VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 15815

Last change on this file since 15815 was 15815, checked in by vboxsync, 16 years ago

fix Linux passthrough by introducing a double buffer which is required as long as we don't use vm_insert_page()
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 246.0 KB
Line 
1/* $Id: DevATA.cpp 15815 2009-01-05 19:42:23Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/**
30 * The SSM saved state versions.
31 */
32#define ATA_SAVED_STATE_VERSION 18
33#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
34#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
35
36
37/*******************************************************************************
38* Header Files *
39*******************************************************************************/
40#define LOG_GROUP LOG_GROUP_DEV_IDE
41#include <VBox/pdmdev.h>
42#include <iprt/assert.h>
43#include <iprt/string.h>
44#ifdef IN_RING3
45# include <iprt/uuid.h>
46# include <iprt/semaphore.h>
47# include <iprt/thread.h>
48# include <iprt/time.h>
49# include <iprt/alloc.h>
50#endif /* IN_RING3 */
51#include <iprt/critsect.h>
52#include <iprt/asm.h>
53#include <VBox/stam.h>
54#include <VBox/mm.h>
55#include <VBox/pgm.h>
56
57#include <VBox/scsi.h>
58
59#include "PIIX3ATABmDma.h"
60#include "ide.h"
61#include "../Builtins.h"
62
63/*******************************************************************************
64* Defined Constants And Macros *
65*******************************************************************************/
66/**
67 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
68 * Set to 1 to disable multi-sector read support. According to the ATA
69 * specification this must be a power of 2 and it must fit in an 8 bit
70 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
71 */
72#define ATA_MAX_MULT_SECTORS 128
73
74/**
75 * Fastest PIO mode supported by the drive.
76 */
77#define ATA_PIO_MODE_MAX 4
78/**
79 * Fastest MDMA mode supported by the drive.
80 */
81#define ATA_MDMA_MODE_MAX 2
82/**
83 * Fastest UDMA mode supported by the drive.
84 */
85#define ATA_UDMA_MODE_MAX 6
86
87/** ATAPI sense info size. */
88#define ATAPI_SENSE_SIZE 64
89
90/** The maximum number of release log entries per device. */
91#define MAX_LOG_REL_ERRORS 1024
92
93/* MediaEventStatus */
94#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
95#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
96#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
97#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
98
99
100/*******************************************************************************
101* Structures and Typedefs *
102*******************************************************************************/
103typedef struct ATADevState {
104 /** Flag indicating whether the current command uses LBA48 mode. */
105 bool fLBA48;
106 /** Flag indicating whether this drive implements the ATAPI command set. */
107 bool fATAPI;
108 /** Set if this interface has asserted the IRQ. */
109 bool fIrqPending;
110 /** Currently configured number of sectors in a multi-sector transfer. */
111 uint8_t cMultSectors;
112 /** PCHS disk geometry. */
113 PDMMEDIAGEOMETRY PCHSGeometry;
114 /** Total number of sectors on this disk. */
115 uint64_t cTotalSectors;
116 /** Number of sectors to transfer per IRQ. */
117 uint32_t cSectorsPerIRQ;
118
119 /** ATA/ATAPI register 1: feature (write-only). */
120 uint8_t uATARegFeature;
121 /** ATA/ATAPI register 1: feature, high order byte. */
122 uint8_t uATARegFeatureHOB;
123 /** ATA/ATAPI register 1: error (read-only). */
124 uint8_t uATARegError;
125 /** ATA/ATAPI register 2: sector count (read/write). */
126 uint8_t uATARegNSector;
127 /** ATA/ATAPI register 2: sector count, high order byte. */
128 uint8_t uATARegNSectorHOB;
129 /** ATA/ATAPI register 3: sector (read/write). */
130 uint8_t uATARegSector;
131 /** ATA/ATAPI register 3: sector, high order byte. */
132 uint8_t uATARegSectorHOB;
133 /** ATA/ATAPI register 4: cylinder low (read/write). */
134 uint8_t uATARegLCyl;
135 /** ATA/ATAPI register 4: cylinder low, high order byte. */
136 uint8_t uATARegLCylHOB;
137 /** ATA/ATAPI register 5: cylinder high (read/write). */
138 uint8_t uATARegHCyl;
139 /** ATA/ATAPI register 5: cylinder high, high order byte. */
140 uint8_t uATARegHCylHOB;
141 /** ATA/ATAPI register 6: select drive/head (read/write). */
142 uint8_t uATARegSelect;
143 /** ATA/ATAPI register 7: status (read-only). */
144 uint8_t uATARegStatus;
145 /** ATA/ATAPI register 7: command (write-only). */
146 uint8_t uATARegCommand;
147 /** ATA/ATAPI drive control register (write-only). */
148 uint8_t uATARegDevCtl;
149
150 /** Currently active transfer mode (MDMA/UDMA) and speed. */
151 uint8_t uATATransferMode;
152 /** Current transfer direction. */
153 uint8_t uTxDir;
154 /** Index of callback for begin transfer. */
155 uint8_t iBeginTransfer;
156 /** Index of callback for source/sink of data. */
157 uint8_t iSourceSink;
158 /** Flag indicating whether the current command transfers data in DMA mode. */
159 bool fDMA;
160 /** Set to indicate that ATAPI transfer semantics must be used. */
161 bool fATAPITransfer;
162
163 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
164 uint32_t cbTotalTransfer;
165 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
166 uint32_t cbElementaryTransfer;
167 /** Current read/write buffer position, shared PIO/DMA. */
168 uint32_t iIOBufferCur;
169 /** First element beyond end of valid buffer content, shared PIO/DMA. */
170 uint32_t iIOBufferEnd;
171
172 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
173 uint32_t iIOBufferPIODataStart;
174 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
175 uint32_t iIOBufferPIODataEnd;
176
177 /** ATAPI current LBA position. */
178 uint32_t iATAPILBA;
179 /** ATAPI current sector size. */
180 uint32_t cbATAPISector;
181 /** ATAPI current command. */
182 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
183 /** ATAPI sense data. */
184 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
185 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
186 uint8_t cNotifiedMediaChange;
187 /** The same for GET_EVENT_STATUS for mechanism */
188 volatile uint32_t MediaEventStatus;
189
190 uint32_t Alignment0;
191
192 /** The status LED state for this drive. */
193 PDMLED Led;
194
195 /** Size of I/O buffer. */
196 uint32_t cbIOBuffer;
197 /** Pointer to the I/O buffer. */
198 R3PTRTYPE(uint8_t *) pbIOBufferR3;
199 /** Pointer to the I/O buffer. */
200 R0PTRTYPE(uint8_t *) pbIOBufferR0;
201 /** Pointer to the I/O buffer. */
202 RCPTRTYPE(uint8_t *) pbIOBufferRC;
203
204 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
205
206 /*
207 * No data that is part of the saved state after this point!!!!!
208 */
209
210 /* Release statistics: number of ATA DMA commands. */
211 STAMCOUNTER StatATADMA;
212 /* Release statistics: number of ATA PIO commands. */
213 STAMCOUNTER StatATAPIO;
214 /* Release statistics: number of ATAPI PIO commands. */
215 STAMCOUNTER StatATAPIDMA;
216 /* Release statistics: number of ATAPI PIO commands. */
217 STAMCOUNTER StatATAPIPIO;
218#ifdef VBOX_INSTRUMENT_DMA_WRITES
219 /* Release statistics: number of DMA sector writes and the time spent. */
220 STAMPROFILEADV StatInstrVDWrites;
221#endif
222
223 /** Statistics: number of read operations and the time spent reading. */
224 STAMPROFILEADV StatReads;
225 /** Statistics: number of bytes read. */
226 STAMCOUNTER StatBytesRead;
227 /** Statistics: number of write operations and the time spent writing. */
228 STAMPROFILEADV StatWrites;
229 /** Statistics: number of bytes written. */
230 STAMCOUNTER StatBytesWritten;
231 /** Statistics: number of flush operations and the time spend flushing. */
232 STAMPROFILE StatFlushes;
233
234 /** Enable passing through commands directly to the ATAPI drive. */
235 bool fATAPIPassthrough;
236 /** Number of errors we've reported to the release log.
237 * This is to prevent flooding caused by something going horribly wrong.
238 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
239 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
240 uint32_t cErrors;
241 /** Timestamp of last started command. 0 if no command pending. */
242 uint64_t u64CmdTS;
243
244 /** Pointer to the attached driver's base interface. */
245 R3PTRTYPE(PPDMIBASE) pDrvBase;
246 /** Pointer to the attached driver's block interface. */
247 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
248 /** Pointer to the attached driver's block bios interface. */
249 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
250 /** Pointer to the attached driver's mount interface.
251 * This is NULL if the driver isn't a removable unit. */
252 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
253 /** The base interface. */
254 PDMIBASE IBase;
255 /** The block port interface. */
256 PDMIBLOCKPORT IPort;
257 /** The mount notify interface. */
258 PDMIMOUNTNOTIFY IMountNotify;
259 /** The LUN #. */
260 RTUINT iLUN;
261#if HC_ARCH_BITS == 64
262 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
263#endif
264 /** Pointer to device instance. */
265 PPDMDEVINSR3 pDevInsR3;
266 /** Pointer to controller instance. */
267 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
268 /** Pointer to device instance. */
269 PPDMDEVINSR0 pDevInsR0;
270 /** Pointer to controller instance. */
271 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
272 /** Pointer to device instance. */
273 PPDMDEVINSRC pDevInsRC;
274 /** Pointer to controller instance. */
275 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
276
277 /** The serial numnber to use for IDENTIFY DEVICE commands. */
278 int8_t abSerialNumber[20];
279 /** The firmware revision to use for IDENTIFY DEVICE commands. */
280 int8_t abFirmwareRevision[8];
281 /** The model number to use for IDENTIFY DEVICE commands. */
282 int8_t abModelNumber[40];
283
284#if HC_ARCH_BITS == 64
285 uint32_t Alignment1;
286#endif
287} ATADevState;
288
289
290typedef struct ATATransferRequest
291{
292 uint8_t iIf;
293 uint8_t iBeginTransfer;
294 uint8_t iSourceSink;
295 uint32_t cbTotalTransfer;
296 uint8_t uTxDir;
297} ATATransferRequest;
298
299
300typedef struct ATAAbortRequest
301{
302 uint8_t iIf;
303 bool fResetDrive;
304} ATAAbortRequest;
305
306
307typedef enum
308{
309 /** Begin a new transfer. */
310 ATA_AIO_NEW = 0,
311 /** Continue a DMA transfer. */
312 ATA_AIO_DMA,
313 /** Continue a PIO transfer. */
314 ATA_AIO_PIO,
315 /** Reset the drives on current controller, stop all transfer activity. */
316 ATA_AIO_RESET_ASSERTED,
317 /** Reset the drives on current controller, resume operation. */
318 ATA_AIO_RESET_CLEARED,
319 /** Abort the current transfer of a particular drive. */
320 ATA_AIO_ABORT
321} ATAAIO;
322
323
324typedef struct ATARequest
325{
326 ATAAIO ReqType;
327 union
328 {
329 ATATransferRequest t;
330 ATAAbortRequest a;
331 } u;
332} ATARequest;
333
334
335typedef struct ATACONTROLLER
336{
337 /** The base of the first I/O Port range. */
338 RTIOPORT IOPortBase1;
339 /** The base of the second I/O Port range. (0 if none) */
340 RTIOPORT IOPortBase2;
341 /** The assigned IRQ. */
342 RTUINT irq;
343 /** Access critical section */
344 PDMCRITSECT lock;
345
346 /** Selected drive. */
347 uint8_t iSelectedIf;
348 /** The interface on which to handle async I/O. */
349 uint8_t iAIOIf;
350 /** The state of the async I/O thread. */
351 uint8_t uAsyncIOState;
352 /** Flag indicating whether the next transfer is part of the current command. */
353 bool fChainedTransfer;
354 /** Set when the reset processing is currently active on this controller. */
355 bool fReset;
356 /** Flag whether the current transfer needs to be redone. */
357 bool fRedo;
358 /** Flag whether the redo suspend has been finished. */
359 bool fRedoIdle;
360 /** Flag whether the DMA operation to be redone is the final transfer. */
361 bool fRedoDMALastDesc;
362 /** The BusMaster DMA state. */
363 BMDMAState BmDma;
364 /** Pointer to first DMA descriptor. */
365 RTGCPHYS32 pFirstDMADesc;
366 /** Pointer to last DMA descriptor. */
367 RTGCPHYS32 pLastDMADesc;
368 /** Pointer to current DMA buffer (for redo operations). */
369 RTGCPHYS32 pRedoDMABuffer;
370 /** Size of current DMA buffer (for redo operations). */
371 uint32_t cbRedoDMABuffer;
372
373 /** The ATA/ATAPI interfaces of this controller. */
374 ATADevState aIfs[2];
375
376 /** Pointer to device instance. */
377 PPDMDEVINSR3 pDevInsR3;
378 /** Pointer to device instance. */
379 PPDMDEVINSR0 pDevInsR0;
380 /** Pointer to device instance. */
381 PPDMDEVINSRC pDevInsRC;
382
383 /** Set when the destroying the device instance and the thread must exit. */
384 uint32_t volatile fShutdown;
385 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
386 RTTHREAD AsyncIOThread;
387 /** The event semaphore the thread is waiting on for requests. */
388 RTSEMEVENT AsyncIOSem;
389 /** The request queue for the AIO thread. One element is always unused. */
390 ATARequest aAsyncIORequests[4];
391 /** The position at which to insert a new request for the AIO thread. */
392 uint8_t AsyncIOReqHead;
393 /** The position at which to get a new request for the AIO thread. */
394 uint8_t AsyncIOReqTail;
395 uint8_t Alignment3[2]; /**< Explicit padding of the 2 byte gap. */
396 /** Magic delay before triggering interrupts in DMA mode. */
397 uint32_t DelayIRQMillies;
398 /** The mutex protecting the request queue. */
399 RTSEMMUTEX AsyncIORequestMutex;
400 /** The event semaphore the thread is waiting on during suspended I/O. */
401 RTSEMEVENT SuspendIOSem;
402#if 0 /*HC_ARCH_BITS == 32*/
403 uint32_t Alignment0;
404#endif
405
406 /* Statistics */
407 STAMCOUNTER StatAsyncOps;
408 uint64_t StatAsyncMinWait;
409 uint64_t StatAsyncMaxWait;
410 STAMCOUNTER StatAsyncTimeUS;
411 STAMPROFILEADV StatAsyncTime;
412 STAMPROFILE StatLockWait;
413} ATACONTROLLER, *PATACONTROLLER;
414
415typedef struct PCIATAState {
416 PCIDEVICE dev;
417 /** The controllers. */
418 ATACONTROLLER aCts[2];
419 /** Pointer to device instance. */
420 PPDMDEVINSR3 pDevIns;
421 /** Status Port - Base interface. */
422 PDMIBASE IBase;
423 /** Status Port - Leds interface. */
424 PDMILEDPORTS ILeds;
425 /** Partner of ILeds. */
426 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
427 /** Flag whether GC is enabled. */
428 bool fGCEnabled;
429 /** Flag whether R0 is enabled. */
430 bool fR0Enabled;
431 /** Flag indicating whether PIIX4 or PIIX3 is being emulated. */
432 bool fPIIX4;
433 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1]; /**< Align the struct size. */
434} PCIATAState;
435
436#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
437#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
438#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
439#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
440#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
441#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
442
443#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
444
445#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
446#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
447#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
448#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
449
450#ifndef VBOX_DEVICE_STRUCT_TESTCASE
451/*******************************************************************************
452 * Internal Functions *
453 ******************************************************************************/
454__BEGIN_DECLS
455PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
456PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
457PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
458PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
459PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
460PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
461PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
462PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
463__END_DECLS
464
465
466
467DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
468{
469 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
470
471 /* Freeze status register contents while processing RESET. */
472 if (!pCtl->fReset)
473 {
474 s->uATARegStatus = stat;
475 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
476 }
477}
478
479
480DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
481{
482 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
483
484 /* Freeze status register contents while processing RESET. */
485 if (!pCtl->fReset)
486 {
487 s->uATARegStatus |= stat;
488 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
489 }
490}
491
492
493DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
494{
495 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
496
497 /* Freeze status register contents while processing RESET. */
498 if (!pCtl->fReset)
499 {
500 s->uATARegStatus &= ~stat;
501 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
502 }
503}
504
505#ifdef IN_RING3
506
507typedef void (*PBeginTransferFunc)(ATADevState *);
508typedef bool (*PSourceSinkFunc)(ATADevState *);
509
510static void ataReadWriteSectorsBT(ATADevState *);
511static void ataPacketBT(ATADevState *);
512static void atapiCmdBT(ATADevState *);
513static void atapiPassthroughCmdBT(ATADevState *);
514
515static bool ataIdentifySS(ATADevState *);
516static bool ataFlushSS(ATADevState *);
517static bool ataReadSectorsSS(ATADevState *);
518static bool ataWriteSectorsSS(ATADevState *);
519static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
520static bool ataPacketSS(ATADevState *);
521static bool atapiGetConfigurationSS(ATADevState *);
522static bool atapiGetEventStatusNotificationSS(ATADevState *);
523static bool atapiIdentifySS(ATADevState *);
524static bool atapiInquirySS(ATADevState *);
525static bool atapiMechanismStatusSS(ATADevState *);
526static bool atapiModeSenseErrorRecoverySS(ATADevState *);
527static bool atapiModeSenseCDStatusSS(ATADevState *);
528static bool atapiReadSS(ATADevState *);
529static bool atapiReadCapacitySS(ATADevState *);
530static bool atapiReadDiscInformationSS(ATADevState *);
531static bool atapiReadTOCNormalSS(ATADevState *);
532static bool atapiReadTOCMultiSS(ATADevState *);
533static bool atapiReadTOCRawSS(ATADevState *);
534static bool atapiReadTrackInformationSS(ATADevState *);
535static bool atapiRequestSenseSS(ATADevState *);
536static bool atapiPassthroughSS(ATADevState *);
537
538/**
539 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
540 */
541typedef enum ATAFNBT
542{
543 ATAFN_BT_NULL = 0,
544 ATAFN_BT_READ_WRITE_SECTORS,
545 ATAFN_BT_PACKET,
546 ATAFN_BT_ATAPI_CMD,
547 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
548 ATAFN_BT_MAX
549} ATAFNBT;
550
551/**
552 * Array of end transfer functions, the index is ATAFNET.
553 * Make sure ATAFNET and this array match!
554 */
555static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
556{
557 NULL,
558 ataReadWriteSectorsBT,
559 ataPacketBT,
560 atapiCmdBT,
561 atapiPassthroughCmdBT,
562};
563
564/**
565 * Source/sink function indexes for g_apfnSourceSinkFuncs.
566 */
567typedef enum ATAFNSS
568{
569 ATAFN_SS_NULL = 0,
570 ATAFN_SS_IDENTIFY,
571 ATAFN_SS_FLUSH,
572 ATAFN_SS_READ_SECTORS,
573 ATAFN_SS_WRITE_SECTORS,
574 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
575 ATAFN_SS_PACKET,
576 ATAFN_SS_ATAPI_GET_CONFIGURATION,
577 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
578 ATAFN_SS_ATAPI_IDENTIFY,
579 ATAFN_SS_ATAPI_INQUIRY,
580 ATAFN_SS_ATAPI_MECHANISM_STATUS,
581 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
582 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
583 ATAFN_SS_ATAPI_READ,
584 ATAFN_SS_ATAPI_READ_CAPACITY,
585 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
586 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
587 ATAFN_SS_ATAPI_READ_TOC_MULTI,
588 ATAFN_SS_ATAPI_READ_TOC_RAW,
589 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
590 ATAFN_SS_ATAPI_REQUEST_SENSE,
591 ATAFN_SS_ATAPI_PASSTHROUGH,
592 ATAFN_SS_MAX
593} ATAFNSS;
594
595/**
596 * Array of source/sink functions, the index is ATAFNSS.
597 * Make sure ATAFNSS and this array match!
598 */
599static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
600{
601 NULL,
602 ataIdentifySS,
603 ataFlushSS,
604 ataReadSectorsSS,
605 ataWriteSectorsSS,
606 ataExecuteDeviceDiagnosticSS,
607 ataPacketSS,
608 atapiGetConfigurationSS,
609 atapiGetEventStatusNotificationSS,
610 atapiIdentifySS,
611 atapiInquirySS,
612 atapiMechanismStatusSS,
613 atapiModeSenseErrorRecoverySS,
614 atapiModeSenseCDStatusSS,
615 atapiReadSS,
616 atapiReadCapacitySS,
617 atapiReadDiscInformationSS,
618 atapiReadTOCNormalSS,
619 atapiReadTOCMultiSS,
620 atapiReadTOCRawSS,
621 atapiReadTrackInformationSS,
622 atapiRequestSenseSS,
623 atapiPassthroughSS
624};
625
626
627static const ATARequest ataDMARequest = { ATA_AIO_DMA, };
628static const ATARequest ataPIORequest = { ATA_AIO_PIO, };
629static const ATARequest ataResetARequest = { ATA_AIO_RESET_ASSERTED, };
630static const ATARequest ataResetCRequest = { ATA_AIO_RESET_CLEARED, };
631
632
633static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
634{
635 int rc;
636
637 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
638 AssertRC(rc);
639 pCtl->AsyncIOReqHead = 0;
640 pCtl->AsyncIOReqTail = 0;
641 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
642 AssertRC(rc);
643}
644
645
646static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
647{
648 int rc;
649
650 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
651 AssertRC(rc);
652 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
653 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
654 pCtl->AsyncIOReqHead++;
655 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
656 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
657 AssertRC(rc);
658 LogBird(("ata: %x: signalling\n", pCtl->IOPortBase1));
659 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
660 if (RT_FAILURE(rc))
661 {
662 LogBird(("ata: %x: schedule failed, rc=%Rrc\n", pCtl->IOPortBase1, rc));
663 rc = RTSemEventSignal(pCtl->AsyncIOSem);
664 AssertRC(rc);
665 }
666}
667
668
669static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
670{
671 int rc;
672 const ATARequest *pReq;
673
674 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
675 AssertRC(rc);
676 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
677 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
678 else
679 pReq = NULL;
680 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
681 AssertRC(rc);
682 return pReq;
683}
684
685
686/**
687 * Remove the request with the given type, as it's finished. The request
688 * is not removed blindly, as this could mean a RESET request that is not
689 * yet processed (but has cleared the request queue) is lost.
690 *
691 * @param pCtl Controller for which to remove the request.
692 * @param ReqType Type of the request to remove.
693 */
694static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
695{
696 int rc;
697
698 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
699 AssertRC(rc);
700 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
701 {
702 pCtl->AsyncIOReqTail++;
703 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
704 }
705 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
706 AssertRC(rc);
707}
708
709
710/**
711 * Dump the request queue for a particular controller. First dump the queue
712 * contents, then the already processed entries, as long as they haven't been
713 * overwritten.
714 *
715 * @param pCtl Controller for which to dump the queue.
716 */
717static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
718{
719 int rc;
720 uint8_t curr;
721
722 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
723 AssertRC(rc);
724 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
725 curr = pCtl->AsyncIOReqTail;
726 do
727 {
728 if (curr == pCtl->AsyncIOReqHead)
729 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
730 switch (pCtl->aAsyncIORequests[curr].ReqType)
731 {
732 case ATA_AIO_NEW:
733 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
734 break;
735 case ATA_AIO_DMA:
736 LogRel(("dma transfer finished\n"));
737 break;
738 case ATA_AIO_PIO:
739 LogRel(("pio transfer finished\n"));
740 break;
741 case ATA_AIO_RESET_ASSERTED:
742 LogRel(("reset asserted request\n"));
743 break;
744 case ATA_AIO_RESET_CLEARED:
745 LogRel(("reset cleared request\n"));
746 break;
747 case ATA_AIO_ABORT:
748 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
749 break;
750 default:
751 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
752 }
753 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
754 } while (curr != pCtl->AsyncIOReqTail);
755 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
756 AssertRC(rc);
757}
758
759
760/**
761 * Checks whether the request queue for a particular controller is empty
762 * or whether a particular controller is idle.
763 *
764 * @param pCtl Controller for which to check the queue.
765 * @param fStrict If set then the controller is checked to be idle.
766 */
767static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
768{
769 int rc;
770 bool fIdle;
771
772 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
773 AssertRC(rc);
774 fIdle = pCtl->fRedoIdle;
775 if (!fIdle)
776 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
777 if (fStrict)
778 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
779 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
780 AssertRC(rc);
781 return fIdle;
782}
783
784
785/**
786 * Send a transfer request to the async I/O thread.
787 *
788 * @param s Pointer to the ATA device state data.
789 * @param cbTotalTransfer Data transfer size.
790 * @param uTxDir Data transfer direction.
791 * @param iBeginTransfer Index of BeginTransfer callback.
792 * @param iSourceSink Index of SourceSink callback.
793 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
794 */
795static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
796{
797 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
798 ATARequest Req;
799
800 Assert(PDMCritSectIsOwner(&pCtl->lock));
801
802 /* Do not issue new requests while the RESET line is asserted. */
803 if (pCtl->fReset)
804 {
805 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
806 return;
807 }
808
809 /* If the controller is already doing something else right now, ignore
810 * the command that is being submitted. Some broken guests issue commands
811 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
812 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true))
813 {
814 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
815 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
816 return;
817 }
818
819 Req.ReqType = ATA_AIO_NEW;
820 if (fChainedTransfer)
821 Req.u.t.iIf = pCtl->iAIOIf;
822 else
823 Req.u.t.iIf = pCtl->iSelectedIf;
824 Req.u.t.cbTotalTransfer = cbTotalTransfer;
825 Req.u.t.uTxDir = uTxDir;
826 Req.u.t.iBeginTransfer = iBeginTransfer;
827 Req.u.t.iSourceSink = iSourceSink;
828 ataSetStatusValue(s, ATA_STAT_BUSY);
829 pCtl->fChainedTransfer = fChainedTransfer;
830
831 /*
832 * Kick the worker thread into action.
833 */
834 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
835 ataAsyncIOPutRequest(pCtl, &Req);
836}
837
838
839/**
840 * Send an abort command request to the async I/O thread.
841 *
842 * @param s Pointer to the ATA device state data.
843 * @param fResetDrive Whether to reset the drive or just abort a command.
844 */
845static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
846{
847 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
848 ATARequest Req;
849
850 Assert(PDMCritSectIsOwner(&pCtl->lock));
851
852 /* Do not issue new requests while the RESET line is asserted. */
853 if (pCtl->fReset)
854 {
855 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
856 return;
857 }
858
859 Req.ReqType = ATA_AIO_ABORT;
860 Req.u.a.iIf = pCtl->iSelectedIf;
861 Req.u.a.fResetDrive = fResetDrive;
862 ataSetStatus(s, ATA_STAT_BUSY);
863 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
864 ataAsyncIOPutRequest(pCtl, &Req);
865}
866
867
868static void ataSetIRQ(ATADevState *s)
869{
870 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
871 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
872
873 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
874 {
875 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
876 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
877 * line is asserted. It monitors the line for a rising edge. */
878 if (!s->fIrqPending)
879 pCtl->BmDma.u8Status |= BM_STATUS_INT;
880 /* Only actually set the IRQ line if updating the currently selected drive. */
881 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
882 {
883 /** @todo experiment with adaptive IRQ delivery: for reads it is
884 * better to wait for IRQ delivery, as it reduces latency. */
885 if (pCtl->irq == 16)
886 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
887 else
888 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
889 }
890 }
891 s->fIrqPending = true;
892}
893
894#endif /* IN_RING3 */
895
896static void ataUnsetIRQ(ATADevState *s)
897{
898 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
899 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
900
901 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
902 {
903 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
904 /* Only actually unset the IRQ line if updating the currently selected drive. */
905 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
906 {
907 if (pCtl->irq == 16)
908 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
909 else
910 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
911 }
912 }
913 s->fIrqPending = false;
914}
915
916#ifdef IN_RING3
917
918static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
919{
920 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
921 s->iIOBufferPIODataStart = start;
922 s->iIOBufferPIODataEnd = start + size;
923 ataSetStatus(s, ATA_STAT_DRQ);
924}
925
926
927static void ataPIOTransferStop(ATADevState *s)
928{
929 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
930 if (s->fATAPITransfer)
931 {
932 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
933 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
934 ataSetIRQ(s);
935 s->fATAPITransfer = false;
936 }
937 s->cbTotalTransfer = 0;
938 s->cbElementaryTransfer = 0;
939 s->iIOBufferPIODataStart = 0;
940 s->iIOBufferPIODataEnd = 0;
941 s->iBeginTransfer = ATAFN_BT_NULL;
942 s->iSourceSink = ATAFN_SS_NULL;
943}
944
945
946static void ataPIOTransferLimitATAPI(ATADevState *s)
947{
948 uint32_t cbLimit, cbTransfer;
949
950 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
951 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
952 if (cbLimit == 0)
953 cbLimit = 0xfffe;
954 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
955 if (cbLimit == 0xffff)
956 cbLimit--;
957 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
958 if (cbTransfer > cbLimit)
959 {
960 /* Byte count limit for clipping must be even in this case */
961 if (cbLimit & 1)
962 cbLimit--;
963 cbTransfer = cbLimit;
964 }
965 s->uATARegLCyl = cbTransfer;
966 s->uATARegHCyl = cbTransfer >> 8;
967 s->cbElementaryTransfer = cbTransfer;
968}
969
970
971static uint32_t ataGetNSectors(ATADevState *s)
972{
973 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
974 if (s->fLBA48)
975 {
976 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
977 return 65536;
978 else
979 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
980 }
981 else
982 {
983 if (!s->uATARegNSector)
984 return 256;
985 else
986 return s->uATARegNSector;
987 }
988}
989
990
991static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
992{
993 for (uint32_t i = 0; i < cbSize; i++)
994 {
995 if (*pbSrc)
996 pbDst[i ^ 1] = *pbSrc++;
997 else
998 pbDst[i ^ 1] = ' ';
999 }
1000}
1001
1002
1003static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1004{
1005 for (uint32_t i = 0; i < cbSize; i++)
1006 {
1007 if (*pbSrc)
1008 pbDst[i] = *pbSrc++;
1009 else
1010 pbDst[i] = ' ';
1011 }
1012}
1013
1014
1015DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1016{
1017 pbBuf[0] = val >> 8;
1018 pbBuf[1] = val;
1019}
1020
1021
1022DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1023{
1024 pbBuf[0] = val >> 16;
1025 pbBuf[1] = val >> 8;
1026 pbBuf[2] = val;
1027}
1028
1029
1030DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1031{
1032 pbBuf[0] = val >> 24;
1033 pbBuf[1] = val >> 16;
1034 pbBuf[2] = val >> 8;
1035 pbBuf[3] = val;
1036}
1037
1038
1039DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1040{
1041 return (pbBuf[0] << 8) | pbBuf[1];
1042}
1043
1044
1045DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1046{
1047 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1048}
1049
1050
1051DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1052{
1053 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1054}
1055
1056
1057DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1058{
1059 iATAPILBA += 150;
1060 pbBuf[0] = (iATAPILBA / 75) / 60;
1061 pbBuf[1] = (iATAPILBA / 75) % 60;
1062 pbBuf[2] = iATAPILBA % 75;
1063}
1064
1065
1066DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1067{
1068 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1069}
1070
1071
1072static void ataCmdOK(ATADevState *s, uint8_t status)
1073{
1074 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1075 ataSetStatusValue(s, ATA_STAT_READY | status);
1076}
1077
1078
1079static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1080{
1081 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1082 s->uATARegError = uErrorCode;
1083 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1084 s->cbTotalTransfer = 0;
1085 s->cbElementaryTransfer = 0;
1086 s->iIOBufferCur = 0;
1087 s->iIOBufferEnd = 0;
1088 s->uTxDir = PDMBLOCKTXDIR_NONE;
1089 s->iBeginTransfer = ATAFN_BT_NULL;
1090 s->iSourceSink = ATAFN_SS_NULL;
1091}
1092
1093
1094static bool ataIdentifySS(ATADevState *s)
1095{
1096 uint16_t *p;
1097 char aSerial[20];
1098 int rc;
1099 RTUUID Uuid;
1100
1101 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1102 Assert(s->cbElementaryTransfer == 512);
1103
1104 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1105 memset(p, 0, 512);
1106 p[0] = RT_H2LE_U16(0x0040);
1107 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1108 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1109 /* Block size; obsolete, but required for the BIOS. */
1110 p[5] = RT_H2LE_U16(512);
1111 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1112 ataPadString((uint8_t *)(p + 10), (const char *)s->abSerialNumber, 20); /* serial number */
1113 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1114 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1115 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1116 ataPadString((uint8_t *)(p + 23), (const char *)s->abFirmwareRevision, 8); /* firmware version */
1117 ataPadString((uint8_t *)(p + 27), (const char *)s->abModelNumber, 40); /* model */
1118#if ATA_MAX_MULT_SECTORS > 1
1119 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1120#endif
1121 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1122 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1123 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1124 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1125 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1126 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1127 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1128 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1129 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1130 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1131 * s->PCHSGeometry.cHeads
1132 * s->PCHSGeometry.cSectors);
1133 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1134 * s->PCHSGeometry.cHeads
1135 * s->PCHSGeometry.cSectors >> 16);
1136 if (s->cMultSectors)
1137 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1138 if (s->cTotalSectors <= (1 << 28) - 1)
1139 {
1140 p[60] = RT_H2LE_U16(s->cTotalSectors);
1141 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1142 }
1143 else
1144 {
1145 /* Report maximum number of sectors possible with LBA28 */
1146 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1147 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1148 }
1149 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1150 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1151 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1152 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1153 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1154 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1155 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1156 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1157 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1158 if (s->cTotalSectors <= (1 << 28) - 1)
1159 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1160 else
1161 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1162 p[84] = RT_H2LE_U16(1 << 14);
1163 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1164 if (s->cTotalSectors <= (1 << 28) - 1)
1165 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1166 else
1167 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1168 p[87] = RT_H2LE_U16(1 << 14);
1169 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1170 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1171 if (s->cTotalSectors > (1 << 28) - 1)
1172 {
1173 p[100] = RT_H2LE_U16(s->cTotalSectors);
1174 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1175 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1176 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1177 }
1178 s->iSourceSink = ATAFN_SS_NULL;
1179 ataCmdOK(s, ATA_STAT_SEEK);
1180 return false;
1181}
1182
1183
1184static bool ataFlushSS(ATADevState *s)
1185{
1186 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1187 int rc;
1188
1189 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1190 Assert(!s->cbElementaryTransfer);
1191
1192 PDMCritSectLeave(&pCtl->lock);
1193
1194 STAM_PROFILE_START(&s->StatFlushes, f);
1195 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1196 AssertRC(rc);
1197 STAM_PROFILE_STOP(&s->StatFlushes, f);
1198
1199 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1200 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1201 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1202 ataCmdOK(s, 0);
1203 return false;
1204}
1205
1206
1207static bool atapiIdentifySS(ATADevState *s)
1208{
1209 uint16_t *p;
1210 char aSerial[20];
1211 RTUUID Uuid;
1212 int rc;
1213
1214 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1215 Assert(s->cbElementaryTransfer == 512);
1216
1217 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1218 memset(p, 0, 512);
1219 /* Removable CDROM, 50us response, 12 byte packets */
1220 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1221 ataPadString((uint8_t *)(p + 10), (const char *)s->abSerialNumber, 20); /* serial number */
1222 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1223 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1224 ataPadString((uint8_t *)(p + 23), (const char *)s->abFirmwareRevision, 8); /* firmware version */
1225 ataPadString((uint8_t *)(p + 27), (const char *)s->abModelNumber, 40); /* model */
1226 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1227 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1228 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1229 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1230 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1231 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1232 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1233 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1234 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1235 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1236 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1237 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1238 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1239 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1240 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1241 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1242 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1243 p[83] = RT_H2LE_U16(1 << 14);
1244 p[84] = RT_H2LE_U16(1 << 14);
1245 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1246 p[86] = RT_H2LE_U16(0);
1247 p[87] = RT_H2LE_U16(1 << 14);
1248 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1249 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1250 s->iSourceSink = ATAFN_SS_NULL;
1251 ataCmdOK(s, ATA_STAT_SEEK);
1252 return false;
1253}
1254
1255
1256static void ataSetSignature(ATADevState *s)
1257{
1258 s->uATARegSelect &= 0xf0; /* clear head */
1259 /* put signature */
1260 s->uATARegNSector = 1;
1261 s->uATARegSector = 1;
1262 if (s->fATAPI)
1263 {
1264 s->uATARegLCyl = 0x14;
1265 s->uATARegHCyl = 0xeb;
1266 }
1267 else if (s->pDrvBlock)
1268 {
1269 s->uATARegLCyl = 0;
1270 s->uATARegHCyl = 0;
1271 }
1272 else
1273 {
1274 s->uATARegLCyl = 0xff;
1275 s->uATARegHCyl = 0xff;
1276 }
1277}
1278
1279
1280static uint64_t ataGetSector(ATADevState *s)
1281{
1282 uint64_t iLBA;
1283 if (s->uATARegSelect & 0x40)
1284 {
1285 /* any LBA variant */
1286 if (s->fLBA48)
1287 {
1288 /* LBA48 */
1289 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1290 ((uint64_t)s->uATARegLCylHOB << 32) |
1291 ((uint64_t)s->uATARegSectorHOB << 24) |
1292 ((uint64_t)s->uATARegHCyl << 16) |
1293 ((uint64_t)s->uATARegLCyl << 8) |
1294 s->uATARegSector;
1295 }
1296 else
1297 {
1298 /* LBA */
1299 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1300 (s->uATARegLCyl << 8) | s->uATARegSector;
1301 }
1302 }
1303 else
1304 {
1305 /* CHS */
1306 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1307 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1308 (s->uATARegSector - 1);
1309 }
1310 return iLBA;
1311}
1312
1313static void ataSetSector(ATADevState *s, uint64_t iLBA)
1314{
1315 uint32_t cyl, r;
1316 if (s->uATARegSelect & 0x40)
1317 {
1318 /* any LBA variant */
1319 if (s->fLBA48)
1320 {
1321 /* LBA48 */
1322 s->uATARegHCylHOB = iLBA >> 40;
1323 s->uATARegLCylHOB = iLBA >> 32;
1324 s->uATARegSectorHOB = iLBA >> 24;
1325 s->uATARegHCyl = iLBA >> 16;
1326 s->uATARegLCyl = iLBA >> 8;
1327 s->uATARegSector = iLBA;
1328 }
1329 else
1330 {
1331 /* LBA */
1332 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1333 s->uATARegHCyl = (iLBA >> 16);
1334 s->uATARegLCyl = (iLBA >> 8);
1335 s->uATARegSector = (iLBA);
1336 }
1337 }
1338 else
1339 {
1340 /* CHS */
1341 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1342 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1343 s->uATARegHCyl = cyl >> 8;
1344 s->uATARegLCyl = cyl;
1345 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1346 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1347 }
1348}
1349
1350
1351static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors)
1352{
1353 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1354 int rc;
1355
1356 PDMCritSectLeave(&pCtl->lock);
1357
1358 STAM_PROFILE_ADV_START(&s->StatReads, r);
1359 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1360 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1361 s->Led.Actual.s.fReading = 0;
1362 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1363
1364 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1365
1366 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1367 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1368 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1369 return rc;
1370}
1371
1372
1373static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors)
1374{
1375 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1376 int rc;
1377
1378 PDMCritSectLeave(&pCtl->lock);
1379
1380 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1381 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1382#ifdef VBOX_INSTRUMENT_DMA_WRITES
1383 if (s->fDMA)
1384 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1385#endif
1386 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1387#ifdef VBOX_INSTRUMENT_DMA_WRITES
1388 if (s->fDMA)
1389 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1390#endif
1391 s->Led.Actual.s.fWriting = 0;
1392 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1393
1394 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1395
1396 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1397 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1398 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1399 return rc;
1400}
1401
1402
1403static void ataReadWriteSectorsBT(ATADevState *s)
1404{
1405 uint32_t cSectors;
1406
1407 cSectors = s->cbTotalTransfer / 512;
1408 if (cSectors > s->cSectorsPerIRQ)
1409 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1410 else
1411 s->cbElementaryTransfer = cSectors * 512;
1412 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1413 ataCmdOK(s, 0);
1414}
1415
1416
1417static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1418{
1419 int rc;
1420 LogRel(("PIIX3 ATA: Host disk full\n"));
1421 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1422 false, "DevATA_DISKFULL",
1423 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1424 AssertRC(rc);
1425}
1426
1427
1428static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1429{
1430 int rc;
1431 LogRel(("PIIX3 ATA: File too big\n"));
1432 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1433 false, "DevATA_FILETOOBIG",
1434 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1435 AssertRC(rc);
1436}
1437
1438
1439static void ataWarningISCSI(PPDMDEVINS pDevIns)
1440{
1441 int rc;
1442 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1443 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1444 false, "DevATA_ISCSIDOWN",
1445 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1446 AssertRC(rc);
1447}
1448
1449
1450static bool ataReadSectorsSS(ATADevState *s)
1451{
1452 int rc;
1453 uint32_t cSectors;
1454 uint64_t iLBA;
1455
1456 cSectors = s->cbElementaryTransfer / 512;
1457 Assert(cSectors);
1458 iLBA = ataGetSector(s);
1459 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1460 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors);
1461 if (RT_SUCCESS(rc))
1462 {
1463 ataSetSector(s, iLBA + cSectors);
1464 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1465 s->iSourceSink = ATAFN_SS_NULL;
1466 ataCmdOK(s, ATA_STAT_SEEK);
1467 }
1468 else
1469 {
1470 if (rc == VERR_DISK_FULL)
1471 {
1472 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1473 return true;
1474 }
1475 if (rc == VERR_FILE_TOO_BIG)
1476 {
1477 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1478 return true;
1479 }
1480 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1481 {
1482 /* iSCSI connection abort (first error) or failure to reestablish
1483 * connection (second error). Pause VM. On resume we'll retry. */
1484 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1485 return true;
1486 }
1487 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1488 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1489 s->iLUN, rc, iLBA, cSectors));
1490 ataCmdError(s, ID_ERR);
1491 }
1492 /** @todo implement redo for iSCSI */
1493 return false;
1494}
1495
1496
1497static bool ataWriteSectorsSS(ATADevState *s)
1498{
1499 int rc;
1500 uint32_t cSectors;
1501 uint64_t iLBA;
1502
1503 cSectors = s->cbElementaryTransfer / 512;
1504 Assert(cSectors);
1505 iLBA = ataGetSector(s);
1506 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1507 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors);
1508 if (RT_SUCCESS(rc))
1509 {
1510 ataSetSector(s, iLBA + cSectors);
1511 if (!s->cbTotalTransfer)
1512 s->iSourceSink = ATAFN_SS_NULL;
1513 ataCmdOK(s, ATA_STAT_SEEK);
1514 }
1515 else
1516 {
1517 if (rc == VERR_DISK_FULL)
1518 {
1519 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1520 return true;
1521 }
1522 if (rc == VERR_FILE_TOO_BIG)
1523 {
1524 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1525 return true;
1526 }
1527 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1528 {
1529 /* iSCSI connection abort (first error) or failure to reestablish
1530 * connection (second error). Pause VM. On resume we'll retry. */
1531 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1532 return true;
1533 }
1534 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1535 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1536 s->iLUN, rc, iLBA, cSectors));
1537 ataCmdError(s, ID_ERR);
1538 }
1539 /** @todo implement redo for iSCSI */
1540 return false;
1541}
1542
1543
1544static void atapiCmdOK(ATADevState *s)
1545{
1546 s->uATARegError = 0;
1547 ataSetStatusValue(s, ATA_STAT_READY);
1548 s->uATARegNSector = (s->uATARegNSector & ~7)
1549 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1550 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1551 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1552
1553 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1554 s->abATAPISense[0] = 0x70 | (1 << 7);
1555 s->abATAPISense[7] = 10;
1556}
1557
1558
1559static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1560{
1561 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1562 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1563 s->uATARegError = pabATAPISense[2] << 4;
1564 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1565 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1566 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1567 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1568 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1569 s->cbTotalTransfer = 0;
1570 s->cbElementaryTransfer = 0;
1571 s->iIOBufferCur = 0;
1572 s->iIOBufferEnd = 0;
1573 s->uTxDir = PDMBLOCKTXDIR_NONE;
1574 s->iBeginTransfer = ATAFN_BT_NULL;
1575 s->iSourceSink = ATAFN_SS_NULL;
1576}
1577
1578
1579/** @todo deprecated function - doesn't provide enough info. Replace by direct
1580 * calls to atapiCmdError() with full data. */
1581static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1582{
1583 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1584 memset(abATAPISense, '\0', sizeof(abATAPISense));
1585 abATAPISense[0] = 0x70 | (1 << 7);
1586 abATAPISense[2] = uATAPISenseKey & 0x0f;
1587 abATAPISense[7] = 10;
1588 abATAPISense[12] = uATAPIASC;
1589 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1590}
1591
1592
1593static void atapiCmdBT(ATADevState *s)
1594{
1595 s->fATAPITransfer = true;
1596 s->cbElementaryTransfer = s->cbTotalTransfer;
1597 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1598 atapiCmdOK(s);
1599}
1600
1601
1602static void atapiPassthroughCmdBT(ATADevState *s)
1603{
1604 /* @todo implement an algorithm for correctly determining the read and
1605 * write sector size without sending additional commands to the drive.
1606 * This should be doable by saving processing the configuration requests
1607 * and replies. */
1608#if 0
1609 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1610 {
1611 uint8_t cmd = s->aATAPICmd[0];
1612 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1613 {
1614 uint8_t aModeSenseCmd[10];
1615 uint8_t aModeSenseResult[16];
1616 uint8_t uDummySense;
1617 uint32_t cbTransfer;
1618 int rc;
1619
1620 cbTransfer = sizeof(aModeSenseResult);
1621 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1622 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1623 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1624 aModeSenseCmd[3] = 0; /* subpage code */
1625 aModeSenseCmd[4] = 0; /* reserved */
1626 aModeSenseCmd[5] = 0; /* reserved */
1627 aModeSenseCmd[6] = 0; /* reserved */
1628 aModeSenseCmd[7] = cbTransfer >> 8;
1629 aModeSenseCmd[8] = cbTransfer & 0xff;
1630 aModeSenseCmd[9] = 0; /* control */
1631 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1632 if (RT_FAILURE(rc))
1633 {
1634 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1635 return;
1636 }
1637 /* Select sector size based on the current data block type. */
1638 switch (aModeSenseResult[12] & 0x0f)
1639 {
1640 case 0:
1641 s->cbATAPISector = 2352;
1642 break;
1643 case 1:
1644 s->cbATAPISector = 2368;
1645 break;
1646 case 2:
1647 case 3:
1648 s->cbATAPISector = 2448;
1649 break;
1650 case 8:
1651 case 10:
1652 s->cbATAPISector = 2048;
1653 break;
1654 case 9:
1655 s->cbATAPISector = 2336;
1656 break;
1657 case 11:
1658 s->cbATAPISector = 2056;
1659 break;
1660 case 12:
1661 s->cbATAPISector = 2324;
1662 break;
1663 case 13:
1664 s->cbATAPISector = 2332;
1665 break;
1666 default:
1667 s->cbATAPISector = 0;
1668 }
1669 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1670 s->cbTotalTransfer *= s->cbATAPISector;
1671 if (s->cbTotalTransfer == 0)
1672 s->uTxDir = PDMBLOCKTXDIR_NONE;
1673 }
1674 }
1675#endif
1676 atapiCmdBT(s);
1677}
1678
1679
1680static bool atapiReadSS(ATADevState *s)
1681{
1682 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1683 int rc = VINF_SUCCESS;
1684 uint32_t cbTransfer, cSectors;
1685
1686 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1687 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1688 cSectors = cbTransfer / s->cbATAPISector;
1689 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1690 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1691
1692 PDMCritSectLeave(&pCtl->lock);
1693
1694 STAM_PROFILE_ADV_START(&s->StatReads, r);
1695 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1696 switch (s->cbATAPISector)
1697 {
1698 case 2048:
1699 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1700 break;
1701 case 2352:
1702 {
1703 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1704
1705 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1706 {
1707 /* sync bytes */
1708 *pbBuf++ = 0x00;
1709 memset(pbBuf, 0xff, 11);
1710 pbBuf += 11;
1711 /* MSF */
1712 ataLBA2MSF(pbBuf, i);
1713 pbBuf += 3;
1714 *pbBuf++ = 0x01; /* mode 1 data */
1715 /* data */
1716 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1717 if (RT_FAILURE(rc))
1718 break;
1719 pbBuf += 2048;
1720 /* ECC */
1721 memset(pbBuf, 0, 288);
1722 pbBuf += 288;
1723 }
1724 }
1725 break;
1726 default:
1727 break;
1728 }
1729 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1730
1731 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1732 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1733 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1734
1735 if (RT_SUCCESS(rc))
1736 {
1737 s->Led.Actual.s.fReading = 0;
1738 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1739
1740 /* The initial buffer end value has been set up based on the total
1741 * transfer size. But the I/O buffer size limits what can actually be
1742 * done in one transfer, so set the actual value of the buffer end. */
1743 s->cbElementaryTransfer = cbTransfer;
1744 if (cbTransfer >= s->cbTotalTransfer)
1745 s->iSourceSink = ATAFN_SS_NULL;
1746 atapiCmdOK(s);
1747 s->iATAPILBA += cSectors;
1748 }
1749 else
1750 {
1751 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1752 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1753 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1754 }
1755 return false;
1756}
1757
1758
1759static bool atapiPassthroughSS(ATADevState *s)
1760{
1761 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1762 int rc = VINF_SUCCESS;
1763 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1764 size_t cbTransfer;
1765 PSTAMPROFILEADV pProf = NULL;
1766
1767 cbTransfer = s->cbElementaryTransfer;
1768
1769 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1770 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1771
1772 /* Simple heuristics: if there is at least one sector of data
1773 * to transfer, it's worth updating the LEDs. */
1774 if (cbTransfer >= 2048)
1775 {
1776 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1777 {
1778 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1779 pProf = &s->StatReads;
1780 }
1781 else
1782 {
1783 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1784 pProf = &s->StatWrites;
1785 }
1786 }
1787
1788 PDMCritSectLeave(&pCtl->lock);
1789
1790 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1791 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1792 {
1793 /* Linux accepts commands with up to 100KB of data, but expects
1794 * us to handle commands with up to 128KB of data. The usual
1795 * imbalance of powers. */
1796 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1797 uint32_t iATAPILBA, cSectors, cReqSectors;
1798 size_t cbCurrTX;
1799 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1800
1801 switch (s->aATAPICmd[0])
1802 {
1803 case SCSI_READ_10:
1804 case SCSI_WRITE_10:
1805 case SCSI_WRITE_AND_VERIFY_10:
1806 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1807 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1808 break;
1809 case SCSI_READ_12:
1810 case SCSI_WRITE_12:
1811 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1812 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1813 break;
1814 case SCSI_READ_CD:
1815 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1816 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1817 break;
1818 case SCSI_READ_CD_MSF:
1819 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1820 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1821 break;
1822 default:
1823 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1824 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1825 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1826 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1827 {
1828 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1829 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1830 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1831 }
1832 return false;
1833 }
1834 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1835 cReqSectors = 0;
1836 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1837 {
1838 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1839 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1840 else
1841 cReqSectors = i;
1842 cbCurrTX = s->cbATAPISector * cReqSectors;
1843 switch (s->aATAPICmd[0])
1844 {
1845 case SCSI_READ_10:
1846 case SCSI_WRITE_10:
1847 case SCSI_WRITE_AND_VERIFY_10:
1848 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1849 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1850 break;
1851 case SCSI_READ_12:
1852 case SCSI_WRITE_12:
1853 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1854 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1855 break;
1856 case SCSI_READ_CD:
1857 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1858 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1859 break;
1860 case SCSI_READ_CD_MSF:
1861 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1862 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1863 break;
1864 }
1865 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1866 if (rc != VINF_SUCCESS)
1867 break;
1868 iATAPILBA += cReqSectors;
1869 pbBuf += s->cbATAPISector * cReqSectors;
1870 }
1871 }
1872 else
1873 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1874 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1875
1876 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1877 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1878 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1879
1880 /* Update the LEDs and the read/write statistics. */
1881 if (cbTransfer >= 2048)
1882 {
1883 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1884 {
1885 s->Led.Actual.s.fReading = 0;
1886 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
1887 }
1888 else
1889 {
1890 s->Led.Actual.s.fWriting = 0;
1891 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
1892 }
1893 }
1894
1895 if (RT_SUCCESS(rc))
1896 {
1897 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
1898 {
1899 Assert(cbTransfer <= s->cbTotalTransfer);
1900 /* Reply with the same amount of data as the real drive. */
1901 s->cbTotalTransfer = cbTransfer;
1902 /* The initial buffer end value has been set up based on the total
1903 * transfer size. But the I/O buffer size limits what can actually be
1904 * done in one transfer, so set the actual value of the buffer end. */
1905 s->cbElementaryTransfer = cbTransfer;
1906 if (s->aATAPICmd[0] == SCSI_INQUIRY)
1907 {
1908 /* Make sure that the real drive cannot be identified.
1909 * Motivation: changing the VM configuration should be as
1910 * invisible as possible to the guest. */
1911 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1912 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
1913 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
1914 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
1915 }
1916 if (cbTransfer)
1917 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1918 }
1919 s->iSourceSink = ATAFN_SS_NULL;
1920 atapiCmdOK(s);
1921 }
1922 else
1923 {
1924 if (s->cErrors < MAX_LOG_REL_ERRORS)
1925 {
1926 uint8_t u8Cmd = s->aATAPICmd[0];
1927 do
1928 {
1929 /* don't log superflous errors */
1930 if ( rc == VERR_DEV_IO_ERROR
1931 && ( u8Cmd == SCSI_TEST_UNIT_READY
1932 || u8Cmd == SCSI_READ_CAPACITY
1933 || u8Cmd == SCSI_READ_DVD_STRUCTURE
1934 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
1935 break;
1936 s->cErrors++;
1937 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
1938 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
1939 } while (0);
1940 }
1941 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1942 }
1943 return false;
1944}
1945
1946
1947static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
1948{
1949 Assert(cSectors > 0);
1950 s->iATAPILBA = iATAPILBA;
1951 s->cbATAPISector = cbSector;
1952 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
1953 return false;
1954}
1955
1956
1957static bool atapiReadCapacitySS(ATADevState *s)
1958{
1959 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1960
1961 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1962 Assert(s->cbElementaryTransfer <= 8);
1963 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
1964 ataH2BE_U32(pbBuf + 4, 2048);
1965 s->iSourceSink = ATAFN_SS_NULL;
1966 atapiCmdOK(s);
1967 return false;
1968}
1969
1970
1971static bool atapiReadDiscInformationSS(ATADevState *s)
1972{
1973 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1974
1975 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1976 Assert(s->cbElementaryTransfer <= 34);
1977 memset(pbBuf, '\0', 34);
1978 ataH2BE_U16(pbBuf, 32);
1979 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
1980 pbBuf[3] = 1; /* number of first track */
1981 pbBuf[4] = 1; /* number of sessions (LSB) */
1982 pbBuf[5] = 1; /* first track number in last session (LSB) */
1983 pbBuf[6] = 1; /* last track number in last session (LSB) */
1984 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
1985 pbBuf[8] = 0; /* disc type = CD-ROM */
1986 pbBuf[9] = 0; /* number of sessions (MSB) */
1987 pbBuf[10] = 0; /* number of sessions (MSB) */
1988 pbBuf[11] = 0; /* number of sessions (MSB) */
1989 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
1990 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
1991 s->iSourceSink = ATAFN_SS_NULL;
1992 atapiCmdOK(s);
1993 return false;
1994}
1995
1996
1997static bool atapiReadTrackInformationSS(ATADevState *s)
1998{
1999 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2000
2001 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2002 Assert(s->cbElementaryTransfer <= 36);
2003 /* Accept address/number type of 1 only, and only track 1 exists. */
2004 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2005 {
2006 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2007 return false;
2008 }
2009 memset(pbBuf, '\0', 36);
2010 ataH2BE_U16(pbBuf, 34);
2011 pbBuf[2] = 1; /* track number (LSB) */
2012 pbBuf[3] = 1; /* session number (LSB) */
2013 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2014 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2015 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2016 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2017 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2018 pbBuf[32] = 0; /* track number (MSB) */
2019 pbBuf[33] = 0; /* session number (MSB) */
2020 s->iSourceSink = ATAFN_SS_NULL;
2021 atapiCmdOK(s);
2022 return false;
2023}
2024
2025
2026static bool atapiGetConfigurationSS(ATADevState *s)
2027{
2028 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2029 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2030
2031 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2032 Assert(s->cbElementaryTransfer <= 32);
2033 /* Accept valid request types only, and only starting feature 0. */
2034 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2035 {
2036 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2037 return false;
2038 }
2039 memset(pbBuf, '\0', 32);
2040 ataH2BE_U32(pbBuf, 16);
2041 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2042 * way to differentiate them right now is based on the image size). Also
2043 * implement signalling "no current profile" if no medium is loaded. */
2044 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2045
2046 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2047 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2048 pbBuf[11] = 8; /* additional bytes for profiles */
2049 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2050 * before CD-ROM read capability. */
2051 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2052 pbBuf[14] = (0 << 0); /* NOT current profile */
2053 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2054 pbBuf[18] = (1 << 0); /* current profile */
2055 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2056 s->iSourceSink = ATAFN_SS_NULL;
2057 atapiCmdOK(s);
2058 return false;
2059}
2060
2061
2062static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2063{
2064 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2065
2066 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2067 Assert(s->cbElementaryTransfer <= 8);
2068
2069 if (!(s->aATAPICmd[1] & 1))
2070 {
2071 /* no asynchronous operation supported */
2072 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2073 return false;
2074 }
2075
2076 uint32_t OldStatus, NewStatus;
2077 do
2078 {
2079 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2080 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2081 switch (OldStatus)
2082 {
2083 case ATA_EVENT_STATUS_MEDIA_NEW:
2084 /* mount */
2085 ataH2BE_U16(pbBuf + 0, 6);
2086 pbBuf[2] = 0x04;
2087 pbBuf[3] = 0x5e;
2088 pbBuf[4] = 0x02;
2089 pbBuf[5] = 0x02;
2090 pbBuf[6] = 0x00;
2091 pbBuf[7] = 0x00;
2092 break;
2093
2094 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2095 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2096 /* umount */
2097 ataH2BE_U16(pbBuf + 0, 6);
2098 pbBuf[2] = 0x04;
2099 pbBuf[3] = 0x5e;
2100 pbBuf[4] = 0x03;
2101 pbBuf[5] = 0x00;
2102 pbBuf[6] = 0x00;
2103 pbBuf[7] = 0x00;
2104 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2105 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2106 break;
2107
2108 case ATA_EVENT_STATUS_UNCHANGED:
2109 default:
2110 ataH2BE_U16(pbBuf + 0, 6);
2111 pbBuf[2] = 0x01;
2112 pbBuf[3] = 0x5e;
2113 pbBuf[4] = 0x00;
2114 pbBuf[5] = 0x00;
2115 pbBuf[6] = 0x00;
2116 pbBuf[7] = 0x00;
2117 break;
2118 }
2119 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2120
2121 s->iSourceSink = ATAFN_SS_NULL;
2122 atapiCmdOK(s);
2123 return false;
2124}
2125
2126
2127static bool atapiInquirySS(ATADevState *s)
2128{
2129 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2130
2131 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2132 Assert(s->cbElementaryTransfer <= 36);
2133 pbBuf[0] = 0x05; /* CD-ROM */
2134 pbBuf[1] = 0x80; /* removable */
2135#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2136 pbBuf[2] = 0x00; /* ISO */
2137 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2138#else
2139 pbBuf[2] = 0x00; /* ISO */
2140 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2141#endif
2142 pbBuf[4] = 31; /* additional length */
2143 pbBuf[5] = 0; /* reserved */
2144 pbBuf[6] = 0; /* reserved */
2145 pbBuf[7] = 0; /* reserved */
2146 ataSCSIPadStr(pbBuf + 8, "VBOX", 8);
2147 ataSCSIPadStr(pbBuf + 16, "CD-ROM", 16);
2148 ataSCSIPadStr(pbBuf + 32, "1.0", 4);
2149 s->iSourceSink = ATAFN_SS_NULL;
2150 atapiCmdOK(s);
2151 return false;
2152}
2153
2154
2155static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2156{
2157 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2158
2159 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2160 Assert(s->cbElementaryTransfer <= 16);
2161 ataH2BE_U16(&pbBuf[0], 16 + 6);
2162 pbBuf[2] = 0x70;
2163 pbBuf[3] = 0;
2164 pbBuf[4] = 0;
2165 pbBuf[5] = 0;
2166 pbBuf[6] = 0;
2167 pbBuf[7] = 0;
2168
2169 pbBuf[8] = 0x01;
2170 pbBuf[9] = 0x06;
2171 pbBuf[10] = 0x00;
2172 pbBuf[11] = 0x05;
2173 pbBuf[12] = 0x00;
2174 pbBuf[13] = 0x00;
2175 pbBuf[14] = 0x00;
2176 pbBuf[15] = 0x00;
2177 s->iSourceSink = ATAFN_SS_NULL;
2178 atapiCmdOK(s);
2179 return false;
2180}
2181
2182
2183static bool atapiModeSenseCDStatusSS(ATADevState *s)
2184{
2185 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2186
2187 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2188 Assert(s->cbElementaryTransfer <= 40);
2189 ataH2BE_U16(&pbBuf[0], 38);
2190 pbBuf[2] = 0x70;
2191 pbBuf[3] = 0;
2192 pbBuf[4] = 0;
2193 pbBuf[5] = 0;
2194 pbBuf[6] = 0;
2195 pbBuf[7] = 0;
2196
2197 pbBuf[8] = 0x2a;
2198 pbBuf[9] = 30; /* page length */
2199 pbBuf[10] = 0x08; /* DVD-ROM read support */
2200 pbBuf[11] = 0x00; /* no write support */
2201 /* The following claims we support audio play. This is obviously false,
2202 * but the Linux generic CDROM support makes many features depend on this
2203 * capability. If it's not set, this causes many things to be disabled. */
2204 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2205 pbBuf[13] = 0x00; /* no subchannel reads supported */
2206 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2207 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2208 pbBuf[14] |= 1 << 1; /* report lock state */
2209 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2210 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2211 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2212 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2213 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2214 pbBuf[24] = 0; /* reserved */
2215 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2216 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2217 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2218 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2219 pbBuf[32] = 0; /* reserved */
2220 pbBuf[33] = 0; /* reserved */
2221 pbBuf[34] = 0; /* reserved */
2222 pbBuf[35] = 1; /* rotation control CAV */
2223 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2224 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2225 s->iSourceSink = ATAFN_SS_NULL;
2226 atapiCmdOK(s);
2227 return false;
2228}
2229
2230
2231static bool atapiRequestSenseSS(ATADevState *s)
2232{
2233 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2234
2235 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2236 memset(pbBuf, '\0', s->cbElementaryTransfer);
2237 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2238 s->iSourceSink = ATAFN_SS_NULL;
2239 atapiCmdOK(s);
2240 return false;
2241}
2242
2243
2244static bool atapiMechanismStatusSS(ATADevState *s)
2245{
2246 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2247
2248 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2249 Assert(s->cbElementaryTransfer <= 8);
2250 ataH2BE_U16(pbBuf, 0);
2251 /* no current LBA */
2252 pbBuf[2] = 0;
2253 pbBuf[3] = 0;
2254 pbBuf[4] = 0;
2255 pbBuf[5] = 1;
2256 ataH2BE_U16(pbBuf + 6, 0);
2257 s->iSourceSink = ATAFN_SS_NULL;
2258 atapiCmdOK(s);
2259 return false;
2260}
2261
2262
2263static bool atapiReadTOCNormalSS(ATADevState *s)
2264{
2265 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2266 bool fMSF;
2267 uint32_t cbSize;
2268
2269 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2270 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2271 iStartTrack = s->aATAPICmd[6];
2272 if (iStartTrack > 1 && iStartTrack != 0xaa)
2273 {
2274 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2275 return false;
2276 }
2277 q = pbBuf + 2;
2278 *q++ = 1; /* first session */
2279 *q++ = 1; /* last session */
2280 if (iStartTrack <= 1)
2281 {
2282 *q++ = 0; /* reserved */
2283 *q++ = 0x14; /* ADR, control */
2284 *q++ = 1; /* track number */
2285 *q++ = 0; /* reserved */
2286 if (fMSF)
2287 {
2288 *q++ = 0; /* reserved */
2289 ataLBA2MSF(q, 0);
2290 q += 3;
2291 }
2292 else
2293 {
2294 /* sector 0 */
2295 ataH2BE_U32(q, 0);
2296 q += 4;
2297 }
2298 }
2299 /* lead out track */
2300 *q++ = 0; /* reserved */
2301 *q++ = 0x14; /* ADR, control */
2302 *q++ = 0xaa; /* track number */
2303 *q++ = 0; /* reserved */
2304 if (fMSF)
2305 {
2306 *q++ = 0; /* reserved */
2307 ataLBA2MSF(q, s->cTotalSectors);
2308 q += 3;
2309 }
2310 else
2311 {
2312 ataH2BE_U32(q, s->cTotalSectors);
2313 q += 4;
2314 }
2315 cbSize = q - pbBuf;
2316 ataH2BE_U16(pbBuf, cbSize - 2);
2317 if (cbSize < s->cbTotalTransfer)
2318 s->cbTotalTransfer = cbSize;
2319 s->iSourceSink = ATAFN_SS_NULL;
2320 atapiCmdOK(s);
2321 return false;
2322}
2323
2324
2325static bool atapiReadTOCMultiSS(ATADevState *s)
2326{
2327 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2328 bool fMSF;
2329
2330 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2331 Assert(s->cbElementaryTransfer <= 12);
2332 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2333 /* multi session: only a single session defined */
2334/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2335 memset(pbBuf, 0, 12);
2336 pbBuf[1] = 0x0a;
2337 pbBuf[2] = 0x01;
2338 pbBuf[3] = 0x01;
2339 pbBuf[5] = 0x14; /* ADR, control */
2340 pbBuf[6] = 1; /* first track in last complete session */
2341 if (fMSF)
2342 {
2343 pbBuf[8] = 0; /* reserved */
2344 ataLBA2MSF(&pbBuf[9], 0);
2345 }
2346 else
2347 {
2348 /* sector 0 */
2349 ataH2BE_U32(pbBuf + 8, 0);
2350 }
2351 s->iSourceSink = ATAFN_SS_NULL;
2352 atapiCmdOK(s);
2353 return false;
2354}
2355
2356
2357static bool atapiReadTOCRawSS(ATADevState *s)
2358{
2359 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2360 bool fMSF;
2361 uint32_t cbSize;
2362
2363 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2364 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2365 iStartTrack = s->aATAPICmd[6];
2366
2367 q = pbBuf + 2;
2368 *q++ = 1; /* first session */
2369 *q++ = 1; /* last session */
2370
2371 *q++ = 1; /* session number */
2372 *q++ = 0x14; /* data track */
2373 *q++ = 0; /* track number */
2374 *q++ = 0xa0; /* first track in program area */
2375 *q++ = 0; /* min */
2376 *q++ = 0; /* sec */
2377 *q++ = 0; /* frame */
2378 *q++ = 0;
2379 *q++ = 1; /* first track */
2380 *q++ = 0x00; /* disk type CD-DA or CD data */
2381 *q++ = 0;
2382
2383 *q++ = 1; /* session number */
2384 *q++ = 0x14; /* data track */
2385 *q++ = 0; /* track number */
2386 *q++ = 0xa1; /* last track in program area */
2387 *q++ = 0; /* min */
2388 *q++ = 0; /* sec */
2389 *q++ = 0; /* frame */
2390 *q++ = 0;
2391 *q++ = 1; /* last track */
2392 *q++ = 0;
2393 *q++ = 0;
2394
2395 *q++ = 1; /* session number */
2396 *q++ = 0x14; /* data track */
2397 *q++ = 0; /* track number */
2398 *q++ = 0xa2; /* lead-out */
2399 *q++ = 0; /* min */
2400 *q++ = 0; /* sec */
2401 *q++ = 0; /* frame */
2402 if (fMSF)
2403 {
2404 *q++ = 0; /* reserved */
2405 ataLBA2MSF(q, s->cTotalSectors);
2406 q += 3;
2407 }
2408 else
2409 {
2410 ataH2BE_U32(q, s->cTotalSectors);
2411 q += 4;
2412 }
2413
2414 *q++ = 1; /* session number */
2415 *q++ = 0x14; /* ADR, control */
2416 *q++ = 0; /* track number */
2417 *q++ = 1; /* point */
2418 *q++ = 0; /* min */
2419 *q++ = 0; /* sec */
2420 *q++ = 0; /* frame */
2421 if (fMSF)
2422 {
2423 *q++ = 0; /* reserved */
2424 ataLBA2MSF(q, 0);
2425 q += 3;
2426 }
2427 else
2428 {
2429 /* sector 0 */
2430 ataH2BE_U32(q, 0);
2431 q += 4;
2432 }
2433
2434 cbSize = q - pbBuf;
2435 ataH2BE_U16(pbBuf, cbSize - 2);
2436 if (cbSize < s->cbTotalTransfer)
2437 s->cbTotalTransfer = cbSize;
2438 s->iSourceSink = ATAFN_SS_NULL;
2439 atapiCmdOK(s);
2440 return false;
2441}
2442
2443
2444static void atapiParseCmdVirtualATAPI(ATADevState *s)
2445{
2446 const uint8_t *pbPacket;
2447 uint8_t *pbBuf;
2448 uint32_t cbMax;
2449
2450 pbPacket = s->aATAPICmd;
2451 pbBuf = s->CTX_SUFF(pbIOBuffer);
2452 switch (pbPacket[0])
2453 {
2454 case SCSI_TEST_UNIT_READY:
2455 if (s->cNotifiedMediaChange > 0)
2456 {
2457 if (s->cNotifiedMediaChange-- > 2)
2458 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2459 else
2460 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2461 }
2462 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2463 atapiCmdOK(s);
2464 else
2465 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2466 break;
2467 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2468 cbMax = ataBE2H_U16(pbPacket + 7);
2469 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2470 break;
2471 case SCSI_MODE_SENSE_10:
2472 {
2473 uint8_t uPageControl, uPageCode;
2474 cbMax = ataBE2H_U16(pbPacket + 7);
2475 uPageControl = pbPacket[2] >> 6;
2476 uPageCode = pbPacket[2] & 0x3f;
2477 switch (uPageControl)
2478 {
2479 case SCSI_PAGECONTROL_CURRENT:
2480 switch (uPageCode)
2481 {
2482 case SCSI_MODEPAGE_ERROR_RECOVERY:
2483 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2484 break;
2485 case SCSI_MODEPAGE_CD_STATUS:
2486 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2487 break;
2488 default:
2489 goto error_cmd;
2490 }
2491 break;
2492 case SCSI_PAGECONTROL_CHANGEABLE:
2493 goto error_cmd;
2494 case SCSI_PAGECONTROL_DEFAULT:
2495 goto error_cmd;
2496 default:
2497 case SCSI_PAGECONTROL_SAVED:
2498 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2499 break;
2500 }
2501 }
2502 break;
2503 case SCSI_REQUEST_SENSE:
2504 cbMax = pbPacket[4];
2505 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2506 break;
2507 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2508 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2509 {
2510 if (pbPacket[4] & 1)
2511 s->pDrvMount->pfnLock(s->pDrvMount);
2512 else
2513 s->pDrvMount->pfnUnlock(s->pDrvMount);
2514 atapiCmdOK(s);
2515 }
2516 else
2517 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2518 break;
2519 case SCSI_READ_10:
2520 case SCSI_READ_12:
2521 {
2522 uint32_t cSectors, iATAPILBA;
2523
2524 if (s->cNotifiedMediaChange > 0)
2525 {
2526 s->cNotifiedMediaChange-- ;
2527 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2528 break;
2529 }
2530 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2531 {
2532 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2533 break;
2534 }
2535 if (pbPacket[0] == SCSI_READ_10)
2536 cSectors = ataBE2H_U16(pbPacket + 7);
2537 else
2538 cSectors = ataBE2H_U32(pbPacket + 6);
2539 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2540 if (cSectors == 0)
2541 {
2542 atapiCmdOK(s);
2543 break;
2544 }
2545 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2546 {
2547 /* Rate limited logging, one log line per second. For
2548 * guests that insist on reading from places outside the
2549 * valid area this often generates too many release log
2550 * entries otherwise. */
2551 static uint64_t uLastLogTS = 0;
2552 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2553 {
2554 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2555 uLastLogTS = RTTimeMilliTS();
2556 }
2557 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2558 break;
2559 }
2560 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2561 }
2562 break;
2563 case SCSI_READ_CD:
2564 {
2565 uint32_t cSectors, iATAPILBA;
2566
2567 if (s->cNotifiedMediaChange > 0)
2568 {
2569 s->cNotifiedMediaChange-- ;
2570 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2571 break;
2572 }
2573 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2574 {
2575 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2576 break;
2577 }
2578 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2579 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2580 if (cSectors == 0)
2581 {
2582 atapiCmdOK(s);
2583 break;
2584 }
2585 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2586 {
2587 /* Rate limited logging, one log line per second. For
2588 * guests that insist on reading from places outside the
2589 * valid area this often generates too many release log
2590 * entries otherwise. */
2591 static uint64_t uLastLogTS = 0;
2592 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2593 {
2594 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2595 uLastLogTS = RTTimeMilliTS();
2596 }
2597 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2598 break;
2599 }
2600 switch (pbPacket[9] & 0xf8)
2601 {
2602 case 0x00:
2603 /* nothing */
2604 atapiCmdOK(s);
2605 break;
2606 case 0x10:
2607 /* normal read */
2608 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2609 break;
2610 case 0xf8:
2611 /* read all data */
2612 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2613 break;
2614 default:
2615 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2616 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2617 break;
2618 }
2619 }
2620 break;
2621 case SCSI_SEEK_10:
2622 {
2623 uint32_t iATAPILBA;
2624 if (s->cNotifiedMediaChange > 0)
2625 {
2626 s->cNotifiedMediaChange-- ;
2627 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2628 break;
2629 }
2630 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2631 {
2632 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2633 break;
2634 }
2635 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2636 if (iATAPILBA > s->cTotalSectors)
2637 {
2638 /* Rate limited logging, one log line per second. For
2639 * guests that insist on seeking to places outside the
2640 * valid area this often generates too many release log
2641 * entries otherwise. */
2642 static uint64_t uLastLogTS = 0;
2643 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2644 {
2645 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2646 uLastLogTS = RTTimeMilliTS();
2647 }
2648 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2649 break;
2650 }
2651 atapiCmdOK(s);
2652 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2653 }
2654 break;
2655 case SCSI_START_STOP_UNIT:
2656 {
2657 int rc = VINF_SUCCESS;
2658 switch (pbPacket[4] & 3)
2659 {
2660 case 0: /* 00 - Stop motor */
2661 case 1: /* 01 - Start motor */
2662 break;
2663 case 2: /* 10 - Eject media */
2664 /* This must be done from EMT. */
2665 {
2666 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2667 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2668 PVMREQ pReq;
2669
2670 PDMCritSectLeave(&pCtl->lock);
2671 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
2672 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2673 AssertReleaseRC(rc);
2674 VMR3ReqFree(pReq);
2675 {
2676 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2677 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2678 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2679 }
2680 }
2681 break;
2682 case 3: /* 11 - Load media */
2683 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2684 break;
2685 }
2686 if (RT_SUCCESS(rc))
2687 atapiCmdOK(s);
2688 else
2689 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2690 }
2691 break;
2692 case SCSI_MECHANISM_STATUS:
2693 {
2694 cbMax = ataBE2H_U16(pbPacket + 8);
2695 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2696 }
2697 break;
2698 case SCSI_READ_TOC_PMA_ATIP:
2699 {
2700 uint8_t format;
2701
2702 if (s->cNotifiedMediaChange > 0)
2703 {
2704 s->cNotifiedMediaChange-- ;
2705 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2706 break;
2707 }
2708 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2709 {
2710 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2711 break;
2712 }
2713 cbMax = ataBE2H_U16(pbPacket + 7);
2714 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2715 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2716 * the other field is clear... */
2717 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2718 switch (format)
2719 {
2720 case 0:
2721 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
2722 break;
2723 case 1:
2724 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
2725 break;
2726 case 2:
2727 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
2728 break;
2729 default:
2730 error_cmd:
2731 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2732 break;
2733 }
2734 }
2735 break;
2736 case SCSI_READ_CAPACITY:
2737 if (s->cNotifiedMediaChange > 0)
2738 {
2739 s->cNotifiedMediaChange-- ;
2740 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2741 break;
2742 }
2743 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2744 {
2745 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2746 break;
2747 }
2748 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
2749 break;
2750 case SCSI_READ_DISC_INFORMATION:
2751 if (s->cNotifiedMediaChange > 0)
2752 {
2753 s->cNotifiedMediaChange-- ;
2754 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2755 break;
2756 }
2757 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2758 {
2759 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2760 break;
2761 }
2762 cbMax = ataBE2H_U16(pbPacket + 7);
2763 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
2764 break;
2765 case SCSI_READ_TRACK_INFORMATION:
2766 if (s->cNotifiedMediaChange > 0)
2767 {
2768 s->cNotifiedMediaChange-- ;
2769 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2770 break;
2771 }
2772 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2773 {
2774 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2775 break;
2776 }
2777 cbMax = ataBE2H_U16(pbPacket + 7);
2778 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
2779 break;
2780 case SCSI_GET_CONFIGURATION:
2781 /* No media change stuff here, it can confuse Linux guests. */
2782 cbMax = ataBE2H_U16(pbPacket + 7);
2783 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
2784 break;
2785 case SCSI_INQUIRY:
2786 cbMax = ataBE2H_U16(pbPacket + 3);
2787 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
2788 break;
2789 default:
2790 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2791 break;
2792 }
2793}
2794
2795
2796/*
2797 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
2798 */
2799static void atapiParseCmdPassthrough(ATADevState *s)
2800{
2801 const uint8_t *pbPacket;
2802 uint8_t *pbBuf;
2803 uint32_t cSectors, iATAPILBA;
2804 uint32_t cbTransfer = 0;
2805 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
2806
2807 pbPacket = s->aATAPICmd;
2808 pbBuf = s->CTX_SUFF(pbIOBuffer);
2809 switch (pbPacket[0])
2810 {
2811 case SCSI_BLANK:
2812 goto sendcmd;
2813 case SCSI_CLOSE_TRACK_SESSION:
2814 goto sendcmd;
2815 case SCSI_ERASE_10:
2816 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2817 cbTransfer = ataBE2H_U16(pbPacket + 7);
2818 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
2819 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2820 goto sendcmd;
2821 case SCSI_FORMAT_UNIT:
2822 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2823 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2824 goto sendcmd;
2825 case SCSI_GET_CONFIGURATION:
2826 cbTransfer = ataBE2H_U16(pbPacket + 7);
2827 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2828 goto sendcmd;
2829 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2830 cbTransfer = ataBE2H_U16(pbPacket + 7);
2831 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
2832 {
2833 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2834 break;
2835 }
2836 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2837 goto sendcmd;
2838 case SCSI_GET_PERFORMANCE:
2839 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2840 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2841 goto sendcmd;
2842 case SCSI_INQUIRY:
2843 cbTransfer = ataBE2H_U16(pbPacket + 3);
2844 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2845 goto sendcmd;
2846 case SCSI_LOAD_UNLOAD_MEDIUM:
2847 goto sendcmd;
2848 case SCSI_MECHANISM_STATUS:
2849 cbTransfer = ataBE2H_U16(pbPacket + 8);
2850 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2851 goto sendcmd;
2852 case SCSI_MODE_SELECT_10:
2853 cbTransfer = ataBE2H_U16(pbPacket + 7);
2854 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2855 goto sendcmd;
2856 case SCSI_MODE_SENSE_10:
2857 cbTransfer = ataBE2H_U16(pbPacket + 7);
2858 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2859 goto sendcmd;
2860 case SCSI_PAUSE_RESUME:
2861 goto sendcmd;
2862 case SCSI_PLAY_AUDIO_10:
2863 goto sendcmd;
2864 case SCSI_PLAY_AUDIO_12:
2865 goto sendcmd;
2866 case SCSI_PLAY_AUDIO_MSF:
2867 goto sendcmd;
2868 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2869 /** @todo do not forget to unlock when a VM is shut down */
2870 goto sendcmd;
2871 case SCSI_READ_10:
2872 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2873 cSectors = ataBE2H_U16(pbPacket + 7);
2874 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2875 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2876 cbTransfer = cSectors * s->cbATAPISector;
2877 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2878 goto sendcmd;
2879 case SCSI_READ_12:
2880 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2881 cSectors = ataBE2H_U32(pbPacket + 6);
2882 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2883 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2884 cbTransfer = cSectors * s->cbATAPISector;
2885 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2886 goto sendcmd;
2887 case SCSI_READ_BUFFER:
2888 cbTransfer = ataBE2H_U24(pbPacket + 6);
2889 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2890 goto sendcmd;
2891 case SCSI_READ_BUFFER_CAPACITY:
2892 cbTransfer = ataBE2H_U16(pbPacket + 7);
2893 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2894 goto sendcmd;
2895 case SCSI_READ_CAPACITY:
2896 cbTransfer = 8;
2897 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2898 goto sendcmd;
2899 case SCSI_READ_CD:
2900 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2901 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
2902 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2903 goto sendcmd;
2904 case SCSI_READ_CD_MSF:
2905 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
2906 if (cSectors > 32)
2907 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
2908 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2909 cbTransfer = cSectors * s->cbATAPISector;
2910 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2911 goto sendcmd;
2912 case SCSI_READ_DISC_INFORMATION:
2913 cbTransfer = ataBE2H_U16(pbPacket + 7);
2914 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2915 goto sendcmd;
2916 case SCSI_READ_DVD_STRUCTURE:
2917 cbTransfer = ataBE2H_U16(pbPacket + 8);
2918 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2919 goto sendcmd;
2920 case SCSI_READ_FORMAT_CAPACITIES:
2921 cbTransfer = ataBE2H_U16(pbPacket + 7);
2922 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2923 goto sendcmd;
2924 case SCSI_READ_SUBCHANNEL:
2925 cbTransfer = ataBE2H_U16(pbPacket + 7);
2926 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2927 goto sendcmd;
2928 case SCSI_READ_TOC_PMA_ATIP:
2929 cbTransfer = ataBE2H_U16(pbPacket + 7);
2930 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2931 goto sendcmd;
2932 case SCSI_READ_TRACK_INFORMATION:
2933 cbTransfer = ataBE2H_U16(pbPacket + 7);
2934 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2935 goto sendcmd;
2936 case SCSI_REPAIR_TRACK:
2937 goto sendcmd;
2938 case SCSI_REPORT_KEY:
2939 cbTransfer = ataBE2H_U16(pbPacket + 8);
2940 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2941 goto sendcmd;
2942 case SCSI_REQUEST_SENSE:
2943 cbTransfer = pbPacket[4];
2944 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
2945 {
2946 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2947 break;
2948 }
2949 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2950 goto sendcmd;
2951 case SCSI_RESERVE_TRACK:
2952 goto sendcmd;
2953 case SCSI_SCAN:
2954 goto sendcmd;
2955 case SCSI_SEEK_10:
2956 goto sendcmd;
2957 case SCSI_SEND_CUE_SHEET:
2958 cbTransfer = ataBE2H_U24(pbPacket + 6);
2959 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2960 goto sendcmd;
2961 case SCSI_SEND_DVD_STRUCTURE:
2962 cbTransfer = ataBE2H_U16(pbPacket + 8);
2963 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2964 goto sendcmd;
2965 case SCSI_SEND_EVENT:
2966 cbTransfer = ataBE2H_U16(pbPacket + 8);
2967 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2968 goto sendcmd;
2969 case SCSI_SEND_KEY:
2970 cbTransfer = ataBE2H_U16(pbPacket + 8);
2971 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2972 goto sendcmd;
2973 case SCSI_SEND_OPC_INFORMATION:
2974 cbTransfer = ataBE2H_U16(pbPacket + 7);
2975 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2976 goto sendcmd;
2977 case SCSI_SET_CD_SPEED:
2978 goto sendcmd;
2979 case SCSI_SET_READ_AHEAD:
2980 goto sendcmd;
2981 case SCSI_SET_STREAMING:
2982 cbTransfer = ataBE2H_U16(pbPacket + 9);
2983 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2984 goto sendcmd;
2985 case SCSI_START_STOP_UNIT:
2986 goto sendcmd;
2987 case SCSI_STOP_PLAY_SCAN:
2988 goto sendcmd;
2989 case SCSI_SYNCHRONIZE_CACHE:
2990 goto sendcmd;
2991 case SCSI_TEST_UNIT_READY:
2992 goto sendcmd;
2993 case SCSI_VERIFY_10:
2994 goto sendcmd;
2995 case SCSI_WRITE_10:
2996 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2997 cSectors = ataBE2H_U16(pbPacket + 7);
2998 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2999#if 0
3000 /* The sector size is determined by the async I/O thread. */
3001 s->cbATAPISector = 0;
3002 /* Preliminary, will be corrected once the sector size is known. */
3003 cbTransfer = cSectors;
3004#else
3005 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3006 cbTransfer = cSectors * s->cbATAPISector;
3007#endif
3008 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3009 goto sendcmd;
3010 case SCSI_WRITE_12:
3011 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3012 cSectors = ataBE2H_U32(pbPacket + 6);
3013 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3014#if 0
3015 /* The sector size is determined by the async I/O thread. */
3016 s->cbATAPISector = 0;
3017 /* Preliminary, will be corrected once the sector size is known. */
3018 cbTransfer = cSectors;
3019#else
3020 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3021 cbTransfer = cSectors * s->cbATAPISector;
3022#endif
3023 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3024 goto sendcmd;
3025 case SCSI_WRITE_AND_VERIFY_10:
3026 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3027 cSectors = ataBE2H_U16(pbPacket + 7);
3028 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3029 /* The sector size is determined by the async I/O thread. */
3030 s->cbATAPISector = 0;
3031 /* Preliminary, will be corrected once the sector size is known. */
3032 cbTransfer = cSectors;
3033 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3034 goto sendcmd;
3035 case SCSI_WRITE_BUFFER:
3036 switch (pbPacket[1] & 0x1f)
3037 {
3038 case 0x04: /* download microcode */
3039 case 0x05: /* download microcode and save */
3040 case 0x06: /* download microcode with offsets */
3041 case 0x07: /* download microcode with offsets and save */
3042 case 0x0e: /* download microcode with offsets and defer activation */
3043 case 0x0f: /* activate deferred microcode */
3044 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3045 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3046 break;
3047 default:
3048 cbTransfer = ataBE2H_U16(pbPacket + 6);
3049 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3050 goto sendcmd;
3051 }
3052 break;
3053 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3054 cbTransfer = ataBE2H_U32(pbPacket + 6);
3055 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3056 goto sendcmd;
3057 case SCSI_REZERO_UNIT:
3058 /* Obsolete command used by cdrecord. What else would one expect?
3059 * This command is not sent to the drive, it is handled internally,
3060 * as the Linux kernel doesn't like it (message "scsi: unknown
3061 * opcode 0x01" in syslog) and replies with a sense code of 0,
3062 * which sends cdrecord to an endless loop. */
3063 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3064 break;
3065 default:
3066 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3067 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3068 break;
3069 sendcmd:
3070 /* Send a command to the drive, passing data in/out as required. */
3071 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3072 Assert(cbTransfer <= s->cbIOBuffer);
3073 if (cbTransfer == 0)
3074 uTxDir = PDMBLOCKTXDIR_NONE;
3075 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3076 }
3077}
3078
3079
3080static void atapiParseCmd(ATADevState *s)
3081{
3082 const uint8_t *pbPacket;
3083
3084 pbPacket = s->aATAPICmd;
3085#ifdef DEBUG
3086 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3087#else /* !DEBUG */
3088 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3089#endif /* !DEBUG */
3090 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3091
3092 if (s->fATAPIPassthrough)
3093 atapiParseCmdPassthrough(s);
3094 else
3095 atapiParseCmdVirtualATAPI(s);
3096}
3097
3098
3099static bool ataPacketSS(ATADevState *s)
3100{
3101 s->fDMA = !!(s->uATARegFeature & 1);
3102 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3103 s->uTxDir = PDMBLOCKTXDIR_NONE;
3104 s->cbTotalTransfer = 0;
3105 s->cbElementaryTransfer = 0;
3106 atapiParseCmd(s);
3107 return false;
3108}
3109
3110
3111/**
3112 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3113 * from now on, regardless if there was a medium inserted or not.
3114 */
3115static void ataMediumRemoved(ATADevState *s)
3116{
3117 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3118}
3119
3120
3121/**
3122 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3123 * there was already a medium inserted, don't forget to send the "medium
3124 * removed" event first.
3125 */
3126static void ataMediumInserted(ATADevState *s)
3127{
3128 uint32_t OldStatus, NewStatus;
3129 do
3130 {
3131 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3132 switch (OldStatus)
3133 {
3134 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3135 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3136 /* no change, we will send "medium removed" + "medium inserted" */
3137 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3138 break;
3139 default:
3140 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3141 break;
3142 }
3143 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3144}
3145
3146
3147/**
3148 * Called when a media is mounted.
3149 *
3150 * @param pInterface Pointer to the interface structure containing the called function pointer.
3151 */
3152static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3153{
3154 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3155 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3156
3157 /* Ignore the call if we're called while being attached. */
3158 if (!pIf->pDrvBlock)
3159 return;
3160
3161 if (pIf->fATAPI)
3162 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3163 else
3164 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3165
3166 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3167 if (pIf->cNotifiedMediaChange < 2)
3168 pIf->cNotifiedMediaChange = 2;
3169 ataMediumInserted(pIf);
3170}
3171
3172/**
3173 * Called when a media is unmounted
3174 * @param pInterface Pointer to the interface structure containing the called function pointer.
3175 */
3176static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3177{
3178 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3179 Log(("%s:\n", __FUNCTION__));
3180 pIf->cTotalSectors = 0;
3181
3182 /*
3183 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3184 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3185 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3186 * present and 2 in which it is changed.
3187 */
3188 pIf->cNotifiedMediaChange = 4;
3189 ataMediumRemoved(pIf);
3190}
3191
3192static void ataPacketBT(ATADevState *s)
3193{
3194 s->cbElementaryTransfer = s->cbTotalTransfer;
3195 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3196 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3197 ataSetStatusValue(s, ATA_STAT_READY);
3198}
3199
3200
3201static void ataResetDevice(ATADevState *s)
3202{
3203 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3204 s->cNotifiedMediaChange = 0;
3205 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3206 ataUnsetIRQ(s);
3207
3208 s->uATARegSelect = 0x20;
3209 ataSetStatusValue(s, ATA_STAT_READY);
3210 ataSetSignature(s);
3211 s->cbTotalTransfer = 0;
3212 s->cbElementaryTransfer = 0;
3213 s->iIOBufferPIODataStart = 0;
3214 s->iIOBufferPIODataEnd = 0;
3215 s->iBeginTransfer = ATAFN_BT_NULL;
3216 s->iSourceSink = ATAFN_SS_NULL;
3217 s->fATAPITransfer = false;
3218 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3219
3220 s->uATARegFeature = 0;
3221}
3222
3223
3224static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3225{
3226 ataSetSignature(s);
3227 if (s->fATAPI)
3228 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3229 else
3230 ataSetStatusValue(s, ATA_STAT_READY);
3231 s->uATARegError = 0x01;
3232 return false;
3233}
3234
3235
3236static void ataParseCmd(ATADevState *s, uint8_t cmd)
3237{
3238#ifdef DEBUG
3239 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3240#else /* !DEBUG */
3241 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3242#endif /* !DEBUG */
3243 s->fLBA48 = false;
3244 s->fDMA = false;
3245 if (cmd == ATA_IDLE_IMMEDIATE)
3246 {
3247 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3248 * would overwrite the failing command unfortunately), then RESET. */
3249 int32_t uCmdWait = -1;
3250 uint64_t uNow = RTTimeNanoTS();
3251 if (s->u64CmdTS)
3252 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3253 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3254 s->iLUN, s->uATARegCommand, uCmdWait));
3255 }
3256 s->uATARegCommand = cmd;
3257 switch (cmd)
3258 {
3259 case ATA_IDENTIFY_DEVICE:
3260 if (s->pDrvBlock && !s->fATAPI)
3261 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3262 else
3263 {
3264 if (s->fATAPI)
3265 ataSetSignature(s);
3266 ataCmdError(s, ABRT_ERR);
3267 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3268 }
3269 break;
3270 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3271 case ATA_RECALIBRATE:
3272 ataCmdOK(s, ATA_STAT_SEEK);
3273 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3274 break;
3275 case ATA_SET_MULTIPLE_MODE:
3276 if ( s->uATARegNSector != 0
3277 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3278 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3279 {
3280 ataCmdError(s, ABRT_ERR);
3281 }
3282 else
3283 {
3284 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3285 s->cMultSectors = s->uATARegNSector;
3286 ataCmdOK(s, 0);
3287 }
3288 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3289 break;
3290 case ATA_READ_VERIFY_SECTORS_EXT:
3291 s->fLBA48 = true;
3292 case ATA_READ_VERIFY_SECTORS:
3293 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3294 /* do sector number check ? */
3295 ataCmdOK(s, 0);
3296 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3297 break;
3298 case ATA_READ_SECTORS_EXT:
3299 s->fLBA48 = true;
3300 case ATA_READ_SECTORS:
3301 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3302 if (!s->pDrvBlock)
3303 goto abort_cmd;
3304 s->cSectorsPerIRQ = 1;
3305 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3306 break;
3307 case ATA_WRITE_SECTORS_EXT:
3308 s->fLBA48 = true;
3309 case ATA_WRITE_SECTORS:
3310 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3311 s->cSectorsPerIRQ = 1;
3312 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3313 break;
3314 case ATA_READ_MULTIPLE_EXT:
3315 s->fLBA48 = true;
3316 case ATA_READ_MULTIPLE:
3317 if (!s->cMultSectors)
3318 goto abort_cmd;
3319 s->cSectorsPerIRQ = s->cMultSectors;
3320 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3321 break;
3322 case ATA_WRITE_MULTIPLE_EXT:
3323 s->fLBA48 = true;
3324 case ATA_WRITE_MULTIPLE:
3325 if (!s->cMultSectors)
3326 goto abort_cmd;
3327 s->cSectorsPerIRQ = s->cMultSectors;
3328 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3329 break;
3330 case ATA_READ_DMA_EXT:
3331 s->fLBA48 = true;
3332 case ATA_READ_DMA:
3333 case ATA_READ_DMA_WITHOUT_RETRIES:
3334 if (!s->pDrvBlock)
3335 goto abort_cmd;
3336 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3337 s->fDMA = true;
3338 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3339 break;
3340 case ATA_WRITE_DMA_EXT:
3341 s->fLBA48 = true;
3342 case ATA_WRITE_DMA:
3343 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3344 if (!s->pDrvBlock)
3345 goto abort_cmd;
3346 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3347 s->fDMA = true;
3348 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3349 break;
3350 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3351 s->fLBA48 = true;
3352 ataSetSector(s, s->cTotalSectors - 1);
3353 ataCmdOK(s, 0);
3354 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3355 break;
3356 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3357 ataCmdOK(s, 0);
3358 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3359 break;
3360 case ATA_READ_NATIVE_MAX_ADDRESS:
3361 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3362 ataCmdOK(s, 0);
3363 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3364 break;
3365 case ATA_CHECK_POWER_MODE:
3366 s->uATARegNSector = 0xff; /* drive active or idle */
3367 ataCmdOK(s, 0);
3368 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3369 break;
3370 case ATA_SET_FEATURES:
3371 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3372 if (!s->pDrvBlock)
3373 goto abort_cmd;
3374 switch (s->uATARegFeature)
3375 {
3376 case 0x02: /* write cache enable */
3377 Log2(("%s: write cache enable\n", __FUNCTION__));
3378 ataCmdOK(s, ATA_STAT_SEEK);
3379 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3380 break;
3381 case 0xaa: /* read look-ahead enable */
3382 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3383 ataCmdOK(s, ATA_STAT_SEEK);
3384 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3385 break;
3386 case 0x55: /* read look-ahead disable */
3387 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3388 ataCmdOK(s, ATA_STAT_SEEK);
3389 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3390 break;
3391 case 0xcc: /* reverting to power-on defaults enable */
3392 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3393 ataCmdOK(s, ATA_STAT_SEEK);
3394 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3395 break;
3396 case 0x66: /* reverting to power-on defaults disable */
3397 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3398 ataCmdOK(s, ATA_STAT_SEEK);
3399 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3400 break;
3401 case 0x82: /* write cache disable */
3402 Log2(("%s: write cache disable\n", __FUNCTION__));
3403 /* As per the ATA/ATAPI-6 specs, a write cache disable
3404 * command MUST flush the write buffers to disc. */
3405 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3406 break;
3407 case 0x03: { /* set transfer mode */
3408 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3409 switch (s->uATARegNSector & 0xf8)
3410 {
3411 case 0x00: /* PIO default */
3412 case 0x08: /* PIO mode */
3413 break;
3414 case ATA_MODE_MDMA: /* MDMA mode */
3415 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3416 break;
3417 case ATA_MODE_UDMA: /* UDMA mode */
3418 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3419 break;
3420 default:
3421 goto abort_cmd;
3422 }
3423 ataCmdOK(s, ATA_STAT_SEEK);
3424 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3425 break;
3426 }
3427 default:
3428 goto abort_cmd;
3429 }
3430 /*
3431 * OS/2 workarond:
3432 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3433 * reset here. According to the specification, this is a driver bug as the register
3434 * contents are undefined after the call. This means we can just as well reset it.
3435 */
3436 s->uATARegFeature = 0;
3437 break;
3438 case ATA_FLUSH_CACHE_EXT:
3439 case ATA_FLUSH_CACHE:
3440 if (!s->pDrvBlock || s->fATAPI)
3441 goto abort_cmd;
3442 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3443 break;
3444 case ATA_STANDBY_IMMEDIATE:
3445 ataCmdOK(s, 0);
3446 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3447 break;
3448 case ATA_IDLE_IMMEDIATE:
3449 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3450 ataAbortCurrentCommand(s, false);
3451 break;
3452 /* ATAPI commands */
3453 case ATA_IDENTIFY_PACKET_DEVICE:
3454 if (s->fATAPI)
3455 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3456 else
3457 {
3458 ataCmdError(s, ABRT_ERR);
3459 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3460 }
3461 break;
3462 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3463 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3464 break;
3465 case ATA_DEVICE_RESET:
3466 if (!s->fATAPI)
3467 goto abort_cmd;
3468 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3469 ataAbortCurrentCommand(s, true);
3470 break;
3471 case ATA_PACKET:
3472 if (!s->fATAPI)
3473 goto abort_cmd;
3474 /* overlapping commands not supported */
3475 if (s->uATARegFeature & 0x02)
3476 goto abort_cmd;
3477 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3478 break;
3479 default:
3480 abort_cmd:
3481 ataCmdError(s, ABRT_ERR);
3482 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3483 break;
3484 }
3485}
3486
3487
3488/**
3489 * Waits for a particular async I/O thread to complete whatever it
3490 * is doing at the moment.
3491 *
3492 * @returns true on success.
3493 * @returns false when the thread is still processing.
3494 * @param pThis Pointer to the controller data.
3495 * @param cMillies How long to wait (total).
3496 */
3497static bool ataWaitForAsyncIOIsIdle(PATACONTROLLER pCtl, unsigned cMillies)
3498{
3499 uint64_t u64Start;
3500
3501 /*
3502 * Wait for any pending async operation to finish
3503 */
3504 u64Start = RTTimeMilliTS();
3505 for (;;)
3506 {
3507 if (ataAsyncIOIsIdle(pCtl, false))
3508 return true;
3509 if (RTTimeMilliTS() - u64Start >= cMillies)
3510 break;
3511
3512 /* Sleep for a bit. */
3513 RTThreadSleep(100);
3514 }
3515
3516 return false;
3517}
3518
3519#endif /* IN_RING3 */
3520
3521static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3522{
3523 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3524 addr &= 7;
3525 switch (addr)
3526 {
3527 case 0:
3528 break;
3529 case 1: /* feature register */
3530 /* NOTE: data is written to the two drives */
3531 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3532 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3533 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3534 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3535 pCtl->aIfs[0].uATARegFeature = val;
3536 pCtl->aIfs[1].uATARegFeature = val;
3537 break;
3538 case 2: /* sector count */
3539 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3540 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3541 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3542 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3543 pCtl->aIfs[0].uATARegNSector = val;
3544 pCtl->aIfs[1].uATARegNSector = val;
3545 break;
3546 case 3: /* sector number */
3547 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3548 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3549 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3550 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3551 pCtl->aIfs[0].uATARegSector = val;
3552 pCtl->aIfs[1].uATARegSector = val;
3553 break;
3554 case 4: /* cylinder low */
3555 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3556 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3557 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3558 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3559 pCtl->aIfs[0].uATARegLCyl = val;
3560 pCtl->aIfs[1].uATARegLCyl = val;
3561 break;
3562 case 5: /* cylinder high */
3563 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3564 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3565 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3566 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3567 pCtl->aIfs[0].uATARegHCyl = val;
3568 pCtl->aIfs[1].uATARegHCyl = val;
3569 break;
3570 case 6: /* drive/head */
3571 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3572 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3573 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3574 {
3575 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3576
3577 /* select another drive */
3578 pCtl->iSelectedIf = (val >> 4) & 1;
3579 /* The IRQ line is multiplexed between the two drives, so
3580 * update the state when switching to another drive. Only need
3581 * to update interrupt line if it is enabled and there is a
3582 * state change. */
3583 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3584 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3585 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3586 {
3587 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3588 {
3589 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3590 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3591 * the interrupt line is asserted. It monitors the line
3592 * for a rising edge. */
3593 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3594 if (pCtl->irq == 16)
3595 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3596 else
3597 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3598 }
3599 else
3600 {
3601 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3602 if (pCtl->irq == 16)
3603 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3604 else
3605 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3606 }
3607 }
3608 }
3609 break;
3610 default:
3611 case 7: /* command */
3612 /* ignore commands to non existant slave */
3613 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3614 break;
3615#ifndef IN_RING3
3616 /* Don't do anything complicated in GC */
3617 return VINF_IOM_HC_IOPORT_WRITE;
3618#else /* IN_RING3 */
3619 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3620#endif /* !IN_RING3 */
3621 }
3622 return VINF_SUCCESS;
3623}
3624
3625
3626static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3627{
3628 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3629 uint32_t val;
3630 bool fHOB;
3631
3632 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3633 switch (addr & 7)
3634 {
3635 case 0: /* data register */
3636 val = 0xff;
3637 break;
3638 case 1: /* error register */
3639 /* The ATA specification is very terse when it comes to specifying
3640 * the precise effects of reading back the error/feature register.
3641 * The error register (read-only) shares the register number with
3642 * the feature register (write-only), so it seems that it's not
3643 * necessary to support the usual HOB readback here. */
3644 if (!s->pDrvBlock)
3645 val = 0;
3646 else
3647 val = s->uATARegError;
3648 break;
3649 case 2: /* sector count */
3650 if (!s->pDrvBlock)
3651 val = 0;
3652 else if (fHOB)
3653 val = s->uATARegNSectorHOB;
3654 else
3655 val = s->uATARegNSector;
3656 break;
3657 case 3: /* sector number */
3658 if (!s->pDrvBlock)
3659 val = 0;
3660 else if (fHOB)
3661 val = s->uATARegSectorHOB;
3662 else
3663 val = s->uATARegSector;
3664 break;
3665 case 4: /* cylinder low */
3666 if (!s->pDrvBlock)
3667 val = 0;
3668 else if (fHOB)
3669 val = s->uATARegLCylHOB;
3670 else
3671 val = s->uATARegLCyl;
3672 break;
3673 case 5: /* cylinder high */
3674 if (!s->pDrvBlock)
3675 val = 0;
3676 else if (fHOB)
3677 val = s->uATARegHCylHOB;
3678 else
3679 val = s->uATARegHCyl;
3680 break;
3681 case 6: /* drive/head */
3682 /* This register must always work as long as there is at least
3683 * one drive attached to the controller. It is common between
3684 * both drives anyway (completely identical content). */
3685 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3686 val = 0;
3687 else
3688 val = s->uATARegSelect;
3689 break;
3690 default:
3691 case 7: /* primary status */
3692 {
3693 /* Counter for number of busy status seen in GC in a row. */
3694 static unsigned cBusy = 0;
3695
3696 if (!s->pDrvBlock)
3697 val = 0;
3698 else
3699 val = s->uATARegStatus;
3700
3701 /* Give the async I/O thread an opportunity to make progress,
3702 * don't let it starve by guests polling frequently. EMT has a
3703 * lower priority than the async I/O thread, but sometimes the
3704 * host OS doesn't care. With some guests we are only allowed to
3705 * be busy for about 5 milliseconds in some situations. Note that
3706 * this is no guarantee for any other VBox thread getting
3707 * scheduled, so this just lowers the CPU load a bit when drives
3708 * are busy. It cannot help with timing problems. */
3709 if (val & ATA_STAT_BUSY)
3710 {
3711#ifdef IN_RING3
3712 cBusy = 0;
3713 PDMCritSectLeave(&pCtl->lock);
3714
3715 RTThreadYield();
3716
3717 {
3718 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3719 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3720 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3721 }
3722
3723 val = s->uATARegStatus;
3724#else /* !IN_RING3 */
3725 /* Cannot yield CPU in guest context. And switching to host
3726 * context for each and every busy status is too costly,
3727 * especially on SMP systems where we don't gain much by
3728 * yielding the CPU to someone else. */
3729 if (++cBusy >= 20)
3730 {
3731 cBusy = 0;
3732 return VINF_IOM_HC_IOPORT_READ;
3733 }
3734#endif /* !IN_RING3 */
3735 }
3736 else
3737 cBusy = 0;
3738 ataUnsetIRQ(s);
3739 break;
3740 }
3741 }
3742 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3743 *pu32 = val;
3744 return VINF_SUCCESS;
3745}
3746
3747
3748static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
3749{
3750 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3751 uint32_t val;
3752
3753 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
3754 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
3755 val = 0;
3756 else
3757 val = s->uATARegStatus;
3758 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3759 return val;
3760}
3761
3762static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3763{
3764#ifndef IN_RING3
3765 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
3766 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
3767#endif /* !IN_RING3 */
3768
3769 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3770 /* RESET is common for both drives attached to a controller. */
3771 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3772 (val & ATA_DEVCTL_RESET))
3773 {
3774#ifdef IN_RING3
3775 /* Software RESET low to high */
3776 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
3777 uint64_t uNow = RTTimeNanoTS();
3778 if (pCtl->aIfs[0].u64CmdTS)
3779 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
3780 if (pCtl->aIfs[1].u64CmdTS)
3781 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
3782 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
3783 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
3784 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
3785 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
3786 pCtl->fReset = true;
3787 /* Everything must be done after the reset flag is set, otherwise
3788 * there are unavoidable races with the currently executing request
3789 * (which might just finish in the mean time). */
3790 pCtl->fChainedTransfer = false;
3791 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
3792 {
3793 ataResetDevice(&pCtl->aIfs[i]);
3794 /* The following cannot be done using ataSetStatusValue() since the
3795 * reset flag is already set, which suppresses all status changes. */
3796 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
3797 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
3798 pCtl->aIfs[i].uATARegError = 0x01;
3799 }
3800 ataAsyncIOClearRequests(pCtl);
3801 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3802 if (val & ATA_DEVCTL_HOB)
3803 {
3804 val &= ~ATA_DEVCTL_HOB;
3805 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3806 }
3807 ataAsyncIOPutRequest(pCtl, &ataResetARequest);
3808#else /* !IN_RING3 */
3809 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3810#endif /* IN_RING3 */
3811 }
3812 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3813 !(val & ATA_DEVCTL_RESET))
3814 {
3815#ifdef IN_RING3
3816 /* Software RESET high to low */
3817 Log(("%s: deasserting RESET\n", __FUNCTION__));
3818 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3819 if (val & ATA_DEVCTL_HOB)
3820 {
3821 val &= ~ATA_DEVCTL_HOB;
3822 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3823 }
3824 ataAsyncIOPutRequest(pCtl, &ataResetCRequest);
3825#else /* !IN_RING3 */
3826 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3827#endif /* IN_RING3 */
3828 }
3829
3830 /* Change of interrupt disable flag. Update interrupt line if interrupt
3831 * is pending on the current interface. */
3832 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
3833 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3834 {
3835 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
3836 {
3837 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3838 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
3839 * interrupt line is asserted. It monitors the line for a rising
3840 * edge. */
3841 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3842 if (pCtl->irq == 16)
3843 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
3844 else
3845 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
3846 }
3847 else
3848 {
3849 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3850 if (pCtl->irq == 16)
3851 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
3852 else
3853 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
3854 }
3855 }
3856
3857 if (val & ATA_DEVCTL_HOB)
3858 Log2(("%s: set HOB\n", __FUNCTION__));
3859
3860 pCtl->aIfs[0].uATARegDevCtl = val;
3861 pCtl->aIfs[1].uATARegDevCtl = val;
3862
3863 return VINF_SUCCESS;
3864}
3865
3866#ifdef IN_RING3
3867
3868static void ataPIOTransfer(PATACONTROLLER pCtl)
3869{
3870 ATADevState *s;
3871
3872 s = &pCtl->aIfs[pCtl->iAIOIf];
3873 Log3(("%s: if=%p\n", __FUNCTION__, s));
3874
3875 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
3876 {
3877 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
3878 /* Any guest OS that triggers this case has a pathetic ATA driver.
3879 * In a real system it would block the CPU via IORDY, here we do it
3880 * very similarly by not continuing with the current instruction
3881 * until the transfer to/from the storage medium is completed. */
3882 if (s->iSourceSink != ATAFN_SS_NULL)
3883 {
3884 bool fRedo;
3885 uint8_t status = s->uATARegStatus;
3886 ataSetStatusValue(s, ATA_STAT_BUSY);
3887 Log2(("%s: calling source/sink function\n", __FUNCTION__));
3888 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
3889 pCtl->fRedo = fRedo;
3890 if (RT_UNLIKELY(fRedo))
3891 return;
3892 ataSetStatusValue(s, status);
3893 s->iIOBufferCur = 0;
3894 s->iIOBufferEnd = s->cbElementaryTransfer;
3895 }
3896 }
3897 if (s->cbTotalTransfer)
3898 {
3899 if (s->fATAPITransfer)
3900 ataPIOTransferLimitATAPI(s);
3901
3902 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3903 s->cbElementaryTransfer = s->cbTotalTransfer;
3904
3905 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
3906 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
3907 s->cbTotalTransfer, s->cbElementaryTransfer,
3908 s->iIOBufferCur, s->iIOBufferEnd));
3909 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
3910 s->cbTotalTransfer -= s->cbElementaryTransfer;
3911 s->iIOBufferCur += s->cbElementaryTransfer;
3912
3913 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3914 s->cbElementaryTransfer = s->cbTotalTransfer;
3915 }
3916 else
3917 ataPIOTransferStop(s);
3918}
3919
3920
3921DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
3922{
3923 /* Do not interfere with RESET processing if the PIO transfer finishes
3924 * while the RESET line is asserted. */
3925 if (pCtl->fReset)
3926 {
3927 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3928 return;
3929 }
3930
3931 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
3932 || ( s->iSourceSink != ATAFN_SS_NULL
3933 && s->iIOBufferCur >= s->iIOBufferEnd))
3934 {
3935 /* Need to continue the transfer in the async I/O thread. This is
3936 * the case for write operations or generally for not yet finished
3937 * transfers (some data might need to be read). */
3938 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
3939 ataSetStatus(s, ATA_STAT_BUSY);
3940
3941 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3942 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
3943 }
3944 else
3945 {
3946 /* Either everything finished (though some data might still be pending)
3947 * or some data is pending before the next read is due. */
3948
3949 /* Continue a previously started transfer. */
3950 ataUnsetStatus(s, ATA_STAT_DRQ);
3951 ataSetStatus(s, ATA_STAT_READY);
3952
3953 if (s->cbTotalTransfer)
3954 {
3955 /* There is more to transfer, happens usually for large ATAPI
3956 * reads - the protocol limits the chunk size to 65534 bytes. */
3957 ataPIOTransfer(pCtl);
3958 ataSetIRQ(s);
3959 }
3960 else
3961 {
3962 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3963 /* Finish PIO transfer. */
3964 ataPIOTransfer(pCtl);
3965 Assert(!pCtl->fRedo);
3966 }
3967 }
3968}
3969
3970#endif /* IN_RING3 */
3971
3972static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
3973{
3974 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3975 uint8_t *p;
3976
3977 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
3978 {
3979 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
3980 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
3981#ifndef IN_RING3
3982 /* All but the last transfer unit is simple enough for GC, but
3983 * sending a request to the async IO thread is too complicated. */
3984 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
3985 {
3986 memcpy(p, pbBuf, cbSize);
3987 s->iIOBufferPIODataStart += cbSize;
3988 }
3989 else
3990 return VINF_IOM_HC_IOPORT_WRITE;
3991#else /* IN_RING3 */
3992 memcpy(p, pbBuf, cbSize);
3993 s->iIOBufferPIODataStart += cbSize;
3994 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
3995 ataPIOTransferFinish(pCtl, s);
3996#endif /* !IN_RING3 */
3997 }
3998 else
3999 Log2(("%s: DUMMY data\n", __FUNCTION__));
4000 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4001 return VINF_SUCCESS;
4002}
4003
4004static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4005{
4006 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4007 uint8_t *p;
4008
4009 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4010 {
4011 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4012 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4013#ifndef IN_RING3
4014 /* All but the last transfer unit is simple enough for GC, but
4015 * sending a request to the async IO thread is too complicated. */
4016 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4017 {
4018 memcpy(pbBuf, p, cbSize);
4019 s->iIOBufferPIODataStart += cbSize;
4020 }
4021 else
4022 return VINF_IOM_HC_IOPORT_READ;
4023#else /* IN_RING3 */
4024 memcpy(pbBuf, p, cbSize);
4025 s->iIOBufferPIODataStart += cbSize;
4026 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4027 ataPIOTransferFinish(pCtl, s);
4028#endif /* !IN_RING3 */
4029 }
4030 else
4031 {
4032 Log2(("%s: DUMMY data\n", __FUNCTION__));
4033 memset(pbBuf, '\xff', cbSize);
4034 }
4035 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4036 return VINF_SUCCESS;
4037}
4038
4039#ifdef IN_RING3
4040
4041static void ataDMATransferStop(ATADevState *s)
4042{
4043 s->cbTotalTransfer = 0;
4044 s->cbElementaryTransfer = 0;
4045 s->iBeginTransfer = ATAFN_BT_NULL;
4046 s->iSourceSink = ATAFN_SS_NULL;
4047}
4048
4049
4050/**
4051 * Perform the entire DMA transfer in one go (unless a source/sink operation
4052 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4053 * this function cannot handle empty transfers.
4054 *
4055 * @param pCtl Controller for which to perform the transfer.
4056 */
4057static void ataDMATransfer(PATACONTROLLER pCtl)
4058{
4059 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4060 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4061 bool fRedo;
4062 RTGCPHYS32 pDesc;
4063 uint32_t cbTotalTransfer, cbElementaryTransfer;
4064 uint32_t iIOBufferCur, iIOBufferEnd;
4065 uint32_t dmalen;
4066 PDMBLOCKTXDIR uTxDir;
4067 bool fLastDesc = false;
4068
4069 Assert(sizeof(BMDMADesc) == 8);
4070
4071 fRedo = pCtl->fRedo;
4072 if (RT_LIKELY(!fRedo))
4073 Assert(s->cbTotalTransfer);
4074 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4075 cbTotalTransfer = s->cbTotalTransfer;
4076 cbElementaryTransfer = s->cbElementaryTransfer;
4077 iIOBufferCur = s->iIOBufferCur;
4078 iIOBufferEnd = s->iIOBufferEnd;
4079
4080 /* The DMA loop is designed to hold the lock only when absolutely
4081 * necessary. This avoids long freezes should the guest access the
4082 * ATA registers etc. for some reason. */
4083 PDMCritSectLeave(&pCtl->lock);
4084
4085 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4086 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4087 cbTotalTransfer, cbElementaryTransfer,
4088 iIOBufferCur, iIOBufferEnd));
4089 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4090 {
4091 BMDMADesc DMADesc;
4092 RTGCPHYS32 pBuffer;
4093 uint32_t cbBuffer;
4094
4095 if (RT_UNLIKELY(fRedo))
4096 {
4097 pBuffer = pCtl->pRedoDMABuffer;
4098 cbBuffer = pCtl->cbRedoDMABuffer;
4099 fLastDesc = pCtl->fRedoDMALastDesc;
4100 }
4101 else
4102 {
4103 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4104 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4105 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4106 fLastDesc = !!(cbBuffer & 0x80000000);
4107 cbBuffer &= 0xfffe;
4108 if (cbBuffer == 0)
4109 cbBuffer = 0x10000;
4110 if (cbBuffer > cbTotalTransfer)
4111 cbBuffer = cbTotalTransfer;
4112 }
4113
4114 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4115 {
4116 if (RT_LIKELY(!fRedo))
4117 {
4118 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4119 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4120 (int)pDesc, pBuffer, cbBuffer));
4121 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4122 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4123 else
4124 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4125 iIOBufferCur += dmalen;
4126 cbTotalTransfer -= dmalen;
4127 cbBuffer -= dmalen;
4128 pBuffer += dmalen;
4129 }
4130 if ( iIOBufferCur == iIOBufferEnd
4131 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4132 {
4133 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4134 cbElementaryTransfer = cbTotalTransfer;
4135
4136 {
4137 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4138 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4139 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4140 }
4141
4142 /* The RESET handler could have cleared the DMA transfer
4143 * state (since we didn't hold the lock until just now
4144 * the guest can continue in parallel). If so, the state
4145 * is already set up so the loop is exited immediately. */
4146 if (s->iSourceSink != ATAFN_SS_NULL)
4147 {
4148 s->iIOBufferCur = iIOBufferCur;
4149 s->iIOBufferEnd = iIOBufferEnd;
4150 s->cbElementaryTransfer = cbElementaryTransfer;
4151 s->cbTotalTransfer = cbTotalTransfer;
4152 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4153 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4154 if (RT_UNLIKELY(fRedo))
4155 {
4156 pCtl->pFirstDMADesc = pDesc;
4157 pCtl->pRedoDMABuffer = pBuffer;
4158 pCtl->cbRedoDMABuffer = cbBuffer;
4159 pCtl->fRedoDMALastDesc = fLastDesc;
4160 }
4161 else
4162 {
4163 cbTotalTransfer = s->cbTotalTransfer;
4164 cbElementaryTransfer = s->cbElementaryTransfer;
4165
4166 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4167 cbElementaryTransfer = cbTotalTransfer;
4168 iIOBufferCur = 0;
4169 iIOBufferEnd = cbElementaryTransfer;
4170 }
4171 pCtl->fRedo = fRedo;
4172 }
4173 else
4174 {
4175 /* This forces the loop to exit immediately. */
4176 pDesc = pCtl->pLastDMADesc + 1;
4177 }
4178
4179 PDMCritSectLeave(&pCtl->lock);
4180 if (RT_UNLIKELY(fRedo))
4181 break;
4182 }
4183 }
4184
4185 if (RT_UNLIKELY(fRedo))
4186 break;
4187
4188 /* end of transfer */
4189 if (!cbTotalTransfer || fLastDesc)
4190 break;
4191
4192 {
4193 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4194 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4195 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4196 }
4197
4198 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4199 {
4200 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4201 if (!pCtl->fReset)
4202 ataDMATransferStop(s);
4203 /* This forces the loop to exit immediately. */
4204 pDesc = pCtl->pLastDMADesc + 1;
4205 }
4206
4207 PDMCritSectLeave(&pCtl->lock);
4208 }
4209
4210 {
4211 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4212 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4213 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4214 }
4215
4216 if (RT_UNLIKELY(fRedo))
4217 return;
4218
4219 if (fLastDesc)
4220 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4221 s->cbTotalTransfer = cbTotalTransfer;
4222 s->cbElementaryTransfer = cbElementaryTransfer;
4223 s->iIOBufferCur = iIOBufferCur;
4224 s->iIOBufferEnd = iIOBufferEnd;
4225}
4226
4227
4228/**
4229 * Suspend I/O operations on a controller. Also suspends EMT, because it's
4230 * waiting for I/O to make progress. The next attempt to perform an I/O
4231 * operation will be made when EMT is resumed up again (as the resume
4232 * callback below restarts I/O).
4233 *
4234 * @param pCtl Controller for which to suspend I/O.
4235 */
4236static void ataSuspendRedo(PATACONTROLLER pCtl)
4237{
4238 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4239 PVMREQ pReq;
4240 int rc;
4241
4242 pCtl->fRedoIdle = true;
4243 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
4244 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
4245 AssertReleaseRC(rc);
4246 VMR3ReqFree(pReq);
4247}
4248
4249/** Asynch I/O thread for an interface. Once upon a time this was readable
4250 * code with several loops and a different semaphore for each purpose. But
4251 * then came the "how can one save the state in the middle of a PIO transfer"
4252 * question. The solution was to use an ASM, which is what's there now. */
4253static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4254{
4255 const ATARequest *pReq;
4256 uint64_t u64TS = 0; /* shut up gcc */
4257 uint64_t uWait;
4258 int rc = VINF_SUCCESS;
4259 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4260 ATADevState *s;
4261
4262 pReq = NULL;
4263 pCtl->fChainedTransfer = false;
4264 while (!pCtl->fShutdown)
4265 {
4266 /* Keep this thread from doing anything as long as EMT is suspended. */
4267 while (pCtl->fRedoIdle)
4268 {
4269 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4270 if (RT_FAILURE(rc) || pCtl->fShutdown)
4271 break;
4272
4273 pCtl->fRedoIdle = false;
4274 }
4275
4276 /* Wait for work. */
4277 if (pReq == NULL)
4278 {
4279 LogBird(("ata: %x: going to sleep...\n", pCtl->IOPortBase1));
4280 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4281 LogBird(("ata: %x: waking up\n", pCtl->IOPortBase1));
4282 if (RT_FAILURE(rc) || pCtl->fShutdown)
4283 break;
4284
4285 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4286 }
4287
4288 if (pReq == NULL)
4289 continue;
4290
4291 ATAAIO ReqType = pReq->ReqType;
4292
4293 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4294 if (pCtl->uAsyncIOState != ReqType)
4295 {
4296 /* The new state is not the state that was expected by the normal
4297 * state changes. This is either a RESET/ABORT or there's something
4298 * really strange going on. */
4299 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4300 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4301 {
4302 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4303 ataAsyncIODumpRequests(pCtl);
4304 }
4305 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4306 }
4307
4308 /* Do our work. */
4309 {
4310 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4311 LogBird(("ata: %x: entering critsect\n", pCtl->IOPortBase1));
4312 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4313 LogBird(("ata: %x: entered\n", pCtl->IOPortBase1));
4314 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4315 }
4316
4317 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4318 {
4319 u64TS = RTTimeNanoTS();
4320#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4321 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4322#endif /* DEBUG || VBOX_WITH_STATISTICS */
4323 }
4324
4325 switch (ReqType)
4326 {
4327 case ATA_AIO_NEW:
4328
4329 pCtl->iAIOIf = pReq->u.t.iIf;
4330 s = &pCtl->aIfs[pCtl->iAIOIf];
4331 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4332 s->uTxDir = pReq->u.t.uTxDir;
4333 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4334 s->iSourceSink = pReq->u.t.iSourceSink;
4335 s->iIOBufferEnd = 0;
4336 s->u64CmdTS = u64TS;
4337
4338 if (s->fATAPI)
4339 {
4340 if (pCtl->fChainedTransfer)
4341 {
4342 /* Only count the actual transfers, not the PIO
4343 * transfer of the ATAPI command bytes. */
4344 if (s->fDMA)
4345 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4346 else
4347 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4348 }
4349 }
4350 else
4351 {
4352 if (s->fDMA)
4353 STAM_REL_COUNTER_INC(&s->StatATADMA);
4354 else
4355 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4356 }
4357
4358 pCtl->fChainedTransfer = false;
4359
4360 if (s->iBeginTransfer != ATAFN_BT_NULL)
4361 {
4362 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4363 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4364 s->iBeginTransfer = ATAFN_BT_NULL;
4365 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4366 s->iIOBufferEnd = s->cbElementaryTransfer;
4367 }
4368 else
4369 {
4370 s->cbElementaryTransfer = s->cbTotalTransfer;
4371 s->iIOBufferEnd = s->cbTotalTransfer;
4372 }
4373 s->iIOBufferCur = 0;
4374
4375 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4376 {
4377 if (s->iSourceSink != ATAFN_SS_NULL)
4378 {
4379 bool fRedo;
4380 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4381 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4382 pCtl->fRedo = fRedo;
4383 if (RT_UNLIKELY(fRedo))
4384 {
4385 /* Operation failed at the initial transfer, restart
4386 * everything from scratch by resending the current
4387 * request. Occurs very rarely, not worth optimizing. */
4388 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4389 ataAsyncIOPutRequest(pCtl, pReq);
4390 ataSuspendRedo(pCtl);
4391 break;
4392 }
4393 }
4394 else
4395 ataCmdOK(s, 0);
4396 s->iIOBufferEnd = s->cbElementaryTransfer;
4397
4398 }
4399
4400 /* Do not go into the transfer phase if RESET is asserted.
4401 * The CritSect is released while waiting for the host OS
4402 * to finish the I/O, thus RESET is possible here. Most
4403 * important: do not change uAsyncIOState. */
4404 if (pCtl->fReset)
4405 break;
4406
4407 if (s->fDMA)
4408 {
4409 if (s->cbTotalTransfer)
4410 {
4411 ataSetStatus(s, ATA_STAT_DRQ);
4412
4413 pCtl->uAsyncIOState = ATA_AIO_DMA;
4414 /* If BMDMA is already started, do the transfer now. */
4415 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4416 {
4417 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4418 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4419 }
4420 }
4421 else
4422 {
4423 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4424 /* Finish DMA transfer. */
4425 ataDMATransferStop(s);
4426 ataSetIRQ(s);
4427 pCtl->uAsyncIOState = ATA_AIO_NEW;
4428 }
4429 }
4430 else
4431 {
4432 if (s->cbTotalTransfer)
4433 {
4434 ataPIOTransfer(pCtl);
4435 Assert(!pCtl->fRedo);
4436 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4437 ataSetIRQ(s);
4438
4439 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4440 {
4441 /* Write operations and not yet finished transfers
4442 * must be completed in the async I/O thread. */
4443 pCtl->uAsyncIOState = ATA_AIO_PIO;
4444 }
4445 else
4446 {
4447 /* Finished read operation can be handled inline
4448 * in the end of PIO transfer handling code. Linux
4449 * depends on this, as it waits only briefly for
4450 * devices to become ready after incoming data
4451 * transfer. Cannot find anything in the ATA spec
4452 * that backs this assumption, but as all kernels
4453 * are affected (though most of the time it does
4454 * not cause any harm) this must work. */
4455 pCtl->uAsyncIOState = ATA_AIO_NEW;
4456 }
4457 }
4458 else
4459 {
4460 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4461 /* Finish PIO transfer. */
4462 ataPIOTransfer(pCtl);
4463 Assert(!pCtl->fRedo);
4464 if (!s->fATAPITransfer)
4465 ataSetIRQ(s);
4466 pCtl->uAsyncIOState = ATA_AIO_NEW;
4467 }
4468 }
4469 break;
4470
4471 case ATA_AIO_DMA:
4472 {
4473 BMDMAState *bm = &pCtl->BmDma;
4474 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4475 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4476
4477 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4478 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4479 else
4480 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4481
4482 if (RT_LIKELY(!pCtl->fRedo))
4483 {
4484 /* The specs say that the descriptor table must not cross a
4485 * 4K boundary. */
4486 pCtl->pFirstDMADesc = bm->pvAddr;
4487 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4488 }
4489 ataDMATransfer(pCtl);
4490
4491 if (RT_UNLIKELY(pCtl->fRedo))
4492 {
4493 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4494 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4495 ataSuspendRedo(pCtl);
4496 break;
4497 }
4498
4499 /* The infamous delay IRQ hack. */
4500 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4501 && s->cbTotalTransfer == 0
4502 && pCtl->DelayIRQMillies)
4503 {
4504 /* Delay IRQ for writing. Required to get the Win2K
4505 * installation work reliably (otherwise it crashes,
4506 * usually during component install). So far no better
4507 * solution has been found. */
4508 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4509 PDMCritSectLeave(&pCtl->lock);
4510 RTThreadSleep(pCtl->DelayIRQMillies);
4511 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4512 }
4513
4514 ataUnsetStatus(s, ATA_STAT_DRQ);
4515 Assert(!pCtl->fChainedTransfer);
4516 Assert(s->iSourceSink == ATAFN_SS_NULL);
4517 if (s->fATAPITransfer)
4518 {
4519 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4520 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4521 s->fATAPITransfer = false;
4522 }
4523 ataSetIRQ(s);
4524 pCtl->uAsyncIOState = ATA_AIO_NEW;
4525 break;
4526 }
4527
4528 case ATA_AIO_PIO:
4529 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4530
4531 if (s->iSourceSink != ATAFN_SS_NULL)
4532 {
4533 bool fRedo;
4534 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4535 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4536 pCtl->fRedo = fRedo;
4537 if (RT_UNLIKELY(fRedo))
4538 {
4539 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4540 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4541 ataSuspendRedo(pCtl);
4542 break;
4543 }
4544 s->iIOBufferCur = 0;
4545 s->iIOBufferEnd = s->cbElementaryTransfer;
4546 }
4547 else
4548 {
4549 /* Continue a previously started transfer. */
4550 ataUnsetStatus(s, ATA_STAT_BUSY);
4551 ataSetStatus(s, ATA_STAT_READY);
4552 }
4553
4554 /* It is possible that the drives on this controller get RESET
4555 * during the above call to the source/sink function. If that's
4556 * the case, don't restart the transfer and don't finish it the
4557 * usual way. RESET handling took care of all that already.
4558 * Most important: do not change uAsyncIOState. */
4559 if (pCtl->fReset)
4560 break;
4561
4562 if (s->cbTotalTransfer)
4563 {
4564 ataPIOTransfer(pCtl);
4565 ataSetIRQ(s);
4566
4567 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4568 {
4569 /* Write operations and not yet finished transfers
4570 * must be completed in the async I/O thread. */
4571 pCtl->uAsyncIOState = ATA_AIO_PIO;
4572 }
4573 else
4574 {
4575 /* Finished read operation can be handled inline
4576 * in the end of PIO transfer handling code. Linux
4577 * depends on this, as it waits only briefly for
4578 * devices to become ready after incoming data
4579 * transfer. Cannot find anything in the ATA spec
4580 * that backs this assumption, but as all kernels
4581 * are affected (though most of the time it does
4582 * not cause any harm) this must work. */
4583 pCtl->uAsyncIOState = ATA_AIO_NEW;
4584 }
4585 }
4586 else
4587 {
4588 /* Finish PIO transfer. */
4589 ataPIOTransfer(pCtl);
4590 if ( !pCtl->fChainedTransfer
4591 && !s->fATAPITransfer
4592 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4593 {
4594 ataSetIRQ(s);
4595 }
4596 pCtl->uAsyncIOState = ATA_AIO_NEW;
4597 }
4598 break;
4599
4600 case ATA_AIO_RESET_ASSERTED:
4601 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4602 ataPIOTransferStop(&pCtl->aIfs[0]);
4603 ataPIOTransferStop(&pCtl->aIfs[1]);
4604 /* Do not change the DMA registers, they are not affected by the
4605 * ATA controller reset logic. It should be sufficient to issue a
4606 * new command, which is now possible as the state is cleared. */
4607 break;
4608
4609 case ATA_AIO_RESET_CLEARED:
4610 pCtl->uAsyncIOState = ATA_AIO_NEW;
4611 pCtl->fReset = false;
4612 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4613 ATACONTROLLER_IDX(pCtl)));
4614 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4615 {
4616 if (pCtl->aIfs[i].fATAPI)
4617 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4618 else
4619 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4620 ataSetSignature(&pCtl->aIfs[i]);
4621 }
4622 break;
4623
4624 case ATA_AIO_ABORT:
4625 /* Abort the current command only if it operates on the same interface. */
4626 if (pCtl->iAIOIf == pReq->u.a.iIf)
4627 {
4628 s = &pCtl->aIfs[pCtl->iAIOIf];
4629
4630 pCtl->uAsyncIOState = ATA_AIO_NEW;
4631 /* Do not change the DMA registers, they are not affected by the
4632 * ATA controller reset logic. It should be sufficient to issue a
4633 * new command, which is now possible as the state is cleared. */
4634 if (pReq->u.a.fResetDrive)
4635 {
4636 ataResetDevice(s);
4637 ataExecuteDeviceDiagnosticSS(s);
4638 }
4639 else
4640 {
4641 ataPIOTransferStop(s);
4642 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4643 ataSetStatus(s, ATA_STAT_READY);
4644 ataSetIRQ(s);
4645 }
4646 }
4647 break;
4648
4649 default:
4650 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4651 }
4652
4653 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4654 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4655
4656 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4657 {
4658#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4659 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4660#endif /* DEBUG || VBOX_WITH_STATISTICS */
4661
4662 u64TS = RTTimeNanoTS() - u64TS;
4663 uWait = u64TS / 1000;
4664 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4665 /* Mark command as finished. */
4666 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4667
4668 /*
4669 * Release logging of command execution times depends on the
4670 * command type. ATAPI commands often take longer (due to CD/DVD
4671 * spin up time etc.) so the threshold is different.
4672 */
4673 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4674 {
4675 if (uWait > 8 * 1000 * 1000)
4676 {
4677 /*
4678 * Command took longer than 8 seconds. This is close
4679 * enough or over the guest's command timeout, so place
4680 * an entry in the release log to allow tracking such
4681 * timing errors (which are often caused by the host).
4682 */
4683 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
4684 }
4685 }
4686 else
4687 {
4688 if (uWait > 20 * 1000 * 1000)
4689 {
4690 /*
4691 * Command took longer than 20 seconds. This is close
4692 * enough or over the guest's command timeout, so place
4693 * an entry in the release log to allow tracking such
4694 * timing errors (which are often caused by the host).
4695 */
4696 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
4697 }
4698 }
4699
4700#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4701 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
4702 pCtl->StatAsyncMinWait = uWait;
4703 if (uWait > pCtl->StatAsyncMaxWait)
4704 pCtl->StatAsyncMaxWait = uWait;
4705
4706 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
4707 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
4708#endif /* DEBUG || VBOX_WITH_STATISTICS */
4709 }
4710
4711 LogBird(("ata: %x: leaving critsect\n", pCtl->IOPortBase1));
4712 PDMCritSectLeave(&pCtl->lock);
4713 }
4714
4715 /* Cleanup the state. */
4716 if (pCtl->AsyncIOSem)
4717 {
4718 RTSemEventDestroy(pCtl->AsyncIOSem);
4719 pCtl->AsyncIOSem = NIL_RTSEMEVENT;
4720 }
4721 if (pCtl->SuspendIOSem)
4722 {
4723 RTSemEventDestroy(pCtl->SuspendIOSem);
4724 pCtl->SuspendIOSem = NIL_RTSEMEVENT;
4725 }
4726 /* Do not destroy request mutex yet, still needed for proper shutdown. */
4727 pCtl->fShutdown = false;
4728 /* This must be last, as it also signals thread exit to EMT. */
4729 pCtl->AsyncIOThread = NIL_RTTHREAD;
4730
4731 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
4732 return rc;
4733}
4734
4735#endif /* IN_RING3 */
4736
4737static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
4738{
4739 uint32_t val = pCtl->BmDma.u8Cmd;
4740 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4741 return val;
4742}
4743
4744
4745static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4746{
4747 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4748 if (!(val & BM_CMD_START))
4749 {
4750 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4751 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4752 }
4753 else
4754 {
4755#ifdef IN_RING3
4756 /* Check whether the guest OS wants to change DMA direction in
4757 * mid-flight. Not allowed, according to the PIIX3 specs. */
4758 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
4759 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
4760 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4761
4762 /* Do not continue DMA transfers while the RESET line is asserted. */
4763 if (pCtl->fReset)
4764 {
4765 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4766 return;
4767 }
4768
4769 /* Do not start DMA transfers if there's a PIO transfer going on. */
4770 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
4771 return;
4772
4773 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
4774 {
4775 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4776 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4777 }
4778#else /* !IN_RING3 */
4779 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
4780#endif /* IN_RING3 */
4781 }
4782}
4783
4784static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
4785{
4786 uint32_t val = pCtl->BmDma.u8Status;
4787 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4788 return val;
4789}
4790
4791static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4792{
4793 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4794 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
4795 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
4796 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
4797}
4798
4799static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
4800{
4801 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
4802 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4803 return val;
4804}
4805
4806static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4807{
4808 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4809 pCtl->BmDma.pvAddr = val & ~3;
4810}
4811
4812static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4813{
4814 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4815 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
4816
4817}
4818
4819static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4820{
4821 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4822 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
4823}
4824
4825#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
4826
4827/**
4828 * Port I/O Handler for bus master DMA IN operations.
4829 * @see FNIOMIOPORTIN for details.
4830 */
4831PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
4832{
4833 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4834 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4835 PATACONTROLLER pCtl = &pThis->aCts[i];
4836 int rc;
4837
4838 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
4839 if (rc != VINF_SUCCESS)
4840 return rc;
4841 switch (VAL(Port, cb))
4842 {
4843 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4844 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4845 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4846 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4847 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
4848 case VAL(0, 4):
4849 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
4850 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
4851 break;
4852 default:
4853 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
4854 PDMCritSectLeave(&pCtl->lock);
4855 return VERR_IOM_IOPORT_UNUSED;
4856 }
4857 PDMCritSectLeave(&pCtl->lock);
4858 return rc;
4859}
4860
4861/**
4862 * Port I/O Handler for bus master DMA OUT operations.
4863 * @see FNIOMIOPORTOUT for details.
4864 */
4865PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
4866{
4867 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4868 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4869 PATACONTROLLER pCtl = &pThis->aCts[i];
4870 int rc;
4871
4872 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
4873 if (rc != VINF_SUCCESS)
4874 return rc;
4875 switch (VAL(Port, cb))
4876 {
4877 case VAL(0, 1):
4878#ifndef IN_RING3
4879 if (u32 & BM_CMD_START)
4880 {
4881 rc = VINF_IOM_HC_IOPORT_WRITE;
4882 break;
4883 }
4884#endif /* !IN_RING3 */
4885 ataBMDMACmdWriteB(pCtl, Port, u32);
4886 break;
4887 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
4888 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
4889 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
4890 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
4891 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
4892 }
4893 PDMCritSectLeave(&pCtl->lock);
4894 return rc;
4895}
4896
4897#undef VAL
4898
4899#ifdef IN_RING3
4900
4901/**
4902 * Callback function for mapping an PCI I/O region.
4903 *
4904 * @return VBox status code.
4905 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
4906 * @param iRegion The region number.
4907 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
4908 * I/O port, else it's a physical address.
4909 * This address is *NOT* relative to pci_mem_base like earlier!
4910 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
4911 */
4912static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
4913{
4914 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
4915 int rc = VINF_SUCCESS;
4916 Assert(enmType == PCI_ADDRESS_SPACE_IO);
4917 Assert(iRegion == 4);
4918 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
4919
4920 /* Register the port range. */
4921 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
4922 {
4923 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4924 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
4925 AssertRC(rc2);
4926 if (rc2 < rc)
4927 rc = rc2;
4928
4929 if (pThis->fGCEnabled)
4930 {
4931 rc2 = PDMDevHlpIOPortRegisterGC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4932 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
4933 AssertRC(rc2);
4934 if (rc2 < rc)
4935 rc = rc2;
4936 }
4937 if (pThis->fR0Enabled)
4938 {
4939 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4940 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
4941 AssertRC(rc2);
4942 if (rc2 < rc)
4943 rc = rc2;
4944 }
4945 }
4946 return rc;
4947}
4948
4949
4950/**
4951 * Reset notification.
4952 *
4953 * @returns VBox status.
4954 * @param pDevIns The device instance data.
4955 */
4956static DECLCALLBACK(void) ataReset(PPDMDEVINS pDevIns)
4957{
4958 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4959
4960 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
4961 {
4962 pThis->aCts[i].iSelectedIf = 0;
4963 pThis->aCts[i].iAIOIf = 0;
4964 pThis->aCts[i].BmDma.u8Cmd = 0;
4965 /* Report that both drives present on the bus are in DMA mode. This
4966 * pretends that there is a BIOS that has set it up. Normal reset
4967 * default is 0x00. */
4968 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
4969 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
4970 pThis->aCts[i].BmDma.pvAddr = 0;
4971
4972 pThis->aCts[i].fReset = true;
4973 pThis->aCts[i].fRedo = false;
4974 pThis->aCts[i].fRedoIdle = false;
4975 ataAsyncIOClearRequests(&pThis->aCts[i]);
4976 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
4977 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetARequest);
4978 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetCRequest);
4979 if (!ataWaitForAsyncIOIsIdle(&pThis->aCts[i], 30000))
4980 {
4981 VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
4982 false, "DevATA_ASYNCBUSY",
4983 N_("The IDE async I/O thread remained busy after a reset, usually a host filesystem performance problem\n"));
4984 AssertMsgFailed(("Async I/O thread busy after reset\n"));
4985 }
4986
4987 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
4988 ataResetDevice(&pThis->aCts[i].aIfs[j]);
4989 }
4990}
4991
4992
4993/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
4994
4995/**
4996 * Queries an interface to the driver.
4997 *
4998 * @returns Pointer to interface.
4999 * @returns NULL if the interface was not supported by the device.
5000 * @param pInterface Pointer to ATADevState::IBase.
5001 * @param enmInterface The requested interface identification.
5002 */
5003static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5004{
5005 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5006 switch (enmInterface)
5007 {
5008 case PDMINTERFACE_BASE:
5009 return &pThis->IBase;
5010 case PDMINTERFACE_LED_PORTS:
5011 return &pThis->ILeds;
5012 default:
5013 return NULL;
5014 }
5015}
5016
5017
5018/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5019
5020/**
5021 * Gets the pointer to the status LED of a unit.
5022 *
5023 * @returns VBox status code.
5024 * @param pInterface Pointer to the interface structure containing the called function pointer.
5025 * @param iLUN The unit which status LED we desire.
5026 * @param ppLed Where to store the LED pointer.
5027 */
5028static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5029{
5030 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5031 if (iLUN < 4)
5032 {
5033 switch (iLUN)
5034 {
5035 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5036 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5037 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5038 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5039 }
5040 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5041 return VINF_SUCCESS;
5042 }
5043 return VERR_PDM_LUN_NOT_FOUND;
5044}
5045
5046
5047/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5048
5049/**
5050 * Queries an interface to the driver.
5051 *
5052 * @returns Pointer to interface.
5053 * @returns NULL if the interface was not supported by the device.
5054 * @param pInterface Pointer to ATADevState::IBase.
5055 * @param enmInterface The requested interface identification.
5056 */
5057static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5058{
5059 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5060 switch (enmInterface)
5061 {
5062 case PDMINTERFACE_BASE:
5063 return &pIf->IBase;
5064 case PDMINTERFACE_BLOCK_PORT:
5065 return &pIf->IPort;
5066 case PDMINTERFACE_MOUNT_NOTIFY:
5067 return &pIf->IMountNotify;
5068 default:
5069 return NULL;
5070 }
5071}
5072
5073#endif /* IN_RING3 */
5074
5075
5076/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5077
5078/**
5079 * Port I/O Handler for primary port range OUT operations.
5080 * @see FNIOMIOPORTOUT for details.
5081 */
5082PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5083{
5084 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5085 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5086 PATACONTROLLER pCtl = &pThis->aCts[i];
5087 int rc = VINF_SUCCESS;
5088
5089 Assert(i < 2);
5090
5091 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5092 if (rc != VINF_SUCCESS)
5093 return rc;
5094 if (cb == 1)
5095 rc = ataIOPortWriteU8(pCtl, Port, u32);
5096 else if (Port == pCtl->IOPortBase1)
5097 {
5098 Assert(cb == 2 || cb == 4);
5099 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5100 }
5101 else
5102 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5103 LogBird(("ata: leaving critsect\n"));
5104 PDMCritSectLeave(&pCtl->lock);
5105 LogBird(("ata: left critsect\n"));
5106 return rc;
5107}
5108
5109
5110/**
5111 * Port I/O Handler for primary port range IN operations.
5112 * @see FNIOMIOPORTIN for details.
5113 */
5114PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5115{
5116 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5117 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5118 PATACONTROLLER pCtl = &pThis->aCts[i];
5119 int rc = VINF_SUCCESS;
5120
5121 Assert(i < 2);
5122
5123 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5124 if (rc != VINF_SUCCESS)
5125 return rc;
5126 if (cb == 1)
5127 {
5128 rc = ataIOPortReadU8(pCtl, Port, pu32);
5129 }
5130 else if (Port == pCtl->IOPortBase1)
5131 {
5132 Assert(cb == 2 || cb == 4);
5133 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5134 if (cb == 2)
5135 *pu32 &= 0xffff;
5136 }
5137 else
5138 {
5139 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5140 rc = VERR_IOM_IOPORT_UNUSED;
5141 }
5142 PDMCritSectLeave(&pCtl->lock);
5143 return rc;
5144}
5145
5146#ifndef IN_RING0
5147/**
5148 * Port I/O Handler for primary port range IN string operations.
5149 * @see FNIOMIOPORTINSTRING for details.
5150 */
5151PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5152{
5153 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5154 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5155 PATACONTROLLER pCtl = &pThis->aCts[i];
5156 int rc = VINF_SUCCESS;
5157
5158 Assert(i < 2);
5159
5160 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5161 if (rc != VINF_SUCCESS)
5162 return rc;
5163 if (Port == pCtl->IOPortBase1)
5164 {
5165 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5166 RTGCPTR GCDst = *pGCPtrDst;
5167 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5168 Assert(cb == 2 || cb == 4);
5169
5170 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5171#ifndef IN_RING3
5172 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5173 cTransAvailable--;
5174#endif /* !IN_RING3 */
5175 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5176 * They are not performance-critical and generally shouldn't occur at all. */
5177 if (cTransAvailable > cTransfer)
5178 cTransAvailable = cTransfer;
5179 cbTransfer = cTransAvailable * cb;
5180
5181#ifdef IN_RC
5182 for (uint32_t i = 0; i < cbTransfer; i += cb)
5183 MMGCRamWriteNoTrapHandler((char *)GCDst + i, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, cb);
5184#else /* !IN_RC */
5185 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVM(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5186 Assert(rc == VINF_SUCCESS);
5187#endif /* IN_RC */
5188
5189 if (cbTransfer)
5190 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5191 s->iIOBufferPIODataStart += cbTransfer;
5192 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5193 *pcTransfer = cTransfer - cTransAvailable;
5194#ifdef IN_RING3
5195 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5196 ataPIOTransferFinish(pCtl, s);
5197#endif /* IN_RING3 */
5198 }
5199 PDMCritSectLeave(&pCtl->lock);
5200 return rc;
5201}
5202
5203
5204/**
5205 * Port I/O Handler for primary port range OUT string operations.
5206 * @see FNIOMIOPORTOUTSTRING for details.
5207 */
5208PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5209{
5210 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5211 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5212 PATACONTROLLER pCtl = &pThis->aCts[i];
5213 int rc;
5214
5215 Assert(i < 2);
5216
5217 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5218 if (rc != VINF_SUCCESS)
5219 return rc;
5220 if (Port == pCtl->IOPortBase1)
5221 {
5222 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5223 RTGCPTR GCSrc = *pGCPtrSrc;
5224 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5225 Assert(cb == 2 || cb == 4);
5226
5227 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5228#ifndef IN_RING3
5229 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5230 cTransAvailable--;
5231#endif /* !IN_RING3 */
5232 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5233 * They are not performance-critical and generally shouldn't occur at all. */
5234 if (cTransAvailable > cTransfer)
5235 cTransAvailable = cTransfer;
5236 cbTransfer = cTransAvailable * cb;
5237
5238#ifdef IN_RC
5239 for (uint32_t i = 0; i < cbTransfer; i += cb)
5240 MMGCRamReadNoTrapHandler(s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, (char *)GCSrc + i, cb);
5241#else /* !IN_RC */
5242 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVM(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5243 Assert(rc == VINF_SUCCESS);
5244#endif /* IN_RC */
5245
5246 if (cbTransfer)
5247 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5248 s->iIOBufferPIODataStart += cbTransfer;
5249 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5250 *pcTransfer = cTransfer - cTransAvailable;
5251#ifdef IN_RING3
5252 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5253 ataPIOTransferFinish(pCtl, s);
5254#endif /* IN_RING3 */
5255 }
5256 PDMCritSectLeave(&pCtl->lock);
5257 return rc;
5258}
5259#endif /* !IN_RING0 */
5260
5261/**
5262 * Port I/O Handler for secondary port range OUT operations.
5263 * @see FNIOMIOPORTOUT for details.
5264 */
5265PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5266{
5267 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5268 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5269 PATACONTROLLER pCtl = &pThis->aCts[i];
5270 int rc;
5271
5272 Assert(i < 2);
5273
5274 if (cb != 1)
5275 return VINF_SUCCESS;
5276 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5277 if (rc != VINF_SUCCESS)
5278 return rc;
5279 rc = ataControlWrite(pCtl, Port, u32);
5280 PDMCritSectLeave(&pCtl->lock);
5281 return rc;
5282}
5283
5284
5285/**
5286 * Port I/O Handler for secondary port range IN operations.
5287 * @see FNIOMIOPORTIN for details.
5288 */
5289PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5290{
5291 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5292 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5293 PATACONTROLLER pCtl = &pThis->aCts[i];
5294 int rc;
5295
5296 Assert(i < 2);
5297
5298 if (cb != 1)
5299 return VERR_IOM_IOPORT_UNUSED;
5300
5301 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5302 if (rc != VINF_SUCCESS)
5303 return rc;
5304 *pu32 = ataStatusRead(pCtl, Port);
5305 PDMCritSectLeave(&pCtl->lock);
5306 return VINF_SUCCESS;
5307}
5308
5309#ifdef IN_RING3
5310
5311/**
5312 * Waits for all async I/O threads to complete whatever they
5313 * are doing at the moment.
5314 *
5315 * @returns true on success.
5316 * @returns false when one or more threads is still processing.
5317 * @param pThis Pointer to the instance data.
5318 * @param cMillies How long to wait (total).
5319 */
5320static bool ataWaitForAllAsyncIOIsIdle(PPDMDEVINS pDevIns, unsigned cMillies)
5321{
5322 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5323 bool fVMLocked;
5324 uint64_t u64Start;
5325 PATACONTROLLER pCtl;
5326 bool fAllIdle = false;
5327
5328 /* The only way to deal cleanly with the VM lock is to check whether
5329 * it is owned now (it always is owned by EMT, which is the current
5330 * thread). Since this function is called several times during VM
5331 * shutdown, and the VM lock is only held for the first call (which
5332 * can be either from ataPowerOff or ataSuspend), there is no other
5333 * reasonable solution. */
5334 fVMLocked = VMMR3LockIsOwner(PDMDevHlpGetVM(pDevIns));
5335
5336 if (fVMLocked)
5337 pDevIns->pDevHlpR3->pfnUnlockVM(pDevIns);
5338 /*
5339 * Wait for any pending async operation to finish
5340 */
5341 u64Start = RTTimeMilliTS();
5342 for (;;)
5343 {
5344 /* Check all async I/O threads. */
5345 fAllIdle = true;
5346 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5347 {
5348 pCtl = &pThis->aCts[i];
5349
5350 /*
5351 * Only check if the thread is idling if the request mutex is set up.
5352 * It is possible that the creation of the first controller failed and that
5353 * the request mutex is not initialized on the second one yet
5354 * But it would be called without the following check.
5355 */
5356 if (pCtl->AsyncIORequestMutex != NIL_RTSEMEVENT)
5357 {
5358 fAllIdle &= ataAsyncIOIsIdle(pCtl, false);
5359 if (!fAllIdle)
5360 break;
5361 }
5362 }
5363 if ( fAllIdle
5364 || RTTimeMilliTS() - u64Start >= cMillies)
5365 break;
5366
5367 /* Sleep for a bit. */
5368 RTThreadSleep(100);
5369 }
5370
5371 if (fVMLocked)
5372 pDevIns->pDevHlpR3->pfnLockVM(pDevIns);
5373
5374 if (!fAllIdle)
5375 LogRel(("PIIX3 ATA: Ctl#%d is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5376 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
5377 pCtl->aIfs[0].uATARegCommand, pCtl->aIfs[1].uATARegCommand));
5378
5379 return fAllIdle;
5380}
5381
5382
5383DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5384{
5385 if (s->pbIOBufferR3)
5386 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5387}
5388
5389
5390/**
5391 * @copydoc FNPDMDEVRELOCATE
5392 */
5393static DECLCALLBACK(void) ataRelocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5394{
5395 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5396
5397 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5398 {
5399 pThis->aCts[i].pDevInsRC += offDelta;
5400 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5401 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5402 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5403 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5404 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5405 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5406 }
5407}
5408
5409
5410/**
5411 * Destroy a driver instance.
5412 *
5413 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5414 * resources can be freed correctly.
5415 *
5416 * @param pDevIns The device instance data.
5417 */
5418static DECLCALLBACK(int) ataDestruct(PPDMDEVINS pDevIns)
5419{
5420 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5421 int rc;
5422
5423 Log(("%s:\n", __FUNCTION__));
5424
5425 /*
5426 * Terminate all async helper threads
5427 */
5428 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5429 {
5430 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5431 {
5432 ASMAtomicXchgU32(&pThis->aCts[i].fShutdown, true);
5433 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5434 AssertRC(rc);
5435 }
5436 }
5437
5438 /*
5439 * Wait for them to complete whatever they are doing and then
5440 * for them to terminate.
5441 */
5442 if (ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5443 {
5444 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5445 {
5446 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5447 AssertMsgRC(rc || rc == VERR_INVALID_HANDLE, ("rc=%Rrc i=%d\n", rc, i));
5448 }
5449 }
5450 else
5451 AssertMsgFailed(("Async I/O is still busy!\n"));
5452
5453 /*
5454 * Now the request mutexes are no longer needed. Free resources.
5455 */
5456 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5457 {
5458 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMEVENT)
5459 {
5460 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5461 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
5462 }
5463 }
5464 return VINF_SUCCESS;
5465}
5466
5467
5468/**
5469 * Detach notification.
5470 *
5471 * The DVD drive has been unplugged.
5472 *
5473 * @param pDevIns The device instance.
5474 * @param iLUN The logical unit which is being detached.
5475 */
5476static DECLCALLBACK(void) ataDetach(PPDMDEVINS pDevIns, unsigned iLUN)
5477{
5478 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5479 PATACONTROLLER pCtl;
5480 ATADevState *pIf;
5481 unsigned iController;
5482 unsigned iInterface;
5483
5484 /*
5485 * Locate the controller and stuff.
5486 */
5487 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5488 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5489 pCtl = &pThis->aCts[iController];
5490
5491 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5492 pIf = &pCtl->aIfs[iInterface];
5493
5494 /*
5495 * Zero some important members.
5496 */
5497 pIf->pDrvBase = NULL;
5498 pIf->pDrvBlock = NULL;
5499 pIf->pDrvBlockBios = NULL;
5500 pIf->pDrvMount = NULL;
5501
5502 /*
5503 * In case there was a medium inserted.
5504 */
5505 ataMediumRemoved(pIf);
5506}
5507
5508
5509/**
5510 * Configure a LUN.
5511 *
5512 * @returns VBox status code.
5513 * @param pDevIns The device instance.
5514 * @param pIf The ATA unit state.
5515 */
5516static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5517{
5518 int rc;
5519 PDMBLOCKTYPE enmType;
5520
5521 /*
5522 * Query Block, Bios and Mount interfaces.
5523 */
5524 pIf->pDrvBlock = (PDMIBLOCK *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK);
5525 if (!pIf->pDrvBlock)
5526 {
5527 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5528 return VERR_PDM_MISSING_INTERFACE;
5529 }
5530
5531 /** @todo implement the BIOS invisible code path. */
5532 pIf->pDrvBlockBios = (PDMIBLOCKBIOS *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK_BIOS);
5533 if (!pIf->pDrvBlockBios)
5534 {
5535 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5536 return VERR_PDM_MISSING_INTERFACE;
5537 }
5538 pIf->pDrvMount = (PDMIMOUNT *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_MOUNT);
5539
5540 /*
5541 * Validate type.
5542 */
5543 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5544 if ( enmType != PDMBLOCKTYPE_CDROM
5545 && enmType != PDMBLOCKTYPE_DVD
5546 && enmType != PDMBLOCKTYPE_HARD_DISK)
5547 {
5548 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5549 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5550 }
5551 if ( ( enmType == PDMBLOCKTYPE_DVD
5552 || enmType == PDMBLOCKTYPE_CDROM)
5553 && !pIf->pDrvMount)
5554 {
5555 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5556 return VERR_INTERNAL_ERROR;
5557 }
5558 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5559 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5560
5561 /*
5562 * Allocate I/O buffer.
5563 */
5564 PVM pVM = PDMDevHlpGetVM(pDevIns);
5565 if (pIf->cbIOBuffer)
5566 {
5567 /* Buffer is (probably) already allocated. Validate the fields,
5568 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5569 if (pIf->fATAPI)
5570 AssertRelease(pIf->cbIOBuffer == _128K);
5571 else
5572 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5573 Assert(pIf->pbIOBufferR3);
5574 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5575 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5576 }
5577 else
5578 {
5579 if (pIf->fATAPI)
5580 pIf->cbIOBuffer = _128K;
5581 else
5582 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5583 Assert(!pIf->pbIOBufferR3);
5584 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5585 if (RT_FAILURE(rc))
5586 return VERR_NO_MEMORY;
5587 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5588 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5589 }
5590
5591 /*
5592 * Init geometry (only for non-CD/DVD media).
5593 */
5594 if (pIf->fATAPI)
5595 {
5596 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5597 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5598 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5599 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5600 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5601 }
5602 else
5603 {
5604 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5605 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5606 &pIf->PCHSGeometry);
5607 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5608 {
5609 pIf->PCHSGeometry.cCylinders = 0;
5610 pIf->PCHSGeometry.cHeads = 16; /*??*/
5611 pIf->PCHSGeometry.cSectors = 63; /*??*/
5612 }
5613 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5614 {
5615 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5616 rc = VINF_SUCCESS;
5617 }
5618 AssertRC(rc);
5619
5620 if ( pIf->PCHSGeometry.cCylinders == 0
5621 || pIf->PCHSGeometry.cHeads == 0
5622 || pIf->PCHSGeometry.cSectors == 0
5623 )
5624 {
5625 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5626 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5627 pIf->PCHSGeometry.cHeads = 16;
5628 pIf->PCHSGeometry.cSectors = 63;
5629 /* Set the disk geometry information. */
5630 rc = pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5631 &pIf->PCHSGeometry);
5632 }
5633 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5634 }
5635 return VINF_SUCCESS;
5636}
5637
5638
5639/**
5640 * Attach command.
5641 *
5642 * This is called when we change block driver for the DVD drive.
5643 *
5644 * @returns VBox status code.
5645 * @param pDevIns The device instance.
5646 * @param iLUN The logical unit which is being detached.
5647 */
5648static DECLCALLBACK(int) ataAttach(PPDMDEVINS pDevIns, unsigned iLUN)
5649{
5650 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5651 PATACONTROLLER pCtl;
5652 ATADevState *pIf;
5653 int rc;
5654 unsigned iController;
5655 unsigned iInterface;
5656
5657 /*
5658 * Locate the controller and stuff.
5659 */
5660 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5661 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5662 pCtl = &pThis->aCts[iController];
5663
5664 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5665 pIf = &pCtl->aIfs[iInterface];
5666
5667 /* the usual paranoia */
5668 AssertRelease(!pIf->pDrvBase);
5669 AssertRelease(!pIf->pDrvBlock);
5670 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5671 Assert(pIf->iLUN == iLUN);
5672
5673 /*
5674 * Try attach the block device and get the interfaces,
5675 * required as well as optional.
5676 */
5677 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5678 if (RT_SUCCESS(rc))
5679 {
5680 rc = ataConfigLun(pDevIns, pIf);
5681 /*
5682 * In case there is a medium inserted.
5683 */
5684 ataMediumInserted(pIf);
5685 }
5686 else
5687 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5688
5689 if (RT_FAILURE(rc))
5690 {
5691 pIf->pDrvBase = NULL;
5692 pIf->pDrvBlock = NULL;
5693 }
5694 return rc;
5695}
5696
5697
5698/**
5699 * Suspend notification.
5700 *
5701 * @returns VBox status.
5702 * @param pDevIns The device instance data.
5703 */
5704static DECLCALLBACK(void) ataSuspend(PPDMDEVINS pDevIns)
5705{
5706 Log(("%s:\n", __FUNCTION__));
5707 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5708 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5709 return;
5710}
5711
5712
5713/**
5714 * Resume notification.
5715 *
5716 * @returns VBox status.
5717 * @param pDevIns The device instance data.
5718 */
5719static DECLCALLBACK(void) ataResume(PPDMDEVINS pDevIns)
5720{
5721 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5722 int rc;
5723
5724 Log(("%s:\n", __FUNCTION__));
5725 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5726 {
5727 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5728 {
5729 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5730 AssertRC(rc);
5731 }
5732 }
5733 return;
5734}
5735
5736
5737/**
5738 * Power Off notification.
5739 *
5740 * @returns VBox status.
5741 * @param pDevIns The device instance data.
5742 */
5743static DECLCALLBACK(void) ataPowerOff(PPDMDEVINS pDevIns)
5744{
5745 Log(("%s:\n", __FUNCTION__));
5746 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5747 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5748 return;
5749}
5750
5751
5752/**
5753 * Prepare state save and load operation.
5754 *
5755 * @returns VBox status code.
5756 * @param pDevIns Device instance of the device which registered the data unit.
5757 * @param pSSM SSM operation handle.
5758 */
5759static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
5760{
5761 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5762
5763 /* sanity - the suspend notification will wait on the async stuff. */
5764 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5765 {
5766 Assert(ataAsyncIOIsIdle(&pThis->aCts[i], false));
5767 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5768 return VERR_SSM_IDE_ASYNC_TIMEOUT;
5769 }
5770 return VINF_SUCCESS;
5771}
5772
5773
5774/**
5775 * Saves a state of the ATA device.
5776 *
5777 * @returns VBox status code.
5778 * @param pDevIns The device instance.
5779 * @param pSSMHandle The handle to save the state to.
5780 */
5781static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle)
5782{
5783 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5784
5785 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5786 {
5787 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iSelectedIf);
5788 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iAIOIf);
5789 SSMR3PutU8(pSSMHandle, pThis->aCts[i].uAsyncIOState);
5790 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fChainedTransfer);
5791 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fReset);
5792 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedo);
5793 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoIdle);
5794 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoDMALastDesc);
5795 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5796 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pFirstDMADesc);
5797 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pLastDMADesc);
5798 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pRedoDMABuffer);
5799 SSMR3PutU32(pSSMHandle, pThis->aCts[i].cbRedoDMABuffer);
5800
5801 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5802 {
5803 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fLBA48);
5804 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPI);
5805 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fIrqPending);
5806 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cMultSectors);
5807 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5808 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5809 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5810 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5811 SSMR3PutU64(pSSMHandle, pThis->aCts[i].aIfs[j].cTotalSectors);
5812 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeature);
5813 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5814 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegError);
5815 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSector);
5816 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5817 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSector);
5818 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5819 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCyl);
5820 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5821 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCyl);
5822 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5823 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSelect);
5824 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegStatus);
5825 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegCommand);
5826 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegDevCtl);
5827 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATATransferMode);
5828 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uTxDir);
5829 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iBeginTransfer);
5830 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iSourceSink);
5831 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fDMA);
5832 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPITransfer);
5833 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbTotalTransfer);
5834 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
5835 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferCur);
5836 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferEnd);
5837 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
5838 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
5839 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iATAPILBA);
5840 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbATAPISector);
5841 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
5842 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5843 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
5844 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].MediaEventStatus);
5845 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
5846 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbIOBuffer);
5847 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
5848 SSMR3PutMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
5849 else
5850 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
5851 }
5852 }
5853 SSMR3PutBool(pSSMHandle, pThis->fPIIX4);
5854
5855 return SSMR3PutU32(pSSMHandle, ~0); /* sanity/terminator */
5856}
5857
5858
5859/**
5860 * Loads a saved ATA device state.
5861 *
5862 * @returns VBox status code.
5863 * @param pDevIns The device instance.
5864 * @param pSSMHandle The handle to the saved state.
5865 * @param u32Version The data unit version number.
5866 */
5867static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle, uint32_t u32Version)
5868{
5869 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5870 int rc;
5871 uint32_t u32;
5872
5873 if ( u32Version != ATA_SAVED_STATE_VERSION
5874 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
5875 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
5876 {
5877 AssertMsgFailed(("u32Version=%d\n", u32Version));
5878 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
5879 }
5880
5881 /*
5882 * Restore valid parts of the PCIATAState structure
5883 */
5884 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5885 {
5886 /* integrity check */
5887 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5888 {
5889 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
5890 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
5891 return rc;
5892 }
5893
5894 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iSelectedIf);
5895 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iAIOIf);
5896 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].uAsyncIOState);
5897 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].fChainedTransfer);
5898 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fReset);
5899 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedo);
5900 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoIdle);
5901 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
5902 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5903 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pFirstDMADesc);
5904 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pLastDMADesc);
5905 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pRedoDMABuffer);
5906 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].cbRedoDMABuffer);
5907
5908 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5909 {
5910 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fLBA48);
5911 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPI);
5912 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fIrqPending);
5913 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cMultSectors);
5914 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5915 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5916 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5917 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5918 SSMR3GetU64(pSSMHandle, &pThis->aCts[i].aIfs[j].cTotalSectors);
5919 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeature);
5920 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5921 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegError);
5922 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSector);
5923 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5924 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSector);
5925 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5926 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCyl);
5927 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5928 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCyl);
5929 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5930 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSelect);
5931 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegStatus);
5932 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegCommand);
5933 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
5934 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATATransferMode);
5935 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uTxDir);
5936 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iBeginTransfer);
5937 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iSourceSink);
5938 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fDMA);
5939 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPITransfer);
5940 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
5941 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
5942 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferCur);
5943 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
5944 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
5945 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
5946 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iATAPILBA);
5947 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbATAPISector);
5948 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
5949 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
5950 {
5951 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5952 }
5953 else
5954 {
5955 uint8_t uATAPISenseKey, uATAPIASC;
5956 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5957 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
5958 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
5959 SSMR3GetU8(pSSMHandle, &uATAPISenseKey);
5960 SSMR3GetU8(pSSMHandle, &uATAPIASC);
5961 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
5962 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
5963 }
5964 /** @todo triple-check this hack after passthrough is working */
5965 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
5966 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
5967 SSMR3GetU32(pSSMHandle, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
5968 else
5969 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
5970 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
5971 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbIOBuffer);
5972 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
5973 {
5974 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
5975 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
5976 else
5977 {
5978 LogRel(("ATA: No buffer for %d/%d\n", i, j));
5979 if (SSMR3HandleGetAfter(pSSMHandle) != SSMAFTER_DEBUG_IT)
5980 return VERR_SSM_LOAD_CONFIG_MISMATCH;
5981
5982 /* skip the buffer if we're loading for the debugger / animator. */
5983 uint8_t u8Ignored;
5984 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
5985 while (cbLeft-- > 0)
5986 SSMR3GetU8(pSSMHandle, &u8Ignored);
5987 }
5988 }
5989 else
5990 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
5991 }
5992 }
5993 SSMR3GetBool(pSSMHandle, &pThis->fPIIX4);
5994
5995 rc = SSMR3GetU32(pSSMHandle, &u32);
5996 if (RT_FAILURE(rc))
5997 return rc;
5998 if (u32 != ~0U)
5999 {
6000 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6001 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6002 return rc;
6003 }
6004
6005 return VINF_SUCCESS;
6006}
6007
6008
6009/**
6010 * Construct a device instance for a VM.
6011 *
6012 * @returns VBox status.
6013 * @param pDevIns The device instance data.
6014 * If the registration structure is needed, pDevIns->pDevReg points to it.
6015 * @param iInstance Instance number. Use this to figure out which registers and such to use.
6016 * The device number is also found in pDevIns->iInstance, but since it's
6017 * likely to be freqently used PDM passes it as parameter.
6018 * @param pCfgHandle Configuration node handle for the device. Use this to obtain the configuration
6019 * of the device instance. It's also found in pDevIns->pCfgHandle, but like
6020 * iInstance it's expected to be used a bit in this function.
6021 */
6022static DECLCALLBACK(int) ataConstruct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfgHandle)
6023{
6024 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6025 PPDMIBASE pBase;
6026 int rc;
6027 bool fGCEnabled;
6028 bool fR0Enabled;
6029 uint32_t DelayIRQMillies;
6030
6031 Assert(iInstance == 0);
6032
6033 /*
6034 * Initialize NIL handle values (for the destructor).
6035 */
6036 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6037 {
6038 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6039 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6040 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
6041 }
6042
6043 /*
6044 * Validate and read configuration.
6045 */
6046 if (!CFGMR3AreValuesValid(pCfgHandle, "GCEnabled\0IRQDelay\0R0Enabled\0PIIX4\0"))
6047 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6048 N_("PIIX3 configuration error: unknown option specified"));
6049
6050 rc = CFGMR3QueryBoolDef(pCfgHandle, "GCEnabled", &fGCEnabled, true);
6051 if (RT_FAILURE(rc))
6052 return PDMDEV_SET_ERROR(pDevIns, rc,
6053 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6054 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6055
6056 rc = CFGMR3QueryBoolDef(pCfgHandle, "R0Enabled", &fR0Enabled, true);
6057 if (RT_FAILURE(rc))
6058 return PDMDEV_SET_ERROR(pDevIns, rc,
6059 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6060 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6061
6062 rc = CFGMR3QueryU32Def(pCfgHandle, "IRQDelay", &DelayIRQMillies, 0);
6063 if (RT_FAILURE(rc))
6064 return PDMDEV_SET_ERROR(pDevIns, rc,
6065 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6066 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6067 Assert(DelayIRQMillies < 50);
6068
6069 rc = CFGMR3QueryBoolDef(pCfgHandle, "PIIX4", &pThis->fPIIX4, false);
6070 if (RT_FAILURE(rc))
6071 return PDMDEV_SET_ERROR(pDevIns, rc,
6072 N_("PIIX3 configuration error: failed to read PIIX4 as boolean"));
6073 Log(("%s: fPIIX4=%d\n", __FUNCTION__, pThis->fPIIX4));
6074
6075 /*
6076 * Initialize data (most of it anyway).
6077 */
6078 /* Status LUN. */
6079 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6080 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6081
6082 /* PCI configuration space. */
6083 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6084 if (pThis->fPIIX4)
6085 {
6086 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6087 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6088 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6089 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6090 pThis->dev.config[0x4B] = 0x00;
6091 }
6092 else
6093 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6094 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6095 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6096 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6097 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6098 PCIDevSetHeaderType(&pThis->dev, 0x00);
6099
6100 pThis->pDevIns = pDevIns;
6101 pThis->fGCEnabled = fGCEnabled;
6102 pThis->fR0Enabled = fR0Enabled;
6103 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6104 {
6105 pThis->aCts[i].pDevInsR3 = pDevIns;
6106 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6107 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6108 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6109 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6110 {
6111 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6112
6113 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6114 pIf->pDevInsR3 = pDevIns;
6115 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6116 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6117 pIf->pControllerR3 = &pThis->aCts[i];
6118 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6119 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6120 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6121 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6122 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6123 pIf->Led.u32Magic = PDMLED_MAGIC;
6124 }
6125 }
6126
6127 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6128 pThis->aCts[0].irq = 14;
6129 pThis->aCts[0].IOPortBase1 = 0x1f0;
6130 pThis->aCts[0].IOPortBase2 = 0x3f6;
6131 pThis->aCts[1].irq = 15;
6132 pThis->aCts[1].IOPortBase1 = 0x170;
6133 pThis->aCts[1].IOPortBase2 = 0x376;
6134
6135 /*
6136 * Register the PCI device.
6137 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6138 * device the slot next to itself.
6139 */
6140 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6141 if (RT_FAILURE(rc))
6142 return PDMDEV_SET_ERROR(pDevIns, rc,
6143 N_("PIIX3 cannot register PCI device"));
6144 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6145 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6146 if (RT_FAILURE(rc))
6147 return PDMDEV_SET_ERROR(pDevIns, rc,
6148 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6149
6150 /*
6151 * Register the I/O ports.
6152 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6153 */
6154 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6155 {
6156 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6157 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6158 if (RT_FAILURE(rc))
6159 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6160
6161 if (fGCEnabled)
6162 {
6163 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6164 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6165 if (RT_FAILURE(rc))
6166 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6167 }
6168
6169 if (fR0Enabled)
6170 {
6171#if 1
6172 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6173 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6174#else
6175 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6176 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6177#endif
6178 if (RT_FAILURE(rc))
6179 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6180 }
6181
6182 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6183 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6184 if (RT_FAILURE(rc))
6185 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6186
6187 if (fGCEnabled)
6188 {
6189 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6190 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6191 if (RT_FAILURE(rc))
6192 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6193 }
6194 if (fR0Enabled)
6195 {
6196 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6197 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6198 if (RT_FAILURE(rc))
6199 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6200 }
6201
6202 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6203 {
6204 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6205 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA DMA transfers.", "/Devices/ATA%d/Unit%d/DMA", i, j);
6206 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA PIO transfers.", "/Devices/ATA%d/Unit%d/PIO", i, j);
6207 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI DMA transfers.", "/Devices/ATA%d/Unit%d/AtapiDMA", i, j);
6208 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI PIO transfers.", "/Devices/ATA%d/Unit%d/AtapiPIO", i, j);
6209#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6210 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the read operations.", "/Devices/ATA%d/Unit%d/Reads", i, j);
6211#endif
6212 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data read.", "/Devices/ATA%d/Unit%d/ReadBytes", i, j);
6213#ifdef VBOX_INSTRUMENT_DMA_WRITES
6214 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the VD DMA write operations.","/Devices/ATA%d/Unit%d/InstrVDWrites", i, j);
6215#endif
6216#ifdef VBOX_WITH_STATISTICS
6217 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the write operations.","/Devices/ATA%d/Unit%d/Writes", i, j);
6218#endif
6219 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data written.", "/Devices/ATA%d/Unit%d/WrittenBytes", i, j);
6220#ifdef VBOX_WITH_STATISTICS
6221 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the flush operations.","/Devices/ATA%d/Unit%d/Flushes", i, j);
6222#endif
6223 }
6224#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6225 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "The number of async operations.", "/Devices/ATA%d/Async/Operations", i);
6226 /** @todo STAMUNIT_MICROSECS */
6227 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Minimum wait in microseconds.", "/Devices/ATA%d/Async/MinWait", i);
6228 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Maximum wait in microseconds.", "/Devices/ATA%d/Async/MaxWait", i);
6229 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Total time spent in microseconds.","/Devices/ATA%d/Async/TotalTimeUS", i);
6230 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of async operations.", "/Devices/ATA%d/Async/Time", i);
6231 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of locks.", "/Devices/ATA%d/Async/LockWait", i);
6232#endif /* VBOX_WITH_STATISTICS */
6233
6234 /* Initialize per-controller critical section */
6235 char szName[24];
6236 RTStrPrintf(szName, sizeof(szName), "ATA%d", i);
6237 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, szName);
6238 if (RT_FAILURE(rc))
6239 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6240 }
6241
6242 /*
6243 * Attach status driver (optional).
6244 */
6245 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6246 if (RT_SUCCESS(rc))
6247 pThis->pLedsConnector = (PDMILEDCONNECTORS *)pBase->pfnQueryInterface(pBase, PDMINTERFACE_LED_CONNECTORS);
6248 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6249 {
6250 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6251 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6252 }
6253
6254 /*
6255 * Attach the units.
6256 */
6257 uint32_t cbTotalBuffer = 0;
6258 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6259 {
6260 PATACONTROLLER pCtl = &pThis->aCts[i];
6261
6262 /*
6263 * Start the worker thread.
6264 */
6265 pCtl->uAsyncIOState = ATA_AIO_NEW;
6266 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6267 AssertRC(rc);
6268 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6269 AssertRC(rc);
6270 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6271 AssertRC(rc);
6272 ataAsyncIOClearRequests(pCtl);
6273 rc = RTThreadCreate(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024, RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA");
6274 AssertRC(rc);
6275 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6276 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6277
6278 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6279 {
6280 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6281 {
6282 { "Primary Master", "Primary Slave" },
6283 { "Secondary Master", "Secondary Slave" }
6284 };
6285
6286 /*
6287 * Try attach the block device and get the interfaces,
6288 * required as well as optional.
6289 */
6290 ATADevState *pIf = &pCtl->aIfs[j];
6291
6292 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6293 if (RT_SUCCESS(rc))
6294 {
6295 rc = ataConfigLun(pDevIns, pIf);
6296 if (RT_SUCCESS(rc))
6297 {
6298 /*
6299 * Init vendor product data.
6300 */
6301 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6302 {
6303 { "PrimaryMaster", "PrimarySlave" },
6304 { "SecondaryMaster", "SecondarySlave" }
6305 };
6306 char aSerial[20];
6307 RTUUID Uuid;
6308 if (pIf->pDrvBlock)
6309 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6310 else
6311 RTUuidClear(&Uuid);
6312
6313 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6314 {
6315 /* Generate a predictable serial for drives which don't have a UUID. */
6316 RTStrPrintf(aSerial, sizeof(aSerial), "VB%x-%04x%04x",
6317 pIf->iLUN + pDevIns->iInstance * 32,
6318 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6319 }
6320 else
6321 RTStrPrintf(aSerial, sizeof(aSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6322 strncpy((char *)pIf->abSerialNumber, aSerial, 20);
6323 strncpy((char *)pIf->abFirmwareRevision, "1.0", 8);
6324 if (pIf->fATAPI)
6325 strncpy((char *)pIf->abModelNumber, "VBOX CD-ROM", 40);
6326 else
6327 strncpy((char *)pIf->abModelNumber, "VBOX HARDDISK", 40);
6328
6329 /* Check if the user provided some values to overwrite. */
6330 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfgHandle, s_apszCFGMKeys[i][j]);
6331 if (pCfgNode)
6332 {
6333 char *pszCFGMValue;
6334
6335 rc = CFGMR3QueryStringAlloc(pCfgNode, "SerialNumber", &pszCFGMValue);
6336 if (RT_SUCCESS(rc))
6337 {
6338 /* Check length of the serial number. It shouldn't be longer than 20 bytes. */
6339 if (strlen(pszCFGMValue) > 20)
6340 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6341 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6342 /* Copy the data over. */
6343 strncpy((char *)pIf->abSerialNumber, pszCFGMValue, 20);
6344 MMR3HeapFree(pszCFGMValue);
6345 }
6346 else if (rc != VERR_CFGM_VALUE_NOT_FOUND)
6347 return PDMDEV_SET_ERROR(pDevIns, rc,
6348 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6349
6350 rc = CFGMR3QueryStringAlloc(pCfgNode, "FirmwareRevision", &pszCFGMValue);
6351 if (RT_SUCCESS(rc))
6352 {
6353 /* Check length of the firmware revision. It shouldn't be longer than 8 bytes. */
6354 if (strlen(pszCFGMValue) > 8)
6355 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6356 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6357 /* Copy the data over. */
6358 strncpy((char *)pIf->abFirmwareRevision, pszCFGMValue, 8);
6359 MMR3HeapFree(pszCFGMValue);
6360 }
6361 else if (rc != VERR_CFGM_VALUE_NOT_FOUND)
6362 return PDMDEV_SET_ERROR(pDevIns, rc,
6363 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6364
6365 rc = CFGMR3QueryStringAlloc(pCfgNode, "ModelNumber", &pszCFGMValue);
6366 if (RT_SUCCESS(rc))
6367 {
6368 /* Check length of the model number. It shouldn't be longer than 40 bytes. */
6369 if (strlen(pszCFGMValue) > 40)
6370 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6371 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6372 /* Copy the data over. */
6373 strncpy((char *)pIf->abModelNumber, pszCFGMValue, 40);
6374 MMR3HeapFree(pszCFGMValue);
6375 }
6376 else if (rc != VERR_CFGM_VALUE_NOT_FOUND)
6377 return PDMDEV_SET_ERROR(pDevIns, rc,
6378 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6379 }
6380 }
6381
6382 }
6383 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6384 {
6385 pIf->pDrvBase = NULL;
6386 pIf->pDrvBlock = NULL;
6387 pIf->cbIOBuffer = 0;
6388 pIf->pbIOBufferR3 = NULL;
6389 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6390 pIf->pbIOBufferRC = NIL_RTGCPTR;
6391 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6392 }
6393 else
6394 {
6395 switch (rc)
6396 {
6397 case VERR_ACCESS_DENIED:
6398 /* Error already catched by DrvHostBase */
6399 return rc;
6400 default:
6401 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6402 N_("PIIX3 cannot attach drive to the %s"),
6403 s_apszDescs[i][j]);
6404 }
6405 }
6406 cbTotalBuffer += pIf->cbIOBuffer;
6407 }
6408 }
6409
6410 rc = PDMDevHlpSSMRegister(pDevIns, pDevIns->pDevReg->szDeviceName, iInstance,
6411 ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer,
6412 ataSaveLoadPrep, ataSaveExec, NULL,
6413 ataSaveLoadPrep, ataLoadExec, NULL);
6414 if (RT_FAILURE(rc))
6415 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6416
6417 /*
6418 * Initialize the device state.
6419 */
6420 ataReset(pDevIns);
6421
6422 return VINF_SUCCESS;
6423}
6424
6425
6426/**
6427 * The device registration structure.
6428 */
6429const PDMDEVREG g_DevicePIIX3IDE =
6430{
6431 /* u32Version */
6432 PDM_DEVREG_VERSION,
6433 /* szDeviceName */
6434 "piix3ide",
6435 /* szRCMod */
6436 "VBoxDDGC.gc",
6437 /* szR0Mod */
6438 "VBoxDDR0.r0",
6439 /* pszDescription */
6440 "Intel PIIX3 ATA controller.\n"
6441 " LUN #0 is primary master.\n"
6442 " LUN #1 is primary slave.\n"
6443 " LUN #2 is secondary master.\n"
6444 " LUN #3 is secondary slave.\n"
6445 " LUN #999 is the LED/Status connector.",
6446 /* fFlags */
6447 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0,
6448 /* fClass */
6449 PDM_DEVREG_CLASS_STORAGE,
6450 /* cMaxInstances */
6451 1,
6452 /* cbInstance */
6453 sizeof(PCIATAState),
6454 /* pfnConstruct */
6455 ataConstruct,
6456 /* pfnDestruct */
6457 ataDestruct,
6458 /* pfnRelocate */
6459 ataRelocate,
6460 /* pfnIOCtl */
6461 NULL,
6462 /* pfnPowerOn */
6463 NULL,
6464 /* pfnReset */
6465 ataReset,
6466 /* pfnSuspend */
6467 ataSuspend,
6468 /* pfnResume */
6469 ataResume,
6470 /* pfnAttach */
6471 ataAttach,
6472 /* pfnDetach */
6473 ataDetach,
6474 /* pfnQueryInterface. */
6475 NULL,
6476 /* pfnInitComplete */
6477 NULL,
6478 /* pfnPowerOff */
6479 ataPowerOff,
6480 /* pfnSoftReset */
6481 NULL,
6482 /* u32VersionEnd */
6483 PDM_DEVREG_VERSION
6484};
6485#endif /* IN_RING3 */
6486#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
6487
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette