}
824
825
826/**
827 * Checks whether the request queue for a particular controller is empty
828 * or whether a particular controller is idle.
829 *
830 * @param pCtl Controller for which to check the queue.
831 * @param fStrict If set then the controller is checked to be idle.
832 */
833static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
834{
835 int rc;
836 bool fIdle;
837
838 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
839 AssertRC(rc);
840 fIdle = pCtl->fRedoIdle;
841 if (!fIdle)
842 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
843 if (fStrict)
844 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
845 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
846 AssertRC(rc);
847 return fIdle;
848}
849
850
851/**
852 * Send a transfer request to the async I/O thread.
853 *
854 * @param s Pointer to the ATA device state data.
855 * @param cbTotalTransfer Data transfer size.
856 * @param uTxDir Data transfer direction.
857 * @param iBeginTransfer Index of BeginTransfer callback.
858 * @param iSourceSink Index of SourceSink callback.
859 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
860 */
861static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
862{
863 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
864 ATARequest Req;
865
866 Assert(PDMCritSectIsOwner(&pCtl->lock));
867
868 /* Do not issue new requests while the RESET line is asserted. */
869 if (pCtl->fReset)
870 {
871 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
872 return;
873 }
874
875 /* If the controller is already doing something else right now, ignore
876 * the command that is being submitted. Some broken guests issue commands
877 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
878 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
879 {
880 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
881 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
882 return;
883 }
884
885 Req.ReqType = ATA_AIO_NEW;
886 if (fChainedTransfer)
887 Req.u.t.iIf = pCtl->iAIOIf;
888 else
889 Req.u.t.iIf = pCtl->iSelectedIf;
890 Req.u.t.cbTotalTransfer = cbTotalTransfer;
891 Req.u.t.uTxDir = uTxDir;
892 Req.u.t.iBeginTransfer = iBeginTransfer;
893 Req.u.t.iSourceSink = iSourceSink;
894 ataSetStatusValue(s, ATA_STAT_BUSY);
895 pCtl->fChainedTransfer = fChainedTransfer;
896
897 /*
898 * Kick the worker thread into action.
899 */
900 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
901 ataAsyncIOPutRequest(pCtl, &Req);
902}
903
904
905/**
906 * Send an abort command request to the async I/O thread.
907 *
908 * @param s Pointer to the ATA device state data.
909 * @param fResetDrive Whether to reset the drive or just abort a command.
910 */
911static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
912{
913 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
914 ATARequest Req;
915
916 Assert(PDMCritSectIsOwner(&pCtl->lock));
917
918 /* Do not issue new requests while the RESET line is asserted. */
919 if (pCtl->fReset)
920 {
921 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
922 return;
923 }
924
925 Req.ReqType = ATA_AIO_ABORT;
926 Req.u.a.iIf = pCtl->iSelectedIf;
927 Req.u.a.fResetDrive = fResetDrive;
928 ataSetStatus(s, ATA_STAT_BUSY);
929 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
930 ataAsyncIOPutRequest(pCtl, &Req);
931}
932
933
934static void ataSetIRQ(ATADevState *s)
935{
936 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
937 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
938
939 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
940 {
941 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
942 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
943 * line is asserted. It monitors the line for a rising edge. */
944 if (!s->fIrqPending)
945 pCtl->BmDma.u8Status |= BM_STATUS_INT;
946 /* Only actually set the IRQ line if updating the currently selected drive. */
947 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
948 {
949 /** @todo experiment with adaptive IRQ delivery: for reads it is
950 * better to wait for IRQ delivery, as it reduces latency. */
951 if (pCtl->irq == 16)
952 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
953 else
954 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
955 }
956 }
957 s->fIrqPending = true;
958}
959
960#endif /* IN_RING3 */
961
962static void ataUnsetIRQ(ATADevState *s)
963{
964 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
965 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
966
967 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
968 {
969 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
970 /* Only actually unset the IRQ line if updating the currently selected drive. */
971 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
972 {
973 if (pCtl->irq == 16)
974 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
975 else
976 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
977 }
978 }
979 s->fIrqPending = false;
980}
981
982#ifdef IN_RING3
983
984static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
985{
986 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
987 s->iIOBufferPIODataStart = start;
988 s->iIOBufferPIODataEnd = start + size;
989 ataSetStatus(s, ATA_STAT_DRQ | ATA_STAT_SEEK);
990}
991
992
993static void ataPIOTransferStop(ATADevState *s)
994{
995 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
996 if (s->fATAPITransfer)
997 {
998 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
999 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1000 ataSetIRQ(s);
1001 s->fATAPITransfer = false;
1002 }
1003 s->cbTotalTransfer = 0;
1004 s->cbElementaryTransfer = 0;
1005 s->iIOBufferPIODataStart = 0;
1006 s->iIOBufferPIODataEnd = 0;
1007 s->iBeginTransfer = ATAFN_BT_NULL;
1008 s->iSourceSink = ATAFN_SS_NULL;
1009}
1010
1011
1012static void ataPIOTransferLimitATAPI(ATADevState *s)
1013{
1014 uint32_t cbLimit, cbTransfer;
1015
1016 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1017 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1018 if (cbLimit == 0)
1019 cbLimit = 0xfffe;
1020 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1021 if (cbLimit == 0xffff)
1022 cbLimit--;
1023 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1024 if (cbTransfer > cbLimit)
1025 {
1026 /* Byte count limit for clipping must be even in this case */
1027 if (cbLimit & 1)
1028 cbLimit--;
1029 cbTransfer = cbLimit;
1030 }
1031 s->uATARegLCyl = cbTransfer;
1032 s->uATARegHCyl = cbTransfer >> 8;
1033 s->cbElementaryTransfer = cbTransfer;
1034}
1035
1036
1037static uint32_t ataGetNSectors(ATADevState *s)
1038{
1039 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1040 if (s->fLBA48)
1041 {
1042 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1043 return 65536;
1044 else
1045 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1046 }
1047 else
1048 {
1049 if (!s->uATARegNSector)
1050 return 256;
1051 else
1052 return s->uATARegNSector;
1053 }
1054}
1055
1056
1057static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1058{
1059 for (uint32_t i = 0; i < cbSize; i++)
1060 {
1061 if (*pbSrc)
1062 pbDst[i ^ 1] = *pbSrc++;
1063 else
1064 pbDst[i ^ 1] = ' ';
1065 }
1066}
1067
1068
1069static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1070{
1071 for (uint32_t i = 0; i < cbSize; i++)
1072 {
1073 if (*pbSrc)
1074 pbDst[i] = *pbSrc++;
1075 else
1076 pbDst[i] = ' ';
1077 }
1078}
1079
1080
1081DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1082{
1083 pbBuf[0] = val >> 8;
1084 pbBuf[1] = val;
1085}
1086
1087
1088DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1089{
1090 pbBuf[0] = val >> 16;
1091 pbBuf[1] = val >> 8;
1092 pbBuf[2] = val;
1093}
1094
1095
1096DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1097{
1098 pbBuf[0] = val >> 24;
1099 pbBuf[1] = val >> 16;
1100 pbBuf[2] = val >> 8;
1101 pbBuf[3] = val;
1102}
1103
1104
1105DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 8) | pbBuf[1];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1114}
1115
1116
1117DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1118{
1119 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1120}
1121
1122
1123DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1124{
1125 iATAPILBA += 150;
1126 pbBuf[0] = (iATAPILBA / 75) / 60;
1127 pbBuf[1] = (iATAPILBA / 75) % 60;
1128 pbBuf[2] = iATAPILBA % 75;
1129}
1130
1131
1132DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1133{
1134 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1135}
1136
1137/**
1138 * Compares two MSF values.
1139 *
1140 * @returns 1 if the first value is greater than the second value.
1141 * 0 if both are equal
1142 * -1 if the first value is smaller than the second value.
1143 */
1144DECLINLINE(int) atapiCmpMSF(const uint8_t *pbMSF1, const uint8_t *pbMSF2)
1145{
1146 int iRes = 0;
1147
1148 for (unsigned i = 0; i < 3; i++)
1149 {
1150 if (pbMSF1[i] < pbMSF2[i])
1151 {
1152 iRes = -1;
1153 break;
1154 }
1155 else if (pbMSF1[i] > pbMSF2[i])
1156 {
1157 iRes = 1;
1158 break;
1159 }
1160 }
1161
1162 return iRes;
1163}
1164
1165/**
1166 * Return the correct sector size from the given LBA.
1167 *
1168 * @returns Sector size.
1169 * @param s ATA Device state.
1170 * @param iATAPILBA The LBA.
1171 */
1172static size_t atapiGetSectorSizeFromLba(ATADevState *s, uint32_t iATAPILBA)
1173{
1174 size_t cbATAPISector = 2048;
1175
1176 /*
1177 * Check if there is a valid CUE Sheet we can use,
1178 * otherwise we just return the standard sector size.
1179 */
1180 if (s->pbCueSheet)
1181 {
1182 uint8_t *pbCueSheetEntry = NULL;
1183 uint8_t iMSF[3];
1184
1185 /*
1186 * Convert the LBA to the MSF format so we can look it up in the cue sheet.
1187 * Note that it is possible to have negative LBA values for the Lead-In area.
1188 * See MMC6 spec chapter 6.46.3.3 for more details.
1189 */
1190 LogFlowFunc(("iATAPILBA=%#x (signed: %d unsigned: %u)\n",
1191 iATAPILBA, (int32_t)iATAPILBA, iATAPILBA));
1192
1193 if ( iATAPILBA > UINT32_C(0xffff4fa1)
1194 && (int32_t)iATAPILBA < -150)
1195 {
1196 /* Lead-In area, this is always the first entry in the cue sheet. */
1197 pbCueSheetEntry = s->pbCueSheet;
1198 LogFlowFunc(("Selected Lead-In area\n"));
1199 }
1200 else
1201 {
1202 iATAPILBA += 150;
1203 iMSF[0] = (iATAPILBA / 75) / 60;
1204 iMSF[1] = (iATAPILBA / 75) % 60;
1205 iMSF[2] = iATAPILBA % 75;
1206
1207 pbCueSheetEntry = s->pbCueSheet + 8; /* Start after the Lead-in track. */
1208
1209 /* Go through the CUE sheet and find the correct entry. */
1210 for (unsigned i = 0; i < (s->cbCueSheet / 8) - 2; i++)
1211 {
1212 if ( atapiCmpMSF(&pbCueSheetEntry[5], iMSF) != 1
1213 && atapiCmpMSF(&pbCueSheetEntry[8+5], iMSF) == 1)
1214 break;
1215 pbCueSheetEntry += 8;
1216 }
1217 LogFlowFunc(("Selected CUE sheet entry iMin=%u iSec=%u iFrame=%u\n",
1218 pbCueSheetEntry[5], pbCueSheetEntry[6], pbCueSheetEntry[7]));
1219 }
1220
1221 if (pbCueSheetEntry)
1222 {
1223 /* Determine size of main data based on the data form field. */
1224 switch (pbCueSheetEntry[3] & 0x3f)
1225 {
1226 case 0x00: /* CD-DA with data. */
1227 case 0x11: /* CD-ROM mode 1 */
1228 case 0x13:
1229 case 0x21: /* CD-ROM XA, CD-I */
1230 case 0x23:
1231 case 0x31: /* CD-ROM Mode 2 */
1232 case 0x33:
1233 cbATAPISector = 2352;
1234 break;
1235 case 0x01: /* CD-DA without data (used for pauses between tracks). */
1236 case 0x14:
1237 case 0x24:
1238 case 0x34:
1239 cbATAPISector = 0;
1240 break;
1241 case 0x10: /* CD-ROM mode 1 */
1242 case 0x12:
1243 cbATAPISector = 2048;
1244 break;
1245 case 0x20: /* CD-ROM XA, CD-I */
1246 case 0x22:
1247 case 0x30: /* CD-ROM Mode 2 */
1248 case 0x32:
1249 cbATAPISector = 2336;
1250 break;
1251 default: /* Reserved, invalid mode. Log and leave default sector size. */
1252 LogRel(("ATA: Invalid data form mode %u for current CUE sheet\n",
1253 pbCueSheetEntry[3] & 0x3f));
1254 }
1255
1256 /* Determine size of sub channel data based on data form field. */
1257 switch ((pbCueSheetEntry[3] & 0xc0) >> 6)
1258 {
1259 case 0x00: /* Sub channel all zeroes, autogenerated by the drive. */
1260 break;
1261 case 0x01:
1262 case 0x03:
1263 cbATAPISector += 96;
1264 break;
1265 default:
1266 LogRel(("ATA: Invalid sub-channel data form mode %u for current CUE sheet\n",
1267 pbCueSheetEntry[3] & 0xc0));
1268 }
1269 }
1270 }
1271
1272 LogFlowFunc(("cbATAPISector=%zu\n", cbATAPISector));
1273 return cbATAPISector;
1274}
1275
1276static void ataCmdOK(ATADevState *s, uint8_t status)
1277{
1278 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1279 ataSetStatusValue(s, ATA_STAT_READY | status);
1280}
1281
1282
1283static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1284{
1285 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1286 Assert(uErrorCode);
1287 s->uATARegError = uErrorCode;
1288 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1289 s->cbTotalTransfer = 0;
1290 s->cbElementaryTransfer = 0;
1291 s->iIOBufferCur = 0;
1292 s->iIOBufferEnd = 0;
1293 s->uTxDir = PDMBLOCKTXDIR_NONE;
1294 s->iBeginTransfer = ATAFN_BT_NULL;
1295 s->iSourceSink = ATAFN_SS_NULL;
1296}
1297
1298static uint32_t ataChecksum(void* ptr, size_t count)
1299{
1300 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1301 size_t i;
1302
1303 for (i = 0; i < count; i++)
1304 {
1305 u8Sum += *p++;
1306 }
1307
1308 return (uint8_t)-(int32_t)u8Sum;
1309}
1310
1311static bool ataIdentifySS(ATADevState *s)
1312{
1313 uint16_t *p;
1314
1315 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1316 Assert(s->cbElementaryTransfer == 512);
1317
1318 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1319 memset(p, 0, 512);
1320 p[0] = RT_H2LE_U16(0x0040);
1321 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1322 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1323 /* Block size; obsolete, but required for the BIOS. */
1324 p[5] = RT_H2LE_U16(512);
1325 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1326 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1327 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1328 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1329 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1330 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1331 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1332#if ATA_MAX_MULT_SECTORS > 1
1333 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1334#endif
1335 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1336 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1337 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1338 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1339 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1340 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1341 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1342 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1343 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1344 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1345 * s->PCHSGeometry.cHeads
1346 * s->PCHSGeometry.cSectors);
1347 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1348 * s->PCHSGeometry.cHeads
1349 * s->PCHSGeometry.cSectors >> 16);
1350 if (s->cMultSectors)
1351 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1352 if (s->cTotalSectors <= (1 << 28) - 1)
1353 {
1354 p[60] = RT_H2LE_U16(s->cTotalSectors);
1355 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1356 }
1357 else
1358 {
1359 /* Report maximum number of sectors possible with LBA28 */
1360 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1361 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1362 }
1363 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1364 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1365 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1366 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1367 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1368 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1369 if (s->pDrvBlock->pfnDiscard)
1370 {
1371 p[80] = RT_H2LE_U16(0x1f0); /* support everything up to ATA/ATAPI-8 ACS */
1372 p[81] = RT_H2LE_U16(0x28); /* conforms to ATA/ATAPI-8 ACS */
1373 }
1374 else
1375 {
1376 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1377 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1378 }
1379 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1380 if (s->cTotalSectors <= (1 << 28) - 1)
1381 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1382 else
1383 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1384 p[84] = RT_H2LE_U16(1 << 14);
1385 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1386 if (s->cTotalSectors <= (1 << 28) - 1)
1387 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1388 else
1389 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1390 p[87] = RT_H2LE_U16(1 << 14);
1391 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1392 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1393 if (s->cTotalSectors > (1 << 28) - 1)
1394 {
1395 p[100] = RT_H2LE_U16(s->cTotalSectors);
1396 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1397 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1398 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1399 }
1400 if (s->pDrvBlock->pfnDiscard) /** @todo: Set bit 14 in word 69 too? (Deterministic read after TRIM). */
1401 p[169] = RT_H2LE_U16(1); /* DATA SET MANAGEMENT command supported. */
1402 if (s->fNonRotational)
1403 p[217] = RT_H2LE_U16(1); /* Non-rotational medium */
1404 uint32_t uCsum = ataChecksum(p, 510);
1405 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1406 s->iSourceSink = ATAFN_SS_NULL;
1407 ataCmdOK(s, ATA_STAT_SEEK);
1408 return false;
1409}
1410
1411
1412static bool ataFlushSS(ATADevState *s)
1413{
1414 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1415 int rc;
1416
1417 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1418 Assert(!s->cbElementaryTransfer);
1419
1420 PDMCritSectLeave(&pCtl->lock);
1421
1422 STAM_PROFILE_START(&s->StatFlushes, f);
1423 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1424 AssertRC(rc);
1425 STAM_PROFILE_STOP(&s->StatFlushes, f);
1426
1427 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1428 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1429 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1430 ataCmdOK(s, 0);
1431 return false;
1432}
1433
1434static bool atapiIdentifySS(ATADevState *s)
1435{
1436 uint16_t *p;
1437
1438 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1439 Assert(s->cbElementaryTransfer == 512);
1440
1441 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1442 memset(p, 0, 512);
1443 /* Removable CDROM, 50us response, 12 byte packets */
1444 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1445 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1446 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1447 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1448 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1449 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1450 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1451 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1452 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1453 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1454 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1455 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1456 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1457 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1458 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1459 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1460 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1461 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1462 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1463 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1464 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1465 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1466 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1467 p[83] = RT_H2LE_U16(1 << 14);
1468 p[84] = RT_H2LE_U16(1 << 14);
1469 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1470 p[86] = RT_H2LE_U16(0);
1471 p[87] = RT_H2LE_U16(1 << 14);
1472 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1473 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1474 /* According to ATAPI-5 spec:
1475 *
1476 * The use of this word is optional.
1477 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1478 * contain the data
1479 * structure checksum.
1480 * The data structure checksum is the twos complement of the sum of
1481 * all bytes in words 0 through 254 and the byte consisting of
1482 * bits 7:0 in word 255.
1483 * Each byte shall be added with unsigned arithmetic,
1484 * and overflow shall be ignored.
1485 * The sum of all 512 bytes is zero when the checksum is correct.
1486 */
1487 uint32_t uCsum = ataChecksum(p, 510);
1488 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1489
1490 s->iSourceSink = ATAFN_SS_NULL;
1491 ataCmdOK(s, ATA_STAT_SEEK);
1492 return false;
1493}
1494
1495
1496static void ataSetSignature(ATADevState *s)
1497{
1498 s->uATARegSelect &= 0xf0; /* clear head */
1499 /* put signature */
1500 s->uATARegNSector = 1;
1501 s->uATARegSector = 1;
1502 if (s->fATAPI)
1503 {
1504 s->uATARegLCyl = 0x14;
1505 s->uATARegHCyl = 0xeb;
1506 }
1507 else if (s->pDrvBlock)
1508 {
1509 s->uATARegLCyl = 0;
1510 s->uATARegHCyl = 0;
1511 }
1512 else
1513 {
1514 s->uATARegLCyl = 0xff;
1515 s->uATARegHCyl = 0xff;
1516 }
1517}
1518
1519
1520static uint64_t ataGetSector(ATADevState *s)
1521{
1522 uint64_t iLBA;
1523 if (s->uATARegSelect & 0x40)
1524 {
1525 /* any LBA variant */
1526 if (s->fLBA48)
1527 {
1528 /* LBA48 */
1529 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1530 ((uint64_t)s->uATARegLCylHOB << 32) |
1531 ((uint64_t)s->uATARegSectorHOB << 24) |
1532 ((uint64_t)s->uATARegHCyl << 16) |
1533 ((uint64_t)s->uATARegLCyl << 8) |
1534 s->uATARegSector;
1535 }
1536 else
1537 {
1538 /* LBA */
1539 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1540 (s->uATARegLCyl << 8) | s->uATARegSector;
1541 }
1542 }
1543 else
1544 {
1545 /* CHS */
1546 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1547 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1548 (s->uATARegSector - 1);
1549 }
1550 return iLBA;
1551}
1552
1553static void ataSetSector(ATADevState *s, uint64_t iLBA)
1554{
1555 uint32_t cyl, r;
1556 if (s->uATARegSelect & 0x40)
1557 {
1558 /* any LBA variant */
1559 if (s->fLBA48)
1560 {
1561 /* LBA48 */
1562 s->uATARegHCylHOB = iLBA >> 40;
1563 s->uATARegLCylHOB = iLBA >> 32;
1564 s->uATARegSectorHOB = iLBA >> 24;
1565 s->uATARegHCyl = iLBA >> 16;
1566 s->uATARegLCyl = iLBA >> 8;
1567 s->uATARegSector = iLBA;
1568 }
1569 else
1570 {
1571 /* LBA */
1572 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1573 s->uATARegHCyl = (iLBA >> 16);
1574 s->uATARegLCyl = (iLBA >> 8);
1575 s->uATARegSector = (iLBA);
1576 }
1577 }
1578 else
1579 {
1580 /* CHS */
1581 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1582 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1583 s->uATARegHCyl = cyl >> 8;
1584 s->uATARegLCyl = cyl;
1585 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1586 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1587 }
1588}
1589
1590
1591static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1592{
1593 int rc;
1594 LogRel(("PIIX3 ATA: Host disk full\n"));
1595 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1596 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1597 AssertRC(rc);
1598}
1599
1600static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1601{
1602 int rc;
1603 LogRel(("PIIX3 ATA: File too big\n"));
1604 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1605 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1606 AssertRC(rc);
1607}
1608
1609static void ataWarningISCSI(PPDMDEVINS pDevIns)
1610{
1611 int rc;
1612 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1613 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1614 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1615 AssertRC(rc);
1616}
1617
1618static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1619{
1620 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1621 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1622 if (rc == VERR_DISK_FULL)
1623 {
1624 pCtl->fRedoIdle = true;
1625 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1626 return true;
1627 }
1628 if (rc == VERR_FILE_TOO_BIG)
1629 {
1630 pCtl->fRedoIdle = true;
1631 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1632 return true;
1633 }
1634 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1635 {
1636 pCtl->fRedoIdle = true;
1637 /* iSCSI connection abort (first error) or failure to reestablish
1638 * connection (second error). Pause VM. On resume we'll retry. */
1639 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1640 return true;
1641 }
1642 return false;
1643}
1644
1645
1646static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1647 uint32_t cSectors, bool *pfRedo)
1648{
1649 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1650 int rc;
1651
1652 PDMCritSectLeave(&pCtl->lock);
1653
1654 STAM_PROFILE_ADV_START(&s->StatReads, r);
1655 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1656 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1657 s->Led.Actual.s.fReading = 0;
1658 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1659
1660 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1661
1662 if (RT_SUCCESS(rc))
1663 *pfRedo = false;
1664 else
1665 *pfRedo = ataIsRedoSetWarning(s, rc);
1666
1667 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1668 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1669 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1670 return rc;
1671}
1672
1673
1674static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1675 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1676{
1677 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1678 int rc;
1679
1680 PDMCritSectLeave(&pCtl->lock);
1681
1682 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1683 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1684#ifdef VBOX_INSTRUMENT_DMA_WRITES
1685 if (s->fDMA)
1686 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1687#endif
1688 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1689#ifdef VBOX_INSTRUMENT_DMA_WRITES
1690 if (s->fDMA)
1691 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1692#endif
1693 s->Led.Actual.s.fWriting = 0;
1694 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1695
1696 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1697
1698 if (RT_SUCCESS(rc))
1699 *pfRedo = false;
1700 else
1701 *pfRedo = ataIsRedoSetWarning(s, rc);
1702
1703 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1704 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1705 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1706 return rc;
1707}
1708
1709
1710static void ataReadWriteSectorsBT(ATADevState *s)
1711{
1712 uint32_t cSectors;
1713
1714 cSectors = s->cbTotalTransfer / 512;
1715 if (cSectors > s->cSectorsPerIRQ)
1716 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1717 else
1718 s->cbElementaryTransfer = cSectors * 512;
1719 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1720 ataCmdOK(s, 0);
1721}
1722
1723
1724static bool ataReadSectorsSS(ATADevState *s)
1725{
1726 int rc;
1727 uint32_t cSectors;
1728 uint64_t iLBA;
1729 bool fRedo;
1730
1731 cSectors = s->cbElementaryTransfer / 512;
1732 Assert(cSectors);
1733 iLBA = ataGetSector(s);
1734 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1735 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1736 if (RT_SUCCESS(rc))
1737 {
1738 ataSetSector(s, iLBA + cSectors);
1739 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1740 s->iSourceSink = ATAFN_SS_NULL;
1741 ataCmdOK(s, ATA_STAT_SEEK);
1742 }
1743 else
1744 {
1745 if (fRedo)
1746 return fRedo;
1747 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1748 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1749 s->iLUN, rc, iLBA, cSectors));
1750
1751 /*
1752 * Check if we got interrupted. We don't need to set status variables
1753 * because the request was aborted.
1754 */
1755 if (rc != VERR_INTERRUPTED)
1756 ataCmdError(s, ID_ERR);
1757 }
1758 return false;
1759}
1760
1761
1762static bool ataWriteSectorsSS(ATADevState *s)
1763{
1764 int rc;
1765 uint32_t cSectors;
1766 uint64_t iLBA;
1767 bool fRedo;
1768
1769 cSectors = s->cbElementaryTransfer / 512;
1770 Assert(cSectors);
1771 iLBA = ataGetSector(s);
1772 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1773 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1774 if (RT_SUCCESS(rc))
1775 {
1776 ataSetSector(s, iLBA + cSectors);
1777 if (!s->cbTotalTransfer)
1778 s->iSourceSink = ATAFN_SS_NULL;
1779 ataCmdOK(s, ATA_STAT_SEEK);
1780 }
1781 else
1782 {
1783 if (fRedo)
1784 return fRedo;
1785 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1786 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1787 s->iLUN, rc, iLBA, cSectors));
1788
1789 /*
1790 * Check if we got interrupted. We don't need to set status variables
1791 * because the request was aborted.
1792 */
1793 if (rc != VERR_INTERRUPTED)
1794 ataCmdError(s, ID_ERR);
1795 }
1796 return false;
1797}
1798
1799
1800static void atapiCmdOK(ATADevState *s)
1801{
1802 s->uATARegError = 0;
1803 ataSetStatusValue(s, ATA_STAT_READY);
1804 s->uATARegNSector = (s->uATARegNSector & ~7)
1805 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1806 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1807 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1808
1809 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1810 s->abATAPISense[0] = 0x70 | (1 << 7);
1811 s->abATAPISense[7] = 10;
1812}
1813
1814
1815static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1816{
1817 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1818 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1819 s->uATARegError = pabATAPISense[2] << 4;
1820 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1821 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1822 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1823 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1824 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1825 s->cbTotalTransfer = 0;
1826 s->cbElementaryTransfer = 0;
1827 s->iIOBufferCur = 0;
1828 s->iIOBufferEnd = 0;
1829 s->uTxDir = PDMBLOCKTXDIR_NONE;
1830 s->iBeginTransfer = ATAFN_BT_NULL;
1831 s->iSourceSink = ATAFN_SS_NULL;
1832}
1833
1834
1835/** @todo deprecated function - doesn't provide enough info. Replace by direct
1836 * calls to atapiCmdError() with full data. */
1837static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1838{
1839 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1840 memset(abATAPISense, '\0', sizeof(abATAPISense));
1841 abATAPISense[0] = 0x70 | (1 << 7);
1842 abATAPISense[2] = uATAPISenseKey & 0x0f;
1843 abATAPISense[7] = 10;
1844 abATAPISense[12] = uATAPIASC;
1845 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1846}
1847
1848
1849static void atapiCmdBT(ATADevState *s)
1850{
1851 s->fATAPITransfer = true;
1852 s->cbElementaryTransfer = s->cbTotalTransfer;
1853 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1854 atapiCmdOK(s);
1855}
1856
1857
1858static void atapiPassthroughCmdBT(ATADevState *s)
1859{
1860 /* @todo implement an algorithm for correctly determining the read and
1861 * write sector size without sending additional commands to the drive.
1862 * This should be doable by saving processing the configuration requests
1863 * and replies. */
1864#if 0
1865 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1866 {
1867 uint8_t cmd = s->aATAPICmd[0];
1868 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1869 {
1870 uint8_t aModeSenseCmd[10];
1871 uint8_t aModeSenseResult[16];
1872 uint8_t uDummySense;
1873 uint32_t cbTransfer;
1874 int rc;
1875
1876 cbTransfer = sizeof(aModeSenseResult);
1877 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1878 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1879 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1880 aModeSenseCmd[3] = 0; /* subpage code */
1881 aModeSenseCmd[4] = 0; /* reserved */
1882 aModeSenseCmd[5] = 0; /* reserved */
1883 aModeSenseCmd[6] = 0; /* reserved */
1884 aModeSenseCmd[7] = cbTransfer >> 8;
1885 aModeSenseCmd[8] = cbTransfer & 0xff;
1886 aModeSenseCmd[9] = 0; /* control */
1887 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1888 if (RT_FAILURE(rc))
1889 {
1890 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1891 return;
1892 }
1893 /* Select sector size based on the current data block type. */
1894 switch (aModeSenseResult[12] & 0x0f)
1895 {
1896 case 0:
1897 s->cbATAPISector = 2352;
1898 break;
1899 case 1:
1900 s->cbATAPISector = 2368;
1901 break;
1902 case 2:
1903 case 3:
1904 s->cbATAPISector = 2448;
1905 break;
1906 case 8:
1907 case 10:
1908 s->cbATAPISector = 2048;
1909 break;
1910 case 9:
1911 s->cbATAPISector = 2336;
1912 break;
1913 case 11:
1914 s->cbATAPISector = 2056;
1915 break;
1916 case 12:
1917 s->cbATAPISector = 2324;
1918 break;
1919 case 13:
1920 s->cbATAPISector = 2332;
1921 break;
1922 default:
1923 s->cbATAPISector = 0;
1924 }
1925 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1926 s->cbTotalTransfer *= s->cbATAPISector;
1927 if (s->cbTotalTransfer == 0)
1928 s->uTxDir = PDMBLOCKTXDIR_NONE;
1929 }
1930 }
1931#endif
1932 atapiCmdBT(s);
1933}
1934
1935
1936static bool atapiReadSS(ATADevState *s)
1937{
1938 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1939 int rc = VINF_SUCCESS;
1940 uint32_t cbTransfer, cSectors;
1941
1942 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1943 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1944 cSectors = cbTransfer / s->cbATAPISector;
1945 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1946 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1947
1948 PDMCritSectLeave(&pCtl->lock);
1949
1950 STAM_PROFILE_ADV_START(&s->StatReads, r);
1951 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1952 switch (s->cbATAPISector)
1953 {
1954 case 2048:
1955 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1956 break;
1957 case 2352:
1958 {
1959 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1960
1961 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1962 {
1963 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1964 *pbBuf++ = 0x00;
1965 memset(pbBuf, 0xff, 10);
1966 pbBuf += 10;
1967 *pbBuf++ = 0x00;
1968 /* MSF */
1969 ataLBA2MSF(pbBuf, i);
1970 pbBuf += 3;
1971 *pbBuf++ = 0x01; /* mode 1 data */
1972 /* data */
1973 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1974 if (RT_FAILURE(rc))
1975 break;
1976 pbBuf += 2048;
1977 /**
1978 * @todo: maybe compute ECC and parity, layout is:
1979 * 2072 4 EDC
1980 * 2076 172 P parity symbols
1981 * 2248 104 Q parity symbols
1982 */
1983 memset(pbBuf, 0, 280);
1984 pbBuf += 280;
1985 }
1986 }
1987 break;
1988 default:
1989 break;
1990 }
1991 s->Led.Actual.s.fReading = 0;
1992 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1993
1994 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1995 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1996 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1997
1998 if (RT_SUCCESS(rc))
1999 {
2000 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
2001
2002 /* The initial buffer end value has been set up based on the total
2003 * transfer size. But the I/O buffer size limits what can actually be
2004 * done in one transfer, so set the actual value of the buffer end. */
2005 s->cbElementaryTransfer = cbTransfer;
2006 if (cbTransfer >= s->cbTotalTransfer)
2007 s->iSourceSink = ATAFN_SS_NULL;
2008 atapiCmdOK(s);
2009 s->iATAPILBA += cSectors;
2010 }
2011 else
2012 {
2013 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2014 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
2015
2016 /*
2017 * Check if we got interrupted. We don't need to set status variables
2018 * because the request was aborted.
2019 */
2020 if (rc != VERR_INTERRUPTED)
2021 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
2022 }
2023 return false;
2024}
2025
2026/**
2027 * Sets the given media track type.
2028 */
2029static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
2030{
2031 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
2032}
2033
2034static bool atapiPassthroughSS(ATADevState *s)
2035{
2036 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2037 int rc = VINF_SUCCESS;
2038 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
2039 uint32_t cbTransfer;
2040 PSTAMPROFILEADV pProf = NULL;
2041
2042 cbTransfer = RT_MIN(s->cbElementaryTransfer, s->cbIOBuffer);
2043
2044 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
2045 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2046
2047 /* Simple heuristics: if there is at least one sector of data
2048 * to transfer, it's worth updating the LEDs. */
2049 if (cbTransfer >= 2048)
2050 {
2051 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2052 {
2053 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
2054 pProf = &s->StatReads;
2055 }
2056 else
2057 {
2058 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
2059 pProf = &s->StatWrites;
2060 }
2061 }
2062
2063 PDMCritSectLeave(&pCtl->lock);
2064
2065#if defined(LOG_ENABLED)
2066 char szBuf[1024];
2067
2068 memset(szBuf, 0, sizeof(szBuf));
2069
2070 switch (s->aATAPICmd[0])
2071 {
2072 case SCSI_MODE_SELECT_10:
2073 {
2074 size_t cbBlkDescLength = ataBE2H_U16(&s->CTX_SUFF(pbIOBuffer)[6]);
2075
2076 SCSILogModePage(szBuf, sizeof(szBuf) - 1,
2077 s->CTX_SUFF(pbIOBuffer) + 8 + cbBlkDescLength,
2078 cbTransfer - 8 - cbBlkDescLength);
2079 break;
2080 }
2081 case SCSI_SEND_CUE_SHEET:
2082 {
2083 SCSILogCueSheet(szBuf, sizeof(szBuf) - 1,
2084 s->CTX_SUFF(pbIOBuffer), cbTransfer);
2085 break;
2086 }
2087 default:
2088 break;
2089 }
2090
2091 Log2(("%s\n", szBuf));
2092#endif
2093
2094 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
2095 if ( cbTransfer > SCSI_MAX_BUFFER_SIZE
2096 || s->cbElementaryTransfer > s->cbIOBuffer)
2097 {
2098 /* Linux accepts commands with up to 100KB of data, but expects
2099 * us to handle commands with up to 128KB of data. The usual
2100 * imbalance of powers. */
2101 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
2102 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
2103 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2104 uint32_t cSectorsMax; /**< Maximum amount of sectors to read without exceeding the I/O buffer. */
2105
2106 Assert(s->cbATAPISector);
2107 cSectorsMax = cbTransfer / s->cbATAPISector;
2108 Assert(cSectorsMax * s->cbATAPISector <= s->cbIOBuffer);
2109
2110 switch (s->aATAPICmd[0])
2111 {
2112 case SCSI_READ_10:
2113 case SCSI_WRITE_10:
2114 case SCSI_WRITE_AND_VERIFY_10:
2115 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2116 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
2117 break;
2118 case SCSI_READ_12:
2119 case SCSI_WRITE_12:
2120 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2121 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
2122 break;
2123 case SCSI_READ_CD:
2124 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2125 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
2126 break;
2127 case SCSI_READ_CD_MSF:
2128 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
2129 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
2130 break;
2131 default:
2132 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2133 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2134 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2135 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2136 {
2137 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2138 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2139 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2140 }
2141 return false;
2142 }
2143 cSectorsMax = RT_MIN(cSectorsMax, cSectors);
2144 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
2145 cReqSectors = 0;
2146 for (uint32_t i = cSectorsMax; i > 0; i -= cReqSectors)
2147 {
2148 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
2149 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
2150 else
2151 cReqSectors = i;
2152 cbCurrTX = s->cbATAPISector * cReqSectors;
2153 switch (s->aATAPICmd[0])
2154 {
2155 case SCSI_READ_10:
2156 case SCSI_WRITE_10:
2157 case SCSI_WRITE_AND_VERIFY_10:
2158 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2159 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
2160 break;
2161 case SCSI_READ_12:
2162 case SCSI_WRITE_12:
2163 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2164 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
2165 break;
2166 case SCSI_READ_CD:
2167 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2168 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
2169 break;
2170 case SCSI_READ_CD_MSF:
2171 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
2172 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
2173 break;
2174 }
2175 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2176 if (rc != VINF_SUCCESS)
2177 break;
2178 iATAPILBA += cReqSectors;
2179 pbBuf += s->cbATAPISector * cReqSectors;
2180 }
2181
2182 if (RT_SUCCESS(rc))
2183 {
2184 /* Adjust ATAPI command for the next call. */
2185 switch (s->aATAPICmd[0])
2186 {
2187 case SCSI_READ_10:
2188 case SCSI_WRITE_10:
2189 case SCSI_WRITE_AND_VERIFY_10:
2190 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2191 ataH2BE_U16(s->aATAPICmd + 7, cSectors - cSectorsMax);
2192 break;
2193 case SCSI_READ_12:
2194 case SCSI_WRITE_12:
2195 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2196 ataH2BE_U32(s->aATAPICmd + 6, cSectors - cSectorsMax);
2197 break;
2198 case SCSI_READ_CD:
2199 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2200 ataH2BE_U24(s->aATAPICmd + 6, cSectors - cSectorsMax);
2201 break;
2202 case SCSI_READ_CD_MSF:
2203 ataLBA2MSF(s->aATAPICmd + 3, iATAPILBA);
2204 ataLBA2MSF(s->aATAPICmd + 6, iATAPILBA + cSectors - cSectorsMax);
2205 break;
2206 default:
2207 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2208 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2209 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2210 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2211 return false;
2212 }
2213 }
2214 }
2215 else
2216 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2217 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2218
2219 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2220 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2221 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2222
2223 /* Update the LEDs and the read/write statistics. */
2224 if (cbTransfer >= 2048)
2225 {
2226 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2227 {
2228 s->Led.Actual.s.fReading = 0;
2229 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2230 }
2231 else
2232 {
2233 s->Led.Actual.s.fWriting = 0;
2234 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2235 }
2236 }
2237
2238 if (RT_SUCCESS(rc))
2239 {
2240 /* Do post processing for certain commands. */
2241 switch (s->aATAPICmd[0])
2242 {
2243 case SCSI_SEND_CUE_SHEET:
2244 {
2245 /* Save the CUE sheet to determine sector sizes during writes */
2246 if (s->pbCueSheet)
2247 {
2248 s->cbCueSheet = 0;
2249 RTMemFree(s->pbCueSheet);
2250 }
2251
2252 s->pbCueSheet = (uint8_t *)RTMemAllocZ(s->cbElementaryTransfer);
2253 if (s->pbCueSheet)
2254 {
2255 s->cbCueSheet = s->cbElementaryTransfer;
2256 memcpy(s->pbCueSheet, s->CTX_SUFF(pbIOBuffer), s->cbElementaryTransfer);
2257 }
2258 else if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2259 LogRel(("ATA: Out of memory while saving the CUE sheet, burning disc might fail\n"));
2260 break;
2261 }
2262 case SCSI_SYNCHRONIZE_CACHE:
2263 {
2264 /* Free the current CUE sheet after session at once recording. */
2265 if (s->pbCueSheet)
2266 {
2267 s->cbCueSheet = 0;
2268 RTMemFree(s->pbCueSheet);
2269 s->pbCueSheet = NULL;
2270 }
2271 break;
2272 }
2273 }
2274
2275 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2276 {
2277 Assert(cbTransfer <= s->cbTotalTransfer);
2278 /*
2279 * Reply with the same amount of data as the real drive
2280 * but only if the command wasn't splitted.
2281 */
2282 if (s->cbElementaryTransfer < s->cbIOBuffer)
2283 s->cbTotalTransfer = cbTransfer;
2284
2285 if ( s->aATAPICmd[0] == SCSI_INQUIRY
2286 && s->fOverwriteInquiry)
2287 {
2288 /* Make sure that the real drive cannot be identified.
2289 * Motivation: changing the VM configuration should be as
2290 * invisible as possible to the guest. */
2291 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2292 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2293 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2294 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2295 }
2296 else if ( s->aATAPICmd[0] == SCSI_READ_TOC_PMA_ATIP
2297 && (s->aATAPICmd[2] & 0xf) != 0x05)
2298 {
2299 /* Set the media type if we can detect it. */
2300 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2301
2302 /** @todo: Implemented only for formatted TOC now. */
2303 if ( (s->aATAPICmd[2] & 0xf) == 0
2304 && cbTransfer >= 6)
2305 {
2306 uint32_t NewMediaType;
2307 uint32_t OldMediaType;
2308
2309 if (pbBuf[5] & 0x4)
2310 NewMediaType = ATA_MEDIA_TYPE_DATA;
2311 else
2312 NewMediaType = ATA_MEDIA_TYPE_CDDA;
2313
2314 OldMediaType = ataMediumTypeSet(s, NewMediaType);
2315
2316 if (OldMediaType != NewMediaType)
2317 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough, detected %s CD\n",
2318 s->iLUN,
2319 NewMediaType == ATA_MEDIA_TYPE_DATA
2320 ? "data"
2321 : "audio"));
2322 }
2323 else /* Play safe and set to unknown. */
2324 ataMediumTypeSet(s, ATA_MEDIA_TYPE_UNKNOWN);
2325 }
2326 if (cbTransfer)
2327 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2328 }
2329
2330 /* The initial buffer end value has been set up based on the total
2331 * transfer size. But the I/O buffer size limits what can actually be
2332 * done in one transfer, so set the actual value of the buffer end. */
2333 s->cbElementaryTransfer = cbTransfer;
2334 if (cbTransfer >= s->cbTotalTransfer)
2335 {
2336 s->iSourceSink = ATAFN_SS_NULL;
2337 atapiCmdOK(s);
2338 }
2339 }
2340 else
2341 {
2342 if (s->cErrors < MAX_LOG_REL_ERRORS)
2343 {
2344 uint8_t u8Cmd = s->aATAPICmd[0];
2345 do
2346 {
2347 /* don't log superfluous errors */
2348 if ( rc == VERR_DEV_IO_ERROR
2349 && ( u8Cmd == SCSI_TEST_UNIT_READY
2350 || u8Cmd == SCSI_READ_CAPACITY
2351 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2352 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2353 break;
2354 s->cErrors++;
2355 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2356 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2357 } while (0);
2358 }
2359 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2360 }
2361 return false;
2362}
2363
2364/** @todo: Revise ASAP. */
2365static bool atapiReadDVDStructureSS(ATADevState *s)
2366{
2367 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2368 int media = s->aATAPICmd[1];
2369 int format = s->aATAPICmd[7];
2370
2371 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2372
2373 memset(buf, 0, max_len);
2374
2375 switch (format) {
2376 case 0x00:
2377 case 0x01:
2378 case 0x02:
2379 case 0x03:
2380 case 0x04:
2381 case 0x05:
2382 case 0x06:
2383 case 0x07:
2384 case 0x08:
2385 case 0x09:
2386 case 0x0a:
2387 case 0x0b:
2388 case 0x0c:
2389 case 0x0d:
2390 case 0x0e:
2391 case 0x0f:
2392 case 0x10:
2393 case 0x11:
2394 case 0x30:
2395 case 0x31:
2396 case 0xff:
2397 if (media == 0)
2398 {
2399 int uASC = SCSI_ASC_NONE;
2400
2401 switch (format)
2402 {
2403 case 0x0: /* Physical format information */
2404 {
2405 int layer = s->aATAPICmd[6];
2406 uint64_t total_sectors;
2407
2408 if (layer != 0)
2409 {
2410 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2411 break;
2412 }
2413
2414 total_sectors = s->cTotalSectors;
2415 total_sectors >>= 2;
2416 if (total_sectors == 0)
2417 {
2418 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2419 break;
2420 }
2421
2422 buf[4] = 1; /* DVD-ROM, part version 1 */
2423 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2424 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2425 buf[7] = 0; /* default densities */
2426
2427 /* FIXME: 0x30000 per spec? */
2428 ataH2BE_U32(buf + 8, 0); /* start sector */
2429 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2430 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2431
2432 /* Size of buffer, not including 2 byte size field */
2433 ataH2BE_U32(&buf[0], 2048 + 2);
2434
2435 /* 2k data + 4 byte header */
2436 uASC = (2048 + 4);
2437 }
2438 break;
2439 case 0x01: /* DVD copyright information */
2440 buf[4] = 0; /* no copyright data */
2441 buf[5] = 0; /* no region restrictions */
2442
2443 /* Size of buffer, not including 2 byte size field */
2444 ataH2BE_U16(buf, 4 + 2);
2445
2446 /* 4 byte header + 4 byte data */
2447 uASC = (4 + 4);
2448
2449 case 0x03: /* BCA information - invalid field for no BCA info */
2450 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2451 break;
2452
2453 case 0x04: /* DVD disc manufacturing information */
2454 /* Size of buffer, not including 2 byte size field */
2455 ataH2BE_U16(buf, 2048 + 2);
2456
2457 /* 2k data + 4 byte header */
2458 uASC = (2048 + 4);
2459 break;
2460 case 0xff:
2461 /*
2462 * This lists all the command capabilities above. Add new ones
2463 * in order and update the length and buffer return values.
2464 */
2465
2466 buf[4] = 0x00; /* Physical format */
2467 buf[5] = 0x40; /* Not writable, is readable */
2468 ataH2BE_U16((buf + 6), 2048 + 4);
2469
2470 buf[8] = 0x01; /* Copyright info */
2471 buf[9] = 0x40; /* Not writable, is readable */
2472 ataH2BE_U16((buf + 10), 4 + 4);
2473
2474 buf[12] = 0x03; /* BCA info */
2475 buf[13] = 0x40; /* Not writable, is readable */
2476 ataH2BE_U16((buf + 14), 188 + 4);
2477
2478 buf[16] = 0x04; /* Manufacturing info */
2479 buf[17] = 0x40; /* Not writable, is readable */
2480 ataH2BE_U16((buf + 18), 2048 + 4);
2481
2482 /* Size of buffer, not including 2 byte size field */
2483 ataH2BE_U16(buf, 16 + 2);
2484
2485 /* data written + 4 byte header */
2486 uASC = (16 + 4);
2487 break;
2488 default: /* TODO: formats beyond DVD-ROM requires */
2489 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2490 }
2491
2492 if (uASC < 0)
2493 {
2494 s->iSourceSink = ATAFN_SS_NULL;
2495 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2496 return false;
2497 }
2498 break;
2499 }
2500 /* TODO: BD support, fall through for now */
2501
2502 /* Generic disk structures */
2503 case 0x80: /* TODO: AACS volume identifier */
2504 case 0x81: /* TODO: AACS media serial number */
2505 case 0x82: /* TODO: AACS media identifier */
2506 case 0x83: /* TODO: AACS media key block */
2507 case 0x90: /* TODO: List of recognized format layers */
2508 case 0xc0: /* TODO: Write protection status */
2509 default:
2510 s->iSourceSink = ATAFN_SS_NULL;
2511 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2512 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2513 return false;
2514 }
2515
2516 s->iSourceSink = ATAFN_SS_NULL;
2517 atapiCmdOK(s);
2518 return false;
2519}
2520
2521static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2522{
2523 Assert(cSectors > 0);
2524 s->iATAPILBA = iATAPILBA;
2525 s->cbATAPISector = cbSector;
2526 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2527 return false;
2528}
2529
2530
2531static bool atapiReadCapacitySS(ATADevState *s)
2532{
2533 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2534
2535 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2536 Assert(s->cbElementaryTransfer <= 8);
2537 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2538 ataH2BE_U32(pbBuf + 4, 2048);
2539 s->iSourceSink = ATAFN_SS_NULL;
2540 atapiCmdOK(s);
2541 return false;
2542}
2543
2544
2545static bool atapiReadDiscInformationSS(ATADevState *s)
2546{
2547 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2548
2549 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2550 Assert(s->cbElementaryTransfer <= 34);
2551 memset(pbBuf, '\0', 34);
2552 ataH2BE_U16(pbBuf, 32);
2553 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2554 pbBuf[3] = 1; /* number of first track */
2555 pbBuf[4] = 1; /* number of sessions (LSB) */
2556 pbBuf[5] = 1; /* first track number in last session (LSB) */
2557 pbBuf[6] = 1; /* last track number in last session (LSB) */
2558 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2559 pbBuf[8] = 0; /* disc type = CD-ROM */
2560 pbBuf[9] = 0; /* number of sessions (MSB) */
2561 pbBuf[10] = 0; /* number of sessions (MSB) */
2562 pbBuf[11] = 0; /* number of sessions (MSB) */
2563 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2564 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2565 s->iSourceSink = ATAFN_SS_NULL;
2566 atapiCmdOK(s);
2567 return false;
2568}
2569
2570
2571static bool atapiReadTrackInformationSS(ATADevState *s)
2572{
2573 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2574
2575 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2576 Assert(s->cbElementaryTransfer <= 36);
2577 /* Accept address/number type of 1 only, and only track 1 exists. */
2578 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2579 {
2580 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2581 return false;
2582 }
2583 memset(pbBuf, '\0', 36);
2584 ataH2BE_U16(pbBuf, 34);
2585 pbBuf[2] = 1; /* track number (LSB) */
2586 pbBuf[3] = 1; /* session number (LSB) */
2587 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2588 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2589 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2590 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2591 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2592 pbBuf[32] = 0; /* track number (MSB) */
2593 pbBuf[33] = 0; /* session number (MSB) */
2594 s->iSourceSink = ATAFN_SS_NULL;
2595 atapiCmdOK(s);
2596 return false;
2597}
2598
2599static size_t atapiGetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2600{
2601 if (cbBuf < 3*4)
2602 return 0;
2603
2604 ataH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2605 pbBuf[2] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2606 pbBuf[3] = 8; /* additional bytes for profiles */
2607 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2608 * before CD-ROM read capability. */
2609 ataH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2610 pbBuf[6] = (0 << 0); /* NOT current profile */
2611 ataH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2612 pbBuf[10] = (1 << 0); /* current profile */
2613
2614 return 3*4; /* Header + 2 profiles entries */
2615}
2616
2617static size_t atapiGetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2618{
2619 if (cbBuf < 12)
2620 return 0;
2621
2622 ataH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2623 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2624 pbBuf[3] = 8; /* Additional length */
2625 ataH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2626 pbBuf[8] = RT_BIT(0); /* DBE */
2627 /* Rest is reserved. */
2628
2629 return 12;
2630}
2631
2632static size_t atapiGetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2633{
2634 if (cbBuf < 8)
2635 return 0;
2636
2637 ataH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2638 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2639 pbBuf[3] = 4; /* Additional length */
2640 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2641 /* Rest is reserved. */
2642
2643 return 8;
2644}
2645
2646static size_t atapiGetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2647{
2648 if (cbBuf < 8)
2649 return 0;
2650
2651 ataH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2652 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2653 pbBuf[3] = 4; /* Additional length */
2654 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2655 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2656 /* Rest is reserved. */
2657
2658 return 8;
2659}
2660
2661static size_t atapiGetConfigurationFillFeatureRandomReadable(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2662{
2663 if (cbBuf < 12)
2664 return 0;
2665
2666 ataH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2667 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2668 pbBuf[3] = 8; /* Additional length */
2669 ataH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2670 ataH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2671 pbBuf[10] = 0; /* PP not present */
2672 /* Rest is reserved. */
2673
2674 return 12;
2675}
2676
2677static size_t atapiGetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2678{
2679 if (cbBuf < 8)
2680 return 0;
2681
2682 ataH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2683 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2684 pbBuf[3] = 0; /* Additional length */
2685 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2686 /* Rest is reserved. */
2687
2688 return 8;
2689}
2690
2691static size_t atapiGetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2692{
2693 if (cbBuf < 4)
2694 return 0;
2695
2696 ataH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2697 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2698 pbBuf[3] = 0; /* Additional length */
2699
2700 return 4;
2701}
2702
2703static size_t atapiGetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2704{
2705 if (cbBuf < 8)
2706 return 0;
2707
2708 ataH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2709 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2710 pbBuf[3] = 4; /* Additional length */
2711 pbBuf[4] = 0x0; /* !Group3 */
2712
2713 return 8;
2714}
2715
2716static bool atapiGetConfigurationSS(ATADevState *s)
2717{
2718 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2719 size_t cbBuf = s->cbIOBuffer;
2720 size_t cbCopied = 0;
2721 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2722
2723 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2724 Assert(s->cbElementaryTransfer <= 80);
2725 /* Accept valid request types only, and only starting feature 0. */
2726 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2727 {
2728 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2729 return false;
2730 }
2731 memset(pbBuf, '\0', cbBuf);
2732 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2733 * way to differentiate them right now is based on the image size). */
2734 if (s->cTotalSectors)
2735 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2736 else
2737 ataH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2738 cbBuf -= 8;
2739 pbBuf += 8;
2740
2741 cbCopied = atapiGetConfigurationFillFeatureListProfiles(s, pbBuf, cbBuf);
2742 cbBuf -= cbCopied;
2743 pbBuf += cbCopied;
2744
2745 cbCopied = atapiGetConfigurationFillFeatureCore(s, pbBuf, cbBuf);
2746 cbBuf -= cbCopied;
2747 pbBuf += cbCopied;
2748
2749 cbCopied = atapiGetConfigurationFillFeatureMorphing(s, pbBuf, cbBuf);
2750 cbBuf -= cbCopied;
2751 pbBuf += cbCopied;
2752
2753 cbCopied = atapiGetConfigurationFillFeatureRemovableMedium(s, pbBuf, cbBuf);
2754 cbBuf -= cbCopied;
2755 pbBuf += cbCopied;
2756
2757 cbCopied = atapiGetConfigurationFillFeatureRandomReadable(s, pbBuf, cbBuf);
2758 cbBuf -= cbCopied;
2759 pbBuf += cbCopied;
2760
2761 cbCopied = atapiGetConfigurationFillFeatureCDRead(s, pbBuf, cbBuf);
2762 cbBuf -= cbCopied;
2763 pbBuf += cbCopied;
2764
2765 cbCopied = atapiGetConfigurationFillFeaturePowerManagement(s, pbBuf, cbBuf);
2766 cbBuf -= cbCopied;
2767 pbBuf += cbCopied;
2768
2769 cbCopied = atapiGetConfigurationFillFeatureTimeout(s, pbBuf, cbBuf);
2770 cbBuf -= cbCopied;
2771 pbBuf += cbCopied;
2772
2773 /* Set data length now - the field is not included in the final length. */
2774 ataH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2775
2776 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2777 s->iSourceSink = ATAFN_SS_NULL;
2778 atapiCmdOK(s);
2779 return false;
2780}
2781
2782
2783static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2784{
2785 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2786
2787 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2788 Assert(s->cbElementaryTransfer <= 8);
2789
2790 if (!(s->aATAPICmd[1] & 1))
2791 {
2792 /* no asynchronous operation supported */
2793 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2794 return false;
2795 }
2796
2797 uint32_t OldStatus, NewStatus;
2798 do
2799 {
2800 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2801 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2802 switch (OldStatus)
2803 {
2804 case ATA_EVENT_STATUS_MEDIA_NEW:
2805 /* mount */
2806 ataH2BE_U16(pbBuf + 0, 6);
2807 pbBuf[2] = 0x04; /* media */
2808 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2809 pbBuf[4] = 0x02; /* new medium */
2810 pbBuf[5] = 0x02; /* medium present / door closed */
2811 pbBuf[6] = 0x00;
2812 pbBuf[7] = 0x00;
2813 break;
2814
2815 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2816 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2817 /* umount */
2818 ataH2BE_U16(pbBuf + 0, 6);
2819 pbBuf[2] = 0x04; /* media */
2820 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2821 pbBuf[4] = 0x03; /* media removal */
2822 pbBuf[5] = 0x00; /* medium absent / door closed */
2823 pbBuf[6] = 0x00;
2824 pbBuf[7] = 0x00;
2825 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2826 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2827 break;
2828
2829 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2830 ataH2BE_U16(pbBuf + 0, 6);
2831 pbBuf[2] = 0x04; /* media */
2832 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2833 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2834 pbBuf[5] = 0x02; /* medium present / door closed */
2835 pbBuf[6] = 0x00;
2836 pbBuf[7] = 0x00;
2837 break;
2838
2839 case ATA_EVENT_STATUS_UNCHANGED:
2840 default:
2841 ataH2BE_U16(pbBuf + 0, 6);
2842 pbBuf[2] = 0x01; /* operational change request / notification */
2843 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2844 pbBuf[4] = 0x00;
2845 pbBuf[5] = 0x00;
2846 pbBuf[6] = 0x00;
2847 pbBuf[7] = 0x00;
2848 break;
2849 }
2850 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2851
2852 s->iSourceSink = ATAFN_SS_NULL;
2853 atapiCmdOK(s);
2854 return false;
2855}
2856
2857
2858static bool atapiInquirySS(ATADevState *s)
2859{
2860 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2861
2862 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2863 Assert(s->cbElementaryTransfer <= 36);
2864 pbBuf[0] = 0x05; /* CD-ROM */
2865 pbBuf[1] = 0x80; /* removable */
2866#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2867 pbBuf[2] = 0x00; /* ISO */
2868 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2869#else
2870 pbBuf[2] = 0x00; /* ISO */
2871 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2872#endif
2873 pbBuf[4] = 31; /* additional length */
2874 pbBuf[5] = 0; /* reserved */
2875 pbBuf[6] = 0; /* reserved */
2876 pbBuf[7] = 0; /* reserved */
2877 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2878 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2879 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2880 s->iSourceSink = ATAFN_SS_NULL;
2881 atapiCmdOK(s);
2882 return false;
2883}
2884
2885
2886static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2887{
2888 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2889
2890 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2891 Assert(s->cbElementaryTransfer <= 16);
2892 ataH2BE_U16(&pbBuf[0], 16 + 6);
2893 pbBuf[2] = (uint8_t)s->MediaTrackType;
2894 pbBuf[3] = 0;
2895 pbBuf[4] = 0;
2896 pbBuf[5] = 0;
2897 pbBuf[6] = 0;
2898 pbBuf[7] = 0;
2899
2900 pbBuf[8] = 0x01;
2901 pbBuf[9] = 0x06;
2902 pbBuf[10] = 0x00; /* Maximum error recovery */
2903 pbBuf[11] = 0x05; /* 5 retries */
2904 pbBuf[12] = 0x00;
2905 pbBuf[13] = 0x00;
2906 pbBuf[14] = 0x00;
2907 pbBuf[15] = 0x00;
2908 s->iSourceSink = ATAFN_SS_NULL;
2909 atapiCmdOK(s);
2910 return false;
2911}
2912
2913
2914static bool atapiModeSenseCDStatusSS(ATADevState *s)
2915{
2916 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2917
2918 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2919 Assert(s->cbElementaryTransfer <= 40);
2920 ataH2BE_U16(&pbBuf[0], 38);
2921 pbBuf[2] = (uint8_t)s->MediaTrackType;
2922 pbBuf[3] = 0;
2923 pbBuf[4] = 0;
2924 pbBuf[5] = 0;
2925 pbBuf[6] = 0;
2926 pbBuf[7] = 0;
2927
2928 pbBuf[8] = 0x2a;
2929 pbBuf[9] = 30; /* page length */
2930 pbBuf[10] = 0x08; /* DVD-ROM read support */
2931 pbBuf[11] = 0x00; /* no write support */
2932 /* The following claims we support audio play. This is obviously false,
2933 * but the Linux generic CDROM support makes many features depend on this
2934 * capability. If it's not set, this causes many things to be disabled. */
2935 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2936 pbBuf[13] = 0x00; /* no subchannel reads supported */
2937 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2938 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2939 pbBuf[14] |= 1 << 1; /* report lock state */
2940 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2941 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2942 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2943 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2944 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2945 pbBuf[24] = 0; /* reserved */
2946 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2947 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2948 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2949 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2950 pbBuf[32] = 0; /* reserved */
2951 pbBuf[33] = 0; /* reserved */
2952 pbBuf[34] = 0; /* reserved */
2953 pbBuf[35] = 1; /* rotation control CAV */
2954 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2955 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2956 s->iSourceSink = ATAFN_SS_NULL;
2957 atapiCmdOK(s);
2958 return false;
2959}
2960
2961
2962static bool atapiRequestSenseSS(ATADevState *s)
2963{
2964 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2965
2966 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2967 memset(pbBuf, '\0', s->cbElementaryTransfer);
2968 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2969 s->iSourceSink = ATAFN_SS_NULL;
2970 atapiCmdOK(s);
2971 return false;
2972}
2973
2974
2975static bool atapiMechanismStatusSS(ATADevState *s)
2976{
2977 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2978
2979 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2980 Assert(s->cbElementaryTransfer <= 8);
2981 ataH2BE_U16(pbBuf, 0);
2982 /* no current LBA */
2983 pbBuf[2] = 0;
2984 pbBuf[3] = 0;
2985 pbBuf[4] = 0;
2986 pbBuf[5] = 1;
2987 ataH2BE_U16(pbBuf + 6, 0);
2988 s->iSourceSink = ATAFN_SS_NULL;
2989 atapiCmdOK(s);
2990 return false;
2991}
2992
2993
2994static bool atapiReadTOCNormalSS(ATADevState *s)
2995{
2996 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2997 bool fMSF;
2998 uint32_t cbSize;
2999
3000 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
3001 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3002 iStartTrack = s->aATAPICmd[6];
3003 if (iStartTrack > 1 && iStartTrack != 0xaa)
3004 {
3005 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3006 return false;
3007 }
3008 q = pbBuf + 2;
3009 *q++ = 1; /* first session */
3010 *q++ = 1; /* last session */
3011 if (iStartTrack <= 1)
3012 {
3013 *q++ = 0; /* reserved */
3014 *q++ = 0x14; /* ADR, control */
3015 *q++ = 1; /* track number */
3016 *q++ = 0; /* reserved */
3017 if (fMSF)
3018 {
3019 *q++ = 0; /* reserved */
3020 ataLBA2MSF(q, 0);
3021 q += 3;
3022 }
3023 else
3024 {
3025 /* sector 0 */
3026 ataH2BE_U32(q, 0);
3027 q += 4;
3028 }
3029 }
3030 /* lead out track */
3031 *q++ = 0; /* reserved */
3032 *q++ = 0x14; /* ADR, control */
3033 *q++ = 0xaa; /* track number */
3034 *q++ = 0; /* reserved */
3035 if (fMSF)
3036 {
3037 *q++ = 0; /* reserved */
3038 ataLBA2MSF(q, s->cTotalSectors);
3039 q += 3;
3040 }
3041 else
3042 {
3043 ataH2BE_U32(q, s->cTotalSectors);
3044 q += 4;
3045 }
3046 cbSize = q - pbBuf;
3047 ataH2BE_U16(pbBuf, cbSize - 2);
3048 if (cbSize < s->cbTotalTransfer)
3049 s->cbTotalTransfer = cbSize;
3050 s->iSourceSink = ATAFN_SS_NULL;
3051 atapiCmdOK(s);
3052 return false;
3053}
3054
3055
3056static bool atapiReadTOCMultiSS(ATADevState *s)
3057{
3058 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
3059 bool fMSF;
3060
3061 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
3062 Assert(s->cbElementaryTransfer <= 12);
3063 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3064 /* multi session: only a single session defined */
3065/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
3066 memset(pbBuf, 0, 12);
3067 pbBuf[1] = 0x0a;
3068 pbBuf[2] = 0x01;
3069 pbBuf[3] = 0x01;
3070 pbBuf[5] = 0x14; /* ADR, control */
3071 pbBuf[6] = 1; /* first track in last complete session */
3072 if (fMSF)
3073 {
3074 pbBuf[8] = 0; /* reserved */
3075 ataLBA2MSF(&pbBuf[9], 0);
3076 }
3077 else
3078 {
3079 /* sector 0 */
3080 ataH2BE_U32(pbBuf + 8, 0);
3081 }
3082 s->iSourceSink = ATAFN_SS_NULL;
3083 atapiCmdOK(s);
3084 return false;
3085}
3086
3087
3088static bool atapiReadTOCRawSS(ATADevState *s)
3089{
3090 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
3091 bool fMSF;
3092 uint32_t cbSize;
3093
3094 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
3095 fMSF = (s->aATAPICmd[1] >> 1) & 1;
3096 iStartTrack = s->aATAPICmd[6];
3097
3098 q = pbBuf + 2;
3099 *q++ = 1; /* first session */
3100 *q++ = 1; /* last session */
3101
3102 *q++ = 1; /* session number */
3103 *q++ = 0x14; /* data track */
3104 *q++ = 0; /* track number */
3105 *q++ = 0xa0; /* first track in program area */
3106 *q++ = 0; /* min */
3107 *q++ = 0; /* sec */
3108 *q++ = 0; /* frame */
3109 *q++ = 0;
3110 *q++ = 1; /* first track */
3111 *q++ = 0x00; /* disk type CD-DA or CD data */
3112 *q++ = 0;
3113
3114 *q++ = 1; /* session number */
3115 *q++ = 0x14; /* data track */
3116 *q++ = 0; /* track number */
3117 *q++ = 0xa1; /* last track in program area */
3118 *q++ = 0; /* min */
3119 *q++ = 0; /* sec */
3120 *q++ = 0; /* frame */
3121 *q++ = 0;
3122 *q++ = 1; /* last track */
3123 *q++ = 0;
3124 *q++ = 0;
3125
3126 *q++ = 1; /* session number */
3127 *q++ = 0x14; /* data track */
3128 *q++ = 0; /* track number */
3129 *q++ = 0xa2; /* lead-out */
3130 *q++ = 0; /* min */
3131 *q++ = 0; /* sec */
3132 *q++ = 0; /* frame */
3133 if (fMSF)
3134 {
3135 *q++ = 0; /* reserved */
3136 ataLBA2MSF(q, s->cTotalSectors);
3137 q += 3;
3138 }
3139 else
3140 {
3141 ataH2BE_U32(q, s->cTotalSectors);
3142 q += 4;
3143 }
3144
3145 *q++ = 1; /* session number */
3146 *q++ = 0x14; /* ADR, control */
3147 *q++ = 0; /* track number */
3148 *q++ = 1; /* point */
3149 *q++ = 0; /* min */
3150 *q++ = 0; /* sec */
3151 *q++ = 0; /* frame */
3152 if (fMSF)
3153 {
3154 *q++ = 0; /* reserved */
3155 ataLBA2MSF(q, 0);
3156 q += 3;
3157 }
3158 else
3159 {
3160 /* sector 0 */
3161 ataH2BE_U32(q, 0);
3162 q += 4;
3163 }
3164
3165 cbSize = q - pbBuf;
3166 ataH2BE_U16(pbBuf, cbSize - 2);
3167 if (cbSize < s->cbTotalTransfer)
3168 s->cbTotalTransfer = cbSize;
3169 s->iSourceSink = ATAFN_SS_NULL;
3170 atapiCmdOK(s);
3171 return false;
3172}
3173
3174
3175static void atapiParseCmdVirtualATAPI(ATADevState *s)
3176{
3177 const uint8_t *pbPacket;
3178 uint8_t *pbBuf;
3179 uint32_t cbMax;
3180
3181 pbPacket = s->aATAPICmd;
3182 pbBuf = s->CTX_SUFF(pbIOBuffer);
3183 switch (pbPacket[0])
3184 {
3185 case SCSI_TEST_UNIT_READY:
3186 if (s->cNotifiedMediaChange > 0)
3187 {
3188 if (s->cNotifiedMediaChange-- > 2)
3189 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3190 else
3191 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3192 }
3193 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3194 atapiCmdOK(s);
3195 else
3196 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3197 break;
3198 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3199 cbMax = ataBE2H_U16(pbPacket + 7);
3200 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3201 break;
3202 case SCSI_MODE_SENSE_10:
3203 {
3204 uint8_t uPageControl, uPageCode;
3205 cbMax = ataBE2H_U16(pbPacket + 7);
3206 uPageControl = pbPacket[2] >> 6;
3207 uPageCode = pbPacket[2] & 0x3f;
3208 switch (uPageControl)
3209 {
3210 case SCSI_PAGECONTROL_CURRENT:
3211 switch (uPageCode)
3212 {
3213 case SCSI_MODEPAGE_ERROR_RECOVERY:
3214 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
3215 break;
3216 case SCSI_MODEPAGE_CD_STATUS:
3217 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
3218 break;
3219 default:
3220 goto error_cmd;
3221 }
3222 break;
3223 case SCSI_PAGECONTROL_CHANGEABLE:
3224 goto error_cmd;
3225 case SCSI_PAGECONTROL_DEFAULT:
3226 goto error_cmd;
3227 default:
3228 case SCSI_PAGECONTROL_SAVED:
3229 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
3230 break;
3231 }
3232 }
3233 break;
3234 case SCSI_REQUEST_SENSE:
3235 cbMax = pbPacket[4];
3236 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3237 break;
3238 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3239 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3240 {
3241 if (pbPacket[4] & 1)
3242 s->pDrvMount->pfnLock(s->pDrvMount);
3243 else
3244 s->pDrvMount->pfnUnlock(s->pDrvMount);
3245 atapiCmdOK(s);
3246 }
3247 else
3248 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3249 break;
3250 case SCSI_READ_10:
3251 case SCSI_READ_12:
3252 {
3253 uint32_t cSectors, iATAPILBA;
3254
3255 if (s->cNotifiedMediaChange > 0)
3256 {
3257 s->cNotifiedMediaChange-- ;
3258 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3259 break;
3260 }
3261 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3262 {
3263 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3264 break;
3265 }
3266 if (pbPacket[0] == SCSI_READ_10)
3267 cSectors = ataBE2H_U16(pbPacket + 7);
3268 else
3269 cSectors = ataBE2H_U32(pbPacket + 6);
3270 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3271 if (cSectors == 0)
3272 {
3273 atapiCmdOK(s);
3274 break;
3275 }
3276 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3277 {
3278 /* Rate limited logging, one log line per second. For
3279 * guests that insist on reading from places outside the
3280 * valid area this often generates too many release log
3281 * entries otherwise. */
3282 static uint64_t uLastLogTS = 0;
3283 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3284 {
3285 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3286 uLastLogTS = RTTimeMilliTS();
3287 }
3288 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3289 break;
3290 }
3291 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3292 }
3293 break;
3294 case SCSI_READ_CD:
3295 {
3296 uint32_t cSectors, iATAPILBA;
3297
3298 if (s->cNotifiedMediaChange > 0)
3299 {
3300 s->cNotifiedMediaChange-- ;
3301 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3302 break;
3303 }
3304 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3305 {
3306 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3307 break;
3308 }
3309 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3310 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3311 if (cSectors == 0)
3312 {
3313 atapiCmdOK(s);
3314 break;
3315 }
3316 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3317 {
3318 /* Rate limited logging, one log line per second. For
3319 * guests that insist on reading from places outside the
3320 * valid area this often generates too many release log
3321 * entries otherwise. */
3322 static uint64_t uLastLogTS = 0;
3323 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3324 {
3325 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3326 uLastLogTS = RTTimeMilliTS();
3327 }
3328 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3329 break;
3330 }
3331 switch (pbPacket[9] & 0xf8)
3332 {
3333 case 0x00:
3334 /* nothing */
3335 atapiCmdOK(s);
3336 break;
3337 case 0x10:
3338 /* normal read */
3339 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3340 break;
3341 case 0xf8:
3342 /* read all data */
3343 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
3344 break;
3345 default:
3346 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3347 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3348 break;
3349 }
3350 }
3351 break;
3352 case SCSI_SEEK_10:
3353 {
3354 uint32_t iATAPILBA;
3355 if (s->cNotifiedMediaChange > 0)
3356 {
3357 s->cNotifiedMediaChange-- ;
3358 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3359 break;
3360 }
3361 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3362 {
3363 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3364 break;
3365 }
3366 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3367 if (iATAPILBA > s->cTotalSectors)
3368 {
3369 /* Rate limited logging, one log line per second. For
3370 * guests that insist on seeking to places outside the
3371 * valid area this often generates too many release log
3372 * entries otherwise. */
3373 static uint64_t uLastLogTS = 0;
3374 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3375 {
3376 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3377 uLastLogTS = RTTimeMilliTS();
3378 }
3379 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3380 break;
3381 }
3382 atapiCmdOK(s);
3383 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3384 }
3385 break;
3386 case SCSI_START_STOP_UNIT:
3387 {
3388 int rc = VINF_SUCCESS;
3389 switch (pbPacket[4] & 3)
3390 {
3391 case 0: /* 00 - Stop motor */
3392 case 1: /* 01 - Start motor */
3393 break;
3394 case 2: /* 10 - Eject media */
3395 {
3396 /* This must be done from EMT. */
3397 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3398 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3399 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
3400
3401 PDMCritSectLeave(&pCtl->lock);
3402 rc = VMR3ReqPriorityCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3403 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3404 s->pDrvMount, false /*=fForce*/, true /*=fEject*/);
3405 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED) || (rc = VERR_PDM_MEDIA_NOT_MOUNTED));
3406 if (RT_SUCCESS(rc) && pThis->pMediaNotify)
3407 {
3408 rc = VMR3ReqCallNoWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3409 (PFNRT)pThis->pMediaNotify->pfnEjected, 2,
3410 pThis->pMediaNotify, s->iLUN);
3411 AssertRC(rc);
3412 }
3413 {
3414 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3415 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3416 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3417 }
3418 break;
3419 }
3420 case 3: /* 11 - Load media */
3421 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3422 break;
3423 }
3424 if (RT_SUCCESS(rc))
3425 atapiCmdOK(s);
3426 else
3427 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3428 }
3429 break;
3430 case SCSI_MECHANISM_STATUS:
3431 {
3432 cbMax = ataBE2H_U16(pbPacket + 8);
3433 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3434 }
3435 break;
3436 case SCSI_READ_TOC_PMA_ATIP:
3437 {
3438 uint8_t format;
3439
3440 if (s->cNotifiedMediaChange > 0)
3441 {
3442 s->cNotifiedMediaChange-- ;
3443 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3444 break;
3445 }
3446 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3447 {
3448 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3449 break;
3450 }
3451 cbMax = ataBE2H_U16(pbPacket + 7);
3452 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3453 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3454 * the other field is clear... */
3455 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3456 switch (format)
3457 {
3458 case 0:
3459 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3460 break;
3461 case 1:
3462 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3463 break;
3464 case 2:
3465 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3466 break;
3467 default:
3468 error_cmd:
3469 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3470 break;
3471 }
3472 }
3473 break;
3474 case SCSI_READ_CAPACITY:
3475 if (s->cNotifiedMediaChange > 0)
3476 {
3477 s->cNotifiedMediaChange-- ;
3478 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3479 break;
3480 }
3481 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3482 {
3483 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3484 break;
3485 }
3486 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3487 break;
3488 case SCSI_READ_DISC_INFORMATION:
3489 if (s->cNotifiedMediaChange > 0)
3490 {
3491 s->cNotifiedMediaChange-- ;
3492 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3493 break;
3494 }
3495 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3496 {
3497 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3498 break;
3499 }
3500 cbMax = ataBE2H_U16(pbPacket + 7);
3501 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3502 break;
3503 case SCSI_READ_TRACK_INFORMATION:
3504 if (s->cNotifiedMediaChange > 0)
3505 {
3506 s->cNotifiedMediaChange-- ;
3507 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3508 break;
3509 }
3510 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3511 {
3512 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3513 break;
3514 }
3515 cbMax = ataBE2H_U16(pbPacket + 7);
3516 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3517 break;
3518 case SCSI_GET_CONFIGURATION:
3519 /* No media change stuff here, it can confuse Linux guests. */
3520 cbMax = ataBE2H_U16(pbPacket + 7);
3521 ataStartTransfer(s, RT_MIN(cbMax, 80), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3522 break;
3523 case SCSI_INQUIRY:
3524 cbMax = ataBE2H_U16(pbPacket + 3);
3525 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3526 break;
3527 case SCSI_READ_DVD_STRUCTURE:
3528 {
3529 cbMax = ataBE2H_U16(pbPacket + 8);
3530 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3531 break;
3532 }
3533 default:
3534 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3535 break;
3536 }
3537}
3538
3539
3540/*
3541 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3542 */
3543static void atapiParseCmdPassthrough(ATADevState *s)
3544{
3545 const uint8_t *pbPacket;
3546 uint8_t *pbBuf;
3547 uint32_t cSectors, iATAPILBA;
3548 uint32_t cbTransfer = 0;
3549 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3550
3551 pbPacket = s->aATAPICmd;
3552 pbBuf = s->CTX_SUFF(pbIOBuffer);
3553 switch (pbPacket[0])
3554 {
3555 case SCSI_BLANK:
3556 goto sendcmd;
3557 case SCSI_CLOSE_TRACK_SESSION:
3558 goto sendcmd;
3559 case SCSI_ERASE_10:
3560 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3561 cbTransfer = ataBE2H_U16(pbPacket + 7);
3562 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3563 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3564 goto sendcmd;
3565 case SCSI_FORMAT_UNIT:
3566 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3567 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3568 goto sendcmd;
3569 case SCSI_GET_CONFIGURATION:
3570 cbTransfer = ataBE2H_U16(pbPacket + 7);
3571 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3572 goto sendcmd;
3573 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3574 cbTransfer = ataBE2H_U16(pbPacket + 7);
3575 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3576 {
3577 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3578 break;
3579 }
3580 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3581 goto sendcmd;
3582 case SCSI_GET_PERFORMANCE:
3583 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3584 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3585 goto sendcmd;
3586 case SCSI_INQUIRY:
3587 cbTransfer = ataBE2H_U16(pbPacket + 3);
3588 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3589 goto sendcmd;
3590 case SCSI_LOAD_UNLOAD_MEDIUM:
3591 goto sendcmd;
3592 case SCSI_MECHANISM_STATUS:
3593 cbTransfer = ataBE2H_U16(pbPacket + 8);
3594 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3595 goto sendcmd;
3596 case SCSI_MODE_SELECT_10:
3597 cbTransfer = ataBE2H_U16(pbPacket + 7);
3598 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3599 goto sendcmd;
3600 case SCSI_MODE_SENSE_10:
3601 cbTransfer = ataBE2H_U16(pbPacket + 7);
3602 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3603 goto sendcmd;
3604 case SCSI_PAUSE_RESUME:
3605 goto sendcmd;
3606 case SCSI_PLAY_AUDIO_10:
3607 goto sendcmd;
3608 case SCSI_PLAY_AUDIO_12:
3609 goto sendcmd;
3610 case SCSI_PLAY_AUDIO_MSF:
3611 goto sendcmd;
3612 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3613 /** @todo do not forget to unlock when a VM is shut down */
3614 goto sendcmd;
3615 case SCSI_READ_10:
3616 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3617 cSectors = ataBE2H_U16(pbPacket + 7);
3618 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3619 s->cbATAPISector = 2048;
3620 cbTransfer = cSectors * s->cbATAPISector;
3621 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3622 goto sendcmd;
3623 case SCSI_READ_12:
3624 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3625 cSectors = ataBE2H_U32(pbPacket + 6);
3626 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3627 s->cbATAPISector = 2048;
3628 cbTransfer = cSectors * s->cbATAPISector;
3629 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3630 goto sendcmd;
3631 case SCSI_READ_BUFFER:
3632 cbTransfer = ataBE2H_U24(pbPacket + 6);
3633 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3634 goto sendcmd;
3635 case SCSI_READ_BUFFER_CAPACITY:
3636 cbTransfer = ataBE2H_U16(pbPacket + 7);
3637 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3638 goto sendcmd;
3639 case SCSI_READ_CAPACITY:
3640 cbTransfer = 8;
3641 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3642 goto sendcmd;
3643 case SCSI_READ_CD:
3644 case SCSI_READ_CD_MSF:
3645 {
3646 /* Get sector size based on the expected sector type field. */
3647 switch ((pbPacket[1] >> 2) & 0x7)
3648 {
3649 case 0x0: /* All types. */
3650 if (ASMAtomicReadU32(&s->MediaTrackType) == ATA_MEDIA_TYPE_CDDA)
3651 s->cbATAPISector = 2352;
3652 else
3653 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3654 break;
3655 case 0x1: /* CD-DA */
3656 s->cbATAPISector = 2352;
3657 break;
3658 case 0x2: /* Mode 1 */
3659 s->cbATAPISector = 2048;
3660 break;
3661 case 0x3: /* Mode 2 formless */
3662 s->cbATAPISector = 2336;
3663 break;
3664 case 0x4: /* Mode 2 form 1 */
3665 s->cbATAPISector = 2048;
3666 break;
3667 case 0x5: /* Mode 2 form 2 */
3668 s->cbATAPISector = 2324;
3669 break;
3670 default: /* Reserved */
3671 AssertMsgFailed(("Unknown sector type\n"));
3672 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3673 }
3674
3675 if (pbPacket[0] == SCSI_READ_CD)
3676 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3677 else /* SCSI_READ_MSF */
3678 {
3679 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3680 if (cSectors > 32)
3681 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3682 cbTransfer = cSectors * s->cbATAPISector;
3683 }
3684 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3685 goto sendcmd;
3686 }
3687 case SCSI_READ_DISC_INFORMATION:
3688 cbTransfer = ataBE2H_U16(pbPacket + 7);
3689 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3690 goto sendcmd;
3691 case SCSI_READ_DVD_STRUCTURE:
3692 cbTransfer = ataBE2H_U16(pbPacket + 8);
3693 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3694 goto sendcmd;
3695 case SCSI_READ_FORMAT_CAPACITIES:
3696 cbTransfer = ataBE2H_U16(pbPacket + 7);
3697 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3698 goto sendcmd;
3699 case SCSI_READ_SUBCHANNEL:
3700 cbTransfer = ataBE2H_U16(pbPacket + 7);
3701 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3702 goto sendcmd;
3703 case SCSI_READ_TOC_PMA_ATIP:
3704 cbTransfer = ataBE2H_U16(pbPacket + 7);
3705 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3706 goto sendcmd;
3707 case SCSI_READ_TRACK_INFORMATION:
3708 cbTransfer = ataBE2H_U16(pbPacket + 7);
3709 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3710 goto sendcmd;
3711 case SCSI_REPAIR_TRACK:
3712 goto sendcmd;
3713 case SCSI_REPORT_KEY:
3714 cbTransfer = ataBE2H_U16(pbPacket + 8);
3715 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3716 goto sendcmd;
3717 case SCSI_REQUEST_SENSE:
3718 cbTransfer = pbPacket[4];
3719 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3720 {
3721 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3722 break;
3723 }
3724 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3725 goto sendcmd;
3726 case SCSI_RESERVE_TRACK:
3727 goto sendcmd;
3728 case SCSI_SCAN:
3729 goto sendcmd;
3730 case SCSI_SEEK_10:
3731 goto sendcmd;
3732 case SCSI_SEND_CUE_SHEET:
3733 cbTransfer = ataBE2H_U24(pbPacket + 6);
3734 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3735 goto sendcmd;
3736 case SCSI_SEND_DVD_STRUCTURE:
3737 cbTransfer = ataBE2H_U16(pbPacket + 8);
3738 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3739 goto sendcmd;
3740 case SCSI_SEND_EVENT:
3741 cbTransfer = ataBE2H_U16(pbPacket + 8);
3742 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3743 goto sendcmd;
3744 case SCSI_SEND_KEY:
3745 cbTransfer = ataBE2H_U16(pbPacket + 8);
3746 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3747 goto sendcmd;
3748 case SCSI_SEND_OPC_INFORMATION:
3749 cbTransfer = ataBE2H_U16(pbPacket + 7);
3750 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3751 goto sendcmd;
3752 case SCSI_SET_CD_SPEED:
3753 goto sendcmd;
3754 case SCSI_SET_READ_AHEAD:
3755 goto sendcmd;
3756 case SCSI_SET_STREAMING:
3757 cbTransfer = ataBE2H_U16(pbPacket + 9);
3758 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3759 goto sendcmd;
3760 case SCSI_START_STOP_UNIT:
3761 goto sendcmd;
3762 case SCSI_STOP_PLAY_SCAN:
3763 goto sendcmd;
3764 case SCSI_SYNCHRONIZE_CACHE:
3765 goto sendcmd;
3766 case SCSI_TEST_UNIT_READY:
3767 goto sendcmd;
3768 case SCSI_VERIFY_10:
3769 goto sendcmd;
3770 case SCSI_WRITE_10:
3771 case SCSI_WRITE_AND_VERIFY_10:
3772 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3773 cSectors = ataBE2H_U16(pbPacket + 7);
3774 s->cbATAPISector = atapiGetSectorSizeFromLba(s, iATAPILBA);
3775 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3776 cbTransfer = cSectors * s->cbATAPISector;
3777 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3778 goto sendcmd;
3779 case SCSI_WRITE_12:
3780 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3781 cSectors = ataBE2H_U32(pbPacket + 6);
3782 s->cbATAPISector = atapiGetSectorSizeFromLba(s, iATAPILBA);
3783 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3784 cbTransfer = cSectors * s->cbATAPISector;
3785 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3786 goto sendcmd;
3787 case SCSI_WRITE_BUFFER:
3788 switch (pbPacket[1] & 0x1f)
3789 {
3790 case 0x04: /* download microcode */
3791 case 0x05: /* download microcode and save */
3792 case 0x06: /* download microcode with offsets */
3793 case 0x07: /* download microcode with offsets and save */
3794 case 0x0e: /* download microcode with offsets and defer activation */
3795 case 0x0f: /* activate deferred microcode */
3796 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3797 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3798 break;
3799 default:
3800 cbTransfer = ataBE2H_U16(pbPacket + 6);
3801 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3802 goto sendcmd;
3803 }
3804 break;
3805 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3806 cbTransfer = ataBE2H_U32(pbPacket + 6);
3807 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3808 goto sendcmd;
3809 case SCSI_REZERO_UNIT:
3810 /* Obsolete command used by cdrecord. What else would one expect?
3811 * This command is not sent to the drive, it is handled internally,
3812 * as the Linux kernel doesn't like it (message "scsi: unknown
3813 * opcode 0x01" in syslog) and replies with a sense code of 0,
3814 * which sends cdrecord to an endless loop. */
3815 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3816 break;
3817 default:
3818 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3819 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3820 break;
3821 sendcmd:
3822 /*
3823 * Send a command to the drive, passing data in/out as required.
3824 * Commands which exceed the I/O buffer size are splitted below
3825 * or aborted if splitting is not implemented.
3826 */
3827 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3828 if (cbTransfer == 0)
3829 uTxDir = PDMBLOCKTXDIR_NONE;
3830 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3831 }
3832}
3833
3834
3835static void atapiParseCmd(ATADevState *s)
3836{
3837 const uint8_t *pbPacket;
3838
3839 pbPacket = s->aATAPICmd;
3840#ifdef DEBUG
3841 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3842#else /* !DEBUG */
3843 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3844#endif /* !DEBUG */
3845 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3846
3847 if (s->fATAPIPassthrough)
3848 atapiParseCmdPassthrough(s);
3849 else
3850 atapiParseCmdVirtualATAPI(s);
3851}
3852
3853
3854static bool ataPacketSS(ATADevState *s)
3855{
3856 s->fDMA = !!(s->uATARegFeature & 1);
3857 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3858 s->uTxDir = PDMBLOCKTXDIR_NONE;
3859 s->cbTotalTransfer = 0;
3860 s->cbElementaryTransfer = 0;
3861 atapiParseCmd(s);
3862 return false;
3863}
3864
3865
3866/**
3867 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3868 * from now on, regardless if there was a medium inserted or not.
3869 */
3870static void ataMediumRemoved(ATADevState *s)
3871{
3872 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3873}
3874
3875
3876/**
3877 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3878 * there was already a medium inserted, don't forget to send the "medium
3879 * removed" event first.
3880 */
3881static void ataMediumInserted(ATADevState *s)
3882{
3883 uint32_t OldStatus, NewStatus;
3884 do
3885 {
3886 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3887 switch (OldStatus)
3888 {
3889 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3890 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3891 /* no change, we will send "medium removed" + "medium inserted" */
3892 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3893 break;
3894 default:
3895 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3896 break;
3897 }
3898 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3899}
3900
3901/**
3902 * Called when a media is mounted.
3903 *
3904 * @param pInterface Pointer to the interface structure containing the called function pointer.
3905 */
3906static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3907{
3908 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3909 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3910
3911 /* Ignore the call if we're called while being attached. */
3912 if (!pIf->pDrvBlock)
3913 return;
3914
3915 if (pIf->fATAPI)
3916 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3917 else
3918 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3919
3920 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3921
3922 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3923 if (pIf->cNotifiedMediaChange < 2)
3924 pIf->cNotifiedMediaChange = 1;
3925 ataMediumInserted(pIf);
3926 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3927}
3928
3929/**
3930 * Called when a media is unmounted
3931 * @param pInterface Pointer to the interface structure containing the called function pointer.
3932 */
3933static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3934{
3935 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3936 Log(("%s:\n", __FUNCTION__));
3937 pIf->cTotalSectors = 0;
3938
3939 /*
3940 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3941 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3942 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3943 * present and 2 in which it is changed.
3944 */
3945 pIf->cNotifiedMediaChange = 1;
3946 ataMediumRemoved(pIf);
3947 ataMediumTypeSet(pIf, ATA_MEDIA_NO_DISC);
3948}
3949
3950static void ataPacketBT(ATADevState *s)
3951{
3952 s->cbElementaryTransfer = s->cbTotalTransfer;
3953 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3954 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3955 ataSetStatusValue(s, ATA_STAT_READY);
3956}
3957
3958
3959static void ataResetDevice(ATADevState *s)
3960{
3961 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3962 s->cNotifiedMediaChange = 0;
3963 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3964 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3965 ataUnsetIRQ(s);
3966
3967 s->uATARegSelect = 0x20;
3968 ataSetStatusValue(s, ATA_STAT_READY);
3969 ataSetSignature(s);
3970 s->cbTotalTransfer = 0;
3971 s->cbElementaryTransfer = 0;
3972 s->iIOBufferPIODataStart = 0;
3973 s->iIOBufferPIODataEnd = 0;
3974 s->iBeginTransfer = ATAFN_BT_NULL;
3975 s->iSourceSink = ATAFN_SS_NULL;
3976 s->fDMA = false;
3977 s->fATAPITransfer = false;
3978 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3979
3980 s->uATARegFeature = 0;
3981}
3982
3983
3984static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3985{
3986 ataSetSignature(s);
3987 if (s->fATAPI)
3988 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3989 else
3990 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_SEEK);
3991 s->uATARegError = 0x01;
3992 return false;
3993}
3994
3995
3996static int ataTrimSectors(ATADevState *s, uint64_t u64Sector, uint32_t cSectors,
3997 bool *pfRedo)
3998{
3999 RTRANGE TrimRange;
4000 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
4001 int rc;
4002
4003 PDMCritSectLeave(&pCtl->lock);
4004
4005 TrimRange.offStart = u64Sector * 512;
4006 TrimRange.cbRange = cSectors * 512;
4007
4008 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
4009 rc = s->pDrvBlock->pfnDiscard(s->pDrvBlock, &TrimRange, 1);
4010 s->Led.Actual.s.fWriting = 0;
4011
4012 if (RT_SUCCESS(rc))
4013 *pfRedo = false;
4014 else
4015 *pfRedo = ataIsRedoSetWarning(s, rc);
4016
4017 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4018 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4019 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4020 return rc;
4021}
4022
4023
4024static bool ataTrimSS(ATADevState *s)
4025{
4026 int rc = VERR_GENERAL_FAILURE;
4027 uint32_t cRangesMax;
4028 uint64_t *pu64Range = (uint64_t *)s->CTX_SUFF(pbIOBuffer);
4029 bool fRedo = false;
4030
4031 cRangesMax = s->cbElementaryTransfer / sizeof(uint64_t);
4032 Assert(cRangesMax);
4033
4034 while (cRangesMax-- > 0)
4035 {
4036 if (ATA_RANGE_LENGTH_GET(*pu64Range) == 0)
4037 break;
4038
4039 rc = ataTrimSectors(s, *pu64Range & ATA_RANGE_LBA_MASK,
4040 ATA_RANGE_LENGTH_GET(*pu64Range), &fRedo);
4041 if (RT_FAILURE(rc))
4042 break;
4043
4044 pu64Range++;
4045 }
4046
4047 if (RT_SUCCESS(rc))
4048 {
4049 s->iSourceSink = ATAFN_SS_NULL;
4050 ataCmdOK(s, ATA_STAT_SEEK);
4051 }
4052 else
4053 {
4054 if (fRedo)
4055 return fRedo;
4056 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
4057 LogRel(("PIIX3 ATA: LUN#%d: disk trim error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
4058 s->iLUN, rc, *pu64Range & ATA_RANGE_LBA_MASK, ATA_RANGE_LENGTH_GET(*pu64Range)));
4059
4060 /*
4061 * Check if we got interrupted. We don't need to set status variables
4062 * because the request was aborted.
4063 */
4064 if (rc != VERR_INTERRUPTED)
4065 ataCmdError(s, ID_ERR);
4066 }
4067
4068 return false;
4069}
4070
4071
4072static void ataParseCmd(ATADevState *s, uint8_t cmd)
4073{
4074#ifdef DEBUG
4075 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
4076#else /* !DEBUG */
4077 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
4078#endif /* !DEBUG */
4079 s->fLBA48 = false;
4080 s->fDMA = false;
4081 if (cmd == ATA_IDLE_IMMEDIATE)
4082 {
4083 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
4084 * would overwrite the failing command unfortunately), then RESET. */
4085 int32_t uCmdWait = -1;
4086 uint64_t uNow = RTTimeNanoTS();
4087 if (s->u64CmdTS)
4088 uCmdWait = (uNow - s->u64CmdTS) / 1000;
4089 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
4090 s->iLUN, s->uATARegCommand, uCmdWait));
4091 }
4092 s->uATARegCommand = cmd;
4093 switch (cmd)
4094 {
4095 case ATA_IDENTIFY_DEVICE:
4096 if (s->pDrvBlock && !s->fATAPI)
4097 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
4098 else
4099 {
4100 if (s->fATAPI)
4101 ataSetSignature(s);
4102 ataCmdError(s, ABRT_ERR);
4103 ataUnsetStatus(s, ATA_STAT_READY);
4104 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4105 }
4106 break;
4107 case ATA_RECALIBRATE:
4108 if (s->fATAPI)
4109 goto abort_cmd;
4110 /* fall through */
4111 case ATA_INITIALIZE_DEVICE_PARAMETERS:
4112 ataCmdOK(s, ATA_STAT_SEEK);
4113 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4114 break;
4115 case ATA_SET_MULTIPLE_MODE:
4116 if ( s->uATARegNSector != 0
4117 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
4118 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
4119 {
4120 ataCmdError(s, ABRT_ERR);
4121 }
4122 else
4123 {
4124 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
4125 s->cMultSectors = s->uATARegNSector;
4126 ataCmdOK(s, 0);
4127 }
4128 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4129 break;
4130 case ATA_READ_VERIFY_SECTORS_EXT:
4131 s->fLBA48 = true;
4132 case ATA_READ_VERIFY_SECTORS:
4133 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
4134 /* do sector number check ? */
4135 ataCmdOK(s, ATA_STAT_SEEK);
4136 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4137 break;
4138 case ATA_READ_SECTORS_EXT:
4139 s->fLBA48 = true;
4140 case ATA_READ_SECTORS:
4141 case ATA_READ_SECTORS_WITHOUT_RETRIES:
4142 if (!s->pDrvBlock || s->fATAPI)
4143 goto abort_cmd;
4144 s->cSectorsPerIRQ = 1;
4145 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4146 break;
4147 case ATA_WRITE_SECTORS_EXT:
4148 s->fLBA48 = true;
4149 case ATA_WRITE_SECTORS:
4150 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
4151 if (!s->pDrvBlock || s->fATAPI)
4152 goto abort_cmd;
4153 s->cSectorsPerIRQ = 1;
4154 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4155 break;
4156 case ATA_READ_MULTIPLE_EXT:
4157 s->fLBA48 = true;
4158 case ATA_READ_MULTIPLE:
4159 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4160 goto abort_cmd;
4161 s->cSectorsPerIRQ = s->cMultSectors;
4162 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4163 break;
4164 case ATA_WRITE_MULTIPLE_EXT:
4165 s->fLBA48 = true;
4166 case ATA_WRITE_MULTIPLE:
4167 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4168 goto abort_cmd;
4169 s->cSectorsPerIRQ = s->cMultSectors;
4170 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4171 break;
4172 case ATA_READ_DMA_EXT:
4173 s->fLBA48 = true;
4174 case ATA_READ_DMA:
4175 case ATA_READ_DMA_WITHOUT_RETRIES:
4176 if (!s->pDrvBlock || s->fATAPI)
4177 goto abort_cmd;
4178 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4179 s->fDMA = true;
4180 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4181 break;
4182 case ATA_WRITE_DMA_EXT:
4183 s->fLBA48 = true;
4184 case ATA_WRITE_DMA:
4185 case ATA_WRITE_DMA_WITHOUT_RETRIES:
4186 if (!s->pDrvBlock || s->fATAPI)
4187 goto abort_cmd;
4188 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4189 s->fDMA = true;
4190 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4191 break;
4192 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
4193 s->fLBA48 = true;
4194 ataSetSector(s, s->cTotalSectors - 1);
4195 ataCmdOK(s, 0);
4196 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4197 break;
4198 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
4199 ataCmdOK(s, 0);
4200 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4201 break;
4202 case ATA_READ_NATIVE_MAX_ADDRESS:
4203 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
4204 ataCmdOK(s, 0);
4205 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4206 break;
4207 case ATA_CHECK_POWER_MODE:
4208 s->uATARegNSector = 0xff; /* drive active or idle */
4209 ataCmdOK(s, 0);
4210 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4211 break;
4212 case ATA_SET_FEATURES:
4213 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
4214 if (!s->pDrvBlock)
4215 goto abort_cmd;
4216 switch (s->uATARegFeature)
4217 {
4218 case 0x02: /* write cache enable */
4219 Log2(("%s: write cache enable\n", __FUNCTION__));
4220 ataCmdOK(s, ATA_STAT_SEEK);
4221 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4222 break;
4223 case 0xaa: /* read look-ahead enable */
4224 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
4225 ataCmdOK(s, ATA_STAT_SEEK);
4226 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4227 break;
4228 case 0x55: /* read look-ahead disable */
4229 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
4230 ataCmdOK(s, ATA_STAT_SEEK);
4231 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4232 break;
4233 case 0xcc: /* reverting to power-on defaults enable */
4234 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
4235 ataCmdOK(s, ATA_STAT_SEEK);
4236 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4237 break;
4238 case 0x66: /* reverting to power-on defaults disable */
4239 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
4240 ataCmdOK(s, ATA_STAT_SEEK);
4241 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4242 break;
4243 case 0x82: /* write cache disable */
4244 Log2(("%s: write cache disable\n", __FUNCTION__));
4245 /* As per the ATA/ATAPI-6 specs, a write cache disable
4246 * command MUST flush the write buffers to disc. */
4247 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4248 break;
4249 case 0x03: { /* set transfer mode */
4250 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
4251 switch (s->uATARegNSector & 0xf8)
4252 {
4253 case 0x00: /* PIO default */
4254 case 0x08: /* PIO mode */
4255 break;
4256 case ATA_MODE_MDMA: /* MDMA mode */
4257 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
4258 break;
4259 case ATA_MODE_UDMA: /* UDMA mode */
4260 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
4261 break;
4262 default:
4263 goto abort_cmd;
4264 }
4265 ataCmdOK(s, ATA_STAT_SEEK);
4266 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4267 break;
4268 }
4269 default:
4270 goto abort_cmd;
4271 }
4272 /*
4273 * OS/2 workarond:
4274 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
4275 * reset here. According to the specification, this is a driver bug as the register
4276 * contents are undefined after the call. This means we can just as well reset it.
4277 */
4278 s->uATARegFeature = 0;
4279 break;
4280 case ATA_FLUSH_CACHE_EXT:
4281 case ATA_FLUSH_CACHE:
4282 if (!s->pDrvBlock || s->fATAPI)
4283 goto abort_cmd;
4284 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4285 break;
4286 case ATA_STANDBY_IMMEDIATE:
4287 ataCmdOK(s, 0);
4288 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4289 break;
4290 case ATA_IDLE_IMMEDIATE:
4291 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
4292 ataAbortCurrentCommand(s, false);
4293 break;
4294 case ATA_SLEEP:
4295 ataCmdOK(s, 0);
4296 ataSetIRQ(s);
4297 break;
4298 /* ATAPI commands */
4299 case ATA_IDENTIFY_PACKET_DEVICE:
4300 if (s->fATAPI)
4301 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
4302 else
4303 {
4304 ataCmdError(s, ABRT_ERR);
4305 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4306 }
4307 break;
4308 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
4309 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
4310 break;
4311 case ATA_DEVICE_RESET:
4312 if (!s->fATAPI)
4313 goto abort_cmd;
4314 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
4315 ataAbortCurrentCommand(s, true);
4316 break;
4317 case ATA_PACKET:
4318 if (!s->fATAPI)
4319 goto abort_cmd;
4320 /* overlapping commands not supported */
4321 if (s->uATARegFeature & 0x02)
4322 goto abort_cmd;
4323 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
4324 break;
4325 case ATA_DATA_SET_MANAGEMENT:
4326 if (!s->pDrvBlock || !s->pDrvBlock->pfnDiscard)
4327 goto abort_cmd;
4328 if ( !(s->uATARegFeature & UINT8_C(0x01))
4329 || (s->uATARegFeature & ~UINT8_C(0x01)))
4330 goto abort_cmd;
4331 s->fDMA = true;
4332 ataStartTransfer(s, (s->uATARegNSectorHOB << 8 | s->uATARegNSector) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_NULL, ATAFN_SS_TRIM, false);
4333 break;
4334 default:
4335 abort_cmd:
4336 ataCmdError(s, ABRT_ERR);
4337 if (s->fATAPI)
4338 ataUnsetStatus(s, ATA_STAT_READY);
4339 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4340 break;
4341 }
4342}
4343
4344#endif /* IN_RING3 */
4345
4346/*
4347 * Note: There are four distinct cases of port I/O handling depending on
4348 * which devices (if any) are attached to an IDE channel:
4349 *
4350 * 1) No device attached. No response to writes or reads (i.e. reads return
4351 * all bits set).
4352 *
4353 * 2) Both devices attached. Reads and writes are processed normally.
4354 *
4355 * 3) Device 0 only. If device 0 is selected, normal behavior applies. But
4356 * if Device 1 is selected, writes are still directed to Device 0 (except
4357 * commands are not executed), reads from control/command registers are
4358 * directed to Device 0, but status/alt status reads return 0. If Device 1
4359 * is a PACKET device, all reads return 0. See ATAPI-6 clause 9.16.1 and
4360 * Table 18 in clause 7.1.
4361 *
4362 * 4) Device 1 only - non-standard(!). Device 1 can't tell if Device 0 is
4363 * present or not and behaves the same. That means if Device 0 is selected,
4364 * Device 1 responds to writes (except commands are not executed) but does
4365 * not respond to reads. If Device 1 selected, normal behavior applies.
4366 * See ATAPI-6 clause 9.16.2 and Table 15 in clause 7.1.
4367 */
4368
4369static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4370{
4371 Log2(("%s: LUN#%d write addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4372 addr &= 7;
4373 switch (addr)
4374 {
4375 case 0:
4376 break;
4377 case 1: /* feature register */
4378 /* NOTE: data is written to the two drives */
4379 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4380 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4381 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4382 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4383 pCtl->aIfs[0].uATARegFeature = val;
4384 pCtl->aIfs[1].uATARegFeature = val;
4385 break;
4386 case 2: /* sector count */
4387 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4388 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4389 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4390 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4391 pCtl->aIfs[0].uATARegNSector = val;
4392 pCtl->aIfs[1].uATARegNSector = val;
4393 break;
4394 case 3: /* sector number */
4395 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4396 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4397 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4398 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4399 pCtl->aIfs[0].uATARegSector = val;
4400 pCtl->aIfs[1].uATARegSector = val;
4401 break;
4402 case 4: /* cylinder low */
4403 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4404 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4405 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4406 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4407 pCtl->aIfs[0].uATARegLCyl = val;
4408 pCtl->aIfs[1].uATARegLCyl = val;
4409 break;
4410 case 5: /* cylinder high */
4411 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4412 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4413 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4414 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4415 pCtl->aIfs[0].uATARegHCyl = val;
4416 pCtl->aIfs[1].uATARegHCyl = val;
4417 break;
4418 case 6: /* drive/head */
4419 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4420 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4421 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4422 {
4423 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4424
4425 /* select another drive */
4426 pCtl->iSelectedIf = (val >> 4) & 1;
4427 /* The IRQ line is multiplexed between the two drives, so
4428 * update the state when switching to another drive. Only need
4429 * to update interrupt line if it is enabled and there is a
4430 * state change. */
4431 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4432 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4433 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4434 {
4435 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4436 {
4437 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4438 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4439 * the interrupt line is asserted. It monitors the line
4440 * for a rising edge. */
4441 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4442 if (pCtl->irq == 16)
4443 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4444 else
4445 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4446 }
4447 else
4448 {
4449 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4450 if (pCtl->irq == 16)
4451 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4452 else
4453 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4454 }
4455 }
4456 }
4457 break;
4458 default:
4459 case 7: /* command */
4460 /* ignore commands to non-existent device */
4461 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
4462 break;
4463#ifndef IN_RING3
4464 /* Don't do anything complicated in GC */
4465 return VINF_IOM_R3_IOPORT_WRITE;
4466#else /* IN_RING3 */
4467 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4468#endif /* !IN_RING3 */
4469 }
4470 return VINF_SUCCESS;
4471}
4472
4473
4474static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4475{
4476 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4477 uint32_t val;
4478 bool fHOB;
4479
4480 /* Check if the guest is reading from a non-existent device. */
4481 if (!s->pDrvBlock)
4482 {
4483 if (pCtl->iSelectedIf) /* Device 1 selected, Device 0 responding for it. */
4484 {
4485 if (!pCtl->aIfs[0].pDrvBlock) /* @todo: this case should never get here! */
4486 {
4487 Log2(("%s: addr=%#x: no device on channel\n", __FUNCTION__, addr));
4488 return VERR_IOM_IOPORT_UNUSED;
4489 }
4490 if (((addr & 7) != 1) && pCtl->aIfs[0].fATAPI) {
4491 Log2(("%s: addr=%#x, val=0: LUN#%d not attached/LUN#%d ATAPI\n", __FUNCTION__, addr,
4492 s->iLUN, pCtl->aIfs[0].iLUN));
4493 *pu32 = 0;
4494 return VINF_SUCCESS;
4495 }
4496 /* Else handle normally. */
4497 }
4498 else /* Device 0 selected (but not present). */
4499 {
4500 Log2(("%s: addr=%#x: LUN#%d not attached\n", __FUNCTION__, addr, s->iLUN));
4501 return VERR_IOM_IOPORT_UNUSED;
4502 }
4503 }
4504 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4505 switch (addr & 7)
4506 {
4507 case 0: /* data register */
4508 val = 0xff;
4509 break;
4510 case 1: /* error register */
4511 /* The ATA specification is very terse when it comes to specifying
4512 * the precise effects of reading back the error/feature register.
4513 * The error register (read-only) shares the register number with
4514 * the feature register (write-only), so it seems that it's not
4515 * necessary to support the usual HOB readback here. */
4516 if (!s->pDrvBlock)
4517 val = 0;
4518 else
4519 val = s->uATARegError;
4520 break;
4521 case 2: /* sector count */
4522 if (fHOB)
4523 val = s->uATARegNSectorHOB;
4524 else
4525 val = s->uATARegNSector;
4526 break;
4527 case 3: /* sector number */
4528 if (fHOB)
4529 val = s->uATARegSectorHOB;
4530 else
4531 val = s->uATARegSector;
4532 break;
4533 case 4: /* cylinder low */
4534 if (fHOB)
4535 val = s->uATARegLCylHOB;
4536 else
4537 val = s->uATARegLCyl;
4538 break;
4539 case 5: /* cylinder high */
4540 if (fHOB)
4541 val = s->uATARegHCylHOB;
4542 else
4543 val = s->uATARegHCyl;
4544 break;
4545 case 6: /* drive/head */
4546 /* This register must always work as long as there is at least
4547 * one drive attached to the controller. It is common between
4548 * both drives anyway (completely identical content). */
4549 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4550 val = 0;
4551 else
4552 val = s->uATARegSelect;
4553 break;
4554 default:
4555 case 7: /* primary status */
4556 {
4557 /* Counter for number of busy status seen in GC in a row. */
4558 static unsigned cBusy = 0;
4559
4560 if (!s->pDrvBlock)
4561 val = 0;
4562 else
4563 val = s->uATARegStatus;
4564
4565 /* Give the async I/O thread an opportunity to make progress,
4566 * don't let it starve by guests polling frequently. EMT has a
4567 * lower priority than the async I/O thread, but sometimes the
4568 * host OS doesn't care. With some guests we are only allowed to
4569 * be busy for about 5 milliseconds in some situations. Note that
4570 * this is no guarantee for any other VBox thread getting
4571 * scheduled, so this just lowers the CPU load a bit when drives
4572 * are busy. It cannot help with timing problems. */
4573 if (val & ATA_STAT_BUSY)
4574 {
4575#ifdef IN_RING3
4576 cBusy = 0;
4577 PDMCritSectLeave(&pCtl->lock);
4578
4579#ifndef RT_OS_WINDOWS
4580 /*
4581 * The thread might be stuck in an I/O operation
4582 * due to a high I/O load on the host. (see @bugref{3301})
4583 * To perform the reset successfully
4584 * we interrupt the operation by sending a signal to the thread
4585 * if the thread didn't responded in 10ms.
4586 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4587 * does the same but it was introduced with Vista) but so far
4588 * this hang was only observed on Linux and Mac OS X.
4589 *
4590 * This is a workaround and needs to be solved properly.
4591 */
4592 if (pCtl->fReset)
4593 {
4594 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4595
4596 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4597 {
4598 LogRel(("PIIX3 ATA LUN#%d: Async I/O thread probably stuck in operation, interrupting\n", s->iLUN));
4599 pCtl->u64ResetTime = u64ResetTimeStop;
4600 RTThreadPoke(pCtl->AsyncIOThread);
4601 }
4602 }
4603#endif
4604
4605 RTThreadYield();
4606
4607 {
4608 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4609 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4610 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4611 }
4612
4613 val = s->uATARegStatus;
4614#else /* !IN_RING3 */
4615 /* Cannot yield CPU in guest context. And switching to host
4616 * context for each and every busy status is too costly,
4617 * especially on SMP systems where we don't gain much by
4618 * yielding the CPU to someone else. */
4619 if (++cBusy >= 20)
4620 {
4621 cBusy = 0;
4622 return VINF_IOM_R3_IOPORT_READ;
4623 }
4624#endif /* !IN_RING3 */
4625 }
4626 else
4627 cBusy = 0;
4628 ataUnsetIRQ(s);
4629 break;
4630 }
4631 }
4632 Log2(("%s: LUN#%d addr=%#x val=%#04x\n", __FUNCTION__, s->iLUN, addr, val));
4633 *pu32 = val;
4634 return VINF_SUCCESS;
4635}
4636
4637
4638static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4639{
4640 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4641 uint32_t val;
4642
4643 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4644 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4645 val = 0;
4646 else
4647 val = s->uATARegStatus;
4648 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4649 return val;
4650}
4651
4652static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4653{
4654#ifndef IN_RING3
4655 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4656 return VINF_IOM_R3_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4657#endif /* !IN_RING3 */
4658
4659 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4660 /* RESET is common for both drives attached to a controller. */
4661 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4662 (val & ATA_DEVCTL_RESET))
4663 {
4664#ifdef IN_RING3
4665 /* Software RESET low to high */
4666 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4667 uint64_t uNow = RTTimeNanoTS();
4668 if (pCtl->aIfs[0].u64CmdTS)
4669 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4670 if (pCtl->aIfs[1].u64CmdTS)
4671 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4672 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4673 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4674 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4675 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4676 pCtl->fReset = true;
4677 /* Everything must be done after the reset flag is set, otherwise
4678 * there are unavoidable races with the currently executing request
4679 * (which might just finish in the mean time). */
4680 pCtl->fChainedTransfer = false;
4681 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4682 {
4683 ataResetDevice(&pCtl->aIfs[i]);
4684 /* The following cannot be done using ataSetStatusValue() since the
4685 * reset flag is already set, which suppresses all status changes. */
4686 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4687 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4688 pCtl->aIfs[i].uATARegError = 0x01;
4689 }
4690 ataAsyncIOClearRequests(pCtl);
4691 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4692 if (val & ATA_DEVCTL_HOB)
4693 {
4694 val &= ~ATA_DEVCTL_HOB;
4695 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4696 }
4697
4698 /* Save the timestamp we started the reset. */
4699 pCtl->u64ResetTime = RTTimeMilliTS();
4700
4701 /* Issue the reset request now. */
4702 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4703#else /* !IN_RING3 */
4704 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4705#endif /* IN_RING3 */
4706 }
4707 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4708 !(val & ATA_DEVCTL_RESET))
4709 {
4710#ifdef IN_RING3
4711 /* Software RESET high to low */
4712 Log(("%s: deasserting RESET\n", __FUNCTION__));
4713 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4714 if (val & ATA_DEVCTL_HOB)
4715 {
4716 val &= ~ATA_DEVCTL_HOB;
4717 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4718 }
4719 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4720#else /* !IN_RING3 */
4721 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4722#endif /* IN_RING3 */
4723 }
4724
4725 /* Change of interrupt disable flag. Update interrupt line if interrupt
4726 * is pending on the current interface. */
4727 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4728 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4729 {
4730 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4731 {
4732 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4733 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4734 * interrupt line is asserted. It monitors the line for a rising
4735 * edge. */
4736 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4737 if (pCtl->irq == 16)
4738 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4739 else
4740 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4741 }
4742 else
4743 {
4744 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4745 if (pCtl->irq == 16)
4746 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4747 else
4748 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4749 }
4750 }
4751
4752 if (val & ATA_DEVCTL_HOB)
4753 Log2(("%s: set HOB\n", __FUNCTION__));
4754
4755 pCtl->aIfs[0].uATARegDevCtl = val;
4756 pCtl->aIfs[1].uATARegDevCtl = val;
4757
4758 return VINF_SUCCESS;
4759}
4760
4761#ifdef IN_RING3
4762
4763static void ataPIOTransfer(PATACONTROLLER pCtl)
4764{
4765 ATADevState *s;
4766
4767 s = &pCtl->aIfs[pCtl->iAIOIf];
4768 Log3(("%s: if=%p\n", __FUNCTION__, s));
4769
4770 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4771 {
4772 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4773 /* Any guest OS that triggers this case has a pathetic ATA driver.
4774 * In a real system it would block the CPU via IORDY, here we do it
4775 * very similarly by not continuing with the current instruction
4776 * until the transfer to/from the storage medium is completed. */
4777 if (s->iSourceSink != ATAFN_SS_NULL)
4778 {
4779 bool fRedo;
4780 uint8_t status = s->uATARegStatus;
4781 ataSetStatusValue(s, ATA_STAT_BUSY);
4782 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4783 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4784 pCtl->fRedo = fRedo;
4785 if (RT_UNLIKELY(fRedo))
4786 return;
4787 ataSetStatusValue(s, status);
4788 s->iIOBufferCur = 0;
4789 s->iIOBufferEnd = s->cbElementaryTransfer;
4790 }
4791 }
4792 if (s->cbTotalTransfer)
4793 {
4794 if (s->fATAPITransfer)
4795 ataPIOTransferLimitATAPI(s);
4796
4797 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4798 s->cbElementaryTransfer = s->cbTotalTransfer;
4799
4800 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4801 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4802 s->cbTotalTransfer, s->cbElementaryTransfer,
4803 s->iIOBufferCur, s->iIOBufferEnd));
4804 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4805 s->cbTotalTransfer -= s->cbElementaryTransfer;
4806 s->iIOBufferCur += s->cbElementaryTransfer;
4807
4808 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4809 s->cbElementaryTransfer = s->cbTotalTransfer;
4810 }
4811 else
4812 ataPIOTransferStop(s);
4813}
4814
4815
4816DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4817{
4818 /* Do not interfere with RESET processing if the PIO transfer finishes
4819 * while the RESET line is asserted. */
4820 if (pCtl->fReset)
4821 {
4822 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4823 return;
4824 }
4825
4826 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4827 || ( s->iSourceSink != ATAFN_SS_NULL
4828 && s->iIOBufferCur >= s->iIOBufferEnd))
4829 {
4830 /* Need to continue the transfer in the async I/O thread. This is
4831 * the case for write operations or generally for not yet finished
4832 * transfers (some data might need to be read). */
4833 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4834 ataSetStatus(s, ATA_STAT_BUSY);
4835
4836 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4837 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4838 }
4839 else
4840 {
4841 /* Either everything finished (though some data might still be pending)
4842 * or some data is pending before the next read is due. */
4843
4844 /* Continue a previously started transfer. */
4845 ataUnsetStatus(s, ATA_STAT_DRQ);
4846 ataSetStatus(s, ATA_STAT_READY);
4847
4848 if (s->cbTotalTransfer)
4849 {
4850 /* There is more to transfer, happens usually for large ATAPI
4851 * reads - the protocol limits the chunk size to 65534 bytes. */
4852 ataPIOTransfer(pCtl);
4853 ataSetIRQ(s);
4854 }
4855 else
4856 {
4857 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4858 /* Finish PIO transfer. */
4859 ataPIOTransfer(pCtl);
4860 Assert(!pCtl->fRedo);
4861 }
4862 }
4863}
4864
4865#endif /* IN_RING3 */
4866
4867static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4868{
4869 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4870 uint8_t *p;
4871
4872 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4873 {
4874 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4875 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4876#ifndef IN_RING3
4877 /* All but the last transfer unit is simple enough for GC, but
4878 * sending a request to the async IO thread is too complicated. */
4879 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4880 {
4881 memcpy(p, pbBuf, cbSize);
4882 s->iIOBufferPIODataStart += cbSize;
4883 }
4884 else
4885 return VINF_IOM_R3_IOPORT_WRITE;
4886#else /* IN_RING3 */
4887 memcpy(p, pbBuf, cbSize);
4888 s->iIOBufferPIODataStart += cbSize;
4889 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4890 ataPIOTransferFinish(pCtl, s);
4891#endif /* !IN_RING3 */
4892 }
4893 else
4894 Log2(("%s: DUMMY data\n", __FUNCTION__));
4895 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4896 return VINF_SUCCESS;
4897}
4898
4899static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4900{
4901 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4902 uint8_t *p;
4903
4904 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4905 {
4906 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4907 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4908#ifndef IN_RING3
4909 /* All but the last transfer unit is simple enough for GC, but
4910 * sending a request to the async IO thread is too complicated. */
4911 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4912 {
4913 memcpy(pbBuf, p, cbSize);
4914 s->iIOBufferPIODataStart += cbSize;
4915 }
4916 else
4917 return VINF_IOM_R3_IOPORT_READ;
4918#else /* IN_RING3 */
4919 memcpy(pbBuf, p, cbSize);
4920 s->iIOBufferPIODataStart += cbSize;
4921 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4922 ataPIOTransferFinish(pCtl, s);
4923#endif /* !IN_RING3 */
4924 }
4925 else
4926 {
4927 Log2(("%s: DUMMY data\n", __FUNCTION__));
4928 memset(pbBuf, '\xff', cbSize);
4929 }
4930 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4931 return VINF_SUCCESS;
4932}
4933
4934#ifdef IN_RING3
4935
4936static void ataDMATransferStop(ATADevState *s)
4937{
4938 s->cbTotalTransfer = 0;
4939 s->cbElementaryTransfer = 0;
4940 s->iBeginTransfer = ATAFN_BT_NULL;
4941 s->iSourceSink = ATAFN_SS_NULL;
4942}
4943
4944
4945/**
4946 * Perform the entire DMA transfer in one go (unless a source/sink operation
4947 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4948 * this function cannot handle empty transfers.
4949 *
4950 * @param pCtl Controller for which to perform the transfer.
4951 */
4952static void ataDMATransfer(PATACONTROLLER pCtl)
4953{
4954 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4955 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4956 bool fRedo;
4957 RTGCPHYS32 pDesc;
4958 uint32_t cbTotalTransfer, cbElementaryTransfer;
4959 uint32_t iIOBufferCur, iIOBufferEnd;
4960 uint32_t dmalen;
4961 PDMBLOCKTXDIR uTxDir;
4962 bool fLastDesc = false;
4963
4964 Assert(sizeof(BMDMADesc) == 8);
4965
4966 fRedo = pCtl->fRedo;
4967 if (RT_LIKELY(!fRedo))
4968 Assert(s->cbTotalTransfer);
4969 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4970 cbTotalTransfer = s->cbTotalTransfer;
4971 cbElementaryTransfer = s->cbElementaryTransfer;
4972 iIOBufferCur = s->iIOBufferCur;
4973 iIOBufferEnd = s->iIOBufferEnd;
4974
4975 /* The DMA loop is designed to hold the lock only when absolutely
4976 * necessary. This avoids long freezes should the guest access the
4977 * ATA registers etc. for some reason. */
4978 PDMCritSectLeave(&pCtl->lock);
4979
4980 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4981 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4982 cbTotalTransfer, cbElementaryTransfer,
4983 iIOBufferCur, iIOBufferEnd));
4984 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4985 {
4986 BMDMADesc DMADesc;
4987 RTGCPHYS32 pBuffer;
4988 uint32_t cbBuffer;
4989
4990 if (RT_UNLIKELY(fRedo))
4991 {
4992 pBuffer = pCtl->pRedoDMABuffer;
4993 cbBuffer = pCtl->cbRedoDMABuffer;
4994 fLastDesc = pCtl->fRedoDMALastDesc;
4995 }
4996 else
4997 {
4998 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4999 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
5000 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
5001 fLastDesc = !!(cbBuffer & 0x80000000);
5002 cbBuffer &= 0xfffe;
5003 if (cbBuffer == 0)
5004 cbBuffer = 0x10000;
5005 if (cbBuffer > cbTotalTransfer)
5006 cbBuffer = cbTotalTransfer;
5007 }
5008
5009 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
5010 {
5011 if (RT_LIKELY(!fRedo))
5012 {
5013 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
5014 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x orig_size=%#010x\n", __FUNCTION__,
5015 (int)pDesc, pBuffer, cbBuffer, RT_LE2H_U32(DMADesc.cbBuffer) & 0xfffe));
5016
5017 PCIATAState *pATAState = PDMINS_2_DATA(pDevIns, PCIATAState *);
5018 AssertPtr(pATAState);
5019 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
5020 PDMDevHlpPCIDevPhysWrite(&pATAState->dev, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
5021 else
5022 PDMDevHlpPCIDevPhysRead(&pATAState->dev, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
5023
5024 iIOBufferCur += dmalen;
5025 cbTotalTransfer -= dmalen;
5026 cbBuffer -= dmalen;
5027 pBuffer += dmalen;
5028 }
5029 if ( iIOBufferCur == iIOBufferEnd
5030 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
5031 {
5032 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
5033 cbElementaryTransfer = cbTotalTransfer;
5034
5035 {
5036 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5037 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5038 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5039 }
5040
5041 /* The RESET handler could have cleared the DMA transfer
5042 * state (since we didn't hold the lock until just now
5043 * the guest can continue in parallel). If so, the state
5044 * is already set up so the loop is exited immediately. */
5045 if (s->iSourceSink != ATAFN_SS_NULL)
5046 {
5047 s->iIOBufferCur = iIOBufferCur;
5048 s->iIOBufferEnd = iIOBufferEnd;
5049 s->cbElementaryTransfer = cbElementaryTransfer;
5050 s->cbTotalTransfer = cbTotalTransfer;
5051 Log2(("%s: calling source/sink function\n", __FUNCTION__));
5052 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5053 if (RT_UNLIKELY(fRedo))
5054 {
5055 pCtl->pFirstDMADesc = pDesc;
5056 pCtl->pRedoDMABuffer = pBuffer;
5057 pCtl->cbRedoDMABuffer = cbBuffer;
5058 pCtl->fRedoDMALastDesc = fLastDesc;
5059 }
5060 else
5061 {
5062 cbTotalTransfer = s->cbTotalTransfer;
5063 cbElementaryTransfer = s->cbElementaryTransfer;
5064
5065 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
5066 cbElementaryTransfer = cbTotalTransfer;
5067 iIOBufferCur = 0;
5068 iIOBufferEnd = cbElementaryTransfer;
5069 }
5070 pCtl->fRedo = fRedo;
5071 }
5072 else
5073 {
5074 /* This forces the loop to exit immediately. */
5075 pDesc = pCtl->pLastDMADesc + 1;
5076 }
5077
5078 PDMCritSectLeave(&pCtl->lock);
5079 if (RT_UNLIKELY(fRedo))
5080 break;
5081 }
5082 }
5083
5084 if (RT_UNLIKELY(fRedo))
5085 break;
5086
5087 /* end of transfer */
5088 if (!cbTotalTransfer || fLastDesc)
5089 break;
5090
5091 {
5092 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5093 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5094 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5095 }
5096
5097 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
5098 {
5099 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
5100 if (!pCtl->fReset)
5101 ataDMATransferStop(s);
5102 /* This forces the loop to exit immediately. */
5103 pDesc = pCtl->pLastDMADesc + 1;
5104 }
5105
5106 PDMCritSectLeave(&pCtl->lock);
5107 }
5108
5109 {
5110 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5111 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5112 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5113 }
5114
5115 if (RT_UNLIKELY(fRedo))
5116 return;
5117
5118 if (fLastDesc)
5119 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5120 s->cbTotalTransfer = cbTotalTransfer;
5121 s->cbElementaryTransfer = cbElementaryTransfer;
5122 s->iIOBufferCur = iIOBufferCur;
5123 s->iIOBufferEnd = iIOBufferEnd;
5124}
5125
5126/**
5127 * Signal PDM that we're idle (if we actually are).
5128 *
5129 * @param pCtl The controller.
5130 */
5131static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
5132{
5133 /*
5134 * Take the mutex here and recheck the idle indicator to avoid
5135 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
5136 */
5137 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
5138
5139 if ( pCtl->fSignalIdle
5140 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
5141 {
5142 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5143 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
5144 }
5145
5146 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
5147}
5148
5149/** Async I/O thread for an interface. Once upon a time this was readable
5150 * code with several loops and a different semaphore for each purpose. But
5151 * then came the "how can one save the state in the middle of a PIO transfer"
5152 * question. The solution was to use an ASM, which is what's there now. */
5153static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
5154{
5155 const ATARequest *pReq;
5156 uint64_t u64TS = 0; /* shut up gcc */
5157 uint64_t uWait;
5158 int rc = VINF_SUCCESS;
5159 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
5160 ATADevState *s;
5161
5162 pReq = NULL;
5163 pCtl->fChainedTransfer = false;
5164 while (!pCtl->fShutdown)
5165 {
5166 /* Keep this thread from doing anything as long as EMT is suspended. */
5167 while (pCtl->fRedoIdle)
5168 {
5169 if (pCtl->fSignalIdle)
5170 ataR3AsyncSignalIdle(pCtl);
5171 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
5172 /* Continue if we got a signal by RTThreadPoke().
5173 * We will get notified if there is a request to process.
5174 */
5175 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5176 continue;
5177 if (RT_FAILURE(rc) || pCtl->fShutdown)
5178 break;
5179
5180 pCtl->fRedoIdle = false;
5181 }
5182
5183 /* Wait for work. */
5184 while (pReq == NULL)
5185 {
5186 if (pCtl->fSignalIdle)
5187 ataR3AsyncSignalIdle(pCtl);
5188 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
5189 /* Continue if we got a signal by RTThreadPoke().
5190 * We will get notified if there is a request to process.
5191 */
5192 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5193 continue;
5194 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
5195 break;
5196
5197 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5198 }
5199
5200 if (RT_FAILURE(rc) || pCtl->fShutdown)
5201 break;
5202
5203 if (pReq == NULL)
5204 continue;
5205
5206 ATAAIO ReqType = pReq->ReqType;
5207
5208 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
5209 if (pCtl->uAsyncIOState != ReqType)
5210 {
5211 /* The new state is not the state that was expected by the normal
5212 * state changes. This is either a RESET/ABORT or there's something
5213 * really strange going on. */
5214 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
5215 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
5216 {
5217 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
5218 ataAsyncIODumpRequests(pCtl);
5219 }
5220 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
5221 }
5222
5223 /* Do our work. */
5224 {
5225 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5226 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5227 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5228 }
5229
5230 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5231 {
5232 u64TS = RTTimeNanoTS();
5233#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5234 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
5235#endif /* DEBUG || VBOX_WITH_STATISTICS */
5236 }
5237
5238 switch (ReqType)
5239 {
5240 case ATA_AIO_NEW:
5241
5242 pCtl->iAIOIf = pReq->u.t.iIf;
5243 s = &pCtl->aIfs[pCtl->iAIOIf];
5244 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
5245 s->uTxDir = pReq->u.t.uTxDir;
5246 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
5247 s->iSourceSink = pReq->u.t.iSourceSink;
5248 s->iIOBufferEnd = 0;
5249 s->u64CmdTS = u64TS;
5250
5251 if (s->fATAPI)
5252 {
5253 if (pCtl->fChainedTransfer)
5254 {
5255 /* Only count the actual transfers, not the PIO
5256 * transfer of the ATAPI command bytes. */
5257 if (s->fDMA)
5258 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
5259 else
5260 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
5261 }
5262 }
5263 else
5264 {
5265 if (s->fDMA)
5266 STAM_REL_COUNTER_INC(&s->StatATADMA);
5267 else
5268 STAM_REL_COUNTER_INC(&s->StatATAPIO);
5269 }
5270
5271 pCtl->fChainedTransfer = false;
5272
5273 if (s->iBeginTransfer != ATAFN_BT_NULL)
5274 {
5275 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5276 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
5277 s->iBeginTransfer = ATAFN_BT_NULL;
5278 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5279 s->iIOBufferEnd = s->cbElementaryTransfer;
5280 }
5281 else
5282 {
5283 s->cbElementaryTransfer = s->cbTotalTransfer;
5284 s->iIOBufferEnd = s->cbTotalTransfer;
5285 }
5286 s->iIOBufferCur = 0;
5287
5288 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5289 {
5290 if (s->iSourceSink != ATAFN_SS_NULL)
5291 {
5292 bool fRedo;
5293 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5294 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5295 pCtl->fRedo = fRedo;
5296 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5297 {
5298 /* Operation failed at the initial transfer, restart
5299 * everything from scratch by resending the current
5300 * request. Occurs very rarely, not worth optimizing. */
5301 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5302 ataAsyncIOPutRequest(pCtl, pReq);
5303 break;
5304 }
5305 }
5306 else
5307 ataCmdOK(s, 0);
5308 s->iIOBufferEnd = s->cbElementaryTransfer;
5309
5310 }
5311
5312 /* Do not go into the transfer phase if RESET is asserted.
5313 * The CritSect is released while waiting for the host OS
5314 * to finish the I/O, thus RESET is possible here. Most
5315 * important: do not change uAsyncIOState. */
5316 if (pCtl->fReset)
5317 break;
5318
5319 if (s->fDMA)
5320 {
5321 if (s->cbTotalTransfer)
5322 {
5323 ataSetStatus(s, ATA_STAT_DRQ);
5324
5325 pCtl->uAsyncIOState = ATA_AIO_DMA;
5326 /* If BMDMA is already started, do the transfer now. */
5327 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
5328 {
5329 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5330 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5331 }
5332 }
5333 else
5334 {
5335 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5336 /* Finish DMA transfer. */
5337 ataDMATransferStop(s);
5338 ataSetIRQ(s);
5339 pCtl->uAsyncIOState = ATA_AIO_NEW;
5340 }
5341 }
5342 else
5343 {
5344 if (s->cbTotalTransfer)
5345 {
5346 ataPIOTransfer(pCtl);
5347 Assert(!pCtl->fRedo);
5348 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5349 ataSetIRQ(s);
5350
5351 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5352 {
5353 /* Write operations and not yet finished transfers
5354 * must be completed in the async I/O thread. */
5355 pCtl->uAsyncIOState = ATA_AIO_PIO;
5356 }
5357 else
5358 {
5359 /* Finished read operation can be handled inline
5360 * in the end of PIO transfer handling code. Linux
5361 * depends on this, as it waits only briefly for
5362 * devices to become ready after incoming data
5363 * transfer. Cannot find anything in the ATA spec
5364 * that backs this assumption, but as all kernels
5365 * are affected (though most of the time it does
5366 * not cause any harm) this must work. */
5367 pCtl->uAsyncIOState = ATA_AIO_NEW;
5368 }
5369 }
5370 else
5371 {
5372 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5373 /* Finish PIO transfer. */
5374 ataPIOTransfer(pCtl);
5375 Assert(!pCtl->fRedo);
5376 if (!s->fATAPITransfer)
5377 ataSetIRQ(s);
5378 pCtl->uAsyncIOState = ATA_AIO_NEW;
5379 }
5380 }
5381 break;
5382
5383 case ATA_AIO_DMA:
5384 {
5385 BMDMAState *bm = &pCtl->BmDma;
5386 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5387 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
5388
5389 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
5390 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
5391 else
5392 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5393
5394 if (RT_LIKELY(!pCtl->fRedo))
5395 {
5396 /* The specs say that the descriptor table must not cross a
5397 * 4K boundary. */
5398 pCtl->pFirstDMADesc = bm->pvAddr;
5399 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
5400 }
5401 ataDMATransfer(pCtl);
5402
5403 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5404 {
5405 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5406 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5407 break;
5408 }
5409
5410 /* The infamous delay IRQ hack. */
5411 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5412 && s->cbTotalTransfer == 0
5413 && pCtl->DelayIRQMillies)
5414 {
5415 /* Delay IRQ for writing. Required to get the Win2K
5416 * installation work reliably (otherwise it crashes,
5417 * usually during component install). So far no better
5418 * solution has been found. */
5419 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5420 PDMCritSectLeave(&pCtl->lock);
5421 RTThreadSleep(pCtl->DelayIRQMillies);
5422 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5423 }
5424
5425 ataUnsetStatus(s, ATA_STAT_DRQ);
5426 Assert(!pCtl->fChainedTransfer);
5427 Assert(s->iSourceSink == ATAFN_SS_NULL);
5428 if (s->fATAPITransfer)
5429 {
5430 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5431 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5432 s->fATAPITransfer = false;
5433 }
5434 ataSetIRQ(s);
5435 pCtl->uAsyncIOState = ATA_AIO_NEW;
5436 break;
5437 }
5438
5439 case ATA_AIO_PIO:
5440 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5441
5442 if (s->iSourceSink != ATAFN_SS_NULL)
5443 {
5444 bool fRedo;
5445 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5446 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5447 pCtl->fRedo = fRedo;
5448 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5449 {
5450 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5451 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5452 break;
5453 }
5454 s->iIOBufferCur = 0;
5455 s->iIOBufferEnd = s->cbElementaryTransfer;
5456 }
5457 else
5458 {
5459 /* Continue a previously started transfer. */
5460 ataUnsetStatus(s, ATA_STAT_BUSY);
5461 ataSetStatus(s, ATA_STAT_READY);
5462 }
5463
5464 /* It is possible that the drives on this controller get RESET
5465 * during the above call to the source/sink function. If that's
5466 * the case, don't restart the transfer and don't finish it the
5467 * usual way. RESET handling took care of all that already.
5468 * Most important: do not change uAsyncIOState. */
5469 if (pCtl->fReset)
5470 break;
5471
5472 if (s->cbTotalTransfer)
5473 {
5474 ataPIOTransfer(pCtl);
5475 ataSetIRQ(s);
5476
5477 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5478 {
5479 /* Write operations and not yet finished transfers
5480 * must be completed in the async I/O thread. */
5481 pCtl->uAsyncIOState = ATA_AIO_PIO;
5482 }
5483 else
5484 {
5485 /* Finished read operation can be handled inline
5486 * in the end of PIO transfer handling code. Linux
5487 * depends on this, as it waits only briefly for
5488 * devices to become ready after incoming data
5489 * transfer. Cannot find anything in the ATA spec
5490 * that backs this assumption, but as all kernels
5491 * are affected (though most of the time it does
5492 * not cause any harm) this must work. */
5493 pCtl->uAsyncIOState = ATA_AIO_NEW;
5494 }
5495 }
5496 else
5497 {
5498 /* Finish PIO transfer. */
5499 ataPIOTransfer(pCtl);
5500 if ( !pCtl->fChainedTransfer
5501 && !s->fATAPITransfer
5502 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5503 {
5504 ataSetIRQ(s);
5505 }
5506 pCtl->uAsyncIOState = ATA_AIO_NEW;
5507 }
5508 break;
5509
5510 case ATA_AIO_RESET_ASSERTED:
5511 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5512 ataPIOTransferStop(&pCtl->aIfs[0]);
5513 ataPIOTransferStop(&pCtl->aIfs[1]);
5514 /* Do not change the DMA registers, they are not affected by the
5515 * ATA controller reset logic. It should be sufficient to issue a
5516 * new command, which is now possible as the state is cleared. */
5517 break;
5518
5519 case ATA_AIO_RESET_CLEARED:
5520 pCtl->uAsyncIOState = ATA_AIO_NEW;
5521 pCtl->fReset = false;
5522 /* Ensure that half-completed transfers are not redone. A reset
5523 * cancels the entire transfer, so continuing is wrong. */
5524 pCtl->fRedo = false;
5525 pCtl->fRedoDMALastDesc = false;
5526 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5527 ATACONTROLLER_IDX(pCtl)));
5528 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5529 {
5530 if (pCtl->aIfs[i].fATAPI)
5531 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5532 else
5533 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5534 ataSetSignature(&pCtl->aIfs[i]);
5535 }
5536 break;
5537
5538 case ATA_AIO_ABORT:
5539 /* Abort the current command no matter what. There cannot be
5540 * any command activity on the other drive otherwise using
5541 * one thread per controller wouldn't work at all. */
5542 s = &pCtl->aIfs[pReq->u.a.iIf];
5543
5544 pCtl->uAsyncIOState = ATA_AIO_NEW;
5545 /* Do not change the DMA registers, they are not affected by the
5546 * ATA controller reset logic. It should be sufficient to issue a
5547 * new command, which is now possible as the state is cleared. */
5548 if (pReq->u.a.fResetDrive)
5549 {
5550 ataResetDevice(s);
5551 ataExecuteDeviceDiagnosticSS(s);
5552 }
5553 else
5554 {
5555 /* Stop any pending DMA transfer. */
5556 s->fDMA = false;
5557 ataPIOTransferStop(s);
5558 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5559 ataSetStatus(s, ATA_STAT_READY);
5560 ataSetIRQ(s);
5561 }
5562 break;
5563
5564 default:
5565 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5566 }
5567
5568 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5569 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5570
5571 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5572 {
5573#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5574 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5575#endif /* DEBUG || VBOX_WITH_STATISTICS */
5576
5577 u64TS = RTTimeNanoTS() - u64TS;
5578 uWait = u64TS / 1000;
5579 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5580 /* Mark command as finished. */
5581 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5582
5583 /*
5584 * Release logging of command execution times depends on the
5585 * command type. ATAPI commands often take longer (due to CD/DVD
5586 * spin up time etc.) so the threshold is different.
5587 */
5588 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5589 {
5590 if (uWait > 8 * 1000 * 1000)
5591 {
5592 /*
5593 * Command took longer than 8 seconds. This is close
5594 * enough or over the guest's command timeout, so place
5595 * an entry in the release log to allow tracking such
5596 * timing errors (which are often caused by the host).
5597 */
5598 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5599 }
5600 }
5601 else
5602 {
5603 if (uWait > 20 * 1000 * 1000)
5604 {
5605 /*
5606 * Command took longer than 20 seconds. This is close
5607 * enough or over the guest's command timeout, so place
5608 * an entry in the release log to allow tracking such
5609 * timing errors (which are often caused by the host).
5610 */
5611 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5612 }
5613 }
5614
5615#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5616 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5617 pCtl->StatAsyncMinWait = uWait;
5618 if (uWait > pCtl->StatAsyncMaxWait)
5619 pCtl->StatAsyncMaxWait = uWait;
5620
5621 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5622 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5623#endif /* DEBUG || VBOX_WITH_STATISTICS */
5624 }
5625
5626 PDMCritSectLeave(&pCtl->lock);
5627 }
5628
5629 /* Signal the ultimate idleness. */
5630 RTThreadUserSignal(pCtl->AsyncIOThread);
5631 if (pCtl->fSignalIdle)
5632 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5633
5634 /* Cleanup the state. */
5635 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5636 pCtl->fShutdown = false;
5637
5638 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5639 return rc;
5640}
5641
5642#endif /* IN_RING3 */
5643
5644static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5645{
5646 uint32_t val = pCtl->BmDma.u8Cmd;
5647 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5648 return val;
5649}
5650
5651
5652static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5653{
5654 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5655 if (!(val & BM_CMD_START))
5656 {
5657 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5658 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5659 }
5660 else
5661 {
5662#ifdef IN_RING3
5663 /* Check whether the guest OS wants to change DMA direction in
5664 * mid-flight. Not allowed, according to the PIIX3 specs. */
5665 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5666 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5667 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5668 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5669
5670 /* Do not continue DMA transfers while the RESET line is asserted. */
5671 if (pCtl->fReset)
5672 {
5673 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5674 return;
5675 }
5676
5677 /* Do not start DMA transfers if there's a PIO transfer going on,
5678 * or if there is already a transfer started on this controller. */
5679 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5680 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5681 return;
5682
5683 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5684 {
5685 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5686 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5687 }
5688#else /* !IN_RING3 */
5689 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5690#endif /* IN_RING3 */
5691 }
5692}
5693
5694static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5695{
5696 uint32_t val = pCtl->BmDma.u8Status;
5697 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5698 return val;
5699}
5700
5701static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5702{
5703 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5704 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5705 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5706 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5707}
5708
5709static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5710{
5711 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5712 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5713 return val;
5714}
5715
5716static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5717{
5718 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5719 pCtl->BmDma.pvAddr = val & ~3;
5720}
5721
5722static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5723{
5724 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5725 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5726
5727}
5728
5729static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5730{
5731 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5732 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5733}
5734
5735#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5736
5737/**
5738 * Port I/O Handler for bus master DMA IN operations.
5739 * @see FNIOMIOPORTIN for details.
5740 */
5741PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5742{
5743 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5744 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5745 PATACONTROLLER pCtl = &pThis->aCts[i];
5746
5747 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5748 if (rc != VINF_SUCCESS)
5749 return rc;
5750 switch (VAL(Port, cb))
5751 {
5752 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5753 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5754 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5755 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5756 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5757 case VAL(0, 4):
5758 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5759 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5760 break;
5761 default:
5762 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5763 PDMCritSectLeave(&pCtl->lock);
5764 return VERR_IOM_IOPORT_UNUSED;
5765 }
5766 PDMCritSectLeave(&pCtl->lock);
5767 return rc;
5768}
5769
5770/**
5771 * Port I/O Handler for bus master DMA OUT operations.
5772 * @see FNIOMIOPORTOUT for details.
5773 */
5774PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5775{
5776 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5777 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5778 PATACONTROLLER pCtl = &pThis->aCts[i];
5779
5780 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5781 if (rc != VINF_SUCCESS)
5782 return rc;
5783 switch (VAL(Port, cb))
5784 {
5785 case VAL(0, 1):
5786#ifndef IN_RING3
5787 if (u32 & BM_CMD_START)
5788 {
5789 rc = VINF_IOM_R3_IOPORT_WRITE;
5790 break;
5791 }
5792#endif /* !IN_RING3 */
5793 ataBMDMACmdWriteB(pCtl, Port, u32);
5794 break;
5795 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5796 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5797 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5798 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5799 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5800 }
5801 PDMCritSectLeave(&pCtl->lock);
5802 return rc;
5803}
5804
5805#undef VAL
5806
5807#ifdef IN_RING3
5808
5809/**
5810 * Callback function for mapping an PCI I/O region.
5811 *
5812 * @return VBox status code.
5813 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5814 * @param iRegion The region number.
5815 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5816 * I/O port, else it's a physical address.
5817 * This address is *NOT* relative to pci_mem_base like earlier!
5818 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5819 */
5820static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5821{
5822 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5823 int rc = VINF_SUCCESS;
5824 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5825 Assert(iRegion == 4);
5826 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5827
5828 /* Register the port range. */
5829 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5830 {
5831 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5832 (RTHCPTR)(uintptr_t)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5833 AssertRC(rc2);
5834 if (rc2 < rc)
5835 rc = rc2;
5836
5837 if (pThis->fGCEnabled)
5838 {
5839 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5840 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5841 AssertRC(rc2);
5842 if (rc2 < rc)
5843 rc = rc2;
5844 }
5845 if (pThis->fR0Enabled)
5846 {
5847 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5848 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5849 AssertRC(rc2);
5850 if (rc2 < rc)
5851 rc = rc2;
5852 }
5853 }
5854 return rc;
5855}
5856
5857
5858/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5859
5860/**
5861 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5862 */
5863static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5864{
5865 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5866 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5867 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5868 return NULL;
5869}
5870
5871
5872/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5873
5874/**
5875 * Gets the pointer to the status LED of a unit.
5876 *
5877 * @returns VBox status code.
5878 * @param pInterface Pointer to the interface structure containing the called function pointer.
5879 * @param iLUN The unit which status LED we desire.
5880 * @param ppLed Where to store the LED pointer.
5881 */
5882static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5883{
5884 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5885 if (iLUN < 4)
5886 {
5887 switch (iLUN)
5888 {
5889 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5890 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5891 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5892 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5893 }
5894 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5895 return VINF_SUCCESS;
5896 }
5897 return VERR_PDM_LUN_NOT_FOUND;
5898}
5899
5900
5901/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5902
5903/**
5904 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5905 */
5906static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5907{
5908 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5909 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5910 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5911 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5912 return NULL;
5913}
5914
5915
5916/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5917
5918/**
5919 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5920 */
5921static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5922 uint32_t *piInstance, uint32_t *piLUN)
5923{
5924 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5925 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5926
5927 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5928 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5929 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5930
5931 *ppcszController = pDevIns->pReg->szName;
5932 *piInstance = pDevIns->iInstance;
5933 *piLUN = pIf->iLUN;
5934
5935 return VINF_SUCCESS;
5936}
5937#endif /* IN_RING3 */
5938
5939
5940/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5941
5942/**
5943 * Port I/O Handler for primary port range OUT operations.
5944 * @see FNIOMIOPORTOUT for details.
5945 */
5946PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5947{
5948 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5949 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5950 PATACONTROLLER pCtl = &pThis->aCts[i];
5951 int rc = VINF_SUCCESS;
5952
5953 Assert(i < 2);
5954
5955 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5956 if (rc != VINF_SUCCESS)
5957 return rc;
5958 if (Port == pCtl->IOPortBase1)
5959 {
5960 /* Writes to the data port may be 16-bit or 32-bit. */
5961 Assert(cb == 2 || cb == 4);
5962 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5963 }
5964 else
5965 {
5966 /* Writes to the other command block ports should be 8-bit only. If they
5967 * are not, the high bits are simply discarded. Undocumented, but observed
5968 * on a real PIIX4 system.
5969 */
5970 if (cb > 1)
5971 Log(("ataIOPortWrite1: suspect write to port %x val=%x size=%d\n", Port, u32, cb));
5972
5973 rc = ataIOPortWriteU8(pCtl, Port, u32);
5974 }
5975 PDMCritSectLeave(&pCtl->lock);
5976 return rc;
5977}
5978
5979
5980/**
5981 * Port I/O Handler for primary port range IN operations.
5982 * @see FNIOMIOPORTIN for details.
5983 */
5984PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5985{
5986 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5987 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5988 PATACONTROLLER pCtl = &pThis->aCts[i];
5989 int rc = VINF_SUCCESS;
5990
5991 Assert(i < 2);
5992
5993 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5994 if (rc != VINF_SUCCESS)
5995 return rc;
5996 if (Port == pCtl->IOPortBase1)
5997 {
5998 /* Reads from the data register may be 16-bit or 32-bit. */
5999 Assert(cb == 2 || cb == 4);
6000 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
6001 if (cb == 2)
6002 *pu32 &= 0xffff;
6003 }
6004 else
6005 {
6006 /* Reads from the other command block registers should be 8-bit only.
6007 * If they are not, the low byte is propagated to the high bits.
6008 * Undocumented, but observed on a real PIIX4 system.
6009 */
6010 rc = ataIOPortReadU8(pCtl, Port, pu32);
6011 if (cb > 1)
6012 {
6013 uint32_t pad;
6014
6015 /* Replicate the 8-bit result into the upper three bytes. */
6016 pad = *pu32 & 0xff;
6017 pad = pad | (pad << 8);
6018 pad = pad | (pad << 16);
6019 *pu32 = pad;
6020 Log(("ataIOPortRead1: suspect read from port %x size=%d\n", Port, cb));
6021 }
6022 }
6023 PDMCritSectLeave(&pCtl->lock);
6024 return rc;
6025}
6026
6027#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
6028/**
6029 * Port I/O Handler for primary port range IN string operations.
6030 * @see FNIOMIOPORTINSTRING for details.
6031 */
6032PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
6033{
6034 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6035 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6036 PATACONTROLLER pCtl = &pThis->aCts[i];
6037 int rc = VINF_SUCCESS;
6038
6039 Assert(i < 2);
6040
6041 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6042 if (rc != VINF_SUCCESS)
6043 return rc;
6044 if (Port == pCtl->IOPortBase1)
6045 {
6046 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
6047 RTGCPTR GCDst = *pGCPtrDst;
6048 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
6049 Assert(cb == 2 || cb == 4);
6050
6051 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
6052#ifndef IN_RING3
6053 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
6054 if (!cTransAvailable)
6055 {
6056 PDMCritSectLeave(&pCtl->lock);
6057 return VINF_IOM_R3_IOPORT_READ;
6058 }
6059 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
6060 cTransAvailable--;
6061#endif /* !IN_RING3 */
6062 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
6063 * They are not performance-critical and generally shouldn't occur at all. */
6064 if (cTransAvailable > cTransfer)
6065 cTransAvailable = cTransfer;
6066 cbTransfer = cTransAvailable * cb;
6067
6068 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
6069#ifndef IN_RING3
6070 /* Paranoia. */
6071 if (RT_FAILURE(rc))
6072 {
6073 PDMCritSectLeave(&pCtl->lock);
6074 AssertFailed();
6075 return VINF_IOM_R3_IOPORT_READ;
6076 }
6077#else
6078 Assert(rc == VINF_SUCCESS);
6079#endif
6080
6081 if (cbTransfer)
6082 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
6083 s->iIOBufferPIODataStart += cbTransfer;
6084 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
6085 *pcTransfer = cTransfer - cTransAvailable;
6086#ifdef IN_RING3
6087 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
6088 ataPIOTransferFinish(pCtl, s);
6089#endif /* IN_RING3 */
6090 }
6091 PDMCritSectLeave(&pCtl->lock);
6092 return rc;
6093}
6094
6095
6096/**
6097 * Port I/O Handler for primary port range OUT string operations.
6098 * @see FNIOMIOPORTOUTSTRING for details.
6099 */
6100PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
6101{
6102 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6103 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6104 PATACONTROLLER pCtl = &pThis->aCts[i];
6105 int rc;
6106
6107 Assert(i < 2);
6108
6109 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6110 if (rc != VINF_SUCCESS)
6111 return rc;
6112 if (Port == pCtl->IOPortBase1)
6113 {
6114 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
6115 RTGCPTR GCSrc = *pGCPtrSrc;
6116 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
6117 Assert(cb == 2 || cb == 4);
6118
6119 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
6120#ifndef IN_RING3
6121 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
6122 if (!cTransAvailable)
6123 {
6124 PDMCritSectLeave(&pCtl->lock);
6125 return VINF_IOM_R3_IOPORT_WRITE;
6126 }
6127 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
6128 cTransAvailable--;
6129#endif /* !IN_RING3 */
6130 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
6131 * They are not performance-critical and generally shouldn't occur at all. */
6132 if (cTransAvailable > cTransfer)
6133 cTransAvailable = cTransfer;
6134 cbTransfer = cTransAvailable * cb;
6135
6136 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
6137#ifndef IN_RING3
6138 /* Paranoia. */
6139 if (RT_FAILURE(rc))
6140 {
6141 PDMCritSectLeave(&pCtl->lock);
6142 AssertFailed();
6143 return VINF_IOM_R3_IOPORT_WRITE;
6144 }
6145#else
6146 Assert(rc == VINF_SUCCESS);
6147#endif
6148
6149 if (cbTransfer)
6150 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
6151 s->iIOBufferPIODataStart += cbTransfer;
6152 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
6153 *pcTransfer = cTransfer - cTransAvailable;
6154#ifdef IN_RING3
6155 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
6156 ataPIOTransferFinish(pCtl, s);
6157#endif /* IN_RING3 */
6158 }
6159 PDMCritSectLeave(&pCtl->lock);
6160 return rc;
6161}
6162#endif /* !IN_RING0 */
6163
6164/**
6165 * Port I/O Handler for secondary port range OUT operations.
6166 * @see FNIOMIOPORTOUT for details.
6167 */
6168PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6169{
6170 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6171 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6172 PATACONTROLLER pCtl = &pThis->aCts[i];
6173 int rc;
6174
6175 Assert(i < 2);
6176
6177 if (cb != 1)
6178 return VINF_SUCCESS;
6179 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6180 if (rc != VINF_SUCCESS)
6181 return rc;
6182 rc = ataControlWrite(pCtl, Port, u32);
6183 PDMCritSectLeave(&pCtl->lock);
6184 return rc;
6185}
6186
6187
6188/**
6189 * Port I/O Handler for secondary port range IN operations.
6190 * @see FNIOMIOPORTIN for details.
6191 */
6192PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6193{
6194 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6195 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6196 PATACONTROLLER pCtl = &pThis->aCts[i];
6197 int rc;
6198
6199 Assert(i < 2);
6200
6201 if (cb != 1)
6202 return VERR_IOM_IOPORT_UNUSED;
6203
6204 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6205 if (rc != VINF_SUCCESS)
6206 return rc;
6207 *pu32 = ataStatusRead(pCtl, Port);
6208 PDMCritSectLeave(&pCtl->lock);
6209 return VINF_SUCCESS;
6210}
6211
6212#ifdef IN_RING3
6213
6214
6215DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
6216{
6217 if (s->pbIOBufferR3)
6218 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
6219}
6220
6221
6222/**
6223 * @copydoc FNPDMDEVRELOCATE
6224 */
6225static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
6226{
6227 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6228
6229 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6230 {
6231 pThis->aCts[i].pDevInsRC += offDelta;
6232 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
6233 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
6234 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
6235 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
6236 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
6237 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
6238 }
6239}
6240
6241
6242/**
6243 * Destroy a driver instance.
6244 *
6245 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
6246 * resources can be freed correctly.
6247 *
6248 * @param pDevIns The device instance data.
6249 */
6250static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
6251{
6252 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6253 int rc;
6254
6255 Log(("ataR3Destruct\n"));
6256 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
6257
6258 /*
6259 * Tell the async I/O threads to terminate.
6260 */
6261 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6262 {
6263 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6264 {
6265 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
6266 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
6267 AssertRC(rc);
6268 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6269 AssertRC(rc);
6270 }
6271 }
6272
6273 /*
6274 * Wait for the threads to terminate before destroying their resources.
6275 */
6276 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6277 {
6278 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6279 {
6280 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
6281 if (RT_SUCCESS(rc))
6282 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6283 else
6284 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
6285 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6286 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
6287 }
6288 }
6289
6290 /*
6291 * Free resources.
6292 */
6293 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6294 {
6295 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
6296 {
6297 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
6298 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6299 }
6300 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
6301 {
6302 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
6303 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6304 }
6305 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
6306 {
6307 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
6308 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6309 }
6310
6311 /* try one final time */
6312 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6313 {
6314 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
6315 if (RT_SUCCESS(rc))
6316 {
6317 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6318 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
6319 }
6320 }
6321
6322 for (uint32_t iIf = 0; iIf < RT_ELEMENTS(pThis->aCts[i].aIfs); iIf++)
6323 {
6324 if (pThis->aCts[i].aIfs[iIf].pbCueSheet)
6325 {
6326 RTMemFree(pThis->aCts[i].aIfs[iIf].pbCueSheet);
6327 pThis->aCts[i].aIfs[iIf].pbCueSheet = NULL;
6328 }
6329 }
6330 }
6331
6332 return VINF_SUCCESS;
6333}
6334
6335
6336/**
6337 * Detach notification.
6338 *
6339 * The DVD drive has been unplugged.
6340 *
6341 * @param pDevIns The device instance.
6342 * @param iLUN The logical unit which is being detached.
6343 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6344 */
6345static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6346{
6347 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6348 PATACONTROLLER pCtl;
6349 ATADevState *pIf;
6350 unsigned iController;
6351 unsigned iInterface;
6352
6353 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6354 ("PIIX3IDE: Device does not support hotplugging\n"));
6355
6356 /*
6357 * Locate the controller and stuff.
6358 */
6359 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6360 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6361 pCtl = &pThis->aCts[iController];
6362
6363 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6364 pIf = &pCtl->aIfs[iInterface];
6365
6366 /*
6367 * Zero some important members.
6368 */
6369 pIf->pDrvBase = NULL;
6370 pIf->pDrvBlock = NULL;
6371 pIf->pDrvBlockBios = NULL;
6372 pIf->pDrvMount = NULL;
6373
6374 /*
6375 * In case there was a medium inserted.
6376 */
6377 ataMediumRemoved(pIf);
6378}
6379
6380
6381/**
6382 * Configure a LUN.
6383 *
6384 * @returns VBox status code.
6385 * @param pDevIns The device instance.
6386 * @param pIf The ATA unit state.
6387 */
6388static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
6389{
6390 int rc = VINF_SUCCESS;
6391 PDMBLOCKTYPE enmType;
6392
6393 /*
6394 * Query Block, Bios and Mount interfaces.
6395 */
6396 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
6397 if (!pIf->pDrvBlock)
6398 {
6399 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
6400 return VERR_PDM_MISSING_INTERFACE;
6401 }
6402
6403 /** @todo implement the BIOS invisible code path. */
6404 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
6405 if (!pIf->pDrvBlockBios)
6406 {
6407 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
6408 return VERR_PDM_MISSING_INTERFACE;
6409 }
6410 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
6411
6412 /*
6413 * Validate type.
6414 */
6415 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
6416 if ( enmType != PDMBLOCKTYPE_CDROM
6417 && enmType != PDMBLOCKTYPE_DVD
6418 && enmType != PDMBLOCKTYPE_HARD_DISK)
6419 {
6420 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6421 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6422 }
6423 if ( ( enmType == PDMBLOCKTYPE_DVD
6424 || enmType == PDMBLOCKTYPE_CDROM)
6425 && !pIf->pDrvMount)
6426 {
6427 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6428 return VERR_INTERNAL_ERROR;
6429 }
6430 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
6431 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
6432
6433 /*
6434 * Allocate I/O buffer.
6435 */
6436 PVM pVM = PDMDevHlpGetVM(pDevIns);
6437 if (pIf->cbIOBuffer)
6438 {
6439 /* Buffer is (probably) already allocated. Validate the fields,
6440 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6441 if (pIf->fATAPI)
6442 AssertRelease(pIf->cbIOBuffer == _128K);
6443 else
6444 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
6445 Assert(pIf->pbIOBufferR3);
6446 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6447 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6448 }
6449 else
6450 {
6451 if (pIf->fATAPI)
6452 pIf->cbIOBuffer = _128K;
6453 else
6454 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
6455 Assert(!pIf->pbIOBufferR3);
6456 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6457 if (RT_FAILURE(rc))
6458 return VERR_NO_MEMORY;
6459 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6460 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6461 }
6462
6463 /*
6464 * Init geometry (only for non-CD/DVD media).
6465 */
6466 if (pIf->fATAPI)
6467 {
6468 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
6469 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6470 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6471 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6472 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6473 }
6474 else
6475 {
6476 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
6477 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
6478 &pIf->PCHSGeometry);
6479 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6480 {
6481 pIf->PCHSGeometry.cCylinders = 0;
6482 pIf->PCHSGeometry.cHeads = 16; /*??*/
6483 pIf->PCHSGeometry.cSectors = 63; /*??*/
6484 }
6485 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6486 {
6487 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6488 rc = VINF_SUCCESS;
6489 }
6490 AssertRC(rc);
6491
6492 if ( pIf->PCHSGeometry.cCylinders == 0
6493 || pIf->PCHSGeometry.cHeads == 0
6494 || pIf->PCHSGeometry.cSectors == 0
6495 )
6496 {
6497 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6498 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6499 pIf->PCHSGeometry.cHeads = 16;
6500 pIf->PCHSGeometry.cSectors = 63;
6501 /* Set the disk geometry information. Ignore errors. */
6502 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
6503 &pIf->PCHSGeometry);
6504 rc = VINF_SUCCESS;
6505 }
6506 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
6507
6508 if (pIf->pDrvBlock->pfnDiscard)
6509 LogRel(("PIIX3 ATA: LUN#%d: TRIM enabled\n", pIf->iLUN));
6510 }
6511 return rc;
6512}
6513
6514
6515/**
6516 * Attach command.
6517 *
6518 * This is called when we change block driver for the DVD drive.
6519 *
6520 * @returns VBox status code.
6521 * @param pDevIns The device instance.
6522 * @param iLUN The logical unit which is being detached.
6523 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6524 */
6525static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6526{
6527 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6528 PATACONTROLLER pCtl;
6529 ATADevState *pIf;
6530 int rc;
6531 unsigned iController;
6532 unsigned iInterface;
6533
6534 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6535 ("PIIX3IDE: Device does not support hotplugging\n"),
6536 VERR_INVALID_PARAMETER);
6537
6538 /*
6539 * Locate the controller and stuff.
6540 */
6541 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6542 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6543 pCtl = &pThis->aCts[iController];
6544
6545 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6546 pIf = &pCtl->aIfs[iInterface];
6547
6548 /* the usual paranoia */
6549 AssertRelease(!pIf->pDrvBase);
6550 AssertRelease(!pIf->pDrvBlock);
6551 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6552 Assert(pIf->iLUN == iLUN);
6553
6554 /*
6555 * Try attach the block device and get the interfaces,
6556 * required as well as optional.
6557 */
6558 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6559 if (RT_SUCCESS(rc))
6560 {
6561 rc = ataConfigLun(pDevIns, pIf);
6562 /*
6563 * In case there is a medium inserted.
6564 */
6565 ataMediumInserted(pIf);
6566 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
6567 }
6568 else
6569 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6570
6571 if (RT_FAILURE(rc))
6572 {
6573 pIf->pDrvBase = NULL;
6574 pIf->pDrvBlock = NULL;
6575 }
6576 return rc;
6577}
6578
6579
6580/**
6581 * Resume notification.
6582 *
6583 * @returns VBox status.
6584 * @param pDevIns The device instance data.
6585 */
6586static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6587{
6588 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6589 int rc;
6590
6591 Log(("%s:\n", __FUNCTION__));
6592 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6593 {
6594 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6595 {
6596 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6597 AssertRC(rc);
6598 }
6599 }
6600 return;
6601}
6602
6603
6604/**
6605 * Checks if all (both) the async I/O threads have quiesced.
6606 *
6607 * @returns true on success.
6608 * @returns false when one or more threads is still processing.
6609 * @param pThis Pointer to the instance data.
6610 */
6611static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6612{
6613 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6614
6615 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6616 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6617 {
6618 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6619 if (!fRc)
6620 {
6621 /* Make it signal PDM & itself when its done */
6622 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6623 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6624 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6625 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6626 if (!fRc)
6627 {
6628#if 0 /** @todo Need to do some time tracking here... */
6629 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6630 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6631 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6632#endif
6633 return false;
6634 }
6635 }
6636 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6637 }
6638 return true;
6639}
6640
6641
6642/**
6643 * Callback employed by ataSuspend and ataR3PowerOff.
6644 *
6645 * @returns true if we've quiesced, false if we're still working.
6646 * @param pDevIns The device instance.
6647 */
6648static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6649{
6650 return ataR3AllAsyncIOIsIdle(pDevIns);
6651}
6652
6653
6654/**
6655 * Common worker for ataSuspend and ataR3PowerOff.
6656 */
6657static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6658{
6659 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6660 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6661}
6662
6663
6664/**
6665 * Power Off notification.
6666 *
6667 * @returns VBox status.
6668 * @param pDevIns The device instance data.
6669 */
6670static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6671{
6672 Log(("%s:\n", __FUNCTION__));
6673 ataR3SuspendOrPowerOff(pDevIns);
6674}
6675
6676
6677/**
6678 * Suspend notification.
6679 *
6680 * @returns VBox status.
6681 * @param pDevIns The device instance data.
6682 */
6683static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6684{
6685 Log(("%s:\n", __FUNCTION__));
6686 ataR3SuspendOrPowerOff(pDevIns);
6687}
6688
6689
6690/**
6691 * Callback employed by ataR3Reset.
6692 *
6693 * @returns true if we've quiesced, false if we're still working.
6694 * @param pDevIns The device instance.
6695 */
6696static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6697{
6698 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6699
6700 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6701 return false;
6702
6703 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6704 {
6705 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6706 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6707 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6708 PDMCritSectLeave(&pThis->aCts[i].lock);
6709 }
6710 return true;
6711}
6712
6713
6714/**
6715 * Common reset worker for ataR3Reset and ataR3Construct.
6716 *
6717 * @returns VBox status.
6718 * @param pDevIns The device instance data.
6719 * @param fConstruct Indicates who is calling.
6720 */
6721static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6722{
6723 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6724
6725 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6726 {
6727 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6728
6729 pThis->aCts[i].iSelectedIf = 0;
6730 pThis->aCts[i].iAIOIf = 0;
6731 pThis->aCts[i].BmDma.u8Cmd = 0;
6732 /* Report that both drives present on the bus are in DMA mode. This
6733 * pretends that there is a BIOS that has set it up. Normal reset
6734 * default is 0x00. */
6735 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6736 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6737 pThis->aCts[i].BmDma.pvAddr = 0;
6738
6739 pThis->aCts[i].fReset = true;
6740 pThis->aCts[i].fRedo = false;
6741 pThis->aCts[i].fRedoIdle = false;
6742 ataAsyncIOClearRequests(&pThis->aCts[i]);
6743 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6744 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6745 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6746
6747 PDMCritSectLeave(&pThis->aCts[i].lock);
6748 }
6749
6750 int rcRet = VINF_SUCCESS;
6751 if (!fConstruct)
6752 {
6753 /*
6754 * Setup asynchronous notification completion if the requests haven't
6755 * completed yet.
6756 */
6757 if (!ataR3IsAsyncResetDone(pDevIns))
6758 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6759 }
6760 else
6761 {
6762 /*
6763 * Wait for the requests for complete.
6764 *
6765 * Would be real nice if we could do it all from EMT(0) and not
6766 * involve the worker threads, then we could dispense with all the
6767 * waiting and semaphore ping-pong here...
6768 */
6769 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6770 {
6771 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6772 {
6773 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6774 AssertRC(rc);
6775
6776 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6777 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6778 AssertRC(rc);
6779
6780 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6781 AssertRC(rc);
6782
6783 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6784 {
6785 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6786 if (RT_FAILURE(rc))
6787 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6788 if (RT_FAILURE(rc))
6789 {
6790 AssertRC(rc);
6791 rcRet = rc;
6792 }
6793 }
6794 }
6795 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6796 }
6797 if (RT_SUCCESS(rcRet))
6798 {
6799 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6800 AssertRC(rcRet);
6801 }
6802 }
6803 return rcRet;
6804}
6805
6806
6807/**
6808 * Reset notification.
6809 *
6810 * @param pDevIns The device instance data.
6811 */
6812static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6813{
6814 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6815}
6816
6817
6818/**
6819 * Prepare state save and load operation.
6820 *
6821 * @returns VBox status code.
6822 * @param pDevIns Device instance of the device which registered the data unit.
6823 * @param pSSM SSM operation handle.
6824 */
6825static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6826{
6827 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6828
6829 /* sanity - the suspend notification will wait on the async stuff. */
6830 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6831 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6832 ("i=%u\n", i),
6833 VERR_SSM_IDE_ASYNC_TIMEOUT);
6834 return VINF_SUCCESS;
6835}
6836
6837/**
6838 * @copydoc FNSSMDEVLIVEEXEC
6839 */
6840static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6841{
6842 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6843
6844 SSMR3PutU8(pSSM, pThis->u8Type);
6845 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6846 {
6847 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6848 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6849 {
6850 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6851 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6852 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6853 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6854 }
6855 }
6856
6857 return VINF_SSM_DONT_CALL_AGAIN;
6858}
6859
6860
6861/**
6862 * @copydoc FNSSMDEVSAVEEXEC
6863 */
6864static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6865{
6866 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6867
6868 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6869
6870 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6871 {
6872 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6873 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6874 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6875 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6876 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6877 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6878 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6879 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6880 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6881 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6882 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6883 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6884 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6885
6886 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6887 {
6888 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6889 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6890 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6891 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6892 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6893 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6894 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6895 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6896 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6897 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6898 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6899 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6900 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6901 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6902 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6903 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6904 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6905 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6906 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6907 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6908 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6909 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6910 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6911 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6912 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6913 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6914 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6915 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6916 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6917 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6918 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6919 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6920 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6921 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6922 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6923 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6924 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6925 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6926 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6927 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6928 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6929 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6930 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6931 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6932 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6933 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6934 else
6935 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6936 }
6937 }
6938
6939 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6940}
6941
6942/**
6943 * Converts the LUN number into a message string.
6944 */
6945static const char *ataStringifyLun(unsigned iLun)
6946{
6947 switch (iLun)
6948 {
6949 case 0: return "primary master";
6950 case 1: return "primary slave";
6951 case 2: return "secondary master";
6952 case 3: return "secondary slave";
6953 default: AssertFailedReturn("unknown lun");
6954 }
6955}
6956
6957/**
6958 * FNSSMDEVLOADEXEC
6959 */
6960static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6961{
6962 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6963 int rc;
6964 uint32_t u32;
6965
6966 if ( uVersion != ATA_SAVED_STATE_VERSION
6967 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6968 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6969 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6970 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6971 {
6972 AssertMsgFailed(("uVersion=%d\n", uVersion));
6973 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6974 }
6975
6976 /*
6977 * Verify the configuration.
6978 */
6979 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6980 {
6981 uint8_t u8Type;
6982 rc = SSMR3GetU8(pSSM, &u8Type);
6983 AssertRCReturn(rc, rc);
6984 if (u8Type != pThis->u8Type)
6985 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6986
6987 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6988 {
6989 bool fEnabled;
6990 rc = SSMR3GetBool(pSSM, &fEnabled);
6991 AssertRCReturn(rc, rc);
6992 if (!fEnabled)
6993 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6994
6995 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6996 {
6997 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6998
6999 bool fInUse;
7000 rc = SSMR3GetBool(pSSM, &fInUse);
7001 AssertRCReturn(rc, rc);
7002 if (fInUse != (pIf->pDrvBase != NULL))
7003 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
7004 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
7005 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
7006
7007 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
7008 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
7009 AssertRCReturn(rc, rc);
7010 if (strcmp(szSerialNumber, pIf->szSerialNumber))
7011 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
7012 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
7013
7014 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
7015 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
7016 AssertRCReturn(rc, rc);
7017 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
7018 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
7019 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
7020
7021 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
7022 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
7023 AssertRCReturn(rc, rc);
7024 if (strcmp(szModelNumber, pIf->szModelNumber))
7025 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
7026 pIf->iLUN, szModelNumber, pIf->szModelNumber));
7027 }
7028 }
7029 }
7030 if (uPass != SSM_PASS_FINAL)
7031 return VINF_SUCCESS;
7032
7033 /*
7034 * Restore valid parts of the PCIATAState structure
7035 */
7036 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7037 {
7038 /* integrity check */
7039 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
7040 {
7041 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
7042 return VERR_INTERNAL_ERROR_4;
7043 }
7044
7045 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
7046 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
7047 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
7048 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
7049 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
7050 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
7051 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
7052 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
7053 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
7054 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
7055 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
7056 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
7057 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
7058
7059 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7060 {
7061 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
7062 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
7063 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
7064 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
7065 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
7066 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
7067 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
7068 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
7069 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
7070 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
7071 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
7072 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
7073 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
7074 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
7075 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
7076 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
7077 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
7078 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
7079 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
7080 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
7081 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
7082 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
7083 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
7084 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
7085 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
7086 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
7087 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
7088 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
7089 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
7090 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
7091 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
7092 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
7093 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
7094 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
7095 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
7096 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
7097 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
7098 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
7099 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
7100 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
7101 {
7102 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
7103 }
7104 else
7105 {
7106 uint8_t uATAPISenseKey, uATAPIASC;
7107 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
7108 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
7109 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
7110 SSMR3GetU8(pSSM, &uATAPISenseKey);
7111 SSMR3GetU8(pSSM, &uATAPIASC);
7112 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
7113 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
7114 }
7115 /** @todo triple-check this hack after passthrough is working */
7116 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
7117 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
7118 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
7119 else
7120 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
7121 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
7122 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
7123 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
7124 {
7125 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
7126 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
7127 else
7128 {
7129 LogRel(("ATA: No buffer for %d/%d\n", i, j));
7130 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
7131 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
7132
7133 /* skip the buffer if we're loading for the debugger / animator. */
7134 uint8_t u8Ignored;
7135 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
7136 while (cbLeft-- > 0)
7137 SSMR3GetU8(pSSM, &u8Ignored);
7138 }
7139 }
7140 else
7141 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
7142 }
7143 }
7144 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
7145 SSMR3GetU8(pSSM, &pThis->u8Type);
7146
7147 rc = SSMR3GetU32(pSSM, &u32);
7148 if (RT_FAILURE(rc))
7149 return rc;
7150 if (u32 != ~0U)
7151 {
7152 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
7153 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
7154 return rc;
7155 }
7156
7157 return VINF_SUCCESS;
7158}
7159
7160/**
7161 * Convert config value to DEVPCBIOSBOOT.
7162 *
7163 * @returns VBox status code.
7164 * @param pDevIns The device instance data.
7165 * @param pCfg Configuration handle.
7166 * @param penmChipset Where to store the chipset type.
7167 */
7168static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
7169{
7170 char szType[20];
7171
7172 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
7173 if (RT_FAILURE(rc))
7174 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7175 N_("Configuration error: Querying \"Type\" as a string failed"));
7176 if (!strcmp(szType, "PIIX3"))
7177 *penmChipset = CHIPSET_PIIX3;
7178 else if (!strcmp(szType, "PIIX4"))
7179 *penmChipset = CHIPSET_PIIX4;
7180 else if (!strcmp(szType, "ICH6"))
7181 *penmChipset = CHIPSET_ICH6;
7182 else
7183 {
7184 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7185 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
7186 szType);
7187 rc = VERR_INTERNAL_ERROR;
7188 }
7189 return rc;
7190}
7191
7192
7193/**
7194 * @interface_method_impl{PDMDEVREG,pfnConstruct}
7195 */
7196static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
7197{
7198 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7199 PPDMIBASE pBase;
7200 int rc;
7201 bool fGCEnabled;
7202 bool fR0Enabled;
7203 uint32_t DelayIRQMillies;
7204
7205 Assert(iInstance == 0);
7206 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
7207
7208 /*
7209 * Initialize NIL handle values (for the destructor).
7210 */
7211 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7212 {
7213 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
7214 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7215 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
7216 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7217 }
7218
7219 /*
7220 * Validate and read configuration.
7221 */
7222 if (!CFGMR3AreValuesValid(pCfg,
7223 "GCEnabled\0"
7224 "R0Enabled\0"
7225 "IRQDelay\0"
7226 "Type\0")
7227 /** @todo || invalid keys */)
7228 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
7229 N_("PIIX3 configuration error: unknown option specified"));
7230
7231 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
7232 if (RT_FAILURE(rc))
7233 return PDMDEV_SET_ERROR(pDevIns, rc,
7234 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
7235 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
7236
7237 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
7238 if (RT_FAILURE(rc))
7239 return PDMDEV_SET_ERROR(pDevIns, rc,
7240 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
7241 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
7242
7243 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
7244 if (RT_FAILURE(rc))
7245 return PDMDEV_SET_ERROR(pDevIns, rc,
7246 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
7247 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
7248 Assert(DelayIRQMillies < 50);
7249
7250 CHIPSET enmChipset = CHIPSET_PIIX3;
7251 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
7252 if (RT_FAILURE(rc))
7253 return rc;
7254 pThis->u8Type = (uint8_t)enmChipset;
7255
7256 /*
7257 * Initialize data (most of it anyway).
7258 */
7259 /* Status LUN. */
7260 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
7261 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
7262
7263 /* PCI configuration space. */
7264 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
7265
7266 /*
7267 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
7268 * as it explicitly checks for PCI id for IDE controllers.
7269 */
7270 switch (pThis->u8Type)
7271 {
7272 case CHIPSET_ICH6:
7273 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
7274 /** @todo: do we need it? Do we need anything else? */
7275 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7276 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7277 pThis->dev.config[0x4B] = 0x00;
7278 {
7279 /*
7280 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
7281 * Report
7282 * WR_Ping-Pong_EN: must be set
7283 * PCR0, PCR1: 80-pin primary cable reporting for both disks
7284 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
7285 */
7286 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
7287 pThis->dev.config[0x54] = u16Config & 0xff;
7288 pThis->dev.config[0x55] = u16Config >> 8;
7289 }
7290 break;
7291 case CHIPSET_PIIX4:
7292 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
7293 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
7294 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7295 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7296 pThis->dev.config[0x4B] = 0x00;
7297 break;
7298 case CHIPSET_PIIX3:
7299 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
7300 break;
7301 default:
7302 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
7303 }
7304
7305 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
7306 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
7307 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
7308 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
7309 PCIDevSetHeaderType(&pThis->dev, 0x00);
7310
7311 pThis->pDevIns = pDevIns;
7312 pThis->fGCEnabled = fGCEnabled;
7313 pThis->fR0Enabled = fR0Enabled;
7314 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7315 {
7316 pThis->aCts[i].pDevInsR3 = pDevIns;
7317 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7318 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7319 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
7320 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7321 {
7322 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7323
7324 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
7325 pIf->pDevInsR3 = pDevIns;
7326 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7327 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7328 pIf->pControllerR3 = &pThis->aCts[i];
7329 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7330 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7331 pIf->IBase.pfnQueryInterface = ataQueryInterface;
7332 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
7333 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
7334 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
7335 pIf->Led.u32Magic = PDMLED_MAGIC;
7336 }
7337 }
7338
7339 Assert(RT_ELEMENTS(pThis->aCts) == 2);
7340 pThis->aCts[0].irq = 14;
7341 pThis->aCts[0].IOPortBase1 = 0x1f0;
7342 pThis->aCts[0].IOPortBase2 = 0x3f6;
7343 pThis->aCts[1].irq = 15;
7344 pThis->aCts[1].IOPortBase1 = 0x170;
7345 pThis->aCts[1].IOPortBase2 = 0x376;
7346
7347 /*
7348 * Register the PCI device.
7349 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
7350 * device the slot next to itself.
7351 */
7352 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
7353 if (RT_FAILURE(rc))
7354 return PDMDEV_SET_ERROR(pDevIns, rc,
7355 N_("PIIX3 cannot register PCI device"));
7356 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
7357 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
7358 if (RT_FAILURE(rc))
7359 return PDMDEV_SET_ERROR(pDevIns, rc,
7360 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
7361
7362 /*
7363 * Register the I/O ports.
7364 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
7365 */
7366 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7367 {
7368 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)(uintptr_t)i,
7369 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
7370 if (RT_FAILURE(rc))
7371 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
7372
7373 if (fGCEnabled)
7374 {
7375 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
7376 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7377 if (RT_FAILURE(rc))
7378 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
7379 }
7380
7381 if (fR0Enabled)
7382 {
7383#if 1
7384 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7385 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
7386#else
7387 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7388 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7389#endif
7390 if (RT_FAILURE(rc))
7391 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
7392 }
7393
7394 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
7395 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
7396 if (RT_FAILURE(rc))
7397 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
7398
7399 if (fGCEnabled)
7400 {
7401 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
7402 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7403 if (RT_FAILURE(rc))
7404 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
7405 }
7406 if (fR0Enabled)
7407 {
7408 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
7409 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7410 if (RT_FAILURE(rc))
7411 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
7412 }
7413
7414 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7415 {
7416 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7417 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7418 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
7419 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7420 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
7421 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7422 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7423 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7424 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7425#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7426 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7427 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7428#endif
7429 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7430 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7431#ifdef VBOX_INSTRUMENT_DMA_WRITES
7432 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7433 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7434#endif
7435#ifdef VBOX_WITH_STATISTICS
7436 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7437 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7438#endif
7439 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7440 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7441#ifdef VBOX_WITH_STATISTICS
7442 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7443 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7444#endif
7445 }
7446#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7447 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7448 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7449 /** @todo STAMUNIT_MICROSECS */
7450 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7451 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7452 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7453 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7454 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7455 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7456 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7457 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7458 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7459 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7460#endif /* VBOX_WITH_STATISTICS */
7461
7462 /* Initialize per-controller critical section */
7463 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA#%u", i);
7464 if (RT_FAILURE(rc))
7465 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
7466 }
7467
7468 /*
7469 * Attach status driver (optional).
7470 */
7471 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7472 if (RT_SUCCESS(rc))
7473 {
7474 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7475 pThis->pMediaNotify = PDMIBASE_QUERY_INTERFACE(pBase, PDMIMEDIANOTIFY);
7476 }
7477 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7478 {
7479 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7480 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7481 }
7482
7483 /*
7484 * Attach the units.
7485 */
7486 uint32_t cbTotalBuffer = 0;
7487 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7488 {
7489 PATACONTROLLER pCtl = &pThis->aCts[i];
7490
7491 /*
7492 * Start the worker thread.
7493 */
7494 pCtl->uAsyncIOState = ATA_AIO_NEW;
7495 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
7496 AssertLogRelRCReturn(rc, rc);
7497 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7498 AssertLogRelRCReturn(rc, rc);
7499 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
7500 AssertLogRelRCReturn(rc, rc);
7501 ataAsyncIOClearRequests(pCtl);
7502 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
7503 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7504 AssertLogRelRCReturn(rc, rc);
7505 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
7506 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
7507
7508 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7509 {
7510 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7511 {
7512 { "Primary Master", "Primary Slave" },
7513 { "Secondary Master", "Secondary Slave" }
7514 };
7515
7516 /*
7517 * Try attach the block device and get the interfaces,
7518 * required as well as optional.
7519 */
7520 ATADevState *pIf = &pCtl->aIfs[j];
7521
7522 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7523 if (RT_SUCCESS(rc))
7524 {
7525 rc = ataConfigLun(pDevIns, pIf);
7526 if (RT_SUCCESS(rc))
7527 {
7528 /*
7529 * Init vendor product data.
7530 */
7531 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7532 {
7533 { "PrimaryMaster", "PrimarySlave" },
7534 { "SecondaryMaster", "SecondarySlave" }
7535 };
7536
7537 /* Generate a default serial number. */
7538 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7539 RTUUID Uuid;
7540 if (pIf->pDrvBlock)
7541 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
7542 else
7543 RTUuidClear(&Uuid);
7544
7545 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7546 {
7547 /* Generate a predictable serial for drives which don't have a UUID. */
7548 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7549 pIf->iLUN + pDevIns->iInstance * 32,
7550 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7551 }
7552 else
7553 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7554
7555 /* Get user config if present using defaults otherwise. */
7556 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7557 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7558 szSerial);
7559 if (RT_FAILURE(rc))
7560 {
7561 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7562 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7563 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7564 return PDMDEV_SET_ERROR(pDevIns, rc,
7565 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7566 }
7567
7568 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7569 "1.0");
7570 if (RT_FAILURE(rc))
7571 {
7572 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7573 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7574 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7575 return PDMDEV_SET_ERROR(pDevIns, rc,
7576 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7577 }
7578
7579 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7580 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7581 if (RT_FAILURE(rc))
7582 {
7583 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7584 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7585 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7586 return PDMDEV_SET_ERROR(pDevIns, rc,
7587 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7588 }
7589
7590 rc = CFGMR3QueryBoolDef(pCfgNode, "NonRotationalMedium", &pIf->fNonRotational, false);
7591 if (RT_FAILURE(rc))
7592 return PDMDEV_SET_ERROR(pDevIns, rc,
7593 N_("PIIX3 configuration error: failed to read \"NonRotationalMedium\" as boolean"));
7594
7595 /* There are three other identification strings for CD drives used for INQUIRY */
7596 if (pIf->fATAPI)
7597 {
7598 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7599 "VBOX");
7600 if (RT_FAILURE(rc))
7601 {
7602 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7603 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7604 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7605 return PDMDEV_SET_ERROR(pDevIns, rc,
7606 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7607 }
7608
7609 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7610 "CD-ROM");
7611 if (RT_FAILURE(rc))
7612 {
7613 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7614 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7615 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7616 return PDMDEV_SET_ERROR(pDevIns, rc,
7617 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7618 }
7619
7620 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7621 "1.0");
7622 if (RT_FAILURE(rc))
7623 {
7624 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7625 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7626 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7627 return PDMDEV_SET_ERROR(pDevIns, rc,
7628 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7629 }
7630
7631 rc = CFGMR3QueryBoolDef(pCfgNode, "OverwriteInquiry", &pIf->fOverwriteInquiry, true);
7632 if (RT_FAILURE(rc))
7633 return PDMDEV_SET_ERROR(pDevIns, rc,
7634 N_("PIIX3 configuration error: failed to read \"OverwriteInquiry\" as boolean"));
7635 }
7636 }
7637
7638 }
7639 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7640 {
7641 pIf->pDrvBase = NULL;
7642 pIf->pDrvBlock = NULL;
7643 pIf->cbIOBuffer = 0;
7644 pIf->pbIOBufferR3 = NULL;
7645 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7646 pIf->pbIOBufferRC = NIL_RTGCPTR;
7647 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7648 }
7649 else
7650 {
7651 switch (rc)
7652 {
7653 case VERR_ACCESS_DENIED:
7654 /* Error already cached by DrvHostBase */
7655 return rc;
7656 default:
7657 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7658 N_("PIIX3 cannot attach drive to the %s"),
7659 s_apszDescs[i][j]);
7660 }
7661 }
7662 cbTotalBuffer += pIf->cbIOBuffer;
7663 }
7664 }
7665
7666 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7667 NULL, ataLiveExec, NULL,
7668 ataSaveLoadPrep, ataSaveExec, NULL,
7669 ataSaveLoadPrep, ataLoadExec, NULL);
7670 if (RT_FAILURE(rc))
7671 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7672
7673 /*
7674 * Initialize the device state.
7675 */
7676 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7677}
7678
7679
7680/**
7681 * The device registration structure.
7682 */
7683const PDMDEVREG g_DevicePIIX3IDE =
7684{
7685 /* u32Version */
7686 PDM_DEVREG_VERSION,
7687 /* szName */
7688 "piix3ide",
7689 /* szRCMod */
7690 "VBoxDDGC.gc",
7691 /* szR0Mod */
7692 "VBoxDDR0.r0",
7693 /* pszDescription */
7694 "Intel PIIX3 ATA controller.\n"
7695 " LUN #0 is primary master.\n"
7696 " LUN #1 is primary slave.\n"
7697 " LUN #2 is secondary master.\n"
7698 " LUN #3 is secondary slave.\n"
7699 " LUN #999 is the LED/Status connector.",
7700 /* fFlags */
7701 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7702 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7703 /* fClass */
7704 PDM_DEVREG_CLASS_STORAGE,
7705 /* cMaxInstances */
7706 1,
7707 /* cbInstance */
7708 sizeof(PCIATAState),
7709 /* pfnConstruct */
7710 ataR3Construct,
7711 /* pfnDestruct */
7712 ataR3Destruct,
7713 /* pfnRelocate */
7714 ataR3Relocate,
7715 /* pfnIOCtl */
7716 NULL,
7717 /* pfnPowerOn */
7718 NULL,
7719 /* pfnReset */
7720 ataR3Reset,
7721 /* pfnSuspend */
7722 ataR3Suspend,
7723 /* pfnResume */
7724 ataR3Resume,
7725 /* pfnAttach */
7726 ataR3Attach,
7727 /* pfnDetach */
7728 ataR3Detach,
7729 /* pfnQueryInterface. */
7730 NULL,
7731 /* pfnInitComplete */
7732 NULL,
7733 /* pfnPowerOff */
7734 ataR3PowerOff,
7735 /* pfnSoftReset */
7736 NULL,
7737 /* u32VersionEnd */
7738 PDM_DEVREG_VERSION
7739};
7740#endif /* IN_RING3 */
7741#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette