VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 49890

Last change on this file since 49890 was 48744, checked in by vboxsync, 11 years ago

Devices/Storage: Support different sector sizes, booting from images with a sector size != 512 is not supported

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 290.3 KB
Line 
1/* $Id: DevATA.cpp 48744 2013-09-27 18:21:23Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2013 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "ATAPIPassthrough.h"
63#include "VBoxDD.h"
64
65/*******************************************************************************
66* Defined Constants And Macros *
67*******************************************************************************/
68/**
69 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
70 * Set to 1 to disable multi-sector read support. According to the ATA
71 * specification this must be a power of 2 and it must fit in an 8 bit
72 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
73 */
74#define ATA_MAX_MULT_SECTORS 128
75
76/**
77 * Fastest PIO mode supported by the drive.
78 */
79#define ATA_PIO_MODE_MAX 4
80/**
81 * Fastest MDMA mode supported by the drive.
82 */
83#define ATA_MDMA_MODE_MAX 2
84/**
85 * Fastest UDMA mode supported by the drive.
86 */
87#define ATA_UDMA_MODE_MAX 6
88
89/** ATAPI sense info size. */
90#define ATAPI_SENSE_SIZE 64
91
92/** The maximum number of release log entries per device. */
93#define MAX_LOG_REL_ERRORS 1024
94
95/* MediaEventStatus */
96#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
97#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
98#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
99#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
100#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
101
102/* Media track type */
103#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
104#define ATA_MEDIA_NO_DISC 0x70 /**< Door closed, no medium */
105
106/*******************************************************************************
107* Structures and Typedefs *
108*******************************************************************************/
109/**
110 * The state of an ATA device.
111 *
112 * @implements PDMIBASE
113 * @implements PDMIBLOCKPORT
114 * @implements PDMIMOUNTNOTIFY
115 */
116typedef struct ATADevState
117{
118 /** Flag indicating whether the current command uses LBA48 mode. */
119 bool fLBA48;
120 /** Flag indicating whether this drive implements the ATAPI command set. */
121 bool fATAPI;
122 /** Set if this interface has asserted the IRQ. */
123 bool fIrqPending;
124 /** Currently configured number of sectors in a multi-sector transfer. */
125 uint8_t cMultSectors;
126 /** PCHS disk geometry. */
127 PDMMEDIAGEOMETRY PCHSGeometry;
128 /** Total number of sectors on this disk. */
129 uint64_t cTotalSectors;
130 /** Sector size of the medium. */
131 uint32_t cbSector;
132 /** Number of sectors to transfer per IRQ. */
133 uint32_t cSectorsPerIRQ;
134
135 /** ATA/ATAPI register 1: feature (write-only). */
136 uint8_t uATARegFeature;
137 /** ATA/ATAPI register 1: feature, high order byte. */
138 uint8_t uATARegFeatureHOB;
139 /** ATA/ATAPI register 1: error (read-only). */
140 uint8_t uATARegError;
141 /** ATA/ATAPI register 2: sector count (read/write). */
142 uint8_t uATARegNSector;
143 /** ATA/ATAPI register 2: sector count, high order byte. */
144 uint8_t uATARegNSectorHOB;
145 /** ATA/ATAPI register 3: sector (read/write). */
146 uint8_t uATARegSector;
147 /** ATA/ATAPI register 3: sector, high order byte. */
148 uint8_t uATARegSectorHOB;
149 /** ATA/ATAPI register 4: cylinder low (read/write). */
150 uint8_t uATARegLCyl;
151 /** ATA/ATAPI register 4: cylinder low, high order byte. */
152 uint8_t uATARegLCylHOB;
153 /** ATA/ATAPI register 5: cylinder high (read/write). */
154 uint8_t uATARegHCyl;
155 /** ATA/ATAPI register 5: cylinder high, high order byte. */
156 uint8_t uATARegHCylHOB;
157 /** ATA/ATAPI register 6: select drive/head (read/write). */
158 uint8_t uATARegSelect;
159 /** ATA/ATAPI register 7: status (read-only). */
160 uint8_t uATARegStatus;
161 /** ATA/ATAPI register 7: command (write-only). */
162 uint8_t uATARegCommand;
163 /** ATA/ATAPI drive control register (write-only). */
164 uint8_t uATARegDevCtl;
165
166 /** Currently active transfer mode (MDMA/UDMA) and speed. */
167 uint8_t uATATransferMode;
168 /** Current transfer direction. */
169 uint8_t uTxDir;
170 /** Index of callback for begin transfer. */
171 uint8_t iBeginTransfer;
172 /** Index of callback for source/sink of data. */
173 uint8_t iSourceSink;
174 /** Flag indicating whether the current command transfers data in DMA mode. */
175 bool fDMA;
176 /** Set to indicate that ATAPI transfer semantics must be used. */
177 bool fATAPITransfer;
178
179 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
180 uint32_t cbTotalTransfer;
181 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
182 uint32_t cbElementaryTransfer;
183 /** Maximum ATAPI elementary transfer size, PIO only. */
184 uint32_t cbPIOTransferLimit;
185 /** Current read/write buffer position, shared PIO/DMA. */
186 uint32_t iIOBufferCur;
187 /** First element beyond end of valid buffer content, shared PIO/DMA. */
188 uint32_t iIOBufferEnd;
189
190 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
191 uint32_t iIOBufferPIODataStart;
192 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
193 uint32_t iIOBufferPIODataEnd;
194
195 /** ATAPI current LBA position. */
196 uint32_t iATAPILBA;
197 /** ATAPI current sector size. */
198 uint32_t cbATAPISector;
199 /** ATAPI current command. */
200 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
201 /** ATAPI sense data. */
202 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
203 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
204 uint8_t cNotifiedMediaChange;
205 /** The same for GET_EVENT_STATUS for mechanism */
206 volatile uint32_t MediaEventStatus;
207
208 /** Media type if known. */
209 volatile uint32_t MediaTrackType;
210
211 /** The status LED state for this drive. */
212 PDMLED Led;
213
214 /** Size of I/O buffer. */
215 uint32_t cbIOBuffer;
216 /** Pointer to the I/O buffer. */
217 R3PTRTYPE(uint8_t *) pbIOBufferR3;
218 /** Pointer to the I/O buffer. */
219 R0PTRTYPE(uint8_t *) pbIOBufferR0;
220 /** Pointer to the I/O buffer. */
221 RCPTRTYPE(uint8_t *) pbIOBufferRC;
222
223 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
224
225 /*
226 * No data that is part of the saved state after this point!!!!!
227 */
228
229 /* Release statistics: number of ATA DMA commands. */
230 STAMCOUNTER StatATADMA;
231 /* Release statistics: number of ATA PIO commands. */
232 STAMCOUNTER StatATAPIO;
233 /* Release statistics: number of ATAPI PIO commands. */
234 STAMCOUNTER StatATAPIDMA;
235 /* Release statistics: number of ATAPI PIO commands. */
236 STAMCOUNTER StatATAPIPIO;
237#ifdef VBOX_INSTRUMENT_DMA_WRITES
238 /* Release statistics: number of DMA sector writes and the time spent. */
239 STAMPROFILEADV StatInstrVDWrites;
240#endif
241
242 /** Statistics: number of read operations and the time spent reading. */
243 STAMPROFILEADV StatReads;
244 /** Statistics: number of bytes read. */
245 STAMCOUNTER StatBytesRead;
246 /** Statistics: number of write operations and the time spent writing. */
247 STAMPROFILEADV StatWrites;
248 /** Statistics: number of bytes written. */
249 STAMCOUNTER StatBytesWritten;
250 /** Statistics: number of flush operations and the time spend flushing. */
251 STAMPROFILE StatFlushes;
252
253 /** Mark the drive as having a non-rotational medium (i.e. as a SSD). */
254 bool fNonRotational;
255 /** Enable passing through commands directly to the ATAPI drive. */
256 bool fATAPIPassthrough;
257 /** Flag whether to overwrite inquiry data in passthrough mode. */
258 bool fOverwriteInquiry;
259 /** Number of errors we've reported to the release log.
260 * This is to prevent flooding caused by something going horribly wrong.
261 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
262 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
263 uint32_t cErrors;
264 /** Timestamp of last started command. 0 if no command pending. */
265 uint64_t u64CmdTS;
266
267 /** Pointer to the attached driver's base interface. */
268 R3PTRTYPE(PPDMIBASE) pDrvBase;
269 /** Pointer to the attached driver's block interface. */
270 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
271 /** Pointer to the attached driver's block bios interface. */
272 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
273 /** Pointer to the attached driver's mount interface.
274 * This is NULL if the driver isn't a removable unit. */
275 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
276 /** The base interface. */
277 PDMIBASE IBase;
278 /** The block port interface. */
279 PDMIBLOCKPORT IPort;
280 /** The mount notify interface. */
281 PDMIMOUNTNOTIFY IMountNotify;
282 /** The LUN #. */
283 RTUINT iLUN;
284 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
285 /** Pointer to device instance. */
286 PPDMDEVINSR3 pDevInsR3;
287 /** Pointer to controller instance. */
288 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
289 /** Pointer to device instance. */
290 PPDMDEVINSR0 pDevInsR0;
291 /** Pointer to controller instance. */
292 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
293 /** Pointer to device instance. */
294 PPDMDEVINSRC pDevInsRC;
295 /** Pointer to controller instance. */
296 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
297
298 /** The serial number to use for IDENTIFY DEVICE commands. */
299 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
300 /** The firmware revision to use for IDENTIFY DEVICE commands. */
301 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
302 /** The model number to use for IDENTIFY DEVICE commands. */
303 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
304 /** The vendor identification string for SCSI INQUIRY commands. */
305 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
306 /** The product identification string for SCSI INQUIRY commands. */
307 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
308 /** The revision string for SCSI INQUIRY commands. */
309 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
310 /** The current tracklist of the loaded medium if passthrough is used. */
311 R3PTRTYPE(PTRACKLIST) pTrackList;
312
313 uint8_t abAlignment4[HC_ARCH_BITS == 64 ? 7 : 3];
314} ATADevState;
315AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
316AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
317AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
318AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
319AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
320AssertCompileSizeAlignment(ATADevState, 8);
321
322
323typedef struct ATATransferRequest
324{
325 uint8_t iIf;
326 uint8_t iBeginTransfer;
327 uint8_t iSourceSink;
328 uint32_t cbTotalTransfer;
329 uint8_t uTxDir;
330} ATATransferRequest;
331
332
333typedef struct ATAAbortRequest
334{
335 uint8_t iIf;
336 bool fResetDrive;
337} ATAAbortRequest;
338
339
340typedef enum
341{
342 /** Begin a new transfer. */
343 ATA_AIO_NEW = 0,
344 /** Continue a DMA transfer. */
345 ATA_AIO_DMA,
346 /** Continue a PIO transfer. */
347 ATA_AIO_PIO,
348 /** Reset the drives on current controller, stop all transfer activity. */
349 ATA_AIO_RESET_ASSERTED,
350 /** Reset the drives on current controller, resume operation. */
351 ATA_AIO_RESET_CLEARED,
352 /** Abort the current transfer of a particular drive. */
353 ATA_AIO_ABORT
354} ATAAIO;
355
356
357typedef struct ATARequest
358{
359 ATAAIO ReqType;
360 union
361 {
362 ATATransferRequest t;
363 ATAAbortRequest a;
364 } u;
365} ATARequest;
366
367
368typedef struct ATACONTROLLER
369{
370 /** The base of the first I/O Port range. */
371 RTIOPORT IOPortBase1;
372 /** The base of the second I/O Port range. (0 if none) */
373 RTIOPORT IOPortBase2;
374 /** The assigned IRQ. */
375 RTUINT irq;
376 /** Access critical section */
377 PDMCRITSECT lock;
378
379 /** Selected drive. */
380 uint8_t iSelectedIf;
381 /** The interface on which to handle async I/O. */
382 uint8_t iAIOIf;
383 /** The state of the async I/O thread. */
384 uint8_t uAsyncIOState;
385 /** Flag indicating whether the next transfer is part of the current command. */
386 bool fChainedTransfer;
387 /** Set when the reset processing is currently active on this controller. */
388 bool fReset;
389 /** Flag whether the current transfer needs to be redone. */
390 bool fRedo;
391 /** Flag whether the redo suspend has been finished. */
392 bool fRedoIdle;
393 /** Flag whether the DMA operation to be redone is the final transfer. */
394 bool fRedoDMALastDesc;
395 /** The BusMaster DMA state. */
396 BMDMAState BmDma;
397 /** Pointer to first DMA descriptor. */
398 RTGCPHYS32 pFirstDMADesc;
399 /** Pointer to last DMA descriptor. */
400 RTGCPHYS32 pLastDMADesc;
401 /** Pointer to current DMA buffer (for redo operations). */
402 RTGCPHYS32 pRedoDMABuffer;
403 /** Size of current DMA buffer (for redo operations). */
404 uint32_t cbRedoDMABuffer;
405
406 /** The ATA/ATAPI interfaces of this controller. */
407 ATADevState aIfs[2];
408
409 /** Pointer to device instance. */
410 PPDMDEVINSR3 pDevInsR3;
411 /** Pointer to device instance. */
412 PPDMDEVINSR0 pDevInsR0;
413 /** Pointer to device instance. */
414 PPDMDEVINSRC pDevInsRC;
415
416 /** Set when the destroying the device instance and the thread must exit. */
417 uint32_t volatile fShutdown;
418 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
419 RTTHREAD AsyncIOThread;
420 /** The event semaphore the thread is waiting on for requests. */
421 RTSEMEVENT AsyncIOSem;
422 /** The request queue for the AIO thread. One element is always unused. */
423 ATARequest aAsyncIORequests[4];
424 /** The position at which to insert a new request for the AIO thread. */
425 volatile uint8_t AsyncIOReqHead;
426 /** The position at which to get a new request for the AIO thread. */
427 volatile uint8_t AsyncIOReqTail;
428 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
429 bool volatile fSignalIdle;
430 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
431 /** Magic delay before triggering interrupts in DMA mode. */
432 uint32_t DelayIRQMillies;
433 /** The mutex protecting the request queue. */
434 RTSEMMUTEX AsyncIORequestMutex;
435 /** The event semaphore the thread is waiting on during suspended I/O. */
436 RTSEMEVENT SuspendIOSem;
437#if 0 /*HC_ARCH_BITS == 32*/
438 uint32_t Alignment0;
439#endif
440
441 /** Timestamp we started the reset. */
442 uint64_t u64ResetTime;
443
444 /* Statistics */
445 STAMCOUNTER StatAsyncOps;
446 uint64_t StatAsyncMinWait;
447 uint64_t StatAsyncMaxWait;
448 STAMCOUNTER StatAsyncTimeUS;
449 STAMPROFILEADV StatAsyncTime;
450 STAMPROFILE StatLockWait;
451} ATACONTROLLER, *PATACONTROLLER;
452AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
453AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
456
457typedef enum CHIPSET
458{
459 /** PIIX3 chipset, must be 0 for saved state compatibility */
460 CHIPSET_PIIX3 = 0,
461 /** PIIX4 chipset, must be 1 for saved state compatibility */
462 CHIPSET_PIIX4 = 1,
463 /** ICH6 chipset */
464 CHIPSET_ICH6 = 2
465} CHIPSET;
466
467/**
468 * The state of the ATA PCI device.
469 *
470 * @extends PCIDEVICE
471 * @implements PDMILEDPORTS
472 */
473typedef struct PCIATAState
474{
475 PCIDEVICE dev;
476 /** The controllers. */
477 ATACONTROLLER aCts[2];
478 /** Pointer to device instance. */
479 PPDMDEVINSR3 pDevIns;
480 /** Status LUN: Base interface. */
481 PDMIBASE IBase;
482 /** Status LUN: Leds interface. */
483 PDMILEDPORTS ILeds;
484 /** Status LUN: Partner of ILeds. */
485 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
486 /** Status LUN: Media Notify. */
487 R3PTRTYPE(PPDMIMEDIANOTIFY) pMediaNotify;
488 /** Flag whether GC is enabled. */
489 bool fGCEnabled;
490 /** Flag whether R0 is enabled. */
491 bool fR0Enabled;
492 /** Flag indicating chipset being emulated. */
493 uint8_t u8Type;
494 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
495} PCIATAState;
496
497#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
498#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
499#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
500#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
501#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
502#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
503
504#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
505
506#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
507#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
508#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
509#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
510#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
511
512#ifndef VBOX_DEVICE_STRUCT_TESTCASE
513/*******************************************************************************
514 * Internal Functions *
515 ******************************************************************************/
516RT_C_DECLS_BEGIN
517PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
518PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
521PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
522PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
523PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
524PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
525RT_C_DECLS_END
526
527
528
529DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
530{
531 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
532
533 /* Freeze status register contents while processing RESET. */
534 if (!pCtl->fReset)
535 {
536 s->uATARegStatus = stat;
537 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
538 }
539}
540
541
542DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
543{
544 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
545
546 /* Freeze status register contents while processing RESET. */
547 if (!pCtl->fReset)
548 {
549 s->uATARegStatus |= stat;
550 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
551 }
552}
553
554
555DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
556{
557 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
558
559 /* Freeze status register contents while processing RESET. */
560 if (!pCtl->fReset)
561 {
562 s->uATARegStatus &= ~stat;
563 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
564 }
565}
566
567#ifdef IN_RING3
568
569typedef void (*PBeginTransferFunc)(ATADevState *);
570typedef bool (*PSourceSinkFunc)(ATADevState *);
571
572static void ataReadWriteSectorsBT(ATADevState *);
573static void ataPacketBT(ATADevState *);
574static void atapiCmdBT(ATADevState *);
575static void atapiPassthroughCmdBT(ATADevState *);
576
577static bool ataIdentifySS(ATADevState *);
578static bool ataFlushSS(ATADevState *);
579static bool ataReadSectorsSS(ATADevState *);
580static bool ataWriteSectorsSS(ATADevState *);
581static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
582static bool ataTrimSS(ATADevState *);
583static bool ataPacketSS(ATADevState *);
584static bool atapiGetConfigurationSS(ATADevState *);
585static bool atapiGetEventStatusNotificationSS(ATADevState *);
586static bool atapiIdentifySS(ATADevState *);
587static bool atapiInquirySS(ATADevState *);
588static bool atapiMechanismStatusSS(ATADevState *);
589static bool atapiModeSenseErrorRecoverySS(ATADevState *);
590static bool atapiModeSenseCDStatusSS(ATADevState *);
591static bool atapiReadSS(ATADevState *);
592static bool atapiReadCapacitySS(ATADevState *);
593static bool atapiReadDiscInformationSS(ATADevState *);
594static bool atapiReadTOCNormalSS(ATADevState *);
595static bool atapiReadTOCMultiSS(ATADevState *);
596static bool atapiReadTOCRawSS(ATADevState *);
597static bool atapiReadTrackInformationSS(ATADevState *);
598static bool atapiRequestSenseSS(ATADevState *);
599static bool atapiPassthroughSS(ATADevState *);
600static bool atapiReadDVDStructureSS(ATADevState *);
601
602/**
603 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
604 */
605typedef enum ATAFNBT
606{
607 ATAFN_BT_NULL = 0,
608 ATAFN_BT_READ_WRITE_SECTORS,
609 ATAFN_BT_PACKET,
610 ATAFN_BT_ATAPI_CMD,
611 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
612 ATAFN_BT_MAX
613} ATAFNBT;
614
615/**
616 * Array of end transfer functions, the index is ATAFNET.
617 * Make sure ATAFNET and this array match!
618 */
619static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
620{
621 NULL,
622 ataReadWriteSectorsBT,
623 ataPacketBT,
624 atapiCmdBT,
625 atapiPassthroughCmdBT,
626};
627
628/**
629 * Source/sink function indexes for g_apfnSourceSinkFuncs.
630 */
631typedef enum ATAFNSS
632{
633 ATAFN_SS_NULL = 0,
634 ATAFN_SS_IDENTIFY,
635 ATAFN_SS_FLUSH,
636 ATAFN_SS_READ_SECTORS,
637 ATAFN_SS_WRITE_SECTORS,
638 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
639 ATAFN_SS_TRIM,
640 ATAFN_SS_PACKET,
641 ATAFN_SS_ATAPI_GET_CONFIGURATION,
642 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
643 ATAFN_SS_ATAPI_IDENTIFY,
644 ATAFN_SS_ATAPI_INQUIRY,
645 ATAFN_SS_ATAPI_MECHANISM_STATUS,
646 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
647 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
648 ATAFN_SS_ATAPI_READ,
649 ATAFN_SS_ATAPI_READ_CAPACITY,
650 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
651 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
652 ATAFN_SS_ATAPI_READ_TOC_MULTI,
653 ATAFN_SS_ATAPI_READ_TOC_RAW,
654 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
655 ATAFN_SS_ATAPI_REQUEST_SENSE,
656 ATAFN_SS_ATAPI_PASSTHROUGH,
657 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
658 ATAFN_SS_MAX
659} ATAFNSS;
660
661/**
662 * Array of source/sink functions, the index is ATAFNSS.
663 * Make sure ATAFNSS and this array match!
664 */
665static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
666{
667 NULL,
668 ataIdentifySS,
669 ataFlushSS,
670 ataReadSectorsSS,
671 ataWriteSectorsSS,
672 ataExecuteDeviceDiagnosticSS,
673 ataTrimSS,
674 ataPacketSS,
675 atapiGetConfigurationSS,
676 atapiGetEventStatusNotificationSS,
677 atapiIdentifySS,
678 atapiInquirySS,
679 atapiMechanismStatusSS,
680 atapiModeSenseErrorRecoverySS,
681 atapiModeSenseCDStatusSS,
682 atapiReadSS,
683 atapiReadCapacitySS,
684 atapiReadDiscInformationSS,
685 atapiReadTOCNormalSS,
686 atapiReadTOCMultiSS,
687 atapiReadTOCRawSS,
688 atapiReadTrackInformationSS,
689 atapiRequestSenseSS,
690 atapiPassthroughSS,
691 atapiReadDVDStructureSS
692};
693
694
695static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
696static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
697static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
698static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
699
700static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
701{
702 int rc;
703
704 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
705 AssertRC(rc);
706 pCtl->AsyncIOReqHead = 0;
707 pCtl->AsyncIOReqTail = 0;
708 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
709 AssertRC(rc);
710}
711
712
713static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
714{
715 int rc;
716
717 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
718 AssertRC(rc);
719 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
720 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
721 pCtl->AsyncIOReqHead++;
722 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
723 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
724 AssertRC(rc);
725 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
726 if (RT_FAILURE(rc))
727 {
728 rc = RTSemEventSignal(pCtl->AsyncIOSem);
729 AssertRC(rc);
730 }
731}
732
733
734static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
735{
736 int rc;
737 const ATARequest *pReq;
738
739 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
740 AssertRC(rc);
741 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
742 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
743 else
744 pReq = NULL;
745 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
746 AssertRC(rc);
747 return pReq;
748}
749
750
751/**
752 * Remove the request with the given type, as it's finished. The request
753 * is not removed blindly, as this could mean a RESET request that is not
754 * yet processed (but has cleared the request queue) is lost.
755 *
756 * @param pCtl Controller for which to remove the request.
757 * @param ReqType Type of the request to remove.
758 */
759static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
760{
761 int rc;
762
763 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
764 AssertRC(rc);
765 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
766 {
767 pCtl->AsyncIOReqTail++;
768 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
769 }
770 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
771 AssertRC(rc);
772}
773
774
775/**
776 * Dump the request queue for a particular controller. First dump the queue
777 * contents, then the already processed entries, as long as they haven't been
778 * overwritten.
779 *
780 * @param pCtl Controller for which to dump the queue.
781 */
782static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
783{
784 int rc;
785 uint8_t curr;
786
787 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
788 AssertRC(rc);
789 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
790 curr = pCtl->AsyncIOReqTail;
791 do
792 {
793 if (curr == pCtl->AsyncIOReqHead)
794 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
795 switch (pCtl->aAsyncIORequests[curr].ReqType)
796 {
797 case ATA_AIO_NEW:
798 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
799 break;
800 case ATA_AIO_DMA:
801 LogRel(("dma transfer continuation\n"));
802 break;
803 case ATA_AIO_PIO:
804 LogRel(("pio transfer continuation\n"));
805 break;
806 case ATA_AIO_RESET_ASSERTED:
807 LogRel(("reset asserted request\n"));
808 break;
809 case ATA_AIO_RESET_CLEARED:
810 LogRel(("reset cleared request\n"));
811 break;
812 case ATA_AIO_ABORT:
813 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
814 break;
815 default:
816 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
817 }
818 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
819 } while (curr != pCtl->AsyncIOReqTail);
820 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
821 AssertRC(rc);
822}
823
824
825/**
826 * Checks whether the request queue for a particular controller is empty
827 * or whether a particular controller is idle.
828 *
829 * @param pCtl Controller for which to check the queue.
830 * @param fStrict If set then the controller is checked to be idle.
831 */
832static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
833{
834 int rc;
835 bool fIdle;
836
837 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
838 AssertRC(rc);
839 fIdle = pCtl->fRedoIdle;
840 if (!fIdle)
841 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
842 if (fStrict)
843 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
844 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
845 AssertRC(rc);
846 return fIdle;
847}
848
849
850/**
851 * Send a transfer request to the async I/O thread.
852 *
853 * @param s Pointer to the ATA device state data.
854 * @param cbTotalTransfer Data transfer size.
855 * @param uTxDir Data transfer direction.
856 * @param iBeginTransfer Index of BeginTransfer callback.
857 * @param iSourceSink Index of SourceSink callback.
858 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
859 */
860static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
861{
862 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
863 ATARequest Req;
864
865 Assert(PDMCritSectIsOwner(&pCtl->lock));
866
867 /* Do not issue new requests while the RESET line is asserted. */
868 if (pCtl->fReset)
869 {
870 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
871 return;
872 }
873
874 /* If the controller is already doing something else right now, ignore
875 * the command that is being submitted. Some broken guests issue commands
876 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
877 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
878 {
879 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
880 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
881 return;
882 }
883
884 Req.ReqType = ATA_AIO_NEW;
885 if (fChainedTransfer)
886 Req.u.t.iIf = pCtl->iAIOIf;
887 else
888 Req.u.t.iIf = pCtl->iSelectedIf;
889 Req.u.t.cbTotalTransfer = cbTotalTransfer;
890 Req.u.t.uTxDir = uTxDir;
891 Req.u.t.iBeginTransfer = iBeginTransfer;
892 Req.u.t.iSourceSink = iSourceSink;
893 ataSetStatusValue(s, ATA_STAT_BUSY);
894 pCtl->fChainedTransfer = fChainedTransfer;
895
896 /*
897 * Kick the worker thread into action.
898 */
899 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
900 ataAsyncIOPutRequest(pCtl, &Req);
901}
902
903
904/**
905 * Send an abort command request to the async I/O thread.
906 *
907 * @param s Pointer to the ATA device state data.
908 * @param fResetDrive Whether to reset the drive or just abort a command.
909 */
910static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
911{
912 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
913 ATARequest Req;
914
915 Assert(PDMCritSectIsOwner(&pCtl->lock));
916
917 /* Do not issue new requests while the RESET line is asserted. */
918 if (pCtl->fReset)
919 {
920 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
921 return;
922 }
923
924 Req.ReqType = ATA_AIO_ABORT;
925 Req.u.a.iIf = pCtl->iSelectedIf;
926 Req.u.a.fResetDrive = fResetDrive;
927 ataSetStatus(s, ATA_STAT_BUSY);
928 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
929 ataAsyncIOPutRequest(pCtl, &Req);
930}
931
932
933static void ataSetIRQ(ATADevState *s)
934{
935 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
936 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
937
938 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
939 {
940 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
941 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
942 * line is asserted. It monitors the line for a rising edge. */
943 if (!s->fIrqPending)
944 pCtl->BmDma.u8Status |= BM_STATUS_INT;
945 /* Only actually set the IRQ line if updating the currently selected drive. */
946 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
947 {
948 /** @todo experiment with adaptive IRQ delivery: for reads it is
949 * better to wait for IRQ delivery, as it reduces latency. */
950 if (pCtl->irq == 16)
951 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
952 else
953 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
954 }
955 }
956 s->fIrqPending = true;
957}
958
959#endif /* IN_RING3 */
960
961static void ataUnsetIRQ(ATADevState *s)
962{
963 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
964 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
965
966 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
967 {
968 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
969 /* Only actually unset the IRQ line if updating the currently selected drive. */
970 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
971 {
972 if (pCtl->irq == 16)
973 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
974 else
975 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
976 }
977 }
978 s->fIrqPending = false;
979}
980
981#ifdef IN_RING3
982
983static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
984{
985 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
986 s->iIOBufferPIODataStart = start;
987 s->iIOBufferPIODataEnd = start + size;
988 ataSetStatus(s, ATA_STAT_DRQ | ATA_STAT_SEEK);
989 ataUnsetStatus(s, ATA_STAT_BUSY);
990}
991
992
993static void ataPIOTransferStop(ATADevState *s)
994{
995 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
996 if (s->fATAPITransfer)
997 {
998 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
999 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1000 ataSetIRQ(s);
1001 s->fATAPITransfer = false;
1002 }
1003 s->cbTotalTransfer = 0;
1004 s->cbElementaryTransfer = 0;
1005 s->iIOBufferPIODataStart = 0;
1006 s->iIOBufferPIODataEnd = 0;
1007 s->iBeginTransfer = ATAFN_BT_NULL;
1008 s->iSourceSink = ATAFN_SS_NULL;
1009}
1010
1011
1012static void ataPIOTransferLimitATAPI(ATADevState *s)
1013{
1014 uint32_t cbLimit, cbTransfer;
1015
1016 cbLimit = s->cbPIOTransferLimit;
1017 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1018 if (cbLimit == 0)
1019 cbLimit = 0xfffe;
1020 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1021 if (cbLimit == 0xffff)
1022 cbLimit--;
1023 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1024 if (cbTransfer > cbLimit)
1025 {
1026 /* Byte count limit for clipping must be even in this case */
1027 if (cbLimit & 1)
1028 cbLimit--;
1029 cbTransfer = cbLimit;
1030 }
1031 s->uATARegLCyl = cbTransfer;
1032 s->uATARegHCyl = cbTransfer >> 8;
1033 s->cbElementaryTransfer = cbTransfer;
1034}
1035
1036
1037static uint32_t ataGetNSectors(ATADevState *s)
1038{
1039 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1040 if (s->fLBA48)
1041 {
1042 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1043 return 65536;
1044 else
1045 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1046 }
1047 else
1048 {
1049 if (!s->uATARegNSector)
1050 return 256;
1051 else
1052 return s->uATARegNSector;
1053 }
1054}
1055
1056
1057static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1058{
1059 for (uint32_t i = 0; i < cbSize; i++)
1060 {
1061 if (*pbSrc)
1062 pbDst[i ^ 1] = *pbSrc++;
1063 else
1064 pbDst[i ^ 1] = ' ';
1065 }
1066}
1067
1068
1069static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1070{
1071 for (uint32_t i = 0; i < cbSize; i++)
1072 {
1073 if (*pbSrc)
1074 pbDst[i] = *pbSrc++;
1075 else
1076 pbDst[i] = ' ';
1077 }
1078}
1079
1080
1081DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1082{
1083 pbBuf[0] = val >> 8;
1084 pbBuf[1] = val;
1085}
1086
1087
1088DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1089{
1090 pbBuf[0] = val >> 16;
1091 pbBuf[1] = val >> 8;
1092 pbBuf[2] = val;
1093}
1094
1095
1096DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1097{
1098 pbBuf[0] = val >> 24;
1099 pbBuf[1] = val >> 16;
1100 pbBuf[2] = val >> 8;
1101 pbBuf[3] = val;
1102}
1103
1104
1105DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 8) | pbBuf[1];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1114}
1115
1116
1117DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1118{
1119 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1120}
1121
1122
1123DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1124{
1125 iATAPILBA += 150;
1126 pbBuf[0] = (iATAPILBA / 75) / 60;
1127 pbBuf[1] = (iATAPILBA / 75) % 60;
1128 pbBuf[2] = iATAPILBA % 75;
1129}
1130
1131
1132DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1133{
1134 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1135}
1136
1137/**
1138 * Compares two MSF values.
1139 *
1140 * @returns 1 if the first value is greater than the second value.
1141 * 0 if both are equal
1142 * -1 if the first value is smaller than the second value.
1143 */
1144DECLINLINE(int) atapiCmpMSF(const uint8_t *pbMSF1, const uint8_t *pbMSF2)
1145{
1146 int iRes = 0;
1147
1148 for (unsigned i = 0; i < 3; i++)
1149 {
1150 if (pbMSF1[i] < pbMSF2[i])
1151 {
1152 iRes = -1;
1153 break;
1154 }
1155 else if (pbMSF1[i] > pbMSF2[i])
1156 {
1157 iRes = 1;
1158 break;
1159 }
1160 }
1161
1162 return iRes;
1163}
1164
1165static void ataCmdOK(ATADevState *s, uint8_t status)
1166{
1167 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1168 ataSetStatusValue(s, ATA_STAT_READY | status);
1169}
1170
1171
1172static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1173{
1174 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1175 Assert(uErrorCode);
1176 s->uATARegError = uErrorCode;
1177 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1178 s->cbTotalTransfer = 0;
1179 s->cbElementaryTransfer = 0;
1180 s->iIOBufferCur = 0;
1181 s->iIOBufferEnd = 0;
1182 s->uTxDir = PDMBLOCKTXDIR_NONE;
1183 s->iBeginTransfer = ATAFN_BT_NULL;
1184 s->iSourceSink = ATAFN_SS_NULL;
1185}
1186
1187static uint32_t ataChecksum(void* ptr, size_t count)
1188{
1189 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1190 size_t i;
1191
1192 for (i = 0; i < count; i++)
1193 {
1194 u8Sum += *p++;
1195 }
1196
1197 return (uint8_t)-(int32_t)u8Sum;
1198}
1199
1200static bool ataIdentifySS(ATADevState *s)
1201{
1202 uint16_t *p;
1203
1204 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1205 Assert(s->cbElementaryTransfer == 512);
1206
1207 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1208 memset(p, 0, 512);
1209 p[0] = RT_H2LE_U16(0x0040);
1210 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1211 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1212 /* Block size; obsolete, but required for the BIOS. */
1213 p[5] = RT_H2LE_U16(s->cbSector);
1214 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1215 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1216 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1217 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1218 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1219 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1220 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1221#if ATA_MAX_MULT_SECTORS > 1
1222 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1223#endif
1224 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1225 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1226 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1227 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1228 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1229 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1230 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1231 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1232 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1233 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1234 * s->PCHSGeometry.cHeads
1235 * s->PCHSGeometry.cSectors);
1236 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1237 * s->PCHSGeometry.cHeads
1238 * s->PCHSGeometry.cSectors >> 16);
1239 if (s->cMultSectors)
1240 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1241 if (s->cTotalSectors <= (1 << 28) - 1)
1242 {
1243 p[60] = RT_H2LE_U16(s->cTotalSectors);
1244 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1245 }
1246 else
1247 {
1248 /* Report maximum number of sectors possible with LBA28 */
1249 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1250 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1251 }
1252 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1253 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1254 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1255 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1256 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1257 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1258 if ( s->pDrvBlock->pfnDiscard
1259 || s->cbSector != 512
1260 || s->fNonRotational)
1261 {
1262 p[80] = RT_H2LE_U16(0x1f0); /* support everything up to ATA/ATAPI-8 ACS */
1263 p[81] = RT_H2LE_U16(0x28); /* conforms to ATA/ATAPI-8 ACS */
1264 }
1265 else
1266 {
1267 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1268 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1269 }
1270 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1271 if (s->cTotalSectors <= (1 << 28) - 1)
1272 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1273 else
1274 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1275 p[84] = RT_H2LE_U16(1 << 14);
1276 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1277 if (s->cTotalSectors <= (1 << 28) - 1)
1278 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1279 else
1280 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1281 p[87] = RT_H2LE_U16(1 << 14);
1282 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1283 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1284 if (s->cTotalSectors > (1 << 28) - 1)
1285 {
1286 p[100] = RT_H2LE_U16(s->cTotalSectors);
1287 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1288 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1289 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1290 }
1291
1292 if (s->cbSector != 512)
1293 {
1294 uint32_t cSectorSizeInWords = s->cbSector / sizeof(uint16_t);
1295 /* Enable reporting of logical sector size. */
1296 p[106] |= RT_H2LE_U16(RT_BIT(12) | RT_BIT(14));
1297 p[117] = RT_H2LE_U16(cSectorSizeInWords);
1298 p[118] = RT_H2LE_U16(cSectorSizeInWords >> 16);
1299 }
1300
1301 if (s->pDrvBlock->pfnDiscard) /** @todo: Set bit 14 in word 69 too? (Deterministic read after TRIM). */
1302 p[169] = RT_H2LE_U16(1); /* DATA SET MANAGEMENT command supported. */
1303 if (s->fNonRotational)
1304 p[217] = RT_H2LE_U16(1); /* Non-rotational medium */
1305 uint32_t uCsum = ataChecksum(p, 510);
1306 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1307 s->iSourceSink = ATAFN_SS_NULL;
1308 ataCmdOK(s, ATA_STAT_SEEK);
1309 return false;
1310}
1311
1312
1313static bool ataFlushSS(ATADevState *s)
1314{
1315 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1316 int rc;
1317
1318 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1319 Assert(!s->cbElementaryTransfer);
1320
1321 PDMCritSectLeave(&pCtl->lock);
1322
1323 STAM_PROFILE_START(&s->StatFlushes, f);
1324 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1325 AssertRC(rc);
1326 STAM_PROFILE_STOP(&s->StatFlushes, f);
1327
1328 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1329 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1330 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1331 ataCmdOK(s, 0);
1332 return false;
1333}
1334
1335static bool atapiIdentifySS(ATADevState *s)
1336{
1337 uint16_t *p;
1338
1339 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1340 Assert(s->cbElementaryTransfer == 512);
1341
1342 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1343 memset(p, 0, 512);
1344 /* Removable CDROM, 3ms response, 12 byte packets */
1345 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 0 << 5 | 0 << 0);
1346 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1347 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1348 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1349 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1350 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1351 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1352 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1353 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1354 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1355 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1356 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1357 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1358 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1359 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1360 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1361 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1362 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1363 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1364 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1365 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1366 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1367 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1368 p[83] = RT_H2LE_U16(1 << 14);
1369 p[84] = RT_H2LE_U16(1 << 14);
1370 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1371 p[86] = RT_H2LE_U16(0);
1372 p[87] = RT_H2LE_U16(1 << 14);
1373 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1374 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1375 /* According to ATAPI-5 spec:
1376 *
1377 * The use of this word is optional.
1378 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1379 * contain the data
1380 * structure checksum.
1381 * The data structure checksum is the twos complement of the sum of
1382 * all bytes in words 0 through 254 and the byte consisting of
1383 * bits 7:0 in word 255.
1384 * Each byte shall be added with unsigned arithmetic,
1385 * and overflow shall be ignored.
1386 * The sum of all 512 bytes is zero when the checksum is correct.
1387 */
1388 uint32_t uCsum = ataChecksum(p, 510);
1389 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1390
1391 s->iSourceSink = ATAFN_SS_NULL;
1392 ataCmdOK(s, ATA_STAT_SEEK);
1393 return false;
1394}
1395
1396
1397static void ataSetSignature(ATADevState *s)
1398{
1399 s->uATARegSelect &= 0xf0; /* clear head */
1400 /* put signature */
1401 s->uATARegNSector = 1;
1402 s->uATARegSector = 1;
1403 if (s->fATAPI)
1404 {
1405 s->uATARegLCyl = 0x14;
1406 s->uATARegHCyl = 0xeb;
1407 }
1408 else if (s->pDrvBlock)
1409 {
1410 s->uATARegLCyl = 0;
1411 s->uATARegHCyl = 0;
1412 }
1413 else
1414 {
1415 s->uATARegLCyl = 0xff;
1416 s->uATARegHCyl = 0xff;
1417 }
1418}
1419
1420
1421static uint64_t ataGetSector(ATADevState *s)
1422{
1423 uint64_t iLBA;
1424 if (s->uATARegSelect & 0x40)
1425 {
1426 /* any LBA variant */
1427 if (s->fLBA48)
1428 {
1429 /* LBA48 */
1430 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1431 ((uint64_t)s->uATARegLCylHOB << 32) |
1432 ((uint64_t)s->uATARegSectorHOB << 24) |
1433 ((uint64_t)s->uATARegHCyl << 16) |
1434 ((uint64_t)s->uATARegLCyl << 8) |
1435 s->uATARegSector;
1436 }
1437 else
1438 {
1439 /* LBA */
1440 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1441 (s->uATARegLCyl << 8) | s->uATARegSector;
1442 }
1443 }
1444 else
1445 {
1446 /* CHS */
1447 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1448 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1449 (s->uATARegSector - 1);
1450 }
1451 return iLBA;
1452}
1453
1454static void ataSetSector(ATADevState *s, uint64_t iLBA)
1455{
1456 uint32_t cyl, r;
1457 if (s->uATARegSelect & 0x40)
1458 {
1459 /* any LBA variant */
1460 if (s->fLBA48)
1461 {
1462 /* LBA48 */
1463 s->uATARegHCylHOB = iLBA >> 40;
1464 s->uATARegLCylHOB = iLBA >> 32;
1465 s->uATARegSectorHOB = iLBA >> 24;
1466 s->uATARegHCyl = iLBA >> 16;
1467 s->uATARegLCyl = iLBA >> 8;
1468 s->uATARegSector = iLBA;
1469 }
1470 else
1471 {
1472 /* LBA */
1473 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1474 s->uATARegHCyl = (iLBA >> 16);
1475 s->uATARegLCyl = (iLBA >> 8);
1476 s->uATARegSector = (iLBA);
1477 }
1478 }
1479 else
1480 {
1481 /* CHS */
1482 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1483 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1484 s->uATARegHCyl = cyl >> 8;
1485 s->uATARegLCyl = cyl;
1486 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1487 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1488 }
1489}
1490
1491
1492static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1493{
1494 int rc;
1495 LogRel(("PIIX3 ATA: Host disk full\n"));
1496 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1497 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1498 AssertRC(rc);
1499}
1500
1501static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1502{
1503 int rc;
1504 LogRel(("PIIX3 ATA: File too big\n"));
1505 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1506 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1507 AssertRC(rc);
1508}
1509
1510static void ataWarningISCSI(PPDMDEVINS pDevIns)
1511{
1512 int rc;
1513 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1514 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1515 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1516 AssertRC(rc);
1517}
1518
1519static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1520{
1521 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1522 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1523 if (rc == VERR_DISK_FULL)
1524 {
1525 pCtl->fRedoIdle = true;
1526 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1527 return true;
1528 }
1529 if (rc == VERR_FILE_TOO_BIG)
1530 {
1531 pCtl->fRedoIdle = true;
1532 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1533 return true;
1534 }
1535 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1536 {
1537 pCtl->fRedoIdle = true;
1538 /* iSCSI connection abort (first error) or failure to reestablish
1539 * connection (second error). Pause VM. On resume we'll retry. */
1540 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1541 return true;
1542 }
1543 return false;
1544}
1545
1546
1547static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1548 uint32_t cSectors, bool *pfRedo)
1549{
1550 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1551 int rc;
1552
1553 PDMCritSectLeave(&pCtl->lock);
1554
1555 STAM_PROFILE_ADV_START(&s->StatReads, r);
1556 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1557 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1558 s->Led.Actual.s.fReading = 0;
1559 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1560 Log4(("ataReadSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1561 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1562
1563 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * s->cbSector);
1564
1565 if (RT_SUCCESS(rc))
1566 *pfRedo = false;
1567 else
1568 *pfRedo = ataIsRedoSetWarning(s, rc);
1569
1570 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1571 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1572 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1573 return rc;
1574}
1575
1576
1577static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1578 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1579{
1580 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1581 int rc;
1582
1583 PDMCritSectLeave(&pCtl->lock);
1584
1585 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1586 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1587#ifdef VBOX_INSTRUMENT_DMA_WRITES
1588 if (s->fDMA)
1589 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1590#endif
1591 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1592#ifdef VBOX_INSTRUMENT_DMA_WRITES
1593 if (s->fDMA)
1594 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1595#endif
1596 s->Led.Actual.s.fWriting = 0;
1597 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1598 Log4(("ataWriteSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1599 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1600
1601 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * s->cbSector);
1602
1603 if (RT_SUCCESS(rc))
1604 *pfRedo = false;
1605 else
1606 *pfRedo = ataIsRedoSetWarning(s, rc);
1607
1608 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1609 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1610 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1611 return rc;
1612}
1613
1614
1615static void ataReadWriteSectorsBT(ATADevState *s)
1616{
1617 uint32_t cSectors;
1618
1619 cSectors = s->cbTotalTransfer / s->cbSector;
1620 if (cSectors > s->cSectorsPerIRQ)
1621 s->cbElementaryTransfer = s->cSectorsPerIRQ * s->cbSector;
1622 else
1623 s->cbElementaryTransfer = cSectors * s->cbSector;
1624 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1625 ataCmdOK(s, 0);
1626}
1627
1628
1629static bool ataReadSectorsSS(ATADevState *s)
1630{
1631 int rc;
1632 uint32_t cSectors;
1633 uint64_t iLBA;
1634 bool fRedo;
1635
1636 cSectors = s->cbElementaryTransfer / s->cbSector;
1637 Assert(cSectors);
1638 iLBA = ataGetSector(s);
1639 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1640 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1641 if (RT_SUCCESS(rc))
1642 {
1643 ataSetSector(s, iLBA + cSectors);
1644 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1645 s->iSourceSink = ATAFN_SS_NULL;
1646 ataCmdOK(s, ATA_STAT_SEEK);
1647 }
1648 else
1649 {
1650 if (fRedo)
1651 return fRedo;
1652 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1653 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1654 s->iLUN, rc, iLBA, cSectors));
1655
1656 /*
1657 * Check if we got interrupted. We don't need to set status variables
1658 * because the request was aborted.
1659 */
1660 if (rc != VERR_INTERRUPTED)
1661 ataCmdError(s, ID_ERR);
1662 }
1663 return false;
1664}
1665
1666
1667static bool ataWriteSectorsSS(ATADevState *s)
1668{
1669 int rc;
1670 uint32_t cSectors;
1671 uint64_t iLBA;
1672 bool fRedo;
1673
1674 cSectors = s->cbElementaryTransfer / s->cbSector;
1675 Assert(cSectors);
1676 iLBA = ataGetSector(s);
1677 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1678 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1679 if (RT_SUCCESS(rc))
1680 {
1681 ataSetSector(s, iLBA + cSectors);
1682 if (!s->cbTotalTransfer)
1683 s->iSourceSink = ATAFN_SS_NULL;
1684 ataCmdOK(s, ATA_STAT_SEEK);
1685 }
1686 else
1687 {
1688 if (fRedo)
1689 return fRedo;
1690 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1691 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1692 s->iLUN, rc, iLBA, cSectors));
1693
1694 /*
1695 * Check if we got interrupted. We don't need to set status variables
1696 * because the request was aborted.
1697 */
1698 if (rc != VERR_INTERRUPTED)
1699 ataCmdError(s, ID_ERR);
1700 }
1701 return false;
1702}
1703
1704
1705static void atapiCmdOK(ATADevState *s)
1706{
1707 s->uATARegError = 0;
1708 ataSetStatusValue(s, ATA_STAT_READY);
1709 s->uATARegNSector = (s->uATARegNSector & ~7)
1710 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1711 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1712 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1713
1714 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1715 s->abATAPISense[0] = 0x70 | (1 << 7);
1716 s->abATAPISense[7] = 10;
1717}
1718
1719
1720static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1721{
1722 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1723 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1724 s->uATARegError = pabATAPISense[2] << 4;
1725 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1726 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1727 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1728 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1729 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1730 s->cbTotalTransfer = 0;
1731 s->cbElementaryTransfer = 0;
1732 s->iIOBufferCur = 0;
1733 s->iIOBufferEnd = 0;
1734 s->uTxDir = PDMBLOCKTXDIR_NONE;
1735 s->iBeginTransfer = ATAFN_BT_NULL;
1736 s->iSourceSink = ATAFN_SS_NULL;
1737}
1738
1739
1740/** @todo deprecated function - doesn't provide enough info. Replace by direct
1741 * calls to atapiCmdError() with full data. */
1742static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1743{
1744 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1745 memset(abATAPISense, '\0', sizeof(abATAPISense));
1746 abATAPISense[0] = 0x70 | (1 << 7);
1747 abATAPISense[2] = uATAPISenseKey & 0x0f;
1748 abATAPISense[7] = 10;
1749 abATAPISense[12] = uATAPIASC;
1750 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1751}
1752
1753
1754static void atapiCmdBT(ATADevState *s)
1755{
1756 s->fATAPITransfer = true;
1757 s->cbElementaryTransfer = s->cbTotalTransfer;
1758 s->cbPIOTransferLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1759 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1760 atapiCmdOK(s);
1761}
1762
1763
1764static void atapiPassthroughCmdBT(ATADevState *s)
1765{
1766 /* @todo implement an algorithm for correctly determining the read and
1767 * write sector size without sending additional commands to the drive.
1768 * This should be doable by saving processing the configuration requests
1769 * and replies. */
1770#if 0
1771 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1772 {
1773 uint8_t cmd = s->aATAPICmd[0];
1774 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1775 {
1776 uint8_t aModeSenseCmd[10];
1777 uint8_t aModeSenseResult[16];
1778 uint8_t uDummySense;
1779 uint32_t cbTransfer;
1780 int rc;
1781
1782 cbTransfer = sizeof(aModeSenseResult);
1783 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1784 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1785 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1786 aModeSenseCmd[3] = 0; /* subpage code */
1787 aModeSenseCmd[4] = 0; /* reserved */
1788 aModeSenseCmd[5] = 0; /* reserved */
1789 aModeSenseCmd[6] = 0; /* reserved */
1790 aModeSenseCmd[7] = cbTransfer >> 8;
1791 aModeSenseCmd[8] = cbTransfer & 0xff;
1792 aModeSenseCmd[9] = 0; /* control */
1793 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1794 if (RT_FAILURE(rc))
1795 {
1796 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1797 return;
1798 }
1799 /* Select sector size based on the current data block type. */
1800 switch (aModeSenseResult[12] & 0x0f)
1801 {
1802 case 0:
1803 s->cbATAPISector = 2352;
1804 break;
1805 case 1:
1806 s->cbATAPISector = 2368;
1807 break;
1808 case 2:
1809 case 3:
1810 s->cbATAPISector = 2448;
1811 break;
1812 case 8:
1813 case 10:
1814 s->cbATAPISector = 2048;
1815 break;
1816 case 9:
1817 s->cbATAPISector = 2336;
1818 break;
1819 case 11:
1820 s->cbATAPISector = 2056;
1821 break;
1822 case 12:
1823 s->cbATAPISector = 2324;
1824 break;
1825 case 13:
1826 s->cbATAPISector = 2332;
1827 break;
1828 default:
1829 s->cbATAPISector = 0;
1830 }
1831 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1832 s->cbTotalTransfer *= s->cbATAPISector;
1833 if (s->cbTotalTransfer == 0)
1834 s->uTxDir = PDMBLOCKTXDIR_NONE;
1835 }
1836 }
1837#endif
1838 atapiCmdBT(s);
1839}
1840
1841
1842static bool atapiReadSS(ATADevState *s)
1843{
1844 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1845 int rc = VINF_SUCCESS;
1846 uint32_t cbTransfer, cSectors;
1847
1848 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1849 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1850 cSectors = cbTransfer / s->cbATAPISector;
1851 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1852 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1853
1854 PDMCritSectLeave(&pCtl->lock);
1855
1856 STAM_PROFILE_ADV_START(&s->StatReads, r);
1857 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1858 switch (s->cbATAPISector)
1859 {
1860 case 2048:
1861 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1862 break;
1863 case 2352:
1864 {
1865 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1866
1867 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1868 {
1869 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1870 *pbBuf++ = 0x00;
1871 memset(pbBuf, 0xff, 10);
1872 pbBuf += 10;
1873 *pbBuf++ = 0x00;
1874 /* MSF */
1875 ataLBA2MSF(pbBuf, i);
1876 pbBuf += 3;
1877 *pbBuf++ = 0x01; /* mode 1 data */
1878 /* data */
1879 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1880 if (RT_FAILURE(rc))
1881 break;
1882 pbBuf += 2048;
1883 /**
1884 * @todo: maybe compute ECC and parity, layout is:
1885 * 2072 4 EDC
1886 * 2076 172 P parity symbols
1887 * 2248 104 Q parity symbols
1888 */
1889 memset(pbBuf, 0, 280);
1890 pbBuf += 280;
1891 }
1892 }
1893 break;
1894 default:
1895 break;
1896 }
1897 s->Led.Actual.s.fReading = 0;
1898 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1899
1900 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1901 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1902 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1903
1904 if (RT_SUCCESS(rc))
1905 {
1906 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1907
1908 /* The initial buffer end value has been set up based on the total
1909 * transfer size. But the I/O buffer size limits what can actually be
1910 * done in one transfer, so set the actual value of the buffer end. */
1911 s->cbElementaryTransfer = cbTransfer;
1912 if (cbTransfer >= s->cbTotalTransfer)
1913 s->iSourceSink = ATAFN_SS_NULL;
1914 atapiCmdOK(s);
1915 s->iATAPILBA += cSectors;
1916 }
1917 else
1918 {
1919 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1920 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1921
1922 /*
1923 * Check if we got interrupted. We don't need to set status variables
1924 * because the request was aborted.
1925 */
1926 if (rc != VERR_INTERRUPTED)
1927 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1928 }
1929 return false;
1930}
1931
1932/**
1933 * Sets the given media track type.
1934 */
1935static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1936{
1937 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1938}
1939
1940static bool atapiPassthroughSS(ATADevState *s)
1941{
1942 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1943 int rc = VINF_SUCCESS;
1944 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1945 uint32_t cbTransfer;
1946 PSTAMPROFILEADV pProf = NULL;
1947
1948 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1949
1950 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1951 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1952
1953 /* Simple heuristics: if there is at least one sector of data
1954 * to transfer, it's worth updating the LEDs. */
1955 if (cbTransfer >= 2048)
1956 {
1957 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1958 {
1959 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1960 pProf = &s->StatReads;
1961 }
1962 else
1963 {
1964 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1965 pProf = &s->StatWrites;
1966 }
1967 }
1968
1969 PDMCritSectLeave(&pCtl->lock);
1970
1971#if defined(LOG_ENABLED)
1972 char szBuf[1024];
1973
1974 memset(szBuf, 0, sizeof(szBuf));
1975
1976 switch (s->aATAPICmd[0])
1977 {
1978 case SCSI_MODE_SELECT_10:
1979 {
1980 size_t cbBlkDescLength = ataBE2H_U16(&s->CTX_SUFF(pbIOBuffer)[6]);
1981
1982 SCSILogModePage(szBuf, sizeof(szBuf) - 1,
1983 s->CTX_SUFF(pbIOBuffer) + 8 + cbBlkDescLength,
1984 cbTransfer - 8 - cbBlkDescLength);
1985 break;
1986 }
1987 case SCSI_SEND_CUE_SHEET:
1988 {
1989 SCSILogCueSheet(szBuf, sizeof(szBuf) - 1,
1990 s->CTX_SUFF(pbIOBuffer), cbTransfer);
1991 break;
1992 }
1993 default:
1994 break;
1995 }
1996
1997 Log2(("%s\n", szBuf));
1998#endif
1999
2000 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
2001 if ( cbTransfer > SCSI_MAX_BUFFER_SIZE
2002 || s->cbElementaryTransfer > s->cbIOBuffer)
2003 {
2004 /* Linux accepts commands with up to 100KB of data, but expects
2005 * us to handle commands with up to 128KB of data. The usual
2006 * imbalance of powers. */
2007 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
2008 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
2009 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2010 uint32_t cSectorsMax; /**< Maximum amount of sectors to read without exceeding the I/O buffer. */
2011
2012 Assert(s->cbATAPISector);
2013 cSectorsMax = cbTransfer / s->cbATAPISector;
2014 Assert(cSectorsMax * s->cbATAPISector <= s->cbIOBuffer);
2015
2016 switch (s->aATAPICmd[0])
2017 {
2018 case SCSI_READ_10:
2019 case SCSI_WRITE_10:
2020 case SCSI_WRITE_AND_VERIFY_10:
2021 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2022 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
2023 break;
2024 case SCSI_READ_12:
2025 case SCSI_WRITE_12:
2026 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2027 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
2028 break;
2029 case SCSI_READ_CD:
2030 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2031 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
2032 break;
2033 case SCSI_READ_CD_MSF:
2034 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
2035 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
2036 break;
2037 default:
2038 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2039 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2040 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2041 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2042 {
2043 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2044 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2045 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2046 }
2047 return false;
2048 }
2049 cSectorsMax = RT_MIN(cSectorsMax, cSectors);
2050 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
2051 cReqSectors = 0;
2052 for (uint32_t i = cSectorsMax; i > 0; i -= cReqSectors)
2053 {
2054 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
2055 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
2056 else
2057 cReqSectors = i;
2058 cbCurrTX = s->cbATAPISector * cReqSectors;
2059 switch (s->aATAPICmd[0])
2060 {
2061 case SCSI_READ_10:
2062 case SCSI_WRITE_10:
2063 case SCSI_WRITE_AND_VERIFY_10:
2064 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2065 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
2066 break;
2067 case SCSI_READ_12:
2068 case SCSI_WRITE_12:
2069 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2070 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
2071 break;
2072 case SCSI_READ_CD:
2073 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2074 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
2075 break;
2076 case SCSI_READ_CD_MSF:
2077 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
2078 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
2079 break;
2080 }
2081 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2082 if (rc != VINF_SUCCESS)
2083 break;
2084 iATAPILBA += cReqSectors;
2085 pbBuf += s->cbATAPISector * cReqSectors;
2086 }
2087
2088 if (RT_SUCCESS(rc))
2089 {
2090 /* Adjust ATAPI command for the next call. */
2091 switch (s->aATAPICmd[0])
2092 {
2093 case SCSI_READ_10:
2094 case SCSI_WRITE_10:
2095 case SCSI_WRITE_AND_VERIFY_10:
2096 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2097 ataH2BE_U16(s->aATAPICmd + 7, cSectors - cSectorsMax);
2098 break;
2099 case SCSI_READ_12:
2100 case SCSI_WRITE_12:
2101 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2102 ataH2BE_U32(s->aATAPICmd + 6, cSectors - cSectorsMax);
2103 break;
2104 case SCSI_READ_CD:
2105 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2106 ataH2BE_U24(s->aATAPICmd + 6, cSectors - cSectorsMax);
2107 break;
2108 case SCSI_READ_CD_MSF:
2109 ataLBA2MSF(s->aATAPICmd + 3, iATAPILBA);
2110 ataLBA2MSF(s->aATAPICmd + 6, iATAPILBA + cSectors - cSectorsMax);
2111 break;
2112 default:
2113 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2114 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2115 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2116 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2117 return false;
2118 }
2119 }
2120 }
2121 else
2122 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2123 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2124
2125 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2126 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2127 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2128
2129 /* Update the LEDs and the read/write statistics. */
2130 if (cbTransfer >= 2048)
2131 {
2132 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2133 {
2134 s->Led.Actual.s.fReading = 0;
2135 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2136 }
2137 else
2138 {
2139 s->Led.Actual.s.fWriting = 0;
2140 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2141 }
2142 }
2143
2144 if (RT_SUCCESS(rc))
2145 {
2146 /* Do post processing for certain commands. */
2147 switch (s->aATAPICmd[0])
2148 {
2149 case SCSI_SEND_CUE_SHEET:
2150 case SCSI_READ_TOC_PMA_ATIP:
2151 {
2152 if (!s->pTrackList)
2153 rc = ATAPIPassthroughTrackListCreateEmpty(&s->pTrackList);
2154
2155 if (RT_SUCCESS(rc))
2156 rc = ATAPIPassthroughTrackListUpdate(s->pTrackList, s->aATAPICmd, s->CTX_SUFF(pbIOBuffer));
2157
2158 if ( RT_FAILURE(rc)
2159 && s->cErrors++ < MAX_LOG_REL_ERRORS)
2160 LogRel(("ATA: Error (%Rrc) while updating the tracklist during %s, burning the disc might fail\n",
2161 rc, s->aATAPICmd[0] == SCSI_SEND_CUE_SHEET ? "SEND CUE SHEET" : "READ TOC/PMA/ATIP"));
2162 break;
2163 }
2164 case SCSI_SYNCHRONIZE_CACHE:
2165 {
2166 ATAPIPassthroughTrackListClear(s->pTrackList);
2167 break;
2168 }
2169 }
2170
2171 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2172 {
2173 Assert(cbTransfer <= s->cbTotalTransfer);
2174 /*
2175 * Reply with the same amount of data as the real drive
2176 * but only if the command wasn't split.
2177 */
2178#if 0 //@todo: This destroys commands where cbTotalTransfer > cbIOBuffer
2179 if (s->cbElementaryTransfer < s->cbIOBuffer)
2180 s->cbTotalTransfer = cbTransfer;
2181#endif
2182
2183 if ( s->aATAPICmd[0] == SCSI_INQUIRY
2184 && s->fOverwriteInquiry)
2185 {
2186 /* Make sure that the real drive cannot be identified.
2187 * Motivation: changing the VM configuration should be as
2188 * invisible as possible to the guest. */
2189 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2190 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2191 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2192 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2193 }
2194
2195 if (cbTransfer)
2196 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2197 }
2198
2199 /* The initial buffer end value has been set up based on the total
2200 * transfer size. But the I/O buffer size limits what can actually be
2201 * done in one transfer, so set the actual value of the buffer end. */
2202 s->cbElementaryTransfer = cbTransfer;
2203 if (cbTransfer >= s->cbTotalTransfer)
2204 {
2205 s->iSourceSink = ATAFN_SS_NULL;
2206 atapiCmdOK(s);
2207 }
2208 }
2209 else
2210 {
2211 if (s->cErrors < MAX_LOG_REL_ERRORS)
2212 {
2213 uint8_t u8Cmd = s->aATAPICmd[0];
2214 do
2215 {
2216 /* don't log superfluous errors */
2217 if ( rc == VERR_DEV_IO_ERROR
2218 && ( u8Cmd == SCSI_TEST_UNIT_READY
2219 || u8Cmd == SCSI_READ_CAPACITY
2220 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2221 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2222 break;
2223 s->cErrors++;
2224 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2225 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2226 } while (0);
2227 }
2228 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2229 }
2230 return false;
2231}
2232
2233/** @todo: Revise ASAP. */
2234static bool atapiReadDVDStructureSS(ATADevState *s)
2235{
2236 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2237 int media = s->aATAPICmd[1];
2238 int format = s->aATAPICmd[7];
2239
2240 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2241
2242 memset(buf, 0, max_len);
2243
2244 switch (format) {
2245 case 0x00:
2246 case 0x01:
2247 case 0x02:
2248 case 0x03:
2249 case 0x04:
2250 case 0x05:
2251 case 0x06:
2252 case 0x07:
2253 case 0x08:
2254 case 0x09:
2255 case 0x0a:
2256 case 0x0b:
2257 case 0x0c:
2258 case 0x0d:
2259 case 0x0e:
2260 case 0x0f:
2261 case 0x10:
2262 case 0x11:
2263 case 0x30:
2264 case 0x31:
2265 case 0xff:
2266 if (media == 0)
2267 {
2268 int uASC = SCSI_ASC_NONE;
2269
2270 switch (format)
2271 {
2272 case 0x0: /* Physical format information */
2273 {
2274 int layer = s->aATAPICmd[6];
2275 uint64_t total_sectors;
2276
2277 if (layer != 0)
2278 {
2279 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2280 break;
2281 }
2282
2283 total_sectors = s->cTotalSectors;
2284 total_sectors >>= 2;
2285 if (total_sectors == 0)
2286 {
2287 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2288 break;
2289 }
2290
2291 buf[4] = 1; /* DVD-ROM, part version 1 */
2292 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2293 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2294 buf[7] = 0; /* default densities */
2295
2296 /* FIXME: 0x30000 per spec? */
2297 ataH2BE_U32(buf + 8, 0); /* start sector */
2298 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2299 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2300
2301 /* Size of buffer, not including 2 byte size field */
2302 ataH2BE_U32(&buf[0], 2048 + 2);
2303
2304 /* 2k data + 4 byte header */
2305 uASC = (2048 + 4);
2306 }
2307 break;
2308 case 0x01: /* DVD copyright information */
2309 buf[4] = 0; /* no copyright data */
2310 buf[5] = 0; /* no region restrictions */
2311
2312 /* Size of buffer, not including 2 byte size field */
2313 ataH2BE_U16(buf, 4 + 2);
2314
2315 /* 4 byte header + 4 byte data */
2316 uASC = (4 + 4);
2317
2318 case 0x03: /* BCA information - invalid field for no BCA info */
2319 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2320 break;
2321
2322 case 0x04: /* DVD disc manufacturing information */
2323 /* Size of buffer, not including 2 byte size field */
2324 ataH2BE_U16(buf, 2048 + 2);
2325
2326 /* 2k data + 4 byte header */
2327 uASC = (2048 + 4);
2328 break;
2329 case 0xff:
2330 /*
2331 * This lists all the command capabilities above. Add new ones
2332 * in order and update the length and buffer return values.
2333 */
2334
2335 buf[4] = 0x00; /* Physical format */
2336 buf[5] = 0x40; /* Not writable, is readable */
2337 ataH2BE_U16((buf + 6), 2048 + 4);
2338
2339 buf[8] = 0x01; /* Copyright info */
2340 buf[9] = 0x40; /* Not writable, is readable */
2341 ataH2BE_U16((buf + 10), 4 + 4);
2342
2343 buf[12] = 0x03; /* BCA info */
2344 buf[13] = 0x40; /* Not writable, is readable */
2345 ataH2BE_U16((buf + 14), 188 + 4);
2346
2347 buf[16] = 0x04; /* Manufacturing info */
2348 buf[17] = 0x40; /* Not writable, is readable */
2349 ataH2BE_U16((buf + 18), 2048 + 4);
2350
2351 /* Size of buffer, not including 2 byte size field */
2352 ataH2BE_U16(buf, 16 + 2);
2353
2354 /* data written + 4 byte header */
2355 uASC = (16 + 4);
2356 break;
2357 default: /* TODO: formats beyond DVD-ROM requires */
2358 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2359 }
2360
2361 if (uASC < 0)
2362 {
2363 s->iSourceSink = ATAFN_SS_NULL;
2364 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2365 return false;
2366 }
2367 break;
2368 }
2369 /* TODO: BD support, fall through for now */
2370
2371 /* Generic disk structures */
2372 case 0x80: /* TODO: AACS volume identifier */
2373 case 0x81: /* TODO: AACS media serial number */
2374 case 0x82: /* TODO: AACS media identifier */
2375 case 0x83: /* TODO: AACS media key block */
2376 case 0x90: /* TODO: List of recognized format layers */
2377 case 0xc0: /* TODO: Write protection status */
2378 default:
2379 s->iSourceSink = ATAFN_SS_NULL;
2380 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2381 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2382 return false;
2383 }
2384
2385 s->iSourceSink = ATAFN_SS_NULL;
2386 atapiCmdOK(s);
2387 return false;
2388}
2389
2390static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2391{
2392 Assert(cSectors > 0);
2393 s->iATAPILBA = iATAPILBA;
2394 s->cbATAPISector = cbSector;
2395 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2396 return false;
2397}
2398
2399
2400static bool atapiReadCapacitySS(ATADevState *s)
2401{
2402 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2403
2404 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2405 Assert(s->cbElementaryTransfer <= 8);
2406 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2407 ataH2BE_U32(pbBuf + 4, 2048);
2408 s->iSourceSink = ATAFN_SS_NULL;
2409 atapiCmdOK(s);
2410 return false;
2411}
2412
2413
2414static bool atapiReadDiscInformationSS(ATADevState *s)
2415{
2416 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2417
2418 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2419 Assert(s->cbElementaryTransfer <= 34);
2420 memset(pbBuf, '\0', 34);
2421 ataH2BE_U16(pbBuf, 32);
2422 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2423 pbBuf[3] = 1; /* number of first track */
2424 pbBuf[4] = 1; /* number of sessions (LSB) */
2425 pbBuf[5] = 1; /* first track number in last session (LSB) */
2426 pbBuf[6] = 1; /* last track number in last session (LSB) */
2427 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2428 pbBuf[8] = 0; /* disc type = CD-ROM */
2429 pbBuf[9] = 0; /* number of sessions (MSB) */
2430 pbBuf[10] = 0; /* number of sessions (MSB) */
2431 pbBuf[11] = 0; /* number of sessions (MSB) */
2432 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2433 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2434 s->iSourceSink = ATAFN_SS_NULL;
2435 atapiCmdOK(s);
2436 return false;
2437}
2438
2439
2440static bool atapiReadTrackInformationSS(ATADevState *s)
2441{
2442 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2443
2444 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2445 Assert(s->cbElementaryTransfer <= 36);
2446 /* Accept address/number type of 1 only, and only track 1 exists. */
2447 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2448 {
2449 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2450 return false;
2451 }
2452 memset(pbBuf, '\0', 36);
2453 ataH2BE_U16(pbBuf, 34);
2454 pbBuf[2] = 1; /* track number (LSB) */
2455 pbBuf[3] = 1; /* session number (LSB) */
2456 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2457 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2458 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2459 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2460 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2461 pbBuf[32] = 0; /* track number (MSB) */
2462 pbBuf[33] = 0; /* session number (MSB) */
2463 s->iSourceSink = ATAFN_SS_NULL;
2464 atapiCmdOK(s);
2465 return false;
2466}
2467
2468static uint32_t atapiGetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2469{
2470 if (cbBuf < 3*4)
2471 return 0;
2472
2473 ataH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2474 pbBuf[2] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2475 pbBuf[3] = 8; /* additional bytes for profiles */
2476 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2477 * before CD-ROM read capability. */
2478 ataH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2479 pbBuf[6] = (0 << 0); /* NOT current profile */
2480 ataH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2481 pbBuf[10] = (1 << 0); /* current profile */
2482
2483 return 3*4; /* Header + 2 profiles entries */
2484}
2485
2486static uint32_t atapiGetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2487{
2488 if (cbBuf < 12)
2489 return 0;
2490
2491 ataH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2492 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2493 pbBuf[3] = 8; /* Additional length */
2494 ataH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2495 pbBuf[8] = RT_BIT(0); /* DBE */
2496 /* Rest is reserved. */
2497
2498 return 12;
2499}
2500
2501static uint32_t atapiGetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2502{
2503 if (cbBuf < 8)
2504 return 0;
2505
2506 ataH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2507 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2508 pbBuf[3] = 4; /* Additional length */
2509 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2510 /* Rest is reserved. */
2511
2512 return 8;
2513}
2514
2515static uint32_t atapiGetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2516{
2517 if (cbBuf < 8)
2518 return 0;
2519
2520 ataH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2521 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2522 pbBuf[3] = 4; /* Additional length */
2523 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2524 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2525 /* Rest is reserved. */
2526
2527 return 8;
2528}
2529
2530static uint32_t atapiGetConfigurationFillFeatureRandomReadable(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2531{
2532 if (cbBuf < 12)
2533 return 0;
2534
2535 ataH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2536 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2537 pbBuf[3] = 8; /* Additional length */
2538 ataH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2539 ataH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2540 pbBuf[10] = 0; /* PP not present */
2541 /* Rest is reserved. */
2542
2543 return 12;
2544}
2545
2546static uint32_t atapiGetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2547{
2548 if (cbBuf < 8)
2549 return 0;
2550
2551 ataH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2552 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2553 pbBuf[3] = 0; /* Additional length */
2554 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2555 /* Rest is reserved. */
2556
2557 return 8;
2558}
2559
2560static uint32_t atapiGetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2561{
2562 if (cbBuf < 4)
2563 return 0;
2564
2565 ataH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2566 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2567 pbBuf[3] = 0; /* Additional length */
2568
2569 return 4;
2570}
2571
2572static uint32_t atapiGetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2573{
2574 if (cbBuf < 8)
2575 return 0;
2576
2577 ataH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2578 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2579 pbBuf[3] = 4; /* Additional length */
2580 pbBuf[4] = 0x0; /* !Group3 */
2581
2582 return 8;
2583}
2584
2585static bool atapiGetConfigurationSS(ATADevState *s)
2586{
2587 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2588 uint32_t cbBuf = s->cbIOBuffer;
2589 uint32_t cbCopied = 0;
2590 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2591
2592 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2593 Assert(s->cbElementaryTransfer <= 80);
2594 /* Accept valid request types only, and only starting feature 0. */
2595 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2596 {
2597 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2598 return false;
2599 }
2600 memset(pbBuf, '\0', cbBuf);
2601 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2602 * way to differentiate them right now is based on the image size). */
2603 if (s->cTotalSectors)
2604 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2605 else
2606 ataH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2607 cbBuf -= 8;
2608 pbBuf += 8;
2609
2610 cbCopied = atapiGetConfigurationFillFeatureListProfiles(s, pbBuf, cbBuf);
2611 cbBuf -= cbCopied;
2612 pbBuf += cbCopied;
2613
2614 cbCopied = atapiGetConfigurationFillFeatureCore(s, pbBuf, cbBuf);
2615 cbBuf -= cbCopied;
2616 pbBuf += cbCopied;
2617
2618 cbCopied = atapiGetConfigurationFillFeatureMorphing(s, pbBuf, cbBuf);
2619 cbBuf -= cbCopied;
2620 pbBuf += cbCopied;
2621
2622 cbCopied = atapiGetConfigurationFillFeatureRemovableMedium(s, pbBuf, cbBuf);
2623 cbBuf -= cbCopied;
2624 pbBuf += cbCopied;
2625
2626 cbCopied = atapiGetConfigurationFillFeatureRandomReadable(s, pbBuf, cbBuf);
2627 cbBuf -= cbCopied;
2628 pbBuf += cbCopied;
2629
2630 cbCopied = atapiGetConfigurationFillFeatureCDRead(s, pbBuf, cbBuf);
2631 cbBuf -= cbCopied;
2632 pbBuf += cbCopied;
2633
2634 cbCopied = atapiGetConfigurationFillFeaturePowerManagement(s, pbBuf, cbBuf);
2635 cbBuf -= cbCopied;
2636 pbBuf += cbCopied;
2637
2638 cbCopied = atapiGetConfigurationFillFeatureTimeout(s, pbBuf, cbBuf);
2639 cbBuf -= cbCopied;
2640 pbBuf += cbCopied;
2641
2642 /* Set data length now - the field is not included in the final length. */
2643 ataH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2644
2645 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2646 s->iSourceSink = ATAFN_SS_NULL;
2647 atapiCmdOK(s);
2648 return false;
2649}
2650
2651
2652static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2653{
2654 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2655
2656 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2657 Assert(s->cbElementaryTransfer <= 8);
2658
2659 if (!(s->aATAPICmd[1] & 1))
2660 {
2661 /* no asynchronous operation supported */
2662 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2663 return false;
2664 }
2665
2666 uint32_t OldStatus, NewStatus;
2667 do
2668 {
2669 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2670 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2671 switch (OldStatus)
2672 {
2673 case ATA_EVENT_STATUS_MEDIA_NEW:
2674 /* mount */
2675 ataH2BE_U16(pbBuf + 0, 6);
2676 pbBuf[2] = 0x04; /* media */
2677 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2678 pbBuf[4] = 0x02; /* new medium */
2679 pbBuf[5] = 0x02; /* medium present / door closed */
2680 pbBuf[6] = 0x00;
2681 pbBuf[7] = 0x00;
2682 break;
2683
2684 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2685 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2686 /* umount */
2687 ataH2BE_U16(pbBuf + 0, 6);
2688 pbBuf[2] = 0x04; /* media */
2689 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2690 pbBuf[4] = 0x03; /* media removal */
2691 pbBuf[5] = 0x00; /* medium absent / door closed */
2692 pbBuf[6] = 0x00;
2693 pbBuf[7] = 0x00;
2694 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2695 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2696 break;
2697
2698 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2699 ataH2BE_U16(pbBuf + 0, 6);
2700 pbBuf[2] = 0x04; /* media */
2701 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2702 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2703 pbBuf[5] = 0x02; /* medium present / door closed */
2704 pbBuf[6] = 0x00;
2705 pbBuf[7] = 0x00;
2706 break;
2707
2708 case ATA_EVENT_STATUS_UNCHANGED:
2709 default:
2710 ataH2BE_U16(pbBuf + 0, 6);
2711 pbBuf[2] = 0x01; /* operational change request / notification */
2712 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2713 pbBuf[4] = 0x00;
2714 pbBuf[5] = 0x00;
2715 pbBuf[6] = 0x00;
2716 pbBuf[7] = 0x00;
2717 break;
2718 }
2719 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2720
2721 s->iSourceSink = ATAFN_SS_NULL;
2722 atapiCmdOK(s);
2723 return false;
2724}
2725
2726
2727static bool atapiInquirySS(ATADevState *s)
2728{
2729 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2730
2731 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2732 Assert(s->cbElementaryTransfer <= 36);
2733 pbBuf[0] = 0x05; /* CD-ROM */
2734 pbBuf[1] = 0x80; /* removable */
2735#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2736 pbBuf[2] = 0x00; /* ISO */
2737 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2738#else
2739 pbBuf[2] = 0x00; /* ISO */
2740 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2741#endif
2742 pbBuf[4] = 31; /* additional length */
2743 pbBuf[5] = 0; /* reserved */
2744 pbBuf[6] = 0; /* reserved */
2745 pbBuf[7] = 0; /* reserved */
2746 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2747 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2748 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2749 s->iSourceSink = ATAFN_SS_NULL;
2750 atapiCmdOK(s);
2751 return false;
2752}
2753
2754
2755static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2756{
2757 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2758
2759 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2760 Assert(s->cbElementaryTransfer <= 16);
2761 ataH2BE_U16(&pbBuf[0], 16 + 6);
2762 pbBuf[2] = (uint8_t)s->MediaTrackType;
2763 pbBuf[3] = 0;
2764 pbBuf[4] = 0;
2765 pbBuf[5] = 0;
2766 pbBuf[6] = 0;
2767 pbBuf[7] = 0;
2768
2769 pbBuf[8] = 0x01;
2770 pbBuf[9] = 0x06;
2771 pbBuf[10] = 0x00; /* Maximum error recovery */
2772 pbBuf[11] = 0x05; /* 5 retries */
2773 pbBuf[12] = 0x00;
2774 pbBuf[13] = 0x00;
2775 pbBuf[14] = 0x00;
2776 pbBuf[15] = 0x00;
2777 s->iSourceSink = ATAFN_SS_NULL;
2778 atapiCmdOK(s);
2779 return false;
2780}
2781
2782
2783static bool atapiModeSenseCDStatusSS(ATADevState *s)
2784{
2785 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2786
2787 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2788 Assert(s->cbElementaryTransfer <= 40);
2789 ataH2BE_U16(&pbBuf[0], 38);
2790 pbBuf[2] = (uint8_t)s->MediaTrackType;
2791 pbBuf[3] = 0;
2792 pbBuf[4] = 0;
2793 pbBuf[5] = 0;
2794 pbBuf[6] = 0;
2795 pbBuf[7] = 0;
2796
2797 pbBuf[8] = 0x2a;
2798 pbBuf[9] = 30; /* page length */
2799 pbBuf[10] = 0x08; /* DVD-ROM read support */
2800 pbBuf[11] = 0x00; /* no write support */
2801 /* The following claims we support audio play. This is obviously false,
2802 * but the Linux generic CDROM support makes many features depend on this
2803 * capability. If it's not set, this causes many things to be disabled. */
2804 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2805 pbBuf[13] = 0x00; /* no subchannel reads supported */
2806 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2807 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2808 pbBuf[14] |= 1 << 1; /* report lock state */
2809 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2810 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2811 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2812 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2813 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2814 pbBuf[24] = 0; /* reserved */
2815 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2816 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2817 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2818 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2819 pbBuf[32] = 0; /* reserved */
2820 pbBuf[33] = 0; /* reserved */
2821 pbBuf[34] = 0; /* reserved */
2822 pbBuf[35] = 1; /* rotation control CAV */
2823 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2824 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2825 s->iSourceSink = ATAFN_SS_NULL;
2826 atapiCmdOK(s);
2827 return false;
2828}
2829
2830
2831static bool atapiRequestSenseSS(ATADevState *s)
2832{
2833 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2834
2835 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2836 memset(pbBuf, '\0', s->cbElementaryTransfer);
2837 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2838 s->iSourceSink = ATAFN_SS_NULL;
2839 atapiCmdOK(s);
2840 return false;
2841}
2842
2843
2844static bool atapiMechanismStatusSS(ATADevState *s)
2845{
2846 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2847
2848 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2849 Assert(s->cbElementaryTransfer <= 8);
2850 ataH2BE_U16(pbBuf, 0);
2851 /* no current LBA */
2852 pbBuf[2] = 0;
2853 pbBuf[3] = 0;
2854 pbBuf[4] = 0;
2855 pbBuf[5] = 1;
2856 ataH2BE_U16(pbBuf + 6, 0);
2857 s->iSourceSink = ATAFN_SS_NULL;
2858 atapiCmdOK(s);
2859 return false;
2860}
2861
2862
2863static bool atapiReadTOCNormalSS(ATADevState *s)
2864{
2865 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2866 bool fMSF;
2867 uint32_t cbSize;
2868
2869 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2870 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2871 iStartTrack = s->aATAPICmd[6];
2872 if (iStartTrack > 1 && iStartTrack != 0xaa)
2873 {
2874 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2875 return false;
2876 }
2877 q = pbBuf + 2;
2878 *q++ = 1; /* first session */
2879 *q++ = 1; /* last session */
2880 if (iStartTrack <= 1)
2881 {
2882 *q++ = 0; /* reserved */
2883 *q++ = 0x14; /* ADR, control */
2884 *q++ = 1; /* track number */
2885 *q++ = 0; /* reserved */
2886 if (fMSF)
2887 {
2888 *q++ = 0; /* reserved */
2889 ataLBA2MSF(q, 0);
2890 q += 3;
2891 }
2892 else
2893 {
2894 /* sector 0 */
2895 ataH2BE_U32(q, 0);
2896 q += 4;
2897 }
2898 }
2899 /* lead out track */
2900 *q++ = 0; /* reserved */
2901 *q++ = 0x14; /* ADR, control */
2902 *q++ = 0xaa; /* track number */
2903 *q++ = 0; /* reserved */
2904 if (fMSF)
2905 {
2906 *q++ = 0; /* reserved */
2907 ataLBA2MSF(q, s->cTotalSectors);
2908 q += 3;
2909 }
2910 else
2911 {
2912 ataH2BE_U32(q, s->cTotalSectors);
2913 q += 4;
2914 }
2915 cbSize = q - pbBuf;
2916 ataH2BE_U16(pbBuf, cbSize - 2);
2917 if (cbSize < s->cbTotalTransfer)
2918 s->cbTotalTransfer = cbSize;
2919 s->iSourceSink = ATAFN_SS_NULL;
2920 atapiCmdOK(s);
2921 return false;
2922}
2923
2924
2925static bool atapiReadTOCMultiSS(ATADevState *s)
2926{
2927 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2928 bool fMSF;
2929
2930 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2931 Assert(s->cbElementaryTransfer <= 12);
2932 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2933 /* multi session: only a single session defined */
2934/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2935 memset(pbBuf, 0, 12);
2936 pbBuf[1] = 0x0a;
2937 pbBuf[2] = 0x01;
2938 pbBuf[3] = 0x01;
2939 pbBuf[5] = 0x14; /* ADR, control */
2940 pbBuf[6] = 1; /* first track in last complete session */
2941 if (fMSF)
2942 {
2943 pbBuf[8] = 0; /* reserved */
2944 ataLBA2MSF(&pbBuf[9], 0);
2945 }
2946 else
2947 {
2948 /* sector 0 */
2949 ataH2BE_U32(pbBuf + 8, 0);
2950 }
2951 s->iSourceSink = ATAFN_SS_NULL;
2952 atapiCmdOK(s);
2953 return false;
2954}
2955
2956
2957static bool atapiReadTOCRawSS(ATADevState *s)
2958{
2959 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2960 bool fMSF;
2961 uint32_t cbSize;
2962
2963 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2964 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2965 iStartTrack = s->aATAPICmd[6];
2966
2967 q = pbBuf + 2;
2968 *q++ = 1; /* first session */
2969 *q++ = 1; /* last session */
2970
2971 *q++ = 1; /* session number */
2972 *q++ = 0x14; /* data track */
2973 *q++ = 0; /* track number */
2974 *q++ = 0xa0; /* first track in program area */
2975 *q++ = 0; /* min */
2976 *q++ = 0; /* sec */
2977 *q++ = 0; /* frame */
2978 *q++ = 0;
2979 *q++ = 1; /* first track */
2980 *q++ = 0x00; /* disk type CD-DA or CD data */
2981 *q++ = 0;
2982
2983 *q++ = 1; /* session number */
2984 *q++ = 0x14; /* data track */
2985 *q++ = 0; /* track number */
2986 *q++ = 0xa1; /* last track in program area */
2987 *q++ = 0; /* min */
2988 *q++ = 0; /* sec */
2989 *q++ = 0; /* frame */
2990 *q++ = 0;
2991 *q++ = 1; /* last track */
2992 *q++ = 0;
2993 *q++ = 0;
2994
2995 *q++ = 1; /* session number */
2996 *q++ = 0x14; /* data track */
2997 *q++ = 0; /* track number */
2998 *q++ = 0xa2; /* lead-out */
2999 *q++ = 0; /* min */
3000 *q++ = 0; /* sec */
3001 *q++ = 0; /* frame */
3002 if (fMSF)
3003 {
3004 *q++ = 0; /* reserved */
3005 ataLBA2MSF(q, s->cTotalSectors);
3006 q += 3;
3007 }
3008 else
3009 {
3010 ataH2BE_U32(q, s->cTotalSectors);
3011 q += 4;
3012 }
3013
3014 *q++ = 1; /* session number */
3015 *q++ = 0x14; /* ADR, control */
3016 *q++ = 0; /* track number */
3017 *q++ = 1; /* point */
3018 *q++ = 0; /* min */
3019 *q++ = 0; /* sec */
3020 *q++ = 0; /* frame */
3021 if (fMSF)
3022 {
3023 *q++ = 0; /* reserved */
3024 ataLBA2MSF(q, 0);
3025 q += 3;
3026 }
3027 else
3028 {
3029 /* sector 0 */
3030 ataH2BE_U32(q, 0);
3031 q += 4;
3032 }
3033
3034 cbSize = q - pbBuf;
3035 ataH2BE_U16(pbBuf, cbSize - 2);
3036 if (cbSize < s->cbTotalTransfer)
3037 s->cbTotalTransfer = cbSize;
3038 s->iSourceSink = ATAFN_SS_NULL;
3039 atapiCmdOK(s);
3040 return false;
3041}
3042
3043
3044static void atapiParseCmdVirtualATAPI(ATADevState *s)
3045{
3046 const uint8_t *pbPacket;
3047 uint8_t *pbBuf;
3048 uint32_t cbMax;
3049
3050 pbPacket = s->aATAPICmd;
3051 pbBuf = s->CTX_SUFF(pbIOBuffer);
3052 switch (pbPacket[0])
3053 {
3054 case SCSI_TEST_UNIT_READY:
3055 if (s->cNotifiedMediaChange > 0)
3056 {
3057 if (s->cNotifiedMediaChange-- > 2)
3058 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3059 else
3060 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3061 }
3062 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3063 atapiCmdOK(s);
3064 else
3065 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3066 break;
3067 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3068 cbMax = ataBE2H_U16(pbPacket + 7);
3069 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3070 break;
3071 case SCSI_MODE_SENSE_10:
3072 {
3073 uint8_t uPageControl, uPageCode;
3074 cbMax = ataBE2H_U16(pbPacket + 7);
3075 uPageControl = pbPacket[2] >> 6;
3076 uPageCode = pbPacket[2] & 0x3f;
3077 switch (uPageControl)
3078 {
3079 case SCSI_PAGECONTROL_CURRENT:
3080 switch (uPageCode)
3081 {
3082 case SCSI_MODEPAGE_ERROR_RECOVERY:
3083 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
3084 break;
3085 case SCSI_MODEPAGE_CD_STATUS:
3086 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
3087 break;
3088 default:
3089 goto error_cmd;
3090 }
3091 break;
3092 case SCSI_PAGECONTROL_CHANGEABLE:
3093 goto error_cmd;
3094 case SCSI_PAGECONTROL_DEFAULT:
3095 goto error_cmd;
3096 default:
3097 case SCSI_PAGECONTROL_SAVED:
3098 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
3099 break;
3100 }
3101 }
3102 break;
3103 case SCSI_REQUEST_SENSE:
3104 cbMax = pbPacket[4];
3105 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3106 break;
3107 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3108 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3109 {
3110 if (pbPacket[4] & 1)
3111 s->pDrvMount->pfnLock(s->pDrvMount);
3112 else
3113 s->pDrvMount->pfnUnlock(s->pDrvMount);
3114 atapiCmdOK(s);
3115 }
3116 else
3117 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3118 break;
3119 case SCSI_READ_10:
3120 case SCSI_READ_12:
3121 {
3122 uint32_t cSectors, iATAPILBA;
3123
3124 if (s->cNotifiedMediaChange > 0)
3125 {
3126 s->cNotifiedMediaChange-- ;
3127 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3128 break;
3129 }
3130 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3131 {
3132 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3133 break;
3134 }
3135 if (pbPacket[0] == SCSI_READ_10)
3136 cSectors = ataBE2H_U16(pbPacket + 7);
3137 else
3138 cSectors = ataBE2H_U32(pbPacket + 6);
3139 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3140 if (cSectors == 0)
3141 {
3142 atapiCmdOK(s);
3143 break;
3144 }
3145 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3146 {
3147 /* Rate limited logging, one log line per second. For
3148 * guests that insist on reading from places outside the
3149 * valid area this often generates too many release log
3150 * entries otherwise. */
3151 static uint64_t uLastLogTS = 0;
3152 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3153 {
3154 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3155 uLastLogTS = RTTimeMilliTS();
3156 }
3157 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3158 break;
3159 }
3160 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3161 }
3162 break;
3163 case SCSI_READ_CD:
3164 {
3165 uint32_t cSectors, iATAPILBA;
3166
3167 if (s->cNotifiedMediaChange > 0)
3168 {
3169 s->cNotifiedMediaChange-- ;
3170 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3171 break;
3172 }
3173 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3174 {
3175 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3176 break;
3177 }
3178 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3179 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3180 if (cSectors == 0)
3181 {
3182 atapiCmdOK(s);
3183 break;
3184 }
3185 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3186 {
3187 /* Rate limited logging, one log line per second. For
3188 * guests that insist on reading from places outside the
3189 * valid area this often generates too many release log
3190 * entries otherwise. */
3191 static uint64_t uLastLogTS = 0;
3192 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3193 {
3194 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3195 uLastLogTS = RTTimeMilliTS();
3196 }
3197 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3198 break;
3199 }
3200 switch (pbPacket[9] & 0xf8)
3201 {
3202 case 0x00:
3203 /* nothing */
3204 atapiCmdOK(s);
3205 break;
3206 case 0x10:
3207 /* normal read */
3208 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3209 break;
3210 case 0xf8:
3211 /* read all data */
3212 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
3213 break;
3214 default:
3215 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3216 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3217 break;
3218 }
3219 }
3220 break;
3221 case SCSI_SEEK_10:
3222 {
3223 uint32_t iATAPILBA;
3224 if (s->cNotifiedMediaChange > 0)
3225 {
3226 s->cNotifiedMediaChange-- ;
3227 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3228 break;
3229 }
3230 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3231 {
3232 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3233 break;
3234 }
3235 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3236 if (iATAPILBA > s->cTotalSectors)
3237 {
3238 /* Rate limited logging, one log line per second. For
3239 * guests that insist on seeking to places outside the
3240 * valid area this often generates too many release log
3241 * entries otherwise. */
3242 static uint64_t uLastLogTS = 0;
3243 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3244 {
3245 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3246 uLastLogTS = RTTimeMilliTS();
3247 }
3248 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3249 break;
3250 }
3251 atapiCmdOK(s);
3252 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3253 }
3254 break;
3255 case SCSI_START_STOP_UNIT:
3256 {
3257 int rc = VINF_SUCCESS;
3258 switch (pbPacket[4] & 3)
3259 {
3260 case 0: /* 00 - Stop motor */
3261 case 1: /* 01 - Start motor */
3262 break;
3263 case 2: /* 10 - Eject media */
3264 {
3265 /* This must be done from EMT. */
3266 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3267 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3268 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
3269
3270 PDMCritSectLeave(&pCtl->lock);
3271 rc = VMR3ReqPriorityCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3272 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3273 s->pDrvMount, false /*=fForce*/, true /*=fEject*/);
3274 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED) || (rc = VERR_PDM_MEDIA_NOT_MOUNTED));
3275 if (RT_SUCCESS(rc) && pThis->pMediaNotify)
3276 {
3277 rc = VMR3ReqCallNoWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3278 (PFNRT)pThis->pMediaNotify->pfnEjected, 2,
3279 pThis->pMediaNotify, s->iLUN);
3280 AssertRC(rc);
3281 }
3282 {
3283 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3284 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3285 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3286 }
3287 break;
3288 }
3289 case 3: /* 11 - Load media */
3290 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3291 break;
3292 }
3293 if (RT_SUCCESS(rc))
3294 atapiCmdOK(s);
3295 else
3296 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3297 }
3298 break;
3299 case SCSI_MECHANISM_STATUS:
3300 {
3301 cbMax = ataBE2H_U16(pbPacket + 8);
3302 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3303 }
3304 break;
3305 case SCSI_READ_TOC_PMA_ATIP:
3306 {
3307 uint8_t format;
3308
3309 if (s->cNotifiedMediaChange > 0)
3310 {
3311 s->cNotifiedMediaChange-- ;
3312 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3313 break;
3314 }
3315 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3316 {
3317 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3318 break;
3319 }
3320 cbMax = ataBE2H_U16(pbPacket + 7);
3321 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3322 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3323 * the other field is clear... */
3324 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3325 switch (format)
3326 {
3327 case 0:
3328 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3329 break;
3330 case 1:
3331 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3332 break;
3333 case 2:
3334 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3335 break;
3336 default:
3337 error_cmd:
3338 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3339 break;
3340 }
3341 }
3342 break;
3343 case SCSI_READ_CAPACITY:
3344 if (s->cNotifiedMediaChange > 0)
3345 {
3346 s->cNotifiedMediaChange-- ;
3347 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3348 break;
3349 }
3350 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3351 {
3352 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3353 break;
3354 }
3355 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3356 break;
3357 case SCSI_READ_DISC_INFORMATION:
3358 if (s->cNotifiedMediaChange > 0)
3359 {
3360 s->cNotifiedMediaChange-- ;
3361 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3362 break;
3363 }
3364 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3365 {
3366 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3367 break;
3368 }
3369 cbMax = ataBE2H_U16(pbPacket + 7);
3370 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3371 break;
3372 case SCSI_READ_TRACK_INFORMATION:
3373 if (s->cNotifiedMediaChange > 0)
3374 {
3375 s->cNotifiedMediaChange-- ;
3376 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3377 break;
3378 }
3379 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3380 {
3381 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3382 break;
3383 }
3384 cbMax = ataBE2H_U16(pbPacket + 7);
3385 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3386 break;
3387 case SCSI_GET_CONFIGURATION:
3388 /* No media change stuff here, it can confuse Linux guests. */
3389 cbMax = ataBE2H_U16(pbPacket + 7);
3390 ataStartTransfer(s, RT_MIN(cbMax, 80), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3391 break;
3392 case SCSI_INQUIRY:
3393 cbMax = ataBE2H_U16(pbPacket + 3);
3394 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3395 break;
3396 case SCSI_READ_DVD_STRUCTURE:
3397 {
3398 cbMax = ataBE2H_U16(pbPacket + 8);
3399 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3400 break;
3401 }
3402 default:
3403 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3404 break;
3405 }
3406}
3407
3408
3409/*
3410 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3411 */
3412static void atapiParseCmdPassthrough(ATADevState *s)
3413{
3414 const uint8_t *pbPacket;
3415 uint8_t *pbBuf;
3416 uint32_t cSectors, iATAPILBA;
3417 uint32_t cbTransfer = 0;
3418 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3419
3420 pbPacket = s->aATAPICmd;
3421 pbBuf = s->CTX_SUFF(pbIOBuffer);
3422 switch (pbPacket[0])
3423 {
3424 case SCSI_BLANK:
3425 goto sendcmd;
3426 case SCSI_CLOSE_TRACK_SESSION:
3427 goto sendcmd;
3428 case SCSI_ERASE_10:
3429 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3430 cbTransfer = ataBE2H_U16(pbPacket + 7);
3431 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3432 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3433 goto sendcmd;
3434 case SCSI_FORMAT_UNIT:
3435 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3436 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3437 goto sendcmd;
3438 case SCSI_GET_CONFIGURATION:
3439 cbTransfer = ataBE2H_U16(pbPacket + 7);
3440 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3441 goto sendcmd;
3442 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3443 cbTransfer = ataBE2H_U16(pbPacket + 7);
3444 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3445 {
3446 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3447 break;
3448 }
3449 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3450 goto sendcmd;
3451 case SCSI_GET_PERFORMANCE:
3452 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3453 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3454 goto sendcmd;
3455 case SCSI_INQUIRY:
3456 cbTransfer = ataBE2H_U16(pbPacket + 3);
3457 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3458 goto sendcmd;
3459 case SCSI_LOAD_UNLOAD_MEDIUM:
3460 goto sendcmd;
3461 case SCSI_MECHANISM_STATUS:
3462 cbTransfer = ataBE2H_U16(pbPacket + 8);
3463 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3464 goto sendcmd;
3465 case SCSI_MODE_SELECT_10:
3466 cbTransfer = ataBE2H_U16(pbPacket + 7);
3467 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3468 goto sendcmd;
3469 case SCSI_MODE_SENSE_10:
3470 cbTransfer = ataBE2H_U16(pbPacket + 7);
3471 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3472 goto sendcmd;
3473 case SCSI_PAUSE_RESUME:
3474 goto sendcmd;
3475 case SCSI_PLAY_AUDIO_10:
3476 goto sendcmd;
3477 case SCSI_PLAY_AUDIO_12:
3478 goto sendcmd;
3479 case SCSI_PLAY_AUDIO_MSF:
3480 goto sendcmd;
3481 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3482 /** @todo do not forget to unlock when a VM is shut down */
3483 goto sendcmd;
3484 case SCSI_READ_10:
3485 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3486 cSectors = ataBE2H_U16(pbPacket + 7);
3487 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3488 s->cbATAPISector = 2048;
3489 cbTransfer = cSectors * s->cbATAPISector;
3490 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3491 goto sendcmd;
3492 case SCSI_READ_12:
3493 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3494 cSectors = ataBE2H_U32(pbPacket + 6);
3495 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3496 s->cbATAPISector = 2048;
3497 cbTransfer = cSectors * s->cbATAPISector;
3498 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3499 goto sendcmd;
3500 case SCSI_READ_BUFFER:
3501 cbTransfer = ataBE2H_U24(pbPacket + 6);
3502 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3503 goto sendcmd;
3504 case SCSI_READ_BUFFER_CAPACITY:
3505 cbTransfer = ataBE2H_U16(pbPacket + 7);
3506 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3507 goto sendcmd;
3508 case SCSI_READ_CAPACITY:
3509 cbTransfer = 8;
3510 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3511 goto sendcmd;
3512 case SCSI_READ_CD:
3513 case SCSI_READ_CD_MSF:
3514 {
3515 /* Get sector size based on the expected sector type field. */
3516 switch ((pbPacket[1] >> 2) & 0x7)
3517 {
3518 case 0x0: /* All types. */
3519 {
3520 uint32_t iLbaStart;
3521
3522 if (pbPacket[0] == SCSI_READ_CD)
3523 iLbaStart = ataBE2H_U32(&pbPacket[2]);
3524 else
3525 iLbaStart = ataMSF2LBA(&pbPacket[3]);
3526
3527 if (s->pTrackList)
3528 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iLbaStart);
3529 else
3530 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3531 break;
3532 }
3533 case 0x1: /* CD-DA */
3534 s->cbATAPISector = 2352;
3535 break;
3536 case 0x2: /* Mode 1 */
3537 s->cbATAPISector = 2048;
3538 break;
3539 case 0x3: /* Mode 2 formless */
3540 s->cbATAPISector = 2336;
3541 break;
3542 case 0x4: /* Mode 2 form 1 */
3543 s->cbATAPISector = 2048;
3544 break;
3545 case 0x5: /* Mode 2 form 2 */
3546 s->cbATAPISector = 2324;
3547 break;
3548 default: /* Reserved */
3549 AssertMsgFailed(("Unknown sector type\n"));
3550 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3551 }
3552
3553 if (pbPacket[0] == SCSI_READ_CD)
3554 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3555 else /* SCSI_READ_MSF */
3556 {
3557 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3558 if (cSectors > 32)
3559 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3560 cbTransfer = cSectors * s->cbATAPISector;
3561 }
3562 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3563 goto sendcmd;
3564 }
3565 case SCSI_READ_DISC_INFORMATION:
3566 cbTransfer = ataBE2H_U16(pbPacket + 7);
3567 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3568 goto sendcmd;
3569 case SCSI_READ_DVD_STRUCTURE:
3570 cbTransfer = ataBE2H_U16(pbPacket + 8);
3571 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3572 goto sendcmd;
3573 case SCSI_READ_FORMAT_CAPACITIES:
3574 cbTransfer = ataBE2H_U16(pbPacket + 7);
3575 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3576 goto sendcmd;
3577 case SCSI_READ_SUBCHANNEL:
3578 cbTransfer = ataBE2H_U16(pbPacket + 7);
3579 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3580 goto sendcmd;
3581 case SCSI_READ_TOC_PMA_ATIP:
3582 cbTransfer = ataBE2H_U16(pbPacket + 7);
3583 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3584 goto sendcmd;
3585 case SCSI_READ_TRACK_INFORMATION:
3586 cbTransfer = ataBE2H_U16(pbPacket + 7);
3587 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3588 goto sendcmd;
3589 case SCSI_REPAIR_TRACK:
3590 goto sendcmd;
3591 case SCSI_REPORT_KEY:
3592 cbTransfer = ataBE2H_U16(pbPacket + 8);
3593 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3594 goto sendcmd;
3595 case SCSI_REQUEST_SENSE:
3596 cbTransfer = pbPacket[4];
3597 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3598 {
3599 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3600 break;
3601 }
3602 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3603 goto sendcmd;
3604 case SCSI_RESERVE_TRACK:
3605 goto sendcmd;
3606 case SCSI_SCAN:
3607 goto sendcmd;
3608 case SCSI_SEEK_10:
3609 goto sendcmd;
3610 case SCSI_SEND_CUE_SHEET:
3611 cbTransfer = ataBE2H_U24(pbPacket + 6);
3612 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3613 goto sendcmd;
3614 case SCSI_SEND_DVD_STRUCTURE:
3615 cbTransfer = ataBE2H_U16(pbPacket + 8);
3616 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3617 goto sendcmd;
3618 case SCSI_SEND_EVENT:
3619 cbTransfer = ataBE2H_U16(pbPacket + 8);
3620 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3621 goto sendcmd;
3622 case SCSI_SEND_KEY:
3623 cbTransfer = ataBE2H_U16(pbPacket + 8);
3624 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3625 goto sendcmd;
3626 case SCSI_SEND_OPC_INFORMATION:
3627 cbTransfer = ataBE2H_U16(pbPacket + 7);
3628 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3629 goto sendcmd;
3630 case SCSI_SET_CD_SPEED:
3631 goto sendcmd;
3632 case SCSI_SET_READ_AHEAD:
3633 goto sendcmd;
3634 case SCSI_SET_STREAMING:
3635 cbTransfer = ataBE2H_U16(pbPacket + 9);
3636 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3637 goto sendcmd;
3638 case SCSI_START_STOP_UNIT:
3639 goto sendcmd;
3640 case SCSI_STOP_PLAY_SCAN:
3641 goto sendcmd;
3642 case SCSI_SYNCHRONIZE_CACHE:
3643 goto sendcmd;
3644 case SCSI_TEST_UNIT_READY:
3645 goto sendcmd;
3646 case SCSI_VERIFY_10:
3647 goto sendcmd;
3648 case SCSI_WRITE_10:
3649 case SCSI_WRITE_AND_VERIFY_10:
3650 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3651 cSectors = ataBE2H_U16(pbPacket + 7);
3652 if (s->pTrackList)
3653 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iATAPILBA);
3654 else
3655 s->cbATAPISector = 2048;
3656 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3657 cbTransfer = cSectors * s->cbATAPISector;
3658 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3659 goto sendcmd;
3660 case SCSI_WRITE_12:
3661 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3662 cSectors = ataBE2H_U32(pbPacket + 6);
3663 if (s->pTrackList)
3664 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iATAPILBA);
3665 else
3666 s->cbATAPISector = 2048;
3667 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3668 cbTransfer = cSectors * s->cbATAPISector;
3669 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3670 goto sendcmd;
3671 case SCSI_WRITE_BUFFER:
3672 switch (pbPacket[1] & 0x1f)
3673 {
3674 case 0x04: /* download microcode */
3675 case 0x05: /* download microcode and save */
3676 case 0x06: /* download microcode with offsets */
3677 case 0x07: /* download microcode with offsets and save */
3678 case 0x0e: /* download microcode with offsets and defer activation */
3679 case 0x0f: /* activate deferred microcode */
3680 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3681 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3682 break;
3683 default:
3684 cbTransfer = ataBE2H_U16(pbPacket + 6);
3685 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3686 goto sendcmd;
3687 }
3688 break;
3689 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3690 cbTransfer = ataBE2H_U32(pbPacket + 6);
3691 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3692 goto sendcmd;
3693 case SCSI_REZERO_UNIT:
3694 /* Obsolete command used by cdrecord. What else would one expect?
3695 * This command is not sent to the drive, it is handled internally,
3696 * as the Linux kernel doesn't like it (message "scsi: unknown
3697 * opcode 0x01" in syslog) and replies with a sense code of 0,
3698 * which sends cdrecord to an endless loop. */
3699 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3700 break;
3701 default:
3702 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3703 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3704 break;
3705 sendcmd:
3706 /*
3707 * Send a command to the drive, passing data in/out as required.
3708 * Commands which exceed the I/O buffer size are split below
3709 * or aborted if splitting is not implemented.
3710 */
3711 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3712 if (cbTransfer == 0)
3713 uTxDir = PDMBLOCKTXDIR_NONE;
3714 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3715 }
3716}
3717
3718
3719static void atapiParseCmd(ATADevState *s)
3720{
3721 const uint8_t *pbPacket;
3722
3723 pbPacket = s->aATAPICmd;
3724#ifdef DEBUG
3725 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3726#else /* !DEBUG */
3727 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3728#endif /* !DEBUG */
3729 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3730
3731 if (s->fATAPIPassthrough)
3732 atapiParseCmdPassthrough(s);
3733 else
3734 atapiParseCmdVirtualATAPI(s);
3735}
3736
3737
3738static bool ataPacketSS(ATADevState *s)
3739{
3740 s->fDMA = !!(s->uATARegFeature & 1);
3741 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3742 s->uTxDir = PDMBLOCKTXDIR_NONE;
3743 s->cbTotalTransfer = 0;
3744 s->cbElementaryTransfer = 0;
3745 atapiParseCmd(s);
3746 return false;
3747}
3748
3749
3750/**
3751 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3752 * from now on, regardless if there was a medium inserted or not.
3753 */
3754static void ataMediumRemoved(ATADevState *s)
3755{
3756 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3757}
3758
3759
3760/**
3761 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3762 * there was already a medium inserted, don't forget to send the "medium
3763 * removed" event first.
3764 */
3765static void ataMediumInserted(ATADevState *s)
3766{
3767 uint32_t OldStatus, NewStatus;
3768 do
3769 {
3770 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3771 switch (OldStatus)
3772 {
3773 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3774 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3775 /* no change, we will send "medium removed" + "medium inserted" */
3776 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3777 break;
3778 default:
3779 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3780 break;
3781 }
3782 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3783}
3784
3785/**
3786 * Called when a media is mounted.
3787 *
3788 * @param pInterface Pointer to the interface structure containing the called function pointer.
3789 */
3790static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3791{
3792 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3793 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3794
3795 /* Ignore the call if we're called while being attached. */
3796 if (!pIf->pDrvBlock)
3797 return;
3798
3799 if (pIf->fATAPI)
3800 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3801 else
3802 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / pIf->cbSector;
3803
3804 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3805
3806 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3807 if (pIf->cNotifiedMediaChange < 2)
3808 pIf->cNotifiedMediaChange = 1;
3809 ataMediumInserted(pIf);
3810 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3811}
3812
3813/**
3814 * Called when a media is unmounted
3815 * @param pInterface Pointer to the interface structure containing the called function pointer.
3816 */
3817static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3818{
3819 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3820 Log(("%s:\n", __FUNCTION__));
3821 pIf->cTotalSectors = 0;
3822
3823 /*
3824 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3825 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3826 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3827 * present and 2 in which it is changed.
3828 */
3829 pIf->cNotifiedMediaChange = 1;
3830 ataMediumRemoved(pIf);
3831 ataMediumTypeSet(pIf, ATA_MEDIA_NO_DISC);
3832}
3833
3834static void ataPacketBT(ATADevState *s)
3835{
3836 s->cbElementaryTransfer = s->cbTotalTransfer;
3837 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3838 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3839 ataSetStatusValue(s, ATA_STAT_READY);
3840}
3841
3842
3843static void ataResetDevice(ATADevState *s)
3844{
3845 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3846 s->cNotifiedMediaChange = 0;
3847 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3848 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3849 ataUnsetIRQ(s);
3850
3851 s->uATARegSelect = 0x20;
3852 ataSetStatusValue(s, ATA_STAT_READY);
3853 ataSetSignature(s);
3854 s->cbTotalTransfer = 0;
3855 s->cbElementaryTransfer = 0;
3856 s->iIOBufferPIODataStart = 0;
3857 s->iIOBufferPIODataEnd = 0;
3858 s->iBeginTransfer = ATAFN_BT_NULL;
3859 s->iSourceSink = ATAFN_SS_NULL;
3860 s->fDMA = false;
3861 s->fATAPITransfer = false;
3862 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3863
3864 s->uATARegFeature = 0;
3865}
3866
3867
3868static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3869{
3870 ataSetSignature(s);
3871 if (s->fATAPI)
3872 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3873 else
3874 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_SEEK);
3875 s->uATARegError = 0x01;
3876 return false;
3877}
3878
3879
3880static int ataTrimSectors(ATADevState *s, uint64_t u64Sector, uint32_t cSectors,
3881 bool *pfRedo)
3882{
3883 RTRANGE TrimRange;
3884 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3885 int rc;
3886
3887 PDMCritSectLeave(&pCtl->lock);
3888
3889 TrimRange.offStart = u64Sector * s->cbSector;
3890 TrimRange.cbRange = cSectors * s->cbSector;
3891
3892 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
3893 rc = s->pDrvBlock->pfnDiscard(s->pDrvBlock, &TrimRange, 1);
3894 s->Led.Actual.s.fWriting = 0;
3895
3896 if (RT_SUCCESS(rc))
3897 *pfRedo = false;
3898 else
3899 *pfRedo = ataIsRedoSetWarning(s, rc);
3900
3901 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3902 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3903 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3904 return rc;
3905}
3906
3907
3908static bool ataTrimSS(ATADevState *s)
3909{
3910 int rc = VERR_GENERAL_FAILURE;
3911 uint32_t cRangesMax;
3912 uint64_t *pu64Range = (uint64_t *)s->CTX_SUFF(pbIOBuffer);
3913 bool fRedo = false;
3914
3915 cRangesMax = s->cbElementaryTransfer / sizeof(uint64_t);
3916 Assert(cRangesMax);
3917
3918 while (cRangesMax-- > 0)
3919 {
3920 if (ATA_RANGE_LENGTH_GET(*pu64Range) == 0)
3921 break;
3922
3923 rc = ataTrimSectors(s, *pu64Range & ATA_RANGE_LBA_MASK,
3924 ATA_RANGE_LENGTH_GET(*pu64Range), &fRedo);
3925 if (RT_FAILURE(rc))
3926 break;
3927
3928 pu64Range++;
3929 }
3930
3931 if (RT_SUCCESS(rc))
3932 {
3933 s->iSourceSink = ATAFN_SS_NULL;
3934 ataCmdOK(s, ATA_STAT_SEEK);
3935 }
3936 else
3937 {
3938 if (fRedo)
3939 return fRedo;
3940 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
3941 LogRel(("PIIX3 ATA: LUN#%d: disk trim error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
3942 s->iLUN, rc, *pu64Range & ATA_RANGE_LBA_MASK, ATA_RANGE_LENGTH_GET(*pu64Range)));
3943
3944 /*
3945 * Check if we got interrupted. We don't need to set status variables
3946 * because the request was aborted.
3947 */
3948 if (rc != VERR_INTERRUPTED)
3949 ataCmdError(s, ID_ERR);
3950 }
3951
3952 return false;
3953}
3954
3955
3956static void ataParseCmd(ATADevState *s, uint8_t cmd)
3957{
3958#ifdef DEBUG
3959 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3960#else /* !DEBUG */
3961 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3962#endif /* !DEBUG */
3963 s->fLBA48 = false;
3964 s->fDMA = false;
3965 if (cmd == ATA_IDLE_IMMEDIATE)
3966 {
3967 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3968 * would overwrite the failing command unfortunately), then RESET. */
3969 int32_t uCmdWait = -1;
3970 uint64_t uNow = RTTimeNanoTS();
3971 if (s->u64CmdTS)
3972 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3973 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3974 s->iLUN, s->uATARegCommand, uCmdWait));
3975 }
3976 s->uATARegCommand = cmd;
3977 switch (cmd)
3978 {
3979 case ATA_IDENTIFY_DEVICE:
3980 if (s->pDrvBlock && !s->fATAPI)
3981 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3982 else
3983 {
3984 if (s->fATAPI)
3985 ataSetSignature(s);
3986 ataCmdError(s, ABRT_ERR);
3987 ataUnsetStatus(s, ATA_STAT_READY);
3988 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3989 }
3990 break;
3991 case ATA_RECALIBRATE:
3992 if (s->fATAPI)
3993 goto abort_cmd;
3994 /* fall through */
3995 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3996 ataCmdOK(s, ATA_STAT_SEEK);
3997 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3998 break;
3999 case ATA_SET_MULTIPLE_MODE:
4000 if ( s->uATARegNSector != 0
4001 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
4002 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
4003 {
4004 ataCmdError(s, ABRT_ERR);
4005 }
4006 else
4007 {
4008 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
4009 s->cMultSectors = s->uATARegNSector;
4010 ataCmdOK(s, 0);
4011 }
4012 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4013 break;
4014 case ATA_READ_VERIFY_SECTORS_EXT:
4015 s->fLBA48 = true;
4016 case ATA_READ_VERIFY_SECTORS:
4017 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
4018 /* do sector number check ? */
4019 ataCmdOK(s, ATA_STAT_SEEK);
4020 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4021 break;
4022 case ATA_READ_SECTORS_EXT:
4023 s->fLBA48 = true;
4024 case ATA_READ_SECTORS:
4025 case ATA_READ_SECTORS_WITHOUT_RETRIES:
4026 if (!s->pDrvBlock || s->fATAPI)
4027 goto abort_cmd;
4028 s->cSectorsPerIRQ = 1;
4029 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4030 break;
4031 case ATA_WRITE_SECTORS_EXT:
4032 s->fLBA48 = true;
4033 case ATA_WRITE_SECTORS:
4034 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
4035 if (!s->pDrvBlock || s->fATAPI)
4036 goto abort_cmd;
4037 s->cSectorsPerIRQ = 1;
4038 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4039 break;
4040 case ATA_READ_MULTIPLE_EXT:
4041 s->fLBA48 = true;
4042 case ATA_READ_MULTIPLE:
4043 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4044 goto abort_cmd;
4045 s->cSectorsPerIRQ = s->cMultSectors;
4046 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4047 break;
4048 case ATA_WRITE_MULTIPLE_EXT:
4049 s->fLBA48 = true;
4050 case ATA_WRITE_MULTIPLE:
4051 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4052 goto abort_cmd;
4053 s->cSectorsPerIRQ = s->cMultSectors;
4054 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4055 break;
4056 case ATA_READ_DMA_EXT:
4057 s->fLBA48 = true;
4058 case ATA_READ_DMA:
4059 case ATA_READ_DMA_WITHOUT_RETRIES:
4060 if (!s->pDrvBlock || s->fATAPI)
4061 goto abort_cmd;
4062 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4063 s->fDMA = true;
4064 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4065 break;
4066 case ATA_WRITE_DMA_EXT:
4067 s->fLBA48 = true;
4068 case ATA_WRITE_DMA:
4069 case ATA_WRITE_DMA_WITHOUT_RETRIES:
4070 if (!s->pDrvBlock || s->fATAPI)
4071 goto abort_cmd;
4072 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4073 s->fDMA = true;
4074 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4075 break;
4076 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
4077 s->fLBA48 = true;
4078 ataSetSector(s, s->cTotalSectors - 1);
4079 ataCmdOK(s, 0);
4080 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4081 break;
4082 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
4083 ataCmdOK(s, 0);
4084 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4085 break;
4086 case ATA_READ_NATIVE_MAX_ADDRESS:
4087 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
4088 ataCmdOK(s, 0);
4089 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4090 break;
4091 case ATA_CHECK_POWER_MODE:
4092 s->uATARegNSector = 0xff; /* drive active or idle */
4093 ataCmdOK(s, 0);
4094 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4095 break;
4096 case ATA_SET_FEATURES:
4097 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
4098 if (!s->pDrvBlock)
4099 goto abort_cmd;
4100 switch (s->uATARegFeature)
4101 {
4102 case 0x02: /* write cache enable */
4103 Log2(("%s: write cache enable\n", __FUNCTION__));
4104 ataCmdOK(s, ATA_STAT_SEEK);
4105 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4106 break;
4107 case 0xaa: /* read look-ahead enable */
4108 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
4109 ataCmdOK(s, ATA_STAT_SEEK);
4110 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4111 break;
4112 case 0x55: /* read look-ahead disable */
4113 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
4114 ataCmdOK(s, ATA_STAT_SEEK);
4115 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4116 break;
4117 case 0xcc: /* reverting to power-on defaults enable */
4118 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
4119 ataCmdOK(s, ATA_STAT_SEEK);
4120 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4121 break;
4122 case 0x66: /* reverting to power-on defaults disable */
4123 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
4124 ataCmdOK(s, ATA_STAT_SEEK);
4125 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4126 break;
4127 case 0x82: /* write cache disable */
4128 Log2(("%s: write cache disable\n", __FUNCTION__));
4129 /* As per the ATA/ATAPI-6 specs, a write cache disable
4130 * command MUST flush the write buffers to disc. */
4131 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4132 break;
4133 case 0x03: { /* set transfer mode */
4134 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
4135 switch (s->uATARegNSector & 0xf8)
4136 {
4137 case 0x00: /* PIO default */
4138 case 0x08: /* PIO mode */
4139 break;
4140 case ATA_MODE_MDMA: /* MDMA mode */
4141 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
4142 break;
4143 case ATA_MODE_UDMA: /* UDMA mode */
4144 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
4145 break;
4146 default:
4147 goto abort_cmd;
4148 }
4149 ataCmdOK(s, ATA_STAT_SEEK);
4150 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4151 break;
4152 }
4153 default:
4154 goto abort_cmd;
4155 }
4156 /*
4157 * OS/2 workarond:
4158 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
4159 * reset here. According to the specification, this is a driver bug as the register
4160 * contents are undefined after the call. This means we can just as well reset it.
4161 */
4162 s->uATARegFeature = 0;
4163 break;
4164 case ATA_FLUSH_CACHE_EXT:
4165 case ATA_FLUSH_CACHE:
4166 if (!s->pDrvBlock || s->fATAPI)
4167 goto abort_cmd;
4168 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4169 break;
4170 case ATA_STANDBY_IMMEDIATE:
4171 ataCmdOK(s, 0);
4172 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4173 break;
4174 case ATA_IDLE_IMMEDIATE:
4175 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
4176 ataAbortCurrentCommand(s, false);
4177 break;
4178 case ATA_SLEEP:
4179 ataCmdOK(s, 0);
4180 ataSetIRQ(s);
4181 break;
4182 /* ATAPI commands */
4183 case ATA_IDENTIFY_PACKET_DEVICE:
4184 if (s->fATAPI)
4185 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
4186 else
4187 {
4188 ataCmdError(s, ABRT_ERR);
4189 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4190 }
4191 break;
4192 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
4193 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
4194 break;
4195 case ATA_DEVICE_RESET:
4196 if (!s->fATAPI)
4197 goto abort_cmd;
4198 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
4199 ataAbortCurrentCommand(s, true);
4200 break;
4201 case ATA_PACKET:
4202 if (!s->fATAPI)
4203 goto abort_cmd;
4204 /* overlapping commands not supported */
4205 if (s->uATARegFeature & 0x02)
4206 goto abort_cmd;
4207 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
4208 break;
4209 case ATA_DATA_SET_MANAGEMENT:
4210 if (!s->pDrvBlock || !s->pDrvBlock->pfnDiscard)
4211 goto abort_cmd;
4212 if ( !(s->uATARegFeature & UINT8_C(0x01))
4213 || (s->uATARegFeature & ~UINT8_C(0x01)))
4214 goto abort_cmd;
4215 s->fDMA = true;
4216 ataStartTransfer(s, (s->uATARegNSectorHOB << 8 | s->uATARegNSector) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_NULL, ATAFN_SS_TRIM, false);
4217 break;
4218 default:
4219 abort_cmd:
4220 ataCmdError(s, ABRT_ERR);
4221 if (s->fATAPI)
4222 ataUnsetStatus(s, ATA_STAT_READY);
4223 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4224 break;
4225 }
4226}
4227
4228#endif /* IN_RING3 */
4229
4230/*
4231 * Note: There are four distinct cases of port I/O handling depending on
4232 * which devices (if any) are attached to an IDE channel:
4233 *
4234 * 1) No device attached. No response to writes or reads (i.e. reads return
4235 * all bits set).
4236 *
4237 * 2) Both devices attached. Reads and writes are processed normally.
4238 *
4239 * 3) Device 0 only. If device 0 is selected, normal behavior applies. But
4240 * if Device 1 is selected, writes are still directed to Device 0 (except
4241 * commands are not executed), reads from control/command registers are
4242 * directed to Device 0, but status/alt status reads return 0. If Device 1
4243 * is a PACKET device, all reads return 0. See ATAPI-6 clause 9.16.1 and
4244 * Table 18 in clause 7.1.
4245 *
4246 * 4) Device 1 only - non-standard(!). Device 1 can't tell if Device 0 is
4247 * present or not and behaves the same. That means if Device 0 is selected,
4248 * Device 1 responds to writes (except commands are not executed) but does
4249 * not respond to reads. If Device 1 selected, normal behavior applies.
4250 * See ATAPI-6 clause 9.16.2 and Table 15 in clause 7.1.
4251 */
4252
4253static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4254{
4255 Log2(("%s: LUN#%d write addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4256 addr &= 7;
4257 switch (addr)
4258 {
4259 case 0:
4260 break;
4261 case 1: /* feature register */
4262 /* NOTE: data is written to the two drives */
4263 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4264 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4265 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4266 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4267 pCtl->aIfs[0].uATARegFeature = val;
4268 pCtl->aIfs[1].uATARegFeature = val;
4269 break;
4270 case 2: /* sector count */
4271 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4272 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4273 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4274 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4275 pCtl->aIfs[0].uATARegNSector = val;
4276 pCtl->aIfs[1].uATARegNSector = val;
4277 break;
4278 case 3: /* sector number */
4279 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4280 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4281 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4282 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4283 pCtl->aIfs[0].uATARegSector = val;
4284 pCtl->aIfs[1].uATARegSector = val;
4285 break;
4286 case 4: /* cylinder low */
4287 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4288 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4289 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4290 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4291 pCtl->aIfs[0].uATARegLCyl = val;
4292 pCtl->aIfs[1].uATARegLCyl = val;
4293 break;
4294 case 5: /* cylinder high */
4295 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4296 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4297 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4298 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4299 pCtl->aIfs[0].uATARegHCyl = val;
4300 pCtl->aIfs[1].uATARegHCyl = val;
4301 break;
4302 case 6: /* drive/head */
4303 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4304 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4305 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4306 {
4307 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4308
4309 /* select another drive */
4310 pCtl->iSelectedIf = (val >> 4) & 1;
4311 /* The IRQ line is multiplexed between the two drives, so
4312 * update the state when switching to another drive. Only need
4313 * to update interrupt line if it is enabled and there is a
4314 * state change. */
4315 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4316 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4317 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4318 {
4319 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4320 {
4321 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4322 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4323 * the interrupt line is asserted. It monitors the line
4324 * for a rising edge. */
4325 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4326 if (pCtl->irq == 16)
4327 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4328 else
4329 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4330 }
4331 else
4332 {
4333 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4334 if (pCtl->irq == 16)
4335 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4336 else
4337 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4338 }
4339 }
4340 }
4341 break;
4342 default:
4343 case 7: /* command */
4344 /* ignore commands to non-existent device */
4345 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
4346 break;
4347#ifndef IN_RING3
4348 /* Don't do anything complicated in GC */
4349 return VINF_IOM_R3_IOPORT_WRITE;
4350#else /* IN_RING3 */
4351 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4352#endif /* !IN_RING3 */
4353 }
4354 return VINF_SUCCESS;
4355}
4356
4357
4358static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4359{
4360 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4361 uint32_t val;
4362 bool fHOB;
4363
4364 /* Check if the guest is reading from a non-existent device. */
4365 if (!s->pDrvBlock)
4366 {
4367 if (pCtl->iSelectedIf) /* Device 1 selected, Device 0 responding for it. */
4368 {
4369 if (!pCtl->aIfs[0].pDrvBlock) /* @todo: this case should never get here! */
4370 {
4371 Log2(("%s: addr=%#x: no device on channel\n", __FUNCTION__, addr));
4372 return VERR_IOM_IOPORT_UNUSED;
4373 }
4374 if (((addr & 7) != 1) && pCtl->aIfs[0].fATAPI) {
4375 Log2(("%s: addr=%#x, val=0: LUN#%d not attached/LUN#%d ATAPI\n", __FUNCTION__, addr,
4376 s->iLUN, pCtl->aIfs[0].iLUN));
4377 *pu32 = 0;
4378 return VINF_SUCCESS;
4379 }
4380 /* Else handle normally. */
4381 }
4382 else /* Device 0 selected (but not present). */
4383 {
4384 Log2(("%s: addr=%#x: LUN#%d not attached\n", __FUNCTION__, addr, s->iLUN));
4385 return VERR_IOM_IOPORT_UNUSED;
4386 }
4387 }
4388 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4389 switch (addr & 7)
4390 {
4391 case 0: /* data register */
4392 val = 0xff;
4393 break;
4394 case 1: /* error register */
4395 /* The ATA specification is very terse when it comes to specifying
4396 * the precise effects of reading back the error/feature register.
4397 * The error register (read-only) shares the register number with
4398 * the feature register (write-only), so it seems that it's not
4399 * necessary to support the usual HOB readback here. */
4400 if (!s->pDrvBlock)
4401 val = 0;
4402 else
4403 val = s->uATARegError;
4404 break;
4405 case 2: /* sector count */
4406 if (fHOB)
4407 val = s->uATARegNSectorHOB;
4408 else
4409 val = s->uATARegNSector;
4410 break;
4411 case 3: /* sector number */
4412 if (fHOB)
4413 val = s->uATARegSectorHOB;
4414 else
4415 val = s->uATARegSector;
4416 break;
4417 case 4: /* cylinder low */
4418 if (fHOB)
4419 val = s->uATARegLCylHOB;
4420 else
4421 val = s->uATARegLCyl;
4422 break;
4423 case 5: /* cylinder high */
4424 if (fHOB)
4425 val = s->uATARegHCylHOB;
4426 else
4427 val = s->uATARegHCyl;
4428 break;
4429 case 6: /* drive/head */
4430 /* This register must always work as long as there is at least
4431 * one drive attached to the controller. It is common between
4432 * both drives anyway (completely identical content). */
4433 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4434 val = 0;
4435 else
4436 val = s->uATARegSelect;
4437 break;
4438 default:
4439 case 7: /* primary status */
4440 {
4441 /* Counter for number of busy status seen in GC in a row. */
4442 static unsigned cBusy = 0;
4443
4444 if (!s->pDrvBlock)
4445 val = 0;
4446 else
4447 val = s->uATARegStatus;
4448
4449 /* Give the async I/O thread an opportunity to make progress,
4450 * don't let it starve by guests polling frequently. EMT has a
4451 * lower priority than the async I/O thread, but sometimes the
4452 * host OS doesn't care. With some guests we are only allowed to
4453 * be busy for about 5 milliseconds in some situations. Note that
4454 * this is no guarantee for any other VBox thread getting
4455 * scheduled, so this just lowers the CPU load a bit when drives
4456 * are busy. It cannot help with timing problems. */
4457 if (val & ATA_STAT_BUSY)
4458 {
4459#ifdef IN_RING3
4460 cBusy = 0;
4461 PDMCritSectLeave(&pCtl->lock);
4462
4463#ifndef RT_OS_WINDOWS
4464 /*
4465 * The thread might be stuck in an I/O operation
4466 * due to a high I/O load on the host. (see @bugref{3301})
4467 * To perform the reset successfully
4468 * we interrupt the operation by sending a signal to the thread
4469 * if the thread didn't responded in 10ms.
4470 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4471 * does the same but it was introduced with Vista) but so far
4472 * this hang was only observed on Linux and Mac OS X.
4473 *
4474 * This is a workaround and needs to be solved properly.
4475 */
4476 if (pCtl->fReset)
4477 {
4478 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4479
4480 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4481 {
4482 LogRel(("PIIX3 ATA LUN#%d: Async I/O thread probably stuck in operation, interrupting\n", s->iLUN));
4483 pCtl->u64ResetTime = u64ResetTimeStop;
4484 RTThreadPoke(pCtl->AsyncIOThread);
4485 }
4486 }
4487#endif
4488
4489 RTThreadYield();
4490
4491 {
4492 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4493 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4494 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4495 }
4496
4497 val = s->uATARegStatus;
4498#else /* !IN_RING3 */
4499 /* Cannot yield CPU in guest context. And switching to host
4500 * context for each and every busy status is too costly,
4501 * especially on SMP systems where we don't gain much by
4502 * yielding the CPU to someone else. */
4503 if (++cBusy >= 20)
4504 {
4505 cBusy = 0;
4506 return VINF_IOM_R3_IOPORT_READ;
4507 }
4508#endif /* !IN_RING3 */
4509 }
4510 else
4511 cBusy = 0;
4512 ataUnsetIRQ(s);
4513 break;
4514 }
4515 }
4516 Log2(("%s: LUN#%d addr=%#x val=%#04x\n", __FUNCTION__, s->iLUN, addr, val));
4517 *pu32 = val;
4518 return VINF_SUCCESS;
4519}
4520
4521
4522static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4523{
4524 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4525 uint32_t val;
4526
4527 //@todo: The handler should not be even registered if there
4528 // is no device on an IDE channel.
4529 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4530 val = 0xff;
4531 else if (pCtl->iSelectedIf == 1 && !s->pDrvBlock)
4532 val = 0; /* Device 1 selected, Device 0 responding for it. */
4533 else
4534 val = s->uATARegStatus;
4535 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4536 return val;
4537}
4538
4539static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4540{
4541#ifndef IN_RING3
4542 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4543 return VINF_IOM_R3_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4544#endif /* !IN_RING3 */
4545
4546 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4547 /* RESET is common for both drives attached to a controller. */
4548 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4549 (val & ATA_DEVCTL_RESET))
4550 {
4551#ifdef IN_RING3
4552 /* Software RESET low to high */
4553 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4554 uint64_t uNow = RTTimeNanoTS();
4555 if (pCtl->aIfs[0].u64CmdTS)
4556 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4557 if (pCtl->aIfs[1].u64CmdTS)
4558 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4559 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4560 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4561 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4562 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4563 pCtl->fReset = true;
4564 /* Everything must be done after the reset flag is set, otherwise
4565 * there are unavoidable races with the currently executing request
4566 * (which might just finish in the mean time). */
4567 pCtl->fChainedTransfer = false;
4568 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4569 {
4570 ataResetDevice(&pCtl->aIfs[i]);
4571 /* The following cannot be done using ataSetStatusValue() since the
4572 * reset flag is already set, which suppresses all status changes. */
4573 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4574 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4575 pCtl->aIfs[i].uATARegError = 0x01;
4576 }
4577 ataAsyncIOClearRequests(pCtl);
4578 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4579 if (val & ATA_DEVCTL_HOB)
4580 {
4581 val &= ~ATA_DEVCTL_HOB;
4582 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4583 }
4584
4585 /* Save the timestamp we started the reset. */
4586 pCtl->u64ResetTime = RTTimeMilliTS();
4587
4588 /* Issue the reset request now. */
4589 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4590#else /* !IN_RING3 */
4591 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4592#endif /* IN_RING3 */
4593 }
4594 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4595 !(val & ATA_DEVCTL_RESET))
4596 {
4597#ifdef IN_RING3
4598 /* Software RESET high to low */
4599 Log(("%s: deasserting RESET\n", __FUNCTION__));
4600 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4601 if (val & ATA_DEVCTL_HOB)
4602 {
4603 val &= ~ATA_DEVCTL_HOB;
4604 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4605 }
4606 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4607#else /* !IN_RING3 */
4608 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4609#endif /* IN_RING3 */
4610 }
4611
4612 /* Change of interrupt disable flag. Update interrupt line if interrupt
4613 * is pending on the current interface. */
4614 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4615 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4616 {
4617 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4618 {
4619 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4620 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4621 * interrupt line is asserted. It monitors the line for a rising
4622 * edge. */
4623 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4624 if (pCtl->irq == 16)
4625 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4626 else
4627 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4628 }
4629 else
4630 {
4631 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4632 if (pCtl->irq == 16)
4633 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4634 else
4635 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4636 }
4637 }
4638
4639 if (val & ATA_DEVCTL_HOB)
4640 Log2(("%s: set HOB\n", __FUNCTION__));
4641
4642 pCtl->aIfs[0].uATARegDevCtl = val;
4643 pCtl->aIfs[1].uATARegDevCtl = val;
4644
4645 return VINF_SUCCESS;
4646}
4647
4648#ifdef IN_RING3
4649
4650static void ataPIOTransfer(PATACONTROLLER pCtl)
4651{
4652 ATADevState *s;
4653
4654 s = &pCtl->aIfs[pCtl->iAIOIf];
4655 Log3(("%s: if=%p\n", __FUNCTION__, s));
4656
4657 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4658 {
4659 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4660 /* Any guest OS that triggers this case has a pathetic ATA driver.
4661 * In a real system it would block the CPU via IORDY, here we do it
4662 * very similarly by not continuing with the current instruction
4663 * until the transfer to/from the storage medium is completed. */
4664 if (s->iSourceSink != ATAFN_SS_NULL)
4665 {
4666 bool fRedo;
4667 uint8_t status = s->uATARegStatus;
4668 ataSetStatusValue(s, ATA_STAT_BUSY);
4669 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4670 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4671 pCtl->fRedo = fRedo;
4672 if (RT_UNLIKELY(fRedo))
4673 return;
4674 ataSetStatusValue(s, status);
4675 s->iIOBufferCur = 0;
4676 s->iIOBufferEnd = s->cbElementaryTransfer;
4677 }
4678 }
4679 if (s->cbTotalTransfer)
4680 {
4681 if (s->fATAPITransfer)
4682 ataPIOTransferLimitATAPI(s);
4683
4684 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4685 s->cbElementaryTransfer = s->cbTotalTransfer;
4686
4687 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4688 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4689 s->cbTotalTransfer, s->cbElementaryTransfer,
4690 s->iIOBufferCur, s->iIOBufferEnd));
4691 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4692 s->cbTotalTransfer -= s->cbElementaryTransfer;
4693 s->iIOBufferCur += s->cbElementaryTransfer;
4694
4695 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4696 s->cbElementaryTransfer = s->cbTotalTransfer;
4697 }
4698 else
4699 ataPIOTransferStop(s);
4700}
4701
4702
4703DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4704{
4705 /* Do not interfere with RESET processing if the PIO transfer finishes
4706 * while the RESET line is asserted. */
4707 if (pCtl->fReset)
4708 {
4709 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4710 return;
4711 }
4712
4713 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4714 || ( s->iSourceSink != ATAFN_SS_NULL
4715 && s->iIOBufferCur >= s->iIOBufferEnd))
4716 {
4717 /* Need to continue the transfer in the async I/O thread. This is
4718 * the case for write operations or generally for not yet finished
4719 * transfers (some data might need to be read). */
4720 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4721 ataSetStatus(s, ATA_STAT_BUSY);
4722
4723 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4724 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4725 }
4726 else
4727 {
4728 /* Either everything finished (though some data might still be pending)
4729 * or some data is pending before the next read is due. */
4730
4731 /* Continue a previously started transfer. */
4732 ataUnsetStatus(s, ATA_STAT_DRQ);
4733 ataSetStatus(s, ATA_STAT_READY);
4734
4735 if (s->cbTotalTransfer)
4736 {
4737 /* There is more to transfer, happens usually for large ATAPI
4738 * reads - the protocol limits the chunk size to 65534 bytes. */
4739 ataPIOTransfer(pCtl);
4740 ataSetIRQ(s);
4741 }
4742 else
4743 {
4744 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4745 /* Finish PIO transfer. */
4746 ataPIOTransfer(pCtl);
4747 Assert(!pCtl->fRedo);
4748 }
4749 }
4750}
4751
4752#endif /* IN_RING3 */
4753
4754static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4755{
4756 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4757 uint8_t *p;
4758
4759 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4760 {
4761 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4762 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4763#ifndef IN_RING3
4764 /* All but the last transfer unit is simple enough for GC, but
4765 * sending a request to the async IO thread is too complicated. */
4766 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4767 {
4768 memcpy(p, pbBuf, cbSize);
4769 s->iIOBufferPIODataStart += cbSize;
4770 }
4771 else
4772 return VINF_IOM_R3_IOPORT_WRITE;
4773#else /* IN_RING3 */
4774 memcpy(p, pbBuf, cbSize);
4775 s->iIOBufferPIODataStart += cbSize;
4776 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4777 ataPIOTransferFinish(pCtl, s);
4778#endif /* !IN_RING3 */
4779 }
4780 else
4781 Log2(("%s: DUMMY data\n", __FUNCTION__));
4782 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4783 return VINF_SUCCESS;
4784}
4785
4786static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4787{
4788 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4789 uint8_t *p;
4790
4791 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4792 {
4793 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4794 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4795#ifndef IN_RING3
4796 /* All but the last transfer unit is simple enough for GC, but
4797 * sending a request to the async IO thread is too complicated. */
4798 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4799 {
4800 memcpy(pbBuf, p, cbSize);
4801 s->iIOBufferPIODataStart += cbSize;
4802 }
4803 else
4804 return VINF_IOM_R3_IOPORT_READ;
4805#else /* IN_RING3 */
4806 memcpy(pbBuf, p, cbSize);
4807 s->iIOBufferPIODataStart += cbSize;
4808 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4809 ataPIOTransferFinish(pCtl, s);
4810#endif /* !IN_RING3 */
4811 }
4812 else
4813 {
4814 Log2(("%s: DUMMY data\n", __FUNCTION__));
4815 memset(pbBuf, '\xff', cbSize);
4816 }
4817 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4818 return VINF_SUCCESS;
4819}
4820
4821#ifdef IN_RING3
4822
4823static void ataDMATransferStop(ATADevState *s)
4824{
4825 s->cbTotalTransfer = 0;
4826 s->cbElementaryTransfer = 0;
4827 s->iBeginTransfer = ATAFN_BT_NULL;
4828 s->iSourceSink = ATAFN_SS_NULL;
4829}
4830
4831
4832/**
4833 * Perform the entire DMA transfer in one go (unless a source/sink operation
4834 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4835 * this function cannot handle empty transfers.
4836 *
4837 * @param pCtl Controller for which to perform the transfer.
4838 */
4839static void ataDMATransfer(PATACONTROLLER pCtl)
4840{
4841 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4842 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4843 bool fRedo;
4844 RTGCPHYS32 pDesc;
4845 uint32_t cbTotalTransfer, cbElementaryTransfer;
4846 uint32_t iIOBufferCur, iIOBufferEnd;
4847 uint32_t dmalen;
4848 PDMBLOCKTXDIR uTxDir;
4849 bool fLastDesc = false;
4850
4851 Assert(sizeof(BMDMADesc) == 8);
4852
4853 fRedo = pCtl->fRedo;
4854 if (RT_LIKELY(!fRedo))
4855 Assert(s->cbTotalTransfer);
4856 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4857 cbTotalTransfer = s->cbTotalTransfer;
4858 cbElementaryTransfer = s->cbElementaryTransfer;
4859 iIOBufferCur = s->iIOBufferCur;
4860 iIOBufferEnd = s->iIOBufferEnd;
4861
4862 /* The DMA loop is designed to hold the lock only when absolutely
4863 * necessary. This avoids long freezes should the guest access the
4864 * ATA registers etc. for some reason. */
4865 PDMCritSectLeave(&pCtl->lock);
4866
4867 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4868 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4869 cbTotalTransfer, cbElementaryTransfer,
4870 iIOBufferCur, iIOBufferEnd));
4871 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4872 {
4873 BMDMADesc DMADesc;
4874 RTGCPHYS32 pBuffer;
4875 uint32_t cbBuffer;
4876
4877 if (RT_UNLIKELY(fRedo))
4878 {
4879 pBuffer = pCtl->pRedoDMABuffer;
4880 cbBuffer = pCtl->cbRedoDMABuffer;
4881 fLastDesc = pCtl->fRedoDMALastDesc;
4882 }
4883 else
4884 {
4885 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4886 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4887 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4888 fLastDesc = !!(cbBuffer & 0x80000000);
4889 cbBuffer &= 0xfffe;
4890 if (cbBuffer == 0)
4891 cbBuffer = 0x10000;
4892 if (cbBuffer > cbTotalTransfer)
4893 cbBuffer = cbTotalTransfer;
4894 }
4895
4896 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4897 {
4898 if (RT_LIKELY(!fRedo))
4899 {
4900 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4901 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x orig_size=%#010x\n", __FUNCTION__,
4902 (int)pDesc, pBuffer, cbBuffer, RT_LE2H_U32(DMADesc.cbBuffer) & 0xfffe));
4903
4904 PCIATAState *pATAState = PDMINS_2_DATA(pDevIns, PCIATAState *);
4905 AssertPtr(pATAState);
4906 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4907 PDMDevHlpPCIPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4908 else
4909 PDMDevHlpPCIPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4910
4911 iIOBufferCur += dmalen;
4912 cbTotalTransfer -= dmalen;
4913 cbBuffer -= dmalen;
4914 pBuffer += dmalen;
4915 }
4916 if ( iIOBufferCur == iIOBufferEnd
4917 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4918 {
4919 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4920 cbElementaryTransfer = cbTotalTransfer;
4921
4922 {
4923 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4924 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4925 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4926 }
4927
4928 /* The RESET handler could have cleared the DMA transfer
4929 * state (since we didn't hold the lock until just now
4930 * the guest can continue in parallel). If so, the state
4931 * is already set up so the loop is exited immediately. */
4932 if (s->iSourceSink != ATAFN_SS_NULL)
4933 {
4934 s->iIOBufferCur = iIOBufferCur;
4935 s->iIOBufferEnd = iIOBufferEnd;
4936 s->cbElementaryTransfer = cbElementaryTransfer;
4937 s->cbTotalTransfer = cbTotalTransfer;
4938 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4939 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4940 if (RT_UNLIKELY(fRedo))
4941 {
4942 pCtl->pFirstDMADesc = pDesc;
4943 pCtl->pRedoDMABuffer = pBuffer;
4944 pCtl->cbRedoDMABuffer = cbBuffer;
4945 pCtl->fRedoDMALastDesc = fLastDesc;
4946 }
4947 else
4948 {
4949 cbTotalTransfer = s->cbTotalTransfer;
4950 cbElementaryTransfer = s->cbElementaryTransfer;
4951
4952 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4953 cbElementaryTransfer = cbTotalTransfer;
4954 iIOBufferCur = 0;
4955 iIOBufferEnd = cbElementaryTransfer;
4956 }
4957 pCtl->fRedo = fRedo;
4958 }
4959 else
4960 {
4961 /* This forces the loop to exit immediately. */
4962 pDesc = pCtl->pLastDMADesc + 1;
4963 }
4964
4965 PDMCritSectLeave(&pCtl->lock);
4966 if (RT_UNLIKELY(fRedo))
4967 break;
4968 }
4969 }
4970
4971 if (RT_UNLIKELY(fRedo))
4972 break;
4973
4974 /* end of transfer */
4975 if (!cbTotalTransfer || fLastDesc)
4976 break;
4977
4978 {
4979 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4980 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4981 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4982 }
4983
4984 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4985 {
4986 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4987 if (!pCtl->fReset)
4988 ataDMATransferStop(s);
4989 /* This forces the loop to exit immediately. */
4990 pDesc = pCtl->pLastDMADesc + 1;
4991 }
4992
4993 PDMCritSectLeave(&pCtl->lock);
4994 }
4995
4996 {
4997 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4998 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4999 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5000 }
5001
5002 if (RT_UNLIKELY(fRedo))
5003 return;
5004
5005 if (fLastDesc)
5006 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5007 s->cbTotalTransfer = cbTotalTransfer;
5008 s->cbElementaryTransfer = cbElementaryTransfer;
5009 s->iIOBufferCur = iIOBufferCur;
5010 s->iIOBufferEnd = iIOBufferEnd;
5011}
5012
5013/**
5014 * Signal PDM that we're idle (if we actually are).
5015 *
5016 * @param pCtl The controller.
5017 */
5018static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
5019{
5020 /*
5021 * Take the mutex here and recheck the idle indicator to avoid
5022 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
5023 */
5024 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
5025
5026 if ( pCtl->fSignalIdle
5027 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
5028 {
5029 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5030 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
5031 }
5032
5033 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
5034}
5035
5036/** Async I/O thread for an interface. Once upon a time this was readable
5037 * code with several loops and a different semaphore for each purpose. But
5038 * then came the "how can one save the state in the middle of a PIO transfer"
5039 * question. The solution was to use an ASM, which is what's there now. */
5040static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
5041{
5042 const ATARequest *pReq;
5043 uint64_t u64TS = 0; /* shut up gcc */
5044 uint64_t uWait;
5045 int rc = VINF_SUCCESS;
5046 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
5047 ATADevState *s;
5048
5049 pReq = NULL;
5050 pCtl->fChainedTransfer = false;
5051 while (!pCtl->fShutdown)
5052 {
5053 /* Keep this thread from doing anything as long as EMT is suspended. */
5054 while (pCtl->fRedoIdle)
5055 {
5056 if (pCtl->fSignalIdle)
5057 ataR3AsyncSignalIdle(pCtl);
5058 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
5059 /* Continue if we got a signal by RTThreadPoke().
5060 * We will get notified if there is a request to process.
5061 */
5062 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5063 continue;
5064 if (RT_FAILURE(rc) || pCtl->fShutdown)
5065 break;
5066
5067 pCtl->fRedoIdle = false;
5068 }
5069
5070 /* Wait for work. */
5071 while (pReq == NULL)
5072 {
5073 if (pCtl->fSignalIdle)
5074 ataR3AsyncSignalIdle(pCtl);
5075 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
5076 /* Continue if we got a signal by RTThreadPoke().
5077 * We will get notified if there is a request to process.
5078 */
5079 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5080 continue;
5081 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
5082 break;
5083
5084 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5085 }
5086
5087 if (RT_FAILURE(rc) || pCtl->fShutdown)
5088 break;
5089
5090 if (pReq == NULL)
5091 continue;
5092
5093 ATAAIO ReqType = pReq->ReqType;
5094
5095 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
5096 if (pCtl->uAsyncIOState != ReqType)
5097 {
5098 /* The new state is not the state that was expected by the normal
5099 * state changes. This is either a RESET/ABORT or there's something
5100 * really strange going on. */
5101 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
5102 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
5103 {
5104 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
5105 ataAsyncIODumpRequests(pCtl);
5106 }
5107 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
5108 }
5109
5110 /* Do our work. */
5111 {
5112 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5113 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5114 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5115 }
5116
5117 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5118 {
5119 u64TS = RTTimeNanoTS();
5120#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5121 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
5122#endif /* DEBUG || VBOX_WITH_STATISTICS */
5123 }
5124
5125 switch (ReqType)
5126 {
5127 case ATA_AIO_NEW:
5128
5129 pCtl->iAIOIf = pReq->u.t.iIf;
5130 s = &pCtl->aIfs[pCtl->iAIOIf];
5131 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
5132 s->uTxDir = pReq->u.t.uTxDir;
5133 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
5134 s->iSourceSink = pReq->u.t.iSourceSink;
5135 s->iIOBufferEnd = 0;
5136 s->u64CmdTS = u64TS;
5137
5138 if (s->fATAPI)
5139 {
5140 if (pCtl->fChainedTransfer)
5141 {
5142 /* Only count the actual transfers, not the PIO
5143 * transfer of the ATAPI command bytes. */
5144 if (s->fDMA)
5145 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
5146 else
5147 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
5148 }
5149 }
5150 else
5151 {
5152 if (s->fDMA)
5153 STAM_REL_COUNTER_INC(&s->StatATADMA);
5154 else
5155 STAM_REL_COUNTER_INC(&s->StatATAPIO);
5156 }
5157
5158 pCtl->fChainedTransfer = false;
5159
5160 if (s->iBeginTransfer != ATAFN_BT_NULL)
5161 {
5162 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5163 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
5164 s->iBeginTransfer = ATAFN_BT_NULL;
5165 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5166 s->iIOBufferEnd = s->cbElementaryTransfer;
5167 }
5168 else
5169 {
5170 s->cbElementaryTransfer = s->cbTotalTransfer;
5171 s->iIOBufferEnd = s->cbTotalTransfer;
5172 }
5173 s->iIOBufferCur = 0;
5174
5175 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5176 {
5177 if (s->iSourceSink != ATAFN_SS_NULL)
5178 {
5179 bool fRedo;
5180 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5181 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5182 pCtl->fRedo = fRedo;
5183 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5184 {
5185 /* Operation failed at the initial transfer, restart
5186 * everything from scratch by resending the current
5187 * request. Occurs very rarely, not worth optimizing. */
5188 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5189 ataAsyncIOPutRequest(pCtl, pReq);
5190 break;
5191 }
5192 }
5193 else
5194 ataCmdOK(s, 0);
5195 s->iIOBufferEnd = s->cbElementaryTransfer;
5196
5197 }
5198
5199 /* Do not go into the transfer phase if RESET is asserted.
5200 * The CritSect is released while waiting for the host OS
5201 * to finish the I/O, thus RESET is possible here. Most
5202 * important: do not change uAsyncIOState. */
5203 if (pCtl->fReset)
5204 break;
5205
5206 if (s->fDMA)
5207 {
5208 if (s->cbTotalTransfer)
5209 {
5210 ataSetStatus(s, ATA_STAT_DRQ);
5211
5212 pCtl->uAsyncIOState = ATA_AIO_DMA;
5213 /* If BMDMA is already started, do the transfer now. */
5214 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
5215 {
5216 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5217 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5218 }
5219 }
5220 else
5221 {
5222 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5223 /* Finish DMA transfer. */
5224 ataDMATransferStop(s);
5225 ataSetIRQ(s);
5226 pCtl->uAsyncIOState = ATA_AIO_NEW;
5227 }
5228 }
5229 else
5230 {
5231 if (s->cbTotalTransfer)
5232 {
5233 ataPIOTransfer(pCtl);
5234 Assert(!pCtl->fRedo);
5235 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5236 ataSetIRQ(s);
5237
5238 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5239 {
5240 /* Write operations and not yet finished transfers
5241 * must be completed in the async I/O thread. */
5242 pCtl->uAsyncIOState = ATA_AIO_PIO;
5243 }
5244 else
5245 {
5246 /* Finished read operation can be handled inline
5247 * in the end of PIO transfer handling code. Linux
5248 * depends on this, as it waits only briefly for
5249 * devices to become ready after incoming data
5250 * transfer. Cannot find anything in the ATA spec
5251 * that backs this assumption, but as all kernels
5252 * are affected (though most of the time it does
5253 * not cause any harm) this must work. */
5254 pCtl->uAsyncIOState = ATA_AIO_NEW;
5255 }
5256 }
5257 else
5258 {
5259 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5260 /* Finish PIO transfer. */
5261 ataPIOTransfer(pCtl);
5262 Assert(!pCtl->fRedo);
5263 if (!s->fATAPITransfer)
5264 ataSetIRQ(s);
5265 pCtl->uAsyncIOState = ATA_AIO_NEW;
5266 }
5267 }
5268 break;
5269
5270 case ATA_AIO_DMA:
5271 {
5272 BMDMAState *bm = &pCtl->BmDma;
5273 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5274 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
5275
5276 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
5277 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
5278 else
5279 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5280
5281 if (RT_LIKELY(!pCtl->fRedo))
5282 {
5283 /* The specs say that the descriptor table must not cross a
5284 * 4K boundary. */
5285 pCtl->pFirstDMADesc = bm->pvAddr;
5286 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
5287 }
5288 ataDMATransfer(pCtl);
5289
5290 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5291 {
5292 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5293 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5294 break;
5295 }
5296
5297 /* The infamous delay IRQ hack. */
5298 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5299 && s->cbTotalTransfer == 0
5300 && pCtl->DelayIRQMillies)
5301 {
5302 /* Delay IRQ for writing. Required to get the Win2K
5303 * installation work reliably (otherwise it crashes,
5304 * usually during component install). So far no better
5305 * solution has been found. */
5306 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5307 PDMCritSectLeave(&pCtl->lock);
5308 RTThreadSleep(pCtl->DelayIRQMillies);
5309 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5310 }
5311
5312 ataUnsetStatus(s, ATA_STAT_DRQ);
5313 Assert(!pCtl->fChainedTransfer);
5314 Assert(s->iSourceSink == ATAFN_SS_NULL);
5315 if (s->fATAPITransfer)
5316 {
5317 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5318 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5319 s->fATAPITransfer = false;
5320 }
5321 ataSetIRQ(s);
5322 pCtl->uAsyncIOState = ATA_AIO_NEW;
5323 break;
5324 }
5325
5326 case ATA_AIO_PIO:
5327 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5328
5329 if (s->iSourceSink != ATAFN_SS_NULL)
5330 {
5331 bool fRedo;
5332 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5333 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5334 pCtl->fRedo = fRedo;
5335 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5336 {
5337 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5338 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5339 break;
5340 }
5341 s->iIOBufferCur = 0;
5342 s->iIOBufferEnd = s->cbElementaryTransfer;
5343 }
5344 else
5345 {
5346 /* Continue a previously started transfer. */
5347 ataUnsetStatus(s, ATA_STAT_BUSY);
5348 ataSetStatus(s, ATA_STAT_READY);
5349 }
5350
5351 /* It is possible that the drives on this controller get RESET
5352 * during the above call to the source/sink function. If that's
5353 * the case, don't restart the transfer and don't finish it the
5354 * usual way. RESET handling took care of all that already.
5355 * Most important: do not change uAsyncIOState. */
5356 if (pCtl->fReset)
5357 break;
5358
5359 if (s->cbTotalTransfer)
5360 {
5361 ataPIOTransfer(pCtl);
5362 ataSetIRQ(s);
5363
5364 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5365 {
5366 /* Write operations and not yet finished transfers
5367 * must be completed in the async I/O thread. */
5368 pCtl->uAsyncIOState = ATA_AIO_PIO;
5369 }
5370 else
5371 {
5372 /* Finished read operation can be handled inline
5373 * in the end of PIO transfer handling code. Linux
5374 * depends on this, as it waits only briefly for
5375 * devices to become ready after incoming data
5376 * transfer. Cannot find anything in the ATA spec
5377 * that backs this assumption, but as all kernels
5378 * are affected (though most of the time it does
5379 * not cause any harm) this must work. */
5380 pCtl->uAsyncIOState = ATA_AIO_NEW;
5381 }
5382 }
5383 else
5384 {
5385 /* Finish PIO transfer. */
5386 ataPIOTransfer(pCtl);
5387 if ( !pCtl->fChainedTransfer
5388 && !s->fATAPITransfer
5389 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5390 {
5391 ataSetIRQ(s);
5392 }
5393 pCtl->uAsyncIOState = ATA_AIO_NEW;
5394 }
5395 break;
5396
5397 case ATA_AIO_RESET_ASSERTED:
5398 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5399 ataPIOTransferStop(&pCtl->aIfs[0]);
5400 ataPIOTransferStop(&pCtl->aIfs[1]);
5401 /* Do not change the DMA registers, they are not affected by the
5402 * ATA controller reset logic. It should be sufficient to issue a
5403 * new command, which is now possible as the state is cleared. */
5404 break;
5405
5406 case ATA_AIO_RESET_CLEARED:
5407 pCtl->uAsyncIOState = ATA_AIO_NEW;
5408 pCtl->fReset = false;
5409 /* Ensure that half-completed transfers are not redone. A reset
5410 * cancels the entire transfer, so continuing is wrong. */
5411 pCtl->fRedo = false;
5412 pCtl->fRedoDMALastDesc = false;
5413 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5414 ATACONTROLLER_IDX(pCtl)));
5415 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5416 {
5417 if (pCtl->aIfs[i].fATAPI)
5418 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5419 else
5420 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5421 ataSetSignature(&pCtl->aIfs[i]);
5422 }
5423 break;
5424
5425 case ATA_AIO_ABORT:
5426 /* Abort the current command no matter what. There cannot be
5427 * any command activity on the other drive otherwise using
5428 * one thread per controller wouldn't work at all. */
5429 s = &pCtl->aIfs[pReq->u.a.iIf];
5430
5431 pCtl->uAsyncIOState = ATA_AIO_NEW;
5432 /* Do not change the DMA registers, they are not affected by the
5433 * ATA controller reset logic. It should be sufficient to issue a
5434 * new command, which is now possible as the state is cleared. */
5435 if (pReq->u.a.fResetDrive)
5436 {
5437 ataResetDevice(s);
5438 ataExecuteDeviceDiagnosticSS(s);
5439 }
5440 else
5441 {
5442 /* Stop any pending DMA transfer. */
5443 s->fDMA = false;
5444 ataPIOTransferStop(s);
5445 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5446 ataSetStatus(s, ATA_STAT_READY);
5447 ataSetIRQ(s);
5448 }
5449 break;
5450
5451 default:
5452 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5453 }
5454
5455 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5456 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5457
5458 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5459 {
5460#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5461 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5462#endif /* DEBUG || VBOX_WITH_STATISTICS */
5463
5464 u64TS = RTTimeNanoTS() - u64TS;
5465 uWait = u64TS / 1000;
5466 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5467 /* Mark command as finished. */
5468 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5469
5470 /*
5471 * Release logging of command execution times depends on the
5472 * command type. ATAPI commands often take longer (due to CD/DVD
5473 * spin up time etc.) so the threshold is different.
5474 */
5475 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5476 {
5477 if (uWait > 8 * 1000 * 1000)
5478 {
5479 /*
5480 * Command took longer than 8 seconds. This is close
5481 * enough or over the guest's command timeout, so place
5482 * an entry in the release log to allow tracking such
5483 * timing errors (which are often caused by the host).
5484 */
5485 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5486 }
5487 }
5488 else
5489 {
5490 if (uWait > 20 * 1000 * 1000)
5491 {
5492 /*
5493 * Command took longer than 20 seconds. This is close
5494 * enough or over the guest's command timeout, so place
5495 * an entry in the release log to allow tracking such
5496 * timing errors (which are often caused by the host).
5497 */
5498 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5499 }
5500 }
5501
5502#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5503 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5504 pCtl->StatAsyncMinWait = uWait;
5505 if (uWait > pCtl->StatAsyncMaxWait)
5506 pCtl->StatAsyncMaxWait = uWait;
5507
5508 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5509 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5510#endif /* DEBUG || VBOX_WITH_STATISTICS */
5511 }
5512
5513 PDMCritSectLeave(&pCtl->lock);
5514 }
5515
5516 /* Signal the ultimate idleness. */
5517 RTThreadUserSignal(pCtl->AsyncIOThread);
5518 if (pCtl->fSignalIdle)
5519 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5520
5521 /* Cleanup the state. */
5522 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5523 pCtl->fShutdown = false;
5524
5525 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5526 return rc;
5527}
5528
5529#endif /* IN_RING3 */
5530
5531static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5532{
5533 uint32_t val = pCtl->BmDma.u8Cmd;
5534 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5535 return val;
5536}
5537
5538
5539static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5540{
5541 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5542 if (!(val & BM_CMD_START))
5543 {
5544 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5545 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5546 }
5547 else
5548 {
5549#ifdef IN_RING3
5550 /* Check whether the guest OS wants to change DMA direction in
5551 * mid-flight. Not allowed, according to the PIIX3 specs. */
5552 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5553 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5554 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5555 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5556
5557 /* Do not continue DMA transfers while the RESET line is asserted. */
5558 if (pCtl->fReset)
5559 {
5560 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5561 return;
5562 }
5563
5564 /* Do not start DMA transfers if there's a PIO transfer going on,
5565 * or if there is already a transfer started on this controller. */
5566 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5567 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5568 return;
5569
5570 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5571 {
5572 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5573 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5574 }
5575#else /* !IN_RING3 */
5576 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5577#endif /* IN_RING3 */
5578 }
5579}
5580
5581static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5582{
5583 uint32_t val = pCtl->BmDma.u8Status;
5584 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5585 return val;
5586}
5587
5588static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5589{
5590 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5591 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5592 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5593 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5594}
5595
5596static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5597{
5598 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5599 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5600 return val;
5601}
5602
5603static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5604{
5605 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5606 pCtl->BmDma.pvAddr = val & ~3;
5607}
5608
5609static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5610{
5611 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5612 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5613
5614}
5615
5616static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5617{
5618 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5619 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5620}
5621
5622#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5623
5624/**
5625 * Port I/O Handler for bus master DMA IN operations.
5626 * @see FNIOMIOPORTIN for details.
5627 */
5628PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5629{
5630 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5631 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5632 PATACONTROLLER pCtl = &pThis->aCts[i];
5633
5634 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5635 if (rc != VINF_SUCCESS)
5636 return rc;
5637 switch (VAL(Port, cb))
5638 {
5639 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5640 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5641 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5642 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5643 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5644 case VAL(0, 4):
5645 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5646 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5647 break;
5648 default:
5649 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5650 PDMCritSectLeave(&pCtl->lock);
5651 return VERR_IOM_IOPORT_UNUSED;
5652 }
5653 PDMCritSectLeave(&pCtl->lock);
5654 return rc;
5655}
5656
5657/**
5658 * Port I/O Handler for bus master DMA OUT operations.
5659 * @see FNIOMIOPORTOUT for details.
5660 */
5661PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5662{
5663 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5664 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5665 PATACONTROLLER pCtl = &pThis->aCts[i];
5666
5667 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5668 if (rc != VINF_SUCCESS)
5669 return rc;
5670 switch (VAL(Port, cb))
5671 {
5672 case VAL(0, 1):
5673#ifndef IN_RING3
5674 if (u32 & BM_CMD_START)
5675 {
5676 rc = VINF_IOM_R3_IOPORT_WRITE;
5677 break;
5678 }
5679#endif /* !IN_RING3 */
5680 ataBMDMACmdWriteB(pCtl, Port, u32);
5681 break;
5682 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5683 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5684 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5685 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5686 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5687 }
5688 PDMCritSectLeave(&pCtl->lock);
5689 return rc;
5690}
5691
5692#undef VAL
5693
5694#ifdef IN_RING3
5695
5696/**
5697 * Callback function for mapping an PCI I/O region.
5698 *
5699 * @return VBox status code.
5700 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5701 * @param iRegion The region number.
5702 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5703 * I/O port, else it's a physical address.
5704 * This address is *NOT* relative to pci_mem_base like earlier!
5705 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5706 */
5707static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5708{
5709 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5710 int rc = VINF_SUCCESS;
5711 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5712 Assert(iRegion == 4);
5713 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5714
5715 /* Register the port range. */
5716 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5717 {
5718 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5719 (RTHCPTR)(uintptr_t)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5720 AssertRC(rc2);
5721 if (rc2 < rc)
5722 rc = rc2;
5723
5724 if (pThis->fGCEnabled)
5725 {
5726 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5727 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5728 AssertRC(rc2);
5729 if (rc2 < rc)
5730 rc = rc2;
5731 }
5732 if (pThis->fR0Enabled)
5733 {
5734 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5735 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5736 AssertRC(rc2);
5737 if (rc2 < rc)
5738 rc = rc2;
5739 }
5740 }
5741 return rc;
5742}
5743
5744
5745/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5746
5747/**
5748 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5749 */
5750static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5751{
5752 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5753 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5754 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5755 return NULL;
5756}
5757
5758
5759/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5760
5761/**
5762 * Gets the pointer to the status LED of a unit.
5763 *
5764 * @returns VBox status code.
5765 * @param pInterface Pointer to the interface structure containing the called function pointer.
5766 * @param iLUN The unit which status LED we desire.
5767 * @param ppLed Where to store the LED pointer.
5768 */
5769static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5770{
5771 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5772 if (iLUN < 4)
5773 {
5774 switch (iLUN)
5775 {
5776 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5777 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5778 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5779 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5780 }
5781 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5782 return VINF_SUCCESS;
5783 }
5784 return VERR_PDM_LUN_NOT_FOUND;
5785}
5786
5787
5788/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5789
5790/**
5791 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5792 */
5793static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5794{
5795 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5796 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5797 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5798 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5799 return NULL;
5800}
5801
5802
5803/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5804
5805/**
5806 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5807 */
5808static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5809 uint32_t *piInstance, uint32_t *piLUN)
5810{
5811 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5812 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5813
5814 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5815 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5816 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5817
5818 *ppcszController = pDevIns->pReg->szName;
5819 *piInstance = pDevIns->iInstance;
5820 *piLUN = pIf->iLUN;
5821
5822 return VINF_SUCCESS;
5823}
5824#endif /* IN_RING3 */
5825
5826
5827/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5828
5829/**
5830 * Port I/O Handler for primary port range OUT operations.
5831 * @see FNIOMIOPORTOUT for details.
5832 */
5833PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5834{
5835 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5836 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5837 PATACONTROLLER pCtl = &pThis->aCts[i];
5838 int rc = VINF_SUCCESS;
5839
5840 Assert(i < 2);
5841
5842 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5843 if (rc != VINF_SUCCESS)
5844 return rc;
5845 if (Port == pCtl->IOPortBase1)
5846 {
5847 /* Writes to the data port may be 16-bit or 32-bit. */
5848 Assert(cb == 2 || cb == 4);
5849 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5850 }
5851 else
5852 {
5853 /* Writes to the other command block ports should be 8-bit only. If they
5854 * are not, the high bits are simply discarded. Undocumented, but observed
5855 * on a real PIIX4 system.
5856 */
5857 if (cb > 1)
5858 Log(("ataIOPortWrite1: suspect write to port %x val=%x size=%d\n", Port, u32, cb));
5859
5860 rc = ataIOPortWriteU8(pCtl, Port, u32);
5861 }
5862 PDMCritSectLeave(&pCtl->lock);
5863 return rc;
5864}
5865
5866
5867/**
5868 * Port I/O Handler for primary port range IN operations.
5869 * @see FNIOMIOPORTIN for details.
5870 */
5871PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5872{
5873 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5874 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5875 PATACONTROLLER pCtl = &pThis->aCts[i];
5876 int rc = VINF_SUCCESS;
5877
5878 Assert(i < 2);
5879
5880 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5881 if (rc != VINF_SUCCESS)
5882 return rc;
5883 if (Port == pCtl->IOPortBase1)
5884 {
5885 /* Reads from the data register may be 16-bit or 32-bit. */
5886 Assert(cb == 2 || cb == 4);
5887 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5888 if (cb == 2)
5889 *pu32 &= 0xffff;
5890 }
5891 else
5892 {
5893 /* Reads from the other command block registers should be 8-bit only.
5894 * If they are not, the low byte is propagated to the high bits.
5895 * Undocumented, but observed on a real PIIX4 system.
5896 */
5897 rc = ataIOPortReadU8(pCtl, Port, pu32);
5898 if (cb > 1)
5899 {
5900 uint32_t pad;
5901
5902 /* Replicate the 8-bit result into the upper three bytes. */
5903 pad = *pu32 & 0xff;
5904 pad = pad | (pad << 8);
5905 pad = pad | (pad << 16);
5906 *pu32 = pad;
5907 Log(("ataIOPortRead1: suspect read from port %x size=%d\n", Port, cb));
5908 }
5909 }
5910 PDMCritSectLeave(&pCtl->lock);
5911 return rc;
5912}
5913
5914#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5915/**
5916 * Port I/O Handler for primary port range IN string operations.
5917 * @see FNIOMIOPORTINSTRING for details.
5918 */
5919PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5920{
5921 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5922 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5923 PATACONTROLLER pCtl = &pThis->aCts[i];
5924 int rc = VINF_SUCCESS;
5925
5926 Assert(i < 2);
5927
5928 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5929 if (rc != VINF_SUCCESS)
5930 return rc;
5931 if (Port == pCtl->IOPortBase1)
5932 {
5933 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5934 RTGCPTR GCDst = *pGCPtrDst;
5935 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5936 Assert(cb == 2 || cb == 4);
5937
5938 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5939#ifndef IN_RING3
5940 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5941 if (!cTransAvailable)
5942 {
5943 PDMCritSectLeave(&pCtl->lock);
5944 return VINF_IOM_R3_IOPORT_READ;
5945 }
5946 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5947 cTransAvailable--;
5948#endif /* !IN_RING3 */
5949 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5950 * They are not performance-critical and generally shouldn't occur at all. */
5951 if (cTransAvailable > cTransfer)
5952 cTransAvailable = cTransfer;
5953 cbTransfer = cTransAvailable * cb;
5954
5955 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5956#ifndef IN_RING3
5957 /* Paranoia. */
5958 if (RT_FAILURE(rc))
5959 {
5960 PDMCritSectLeave(&pCtl->lock);
5961 AssertFailed();
5962 return VINF_IOM_R3_IOPORT_READ;
5963 }
5964#else
5965 Assert(rc == VINF_SUCCESS);
5966#endif
5967
5968 if (cbTransfer)
5969 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5970 s->iIOBufferPIODataStart += cbTransfer;
5971 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5972 *pcTransfer = cTransfer - cTransAvailable;
5973#ifdef IN_RING3
5974 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5975 ataPIOTransferFinish(pCtl, s);
5976#endif /* IN_RING3 */
5977 }
5978 PDMCritSectLeave(&pCtl->lock);
5979 return rc;
5980}
5981
5982
5983/**
5984 * Port I/O Handler for primary port range OUT string operations.
5985 * @see FNIOMIOPORTOUTSTRING for details.
5986 */
5987PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5988{
5989 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5990 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5991 PATACONTROLLER pCtl = &pThis->aCts[i];
5992 int rc;
5993
5994 Assert(i < 2);
5995
5996 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5997 if (rc != VINF_SUCCESS)
5998 return rc;
5999 if (Port == pCtl->IOPortBase1)
6000 {
6001 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
6002 RTGCPTR GCSrc = *pGCPtrSrc;
6003 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
6004 Assert(cb == 2 || cb == 4);
6005
6006 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
6007#ifndef IN_RING3
6008 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
6009 if (!cTransAvailable)
6010 {
6011 PDMCritSectLeave(&pCtl->lock);
6012 return VINF_IOM_R3_IOPORT_WRITE;
6013 }
6014 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
6015 cTransAvailable--;
6016#endif /* !IN_RING3 */
6017 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
6018 * They are not performance-critical and generally shouldn't occur at all. */
6019 if (cTransAvailable > cTransfer)
6020 cTransAvailable = cTransfer;
6021 cbTransfer = cTransAvailable * cb;
6022
6023 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
6024#ifndef IN_RING3
6025 /* Paranoia. */
6026 if (RT_FAILURE(rc))
6027 {
6028 PDMCritSectLeave(&pCtl->lock);
6029 AssertFailed();
6030 return VINF_IOM_R3_IOPORT_WRITE;
6031 }
6032#else
6033 Assert(rc == VINF_SUCCESS);
6034#endif
6035
6036 if (cbTransfer)
6037 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
6038 s->iIOBufferPIODataStart += cbTransfer;
6039 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
6040 *pcTransfer = cTransfer - cTransAvailable;
6041#ifdef IN_RING3
6042 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
6043 ataPIOTransferFinish(pCtl, s);
6044#endif /* IN_RING3 */
6045 }
6046 PDMCritSectLeave(&pCtl->lock);
6047 return rc;
6048}
6049#endif /* !IN_RING0 */
6050
6051/**
6052 * Port I/O Handler for secondary port range OUT operations.
6053 * @see FNIOMIOPORTOUT for details.
6054 */
6055PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6056{
6057 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6058 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6059 PATACONTROLLER pCtl = &pThis->aCts[i];
6060 int rc;
6061
6062 Assert(i < 2);
6063
6064 if (cb != 1)
6065 return VINF_SUCCESS;
6066 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6067 if (rc != VINF_SUCCESS)
6068 return rc;
6069 rc = ataControlWrite(pCtl, Port, u32);
6070 PDMCritSectLeave(&pCtl->lock);
6071 return rc;
6072}
6073
6074
6075/**
6076 * Port I/O Handler for secondary port range IN operations.
6077 * @see FNIOMIOPORTIN for details.
6078 */
6079PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6080{
6081 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6082 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6083 PATACONTROLLER pCtl = &pThis->aCts[i];
6084 int rc;
6085
6086 Assert(i < 2);
6087
6088 if (cb != 1)
6089 return VERR_IOM_IOPORT_UNUSED;
6090
6091 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6092 if (rc != VINF_SUCCESS)
6093 return rc;
6094 *pu32 = ataStatusRead(pCtl, Port);
6095 PDMCritSectLeave(&pCtl->lock);
6096 return VINF_SUCCESS;
6097}
6098
6099#ifdef IN_RING3
6100
6101
6102DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
6103{
6104 if (s->pbIOBufferR3)
6105 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
6106}
6107
6108
6109/**
6110 * Detach notification.
6111 *
6112 * The DVD drive has been unplugged.
6113 *
6114 * @param pDevIns The device instance.
6115 * @param iLUN The logical unit which is being detached.
6116 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6117 */
6118static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6119{
6120 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6121 PATACONTROLLER pCtl;
6122 ATADevState *pIf;
6123 unsigned iController;
6124 unsigned iInterface;
6125
6126 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6127 ("PIIX3IDE: Device does not support hotplugging\n"));
6128
6129 /*
6130 * Locate the controller and stuff.
6131 */
6132 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6133 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6134 pCtl = &pThis->aCts[iController];
6135
6136 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6137 pIf = &pCtl->aIfs[iInterface];
6138
6139 /*
6140 * Zero some important members.
6141 */
6142 pIf->pDrvBase = NULL;
6143 pIf->pDrvBlock = NULL;
6144 pIf->pDrvBlockBios = NULL;
6145 pIf->pDrvMount = NULL;
6146
6147 /*
6148 * In case there was a medium inserted.
6149 */
6150 ataMediumRemoved(pIf);
6151}
6152
6153
6154/**
6155 * Configure a LUN.
6156 *
6157 * @returns VBox status code.
6158 * @param pDevIns The device instance.
6159 * @param pIf The ATA unit state.
6160 */
6161static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
6162{
6163 int rc = VINF_SUCCESS;
6164 PDMBLOCKTYPE enmType;
6165
6166 /*
6167 * Query Block, Bios and Mount interfaces.
6168 */
6169 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
6170 if (!pIf->pDrvBlock)
6171 {
6172 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
6173 return VERR_PDM_MISSING_INTERFACE;
6174 }
6175
6176 /** @todo implement the BIOS invisible code path. */
6177 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
6178 if (!pIf->pDrvBlockBios)
6179 {
6180 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
6181 return VERR_PDM_MISSING_INTERFACE;
6182 }
6183 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
6184
6185 /*
6186 * Validate type.
6187 */
6188 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
6189 if ( enmType != PDMBLOCKTYPE_CDROM
6190 && enmType != PDMBLOCKTYPE_DVD
6191 && enmType != PDMBLOCKTYPE_HARD_DISK)
6192 {
6193 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6194 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6195 }
6196 if ( ( enmType == PDMBLOCKTYPE_DVD
6197 || enmType == PDMBLOCKTYPE_CDROM)
6198 && !pIf->pDrvMount)
6199 {
6200 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6201 return VERR_INTERNAL_ERROR;
6202 }
6203 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
6204 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
6205
6206 /*
6207 * Allocate I/O buffer.
6208 */
6209 if (pIf->fATAPI)
6210 pIf->cbSector = 2048;
6211 else
6212 pIf->cbSector = pIf->pDrvBlock->pfnGetSectorSize(pIf->pDrvBlock);
6213
6214 PVM pVM = PDMDevHlpGetVM(pDevIns);
6215 if (pIf->cbIOBuffer)
6216 {
6217 /* Buffer is (probably) already allocated. Validate the fields,
6218 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6219 if (pIf->fATAPI)
6220 AssertRelease(pIf->cbIOBuffer == _128K);
6221 else
6222 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * pIf->cbSector);
6223 Assert(pIf->pbIOBufferR3);
6224 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6225 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6226 }
6227 else
6228 {
6229 if (pIf->fATAPI)
6230 pIf->cbIOBuffer = _128K;
6231 else
6232 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * pIf->cbSector;
6233 Assert(!pIf->pbIOBufferR3);
6234 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6235 if (RT_FAILURE(rc))
6236 return VERR_NO_MEMORY;
6237 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6238 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6239 }
6240
6241 /*
6242 * Init geometry (only for non-CD/DVD media).
6243 */
6244 if (pIf->fATAPI)
6245 {
6246 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / pIf->cbSector;
6247 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6248 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6249 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6250 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6251 }
6252 else
6253 {
6254 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / pIf->cbSector;
6255 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
6256 &pIf->PCHSGeometry);
6257 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6258 {
6259 pIf->PCHSGeometry.cCylinders = 0;
6260 pIf->PCHSGeometry.cHeads = 16; /*??*/
6261 pIf->PCHSGeometry.cSectors = 63; /*??*/
6262 }
6263 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6264 {
6265 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6266 rc = VINF_SUCCESS;
6267 }
6268 AssertRC(rc);
6269
6270 if ( pIf->PCHSGeometry.cCylinders == 0
6271 || pIf->PCHSGeometry.cHeads == 0
6272 || pIf->PCHSGeometry.cSectors == 0
6273 )
6274 {
6275 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6276 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6277 pIf->PCHSGeometry.cHeads = 16;
6278 pIf->PCHSGeometry.cSectors = 63;
6279 /* Set the disk geometry information. Ignore errors. */
6280 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
6281 &pIf->PCHSGeometry);
6282 rc = VINF_SUCCESS;
6283 }
6284 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
6285
6286 if (pIf->pDrvBlock->pfnDiscard)
6287 LogRel(("PIIX3 ATA: LUN#%d: TRIM enabled\n", pIf->iLUN));
6288 }
6289 return rc;
6290}
6291
6292
6293/**
6294 * Attach command.
6295 *
6296 * This is called when we change block driver for the DVD drive.
6297 *
6298 * @returns VBox status code.
6299 * @param pDevIns The device instance.
6300 * @param iLUN The logical unit which is being detached.
6301 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6302 */
6303static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6304{
6305 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6306 PATACONTROLLER pCtl;
6307 ATADevState *pIf;
6308 int rc;
6309 unsigned iController;
6310 unsigned iInterface;
6311
6312 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6313 ("PIIX3IDE: Device does not support hotplugging\n"),
6314 VERR_INVALID_PARAMETER);
6315
6316 /*
6317 * Locate the controller and stuff.
6318 */
6319 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6320 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6321 pCtl = &pThis->aCts[iController];
6322
6323 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6324 pIf = &pCtl->aIfs[iInterface];
6325
6326 /* the usual paranoia */
6327 AssertRelease(!pIf->pDrvBase);
6328 AssertRelease(!pIf->pDrvBlock);
6329 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6330 Assert(pIf->iLUN == iLUN);
6331
6332 /*
6333 * Try attach the block device and get the interfaces,
6334 * required as well as optional.
6335 */
6336 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6337 if (RT_SUCCESS(rc))
6338 {
6339 rc = ataConfigLun(pDevIns, pIf);
6340 /*
6341 * In case there is a medium inserted.
6342 */
6343 ataMediumInserted(pIf);
6344 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
6345 }
6346 else
6347 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6348
6349 if (RT_FAILURE(rc))
6350 {
6351 pIf->pDrvBase = NULL;
6352 pIf->pDrvBlock = NULL;
6353 }
6354 return rc;
6355}
6356
6357
6358/**
6359 * Resume notification.
6360 *
6361 * @returns VBox status.
6362 * @param pDevIns The device instance data.
6363 */
6364static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6365{
6366 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6367 int rc;
6368
6369 Log(("%s:\n", __FUNCTION__));
6370 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6371 {
6372 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6373 {
6374 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6375 AssertRC(rc);
6376 }
6377 }
6378 return;
6379}
6380
6381
6382/**
6383 * Checks if all (both) the async I/O threads have quiesced.
6384 *
6385 * @returns true on success.
6386 * @returns false when one or more threads is still processing.
6387 * @param pThis Pointer to the instance data.
6388 */
6389static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6390{
6391 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6392
6393 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6394 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6395 {
6396 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6397 if (!fRc)
6398 {
6399 /* Make it signal PDM & itself when its done */
6400 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6401 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6402 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6403 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6404 if (!fRc)
6405 {
6406#if 0 /** @todo Need to do some time tracking here... */
6407 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6408 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6409 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6410#endif
6411 return false;
6412 }
6413 }
6414 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6415 }
6416 return true;
6417}
6418
6419/**
6420 * Prepare state save and load operation.
6421 *
6422 * @returns VBox status code.
6423 * @param pDevIns Device instance of the device which registered the data unit.
6424 * @param pSSM SSM operation handle.
6425 */
6426static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6427{
6428 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6429
6430 /* sanity - the suspend notification will wait on the async stuff. */
6431 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6432 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6433 ("i=%u\n", i),
6434 VERR_SSM_IDE_ASYNC_TIMEOUT);
6435 return VINF_SUCCESS;
6436}
6437
6438/**
6439 * @copydoc FNSSMDEVLIVEEXEC
6440 */
6441static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6442{
6443 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6444
6445 SSMR3PutU8(pSSM, pThis->u8Type);
6446 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6447 {
6448 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6449 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6450 {
6451 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6452 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6453 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6454 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6455 }
6456 }
6457
6458 return VINF_SSM_DONT_CALL_AGAIN;
6459}
6460
6461/**
6462 * @copydoc FNSSMDEVSAVEEXEC
6463 */
6464static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6465{
6466 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6467
6468 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6469
6470 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6471 {
6472 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6473 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6474 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6475 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6476 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6477 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6478 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6479 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6480 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6481 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6482 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6483 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6484 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6485
6486 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6487 {
6488 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6489 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6490 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6491 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6492 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6493 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6494 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6495 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6496 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6497 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6498 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6499 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6500 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6501 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6502 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6503 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6504 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6505 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6506 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6507 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6508 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6509 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6510 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6511 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6512 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6513 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6514 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6515 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6516 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6517 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6518 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6519 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6520 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6521 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6522 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6523 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6524 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6525 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6526 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6527 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6528 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6529 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6530 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6531 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6532 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6533 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6534 else
6535 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6536 }
6537 }
6538
6539 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6540}
6541
6542/**
6543 * Converts the LUN number into a message string.
6544 */
6545static const char *ataStringifyLun(unsigned iLun)
6546{
6547 switch (iLun)
6548 {
6549 case 0: return "primary master";
6550 case 1: return "primary slave";
6551 case 2: return "secondary master";
6552 case 3: return "secondary slave";
6553 default: AssertFailedReturn("unknown lun");
6554 }
6555}
6556
6557/**
6558 * FNSSMDEVLOADEXEC
6559 */
6560static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6561{
6562 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6563 int rc;
6564 uint32_t u32;
6565
6566 if ( uVersion != ATA_SAVED_STATE_VERSION
6567 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6568 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6569 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6570 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6571 {
6572 AssertMsgFailed(("uVersion=%d\n", uVersion));
6573 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6574 }
6575
6576 /*
6577 * Verify the configuration.
6578 */
6579 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6580 {
6581 uint8_t u8Type;
6582 rc = SSMR3GetU8(pSSM, &u8Type);
6583 AssertRCReturn(rc, rc);
6584 if (u8Type != pThis->u8Type)
6585 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6586
6587 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6588 {
6589 bool fEnabled;
6590 rc = SSMR3GetBool(pSSM, &fEnabled);
6591 AssertRCReturn(rc, rc);
6592 if (!fEnabled)
6593 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6594
6595 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6596 {
6597 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6598
6599 bool fInUse;
6600 rc = SSMR3GetBool(pSSM, &fInUse);
6601 AssertRCReturn(rc, rc);
6602 if (fInUse != (pIf->pDrvBase != NULL))
6603 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6604 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6605 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6606
6607 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6608 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6609 AssertRCReturn(rc, rc);
6610 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6611 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6612 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6613
6614 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6615 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6616 AssertRCReturn(rc, rc);
6617 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6618 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6619 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6620
6621 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6622 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6623 AssertRCReturn(rc, rc);
6624 if (strcmp(szModelNumber, pIf->szModelNumber))
6625 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6626 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6627 }
6628 }
6629 }
6630 if (uPass != SSM_PASS_FINAL)
6631 return VINF_SUCCESS;
6632
6633 /*
6634 * Restore valid parts of the PCIATAState structure
6635 */
6636 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6637 {
6638 /* integrity check */
6639 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6640 {
6641 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6642 return VERR_INTERNAL_ERROR_4;
6643 }
6644
6645 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6646 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6647 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6648 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6649 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6650 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6651 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6652 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6653 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6654 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6655 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6656 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6657 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6658
6659 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6660 {
6661 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6662 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6663 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6664 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6665 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6666 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6667 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6668 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6669 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6670 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6671 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6672 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6673 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6674 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6675 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6676 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6677 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6678 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6679 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6680 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6681 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6682 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6683 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6684 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6685 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6686 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6687 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6688 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6689 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6690 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6691 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6692 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6693 /* NB: cbPIOTransferLimit could be saved/restored but it's sufficient
6694 * to re-calculate it here, with a tiny risk that it could be
6695 * unnecessarily low for the current transfer only. Could be changed
6696 * when changing the saved state in the future.
6697 */
6698 pThis->aCts[i].aIfs[j].cbPIOTransferLimit = (pThis->aCts[i].aIfs[j].uATARegHCyl << 8) | pThis->aCts[i].aIfs[j].uATARegLCyl;
6699 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6700 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6701 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6702 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6703 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6704 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6705 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6706 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6707 {
6708 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6709 }
6710 else
6711 {
6712 uint8_t uATAPISenseKey, uATAPIASC;
6713 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6714 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6715 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6716 SSMR3GetU8(pSSM, &uATAPISenseKey);
6717 SSMR3GetU8(pSSM, &uATAPIASC);
6718 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6719 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6720 }
6721 /** @todo triple-check this hack after passthrough is working */
6722 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6723 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6724 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6725 else
6726 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6727 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6728 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6729 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6730 {
6731 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6732 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6733 else
6734 {
6735 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6736 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6737 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6738
6739 /* skip the buffer if we're loading for the debugger / animator. */
6740 uint8_t u8Ignored;
6741 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6742 while (cbLeft-- > 0)
6743 SSMR3GetU8(pSSM, &u8Ignored);
6744 }
6745 }
6746 else
6747 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6748 }
6749 }
6750 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6751 SSMR3GetU8(pSSM, &pThis->u8Type);
6752
6753 rc = SSMR3GetU32(pSSM, &u32);
6754 if (RT_FAILURE(rc))
6755 return rc;
6756 if (u32 != ~0U)
6757 {
6758 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6759 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6760 return rc;
6761 }
6762
6763 return VINF_SUCCESS;
6764}
6765
6766
6767/**
6768 * Callback employed by ataSuspend and ataR3PowerOff.
6769 *
6770 * @returns true if we've quiesced, false if we're still working.
6771 * @param pDevIns The device instance.
6772 */
6773static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6774{
6775 return ataR3AllAsyncIOIsIdle(pDevIns);
6776}
6777
6778
6779/**
6780 * Common worker for ataSuspend and ataR3PowerOff.
6781 */
6782static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6783{
6784 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6785 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6786}
6787
6788
6789/**
6790 * Power Off notification.
6791 *
6792 * @returns VBox status.
6793 * @param pDevIns The device instance data.
6794 */
6795static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6796{
6797 Log(("%s:\n", __FUNCTION__));
6798 ataR3SuspendOrPowerOff(pDevIns);
6799}
6800
6801
6802/**
6803 * Suspend notification.
6804 *
6805 * @returns VBox status.
6806 * @param pDevIns The device instance data.
6807 */
6808static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6809{
6810 Log(("%s:\n", __FUNCTION__));
6811 ataR3SuspendOrPowerOff(pDevIns);
6812}
6813
6814
6815/**
6816 * Callback employed by ataR3Reset.
6817 *
6818 * @returns true if we've quiesced, false if we're still working.
6819 * @param pDevIns The device instance.
6820 */
6821static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6822{
6823 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6824
6825 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6826 return false;
6827
6828 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6829 {
6830 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6831 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6832 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6833 PDMCritSectLeave(&pThis->aCts[i].lock);
6834 }
6835 return true;
6836}
6837
6838
6839/**
6840 * Common reset worker for ataR3Reset and ataR3Construct.
6841 *
6842 * @returns VBox status.
6843 * @param pDevIns The device instance data.
6844 * @param fConstruct Indicates who is calling.
6845 */
6846static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6847{
6848 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6849
6850 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6851 {
6852 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6853
6854 pThis->aCts[i].iSelectedIf = 0;
6855 pThis->aCts[i].iAIOIf = 0;
6856 pThis->aCts[i].BmDma.u8Cmd = 0;
6857 /* Report that both drives present on the bus are in DMA mode. This
6858 * pretends that there is a BIOS that has set it up. Normal reset
6859 * default is 0x00. */
6860 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6861 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6862 pThis->aCts[i].BmDma.pvAddr = 0;
6863
6864 pThis->aCts[i].fReset = true;
6865 pThis->aCts[i].fRedo = false;
6866 pThis->aCts[i].fRedoIdle = false;
6867 ataAsyncIOClearRequests(&pThis->aCts[i]);
6868 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6869 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6870 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6871
6872 PDMCritSectLeave(&pThis->aCts[i].lock);
6873 }
6874
6875 int rcRet = VINF_SUCCESS;
6876 if (!fConstruct)
6877 {
6878 /*
6879 * Setup asynchronous notification completion if the requests haven't
6880 * completed yet.
6881 */
6882 if (!ataR3IsAsyncResetDone(pDevIns))
6883 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6884 }
6885 else
6886 {
6887 /*
6888 * Wait for the requests for complete.
6889 *
6890 * Would be real nice if we could do it all from EMT(0) and not
6891 * involve the worker threads, then we could dispense with all the
6892 * waiting and semaphore ping-pong here...
6893 */
6894 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6895 {
6896 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6897 {
6898 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6899 AssertRC(rc);
6900
6901 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6902 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6903 AssertRC(rc);
6904
6905 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6906 AssertRC(rc);
6907
6908 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6909 {
6910 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6911 if (RT_FAILURE(rc))
6912 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6913 if (RT_FAILURE(rc))
6914 {
6915 AssertRC(rc);
6916 rcRet = rc;
6917 }
6918 }
6919 }
6920 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6921 }
6922 if (RT_SUCCESS(rcRet))
6923 {
6924 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6925 AssertRC(rcRet);
6926 }
6927 }
6928 return rcRet;
6929}
6930
6931/**
6932 * Reset notification.
6933 *
6934 * @param pDevIns The device instance data.
6935 */
6936static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6937{
6938 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6939}
6940
6941/**
6942 * @copydoc FNPDMDEVRELOCATE
6943 */
6944static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
6945{
6946 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6947
6948 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6949 {
6950 pThis->aCts[i].pDevInsRC += offDelta;
6951 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
6952 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
6953 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
6954 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
6955 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
6956 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
6957 }
6958}
6959
6960/**
6961 * Destroy a driver instance.
6962 *
6963 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
6964 * resources can be freed correctly.
6965 *
6966 * @param pDevIns The device instance data.
6967 */
6968static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
6969{
6970 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6971 int rc;
6972
6973 Log(("ataR3Destruct\n"));
6974 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
6975
6976 /*
6977 * Tell the async I/O threads to terminate.
6978 */
6979 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6980 {
6981 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6982 {
6983 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
6984 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
6985 AssertRC(rc);
6986 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6987 AssertRC(rc);
6988 }
6989 }
6990
6991 /*
6992 * Wait for the threads to terminate before destroying their resources.
6993 */
6994 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6995 {
6996 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6997 {
6998 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
6999 if (RT_SUCCESS(rc))
7000 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7001 else
7002 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
7003 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
7004 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
7005 }
7006 }
7007
7008 /*
7009 * Free resources.
7010 */
7011 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7012 {
7013 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
7014 {
7015 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
7016 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
7017 }
7018 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
7019 {
7020 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
7021 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
7022 }
7023 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
7024 {
7025 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
7026 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7027 }
7028
7029 /* try one final time */
7030 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7031 {
7032 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
7033 if (RT_SUCCESS(rc))
7034 {
7035 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7036 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
7037 }
7038 }
7039
7040 for (uint32_t iIf = 0; iIf < RT_ELEMENTS(pThis->aCts[i].aIfs); iIf++)
7041 {
7042 if (pThis->aCts[i].aIfs[iIf].pTrackList)
7043 {
7044 ATAPIPassthroughTrackListDestroy(pThis->aCts[i].aIfs[iIf].pTrackList);
7045 pThis->aCts[i].aIfs[iIf].pTrackList = NULL;
7046 }
7047 }
7048 }
7049
7050 return VINF_SUCCESS;
7051}
7052
7053/**
7054 * Convert config value to DEVPCBIOSBOOT.
7055 *
7056 * @returns VBox status code.
7057 * @param pDevIns The device instance data.
7058 * @param pCfg Configuration handle.
7059 * @param penmChipset Where to store the chipset type.
7060 */
7061static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
7062{
7063 char szType[20];
7064
7065 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
7066 if (RT_FAILURE(rc))
7067 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7068 N_("Configuration error: Querying \"Type\" as a string failed"));
7069 if (!strcmp(szType, "PIIX3"))
7070 *penmChipset = CHIPSET_PIIX3;
7071 else if (!strcmp(szType, "PIIX4"))
7072 *penmChipset = CHIPSET_PIIX4;
7073 else if (!strcmp(szType, "ICH6"))
7074 *penmChipset = CHIPSET_ICH6;
7075 else
7076 {
7077 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7078 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
7079 szType);
7080 rc = VERR_INTERNAL_ERROR;
7081 }
7082 return rc;
7083}
7084
7085/**
7086 * @interface_method_impl{PDMDEVREG,pfnConstruct}
7087 */
7088static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
7089{
7090 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7091 PPDMIBASE pBase;
7092 int rc;
7093 bool fGCEnabled;
7094 bool fR0Enabled;
7095 uint32_t DelayIRQMillies;
7096
7097 Assert(iInstance == 0);
7098 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
7099
7100 /*
7101 * Initialize NIL handle values (for the destructor).
7102 */
7103 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7104 {
7105 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
7106 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7107 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
7108 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7109 }
7110
7111 /*
7112 * Validate and read configuration.
7113 */
7114 if (!CFGMR3AreValuesValid(pCfg,
7115 "GCEnabled\0"
7116 "R0Enabled\0"
7117 "IRQDelay\0"
7118 "Type\0")
7119 /** @todo || invalid keys */)
7120 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
7121 N_("PIIX3 configuration error: unknown option specified"));
7122
7123 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
7124 if (RT_FAILURE(rc))
7125 return PDMDEV_SET_ERROR(pDevIns, rc,
7126 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
7127 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
7128
7129 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
7130 if (RT_FAILURE(rc))
7131 return PDMDEV_SET_ERROR(pDevIns, rc,
7132 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
7133 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
7134
7135 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
7136 if (RT_FAILURE(rc))
7137 return PDMDEV_SET_ERROR(pDevIns, rc,
7138 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
7139 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
7140 Assert(DelayIRQMillies < 50);
7141
7142 CHIPSET enmChipset = CHIPSET_PIIX3;
7143 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
7144 if (RT_FAILURE(rc))
7145 return rc;
7146 pThis->u8Type = (uint8_t)enmChipset;
7147
7148 /*
7149 * Initialize data (most of it anyway).
7150 */
7151 /* Status LUN. */
7152 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
7153 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
7154
7155 /* PCI configuration space. */
7156 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
7157
7158 /*
7159 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
7160 * as it explicitly checks for PCI id for IDE controllers.
7161 */
7162 switch (pThis->u8Type)
7163 {
7164 case CHIPSET_ICH6:
7165 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
7166 /** @todo: do we need it? Do we need anything else? */
7167 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7168 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7169 pThis->dev.config[0x4B] = 0x00;
7170 {
7171 /*
7172 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
7173 * Report
7174 * WR_Ping-Pong_EN: must be set
7175 * PCR0, PCR1: 80-pin primary cable reporting for both disks
7176 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
7177 */
7178 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
7179 pThis->dev.config[0x54] = u16Config & 0xff;
7180 pThis->dev.config[0x55] = u16Config >> 8;
7181 }
7182 break;
7183 case CHIPSET_PIIX4:
7184 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
7185 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
7186 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7187 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7188 pThis->dev.config[0x4B] = 0x00;
7189 break;
7190 case CHIPSET_PIIX3:
7191 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
7192 break;
7193 default:
7194 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
7195 }
7196
7197 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
7198 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
7199 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
7200 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
7201 PCIDevSetHeaderType(&pThis->dev, 0x00);
7202
7203 pThis->pDevIns = pDevIns;
7204 pThis->fGCEnabled = fGCEnabled;
7205 pThis->fR0Enabled = fR0Enabled;
7206 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7207 {
7208 pThis->aCts[i].pDevInsR3 = pDevIns;
7209 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7210 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7211 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
7212 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7213 {
7214 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7215
7216 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
7217 pIf->pDevInsR3 = pDevIns;
7218 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7219 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7220 pIf->pControllerR3 = &pThis->aCts[i];
7221 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7222 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7223 pIf->IBase.pfnQueryInterface = ataQueryInterface;
7224 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
7225 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
7226 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
7227 pIf->Led.u32Magic = PDMLED_MAGIC;
7228 }
7229 }
7230
7231 Assert(RT_ELEMENTS(pThis->aCts) == 2);
7232 pThis->aCts[0].irq = 14;
7233 pThis->aCts[0].IOPortBase1 = 0x1f0;
7234 pThis->aCts[0].IOPortBase2 = 0x3f6;
7235 pThis->aCts[1].irq = 15;
7236 pThis->aCts[1].IOPortBase1 = 0x170;
7237 pThis->aCts[1].IOPortBase2 = 0x376;
7238
7239 /*
7240 * Set the default critical section to NOP as we lock on controller level.
7241 */
7242 rc = PDMDevHlpSetDeviceCritSect(pDevIns, PDMDevHlpCritSectGetNop(pDevIns));
7243 AssertRCReturn(rc, rc);
7244
7245 /*
7246 * Register the PCI device.
7247 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
7248 * device the slot next to itself.
7249 */
7250 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
7251 if (RT_FAILURE(rc))
7252 return PDMDEV_SET_ERROR(pDevIns, rc,
7253 N_("PIIX3 cannot register PCI device"));
7254 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
7255 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
7256 if (RT_FAILURE(rc))
7257 return PDMDEV_SET_ERROR(pDevIns, rc,
7258 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
7259
7260 /*
7261 * Register the I/O ports.
7262 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
7263 */
7264 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7265 {
7266 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)(uintptr_t)i,
7267 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
7268 if (RT_FAILURE(rc))
7269 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
7270
7271 if (fGCEnabled)
7272 {
7273 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
7274 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7275 if (RT_FAILURE(rc))
7276 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
7277 }
7278
7279 if (fR0Enabled)
7280 {
7281#if 1
7282 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7283 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
7284#else
7285 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7286 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7287#endif
7288 if (RT_FAILURE(rc))
7289 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
7290 }
7291
7292 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
7293 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
7294 if (RT_FAILURE(rc))
7295 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
7296
7297 if (fGCEnabled)
7298 {
7299 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
7300 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7301 if (RT_FAILURE(rc))
7302 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
7303 }
7304 if (fR0Enabled)
7305 {
7306 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
7307 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7308 if (RT_FAILURE(rc))
7309 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
7310 }
7311
7312 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7313 {
7314 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7315 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7316 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
7317 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7318 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
7319 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7320 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7321 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7322 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7323#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7324 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7325 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7326#endif
7327 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7328 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7329#ifdef VBOX_INSTRUMENT_DMA_WRITES
7330 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7331 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7332#endif
7333#ifdef VBOX_WITH_STATISTICS
7334 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7335 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7336#endif
7337 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7338 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7339#ifdef VBOX_WITH_STATISTICS
7340 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7341 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7342#endif
7343 }
7344#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7345 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7346 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7347 /** @todo STAMUNIT_MICROSECS */
7348 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7349 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7350 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7351 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7352 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7353 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7354 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7355 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7356 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7357 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7358#endif /* VBOX_WITH_STATISTICS */
7359
7360 /* Initialize per-controller critical section */
7361 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA#%u", i);
7362 if (RT_FAILURE(rc))
7363 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
7364 }
7365
7366 /*
7367 * Attach status driver (optional).
7368 */
7369 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7370 if (RT_SUCCESS(rc))
7371 {
7372 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7373 pThis->pMediaNotify = PDMIBASE_QUERY_INTERFACE(pBase, PDMIMEDIANOTIFY);
7374 }
7375 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7376 {
7377 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7378 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7379 }
7380
7381 /*
7382 * Attach the units.
7383 */
7384 uint32_t cbTotalBuffer = 0;
7385 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7386 {
7387 PATACONTROLLER pCtl = &pThis->aCts[i];
7388
7389 /*
7390 * Start the worker thread.
7391 */
7392 pCtl->uAsyncIOState = ATA_AIO_NEW;
7393 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
7394 AssertLogRelRCReturn(rc, rc);
7395 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7396 AssertLogRelRCReturn(rc, rc);
7397 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
7398 AssertLogRelRCReturn(rc, rc);
7399 ataAsyncIOClearRequests(pCtl);
7400 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
7401 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7402 AssertLogRelRCReturn(rc, rc);
7403 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
7404 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
7405
7406 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7407 {
7408 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7409 {
7410 { "Primary Master", "Primary Slave" },
7411 { "Secondary Master", "Secondary Slave" }
7412 };
7413
7414 /*
7415 * Try attach the block device and get the interfaces,
7416 * required as well as optional.
7417 */
7418 ATADevState *pIf = &pCtl->aIfs[j];
7419
7420 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7421 if (RT_SUCCESS(rc))
7422 {
7423 rc = ataConfigLun(pDevIns, pIf);
7424 if (RT_SUCCESS(rc))
7425 {
7426 /*
7427 * Init vendor product data.
7428 */
7429 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7430 {
7431 { "PrimaryMaster", "PrimarySlave" },
7432 { "SecondaryMaster", "SecondarySlave" }
7433 };
7434
7435 /* Generate a default serial number. */
7436 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7437 RTUUID Uuid;
7438 if (pIf->pDrvBlock)
7439 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
7440 else
7441 RTUuidClear(&Uuid);
7442
7443 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7444 {
7445 /* Generate a predictable serial for drives which don't have a UUID. */
7446 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7447 pIf->iLUN + pDevIns->iInstance * 32,
7448 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7449 }
7450 else
7451 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7452
7453 /* Get user config if present using defaults otherwise. */
7454 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7455 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7456 szSerial);
7457 if (RT_FAILURE(rc))
7458 {
7459 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7460 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7461 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7462 return PDMDEV_SET_ERROR(pDevIns, rc,
7463 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7464 }
7465
7466 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7467 "1.0");
7468 if (RT_FAILURE(rc))
7469 {
7470 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7471 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7472 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7473 return PDMDEV_SET_ERROR(pDevIns, rc,
7474 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7475 }
7476
7477 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7478 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7479 if (RT_FAILURE(rc))
7480 {
7481 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7482 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7483 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7484 return PDMDEV_SET_ERROR(pDevIns, rc,
7485 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7486 }
7487
7488 rc = CFGMR3QueryBoolDef(pCfgNode, "NonRotationalMedium", &pIf->fNonRotational, false);
7489 if (RT_FAILURE(rc))
7490 return PDMDEV_SET_ERROR(pDevIns, rc,
7491 N_("PIIX3 configuration error: failed to read \"NonRotationalMedium\" as boolean"));
7492
7493 /* There are three other identification strings for CD drives used for INQUIRY */
7494 if (pIf->fATAPI)
7495 {
7496 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7497 "VBOX");
7498 if (RT_FAILURE(rc))
7499 {
7500 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7501 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7502 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7503 return PDMDEV_SET_ERROR(pDevIns, rc,
7504 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7505 }
7506
7507 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7508 "CD-ROM");
7509 if (RT_FAILURE(rc))
7510 {
7511 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7512 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7513 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7514 return PDMDEV_SET_ERROR(pDevIns, rc,
7515 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7516 }
7517
7518 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7519 "1.0");
7520 if (RT_FAILURE(rc))
7521 {
7522 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7523 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7524 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7525 return PDMDEV_SET_ERROR(pDevIns, rc,
7526 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7527 }
7528
7529 rc = CFGMR3QueryBoolDef(pCfgNode, "OverwriteInquiry", &pIf->fOverwriteInquiry, true);
7530 if (RT_FAILURE(rc))
7531 return PDMDEV_SET_ERROR(pDevIns, rc,
7532 N_("PIIX3 configuration error: failed to read \"OverwriteInquiry\" as boolean"));
7533 }
7534 }
7535
7536 }
7537 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7538 {
7539 pIf->pDrvBase = NULL;
7540 pIf->pDrvBlock = NULL;
7541 pIf->cbIOBuffer = 0;
7542 pIf->pbIOBufferR3 = NULL;
7543 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7544 pIf->pbIOBufferRC = NIL_RTGCPTR;
7545 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7546 }
7547 else
7548 {
7549 switch (rc)
7550 {
7551 case VERR_ACCESS_DENIED:
7552 /* Error already cached by DrvHostBase */
7553 return rc;
7554 default:
7555 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7556 N_("PIIX3 cannot attach drive to the %s"),
7557 s_apszDescs[i][j]);
7558 }
7559 }
7560 cbTotalBuffer += pIf->cbIOBuffer;
7561 }
7562 }
7563
7564 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7565 NULL, ataLiveExec, NULL,
7566 ataSaveLoadPrep, ataSaveExec, NULL,
7567 ataSaveLoadPrep, ataLoadExec, NULL);
7568 if (RT_FAILURE(rc))
7569 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7570
7571 /*
7572 * Initialize the device state.
7573 */
7574 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7575}
7576
7577
7578/**
7579 * The device registration structure.
7580 */
7581const PDMDEVREG g_DevicePIIX3IDE =
7582{
7583 /* u32Version */
7584 PDM_DEVREG_VERSION,
7585 /* szName */
7586 "piix3ide",
7587 /* szRCMod */
7588 "VBoxDDGC.gc",
7589 /* szR0Mod */
7590 "VBoxDDR0.r0",
7591 /* pszDescription */
7592 "Intel PIIX3 ATA controller.\n"
7593 " LUN #0 is primary master.\n"
7594 " LUN #1 is primary slave.\n"
7595 " LUN #2 is secondary master.\n"
7596 " LUN #3 is secondary slave.\n"
7597 " LUN #999 is the LED/Status connector.",
7598 /* fFlags */
7599 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7600 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION |
7601 PDM_DEVREG_FLAGS_FIRST_RESET_NOTIFICATION,
7602 /* fClass */
7603 PDM_DEVREG_CLASS_STORAGE,
7604 /* cMaxInstances */
7605 1,
7606 /* cbInstance */
7607 sizeof(PCIATAState),
7608 /* pfnConstruct */
7609 ataR3Construct,
7610 /* pfnDestruct */
7611 ataR3Destruct,
7612 /* pfnRelocate */
7613 ataR3Relocate,
7614 /* pfnMemSetup */
7615 NULL,
7616 /* pfnPowerOn */
7617 NULL,
7618 /* pfnReset */
7619 ataR3Reset,
7620 /* pfnSuspend */
7621 ataR3Suspend,
7622 /* pfnResume */
7623 ataR3Resume,
7624 /* pfnAttach */
7625 ataR3Attach,
7626 /* pfnDetach */
7627 ataR3Detach,
7628 /* pfnQueryInterface. */
7629 NULL,
7630 /* pfnInitComplete */
7631 NULL,
7632 /* pfnPowerOff */
7633 ataR3PowerOff,
7634 /* pfnSoftReset */
7635 NULL,
7636 /* u32VersionEnd */
7637 PDM_DEVREG_VERSION
7638};
7639#endif /* IN_RING3 */
7640#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette