VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 16560

Last change on this file since 16560 was 16114, checked in by vboxsync, 16 years ago

Added first suspend and poweroff flags for the IDE controller too. (same as done for SATA in #3522)
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 247.5 KB
Line 
1/* $Id: DevATA.cpp 16114 2009-01-21 09:13:08Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/**
30 * The SSM saved state versions.
31 */
32#define ATA_SAVED_STATE_VERSION 18
33#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
34#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
35
36
37/*******************************************************************************
38* Header Files *
39*******************************************************************************/
40#define LOG_GROUP LOG_GROUP_DEV_IDE
41#include <VBox/pdmdev.h>
42#include <iprt/assert.h>
43#include <iprt/string.h>
44#ifdef IN_RING3
45# include <iprt/uuid.h>
46# include <iprt/semaphore.h>
47# include <iprt/thread.h>
48# include <iprt/time.h>
49# include <iprt/alloc.h>
50#endif /* IN_RING3 */
51#include <iprt/critsect.h>
52#include <iprt/asm.h>
53#include <VBox/stam.h>
54#include <VBox/mm.h>
55#include <VBox/pgm.h>
56
57#include <VBox/scsi.h>
58
59#include "PIIX3ATABmDma.h"
60#include "ide.h"
61#include "../Builtins.h"
62
63/*******************************************************************************
64* Defined Constants And Macros *
65*******************************************************************************/
66/**
67 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
68 * Set to 1 to disable multi-sector read support. According to the ATA
69 * specification this must be a power of 2 and it must fit in an 8 bit
70 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
71 */
72#define ATA_MAX_MULT_SECTORS 128
73
74/**
75 * Fastest PIO mode supported by the drive.
76 */
77#define ATA_PIO_MODE_MAX 4
78/**
79 * Fastest MDMA mode supported by the drive.
80 */
81#define ATA_MDMA_MODE_MAX 2
82/**
83 * Fastest UDMA mode supported by the drive.
84 */
85#define ATA_UDMA_MODE_MAX 6
86
87/** ATAPI sense info size. */
88#define ATAPI_SENSE_SIZE 64
89
90/** The maximum number of release log entries per device. */
91#define MAX_LOG_REL_ERRORS 1024
92
93/* MediaEventStatus */
94#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
95#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
96#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
97#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
98
99/**
100 * Length of the configurable VPD data (without termination)
101 */
102#define ATA_SERIAL_NUMBER_LENGTH 20
103#define ATA_FIRMWARE_REVISION_LENGTH 8
104#define ATA_MODEL_NUMBER_LENGTH 40
105
106/*******************************************************************************
107* Structures and Typedefs *
108*******************************************************************************/
109typedef struct ATADevState {
110 /** Flag indicating whether the current command uses LBA48 mode. */
111 bool fLBA48;
112 /** Flag indicating whether this drive implements the ATAPI command set. */
113 bool fATAPI;
114 /** Set if this interface has asserted the IRQ. */
115 bool fIrqPending;
116 /** Currently configured number of sectors in a multi-sector transfer. */
117 uint8_t cMultSectors;
118 /** PCHS disk geometry. */
119 PDMMEDIAGEOMETRY PCHSGeometry;
120 /** Total number of sectors on this disk. */
121 uint64_t cTotalSectors;
122 /** Number of sectors to transfer per IRQ. */
123 uint32_t cSectorsPerIRQ;
124
125 /** ATA/ATAPI register 1: feature (write-only). */
126 uint8_t uATARegFeature;
127 /** ATA/ATAPI register 1: feature, high order byte. */
128 uint8_t uATARegFeatureHOB;
129 /** ATA/ATAPI register 1: error (read-only). */
130 uint8_t uATARegError;
131 /** ATA/ATAPI register 2: sector count (read/write). */
132 uint8_t uATARegNSector;
133 /** ATA/ATAPI register 2: sector count, high order byte. */
134 uint8_t uATARegNSectorHOB;
135 /** ATA/ATAPI register 3: sector (read/write). */
136 uint8_t uATARegSector;
137 /** ATA/ATAPI register 3: sector, high order byte. */
138 uint8_t uATARegSectorHOB;
139 /** ATA/ATAPI register 4: cylinder low (read/write). */
140 uint8_t uATARegLCyl;
141 /** ATA/ATAPI register 4: cylinder low, high order byte. */
142 uint8_t uATARegLCylHOB;
143 /** ATA/ATAPI register 5: cylinder high (read/write). */
144 uint8_t uATARegHCyl;
145 /** ATA/ATAPI register 5: cylinder high, high order byte. */
146 uint8_t uATARegHCylHOB;
147 /** ATA/ATAPI register 6: select drive/head (read/write). */
148 uint8_t uATARegSelect;
149 /** ATA/ATAPI register 7: status (read-only). */
150 uint8_t uATARegStatus;
151 /** ATA/ATAPI register 7: command (write-only). */
152 uint8_t uATARegCommand;
153 /** ATA/ATAPI drive control register (write-only). */
154 uint8_t uATARegDevCtl;
155
156 /** Currently active transfer mode (MDMA/UDMA) and speed. */
157 uint8_t uATATransferMode;
158 /** Current transfer direction. */
159 uint8_t uTxDir;
160 /** Index of callback for begin transfer. */
161 uint8_t iBeginTransfer;
162 /** Index of callback for source/sink of data. */
163 uint8_t iSourceSink;
164 /** Flag indicating whether the current command transfers data in DMA mode. */
165 bool fDMA;
166 /** Set to indicate that ATAPI transfer semantics must be used. */
167 bool fATAPITransfer;
168
169 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
170 uint32_t cbTotalTransfer;
171 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
172 uint32_t cbElementaryTransfer;
173 /** Current read/write buffer position, shared PIO/DMA. */
174 uint32_t iIOBufferCur;
175 /** First element beyond end of valid buffer content, shared PIO/DMA. */
176 uint32_t iIOBufferEnd;
177
178 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
179 uint32_t iIOBufferPIODataStart;
180 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
181 uint32_t iIOBufferPIODataEnd;
182
183 /** ATAPI current LBA position. */
184 uint32_t iATAPILBA;
185 /** ATAPI current sector size. */
186 uint32_t cbATAPISector;
187 /** ATAPI current command. */
188 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
189 /** ATAPI sense data. */
190 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
191 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
192 uint8_t cNotifiedMediaChange;
193 /** The same for GET_EVENT_STATUS for mechanism */
194 volatile uint32_t MediaEventStatus;
195
196 uint32_t Alignment0;
197
198 /** The status LED state for this drive. */
199 PDMLED Led;
200
201 /** Size of I/O buffer. */
202 uint32_t cbIOBuffer;
203 /** Pointer to the I/O buffer. */
204 R3PTRTYPE(uint8_t *) pbIOBufferR3;
205 /** Pointer to the I/O buffer. */
206 R0PTRTYPE(uint8_t *) pbIOBufferR0;
207 /** Pointer to the I/O buffer. */
208 RCPTRTYPE(uint8_t *) pbIOBufferRC;
209
210 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
211
212 /*
213 * No data that is part of the saved state after this point!!!!!
214 */
215
216 /* Release statistics: number of ATA DMA commands. */
217 STAMCOUNTER StatATADMA;
218 /* Release statistics: number of ATA PIO commands. */
219 STAMCOUNTER StatATAPIO;
220 /* Release statistics: number of ATAPI PIO commands. */
221 STAMCOUNTER StatATAPIDMA;
222 /* Release statistics: number of ATAPI PIO commands. */
223 STAMCOUNTER StatATAPIPIO;
224#ifdef VBOX_INSTRUMENT_DMA_WRITES
225 /* Release statistics: number of DMA sector writes and the time spent. */
226 STAMPROFILEADV StatInstrVDWrites;
227#endif
228
229 /** Statistics: number of read operations and the time spent reading. */
230 STAMPROFILEADV StatReads;
231 /** Statistics: number of bytes read. */
232 STAMCOUNTER StatBytesRead;
233 /** Statistics: number of write operations and the time spent writing. */
234 STAMPROFILEADV StatWrites;
235 /** Statistics: number of bytes written. */
236 STAMCOUNTER StatBytesWritten;
237 /** Statistics: number of flush operations and the time spend flushing. */
238 STAMPROFILE StatFlushes;
239
240 /** Enable passing through commands directly to the ATAPI drive. */
241 bool fATAPIPassthrough;
242 /** Number of errors we've reported to the release log.
243 * This is to prevent flooding caused by something going horribly wrong.
244 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
245 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
246 uint32_t cErrors;
247 /** Timestamp of last started command. 0 if no command pending. */
248 uint64_t u64CmdTS;
249
250 /** Pointer to the attached driver's base interface. */
251 R3PTRTYPE(PPDMIBASE) pDrvBase;
252 /** Pointer to the attached driver's block interface. */
253 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
254 /** Pointer to the attached driver's block bios interface. */
255 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
256 /** Pointer to the attached driver's mount interface.
257 * This is NULL if the driver isn't a removable unit. */
258 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
259 /** The base interface. */
260 PDMIBASE IBase;
261 /** The block port interface. */
262 PDMIBLOCKPORT IPort;
263 /** The mount notify interface. */
264 PDMIMOUNTNOTIFY IMountNotify;
265 /** The LUN #. */
266 RTUINT iLUN;
267#if HC_ARCH_BITS == 64
268 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
269#endif
270 /** Pointer to device instance. */
271 PPDMDEVINSR3 pDevInsR3;
272 /** Pointer to controller instance. */
273 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
274 /** Pointer to device instance. */
275 PPDMDEVINSR0 pDevInsR0;
276 /** Pointer to controller instance. */
277 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
278 /** Pointer to device instance. */
279 PPDMDEVINSRC pDevInsRC;
280 /** Pointer to controller instance. */
281 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
282
283 /** The serial numnber to use for IDENTIFY DEVICE commands. */
284 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
285 /** The firmware revision to use for IDENTIFY DEVICE commands. */
286 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
287 /** The model number to use for IDENTIFY DEVICE commands. */
288 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
289
290#if HC_ARCH_BITS == 64
291 uint32_t Alignment3[2];
292#endif
293} ATADevState;
294
295
296typedef struct ATATransferRequest
297{
298 uint8_t iIf;
299 uint8_t iBeginTransfer;
300 uint8_t iSourceSink;
301 uint32_t cbTotalTransfer;
302 uint8_t uTxDir;
303} ATATransferRequest;
304
305
306typedef struct ATAAbortRequest
307{
308 uint8_t iIf;
309 bool fResetDrive;
310} ATAAbortRequest;
311
312
313typedef enum
314{
315 /** Begin a new transfer. */
316 ATA_AIO_NEW = 0,
317 /** Continue a DMA transfer. */
318 ATA_AIO_DMA,
319 /** Continue a PIO transfer. */
320 ATA_AIO_PIO,
321 /** Reset the drives on current controller, stop all transfer activity. */
322 ATA_AIO_RESET_ASSERTED,
323 /** Reset the drives on current controller, resume operation. */
324 ATA_AIO_RESET_CLEARED,
325 /** Abort the current transfer of a particular drive. */
326 ATA_AIO_ABORT
327} ATAAIO;
328
329
330typedef struct ATARequest
331{
332 ATAAIO ReqType;
333 union
334 {
335 ATATransferRequest t;
336 ATAAbortRequest a;
337 } u;
338} ATARequest;
339
340
341typedef struct ATACONTROLLER
342{
343 /** The base of the first I/O Port range. */
344 RTIOPORT IOPortBase1;
345 /** The base of the second I/O Port range. (0 if none) */
346 RTIOPORT IOPortBase2;
347 /** The assigned IRQ. */
348 RTUINT irq;
349 /** Access critical section */
350 PDMCRITSECT lock;
351
352 /** Selected drive. */
353 uint8_t iSelectedIf;
354 /** The interface on which to handle async I/O. */
355 uint8_t iAIOIf;
356 /** The state of the async I/O thread. */
357 uint8_t uAsyncIOState;
358 /** Flag indicating whether the next transfer is part of the current command. */
359 bool fChainedTransfer;
360 /** Set when the reset processing is currently active on this controller. */
361 bool fReset;
362 /** Flag whether the current transfer needs to be redone. */
363 bool fRedo;
364 /** Flag whether the redo suspend has been finished. */
365 bool fRedoIdle;
366 /** Flag whether the DMA operation to be redone is the final transfer. */
367 bool fRedoDMALastDesc;
368 /** The BusMaster DMA state. */
369 BMDMAState BmDma;
370 /** Pointer to first DMA descriptor. */
371 RTGCPHYS32 pFirstDMADesc;
372 /** Pointer to last DMA descriptor. */
373 RTGCPHYS32 pLastDMADesc;
374 /** Pointer to current DMA buffer (for redo operations). */
375 RTGCPHYS32 pRedoDMABuffer;
376 /** Size of current DMA buffer (for redo operations). */
377 uint32_t cbRedoDMABuffer;
378
379 /** The ATA/ATAPI interfaces of this controller. */
380 ATADevState aIfs[2];
381
382 /** Pointer to device instance. */
383 PPDMDEVINSR3 pDevInsR3;
384 /** Pointer to device instance. */
385 PPDMDEVINSR0 pDevInsR0;
386 /** Pointer to device instance. */
387 PPDMDEVINSRC pDevInsRC;
388
389 /** Set when the destroying the device instance and the thread must exit. */
390 uint32_t volatile fShutdown;
391 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
392 RTTHREAD AsyncIOThread;
393 /** The event semaphore the thread is waiting on for requests. */
394 RTSEMEVENT AsyncIOSem;
395 /** The request queue for the AIO thread. One element is always unused. */
396 ATARequest aAsyncIORequests[4];
397 /** The position at which to insert a new request for the AIO thread. */
398 uint8_t AsyncIOReqHead;
399 /** The position at which to get a new request for the AIO thread. */
400 uint8_t AsyncIOReqTail;
401 uint8_t Alignment3[2]; /**< Explicit padding of the 2 byte gap. */
402 /** Magic delay before triggering interrupts in DMA mode. */
403 uint32_t DelayIRQMillies;
404 /** The mutex protecting the request queue. */
405 RTSEMMUTEX AsyncIORequestMutex;
406 /** The event semaphore the thread is waiting on during suspended I/O. */
407 RTSEMEVENT SuspendIOSem;
408#if 0 /*HC_ARCH_BITS == 32*/
409 uint32_t Alignment0;
410#endif
411
412 /** Timestamp we started the reset. */
413 uint64_t u64ResetTime;
414
415 /* Statistics */
416 STAMCOUNTER StatAsyncOps;
417 uint64_t StatAsyncMinWait;
418 uint64_t StatAsyncMaxWait;
419 STAMCOUNTER StatAsyncTimeUS;
420 STAMPROFILEADV StatAsyncTime;
421 STAMPROFILE StatLockWait;
422} ATACONTROLLER, *PATACONTROLLER;
423
424typedef struct PCIATAState {
425 PCIDEVICE dev;
426 /** The controllers. */
427 ATACONTROLLER aCts[2];
428 /** Pointer to device instance. */
429 PPDMDEVINSR3 pDevIns;
430 /** Status Port - Base interface. */
431 PDMIBASE IBase;
432 /** Status Port - Leds interface. */
433 PDMILEDPORTS ILeds;
434 /** Partner of ILeds. */
435 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
436 /** Flag whether GC is enabled. */
437 bool fGCEnabled;
438 /** Flag whether R0 is enabled. */
439 bool fR0Enabled;
440 /** Flag indicating whether PIIX4 or PIIX3 is being emulated. */
441 bool fPIIX4;
442 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1]; /**< Align the struct size. */
443} PCIATAState;
444
445#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
446#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
447#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
448#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
449#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
450#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
451
452#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
453
454#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
455#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
456#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
457#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
458
459#ifndef VBOX_DEVICE_STRUCT_TESTCASE
460/*******************************************************************************
461 * Internal Functions *
462 ******************************************************************************/
463__BEGIN_DECLS
464PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
465PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
466PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
467PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
468PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
469PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
470PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
471PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
472__END_DECLS
473
474
475
476DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
477{
478 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
479
480 /* Freeze status register contents while processing RESET. */
481 if (!pCtl->fReset)
482 {
483 s->uATARegStatus = stat;
484 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
485 }
486}
487
488
489DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
490{
491 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
492
493 /* Freeze status register contents while processing RESET. */
494 if (!pCtl->fReset)
495 {
496 s->uATARegStatus |= stat;
497 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
498 }
499}
500
501
502DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
503{
504 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
505
506 /* Freeze status register contents while processing RESET. */
507 if (!pCtl->fReset)
508 {
509 s->uATARegStatus &= ~stat;
510 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
511 }
512}
513
514#ifdef IN_RING3
515
516typedef void (*PBeginTransferFunc)(ATADevState *);
517typedef bool (*PSourceSinkFunc)(ATADevState *);
518
519static void ataReadWriteSectorsBT(ATADevState *);
520static void ataPacketBT(ATADevState *);
521static void atapiCmdBT(ATADevState *);
522static void atapiPassthroughCmdBT(ATADevState *);
523
524static bool ataIdentifySS(ATADevState *);
525static bool ataFlushSS(ATADevState *);
526static bool ataReadSectorsSS(ATADevState *);
527static bool ataWriteSectorsSS(ATADevState *);
528static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
529static bool ataPacketSS(ATADevState *);
530static bool atapiGetConfigurationSS(ATADevState *);
531static bool atapiGetEventStatusNotificationSS(ATADevState *);
532static bool atapiIdentifySS(ATADevState *);
533static bool atapiInquirySS(ATADevState *);
534static bool atapiMechanismStatusSS(ATADevState *);
535static bool atapiModeSenseErrorRecoverySS(ATADevState *);
536static bool atapiModeSenseCDStatusSS(ATADevState *);
537static bool atapiReadSS(ATADevState *);
538static bool atapiReadCapacitySS(ATADevState *);
539static bool atapiReadDiscInformationSS(ATADevState *);
540static bool atapiReadTOCNormalSS(ATADevState *);
541static bool atapiReadTOCMultiSS(ATADevState *);
542static bool atapiReadTOCRawSS(ATADevState *);
543static bool atapiReadTrackInformationSS(ATADevState *);
544static bool atapiRequestSenseSS(ATADevState *);
545static bool atapiPassthroughSS(ATADevState *);
546
547/**
548 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
549 */
550typedef enum ATAFNBT
551{
552 ATAFN_BT_NULL = 0,
553 ATAFN_BT_READ_WRITE_SECTORS,
554 ATAFN_BT_PACKET,
555 ATAFN_BT_ATAPI_CMD,
556 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
557 ATAFN_BT_MAX
558} ATAFNBT;
559
560/**
561 * Array of end transfer functions, the index is ATAFNET.
562 * Make sure ATAFNET and this array match!
563 */
564static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
565{
566 NULL,
567 ataReadWriteSectorsBT,
568 ataPacketBT,
569 atapiCmdBT,
570 atapiPassthroughCmdBT,
571};
572
573/**
574 * Source/sink function indexes for g_apfnSourceSinkFuncs.
575 */
576typedef enum ATAFNSS
577{
578 ATAFN_SS_NULL = 0,
579 ATAFN_SS_IDENTIFY,
580 ATAFN_SS_FLUSH,
581 ATAFN_SS_READ_SECTORS,
582 ATAFN_SS_WRITE_SECTORS,
583 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
584 ATAFN_SS_PACKET,
585 ATAFN_SS_ATAPI_GET_CONFIGURATION,
586 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
587 ATAFN_SS_ATAPI_IDENTIFY,
588 ATAFN_SS_ATAPI_INQUIRY,
589 ATAFN_SS_ATAPI_MECHANISM_STATUS,
590 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
591 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
592 ATAFN_SS_ATAPI_READ,
593 ATAFN_SS_ATAPI_READ_CAPACITY,
594 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
595 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
596 ATAFN_SS_ATAPI_READ_TOC_MULTI,
597 ATAFN_SS_ATAPI_READ_TOC_RAW,
598 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
599 ATAFN_SS_ATAPI_REQUEST_SENSE,
600 ATAFN_SS_ATAPI_PASSTHROUGH,
601 ATAFN_SS_MAX
602} ATAFNSS;
603
604/**
605 * Array of source/sink functions, the index is ATAFNSS.
606 * Make sure ATAFNSS and this array match!
607 */
608static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
609{
610 NULL,
611 ataIdentifySS,
612 ataFlushSS,
613 ataReadSectorsSS,
614 ataWriteSectorsSS,
615 ataExecuteDeviceDiagnosticSS,
616 ataPacketSS,
617 atapiGetConfigurationSS,
618 atapiGetEventStatusNotificationSS,
619 atapiIdentifySS,
620 atapiInquirySS,
621 atapiMechanismStatusSS,
622 atapiModeSenseErrorRecoverySS,
623 atapiModeSenseCDStatusSS,
624 atapiReadSS,
625 atapiReadCapacitySS,
626 atapiReadDiscInformationSS,
627 atapiReadTOCNormalSS,
628 atapiReadTOCMultiSS,
629 atapiReadTOCRawSS,
630 atapiReadTrackInformationSS,
631 atapiRequestSenseSS,
632 atapiPassthroughSS
633};
634
635
636static const ATARequest ataDMARequest = { ATA_AIO_DMA, };
637static const ATARequest ataPIORequest = { ATA_AIO_PIO, };
638static const ATARequest ataResetARequest = { ATA_AIO_RESET_ASSERTED, };
639static const ATARequest ataResetCRequest = { ATA_AIO_RESET_CLEARED, };
640
641
642static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
643{
644 int rc;
645
646 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
647 AssertRC(rc);
648 pCtl->AsyncIOReqHead = 0;
649 pCtl->AsyncIOReqTail = 0;
650 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
651 AssertRC(rc);
652}
653
654
655static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
656{
657 int rc;
658
659 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
660 AssertRC(rc);
661 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
662 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
663 pCtl->AsyncIOReqHead++;
664 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
665 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
666 AssertRC(rc);
667 LogBird(("ata: %x: signalling\n", pCtl->IOPortBase1));
668 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
669 if (RT_FAILURE(rc))
670 {
671 LogBird(("ata: %x: schedule failed, rc=%Rrc\n", pCtl->IOPortBase1, rc));
672 rc = RTSemEventSignal(pCtl->AsyncIOSem);
673 AssertRC(rc);
674 }
675}
676
677
678static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
679{
680 int rc;
681 const ATARequest *pReq;
682
683 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
684 AssertRC(rc);
685 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
686 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
687 else
688 pReq = NULL;
689 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
690 AssertRC(rc);
691 return pReq;
692}
693
694
695/**
696 * Remove the request with the given type, as it's finished. The request
697 * is not removed blindly, as this could mean a RESET request that is not
698 * yet processed (but has cleared the request queue) is lost.
699 *
700 * @param pCtl Controller for which to remove the request.
701 * @param ReqType Type of the request to remove.
702 */
703static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
704{
705 int rc;
706
707 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
708 AssertRC(rc);
709 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
710 {
711 pCtl->AsyncIOReqTail++;
712 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
713 }
714 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
715 AssertRC(rc);
716}
717
718
719/**
720 * Dump the request queue for a particular controller. First dump the queue
721 * contents, then the already processed entries, as long as they haven't been
722 * overwritten.
723 *
724 * @param pCtl Controller for which to dump the queue.
725 */
726static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
727{
728 int rc;
729 uint8_t curr;
730
731 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
732 AssertRC(rc);
733 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
734 curr = pCtl->AsyncIOReqTail;
735 do
736 {
737 if (curr == pCtl->AsyncIOReqHead)
738 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
739 switch (pCtl->aAsyncIORequests[curr].ReqType)
740 {
741 case ATA_AIO_NEW:
742 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
743 break;
744 case ATA_AIO_DMA:
745 LogRel(("dma transfer finished\n"));
746 break;
747 case ATA_AIO_PIO:
748 LogRel(("pio transfer finished\n"));
749 break;
750 case ATA_AIO_RESET_ASSERTED:
751 LogRel(("reset asserted request\n"));
752 break;
753 case ATA_AIO_RESET_CLEARED:
754 LogRel(("reset cleared request\n"));
755 break;
756 case ATA_AIO_ABORT:
757 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
758 break;
759 default:
760 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
761 }
762 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
763 } while (curr != pCtl->AsyncIOReqTail);
764 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
765 AssertRC(rc);
766}
767
768
769/**
770 * Checks whether the request queue for a particular controller is empty
771 * or whether a particular controller is idle.
772 *
773 * @param pCtl Controller for which to check the queue.
774 * @param fStrict If set then the controller is checked to be idle.
775 */
776static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
777{
778 int rc;
779 bool fIdle;
780
781 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
782 AssertRC(rc);
783 fIdle = pCtl->fRedoIdle;
784 if (!fIdle)
785 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
786 if (fStrict)
787 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
788 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
789 AssertRC(rc);
790 return fIdle;
791}
792
793
794/**
795 * Send a transfer request to the async I/O thread.
796 *
797 * @param s Pointer to the ATA device state data.
798 * @param cbTotalTransfer Data transfer size.
799 * @param uTxDir Data transfer direction.
800 * @param iBeginTransfer Index of BeginTransfer callback.
801 * @param iSourceSink Index of SourceSink callback.
802 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
803 */
804static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
805{
806 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
807 ATARequest Req;
808
809 Assert(PDMCritSectIsOwner(&pCtl->lock));
810
811 /* Do not issue new requests while the RESET line is asserted. */
812 if (pCtl->fReset)
813 {
814 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
815 return;
816 }
817
818 /* If the controller is already doing something else right now, ignore
819 * the command that is being submitted. Some broken guests issue commands
820 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
821 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true))
822 {
823 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
824 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
825 return;
826 }
827
828 Req.ReqType = ATA_AIO_NEW;
829 if (fChainedTransfer)
830 Req.u.t.iIf = pCtl->iAIOIf;
831 else
832 Req.u.t.iIf = pCtl->iSelectedIf;
833 Req.u.t.cbTotalTransfer = cbTotalTransfer;
834 Req.u.t.uTxDir = uTxDir;
835 Req.u.t.iBeginTransfer = iBeginTransfer;
836 Req.u.t.iSourceSink = iSourceSink;
837 ataSetStatusValue(s, ATA_STAT_BUSY);
838 pCtl->fChainedTransfer = fChainedTransfer;
839
840 /*
841 * Kick the worker thread into action.
842 */
843 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
844 ataAsyncIOPutRequest(pCtl, &Req);
845}
846
847
848/**
849 * Send an abort command request to the async I/O thread.
850 *
851 * @param s Pointer to the ATA device state data.
852 * @param fResetDrive Whether to reset the drive or just abort a command.
853 */
854static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
855{
856 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
857 ATARequest Req;
858
859 Assert(PDMCritSectIsOwner(&pCtl->lock));
860
861 /* Do not issue new requests while the RESET line is asserted. */
862 if (pCtl->fReset)
863 {
864 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
865 return;
866 }
867
868 Req.ReqType = ATA_AIO_ABORT;
869 Req.u.a.iIf = pCtl->iSelectedIf;
870 Req.u.a.fResetDrive = fResetDrive;
871 ataSetStatus(s, ATA_STAT_BUSY);
872 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
873 ataAsyncIOPutRequest(pCtl, &Req);
874}
875
876
877static void ataSetIRQ(ATADevState *s)
878{
879 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
880 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
881
882 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
883 {
884 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
885 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
886 * line is asserted. It monitors the line for a rising edge. */
887 if (!s->fIrqPending)
888 pCtl->BmDma.u8Status |= BM_STATUS_INT;
889 /* Only actually set the IRQ line if updating the currently selected drive. */
890 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
891 {
892 /** @todo experiment with adaptive IRQ delivery: for reads it is
893 * better to wait for IRQ delivery, as it reduces latency. */
894 if (pCtl->irq == 16)
895 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
896 else
897 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
898 }
899 }
900 s->fIrqPending = true;
901}
902
903#endif /* IN_RING3 */
904
905static void ataUnsetIRQ(ATADevState *s)
906{
907 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
908 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
909
910 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
911 {
912 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
913 /* Only actually unset the IRQ line if updating the currently selected drive. */
914 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
915 {
916 if (pCtl->irq == 16)
917 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
918 else
919 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
920 }
921 }
922 s->fIrqPending = false;
923}
924
925#ifdef IN_RING3
926
927static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
928{
929 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
930 s->iIOBufferPIODataStart = start;
931 s->iIOBufferPIODataEnd = start + size;
932 ataSetStatus(s, ATA_STAT_DRQ);
933}
934
935
936static void ataPIOTransferStop(ATADevState *s)
937{
938 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
939 if (s->fATAPITransfer)
940 {
941 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
942 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
943 ataSetIRQ(s);
944 s->fATAPITransfer = false;
945 }
946 s->cbTotalTransfer = 0;
947 s->cbElementaryTransfer = 0;
948 s->iIOBufferPIODataStart = 0;
949 s->iIOBufferPIODataEnd = 0;
950 s->iBeginTransfer = ATAFN_BT_NULL;
951 s->iSourceSink = ATAFN_SS_NULL;
952}
953
954
955static void ataPIOTransferLimitATAPI(ATADevState *s)
956{
957 uint32_t cbLimit, cbTransfer;
958
959 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
960 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
961 if (cbLimit == 0)
962 cbLimit = 0xfffe;
963 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
964 if (cbLimit == 0xffff)
965 cbLimit--;
966 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
967 if (cbTransfer > cbLimit)
968 {
969 /* Byte count limit for clipping must be even in this case */
970 if (cbLimit & 1)
971 cbLimit--;
972 cbTransfer = cbLimit;
973 }
974 s->uATARegLCyl = cbTransfer;
975 s->uATARegHCyl = cbTransfer >> 8;
976 s->cbElementaryTransfer = cbTransfer;
977}
978
979
980static uint32_t ataGetNSectors(ATADevState *s)
981{
982 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
983 if (s->fLBA48)
984 {
985 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
986 return 65536;
987 else
988 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
989 }
990 else
991 {
992 if (!s->uATARegNSector)
993 return 256;
994 else
995 return s->uATARegNSector;
996 }
997}
998
999
1000static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1001{
1002 for (uint32_t i = 0; i < cbSize; i++)
1003 {
1004 if (*pbSrc)
1005 pbDst[i ^ 1] = *pbSrc++;
1006 else
1007 pbDst[i ^ 1] = ' ';
1008 }
1009}
1010
1011
1012static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1013{
1014 for (uint32_t i = 0; i < cbSize; i++)
1015 {
1016 if (*pbSrc)
1017 pbDst[i] = *pbSrc++;
1018 else
1019 pbDst[i] = ' ';
1020 }
1021}
1022
1023
1024DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1025{
1026 pbBuf[0] = val >> 8;
1027 pbBuf[1] = val;
1028}
1029
1030
1031DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1032{
1033 pbBuf[0] = val >> 16;
1034 pbBuf[1] = val >> 8;
1035 pbBuf[2] = val;
1036}
1037
1038
1039DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1040{
1041 pbBuf[0] = val >> 24;
1042 pbBuf[1] = val >> 16;
1043 pbBuf[2] = val >> 8;
1044 pbBuf[3] = val;
1045}
1046
1047
1048DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1049{
1050 return (pbBuf[0] << 8) | pbBuf[1];
1051}
1052
1053
1054DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1055{
1056 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1057}
1058
1059
1060DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1061{
1062 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1063}
1064
1065
1066DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1067{
1068 iATAPILBA += 150;
1069 pbBuf[0] = (iATAPILBA / 75) / 60;
1070 pbBuf[1] = (iATAPILBA / 75) % 60;
1071 pbBuf[2] = iATAPILBA % 75;
1072}
1073
1074
1075DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1076{
1077 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1078}
1079
1080
1081static void ataCmdOK(ATADevState *s, uint8_t status)
1082{
1083 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1084 ataSetStatusValue(s, ATA_STAT_READY | status);
1085}
1086
1087
1088static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1089{
1090 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1091 s->uATARegError = uErrorCode;
1092 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1093 s->cbTotalTransfer = 0;
1094 s->cbElementaryTransfer = 0;
1095 s->iIOBufferCur = 0;
1096 s->iIOBufferEnd = 0;
1097 s->uTxDir = PDMBLOCKTXDIR_NONE;
1098 s->iBeginTransfer = ATAFN_BT_NULL;
1099 s->iSourceSink = ATAFN_SS_NULL;
1100}
1101
1102
1103static bool ataIdentifySS(ATADevState *s)
1104{
1105 uint16_t *p;
1106
1107 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1108 Assert(s->cbElementaryTransfer == 512);
1109
1110 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1111 memset(p, 0, 512);
1112 p[0] = RT_H2LE_U16(0x0040);
1113 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1114 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1115 /* Block size; obsolete, but required for the BIOS. */
1116 p[5] = RT_H2LE_U16(512);
1117 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1118 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1119 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1120 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1121 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1122 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1123 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1124#if ATA_MAX_MULT_SECTORS > 1
1125 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1126#endif
1127 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1128 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1129 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1130 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1131 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1132 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1133 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1134 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1135 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1136 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1137 * s->PCHSGeometry.cHeads
1138 * s->PCHSGeometry.cSectors);
1139 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1140 * s->PCHSGeometry.cHeads
1141 * s->PCHSGeometry.cSectors >> 16);
1142 if (s->cMultSectors)
1143 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1144 if (s->cTotalSectors <= (1 << 28) - 1)
1145 {
1146 p[60] = RT_H2LE_U16(s->cTotalSectors);
1147 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1148 }
1149 else
1150 {
1151 /* Report maximum number of sectors possible with LBA28 */
1152 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1153 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1154 }
1155 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1156 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1157 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1158 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1159 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1160 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1161 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1162 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1163 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1164 if (s->cTotalSectors <= (1 << 28) - 1)
1165 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1166 else
1167 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1168 p[84] = RT_H2LE_U16(1 << 14);
1169 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1170 if (s->cTotalSectors <= (1 << 28) - 1)
1171 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1172 else
1173 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1174 p[87] = RT_H2LE_U16(1 << 14);
1175 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1176 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1177 if (s->cTotalSectors > (1 << 28) - 1)
1178 {
1179 p[100] = RT_H2LE_U16(s->cTotalSectors);
1180 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1181 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1182 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1183 }
1184 s->iSourceSink = ATAFN_SS_NULL;
1185 ataCmdOK(s, ATA_STAT_SEEK);
1186 return false;
1187}
1188
1189
1190static bool ataFlushSS(ATADevState *s)
1191{
1192 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1193 int rc;
1194
1195 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1196 Assert(!s->cbElementaryTransfer);
1197
1198 PDMCritSectLeave(&pCtl->lock);
1199
1200 STAM_PROFILE_START(&s->StatFlushes, f);
1201 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1202 AssertRC(rc);
1203 STAM_PROFILE_STOP(&s->StatFlushes, f);
1204
1205 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1206 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1207 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1208 ataCmdOK(s, 0);
1209 return false;
1210}
1211
1212
1213static bool atapiIdentifySS(ATADevState *s)
1214{
1215 uint16_t *p;
1216
1217 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1218 Assert(s->cbElementaryTransfer == 512);
1219
1220 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1221 memset(p, 0, 512);
1222 /* Removable CDROM, 50us response, 12 byte packets */
1223 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1224 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1225 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1226 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1227 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1228 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1229 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1230 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1231 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1232 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1233 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1234 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1235 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1236 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1237 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1238 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1239 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1240 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1241 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1242 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1243 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1244 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1245 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1246 p[83] = RT_H2LE_U16(1 << 14);
1247 p[84] = RT_H2LE_U16(1 << 14);
1248 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1249 p[86] = RT_H2LE_U16(0);
1250 p[87] = RT_H2LE_U16(1 << 14);
1251 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1252 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1253 s->iSourceSink = ATAFN_SS_NULL;
1254 ataCmdOK(s, ATA_STAT_SEEK);
1255 return false;
1256}
1257
1258
1259static void ataSetSignature(ATADevState *s)
1260{
1261 s->uATARegSelect &= 0xf0; /* clear head */
1262 /* put signature */
1263 s->uATARegNSector = 1;
1264 s->uATARegSector = 1;
1265 if (s->fATAPI)
1266 {
1267 s->uATARegLCyl = 0x14;
1268 s->uATARegHCyl = 0xeb;
1269 }
1270 else if (s->pDrvBlock)
1271 {
1272 s->uATARegLCyl = 0;
1273 s->uATARegHCyl = 0;
1274 }
1275 else
1276 {
1277 s->uATARegLCyl = 0xff;
1278 s->uATARegHCyl = 0xff;
1279 }
1280}
1281
1282
1283static uint64_t ataGetSector(ATADevState *s)
1284{
1285 uint64_t iLBA;
1286 if (s->uATARegSelect & 0x40)
1287 {
1288 /* any LBA variant */
1289 if (s->fLBA48)
1290 {
1291 /* LBA48 */
1292 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1293 ((uint64_t)s->uATARegLCylHOB << 32) |
1294 ((uint64_t)s->uATARegSectorHOB << 24) |
1295 ((uint64_t)s->uATARegHCyl << 16) |
1296 ((uint64_t)s->uATARegLCyl << 8) |
1297 s->uATARegSector;
1298 }
1299 else
1300 {
1301 /* LBA */
1302 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1303 (s->uATARegLCyl << 8) | s->uATARegSector;
1304 }
1305 }
1306 else
1307 {
1308 /* CHS */
1309 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1310 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1311 (s->uATARegSector - 1);
1312 }
1313 return iLBA;
1314}
1315
1316static void ataSetSector(ATADevState *s, uint64_t iLBA)
1317{
1318 uint32_t cyl, r;
1319 if (s->uATARegSelect & 0x40)
1320 {
1321 /* any LBA variant */
1322 if (s->fLBA48)
1323 {
1324 /* LBA48 */
1325 s->uATARegHCylHOB = iLBA >> 40;
1326 s->uATARegLCylHOB = iLBA >> 32;
1327 s->uATARegSectorHOB = iLBA >> 24;
1328 s->uATARegHCyl = iLBA >> 16;
1329 s->uATARegLCyl = iLBA >> 8;
1330 s->uATARegSector = iLBA;
1331 }
1332 else
1333 {
1334 /* LBA */
1335 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1336 s->uATARegHCyl = (iLBA >> 16);
1337 s->uATARegLCyl = (iLBA >> 8);
1338 s->uATARegSector = (iLBA);
1339 }
1340 }
1341 else
1342 {
1343 /* CHS */
1344 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1345 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1346 s->uATARegHCyl = cyl >> 8;
1347 s->uATARegLCyl = cyl;
1348 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1349 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1350 }
1351}
1352
1353
1354static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors)
1355{
1356 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1357 int rc;
1358
1359 PDMCritSectLeave(&pCtl->lock);
1360
1361 STAM_PROFILE_ADV_START(&s->StatReads, r);
1362 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1363 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1364 s->Led.Actual.s.fReading = 0;
1365 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1366
1367 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1368
1369 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1370 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1371 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1372 return rc;
1373}
1374
1375
1376static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors)
1377{
1378 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1379 int rc;
1380
1381 PDMCritSectLeave(&pCtl->lock);
1382
1383 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1384 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1385#ifdef VBOX_INSTRUMENT_DMA_WRITES
1386 if (s->fDMA)
1387 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1388#endif
1389 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1390#ifdef VBOX_INSTRUMENT_DMA_WRITES
1391 if (s->fDMA)
1392 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1393#endif
1394 s->Led.Actual.s.fWriting = 0;
1395 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1396
1397 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1398
1399 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1400 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1401 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1402 return rc;
1403}
1404
1405
1406static void ataReadWriteSectorsBT(ATADevState *s)
1407{
1408 uint32_t cSectors;
1409
1410 cSectors = s->cbTotalTransfer / 512;
1411 if (cSectors > s->cSectorsPerIRQ)
1412 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1413 else
1414 s->cbElementaryTransfer = cSectors * 512;
1415 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1416 ataCmdOK(s, 0);
1417}
1418
1419
1420static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1421{
1422 int rc;
1423 LogRel(("PIIX3 ATA: Host disk full\n"));
1424 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1425 false, "DevATA_DISKFULL",
1426 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1427 AssertRC(rc);
1428}
1429
1430
1431static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1432{
1433 int rc;
1434 LogRel(("PIIX3 ATA: File too big\n"));
1435 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1436 false, "DevATA_FILETOOBIG",
1437 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1438 AssertRC(rc);
1439}
1440
1441
1442static void ataWarningISCSI(PPDMDEVINS pDevIns)
1443{
1444 int rc;
1445 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1446 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1447 false, "DevATA_ISCSIDOWN",
1448 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1449 AssertRC(rc);
1450}
1451
1452
1453static bool ataReadSectorsSS(ATADevState *s)
1454{
1455 int rc;
1456 uint32_t cSectors;
1457 uint64_t iLBA;
1458
1459 cSectors = s->cbElementaryTransfer / 512;
1460 Assert(cSectors);
1461 iLBA = ataGetSector(s);
1462 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1463 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors);
1464 if (RT_SUCCESS(rc))
1465 {
1466 ataSetSector(s, iLBA + cSectors);
1467 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1468 s->iSourceSink = ATAFN_SS_NULL;
1469 ataCmdOK(s, ATA_STAT_SEEK);
1470 }
1471 else
1472 {
1473 if (rc == VERR_DISK_FULL)
1474 {
1475 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1476 return true;
1477 }
1478 if (rc == VERR_FILE_TOO_BIG)
1479 {
1480 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1481 return true;
1482 }
1483 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1484 {
1485 /* iSCSI connection abort (first error) or failure to reestablish
1486 * connection (second error). Pause VM. On resume we'll retry. */
1487 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1488 return true;
1489 }
1490 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1491 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1492 s->iLUN, rc, iLBA, cSectors));
1493
1494 /*
1495 * Check if we got interrupted. We don't need to set status variables
1496 * because the request was aborted.
1497 */
1498 if (rc != VERR_INTERRUPTED)
1499 ataCmdError(s, ID_ERR);
1500 }
1501 /** @todo implement redo for iSCSI */
1502 return false;
1503}
1504
1505
1506static bool ataWriteSectorsSS(ATADevState *s)
1507{
1508 int rc;
1509 uint32_t cSectors;
1510 uint64_t iLBA;
1511
1512 cSectors = s->cbElementaryTransfer / 512;
1513 Assert(cSectors);
1514 iLBA = ataGetSector(s);
1515 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1516 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors);
1517 if (RT_SUCCESS(rc))
1518 {
1519 ataSetSector(s, iLBA + cSectors);
1520 if (!s->cbTotalTransfer)
1521 s->iSourceSink = ATAFN_SS_NULL;
1522 ataCmdOK(s, ATA_STAT_SEEK);
1523 }
1524 else
1525 {
1526 if (rc == VERR_DISK_FULL)
1527 {
1528 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1529 return true;
1530 }
1531 if (rc == VERR_FILE_TOO_BIG)
1532 {
1533 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1534 return true;
1535 }
1536 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1537 {
1538 /* iSCSI connection abort (first error) or failure to reestablish
1539 * connection (second error). Pause VM. On resume we'll retry. */
1540 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1541 return true;
1542 }
1543 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1544 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1545 s->iLUN, rc, iLBA, cSectors));
1546
1547 /*
1548 * Check if we got interrupted. We don't need to set status variables
1549 * because the request was aborted.
1550 */
1551 if (rc != VERR_INTERRUPTED)
1552 ataCmdError(s, ID_ERR);
1553 }
1554 /** @todo implement redo for iSCSI */
1555 return false;
1556}
1557
1558
1559static void atapiCmdOK(ATADevState *s)
1560{
1561 s->uATARegError = 0;
1562 ataSetStatusValue(s, ATA_STAT_READY);
1563 s->uATARegNSector = (s->uATARegNSector & ~7)
1564 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1565 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1566 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1567
1568 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1569 s->abATAPISense[0] = 0x70 | (1 << 7);
1570 s->abATAPISense[7] = 10;
1571}
1572
1573
1574static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1575{
1576 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1577 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1578 s->uATARegError = pabATAPISense[2] << 4;
1579 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1580 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1581 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1582 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1583 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1584 s->cbTotalTransfer = 0;
1585 s->cbElementaryTransfer = 0;
1586 s->iIOBufferCur = 0;
1587 s->iIOBufferEnd = 0;
1588 s->uTxDir = PDMBLOCKTXDIR_NONE;
1589 s->iBeginTransfer = ATAFN_BT_NULL;
1590 s->iSourceSink = ATAFN_SS_NULL;
1591}
1592
1593
1594/** @todo deprecated function - doesn't provide enough info. Replace by direct
1595 * calls to atapiCmdError() with full data. */
1596static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1597{
1598 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1599 memset(abATAPISense, '\0', sizeof(abATAPISense));
1600 abATAPISense[0] = 0x70 | (1 << 7);
1601 abATAPISense[2] = uATAPISenseKey & 0x0f;
1602 abATAPISense[7] = 10;
1603 abATAPISense[12] = uATAPIASC;
1604 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1605}
1606
1607
1608static void atapiCmdBT(ATADevState *s)
1609{
1610 s->fATAPITransfer = true;
1611 s->cbElementaryTransfer = s->cbTotalTransfer;
1612 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1613 atapiCmdOK(s);
1614}
1615
1616
1617static void atapiPassthroughCmdBT(ATADevState *s)
1618{
1619 /* @todo implement an algorithm for correctly determining the read and
1620 * write sector size without sending additional commands to the drive.
1621 * This should be doable by saving processing the configuration requests
1622 * and replies. */
1623#if 0
1624 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1625 {
1626 uint8_t cmd = s->aATAPICmd[0];
1627 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1628 {
1629 uint8_t aModeSenseCmd[10];
1630 uint8_t aModeSenseResult[16];
1631 uint8_t uDummySense;
1632 uint32_t cbTransfer;
1633 int rc;
1634
1635 cbTransfer = sizeof(aModeSenseResult);
1636 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1637 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1638 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1639 aModeSenseCmd[3] = 0; /* subpage code */
1640 aModeSenseCmd[4] = 0; /* reserved */
1641 aModeSenseCmd[5] = 0; /* reserved */
1642 aModeSenseCmd[6] = 0; /* reserved */
1643 aModeSenseCmd[7] = cbTransfer >> 8;
1644 aModeSenseCmd[8] = cbTransfer & 0xff;
1645 aModeSenseCmd[9] = 0; /* control */
1646 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1647 if (RT_FAILURE(rc))
1648 {
1649 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1650 return;
1651 }
1652 /* Select sector size based on the current data block type. */
1653 switch (aModeSenseResult[12] & 0x0f)
1654 {
1655 case 0:
1656 s->cbATAPISector = 2352;
1657 break;
1658 case 1:
1659 s->cbATAPISector = 2368;
1660 break;
1661 case 2:
1662 case 3:
1663 s->cbATAPISector = 2448;
1664 break;
1665 case 8:
1666 case 10:
1667 s->cbATAPISector = 2048;
1668 break;
1669 case 9:
1670 s->cbATAPISector = 2336;
1671 break;
1672 case 11:
1673 s->cbATAPISector = 2056;
1674 break;
1675 case 12:
1676 s->cbATAPISector = 2324;
1677 break;
1678 case 13:
1679 s->cbATAPISector = 2332;
1680 break;
1681 default:
1682 s->cbATAPISector = 0;
1683 }
1684 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1685 s->cbTotalTransfer *= s->cbATAPISector;
1686 if (s->cbTotalTransfer == 0)
1687 s->uTxDir = PDMBLOCKTXDIR_NONE;
1688 }
1689 }
1690#endif
1691 atapiCmdBT(s);
1692}
1693
1694
1695static bool atapiReadSS(ATADevState *s)
1696{
1697 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1698 int rc = VINF_SUCCESS;
1699 uint32_t cbTransfer, cSectors;
1700
1701 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1702 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1703 cSectors = cbTransfer / s->cbATAPISector;
1704 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1705 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1706
1707 PDMCritSectLeave(&pCtl->lock);
1708
1709 STAM_PROFILE_ADV_START(&s->StatReads, r);
1710 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1711 switch (s->cbATAPISector)
1712 {
1713 case 2048:
1714 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1715 break;
1716 case 2352:
1717 {
1718 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1719
1720 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1721 {
1722 /* sync bytes */
1723 *pbBuf++ = 0x00;
1724 memset(pbBuf, 0xff, 11);
1725 pbBuf += 11;
1726 /* MSF */
1727 ataLBA2MSF(pbBuf, i);
1728 pbBuf += 3;
1729 *pbBuf++ = 0x01; /* mode 1 data */
1730 /* data */
1731 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1732 if (RT_FAILURE(rc))
1733 break;
1734 pbBuf += 2048;
1735 /* ECC */
1736 memset(pbBuf, 0, 288);
1737 pbBuf += 288;
1738 }
1739 }
1740 break;
1741 default:
1742 break;
1743 }
1744 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1745
1746 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1747 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1748 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1749
1750 if (RT_SUCCESS(rc))
1751 {
1752 s->Led.Actual.s.fReading = 0;
1753 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1754
1755 /* The initial buffer end value has been set up based on the total
1756 * transfer size. But the I/O buffer size limits what can actually be
1757 * done in one transfer, so set the actual value of the buffer end. */
1758 s->cbElementaryTransfer = cbTransfer;
1759 if (cbTransfer >= s->cbTotalTransfer)
1760 s->iSourceSink = ATAFN_SS_NULL;
1761 atapiCmdOK(s);
1762 s->iATAPILBA += cSectors;
1763 }
1764 else
1765 {
1766 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1767 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1768
1769 /*
1770 * Check if we got interrupted. We don't need to set status variables
1771 * because the request was aborted.
1772 */
1773 if (rc != VERR_INTERRUPTED)
1774 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1775 }
1776 return false;
1777}
1778
1779
1780static bool atapiPassthroughSS(ATADevState *s)
1781{
1782 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1783 int rc = VINF_SUCCESS;
1784 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1785 size_t cbTransfer;
1786 PSTAMPROFILEADV pProf = NULL;
1787
1788 cbTransfer = s->cbElementaryTransfer;
1789
1790 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1791 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1792
1793 /* Simple heuristics: if there is at least one sector of data
1794 * to transfer, it's worth updating the LEDs. */
1795 if (cbTransfer >= 2048)
1796 {
1797 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1798 {
1799 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1800 pProf = &s->StatReads;
1801 }
1802 else
1803 {
1804 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1805 pProf = &s->StatWrites;
1806 }
1807 }
1808
1809 PDMCritSectLeave(&pCtl->lock);
1810
1811 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1812 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1813 {
1814 /* Linux accepts commands with up to 100KB of data, but expects
1815 * us to handle commands with up to 128KB of data. The usual
1816 * imbalance of powers. */
1817 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1818 uint32_t iATAPILBA, cSectors, cReqSectors;
1819 size_t cbCurrTX;
1820 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1821
1822 switch (s->aATAPICmd[0])
1823 {
1824 case SCSI_READ_10:
1825 case SCSI_WRITE_10:
1826 case SCSI_WRITE_AND_VERIFY_10:
1827 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1828 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1829 break;
1830 case SCSI_READ_12:
1831 case SCSI_WRITE_12:
1832 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1833 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1834 break;
1835 case SCSI_READ_CD:
1836 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1837 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1838 break;
1839 case SCSI_READ_CD_MSF:
1840 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1841 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1842 break;
1843 default:
1844 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1845 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1846 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1847 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1848 {
1849 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1850 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1851 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1852 }
1853 return false;
1854 }
1855 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1856 cReqSectors = 0;
1857 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1858 {
1859 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1860 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1861 else
1862 cReqSectors = i;
1863 cbCurrTX = s->cbATAPISector * cReqSectors;
1864 switch (s->aATAPICmd[0])
1865 {
1866 case SCSI_READ_10:
1867 case SCSI_WRITE_10:
1868 case SCSI_WRITE_AND_VERIFY_10:
1869 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1870 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1871 break;
1872 case SCSI_READ_12:
1873 case SCSI_WRITE_12:
1874 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1875 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1876 break;
1877 case SCSI_READ_CD:
1878 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1879 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1880 break;
1881 case SCSI_READ_CD_MSF:
1882 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1883 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1884 break;
1885 }
1886 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1887 if (rc != VINF_SUCCESS)
1888 break;
1889 iATAPILBA += cReqSectors;
1890 pbBuf += s->cbATAPISector * cReqSectors;
1891 }
1892 }
1893 else
1894 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1895 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1896
1897 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1898 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1899 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1900
1901 /* Update the LEDs and the read/write statistics. */
1902 if (cbTransfer >= 2048)
1903 {
1904 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1905 {
1906 s->Led.Actual.s.fReading = 0;
1907 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
1908 }
1909 else
1910 {
1911 s->Led.Actual.s.fWriting = 0;
1912 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
1913 }
1914 }
1915
1916 if (RT_SUCCESS(rc))
1917 {
1918 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
1919 {
1920 Assert(cbTransfer <= s->cbTotalTransfer);
1921 /* Reply with the same amount of data as the real drive. */
1922 s->cbTotalTransfer = cbTransfer;
1923 /* The initial buffer end value has been set up based on the total
1924 * transfer size. But the I/O buffer size limits what can actually be
1925 * done in one transfer, so set the actual value of the buffer end. */
1926 s->cbElementaryTransfer = cbTransfer;
1927 if (s->aATAPICmd[0] == SCSI_INQUIRY)
1928 {
1929 /* Make sure that the real drive cannot be identified.
1930 * Motivation: changing the VM configuration should be as
1931 * invisible as possible to the guest. */
1932 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1933 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
1934 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
1935 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
1936 }
1937 if (cbTransfer)
1938 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1939 }
1940 s->iSourceSink = ATAFN_SS_NULL;
1941 atapiCmdOK(s);
1942 }
1943 else
1944 {
1945 if (s->cErrors < MAX_LOG_REL_ERRORS)
1946 {
1947 uint8_t u8Cmd = s->aATAPICmd[0];
1948 do
1949 {
1950 /* don't log superflous errors */
1951 if ( rc == VERR_DEV_IO_ERROR
1952 && ( u8Cmd == SCSI_TEST_UNIT_READY
1953 || u8Cmd == SCSI_READ_CAPACITY
1954 || u8Cmd == SCSI_READ_DVD_STRUCTURE
1955 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
1956 break;
1957 s->cErrors++;
1958 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
1959 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
1960 } while (0);
1961 }
1962 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1963 }
1964 return false;
1965}
1966
1967
1968static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
1969{
1970 Assert(cSectors > 0);
1971 s->iATAPILBA = iATAPILBA;
1972 s->cbATAPISector = cbSector;
1973 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
1974 return false;
1975}
1976
1977
1978static bool atapiReadCapacitySS(ATADevState *s)
1979{
1980 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1981
1982 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1983 Assert(s->cbElementaryTransfer <= 8);
1984 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
1985 ataH2BE_U32(pbBuf + 4, 2048);
1986 s->iSourceSink = ATAFN_SS_NULL;
1987 atapiCmdOK(s);
1988 return false;
1989}
1990
1991
1992static bool atapiReadDiscInformationSS(ATADevState *s)
1993{
1994 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1995
1996 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1997 Assert(s->cbElementaryTransfer <= 34);
1998 memset(pbBuf, '\0', 34);
1999 ataH2BE_U16(pbBuf, 32);
2000 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2001 pbBuf[3] = 1; /* number of first track */
2002 pbBuf[4] = 1; /* number of sessions (LSB) */
2003 pbBuf[5] = 1; /* first track number in last session (LSB) */
2004 pbBuf[6] = 1; /* last track number in last session (LSB) */
2005 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2006 pbBuf[8] = 0; /* disc type = CD-ROM */
2007 pbBuf[9] = 0; /* number of sessions (MSB) */
2008 pbBuf[10] = 0; /* number of sessions (MSB) */
2009 pbBuf[11] = 0; /* number of sessions (MSB) */
2010 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2011 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2012 s->iSourceSink = ATAFN_SS_NULL;
2013 atapiCmdOK(s);
2014 return false;
2015}
2016
2017
2018static bool atapiReadTrackInformationSS(ATADevState *s)
2019{
2020 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2021
2022 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2023 Assert(s->cbElementaryTransfer <= 36);
2024 /* Accept address/number type of 1 only, and only track 1 exists. */
2025 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2026 {
2027 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2028 return false;
2029 }
2030 memset(pbBuf, '\0', 36);
2031 ataH2BE_U16(pbBuf, 34);
2032 pbBuf[2] = 1; /* track number (LSB) */
2033 pbBuf[3] = 1; /* session number (LSB) */
2034 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2035 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2036 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2037 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2038 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2039 pbBuf[32] = 0; /* track number (MSB) */
2040 pbBuf[33] = 0; /* session number (MSB) */
2041 s->iSourceSink = ATAFN_SS_NULL;
2042 atapiCmdOK(s);
2043 return false;
2044}
2045
2046
2047static bool atapiGetConfigurationSS(ATADevState *s)
2048{
2049 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2050 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2051
2052 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2053 Assert(s->cbElementaryTransfer <= 32);
2054 /* Accept valid request types only, and only starting feature 0. */
2055 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2056 {
2057 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2058 return false;
2059 }
2060 memset(pbBuf, '\0', 32);
2061 ataH2BE_U32(pbBuf, 16);
2062 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2063 * way to differentiate them right now is based on the image size). Also
2064 * implement signalling "no current profile" if no medium is loaded. */
2065 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2066
2067 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2068 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2069 pbBuf[11] = 8; /* additional bytes for profiles */
2070 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2071 * before CD-ROM read capability. */
2072 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2073 pbBuf[14] = (0 << 0); /* NOT current profile */
2074 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2075 pbBuf[18] = (1 << 0); /* current profile */
2076 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2077 s->iSourceSink = ATAFN_SS_NULL;
2078 atapiCmdOK(s);
2079 return false;
2080}
2081
2082
2083static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2084{
2085 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2086
2087 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2088 Assert(s->cbElementaryTransfer <= 8);
2089
2090 if (!(s->aATAPICmd[1] & 1))
2091 {
2092 /* no asynchronous operation supported */
2093 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2094 return false;
2095 }
2096
2097 uint32_t OldStatus, NewStatus;
2098 do
2099 {
2100 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2101 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2102 switch (OldStatus)
2103 {
2104 case ATA_EVENT_STATUS_MEDIA_NEW:
2105 /* mount */
2106 ataH2BE_U16(pbBuf + 0, 6);
2107 pbBuf[2] = 0x04;
2108 pbBuf[3] = 0x5e;
2109 pbBuf[4] = 0x02;
2110 pbBuf[5] = 0x02;
2111 pbBuf[6] = 0x00;
2112 pbBuf[7] = 0x00;
2113 break;
2114
2115 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2116 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2117 /* umount */
2118 ataH2BE_U16(pbBuf + 0, 6);
2119 pbBuf[2] = 0x04;
2120 pbBuf[3] = 0x5e;
2121 pbBuf[4] = 0x03;
2122 pbBuf[5] = 0x00;
2123 pbBuf[6] = 0x00;
2124 pbBuf[7] = 0x00;
2125 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2126 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2127 break;
2128
2129 case ATA_EVENT_STATUS_UNCHANGED:
2130 default:
2131 ataH2BE_U16(pbBuf + 0, 6);
2132 pbBuf[2] = 0x01;
2133 pbBuf[3] = 0x5e;
2134 pbBuf[4] = 0x00;
2135 pbBuf[5] = 0x00;
2136 pbBuf[6] = 0x00;
2137 pbBuf[7] = 0x00;
2138 break;
2139 }
2140 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2141
2142 s->iSourceSink = ATAFN_SS_NULL;
2143 atapiCmdOK(s);
2144 return false;
2145}
2146
2147
2148static bool atapiInquirySS(ATADevState *s)
2149{
2150 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2151
2152 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2153 Assert(s->cbElementaryTransfer <= 36);
2154 pbBuf[0] = 0x05; /* CD-ROM */
2155 pbBuf[1] = 0x80; /* removable */
2156#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2157 pbBuf[2] = 0x00; /* ISO */
2158 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2159#else
2160 pbBuf[2] = 0x00; /* ISO */
2161 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2162#endif
2163 pbBuf[4] = 31; /* additional length */
2164 pbBuf[5] = 0; /* reserved */
2165 pbBuf[6] = 0; /* reserved */
2166 pbBuf[7] = 0; /* reserved */
2167 ataSCSIPadStr(pbBuf + 8, "VBOX", 8);
2168 ataSCSIPadStr(pbBuf + 16, "CD-ROM", 16);
2169 ataSCSIPadStr(pbBuf + 32, "1.0", 4);
2170 s->iSourceSink = ATAFN_SS_NULL;
2171 atapiCmdOK(s);
2172 return false;
2173}
2174
2175
2176static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2177{
2178 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2179
2180 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2181 Assert(s->cbElementaryTransfer <= 16);
2182 ataH2BE_U16(&pbBuf[0], 16 + 6);
2183 pbBuf[2] = 0x70;
2184 pbBuf[3] = 0;
2185 pbBuf[4] = 0;
2186 pbBuf[5] = 0;
2187 pbBuf[6] = 0;
2188 pbBuf[7] = 0;
2189
2190 pbBuf[8] = 0x01;
2191 pbBuf[9] = 0x06;
2192 pbBuf[10] = 0x00;
2193 pbBuf[11] = 0x05;
2194 pbBuf[12] = 0x00;
2195 pbBuf[13] = 0x00;
2196 pbBuf[14] = 0x00;
2197 pbBuf[15] = 0x00;
2198 s->iSourceSink = ATAFN_SS_NULL;
2199 atapiCmdOK(s);
2200 return false;
2201}
2202
2203
2204static bool atapiModeSenseCDStatusSS(ATADevState *s)
2205{
2206 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2207
2208 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2209 Assert(s->cbElementaryTransfer <= 40);
2210 ataH2BE_U16(&pbBuf[0], 38);
2211 pbBuf[2] = 0x70;
2212 pbBuf[3] = 0;
2213 pbBuf[4] = 0;
2214 pbBuf[5] = 0;
2215 pbBuf[6] = 0;
2216 pbBuf[7] = 0;
2217
2218 pbBuf[8] = 0x2a;
2219 pbBuf[9] = 30; /* page length */
2220 pbBuf[10] = 0x08; /* DVD-ROM read support */
2221 pbBuf[11] = 0x00; /* no write support */
2222 /* The following claims we support audio play. This is obviously false,
2223 * but the Linux generic CDROM support makes many features depend on this
2224 * capability. If it's not set, this causes many things to be disabled. */
2225 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2226 pbBuf[13] = 0x00; /* no subchannel reads supported */
2227 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2228 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2229 pbBuf[14] |= 1 << 1; /* report lock state */
2230 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2231 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2232 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2233 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2234 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2235 pbBuf[24] = 0; /* reserved */
2236 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2237 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2238 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2239 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2240 pbBuf[32] = 0; /* reserved */
2241 pbBuf[33] = 0; /* reserved */
2242 pbBuf[34] = 0; /* reserved */
2243 pbBuf[35] = 1; /* rotation control CAV */
2244 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2245 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2246 s->iSourceSink = ATAFN_SS_NULL;
2247 atapiCmdOK(s);
2248 return false;
2249}
2250
2251
2252static bool atapiRequestSenseSS(ATADevState *s)
2253{
2254 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2255
2256 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2257 memset(pbBuf, '\0', s->cbElementaryTransfer);
2258 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2259 s->iSourceSink = ATAFN_SS_NULL;
2260 atapiCmdOK(s);
2261 return false;
2262}
2263
2264
2265static bool atapiMechanismStatusSS(ATADevState *s)
2266{
2267 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2268
2269 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2270 Assert(s->cbElementaryTransfer <= 8);
2271 ataH2BE_U16(pbBuf, 0);
2272 /* no current LBA */
2273 pbBuf[2] = 0;
2274 pbBuf[3] = 0;
2275 pbBuf[4] = 0;
2276 pbBuf[5] = 1;
2277 ataH2BE_U16(pbBuf + 6, 0);
2278 s->iSourceSink = ATAFN_SS_NULL;
2279 atapiCmdOK(s);
2280 return false;
2281}
2282
2283
2284static bool atapiReadTOCNormalSS(ATADevState *s)
2285{
2286 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2287 bool fMSF;
2288 uint32_t cbSize;
2289
2290 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2291 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2292 iStartTrack = s->aATAPICmd[6];
2293 if (iStartTrack > 1 && iStartTrack != 0xaa)
2294 {
2295 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2296 return false;
2297 }
2298 q = pbBuf + 2;
2299 *q++ = 1; /* first session */
2300 *q++ = 1; /* last session */
2301 if (iStartTrack <= 1)
2302 {
2303 *q++ = 0; /* reserved */
2304 *q++ = 0x14; /* ADR, control */
2305 *q++ = 1; /* track number */
2306 *q++ = 0; /* reserved */
2307 if (fMSF)
2308 {
2309 *q++ = 0; /* reserved */
2310 ataLBA2MSF(q, 0);
2311 q += 3;
2312 }
2313 else
2314 {
2315 /* sector 0 */
2316 ataH2BE_U32(q, 0);
2317 q += 4;
2318 }
2319 }
2320 /* lead out track */
2321 *q++ = 0; /* reserved */
2322 *q++ = 0x14; /* ADR, control */
2323 *q++ = 0xaa; /* track number */
2324 *q++ = 0; /* reserved */
2325 if (fMSF)
2326 {
2327 *q++ = 0; /* reserved */
2328 ataLBA2MSF(q, s->cTotalSectors);
2329 q += 3;
2330 }
2331 else
2332 {
2333 ataH2BE_U32(q, s->cTotalSectors);
2334 q += 4;
2335 }
2336 cbSize = q - pbBuf;
2337 ataH2BE_U16(pbBuf, cbSize - 2);
2338 if (cbSize < s->cbTotalTransfer)
2339 s->cbTotalTransfer = cbSize;
2340 s->iSourceSink = ATAFN_SS_NULL;
2341 atapiCmdOK(s);
2342 return false;
2343}
2344
2345
2346static bool atapiReadTOCMultiSS(ATADevState *s)
2347{
2348 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2349 bool fMSF;
2350
2351 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2352 Assert(s->cbElementaryTransfer <= 12);
2353 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2354 /* multi session: only a single session defined */
2355/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2356 memset(pbBuf, 0, 12);
2357 pbBuf[1] = 0x0a;
2358 pbBuf[2] = 0x01;
2359 pbBuf[3] = 0x01;
2360 pbBuf[5] = 0x14; /* ADR, control */
2361 pbBuf[6] = 1; /* first track in last complete session */
2362 if (fMSF)
2363 {
2364 pbBuf[8] = 0; /* reserved */
2365 ataLBA2MSF(&pbBuf[9], 0);
2366 }
2367 else
2368 {
2369 /* sector 0 */
2370 ataH2BE_U32(pbBuf + 8, 0);
2371 }
2372 s->iSourceSink = ATAFN_SS_NULL;
2373 atapiCmdOK(s);
2374 return false;
2375}
2376
2377
2378static bool atapiReadTOCRawSS(ATADevState *s)
2379{
2380 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2381 bool fMSF;
2382 uint32_t cbSize;
2383
2384 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2385 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2386 iStartTrack = s->aATAPICmd[6];
2387
2388 q = pbBuf + 2;
2389 *q++ = 1; /* first session */
2390 *q++ = 1; /* last session */
2391
2392 *q++ = 1; /* session number */
2393 *q++ = 0x14; /* data track */
2394 *q++ = 0; /* track number */
2395 *q++ = 0xa0; /* first track in program area */
2396 *q++ = 0; /* min */
2397 *q++ = 0; /* sec */
2398 *q++ = 0; /* frame */
2399 *q++ = 0;
2400 *q++ = 1; /* first track */
2401 *q++ = 0x00; /* disk type CD-DA or CD data */
2402 *q++ = 0;
2403
2404 *q++ = 1; /* session number */
2405 *q++ = 0x14; /* data track */
2406 *q++ = 0; /* track number */
2407 *q++ = 0xa1; /* last track in program area */
2408 *q++ = 0; /* min */
2409 *q++ = 0; /* sec */
2410 *q++ = 0; /* frame */
2411 *q++ = 0;
2412 *q++ = 1; /* last track */
2413 *q++ = 0;
2414 *q++ = 0;
2415
2416 *q++ = 1; /* session number */
2417 *q++ = 0x14; /* data track */
2418 *q++ = 0; /* track number */
2419 *q++ = 0xa2; /* lead-out */
2420 *q++ = 0; /* min */
2421 *q++ = 0; /* sec */
2422 *q++ = 0; /* frame */
2423 if (fMSF)
2424 {
2425 *q++ = 0; /* reserved */
2426 ataLBA2MSF(q, s->cTotalSectors);
2427 q += 3;
2428 }
2429 else
2430 {
2431 ataH2BE_U32(q, s->cTotalSectors);
2432 q += 4;
2433 }
2434
2435 *q++ = 1; /* session number */
2436 *q++ = 0x14; /* ADR, control */
2437 *q++ = 0; /* track number */
2438 *q++ = 1; /* point */
2439 *q++ = 0; /* min */
2440 *q++ = 0; /* sec */
2441 *q++ = 0; /* frame */
2442 if (fMSF)
2443 {
2444 *q++ = 0; /* reserved */
2445 ataLBA2MSF(q, 0);
2446 q += 3;
2447 }
2448 else
2449 {
2450 /* sector 0 */
2451 ataH2BE_U32(q, 0);
2452 q += 4;
2453 }
2454
2455 cbSize = q - pbBuf;
2456 ataH2BE_U16(pbBuf, cbSize - 2);
2457 if (cbSize < s->cbTotalTransfer)
2458 s->cbTotalTransfer = cbSize;
2459 s->iSourceSink = ATAFN_SS_NULL;
2460 atapiCmdOK(s);
2461 return false;
2462}
2463
2464
2465static void atapiParseCmdVirtualATAPI(ATADevState *s)
2466{
2467 const uint8_t *pbPacket;
2468 uint8_t *pbBuf;
2469 uint32_t cbMax;
2470
2471 pbPacket = s->aATAPICmd;
2472 pbBuf = s->CTX_SUFF(pbIOBuffer);
2473 switch (pbPacket[0])
2474 {
2475 case SCSI_TEST_UNIT_READY:
2476 if (s->cNotifiedMediaChange > 0)
2477 {
2478 if (s->cNotifiedMediaChange-- > 2)
2479 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2480 else
2481 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2482 }
2483 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2484 atapiCmdOK(s);
2485 else
2486 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2487 break;
2488 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2489 cbMax = ataBE2H_U16(pbPacket + 7);
2490 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2491 break;
2492 case SCSI_MODE_SENSE_10:
2493 {
2494 uint8_t uPageControl, uPageCode;
2495 cbMax = ataBE2H_U16(pbPacket + 7);
2496 uPageControl = pbPacket[2] >> 6;
2497 uPageCode = pbPacket[2] & 0x3f;
2498 switch (uPageControl)
2499 {
2500 case SCSI_PAGECONTROL_CURRENT:
2501 switch (uPageCode)
2502 {
2503 case SCSI_MODEPAGE_ERROR_RECOVERY:
2504 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2505 break;
2506 case SCSI_MODEPAGE_CD_STATUS:
2507 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2508 break;
2509 default:
2510 goto error_cmd;
2511 }
2512 break;
2513 case SCSI_PAGECONTROL_CHANGEABLE:
2514 goto error_cmd;
2515 case SCSI_PAGECONTROL_DEFAULT:
2516 goto error_cmd;
2517 default:
2518 case SCSI_PAGECONTROL_SAVED:
2519 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2520 break;
2521 }
2522 }
2523 break;
2524 case SCSI_REQUEST_SENSE:
2525 cbMax = pbPacket[4];
2526 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2527 break;
2528 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2529 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2530 {
2531 if (pbPacket[4] & 1)
2532 s->pDrvMount->pfnLock(s->pDrvMount);
2533 else
2534 s->pDrvMount->pfnUnlock(s->pDrvMount);
2535 atapiCmdOK(s);
2536 }
2537 else
2538 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2539 break;
2540 case SCSI_READ_10:
2541 case SCSI_READ_12:
2542 {
2543 uint32_t cSectors, iATAPILBA;
2544
2545 if (s->cNotifiedMediaChange > 0)
2546 {
2547 s->cNotifiedMediaChange-- ;
2548 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2549 break;
2550 }
2551 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2552 {
2553 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2554 break;
2555 }
2556 if (pbPacket[0] == SCSI_READ_10)
2557 cSectors = ataBE2H_U16(pbPacket + 7);
2558 else
2559 cSectors = ataBE2H_U32(pbPacket + 6);
2560 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2561 if (cSectors == 0)
2562 {
2563 atapiCmdOK(s);
2564 break;
2565 }
2566 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2567 {
2568 /* Rate limited logging, one log line per second. For
2569 * guests that insist on reading from places outside the
2570 * valid area this often generates too many release log
2571 * entries otherwise. */
2572 static uint64_t uLastLogTS = 0;
2573 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2574 {
2575 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2576 uLastLogTS = RTTimeMilliTS();
2577 }
2578 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2579 break;
2580 }
2581 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2582 }
2583 break;
2584 case SCSI_READ_CD:
2585 {
2586 uint32_t cSectors, iATAPILBA;
2587
2588 if (s->cNotifiedMediaChange > 0)
2589 {
2590 s->cNotifiedMediaChange-- ;
2591 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2592 break;
2593 }
2594 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2595 {
2596 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2597 break;
2598 }
2599 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2600 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2601 if (cSectors == 0)
2602 {
2603 atapiCmdOK(s);
2604 break;
2605 }
2606 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2607 {
2608 /* Rate limited logging, one log line per second. For
2609 * guests that insist on reading from places outside the
2610 * valid area this often generates too many release log
2611 * entries otherwise. */
2612 static uint64_t uLastLogTS = 0;
2613 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2614 {
2615 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2616 uLastLogTS = RTTimeMilliTS();
2617 }
2618 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2619 break;
2620 }
2621 switch (pbPacket[9] & 0xf8)
2622 {
2623 case 0x00:
2624 /* nothing */
2625 atapiCmdOK(s);
2626 break;
2627 case 0x10:
2628 /* normal read */
2629 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2630 break;
2631 case 0xf8:
2632 /* read all data */
2633 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2634 break;
2635 default:
2636 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2637 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2638 break;
2639 }
2640 }
2641 break;
2642 case SCSI_SEEK_10:
2643 {
2644 uint32_t iATAPILBA;
2645 if (s->cNotifiedMediaChange > 0)
2646 {
2647 s->cNotifiedMediaChange-- ;
2648 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2649 break;
2650 }
2651 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2652 {
2653 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2654 break;
2655 }
2656 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2657 if (iATAPILBA > s->cTotalSectors)
2658 {
2659 /* Rate limited logging, one log line per second. For
2660 * guests that insist on seeking to places outside the
2661 * valid area this often generates too many release log
2662 * entries otherwise. */
2663 static uint64_t uLastLogTS = 0;
2664 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2665 {
2666 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2667 uLastLogTS = RTTimeMilliTS();
2668 }
2669 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2670 break;
2671 }
2672 atapiCmdOK(s);
2673 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2674 }
2675 break;
2676 case SCSI_START_STOP_UNIT:
2677 {
2678 int rc = VINF_SUCCESS;
2679 switch (pbPacket[4] & 3)
2680 {
2681 case 0: /* 00 - Stop motor */
2682 case 1: /* 01 - Start motor */
2683 break;
2684 case 2: /* 10 - Eject media */
2685 /* This must be done from EMT. */
2686 {
2687 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2688 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2689 PVMREQ pReq;
2690
2691 PDMCritSectLeave(&pCtl->lock);
2692 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
2693 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2694 AssertReleaseRC(rc);
2695 VMR3ReqFree(pReq);
2696 {
2697 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2698 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2699 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2700 }
2701 }
2702 break;
2703 case 3: /* 11 - Load media */
2704 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2705 break;
2706 }
2707 if (RT_SUCCESS(rc))
2708 atapiCmdOK(s);
2709 else
2710 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2711 }
2712 break;
2713 case SCSI_MECHANISM_STATUS:
2714 {
2715 cbMax = ataBE2H_U16(pbPacket + 8);
2716 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2717 }
2718 break;
2719 case SCSI_READ_TOC_PMA_ATIP:
2720 {
2721 uint8_t format;
2722
2723 if (s->cNotifiedMediaChange > 0)
2724 {
2725 s->cNotifiedMediaChange-- ;
2726 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2727 break;
2728 }
2729 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2730 {
2731 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2732 break;
2733 }
2734 cbMax = ataBE2H_U16(pbPacket + 7);
2735 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2736 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2737 * the other field is clear... */
2738 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2739 switch (format)
2740 {
2741 case 0:
2742 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
2743 break;
2744 case 1:
2745 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
2746 break;
2747 case 2:
2748 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
2749 break;
2750 default:
2751 error_cmd:
2752 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2753 break;
2754 }
2755 }
2756 break;
2757 case SCSI_READ_CAPACITY:
2758 if (s->cNotifiedMediaChange > 0)
2759 {
2760 s->cNotifiedMediaChange-- ;
2761 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2762 break;
2763 }
2764 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2765 {
2766 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2767 break;
2768 }
2769 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
2770 break;
2771 case SCSI_READ_DISC_INFORMATION:
2772 if (s->cNotifiedMediaChange > 0)
2773 {
2774 s->cNotifiedMediaChange-- ;
2775 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2776 break;
2777 }
2778 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2779 {
2780 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2781 break;
2782 }
2783 cbMax = ataBE2H_U16(pbPacket + 7);
2784 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
2785 break;
2786 case SCSI_READ_TRACK_INFORMATION:
2787 if (s->cNotifiedMediaChange > 0)
2788 {
2789 s->cNotifiedMediaChange-- ;
2790 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2791 break;
2792 }
2793 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2794 {
2795 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2796 break;
2797 }
2798 cbMax = ataBE2H_U16(pbPacket + 7);
2799 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
2800 break;
2801 case SCSI_GET_CONFIGURATION:
2802 /* No media change stuff here, it can confuse Linux guests. */
2803 cbMax = ataBE2H_U16(pbPacket + 7);
2804 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
2805 break;
2806 case SCSI_INQUIRY:
2807 cbMax = ataBE2H_U16(pbPacket + 3);
2808 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
2809 break;
2810 default:
2811 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2812 break;
2813 }
2814}
2815
2816
2817/*
2818 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
2819 */
2820static void atapiParseCmdPassthrough(ATADevState *s)
2821{
2822 const uint8_t *pbPacket;
2823 uint8_t *pbBuf;
2824 uint32_t cSectors, iATAPILBA;
2825 uint32_t cbTransfer = 0;
2826 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
2827
2828 pbPacket = s->aATAPICmd;
2829 pbBuf = s->CTX_SUFF(pbIOBuffer);
2830 switch (pbPacket[0])
2831 {
2832 case SCSI_BLANK:
2833 goto sendcmd;
2834 case SCSI_CLOSE_TRACK_SESSION:
2835 goto sendcmd;
2836 case SCSI_ERASE_10:
2837 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2838 cbTransfer = ataBE2H_U16(pbPacket + 7);
2839 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
2840 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2841 goto sendcmd;
2842 case SCSI_FORMAT_UNIT:
2843 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2844 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2845 goto sendcmd;
2846 case SCSI_GET_CONFIGURATION:
2847 cbTransfer = ataBE2H_U16(pbPacket + 7);
2848 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2849 goto sendcmd;
2850 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2851 cbTransfer = ataBE2H_U16(pbPacket + 7);
2852 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
2853 {
2854 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2855 break;
2856 }
2857 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2858 goto sendcmd;
2859 case SCSI_GET_PERFORMANCE:
2860 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2861 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2862 goto sendcmd;
2863 case SCSI_INQUIRY:
2864 cbTransfer = ataBE2H_U16(pbPacket + 3);
2865 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2866 goto sendcmd;
2867 case SCSI_LOAD_UNLOAD_MEDIUM:
2868 goto sendcmd;
2869 case SCSI_MECHANISM_STATUS:
2870 cbTransfer = ataBE2H_U16(pbPacket + 8);
2871 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2872 goto sendcmd;
2873 case SCSI_MODE_SELECT_10:
2874 cbTransfer = ataBE2H_U16(pbPacket + 7);
2875 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2876 goto sendcmd;
2877 case SCSI_MODE_SENSE_10:
2878 cbTransfer = ataBE2H_U16(pbPacket + 7);
2879 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2880 goto sendcmd;
2881 case SCSI_PAUSE_RESUME:
2882 goto sendcmd;
2883 case SCSI_PLAY_AUDIO_10:
2884 goto sendcmd;
2885 case SCSI_PLAY_AUDIO_12:
2886 goto sendcmd;
2887 case SCSI_PLAY_AUDIO_MSF:
2888 goto sendcmd;
2889 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2890 /** @todo do not forget to unlock when a VM is shut down */
2891 goto sendcmd;
2892 case SCSI_READ_10:
2893 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2894 cSectors = ataBE2H_U16(pbPacket + 7);
2895 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2896 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2897 cbTransfer = cSectors * s->cbATAPISector;
2898 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2899 goto sendcmd;
2900 case SCSI_READ_12:
2901 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2902 cSectors = ataBE2H_U32(pbPacket + 6);
2903 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2904 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2905 cbTransfer = cSectors * s->cbATAPISector;
2906 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2907 goto sendcmd;
2908 case SCSI_READ_BUFFER:
2909 cbTransfer = ataBE2H_U24(pbPacket + 6);
2910 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2911 goto sendcmd;
2912 case SCSI_READ_BUFFER_CAPACITY:
2913 cbTransfer = ataBE2H_U16(pbPacket + 7);
2914 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2915 goto sendcmd;
2916 case SCSI_READ_CAPACITY:
2917 cbTransfer = 8;
2918 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2919 goto sendcmd;
2920 case SCSI_READ_CD:
2921 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2922 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
2923 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2924 goto sendcmd;
2925 case SCSI_READ_CD_MSF:
2926 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
2927 if (cSectors > 32)
2928 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
2929 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2930 cbTransfer = cSectors * s->cbATAPISector;
2931 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2932 goto sendcmd;
2933 case SCSI_READ_DISC_INFORMATION:
2934 cbTransfer = ataBE2H_U16(pbPacket + 7);
2935 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2936 goto sendcmd;
2937 case SCSI_READ_DVD_STRUCTURE:
2938 cbTransfer = ataBE2H_U16(pbPacket + 8);
2939 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2940 goto sendcmd;
2941 case SCSI_READ_FORMAT_CAPACITIES:
2942 cbTransfer = ataBE2H_U16(pbPacket + 7);
2943 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2944 goto sendcmd;
2945 case SCSI_READ_SUBCHANNEL:
2946 cbTransfer = ataBE2H_U16(pbPacket + 7);
2947 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2948 goto sendcmd;
2949 case SCSI_READ_TOC_PMA_ATIP:
2950 cbTransfer = ataBE2H_U16(pbPacket + 7);
2951 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2952 goto sendcmd;
2953 case SCSI_READ_TRACK_INFORMATION:
2954 cbTransfer = ataBE2H_U16(pbPacket + 7);
2955 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2956 goto sendcmd;
2957 case SCSI_REPAIR_TRACK:
2958 goto sendcmd;
2959 case SCSI_REPORT_KEY:
2960 cbTransfer = ataBE2H_U16(pbPacket + 8);
2961 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2962 goto sendcmd;
2963 case SCSI_REQUEST_SENSE:
2964 cbTransfer = pbPacket[4];
2965 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
2966 {
2967 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2968 break;
2969 }
2970 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2971 goto sendcmd;
2972 case SCSI_RESERVE_TRACK:
2973 goto sendcmd;
2974 case SCSI_SCAN:
2975 goto sendcmd;
2976 case SCSI_SEEK_10:
2977 goto sendcmd;
2978 case SCSI_SEND_CUE_SHEET:
2979 cbTransfer = ataBE2H_U24(pbPacket + 6);
2980 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2981 goto sendcmd;
2982 case SCSI_SEND_DVD_STRUCTURE:
2983 cbTransfer = ataBE2H_U16(pbPacket + 8);
2984 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2985 goto sendcmd;
2986 case SCSI_SEND_EVENT:
2987 cbTransfer = ataBE2H_U16(pbPacket + 8);
2988 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2989 goto sendcmd;
2990 case SCSI_SEND_KEY:
2991 cbTransfer = ataBE2H_U16(pbPacket + 8);
2992 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2993 goto sendcmd;
2994 case SCSI_SEND_OPC_INFORMATION:
2995 cbTransfer = ataBE2H_U16(pbPacket + 7);
2996 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2997 goto sendcmd;
2998 case SCSI_SET_CD_SPEED:
2999 goto sendcmd;
3000 case SCSI_SET_READ_AHEAD:
3001 goto sendcmd;
3002 case SCSI_SET_STREAMING:
3003 cbTransfer = ataBE2H_U16(pbPacket + 9);
3004 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3005 goto sendcmd;
3006 case SCSI_START_STOP_UNIT:
3007 goto sendcmd;
3008 case SCSI_STOP_PLAY_SCAN:
3009 goto sendcmd;
3010 case SCSI_SYNCHRONIZE_CACHE:
3011 goto sendcmd;
3012 case SCSI_TEST_UNIT_READY:
3013 goto sendcmd;
3014 case SCSI_VERIFY_10:
3015 goto sendcmd;
3016 case SCSI_WRITE_10:
3017 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3018 cSectors = ataBE2H_U16(pbPacket + 7);
3019 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3020#if 0
3021 /* The sector size is determined by the async I/O thread. */
3022 s->cbATAPISector = 0;
3023 /* Preliminary, will be corrected once the sector size is known. */
3024 cbTransfer = cSectors;
3025#else
3026 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3027 cbTransfer = cSectors * s->cbATAPISector;
3028#endif
3029 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3030 goto sendcmd;
3031 case SCSI_WRITE_12:
3032 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3033 cSectors = ataBE2H_U32(pbPacket + 6);
3034 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3035#if 0
3036 /* The sector size is determined by the async I/O thread. */
3037 s->cbATAPISector = 0;
3038 /* Preliminary, will be corrected once the sector size is known. */
3039 cbTransfer = cSectors;
3040#else
3041 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3042 cbTransfer = cSectors * s->cbATAPISector;
3043#endif
3044 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3045 goto sendcmd;
3046 case SCSI_WRITE_AND_VERIFY_10:
3047 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3048 cSectors = ataBE2H_U16(pbPacket + 7);
3049 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3050 /* The sector size is determined by the async I/O thread. */
3051 s->cbATAPISector = 0;
3052 /* Preliminary, will be corrected once the sector size is known. */
3053 cbTransfer = cSectors;
3054 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3055 goto sendcmd;
3056 case SCSI_WRITE_BUFFER:
3057 switch (pbPacket[1] & 0x1f)
3058 {
3059 case 0x04: /* download microcode */
3060 case 0x05: /* download microcode and save */
3061 case 0x06: /* download microcode with offsets */
3062 case 0x07: /* download microcode with offsets and save */
3063 case 0x0e: /* download microcode with offsets and defer activation */
3064 case 0x0f: /* activate deferred microcode */
3065 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3066 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3067 break;
3068 default:
3069 cbTransfer = ataBE2H_U16(pbPacket + 6);
3070 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3071 goto sendcmd;
3072 }
3073 break;
3074 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3075 cbTransfer = ataBE2H_U32(pbPacket + 6);
3076 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3077 goto sendcmd;
3078 case SCSI_REZERO_UNIT:
3079 /* Obsolete command used by cdrecord. What else would one expect?
3080 * This command is not sent to the drive, it is handled internally,
3081 * as the Linux kernel doesn't like it (message "scsi: unknown
3082 * opcode 0x01" in syslog) and replies with a sense code of 0,
3083 * which sends cdrecord to an endless loop. */
3084 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3085 break;
3086 default:
3087 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3088 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3089 break;
3090 sendcmd:
3091 /* Send a command to the drive, passing data in/out as required. */
3092 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3093 Assert(cbTransfer <= s->cbIOBuffer);
3094 if (cbTransfer == 0)
3095 uTxDir = PDMBLOCKTXDIR_NONE;
3096 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3097 }
3098}
3099
3100
3101static void atapiParseCmd(ATADevState *s)
3102{
3103 const uint8_t *pbPacket;
3104
3105 pbPacket = s->aATAPICmd;
3106#ifdef DEBUG
3107 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3108#else /* !DEBUG */
3109 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3110#endif /* !DEBUG */
3111 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3112
3113 if (s->fATAPIPassthrough)
3114 atapiParseCmdPassthrough(s);
3115 else
3116 atapiParseCmdVirtualATAPI(s);
3117}
3118
3119
3120static bool ataPacketSS(ATADevState *s)
3121{
3122 s->fDMA = !!(s->uATARegFeature & 1);
3123 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3124 s->uTxDir = PDMBLOCKTXDIR_NONE;
3125 s->cbTotalTransfer = 0;
3126 s->cbElementaryTransfer = 0;
3127 atapiParseCmd(s);
3128 return false;
3129}
3130
3131
3132/**
3133 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3134 * from now on, regardless if there was a medium inserted or not.
3135 */
3136static void ataMediumRemoved(ATADevState *s)
3137{
3138 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3139}
3140
3141
3142/**
3143 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3144 * there was already a medium inserted, don't forget to send the "medium
3145 * removed" event first.
3146 */
3147static void ataMediumInserted(ATADevState *s)
3148{
3149 uint32_t OldStatus, NewStatus;
3150 do
3151 {
3152 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3153 switch (OldStatus)
3154 {
3155 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3156 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3157 /* no change, we will send "medium removed" + "medium inserted" */
3158 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3159 break;
3160 default:
3161 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3162 break;
3163 }
3164 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3165}
3166
3167
3168/**
3169 * Called when a media is mounted.
3170 *
3171 * @param pInterface Pointer to the interface structure containing the called function pointer.
3172 */
3173static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3174{
3175 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3176 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3177
3178 /* Ignore the call if we're called while being attached. */
3179 if (!pIf->pDrvBlock)
3180 return;
3181
3182 if (pIf->fATAPI)
3183 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3184 else
3185 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3186
3187 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3188 if (pIf->cNotifiedMediaChange < 2)
3189 pIf->cNotifiedMediaChange = 2;
3190 ataMediumInserted(pIf);
3191}
3192
3193/**
3194 * Called when a media is unmounted
3195 * @param pInterface Pointer to the interface structure containing the called function pointer.
3196 */
3197static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3198{
3199 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3200 Log(("%s:\n", __FUNCTION__));
3201 pIf->cTotalSectors = 0;
3202
3203 /*
3204 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3205 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3206 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3207 * present and 2 in which it is changed.
3208 */
3209 pIf->cNotifiedMediaChange = 4;
3210 ataMediumRemoved(pIf);
3211}
3212
3213static void ataPacketBT(ATADevState *s)
3214{
3215 s->cbElementaryTransfer = s->cbTotalTransfer;
3216 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3217 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3218 ataSetStatusValue(s, ATA_STAT_READY);
3219}
3220
3221
3222static void ataResetDevice(ATADevState *s)
3223{
3224 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3225 s->cNotifiedMediaChange = 0;
3226 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3227 ataUnsetIRQ(s);
3228
3229 s->uATARegSelect = 0x20;
3230 ataSetStatusValue(s, ATA_STAT_READY);
3231 ataSetSignature(s);
3232 s->cbTotalTransfer = 0;
3233 s->cbElementaryTransfer = 0;
3234 s->iIOBufferPIODataStart = 0;
3235 s->iIOBufferPIODataEnd = 0;
3236 s->iBeginTransfer = ATAFN_BT_NULL;
3237 s->iSourceSink = ATAFN_SS_NULL;
3238 s->fATAPITransfer = false;
3239 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3240
3241 s->uATARegFeature = 0;
3242}
3243
3244
3245static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3246{
3247 ataSetSignature(s);
3248 if (s->fATAPI)
3249 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3250 else
3251 ataSetStatusValue(s, ATA_STAT_READY);
3252 s->uATARegError = 0x01;
3253 return false;
3254}
3255
3256
3257static void ataParseCmd(ATADevState *s, uint8_t cmd)
3258{
3259#ifdef DEBUG
3260 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3261#else /* !DEBUG */
3262 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3263#endif /* !DEBUG */
3264 s->fLBA48 = false;
3265 s->fDMA = false;
3266 if (cmd == ATA_IDLE_IMMEDIATE)
3267 {
3268 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3269 * would overwrite the failing command unfortunately), then RESET. */
3270 int32_t uCmdWait = -1;
3271 uint64_t uNow = RTTimeNanoTS();
3272 if (s->u64CmdTS)
3273 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3274 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3275 s->iLUN, s->uATARegCommand, uCmdWait));
3276 }
3277 s->uATARegCommand = cmd;
3278 switch (cmd)
3279 {
3280 case ATA_IDENTIFY_DEVICE:
3281 if (s->pDrvBlock && !s->fATAPI)
3282 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3283 else
3284 {
3285 if (s->fATAPI)
3286 ataSetSignature(s);
3287 ataCmdError(s, ABRT_ERR);
3288 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3289 }
3290 break;
3291 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3292 case ATA_RECALIBRATE:
3293 ataCmdOK(s, ATA_STAT_SEEK);
3294 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3295 break;
3296 case ATA_SET_MULTIPLE_MODE:
3297 if ( s->uATARegNSector != 0
3298 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3299 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3300 {
3301 ataCmdError(s, ABRT_ERR);
3302 }
3303 else
3304 {
3305 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3306 s->cMultSectors = s->uATARegNSector;
3307 ataCmdOK(s, 0);
3308 }
3309 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3310 break;
3311 case ATA_READ_VERIFY_SECTORS_EXT:
3312 s->fLBA48 = true;
3313 case ATA_READ_VERIFY_SECTORS:
3314 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3315 /* do sector number check ? */
3316 ataCmdOK(s, 0);
3317 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3318 break;
3319 case ATA_READ_SECTORS_EXT:
3320 s->fLBA48 = true;
3321 case ATA_READ_SECTORS:
3322 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3323 if (!s->pDrvBlock)
3324 goto abort_cmd;
3325 s->cSectorsPerIRQ = 1;
3326 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3327 break;
3328 case ATA_WRITE_SECTORS_EXT:
3329 s->fLBA48 = true;
3330 case ATA_WRITE_SECTORS:
3331 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3332 s->cSectorsPerIRQ = 1;
3333 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3334 break;
3335 case ATA_READ_MULTIPLE_EXT:
3336 s->fLBA48 = true;
3337 case ATA_READ_MULTIPLE:
3338 if (!s->cMultSectors)
3339 goto abort_cmd;
3340 s->cSectorsPerIRQ = s->cMultSectors;
3341 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3342 break;
3343 case ATA_WRITE_MULTIPLE_EXT:
3344 s->fLBA48 = true;
3345 case ATA_WRITE_MULTIPLE:
3346 if (!s->cMultSectors)
3347 goto abort_cmd;
3348 s->cSectorsPerIRQ = s->cMultSectors;
3349 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3350 break;
3351 case ATA_READ_DMA_EXT:
3352 s->fLBA48 = true;
3353 case ATA_READ_DMA:
3354 case ATA_READ_DMA_WITHOUT_RETRIES:
3355 if (!s->pDrvBlock)
3356 goto abort_cmd;
3357 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3358 s->fDMA = true;
3359 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3360 break;
3361 case ATA_WRITE_DMA_EXT:
3362 s->fLBA48 = true;
3363 case ATA_WRITE_DMA:
3364 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3365 if (!s->pDrvBlock)
3366 goto abort_cmd;
3367 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3368 s->fDMA = true;
3369 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3370 break;
3371 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3372 s->fLBA48 = true;
3373 ataSetSector(s, s->cTotalSectors - 1);
3374 ataCmdOK(s, 0);
3375 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3376 break;
3377 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3378 ataCmdOK(s, 0);
3379 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3380 break;
3381 case ATA_READ_NATIVE_MAX_ADDRESS:
3382 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3383 ataCmdOK(s, 0);
3384 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3385 break;
3386 case ATA_CHECK_POWER_MODE:
3387 s->uATARegNSector = 0xff; /* drive active or idle */
3388 ataCmdOK(s, 0);
3389 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3390 break;
3391 case ATA_SET_FEATURES:
3392 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3393 if (!s->pDrvBlock)
3394 goto abort_cmd;
3395 switch (s->uATARegFeature)
3396 {
3397 case 0x02: /* write cache enable */
3398 Log2(("%s: write cache enable\n", __FUNCTION__));
3399 ataCmdOK(s, ATA_STAT_SEEK);
3400 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3401 break;
3402 case 0xaa: /* read look-ahead enable */
3403 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3404 ataCmdOK(s, ATA_STAT_SEEK);
3405 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3406 break;
3407 case 0x55: /* read look-ahead disable */
3408 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3409 ataCmdOK(s, ATA_STAT_SEEK);
3410 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3411 break;
3412 case 0xcc: /* reverting to power-on defaults enable */
3413 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3414 ataCmdOK(s, ATA_STAT_SEEK);
3415 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3416 break;
3417 case 0x66: /* reverting to power-on defaults disable */
3418 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3419 ataCmdOK(s, ATA_STAT_SEEK);
3420 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3421 break;
3422 case 0x82: /* write cache disable */
3423 Log2(("%s: write cache disable\n", __FUNCTION__));
3424 /* As per the ATA/ATAPI-6 specs, a write cache disable
3425 * command MUST flush the write buffers to disc. */
3426 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3427 break;
3428 case 0x03: { /* set transfer mode */
3429 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3430 switch (s->uATARegNSector & 0xf8)
3431 {
3432 case 0x00: /* PIO default */
3433 case 0x08: /* PIO mode */
3434 break;
3435 case ATA_MODE_MDMA: /* MDMA mode */
3436 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3437 break;
3438 case ATA_MODE_UDMA: /* UDMA mode */
3439 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3440 break;
3441 default:
3442 goto abort_cmd;
3443 }
3444 ataCmdOK(s, ATA_STAT_SEEK);
3445 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3446 break;
3447 }
3448 default:
3449 goto abort_cmd;
3450 }
3451 /*
3452 * OS/2 workarond:
3453 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3454 * reset here. According to the specification, this is a driver bug as the register
3455 * contents are undefined after the call. This means we can just as well reset it.
3456 */
3457 s->uATARegFeature = 0;
3458 break;
3459 case ATA_FLUSH_CACHE_EXT:
3460 case ATA_FLUSH_CACHE:
3461 if (!s->pDrvBlock || s->fATAPI)
3462 goto abort_cmd;
3463 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3464 break;
3465 case ATA_STANDBY_IMMEDIATE:
3466 ataCmdOK(s, 0);
3467 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3468 break;
3469 case ATA_IDLE_IMMEDIATE:
3470 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3471 ataAbortCurrentCommand(s, false);
3472 break;
3473 /* ATAPI commands */
3474 case ATA_IDENTIFY_PACKET_DEVICE:
3475 if (s->fATAPI)
3476 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3477 else
3478 {
3479 ataCmdError(s, ABRT_ERR);
3480 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3481 }
3482 break;
3483 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3484 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3485 break;
3486 case ATA_DEVICE_RESET:
3487 if (!s->fATAPI)
3488 goto abort_cmd;
3489 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3490 ataAbortCurrentCommand(s, true);
3491 break;
3492 case ATA_PACKET:
3493 if (!s->fATAPI)
3494 goto abort_cmd;
3495 /* overlapping commands not supported */
3496 if (s->uATARegFeature & 0x02)
3497 goto abort_cmd;
3498 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3499 break;
3500 default:
3501 abort_cmd:
3502 ataCmdError(s, ABRT_ERR);
3503 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3504 break;
3505 }
3506}
3507
3508
3509/**
3510 * Waits for a particular async I/O thread to complete whatever it
3511 * is doing at the moment.
3512 *
3513 * @returns true on success.
3514 * @returns false when the thread is still processing.
3515 * @param pThis Pointer to the controller data.
3516 * @param cMillies How long to wait (total).
3517 */
3518static bool ataWaitForAsyncIOIsIdle(PATACONTROLLER pCtl, unsigned cMillies)
3519{
3520 uint64_t u64Start;
3521
3522 /*
3523 * Wait for any pending async operation to finish
3524 */
3525 u64Start = RTTimeMilliTS();
3526 for (;;)
3527 {
3528 if (ataAsyncIOIsIdle(pCtl, false))
3529 return true;
3530 if (RTTimeMilliTS() - u64Start >= cMillies)
3531 break;
3532
3533 /* Sleep for a bit. */
3534 RTThreadSleep(100);
3535 }
3536
3537 return false;
3538}
3539
3540#endif /* IN_RING3 */
3541
3542static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3543{
3544 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3545 addr &= 7;
3546 switch (addr)
3547 {
3548 case 0:
3549 break;
3550 case 1: /* feature register */
3551 /* NOTE: data is written to the two drives */
3552 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3553 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3554 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3555 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3556 pCtl->aIfs[0].uATARegFeature = val;
3557 pCtl->aIfs[1].uATARegFeature = val;
3558 break;
3559 case 2: /* sector count */
3560 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3561 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3562 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3563 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3564 pCtl->aIfs[0].uATARegNSector = val;
3565 pCtl->aIfs[1].uATARegNSector = val;
3566 break;
3567 case 3: /* sector number */
3568 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3569 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3570 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3571 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3572 pCtl->aIfs[0].uATARegSector = val;
3573 pCtl->aIfs[1].uATARegSector = val;
3574 break;
3575 case 4: /* cylinder low */
3576 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3577 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3578 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3579 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3580 pCtl->aIfs[0].uATARegLCyl = val;
3581 pCtl->aIfs[1].uATARegLCyl = val;
3582 break;
3583 case 5: /* cylinder high */
3584 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3585 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3586 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3587 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3588 pCtl->aIfs[0].uATARegHCyl = val;
3589 pCtl->aIfs[1].uATARegHCyl = val;
3590 break;
3591 case 6: /* drive/head */
3592 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3593 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3594 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3595 {
3596 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3597
3598 /* select another drive */
3599 pCtl->iSelectedIf = (val >> 4) & 1;
3600 /* The IRQ line is multiplexed between the two drives, so
3601 * update the state when switching to another drive. Only need
3602 * to update interrupt line if it is enabled and there is a
3603 * state change. */
3604 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3605 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3606 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3607 {
3608 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3609 {
3610 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3611 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3612 * the interrupt line is asserted. It monitors the line
3613 * for a rising edge. */
3614 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3615 if (pCtl->irq == 16)
3616 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3617 else
3618 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3619 }
3620 else
3621 {
3622 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3623 if (pCtl->irq == 16)
3624 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3625 else
3626 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3627 }
3628 }
3629 }
3630 break;
3631 default:
3632 case 7: /* command */
3633 /* ignore commands to non existant slave */
3634 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3635 break;
3636#ifndef IN_RING3
3637 /* Don't do anything complicated in GC */
3638 return VINF_IOM_HC_IOPORT_WRITE;
3639#else /* IN_RING3 */
3640 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3641#endif /* !IN_RING3 */
3642 }
3643 return VINF_SUCCESS;
3644}
3645
3646
3647static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3648{
3649 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3650 uint32_t val;
3651 bool fHOB;
3652
3653 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3654 switch (addr & 7)
3655 {
3656 case 0: /* data register */
3657 val = 0xff;
3658 break;
3659 case 1: /* error register */
3660 /* The ATA specification is very terse when it comes to specifying
3661 * the precise effects of reading back the error/feature register.
3662 * The error register (read-only) shares the register number with
3663 * the feature register (write-only), so it seems that it's not
3664 * necessary to support the usual HOB readback here. */
3665 if (!s->pDrvBlock)
3666 val = 0;
3667 else
3668 val = s->uATARegError;
3669 break;
3670 case 2: /* sector count */
3671 if (!s->pDrvBlock)
3672 val = 0;
3673 else if (fHOB)
3674 val = s->uATARegNSectorHOB;
3675 else
3676 val = s->uATARegNSector;
3677 break;
3678 case 3: /* sector number */
3679 if (!s->pDrvBlock)
3680 val = 0;
3681 else if (fHOB)
3682 val = s->uATARegSectorHOB;
3683 else
3684 val = s->uATARegSector;
3685 break;
3686 case 4: /* cylinder low */
3687 if (!s->pDrvBlock)
3688 val = 0;
3689 else if (fHOB)
3690 val = s->uATARegLCylHOB;
3691 else
3692 val = s->uATARegLCyl;
3693 break;
3694 case 5: /* cylinder high */
3695 if (!s->pDrvBlock)
3696 val = 0;
3697 else if (fHOB)
3698 val = s->uATARegHCylHOB;
3699 else
3700 val = s->uATARegHCyl;
3701 break;
3702 case 6: /* drive/head */
3703 /* This register must always work as long as there is at least
3704 * one drive attached to the controller. It is common between
3705 * both drives anyway (completely identical content). */
3706 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3707 val = 0;
3708 else
3709 val = s->uATARegSelect;
3710 break;
3711 default:
3712 case 7: /* primary status */
3713 {
3714 /* Counter for number of busy status seen in GC in a row. */
3715 static unsigned cBusy = 0;
3716
3717 if (!s->pDrvBlock)
3718 val = 0;
3719 else
3720 val = s->uATARegStatus;
3721
3722 /* Give the async I/O thread an opportunity to make progress,
3723 * don't let it starve by guests polling frequently. EMT has a
3724 * lower priority than the async I/O thread, but sometimes the
3725 * host OS doesn't care. With some guests we are only allowed to
3726 * be busy for about 5 milliseconds in some situations. Note that
3727 * this is no guarantee for any other VBox thread getting
3728 * scheduled, so this just lowers the CPU load a bit when drives
3729 * are busy. It cannot help with timing problems. */
3730 if (val & ATA_STAT_BUSY)
3731 {
3732#ifdef IN_RING3
3733 cBusy = 0;
3734 PDMCritSectLeave(&pCtl->lock);
3735
3736#ifndef RT_OS_WINDOWS
3737 /*
3738 * The thread might be stuck in an I/O operation
3739 * due to a high I/O load on the host. (see @bugref{3301})
3740 * To perform the reset successfully
3741 * we interrupt the operation by sending a signal to the thread
3742 * if the thread didn't responded in 10ms.
3743 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
3744 * does the same but it was introduced with Vista) but so far
3745 * this hang was only observed on Linux and Mac OS X.
3746 *
3747 * This is a workaround and needs to be solved properly.
3748 */
3749 if (pCtl->fReset)
3750 {
3751 uint64_t u64ResetTimeStop = RTTimeMilliTS();
3752
3753 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
3754 {
3755 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
3756 pCtl->u64ResetTime = u64ResetTimeStop;
3757 RTThreadPoke(pCtl->AsyncIOThread);
3758 }
3759 }
3760#endif
3761
3762 RTThreadYield();
3763
3764 {
3765 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3766 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3767 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3768 }
3769
3770 val = s->uATARegStatus;
3771#else /* !IN_RING3 */
3772 /* Cannot yield CPU in guest context. And switching to host
3773 * context for each and every busy status is too costly,
3774 * especially on SMP systems where we don't gain much by
3775 * yielding the CPU to someone else. */
3776 if (++cBusy >= 20)
3777 {
3778 cBusy = 0;
3779 return VINF_IOM_HC_IOPORT_READ;
3780 }
3781#endif /* !IN_RING3 */
3782 }
3783 else
3784 cBusy = 0;
3785 ataUnsetIRQ(s);
3786 break;
3787 }
3788 }
3789 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3790 *pu32 = val;
3791 return VINF_SUCCESS;
3792}
3793
3794
3795static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
3796{
3797 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3798 uint32_t val;
3799
3800 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
3801 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
3802 val = 0;
3803 else
3804 val = s->uATARegStatus;
3805 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3806 return val;
3807}
3808
3809static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3810{
3811#ifndef IN_RING3
3812 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
3813 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
3814#endif /* !IN_RING3 */
3815
3816 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3817 /* RESET is common for both drives attached to a controller. */
3818 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3819 (val & ATA_DEVCTL_RESET))
3820 {
3821#ifdef IN_RING3
3822 /* Software RESET low to high */
3823 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
3824 uint64_t uNow = RTTimeNanoTS();
3825 if (pCtl->aIfs[0].u64CmdTS)
3826 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
3827 if (pCtl->aIfs[1].u64CmdTS)
3828 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
3829 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
3830 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
3831 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
3832 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
3833 pCtl->fReset = true;
3834 /* Everything must be done after the reset flag is set, otherwise
3835 * there are unavoidable races with the currently executing request
3836 * (which might just finish in the mean time). */
3837 pCtl->fChainedTransfer = false;
3838 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
3839 {
3840 ataResetDevice(&pCtl->aIfs[i]);
3841 /* The following cannot be done using ataSetStatusValue() since the
3842 * reset flag is already set, which suppresses all status changes. */
3843 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
3844 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
3845 pCtl->aIfs[i].uATARegError = 0x01;
3846 }
3847 ataAsyncIOClearRequests(pCtl);
3848 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3849 if (val & ATA_DEVCTL_HOB)
3850 {
3851 val &= ~ATA_DEVCTL_HOB;
3852 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3853 }
3854
3855 /* Save the timestamp we started the reset. */
3856 pCtl->u64ResetTime = RTTimeMilliTS();
3857
3858 /* Issue the reset request now. */
3859 ataAsyncIOPutRequest(pCtl, &ataResetARequest);
3860#else /* !IN_RING3 */
3861 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3862#endif /* IN_RING3 */
3863 }
3864 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3865 !(val & ATA_DEVCTL_RESET))
3866 {
3867#ifdef IN_RING3
3868 /* Software RESET high to low */
3869 Log(("%s: deasserting RESET\n", __FUNCTION__));
3870 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3871 if (val & ATA_DEVCTL_HOB)
3872 {
3873 val &= ~ATA_DEVCTL_HOB;
3874 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3875 }
3876 ataAsyncIOPutRequest(pCtl, &ataResetCRequest);
3877#else /* !IN_RING3 */
3878 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3879#endif /* IN_RING3 */
3880 }
3881
3882 /* Change of interrupt disable flag. Update interrupt line if interrupt
3883 * is pending on the current interface. */
3884 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
3885 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3886 {
3887 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
3888 {
3889 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3890 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
3891 * interrupt line is asserted. It monitors the line for a rising
3892 * edge. */
3893 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3894 if (pCtl->irq == 16)
3895 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
3896 else
3897 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
3898 }
3899 else
3900 {
3901 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3902 if (pCtl->irq == 16)
3903 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
3904 else
3905 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
3906 }
3907 }
3908
3909 if (val & ATA_DEVCTL_HOB)
3910 Log2(("%s: set HOB\n", __FUNCTION__));
3911
3912 pCtl->aIfs[0].uATARegDevCtl = val;
3913 pCtl->aIfs[1].uATARegDevCtl = val;
3914
3915 return VINF_SUCCESS;
3916}
3917
3918#ifdef IN_RING3
3919
3920static void ataPIOTransfer(PATACONTROLLER pCtl)
3921{
3922 ATADevState *s;
3923
3924 s = &pCtl->aIfs[pCtl->iAIOIf];
3925 Log3(("%s: if=%p\n", __FUNCTION__, s));
3926
3927 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
3928 {
3929 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
3930 /* Any guest OS that triggers this case has a pathetic ATA driver.
3931 * In a real system it would block the CPU via IORDY, here we do it
3932 * very similarly by not continuing with the current instruction
3933 * until the transfer to/from the storage medium is completed. */
3934 if (s->iSourceSink != ATAFN_SS_NULL)
3935 {
3936 bool fRedo;
3937 uint8_t status = s->uATARegStatus;
3938 ataSetStatusValue(s, ATA_STAT_BUSY);
3939 Log2(("%s: calling source/sink function\n", __FUNCTION__));
3940 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
3941 pCtl->fRedo = fRedo;
3942 if (RT_UNLIKELY(fRedo))
3943 return;
3944 ataSetStatusValue(s, status);
3945 s->iIOBufferCur = 0;
3946 s->iIOBufferEnd = s->cbElementaryTransfer;
3947 }
3948 }
3949 if (s->cbTotalTransfer)
3950 {
3951 if (s->fATAPITransfer)
3952 ataPIOTransferLimitATAPI(s);
3953
3954 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3955 s->cbElementaryTransfer = s->cbTotalTransfer;
3956
3957 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
3958 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
3959 s->cbTotalTransfer, s->cbElementaryTransfer,
3960 s->iIOBufferCur, s->iIOBufferEnd));
3961 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
3962 s->cbTotalTransfer -= s->cbElementaryTransfer;
3963 s->iIOBufferCur += s->cbElementaryTransfer;
3964
3965 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3966 s->cbElementaryTransfer = s->cbTotalTransfer;
3967 }
3968 else
3969 ataPIOTransferStop(s);
3970}
3971
3972
3973DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
3974{
3975 /* Do not interfere with RESET processing if the PIO transfer finishes
3976 * while the RESET line is asserted. */
3977 if (pCtl->fReset)
3978 {
3979 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3980 return;
3981 }
3982
3983 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
3984 || ( s->iSourceSink != ATAFN_SS_NULL
3985 && s->iIOBufferCur >= s->iIOBufferEnd))
3986 {
3987 /* Need to continue the transfer in the async I/O thread. This is
3988 * the case for write operations or generally for not yet finished
3989 * transfers (some data might need to be read). */
3990 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
3991 ataSetStatus(s, ATA_STAT_BUSY);
3992
3993 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3994 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
3995 }
3996 else
3997 {
3998 /* Either everything finished (though some data might still be pending)
3999 * or some data is pending before the next read is due. */
4000
4001 /* Continue a previously started transfer. */
4002 ataUnsetStatus(s, ATA_STAT_DRQ);
4003 ataSetStatus(s, ATA_STAT_READY);
4004
4005 if (s->cbTotalTransfer)
4006 {
4007 /* There is more to transfer, happens usually for large ATAPI
4008 * reads - the protocol limits the chunk size to 65534 bytes. */
4009 ataPIOTransfer(pCtl);
4010 ataSetIRQ(s);
4011 }
4012 else
4013 {
4014 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4015 /* Finish PIO transfer. */
4016 ataPIOTransfer(pCtl);
4017 Assert(!pCtl->fRedo);
4018 }
4019 }
4020}
4021
4022#endif /* IN_RING3 */
4023
4024static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4025{
4026 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4027 uint8_t *p;
4028
4029 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4030 {
4031 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4032 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4033#ifndef IN_RING3
4034 /* All but the last transfer unit is simple enough for GC, but
4035 * sending a request to the async IO thread is too complicated. */
4036 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4037 {
4038 memcpy(p, pbBuf, cbSize);
4039 s->iIOBufferPIODataStart += cbSize;
4040 }
4041 else
4042 return VINF_IOM_HC_IOPORT_WRITE;
4043#else /* IN_RING3 */
4044 memcpy(p, pbBuf, cbSize);
4045 s->iIOBufferPIODataStart += cbSize;
4046 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4047 ataPIOTransferFinish(pCtl, s);
4048#endif /* !IN_RING3 */
4049 }
4050 else
4051 Log2(("%s: DUMMY data\n", __FUNCTION__));
4052 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4053 return VINF_SUCCESS;
4054}
4055
4056static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4057{
4058 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4059 uint8_t *p;
4060
4061 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4062 {
4063 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4064 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4065#ifndef IN_RING3
4066 /* All but the last transfer unit is simple enough for GC, but
4067 * sending a request to the async IO thread is too complicated. */
4068 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4069 {
4070 memcpy(pbBuf, p, cbSize);
4071 s->iIOBufferPIODataStart += cbSize;
4072 }
4073 else
4074 return VINF_IOM_HC_IOPORT_READ;
4075#else /* IN_RING3 */
4076 memcpy(pbBuf, p, cbSize);
4077 s->iIOBufferPIODataStart += cbSize;
4078 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4079 ataPIOTransferFinish(pCtl, s);
4080#endif /* !IN_RING3 */
4081 }
4082 else
4083 {
4084 Log2(("%s: DUMMY data\n", __FUNCTION__));
4085 memset(pbBuf, '\xff', cbSize);
4086 }
4087 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4088 return VINF_SUCCESS;
4089}
4090
4091#ifdef IN_RING3
4092
4093static void ataDMATransferStop(ATADevState *s)
4094{
4095 s->cbTotalTransfer = 0;
4096 s->cbElementaryTransfer = 0;
4097 s->iBeginTransfer = ATAFN_BT_NULL;
4098 s->iSourceSink = ATAFN_SS_NULL;
4099}
4100
4101
4102/**
4103 * Perform the entire DMA transfer in one go (unless a source/sink operation
4104 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4105 * this function cannot handle empty transfers.
4106 *
4107 * @param pCtl Controller for which to perform the transfer.
4108 */
4109static void ataDMATransfer(PATACONTROLLER pCtl)
4110{
4111 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4112 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4113 bool fRedo;
4114 RTGCPHYS32 pDesc;
4115 uint32_t cbTotalTransfer, cbElementaryTransfer;
4116 uint32_t iIOBufferCur, iIOBufferEnd;
4117 uint32_t dmalen;
4118 PDMBLOCKTXDIR uTxDir;
4119 bool fLastDesc = false;
4120
4121 Assert(sizeof(BMDMADesc) == 8);
4122
4123 fRedo = pCtl->fRedo;
4124 if (RT_LIKELY(!fRedo))
4125 Assert(s->cbTotalTransfer);
4126 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4127 cbTotalTransfer = s->cbTotalTransfer;
4128 cbElementaryTransfer = s->cbElementaryTransfer;
4129 iIOBufferCur = s->iIOBufferCur;
4130 iIOBufferEnd = s->iIOBufferEnd;
4131
4132 /* The DMA loop is designed to hold the lock only when absolutely
4133 * necessary. This avoids long freezes should the guest access the
4134 * ATA registers etc. for some reason. */
4135 PDMCritSectLeave(&pCtl->lock);
4136
4137 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4138 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4139 cbTotalTransfer, cbElementaryTransfer,
4140 iIOBufferCur, iIOBufferEnd));
4141 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4142 {
4143 BMDMADesc DMADesc;
4144 RTGCPHYS32 pBuffer;
4145 uint32_t cbBuffer;
4146
4147 if (RT_UNLIKELY(fRedo))
4148 {
4149 pBuffer = pCtl->pRedoDMABuffer;
4150 cbBuffer = pCtl->cbRedoDMABuffer;
4151 fLastDesc = pCtl->fRedoDMALastDesc;
4152 }
4153 else
4154 {
4155 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4156 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4157 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4158 fLastDesc = !!(cbBuffer & 0x80000000);
4159 cbBuffer &= 0xfffe;
4160 if (cbBuffer == 0)
4161 cbBuffer = 0x10000;
4162 if (cbBuffer > cbTotalTransfer)
4163 cbBuffer = cbTotalTransfer;
4164 }
4165
4166 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4167 {
4168 if (RT_LIKELY(!fRedo))
4169 {
4170 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4171 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4172 (int)pDesc, pBuffer, cbBuffer));
4173 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4174 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4175 else
4176 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4177 iIOBufferCur += dmalen;
4178 cbTotalTransfer -= dmalen;
4179 cbBuffer -= dmalen;
4180 pBuffer += dmalen;
4181 }
4182 if ( iIOBufferCur == iIOBufferEnd
4183 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4184 {
4185 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4186 cbElementaryTransfer = cbTotalTransfer;
4187
4188 {
4189 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4190 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4191 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4192 }
4193
4194 /* The RESET handler could have cleared the DMA transfer
4195 * state (since we didn't hold the lock until just now
4196 * the guest can continue in parallel). If so, the state
4197 * is already set up so the loop is exited immediately. */
4198 if (s->iSourceSink != ATAFN_SS_NULL)
4199 {
4200 s->iIOBufferCur = iIOBufferCur;
4201 s->iIOBufferEnd = iIOBufferEnd;
4202 s->cbElementaryTransfer = cbElementaryTransfer;
4203 s->cbTotalTransfer = cbTotalTransfer;
4204 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4205 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4206 if (RT_UNLIKELY(fRedo))
4207 {
4208 pCtl->pFirstDMADesc = pDesc;
4209 pCtl->pRedoDMABuffer = pBuffer;
4210 pCtl->cbRedoDMABuffer = cbBuffer;
4211 pCtl->fRedoDMALastDesc = fLastDesc;
4212 }
4213 else
4214 {
4215 cbTotalTransfer = s->cbTotalTransfer;
4216 cbElementaryTransfer = s->cbElementaryTransfer;
4217
4218 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4219 cbElementaryTransfer = cbTotalTransfer;
4220 iIOBufferCur = 0;
4221 iIOBufferEnd = cbElementaryTransfer;
4222 }
4223 pCtl->fRedo = fRedo;
4224 }
4225 else
4226 {
4227 /* This forces the loop to exit immediately. */
4228 pDesc = pCtl->pLastDMADesc + 1;
4229 }
4230
4231 PDMCritSectLeave(&pCtl->lock);
4232 if (RT_UNLIKELY(fRedo))
4233 break;
4234 }
4235 }
4236
4237 if (RT_UNLIKELY(fRedo))
4238 break;
4239
4240 /* end of transfer */
4241 if (!cbTotalTransfer || fLastDesc)
4242 break;
4243
4244 {
4245 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4246 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4247 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4248 }
4249
4250 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4251 {
4252 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4253 if (!pCtl->fReset)
4254 ataDMATransferStop(s);
4255 /* This forces the loop to exit immediately. */
4256 pDesc = pCtl->pLastDMADesc + 1;
4257 }
4258
4259 PDMCritSectLeave(&pCtl->lock);
4260 }
4261
4262 {
4263 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4264 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4265 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4266 }
4267
4268 if (RT_UNLIKELY(fRedo))
4269 return;
4270
4271 if (fLastDesc)
4272 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4273 s->cbTotalTransfer = cbTotalTransfer;
4274 s->cbElementaryTransfer = cbElementaryTransfer;
4275 s->iIOBufferCur = iIOBufferCur;
4276 s->iIOBufferEnd = iIOBufferEnd;
4277}
4278
4279
4280/**
4281 * Suspend I/O operations on a controller. Also suspends EMT, because it's
4282 * waiting for I/O to make progress. The next attempt to perform an I/O
4283 * operation will be made when EMT is resumed up again (as the resume
4284 * callback below restarts I/O).
4285 *
4286 * @param pCtl Controller for which to suspend I/O.
4287 */
4288static void ataSuspendRedo(PATACONTROLLER pCtl)
4289{
4290 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4291 PVMREQ pReq;
4292 int rc;
4293
4294 pCtl->fRedoIdle = true;
4295 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
4296 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
4297 AssertReleaseRC(rc);
4298 VMR3ReqFree(pReq);
4299}
4300
4301/** Asynch I/O thread for an interface. Once upon a time this was readable
4302 * code with several loops and a different semaphore for each purpose. But
4303 * then came the "how can one save the state in the middle of a PIO transfer"
4304 * question. The solution was to use an ASM, which is what's there now. */
4305static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4306{
4307 const ATARequest *pReq;
4308 uint64_t u64TS = 0; /* shut up gcc */
4309 uint64_t uWait;
4310 int rc = VINF_SUCCESS;
4311 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4312 ATADevState *s;
4313
4314 pReq = NULL;
4315 pCtl->fChainedTransfer = false;
4316 while (!pCtl->fShutdown)
4317 {
4318 /* Keep this thread from doing anything as long as EMT is suspended. */
4319 while (pCtl->fRedoIdle)
4320 {
4321 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4322 /* Continue if we got a signal by RTThreadPoke().
4323 * We will get notified if there is a request to process.
4324 */
4325 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4326 continue;
4327 if (RT_FAILURE(rc) || pCtl->fShutdown)
4328 break;
4329
4330 pCtl->fRedoIdle = false;
4331 }
4332
4333 /* Wait for work. */
4334 while (pReq == NULL)
4335 {
4336 LogBird(("ata: %x: going to sleep...\n", pCtl->IOPortBase1));
4337 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4338 LogBird(("ata: %x: waking up\n", pCtl->IOPortBase1));
4339 /* Continue if we got a signal by RTThreadPoke().
4340 * We will get notified if there is a request to process.
4341 */
4342 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4343 continue;
4344 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4345 break;
4346
4347 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4348 }
4349
4350 if (RT_FAILURE(rc) || pCtl->fShutdown)
4351 break;
4352
4353 if (pReq == NULL)
4354 continue;
4355
4356 ATAAIO ReqType = pReq->ReqType;
4357
4358 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4359 if (pCtl->uAsyncIOState != ReqType)
4360 {
4361 /* The new state is not the state that was expected by the normal
4362 * state changes. This is either a RESET/ABORT or there's something
4363 * really strange going on. */
4364 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4365 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4366 {
4367 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4368 ataAsyncIODumpRequests(pCtl);
4369 }
4370 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4371 }
4372
4373 /* Do our work. */
4374 {
4375 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4376 LogBird(("ata: %x: entering critsect\n", pCtl->IOPortBase1));
4377 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4378 LogBird(("ata: %x: entered\n", pCtl->IOPortBase1));
4379 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4380 }
4381
4382 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4383 {
4384 u64TS = RTTimeNanoTS();
4385#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4386 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4387#endif /* DEBUG || VBOX_WITH_STATISTICS */
4388 }
4389
4390 switch (ReqType)
4391 {
4392 case ATA_AIO_NEW:
4393
4394 pCtl->iAIOIf = pReq->u.t.iIf;
4395 s = &pCtl->aIfs[pCtl->iAIOIf];
4396 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4397 s->uTxDir = pReq->u.t.uTxDir;
4398 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4399 s->iSourceSink = pReq->u.t.iSourceSink;
4400 s->iIOBufferEnd = 0;
4401 s->u64CmdTS = u64TS;
4402
4403 if (s->fATAPI)
4404 {
4405 if (pCtl->fChainedTransfer)
4406 {
4407 /* Only count the actual transfers, not the PIO
4408 * transfer of the ATAPI command bytes. */
4409 if (s->fDMA)
4410 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4411 else
4412 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4413 }
4414 }
4415 else
4416 {
4417 if (s->fDMA)
4418 STAM_REL_COUNTER_INC(&s->StatATADMA);
4419 else
4420 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4421 }
4422
4423 pCtl->fChainedTransfer = false;
4424
4425 if (s->iBeginTransfer != ATAFN_BT_NULL)
4426 {
4427 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4428 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4429 s->iBeginTransfer = ATAFN_BT_NULL;
4430 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4431 s->iIOBufferEnd = s->cbElementaryTransfer;
4432 }
4433 else
4434 {
4435 s->cbElementaryTransfer = s->cbTotalTransfer;
4436 s->iIOBufferEnd = s->cbTotalTransfer;
4437 }
4438 s->iIOBufferCur = 0;
4439
4440 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4441 {
4442 if (s->iSourceSink != ATAFN_SS_NULL)
4443 {
4444 bool fRedo;
4445 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4446 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4447 pCtl->fRedo = fRedo;
4448 if (RT_UNLIKELY(fRedo))
4449 {
4450 /* Operation failed at the initial transfer, restart
4451 * everything from scratch by resending the current
4452 * request. Occurs very rarely, not worth optimizing. */
4453 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4454 ataAsyncIOPutRequest(pCtl, pReq);
4455 ataSuspendRedo(pCtl);
4456 break;
4457 }
4458 }
4459 else
4460 ataCmdOK(s, 0);
4461 s->iIOBufferEnd = s->cbElementaryTransfer;
4462
4463 }
4464
4465 /* Do not go into the transfer phase if RESET is asserted.
4466 * The CritSect is released while waiting for the host OS
4467 * to finish the I/O, thus RESET is possible here. Most
4468 * important: do not change uAsyncIOState. */
4469 if (pCtl->fReset)
4470 break;
4471
4472 if (s->fDMA)
4473 {
4474 if (s->cbTotalTransfer)
4475 {
4476 ataSetStatus(s, ATA_STAT_DRQ);
4477
4478 pCtl->uAsyncIOState = ATA_AIO_DMA;
4479 /* If BMDMA is already started, do the transfer now. */
4480 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4481 {
4482 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4483 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4484 }
4485 }
4486 else
4487 {
4488 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4489 /* Finish DMA transfer. */
4490 ataDMATransferStop(s);
4491 ataSetIRQ(s);
4492 pCtl->uAsyncIOState = ATA_AIO_NEW;
4493 }
4494 }
4495 else
4496 {
4497 if (s->cbTotalTransfer)
4498 {
4499 ataPIOTransfer(pCtl);
4500 Assert(!pCtl->fRedo);
4501 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4502 ataSetIRQ(s);
4503
4504 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4505 {
4506 /* Write operations and not yet finished transfers
4507 * must be completed in the async I/O thread. */
4508 pCtl->uAsyncIOState = ATA_AIO_PIO;
4509 }
4510 else
4511 {
4512 /* Finished read operation can be handled inline
4513 * in the end of PIO transfer handling code. Linux
4514 * depends on this, as it waits only briefly for
4515 * devices to become ready after incoming data
4516 * transfer. Cannot find anything in the ATA spec
4517 * that backs this assumption, but as all kernels
4518 * are affected (though most of the time it does
4519 * not cause any harm) this must work. */
4520 pCtl->uAsyncIOState = ATA_AIO_NEW;
4521 }
4522 }
4523 else
4524 {
4525 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4526 /* Finish PIO transfer. */
4527 ataPIOTransfer(pCtl);
4528 Assert(!pCtl->fRedo);
4529 if (!s->fATAPITransfer)
4530 ataSetIRQ(s);
4531 pCtl->uAsyncIOState = ATA_AIO_NEW;
4532 }
4533 }
4534 break;
4535
4536 case ATA_AIO_DMA:
4537 {
4538 BMDMAState *bm = &pCtl->BmDma;
4539 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4540 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4541
4542 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4543 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4544 else
4545 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4546
4547 if (RT_LIKELY(!pCtl->fRedo))
4548 {
4549 /* The specs say that the descriptor table must not cross a
4550 * 4K boundary. */
4551 pCtl->pFirstDMADesc = bm->pvAddr;
4552 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4553 }
4554 ataDMATransfer(pCtl);
4555
4556 if (RT_UNLIKELY(pCtl->fRedo))
4557 {
4558 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4559 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4560 ataSuspendRedo(pCtl);
4561 break;
4562 }
4563
4564 /* The infamous delay IRQ hack. */
4565 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4566 && s->cbTotalTransfer == 0
4567 && pCtl->DelayIRQMillies)
4568 {
4569 /* Delay IRQ for writing. Required to get the Win2K
4570 * installation work reliably (otherwise it crashes,
4571 * usually during component install). So far no better
4572 * solution has been found. */
4573 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4574 PDMCritSectLeave(&pCtl->lock);
4575 RTThreadSleep(pCtl->DelayIRQMillies);
4576 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4577 }
4578
4579 ataUnsetStatus(s, ATA_STAT_DRQ);
4580 Assert(!pCtl->fChainedTransfer);
4581 Assert(s->iSourceSink == ATAFN_SS_NULL);
4582 if (s->fATAPITransfer)
4583 {
4584 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4585 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4586 s->fATAPITransfer = false;
4587 }
4588 ataSetIRQ(s);
4589 pCtl->uAsyncIOState = ATA_AIO_NEW;
4590 break;
4591 }
4592
4593 case ATA_AIO_PIO:
4594 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4595
4596 if (s->iSourceSink != ATAFN_SS_NULL)
4597 {
4598 bool fRedo;
4599 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4600 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4601 pCtl->fRedo = fRedo;
4602 if (RT_UNLIKELY(fRedo))
4603 {
4604 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4605 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4606 ataSuspendRedo(pCtl);
4607 break;
4608 }
4609 s->iIOBufferCur = 0;
4610 s->iIOBufferEnd = s->cbElementaryTransfer;
4611 }
4612 else
4613 {
4614 /* Continue a previously started transfer. */
4615 ataUnsetStatus(s, ATA_STAT_BUSY);
4616 ataSetStatus(s, ATA_STAT_READY);
4617 }
4618
4619 /* It is possible that the drives on this controller get RESET
4620 * during the above call to the source/sink function. If that's
4621 * the case, don't restart the transfer and don't finish it the
4622 * usual way. RESET handling took care of all that already.
4623 * Most important: do not change uAsyncIOState. */
4624 if (pCtl->fReset)
4625 break;
4626
4627 if (s->cbTotalTransfer)
4628 {
4629 ataPIOTransfer(pCtl);
4630 ataSetIRQ(s);
4631
4632 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4633 {
4634 /* Write operations and not yet finished transfers
4635 * must be completed in the async I/O thread. */
4636 pCtl->uAsyncIOState = ATA_AIO_PIO;
4637 }
4638 else
4639 {
4640 /* Finished read operation can be handled inline
4641 * in the end of PIO transfer handling code. Linux
4642 * depends on this, as it waits only briefly for
4643 * devices to become ready after incoming data
4644 * transfer. Cannot find anything in the ATA spec
4645 * that backs this assumption, but as all kernels
4646 * are affected (though most of the time it does
4647 * not cause any harm) this must work. */
4648 pCtl->uAsyncIOState = ATA_AIO_NEW;
4649 }
4650 }
4651 else
4652 {
4653 /* Finish PIO transfer. */
4654 ataPIOTransfer(pCtl);
4655 if ( !pCtl->fChainedTransfer
4656 && !s->fATAPITransfer
4657 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4658 {
4659 ataSetIRQ(s);
4660 }
4661 pCtl->uAsyncIOState = ATA_AIO_NEW;
4662 }
4663 break;
4664
4665 case ATA_AIO_RESET_ASSERTED:
4666 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4667 ataPIOTransferStop(&pCtl->aIfs[0]);
4668 ataPIOTransferStop(&pCtl->aIfs[1]);
4669 /* Do not change the DMA registers, they are not affected by the
4670 * ATA controller reset logic. It should be sufficient to issue a
4671 * new command, which is now possible as the state is cleared. */
4672 break;
4673
4674 case ATA_AIO_RESET_CLEARED:
4675 pCtl->uAsyncIOState = ATA_AIO_NEW;
4676 pCtl->fReset = false;
4677 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4678 ATACONTROLLER_IDX(pCtl)));
4679 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4680 {
4681 if (pCtl->aIfs[i].fATAPI)
4682 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4683 else
4684 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4685 ataSetSignature(&pCtl->aIfs[i]);
4686 }
4687 break;
4688
4689 case ATA_AIO_ABORT:
4690 /* Abort the current command only if it operates on the same interface. */
4691 if (pCtl->iAIOIf == pReq->u.a.iIf)
4692 {
4693 s = &pCtl->aIfs[pCtl->iAIOIf];
4694
4695 pCtl->uAsyncIOState = ATA_AIO_NEW;
4696 /* Do not change the DMA registers, they are not affected by the
4697 * ATA controller reset logic. It should be sufficient to issue a
4698 * new command, which is now possible as the state is cleared. */
4699 if (pReq->u.a.fResetDrive)
4700 {
4701 ataResetDevice(s);
4702 ataExecuteDeviceDiagnosticSS(s);
4703 }
4704 else
4705 {
4706 ataPIOTransferStop(s);
4707 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4708 ataSetStatus(s, ATA_STAT_READY);
4709 ataSetIRQ(s);
4710 }
4711 }
4712 break;
4713
4714 default:
4715 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4716 }
4717
4718 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4719 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4720
4721 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4722 {
4723#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4724 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4725#endif /* DEBUG || VBOX_WITH_STATISTICS */
4726
4727 u64TS = RTTimeNanoTS() - u64TS;
4728 uWait = u64TS / 1000;
4729 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4730 /* Mark command as finished. */
4731 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4732
4733 /*
4734 * Release logging of command execution times depends on the
4735 * command type. ATAPI commands often take longer (due to CD/DVD
4736 * spin up time etc.) so the threshold is different.
4737 */
4738 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4739 {
4740 if (uWait > 8 * 1000 * 1000)
4741 {
4742 /*
4743 * Command took longer than 8 seconds. This is close
4744 * enough or over the guest's command timeout, so place
4745 * an entry in the release log to allow tracking such
4746 * timing errors (which are often caused by the host).
4747 */
4748 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
4749 }
4750 }
4751 else
4752 {
4753 if (uWait > 20 * 1000 * 1000)
4754 {
4755 /*
4756 * Command took longer than 20 seconds. This is close
4757 * enough or over the guest's command timeout, so place
4758 * an entry in the release log to allow tracking such
4759 * timing errors (which are often caused by the host).
4760 */
4761 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
4762 }
4763 }
4764
4765#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4766 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
4767 pCtl->StatAsyncMinWait = uWait;
4768 if (uWait > pCtl->StatAsyncMaxWait)
4769 pCtl->StatAsyncMaxWait = uWait;
4770
4771 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
4772 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
4773#endif /* DEBUG || VBOX_WITH_STATISTICS */
4774 }
4775
4776 LogBird(("ata: %x: leaving critsect\n", pCtl->IOPortBase1));
4777 PDMCritSectLeave(&pCtl->lock);
4778 }
4779
4780 /* Cleanup the state. */
4781 if (pCtl->AsyncIOSem)
4782 {
4783 RTSemEventDestroy(pCtl->AsyncIOSem);
4784 pCtl->AsyncIOSem = NIL_RTSEMEVENT;
4785 }
4786 if (pCtl->SuspendIOSem)
4787 {
4788 RTSemEventDestroy(pCtl->SuspendIOSem);
4789 pCtl->SuspendIOSem = NIL_RTSEMEVENT;
4790 }
4791 /* Do not destroy request mutex yet, still needed for proper shutdown. */
4792 pCtl->fShutdown = false;
4793 /* This must be last, as it also signals thread exit to EMT. */
4794 pCtl->AsyncIOThread = NIL_RTTHREAD;
4795
4796 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
4797 return rc;
4798}
4799
4800#endif /* IN_RING3 */
4801
4802static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
4803{
4804 uint32_t val = pCtl->BmDma.u8Cmd;
4805 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4806 return val;
4807}
4808
4809
4810static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4811{
4812 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4813 if (!(val & BM_CMD_START))
4814 {
4815 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4816 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4817 }
4818 else
4819 {
4820#ifdef IN_RING3
4821 /* Check whether the guest OS wants to change DMA direction in
4822 * mid-flight. Not allowed, according to the PIIX3 specs. */
4823 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
4824 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
4825 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4826
4827 /* Do not continue DMA transfers while the RESET line is asserted. */
4828 if (pCtl->fReset)
4829 {
4830 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4831 return;
4832 }
4833
4834 /* Do not start DMA transfers if there's a PIO transfer going on. */
4835 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
4836 return;
4837
4838 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
4839 {
4840 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4841 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4842 }
4843#else /* !IN_RING3 */
4844 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
4845#endif /* IN_RING3 */
4846 }
4847}
4848
4849static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
4850{
4851 uint32_t val = pCtl->BmDma.u8Status;
4852 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4853 return val;
4854}
4855
4856static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4857{
4858 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4859 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
4860 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
4861 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
4862}
4863
4864static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
4865{
4866 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
4867 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4868 return val;
4869}
4870
4871static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4872{
4873 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4874 pCtl->BmDma.pvAddr = val & ~3;
4875}
4876
4877static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4878{
4879 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4880 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
4881
4882}
4883
4884static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4885{
4886 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4887 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
4888}
4889
4890#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
4891
4892/**
4893 * Port I/O Handler for bus master DMA IN operations.
4894 * @see FNIOMIOPORTIN for details.
4895 */
4896PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
4897{
4898 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4899 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4900 PATACONTROLLER pCtl = &pThis->aCts[i];
4901 int rc;
4902
4903 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
4904 if (rc != VINF_SUCCESS)
4905 return rc;
4906 switch (VAL(Port, cb))
4907 {
4908 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4909 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4910 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4911 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4912 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
4913 case VAL(0, 4):
4914 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
4915 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
4916 break;
4917 default:
4918 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
4919 PDMCritSectLeave(&pCtl->lock);
4920 return VERR_IOM_IOPORT_UNUSED;
4921 }
4922 PDMCritSectLeave(&pCtl->lock);
4923 return rc;
4924}
4925
4926/**
4927 * Port I/O Handler for bus master DMA OUT operations.
4928 * @see FNIOMIOPORTOUT for details.
4929 */
4930PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
4931{
4932 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4933 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4934 PATACONTROLLER pCtl = &pThis->aCts[i];
4935 int rc;
4936
4937 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
4938 if (rc != VINF_SUCCESS)
4939 return rc;
4940 switch (VAL(Port, cb))
4941 {
4942 case VAL(0, 1):
4943#ifndef IN_RING3
4944 if (u32 & BM_CMD_START)
4945 {
4946 rc = VINF_IOM_HC_IOPORT_WRITE;
4947 break;
4948 }
4949#endif /* !IN_RING3 */
4950 ataBMDMACmdWriteB(pCtl, Port, u32);
4951 break;
4952 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
4953 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
4954 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
4955 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
4956 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
4957 }
4958 PDMCritSectLeave(&pCtl->lock);
4959 return rc;
4960}
4961
4962#undef VAL
4963
4964#ifdef IN_RING3
4965
4966/**
4967 * Callback function for mapping an PCI I/O region.
4968 *
4969 * @return VBox status code.
4970 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
4971 * @param iRegion The region number.
4972 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
4973 * I/O port, else it's a physical address.
4974 * This address is *NOT* relative to pci_mem_base like earlier!
4975 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
4976 */
4977static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
4978{
4979 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
4980 int rc = VINF_SUCCESS;
4981 Assert(enmType == PCI_ADDRESS_SPACE_IO);
4982 Assert(iRegion == 4);
4983 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
4984
4985 /* Register the port range. */
4986 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
4987 {
4988 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4989 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
4990 AssertRC(rc2);
4991 if (rc2 < rc)
4992 rc = rc2;
4993
4994 if (pThis->fGCEnabled)
4995 {
4996 rc2 = PDMDevHlpIOPortRegisterGC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
4997 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
4998 AssertRC(rc2);
4999 if (rc2 < rc)
5000 rc = rc2;
5001 }
5002 if (pThis->fR0Enabled)
5003 {
5004 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5005 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5006 AssertRC(rc2);
5007 if (rc2 < rc)
5008 rc = rc2;
5009 }
5010 }
5011 return rc;
5012}
5013
5014
5015/**
5016 * Reset notification.
5017 *
5018 * @returns VBox status.
5019 * @param pDevIns The device instance data.
5020 */
5021static DECLCALLBACK(void) ataReset(PPDMDEVINS pDevIns)
5022{
5023 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5024
5025 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5026 {
5027 pThis->aCts[i].iSelectedIf = 0;
5028 pThis->aCts[i].iAIOIf = 0;
5029 pThis->aCts[i].BmDma.u8Cmd = 0;
5030 /* Report that both drives present on the bus are in DMA mode. This
5031 * pretends that there is a BIOS that has set it up. Normal reset
5032 * default is 0x00. */
5033 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
5034 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
5035 pThis->aCts[i].BmDma.pvAddr = 0;
5036
5037 pThis->aCts[i].fReset = true;
5038 pThis->aCts[i].fRedo = false;
5039 pThis->aCts[i].fRedoIdle = false;
5040 ataAsyncIOClearRequests(&pThis->aCts[i]);
5041 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
5042 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetARequest);
5043 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetCRequest);
5044 if (!ataWaitForAsyncIOIsIdle(&pThis->aCts[i], 30000))
5045 {
5046 VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
5047 false, "DevATA_ASYNCBUSY",
5048 N_("The IDE async I/O thread remained busy after a reset, usually a host filesystem performance problem\n"));
5049 AssertMsgFailed(("Async I/O thread busy after reset\n"));
5050 }
5051
5052 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5053 ataResetDevice(&pThis->aCts[i].aIfs[j]);
5054 }
5055}
5056
5057
5058/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5059
5060/**
5061 * Queries an interface to the driver.
5062 *
5063 * @returns Pointer to interface.
5064 * @returns NULL if the interface was not supported by the device.
5065 * @param pInterface Pointer to ATADevState::IBase.
5066 * @param enmInterface The requested interface identification.
5067 */
5068static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5069{
5070 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5071 switch (enmInterface)
5072 {
5073 case PDMINTERFACE_BASE:
5074 return &pThis->IBase;
5075 case PDMINTERFACE_LED_PORTS:
5076 return &pThis->ILeds;
5077 default:
5078 return NULL;
5079 }
5080}
5081
5082
5083/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5084
5085/**
5086 * Gets the pointer to the status LED of a unit.
5087 *
5088 * @returns VBox status code.
5089 * @param pInterface Pointer to the interface structure containing the called function pointer.
5090 * @param iLUN The unit which status LED we desire.
5091 * @param ppLed Where to store the LED pointer.
5092 */
5093static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5094{
5095 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5096 if (iLUN < 4)
5097 {
5098 switch (iLUN)
5099 {
5100 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5101 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5102 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5103 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5104 }
5105 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5106 return VINF_SUCCESS;
5107 }
5108 return VERR_PDM_LUN_NOT_FOUND;
5109}
5110
5111
5112/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5113
5114/**
5115 * Queries an interface to the driver.
5116 *
5117 * @returns Pointer to interface.
5118 * @returns NULL if the interface was not supported by the device.
5119 * @param pInterface Pointer to ATADevState::IBase.
5120 * @param enmInterface The requested interface identification.
5121 */
5122static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5123{
5124 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5125 switch (enmInterface)
5126 {
5127 case PDMINTERFACE_BASE:
5128 return &pIf->IBase;
5129 case PDMINTERFACE_BLOCK_PORT:
5130 return &pIf->IPort;
5131 case PDMINTERFACE_MOUNT_NOTIFY:
5132 return &pIf->IMountNotify;
5133 default:
5134 return NULL;
5135 }
5136}
5137
5138#endif /* IN_RING3 */
5139
5140
5141/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5142
5143/**
5144 * Port I/O Handler for primary port range OUT operations.
5145 * @see FNIOMIOPORTOUT for details.
5146 */
5147PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5148{
5149 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5150 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5151 PATACONTROLLER pCtl = &pThis->aCts[i];
5152 int rc = VINF_SUCCESS;
5153
5154 Assert(i < 2);
5155
5156 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5157 if (rc != VINF_SUCCESS)
5158 return rc;
5159 if (cb == 1)
5160 rc = ataIOPortWriteU8(pCtl, Port, u32);
5161 else if (Port == pCtl->IOPortBase1)
5162 {
5163 Assert(cb == 2 || cb == 4);
5164 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5165 }
5166 else
5167 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5168 LogBird(("ata: leaving critsect\n"));
5169 PDMCritSectLeave(&pCtl->lock);
5170 LogBird(("ata: left critsect\n"));
5171 return rc;
5172}
5173
5174
5175/**
5176 * Port I/O Handler for primary port range IN operations.
5177 * @see FNIOMIOPORTIN for details.
5178 */
5179PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5180{
5181 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5182 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5183 PATACONTROLLER pCtl = &pThis->aCts[i];
5184 int rc = VINF_SUCCESS;
5185
5186 Assert(i < 2);
5187
5188 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5189 if (rc != VINF_SUCCESS)
5190 return rc;
5191 if (cb == 1)
5192 {
5193 rc = ataIOPortReadU8(pCtl, Port, pu32);
5194 }
5195 else if (Port == pCtl->IOPortBase1)
5196 {
5197 Assert(cb == 2 || cb == 4);
5198 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5199 if (cb == 2)
5200 *pu32 &= 0xffff;
5201 }
5202 else
5203 {
5204 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5205 rc = VERR_IOM_IOPORT_UNUSED;
5206 }
5207 PDMCritSectLeave(&pCtl->lock);
5208 return rc;
5209}
5210
5211#ifndef IN_RING0
5212/**
5213 * Port I/O Handler for primary port range IN string operations.
5214 * @see FNIOMIOPORTINSTRING for details.
5215 */
5216PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5217{
5218 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5219 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5220 PATACONTROLLER pCtl = &pThis->aCts[i];
5221 int rc = VINF_SUCCESS;
5222
5223 Assert(i < 2);
5224
5225 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5226 if (rc != VINF_SUCCESS)
5227 return rc;
5228 if (Port == pCtl->IOPortBase1)
5229 {
5230 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5231 RTGCPTR GCDst = *pGCPtrDst;
5232 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5233 Assert(cb == 2 || cb == 4);
5234
5235 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5236#ifndef IN_RING3
5237 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5238 cTransAvailable--;
5239#endif /* !IN_RING3 */
5240 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5241 * They are not performance-critical and generally shouldn't occur at all. */
5242 if (cTransAvailable > cTransfer)
5243 cTransAvailable = cTransfer;
5244 cbTransfer = cTransAvailable * cb;
5245
5246#ifdef IN_RC
5247 for (uint32_t i = 0; i < cbTransfer; i += cb)
5248 MMGCRamWriteNoTrapHandler((char *)GCDst + i, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, cb);
5249#else /* !IN_RC */
5250 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVM(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5251 Assert(rc == VINF_SUCCESS);
5252#endif /* IN_RC */
5253
5254 if (cbTransfer)
5255 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5256 s->iIOBufferPIODataStart += cbTransfer;
5257 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5258 *pcTransfer = cTransfer - cTransAvailable;
5259#ifdef IN_RING3
5260 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5261 ataPIOTransferFinish(pCtl, s);
5262#endif /* IN_RING3 */
5263 }
5264 PDMCritSectLeave(&pCtl->lock);
5265 return rc;
5266}
5267
5268
5269/**
5270 * Port I/O Handler for primary port range OUT string operations.
5271 * @see FNIOMIOPORTOUTSTRING for details.
5272 */
5273PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5274{
5275 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5276 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5277 PATACONTROLLER pCtl = &pThis->aCts[i];
5278 int rc;
5279
5280 Assert(i < 2);
5281
5282 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5283 if (rc != VINF_SUCCESS)
5284 return rc;
5285 if (Port == pCtl->IOPortBase1)
5286 {
5287 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5288 RTGCPTR GCSrc = *pGCPtrSrc;
5289 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5290 Assert(cb == 2 || cb == 4);
5291
5292 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5293#ifndef IN_RING3
5294 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5295 cTransAvailable--;
5296#endif /* !IN_RING3 */
5297 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5298 * They are not performance-critical and generally shouldn't occur at all. */
5299 if (cTransAvailable > cTransfer)
5300 cTransAvailable = cTransfer;
5301 cbTransfer = cTransAvailable * cb;
5302
5303#ifdef IN_RC
5304 for (uint32_t i = 0; i < cbTransfer; i += cb)
5305 MMGCRamReadNoTrapHandler(s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, (char *)GCSrc + i, cb);
5306#else /* !IN_RC */
5307 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVM(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5308 Assert(rc == VINF_SUCCESS);
5309#endif /* IN_RC */
5310
5311 if (cbTransfer)
5312 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5313 s->iIOBufferPIODataStart += cbTransfer;
5314 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5315 *pcTransfer = cTransfer - cTransAvailable;
5316#ifdef IN_RING3
5317 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5318 ataPIOTransferFinish(pCtl, s);
5319#endif /* IN_RING3 */
5320 }
5321 PDMCritSectLeave(&pCtl->lock);
5322 return rc;
5323}
5324#endif /* !IN_RING0 */
5325
5326/**
5327 * Port I/O Handler for secondary port range OUT operations.
5328 * @see FNIOMIOPORTOUT for details.
5329 */
5330PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5331{
5332 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5333 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5334 PATACONTROLLER pCtl = &pThis->aCts[i];
5335 int rc;
5336
5337 Assert(i < 2);
5338
5339 if (cb != 1)
5340 return VINF_SUCCESS;
5341 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5342 if (rc != VINF_SUCCESS)
5343 return rc;
5344 rc = ataControlWrite(pCtl, Port, u32);
5345 PDMCritSectLeave(&pCtl->lock);
5346 return rc;
5347}
5348
5349
5350/**
5351 * Port I/O Handler for secondary port range IN operations.
5352 * @see FNIOMIOPORTIN for details.
5353 */
5354PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5355{
5356 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5357 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5358 PATACONTROLLER pCtl = &pThis->aCts[i];
5359 int rc;
5360
5361 Assert(i < 2);
5362
5363 if (cb != 1)
5364 return VERR_IOM_IOPORT_UNUSED;
5365
5366 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5367 if (rc != VINF_SUCCESS)
5368 return rc;
5369 *pu32 = ataStatusRead(pCtl, Port);
5370 PDMCritSectLeave(&pCtl->lock);
5371 return VINF_SUCCESS;
5372}
5373
5374#ifdef IN_RING3
5375
5376/**
5377 * Waits for all async I/O threads to complete whatever they
5378 * are doing at the moment.
5379 *
5380 * @returns true on success.
5381 * @returns false when one or more threads is still processing.
5382 * @param pThis Pointer to the instance data.
5383 * @param cMillies How long to wait (total).
5384 */
5385static bool ataWaitForAllAsyncIOIsIdle(PPDMDEVINS pDevIns, unsigned cMillies)
5386{
5387 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5388 bool fVMLocked;
5389 uint64_t u64Start;
5390 PATACONTROLLER pCtl;
5391 bool fAllIdle = false;
5392
5393 /* The only way to deal cleanly with the VM lock is to check whether
5394 * it is owned now (it always is owned by EMT, which is the current
5395 * thread). Since this function is called several times during VM
5396 * shutdown, and the VM lock is only held for the first call (which
5397 * can be either from ataPowerOff or ataSuspend), there is no other
5398 * reasonable solution. */
5399 fVMLocked = VMMR3LockIsOwner(PDMDevHlpGetVM(pDevIns));
5400
5401 if (fVMLocked)
5402 pDevIns->pDevHlpR3->pfnUnlockVM(pDevIns);
5403 /*
5404 * Wait for any pending async operation to finish
5405 */
5406 u64Start = RTTimeMilliTS();
5407 for (;;)
5408 {
5409 /* Check all async I/O threads. */
5410 fAllIdle = true;
5411 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5412 {
5413 pCtl = &pThis->aCts[i];
5414
5415 /*
5416 * Only check if the thread is idling if the request mutex is set up.
5417 * It is possible that the creation of the first controller failed and that
5418 * the request mutex is not initialized on the second one yet
5419 * But it would be called without the following check.
5420 */
5421 if (pCtl->AsyncIORequestMutex != NIL_RTSEMEVENT)
5422 {
5423 fAllIdle &= ataAsyncIOIsIdle(pCtl, false);
5424 if (!fAllIdle)
5425 break;
5426 }
5427 }
5428 if ( fAllIdle
5429 || RTTimeMilliTS() - u64Start >= cMillies)
5430 break;
5431
5432 /* Sleep for a bit. */
5433 RTThreadSleep(100);
5434 }
5435
5436 if (fVMLocked)
5437 pDevIns->pDevHlpR3->pfnLockVM(pDevIns);
5438
5439 if (!fAllIdle)
5440 LogRel(("PIIX3 ATA: Ctl#%d is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5441 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
5442 pCtl->aIfs[0].uATARegCommand, pCtl->aIfs[1].uATARegCommand));
5443
5444 return fAllIdle;
5445}
5446
5447
5448DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5449{
5450 if (s->pbIOBufferR3)
5451 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5452}
5453
5454
5455/**
5456 * @copydoc FNPDMDEVRELOCATE
5457 */
5458static DECLCALLBACK(void) ataRelocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5459{
5460 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5461
5462 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5463 {
5464 pThis->aCts[i].pDevInsRC += offDelta;
5465 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5466 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5467 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5468 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5469 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5470 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5471 }
5472}
5473
5474
5475/**
5476 * Destroy a driver instance.
5477 *
5478 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5479 * resources can be freed correctly.
5480 *
5481 * @param pDevIns The device instance data.
5482 */
5483static DECLCALLBACK(int) ataDestruct(PPDMDEVINS pDevIns)
5484{
5485 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5486 int rc;
5487
5488 Log(("%s:\n", __FUNCTION__));
5489
5490 /*
5491 * Terminate all async helper threads
5492 */
5493 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5494 {
5495 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5496 {
5497 ASMAtomicXchgU32(&pThis->aCts[i].fShutdown, true);
5498 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5499 AssertRC(rc);
5500 }
5501 }
5502
5503 /*
5504 * Wait for them to complete whatever they are doing and then
5505 * for them to terminate.
5506 */
5507 if (ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5508 {
5509 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5510 {
5511 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5512 AssertMsgRC(rc || rc == VERR_INVALID_HANDLE, ("rc=%Rrc i=%d\n", rc, i));
5513 }
5514 }
5515 else
5516 AssertMsgFailed(("Async I/O is still busy!\n"));
5517
5518 /*
5519 * Now the request mutexes are no longer needed. Free resources.
5520 */
5521 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5522 {
5523 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMEVENT)
5524 {
5525 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5526 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
5527 }
5528 }
5529 return VINF_SUCCESS;
5530}
5531
5532
5533/**
5534 * Detach notification.
5535 *
5536 * The DVD drive has been unplugged.
5537 *
5538 * @param pDevIns The device instance.
5539 * @param iLUN The logical unit which is being detached.
5540 */
5541static DECLCALLBACK(void) ataDetach(PPDMDEVINS pDevIns, unsigned iLUN)
5542{
5543 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5544 PATACONTROLLER pCtl;
5545 ATADevState *pIf;
5546 unsigned iController;
5547 unsigned iInterface;
5548
5549 /*
5550 * Locate the controller and stuff.
5551 */
5552 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5553 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5554 pCtl = &pThis->aCts[iController];
5555
5556 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5557 pIf = &pCtl->aIfs[iInterface];
5558
5559 /*
5560 * Zero some important members.
5561 */
5562 pIf->pDrvBase = NULL;
5563 pIf->pDrvBlock = NULL;
5564 pIf->pDrvBlockBios = NULL;
5565 pIf->pDrvMount = NULL;
5566
5567 /*
5568 * In case there was a medium inserted.
5569 */
5570 ataMediumRemoved(pIf);
5571}
5572
5573
5574/**
5575 * Configure a LUN.
5576 *
5577 * @returns VBox status code.
5578 * @param pDevIns The device instance.
5579 * @param pIf The ATA unit state.
5580 */
5581static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5582{
5583 int rc;
5584 PDMBLOCKTYPE enmType;
5585
5586 /*
5587 * Query Block, Bios and Mount interfaces.
5588 */
5589 pIf->pDrvBlock = (PDMIBLOCK *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK);
5590 if (!pIf->pDrvBlock)
5591 {
5592 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5593 return VERR_PDM_MISSING_INTERFACE;
5594 }
5595
5596 /** @todo implement the BIOS invisible code path. */
5597 pIf->pDrvBlockBios = (PDMIBLOCKBIOS *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK_BIOS);
5598 if (!pIf->pDrvBlockBios)
5599 {
5600 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5601 return VERR_PDM_MISSING_INTERFACE;
5602 }
5603 pIf->pDrvMount = (PDMIMOUNT *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_MOUNT);
5604
5605 /*
5606 * Validate type.
5607 */
5608 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5609 if ( enmType != PDMBLOCKTYPE_CDROM
5610 && enmType != PDMBLOCKTYPE_DVD
5611 && enmType != PDMBLOCKTYPE_HARD_DISK)
5612 {
5613 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5614 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5615 }
5616 if ( ( enmType == PDMBLOCKTYPE_DVD
5617 || enmType == PDMBLOCKTYPE_CDROM)
5618 && !pIf->pDrvMount)
5619 {
5620 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5621 return VERR_INTERNAL_ERROR;
5622 }
5623 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5624 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5625
5626 /*
5627 * Allocate I/O buffer.
5628 */
5629 PVM pVM = PDMDevHlpGetVM(pDevIns);
5630 if (pIf->cbIOBuffer)
5631 {
5632 /* Buffer is (probably) already allocated. Validate the fields,
5633 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5634 if (pIf->fATAPI)
5635 AssertRelease(pIf->cbIOBuffer == _128K);
5636 else
5637 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5638 Assert(pIf->pbIOBufferR3);
5639 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5640 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5641 }
5642 else
5643 {
5644 if (pIf->fATAPI)
5645 pIf->cbIOBuffer = _128K;
5646 else
5647 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5648 Assert(!pIf->pbIOBufferR3);
5649 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5650 if (RT_FAILURE(rc))
5651 return VERR_NO_MEMORY;
5652 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5653 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5654 }
5655
5656 /*
5657 * Init geometry (only for non-CD/DVD media).
5658 */
5659 if (pIf->fATAPI)
5660 {
5661 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5662 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5663 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5664 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5665 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5666 }
5667 else
5668 {
5669 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5670 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5671 &pIf->PCHSGeometry);
5672 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5673 {
5674 pIf->PCHSGeometry.cCylinders = 0;
5675 pIf->PCHSGeometry.cHeads = 16; /*??*/
5676 pIf->PCHSGeometry.cSectors = 63; /*??*/
5677 }
5678 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5679 {
5680 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5681 rc = VINF_SUCCESS;
5682 }
5683 AssertRC(rc);
5684
5685 if ( pIf->PCHSGeometry.cCylinders == 0
5686 || pIf->PCHSGeometry.cHeads == 0
5687 || pIf->PCHSGeometry.cSectors == 0
5688 )
5689 {
5690 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5691 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5692 pIf->PCHSGeometry.cHeads = 16;
5693 pIf->PCHSGeometry.cSectors = 63;
5694 /* Set the disk geometry information. */
5695 rc = pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5696 &pIf->PCHSGeometry);
5697 }
5698 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5699 }
5700 return VINF_SUCCESS;
5701}
5702
5703
5704/**
5705 * Attach command.
5706 *
5707 * This is called when we change block driver for the DVD drive.
5708 *
5709 * @returns VBox status code.
5710 * @param pDevIns The device instance.
5711 * @param iLUN The logical unit which is being detached.
5712 */
5713static DECLCALLBACK(int) ataAttach(PPDMDEVINS pDevIns, unsigned iLUN)
5714{
5715 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5716 PATACONTROLLER pCtl;
5717 ATADevState *pIf;
5718 int rc;
5719 unsigned iController;
5720 unsigned iInterface;
5721
5722 /*
5723 * Locate the controller and stuff.
5724 */
5725 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5726 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5727 pCtl = &pThis->aCts[iController];
5728
5729 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5730 pIf = &pCtl->aIfs[iInterface];
5731
5732 /* the usual paranoia */
5733 AssertRelease(!pIf->pDrvBase);
5734 AssertRelease(!pIf->pDrvBlock);
5735 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5736 Assert(pIf->iLUN == iLUN);
5737
5738 /*
5739 * Try attach the block device and get the interfaces,
5740 * required as well as optional.
5741 */
5742 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5743 if (RT_SUCCESS(rc))
5744 {
5745 rc = ataConfigLun(pDevIns, pIf);
5746 /*
5747 * In case there is a medium inserted.
5748 */
5749 ataMediumInserted(pIf);
5750 }
5751 else
5752 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5753
5754 if (RT_FAILURE(rc))
5755 {
5756 pIf->pDrvBase = NULL;
5757 pIf->pDrvBlock = NULL;
5758 }
5759 return rc;
5760}
5761
5762
5763/**
5764 * Suspend notification.
5765 *
5766 * @returns VBox status.
5767 * @param pDevIns The device instance data.
5768 */
5769static DECLCALLBACK(void) ataSuspend(PPDMDEVINS pDevIns)
5770{
5771 Log(("%s:\n", __FUNCTION__));
5772 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5773 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5774 return;
5775}
5776
5777
5778/**
5779 * Resume notification.
5780 *
5781 * @returns VBox status.
5782 * @param pDevIns The device instance data.
5783 */
5784static DECLCALLBACK(void) ataResume(PPDMDEVINS pDevIns)
5785{
5786 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5787 int rc;
5788
5789 Log(("%s:\n", __FUNCTION__));
5790 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5791 {
5792 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5793 {
5794 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5795 AssertRC(rc);
5796 }
5797 }
5798 return;
5799}
5800
5801
5802/**
5803 * Power Off notification.
5804 *
5805 * @returns VBox status.
5806 * @param pDevIns The device instance data.
5807 */
5808static DECLCALLBACK(void) ataPowerOff(PPDMDEVINS pDevIns)
5809{
5810 Log(("%s:\n", __FUNCTION__));
5811 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5812 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5813 return;
5814}
5815
5816
5817/**
5818 * Prepare state save and load operation.
5819 *
5820 * @returns VBox status code.
5821 * @param pDevIns Device instance of the device which registered the data unit.
5822 * @param pSSM SSM operation handle.
5823 */
5824static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
5825{
5826 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5827
5828 /* sanity - the suspend notification will wait on the async stuff. */
5829 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5830 {
5831 Assert(ataAsyncIOIsIdle(&pThis->aCts[i], false));
5832 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5833 return VERR_SSM_IDE_ASYNC_TIMEOUT;
5834 }
5835 return VINF_SUCCESS;
5836}
5837
5838
5839/**
5840 * Saves a state of the ATA device.
5841 *
5842 * @returns VBox status code.
5843 * @param pDevIns The device instance.
5844 * @param pSSMHandle The handle to save the state to.
5845 */
5846static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle)
5847{
5848 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5849
5850 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5851 {
5852 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iSelectedIf);
5853 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iAIOIf);
5854 SSMR3PutU8(pSSMHandle, pThis->aCts[i].uAsyncIOState);
5855 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fChainedTransfer);
5856 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fReset);
5857 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedo);
5858 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoIdle);
5859 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoDMALastDesc);
5860 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5861 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pFirstDMADesc);
5862 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pLastDMADesc);
5863 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pRedoDMABuffer);
5864 SSMR3PutU32(pSSMHandle, pThis->aCts[i].cbRedoDMABuffer);
5865
5866 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5867 {
5868 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fLBA48);
5869 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPI);
5870 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fIrqPending);
5871 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cMultSectors);
5872 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5873 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5874 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5875 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5876 SSMR3PutU64(pSSMHandle, pThis->aCts[i].aIfs[j].cTotalSectors);
5877 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeature);
5878 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5879 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegError);
5880 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSector);
5881 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5882 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSector);
5883 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5884 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCyl);
5885 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5886 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCyl);
5887 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5888 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSelect);
5889 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegStatus);
5890 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegCommand);
5891 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegDevCtl);
5892 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATATransferMode);
5893 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uTxDir);
5894 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iBeginTransfer);
5895 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iSourceSink);
5896 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fDMA);
5897 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPITransfer);
5898 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbTotalTransfer);
5899 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
5900 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferCur);
5901 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferEnd);
5902 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
5903 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
5904 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iATAPILBA);
5905 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbATAPISector);
5906 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
5907 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5908 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
5909 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].MediaEventStatus);
5910 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
5911 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbIOBuffer);
5912 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
5913 SSMR3PutMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
5914 else
5915 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
5916 }
5917 }
5918 SSMR3PutBool(pSSMHandle, pThis->fPIIX4);
5919
5920 return SSMR3PutU32(pSSMHandle, ~0); /* sanity/terminator */
5921}
5922
5923
5924/**
5925 * Loads a saved ATA device state.
5926 *
5927 * @returns VBox status code.
5928 * @param pDevIns The device instance.
5929 * @param pSSMHandle The handle to the saved state.
5930 * @param u32Version The data unit version number.
5931 */
5932static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle, uint32_t u32Version)
5933{
5934 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5935 int rc;
5936 uint32_t u32;
5937
5938 if ( u32Version != ATA_SAVED_STATE_VERSION
5939 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
5940 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
5941 {
5942 AssertMsgFailed(("u32Version=%d\n", u32Version));
5943 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
5944 }
5945
5946 /*
5947 * Restore valid parts of the PCIATAState structure
5948 */
5949 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5950 {
5951 /* integrity check */
5952 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5953 {
5954 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
5955 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
5956 return rc;
5957 }
5958
5959 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iSelectedIf);
5960 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iAIOIf);
5961 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].uAsyncIOState);
5962 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].fChainedTransfer);
5963 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fReset);
5964 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedo);
5965 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoIdle);
5966 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
5967 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5968 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pFirstDMADesc);
5969 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pLastDMADesc);
5970 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pRedoDMABuffer);
5971 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].cbRedoDMABuffer);
5972
5973 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5974 {
5975 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fLBA48);
5976 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPI);
5977 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fIrqPending);
5978 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cMultSectors);
5979 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5980 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5981 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5982 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5983 SSMR3GetU64(pSSMHandle, &pThis->aCts[i].aIfs[j].cTotalSectors);
5984 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeature);
5985 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5986 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegError);
5987 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSector);
5988 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5989 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSector);
5990 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5991 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCyl);
5992 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5993 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCyl);
5994 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5995 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSelect);
5996 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegStatus);
5997 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegCommand);
5998 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
5999 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATATransferMode);
6000 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uTxDir);
6001 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6002 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iSourceSink);
6003 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fDMA);
6004 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6005 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6006 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6007 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6008 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6009 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6010 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6011 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iATAPILBA);
6012 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbATAPISector);
6013 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6014 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6015 {
6016 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6017 }
6018 else
6019 {
6020 uint8_t uATAPISenseKey, uATAPIASC;
6021 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6022 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6023 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6024 SSMR3GetU8(pSSMHandle, &uATAPISenseKey);
6025 SSMR3GetU8(pSSMHandle, &uATAPIASC);
6026 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6027 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6028 }
6029 /** @todo triple-check this hack after passthrough is working */
6030 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6031 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6032 SSMR3GetU32(pSSMHandle, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6033 else
6034 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6035 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6036 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6037 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6038 {
6039 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6040 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6041 else
6042 {
6043 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6044 if (SSMR3HandleGetAfter(pSSMHandle) != SSMAFTER_DEBUG_IT)
6045 return VERR_SSM_LOAD_CONFIG_MISMATCH;
6046
6047 /* skip the buffer if we're loading for the debugger / animator. */
6048 uint8_t u8Ignored;
6049 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6050 while (cbLeft-- > 0)
6051 SSMR3GetU8(pSSMHandle, &u8Ignored);
6052 }
6053 }
6054 else
6055 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6056 }
6057 }
6058 SSMR3GetBool(pSSMHandle, &pThis->fPIIX4);
6059
6060 rc = SSMR3GetU32(pSSMHandle, &u32);
6061 if (RT_FAILURE(rc))
6062 return rc;
6063 if (u32 != ~0U)
6064 {
6065 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6066 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6067 return rc;
6068 }
6069
6070 return VINF_SUCCESS;
6071}
6072
6073
6074/**
6075 * Construct a device instance for a VM.
6076 *
6077 * @returns VBox status.
6078 * @param pDevIns The device instance data.
6079 * If the registration structure is needed, pDevIns->pDevReg points to it.
6080 * @param iInstance Instance number. Use this to figure out which registers and such to use.
6081 * The device number is also found in pDevIns->iInstance, but since it's
6082 * likely to be freqently used PDM passes it as parameter.
6083 * @param pCfgHandle Configuration node handle for the device. Use this to obtain the configuration
6084 * of the device instance. It's also found in pDevIns->pCfgHandle, but like
6085 * iInstance it's expected to be used a bit in this function.
6086 */
6087static DECLCALLBACK(int) ataConstruct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfgHandle)
6088{
6089 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6090 PPDMIBASE pBase;
6091 int rc;
6092 bool fGCEnabled;
6093 bool fR0Enabled;
6094 uint32_t DelayIRQMillies;
6095
6096 Assert(iInstance == 0);
6097
6098 /*
6099 * Initialize NIL handle values (for the destructor).
6100 */
6101 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6102 {
6103 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6104 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6105 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
6106 }
6107
6108 /*
6109 * Validate and read configuration.
6110 */
6111 if (!CFGMR3AreValuesValid(pCfgHandle, "GCEnabled\0IRQDelay\0R0Enabled\0PIIX4\0"))
6112 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6113 N_("PIIX3 configuration error: unknown option specified"));
6114
6115 rc = CFGMR3QueryBoolDef(pCfgHandle, "GCEnabled", &fGCEnabled, true);
6116 if (RT_FAILURE(rc))
6117 return PDMDEV_SET_ERROR(pDevIns, rc,
6118 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6119 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6120
6121 rc = CFGMR3QueryBoolDef(pCfgHandle, "R0Enabled", &fR0Enabled, true);
6122 if (RT_FAILURE(rc))
6123 return PDMDEV_SET_ERROR(pDevIns, rc,
6124 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6125 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6126
6127 rc = CFGMR3QueryU32Def(pCfgHandle, "IRQDelay", &DelayIRQMillies, 0);
6128 if (RT_FAILURE(rc))
6129 return PDMDEV_SET_ERROR(pDevIns, rc,
6130 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6131 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6132 Assert(DelayIRQMillies < 50);
6133
6134 rc = CFGMR3QueryBoolDef(pCfgHandle, "PIIX4", &pThis->fPIIX4, false);
6135 if (RT_FAILURE(rc))
6136 return PDMDEV_SET_ERROR(pDevIns, rc,
6137 N_("PIIX3 configuration error: failed to read PIIX4 as boolean"));
6138 Log(("%s: fPIIX4=%d\n", __FUNCTION__, pThis->fPIIX4));
6139
6140 /*
6141 * Initialize data (most of it anyway).
6142 */
6143 /* Status LUN. */
6144 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6145 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6146
6147 /* PCI configuration space. */
6148 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6149 if (pThis->fPIIX4)
6150 {
6151 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6152 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6153 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6154 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6155 pThis->dev.config[0x4B] = 0x00;
6156 }
6157 else
6158 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6159 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6160 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6161 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6162 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6163 PCIDevSetHeaderType(&pThis->dev, 0x00);
6164
6165 pThis->pDevIns = pDevIns;
6166 pThis->fGCEnabled = fGCEnabled;
6167 pThis->fR0Enabled = fR0Enabled;
6168 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6169 {
6170 pThis->aCts[i].pDevInsR3 = pDevIns;
6171 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6172 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6173 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6174 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6175 {
6176 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6177
6178 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6179 pIf->pDevInsR3 = pDevIns;
6180 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6181 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6182 pIf->pControllerR3 = &pThis->aCts[i];
6183 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6184 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6185 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6186 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6187 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6188 pIf->Led.u32Magic = PDMLED_MAGIC;
6189 }
6190 }
6191
6192 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6193 pThis->aCts[0].irq = 14;
6194 pThis->aCts[0].IOPortBase1 = 0x1f0;
6195 pThis->aCts[0].IOPortBase2 = 0x3f6;
6196 pThis->aCts[1].irq = 15;
6197 pThis->aCts[1].IOPortBase1 = 0x170;
6198 pThis->aCts[1].IOPortBase2 = 0x376;
6199
6200 /*
6201 * Register the PCI device.
6202 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6203 * device the slot next to itself.
6204 */
6205 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6206 if (RT_FAILURE(rc))
6207 return PDMDEV_SET_ERROR(pDevIns, rc,
6208 N_("PIIX3 cannot register PCI device"));
6209 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6210 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6211 if (RT_FAILURE(rc))
6212 return PDMDEV_SET_ERROR(pDevIns, rc,
6213 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6214
6215 /*
6216 * Register the I/O ports.
6217 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6218 */
6219 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6220 {
6221 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6222 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6223 if (RT_FAILURE(rc))
6224 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6225
6226 if (fGCEnabled)
6227 {
6228 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6229 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6230 if (RT_FAILURE(rc))
6231 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6232 }
6233
6234 if (fR0Enabled)
6235 {
6236#if 1
6237 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6238 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6239#else
6240 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6241 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6242#endif
6243 if (RT_FAILURE(rc))
6244 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6245 }
6246
6247 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6248 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6249 if (RT_FAILURE(rc))
6250 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6251
6252 if (fGCEnabled)
6253 {
6254 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6255 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6256 if (RT_FAILURE(rc))
6257 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6258 }
6259 if (fR0Enabled)
6260 {
6261 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6262 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6263 if (RT_FAILURE(rc))
6264 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6265 }
6266
6267 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6268 {
6269 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6270 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA DMA transfers.", "/Devices/ATA%d/Unit%d/DMA", i, j);
6271 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA PIO transfers.", "/Devices/ATA%d/Unit%d/PIO", i, j);
6272 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI DMA transfers.", "/Devices/ATA%d/Unit%d/AtapiDMA", i, j);
6273 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI PIO transfers.", "/Devices/ATA%d/Unit%d/AtapiPIO", i, j);
6274#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6275 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the read operations.", "/Devices/ATA%d/Unit%d/Reads", i, j);
6276#endif
6277 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data read.", "/Devices/ATA%d/Unit%d/ReadBytes", i, j);
6278#ifdef VBOX_INSTRUMENT_DMA_WRITES
6279 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the VD DMA write operations.","/Devices/ATA%d/Unit%d/InstrVDWrites", i, j);
6280#endif
6281#ifdef VBOX_WITH_STATISTICS
6282 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the write operations.","/Devices/ATA%d/Unit%d/Writes", i, j);
6283#endif
6284 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data written.", "/Devices/ATA%d/Unit%d/WrittenBytes", i, j);
6285#ifdef VBOX_WITH_STATISTICS
6286 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the flush operations.","/Devices/ATA%d/Unit%d/Flushes", i, j);
6287#endif
6288 }
6289#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6290 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "The number of async operations.", "/Devices/ATA%d/Async/Operations", i);
6291 /** @todo STAMUNIT_MICROSECS */
6292 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Minimum wait in microseconds.", "/Devices/ATA%d/Async/MinWait", i);
6293 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Maximum wait in microseconds.", "/Devices/ATA%d/Async/MaxWait", i);
6294 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Total time spent in microseconds.","/Devices/ATA%d/Async/TotalTimeUS", i);
6295 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of async operations.", "/Devices/ATA%d/Async/Time", i);
6296 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of locks.", "/Devices/ATA%d/Async/LockWait", i);
6297#endif /* VBOX_WITH_STATISTICS */
6298
6299 /* Initialize per-controller critical section */
6300 char szName[24];
6301 RTStrPrintf(szName, sizeof(szName), "ATA%d", i);
6302 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, szName);
6303 if (RT_FAILURE(rc))
6304 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6305 }
6306
6307 /*
6308 * Attach status driver (optional).
6309 */
6310 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6311 if (RT_SUCCESS(rc))
6312 pThis->pLedsConnector = (PDMILEDCONNECTORS *)pBase->pfnQueryInterface(pBase, PDMINTERFACE_LED_CONNECTORS);
6313 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6314 {
6315 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6316 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6317 }
6318
6319 /*
6320 * Attach the units.
6321 */
6322 uint32_t cbTotalBuffer = 0;
6323 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6324 {
6325 PATACONTROLLER pCtl = &pThis->aCts[i];
6326
6327 /*
6328 * Start the worker thread.
6329 */
6330 pCtl->uAsyncIOState = ATA_AIO_NEW;
6331 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6332 AssertRC(rc);
6333 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6334 AssertRC(rc);
6335 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6336 AssertRC(rc);
6337 ataAsyncIOClearRequests(pCtl);
6338 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024, RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6339 AssertRC(rc);
6340 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6341 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6342
6343 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6344 {
6345 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6346 {
6347 { "Primary Master", "Primary Slave" },
6348 { "Secondary Master", "Secondary Slave" }
6349 };
6350
6351 /*
6352 * Try attach the block device and get the interfaces,
6353 * required as well as optional.
6354 */
6355 ATADevState *pIf = &pCtl->aIfs[j];
6356
6357 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6358 if (RT_SUCCESS(rc))
6359 {
6360 rc = ataConfigLun(pDevIns, pIf);
6361 if (RT_SUCCESS(rc))
6362 {
6363 /*
6364 * Init vendor product data.
6365 */
6366 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6367 {
6368 { "PrimaryMaster", "PrimarySlave" },
6369 { "SecondaryMaster", "SecondarySlave" }
6370 };
6371
6372 /* Generate a default serial number. */
6373 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6374 RTUUID Uuid;
6375 if (pIf->pDrvBlock)
6376 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6377 else
6378 RTUuidClear(&Uuid);
6379
6380 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6381 {
6382 /* Generate a predictable serial for drives which don't have a UUID. */
6383 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6384 pIf->iLUN + pDevIns->iInstance * 32,
6385 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6386 }
6387 else
6388 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6389
6390 /* Get user config if present using defaults otherwise. */
6391 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfgHandle, s_apszCFGMKeys[i][j]);
6392 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6393 szSerial);
6394 if (RT_FAILURE(rc))
6395 {
6396 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6397 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6398 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6399 return PDMDEV_SET_ERROR(pDevIns, rc,
6400 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6401 }
6402
6403 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6404 "1.0");
6405 if (RT_FAILURE(rc))
6406 {
6407 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6408 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6409 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6410 return PDMDEV_SET_ERROR(pDevIns, rc,
6411 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6412 }
6413
6414 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
6415 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
6416 if (RT_FAILURE(rc))
6417 {
6418 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6419 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6420 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6421 return PDMDEV_SET_ERROR(pDevIns, rc,
6422 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6423 }
6424 }
6425
6426 }
6427 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6428 {
6429 pIf->pDrvBase = NULL;
6430 pIf->pDrvBlock = NULL;
6431 pIf->cbIOBuffer = 0;
6432 pIf->pbIOBufferR3 = NULL;
6433 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6434 pIf->pbIOBufferRC = NIL_RTGCPTR;
6435 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6436 }
6437 else
6438 {
6439 switch (rc)
6440 {
6441 case VERR_ACCESS_DENIED:
6442 /* Error already catched by DrvHostBase */
6443 return rc;
6444 default:
6445 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6446 N_("PIIX3 cannot attach drive to the %s"),
6447 s_apszDescs[i][j]);
6448 }
6449 }
6450 cbTotalBuffer += pIf->cbIOBuffer;
6451 }
6452 }
6453
6454 rc = PDMDevHlpSSMRegister(pDevIns, pDevIns->pDevReg->szDeviceName, iInstance,
6455 ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer,
6456 ataSaveLoadPrep, ataSaveExec, NULL,
6457 ataSaveLoadPrep, ataLoadExec, NULL);
6458 if (RT_FAILURE(rc))
6459 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6460
6461 /*
6462 * Initialize the device state.
6463 */
6464 ataReset(pDevIns);
6465
6466 return VINF_SUCCESS;
6467}
6468
6469
6470/**
6471 * The device registration structure.
6472 */
6473const PDMDEVREG g_DevicePIIX3IDE =
6474{
6475 /* u32Version */
6476 PDM_DEVREG_VERSION,
6477 /* szDeviceName */
6478 "piix3ide",
6479 /* szRCMod */
6480 "VBoxDDGC.gc",
6481 /* szR0Mod */
6482 "VBoxDDR0.r0",
6483 /* pszDescription */
6484 "Intel PIIX3 ATA controller.\n"
6485 " LUN #0 is primary master.\n"
6486 " LUN #1 is primary slave.\n"
6487 " LUN #2 is secondary master.\n"
6488 " LUN #3 is secondary slave.\n"
6489 " LUN #999 is the LED/Status connector.",
6490 /* fFlags */
6491 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
6492 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
6493 /* fClass */
6494 PDM_DEVREG_CLASS_STORAGE,
6495 /* cMaxInstances */
6496 1,
6497 /* cbInstance */
6498 sizeof(PCIATAState),
6499 /* pfnConstruct */
6500 ataConstruct,
6501 /* pfnDestruct */
6502 ataDestruct,
6503 /* pfnRelocate */
6504 ataRelocate,
6505 /* pfnIOCtl */
6506 NULL,
6507 /* pfnPowerOn */
6508 NULL,
6509 /* pfnReset */
6510 ataReset,
6511 /* pfnSuspend */
6512 ataSuspend,
6513 /* pfnResume */
6514 ataResume,
6515 /* pfnAttach */
6516 ataAttach,
6517 /* pfnDetach */
6518 ataDetach,
6519 /* pfnQueryInterface. */
6520 NULL,
6521 /* pfnInitComplete */
6522 NULL,
6523 /* pfnPowerOff */
6524 ataPowerOff,
6525 /* pfnSoftReset */
6526 NULL,
6527 /* u32VersionEnd */
6528 PDM_DEVREG_VERSION
6529};
6530#endif /* IN_RING3 */
6531#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
6532
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette