VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 16827

Last change on this file since 16827 was 16745, checked in by vboxsync, 16 years ago

add rudimentary support for ICH6 IDE controller
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 248.9 KB
Line 
1/* $Id: DevATA.cpp 16745 2009-02-13 15:53:00Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/**
30 * The SSM saved state versions.
31 */
32#define ATA_SAVED_STATE_VERSION 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/stam.h>
55#include <VBox/mm.h>
56#include <VBox/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "../Builtins.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99
100/**
101 * Length of the configurable VPD data (without termination)
102 */
103#define ATA_SERIAL_NUMBER_LENGTH 20
104#define ATA_FIRMWARE_REVISION_LENGTH 8
105#define ATA_MODEL_NUMBER_LENGTH 40
106
107/*******************************************************************************
108* Structures and Typedefs *
109*******************************************************************************/
110typedef struct ATADevState {
111 /** Flag indicating whether the current command uses LBA48 mode. */
112 bool fLBA48;
113 /** Flag indicating whether this drive implements the ATAPI command set. */
114 bool fATAPI;
115 /** Set if this interface has asserted the IRQ. */
116 bool fIrqPending;
117 /** Currently configured number of sectors in a multi-sector transfer. */
118 uint8_t cMultSectors;
119 /** PCHS disk geometry. */
120 PDMMEDIAGEOMETRY PCHSGeometry;
121 /** Total number of sectors on this disk. */
122 uint64_t cTotalSectors;
123 /** Number of sectors to transfer per IRQ. */
124 uint32_t cSectorsPerIRQ;
125
126 /** ATA/ATAPI register 1: feature (write-only). */
127 uint8_t uATARegFeature;
128 /** ATA/ATAPI register 1: feature, high order byte. */
129 uint8_t uATARegFeatureHOB;
130 /** ATA/ATAPI register 1: error (read-only). */
131 uint8_t uATARegError;
132 /** ATA/ATAPI register 2: sector count (read/write). */
133 uint8_t uATARegNSector;
134 /** ATA/ATAPI register 2: sector count, high order byte. */
135 uint8_t uATARegNSectorHOB;
136 /** ATA/ATAPI register 3: sector (read/write). */
137 uint8_t uATARegSector;
138 /** ATA/ATAPI register 3: sector, high order byte. */
139 uint8_t uATARegSectorHOB;
140 /** ATA/ATAPI register 4: cylinder low (read/write). */
141 uint8_t uATARegLCyl;
142 /** ATA/ATAPI register 4: cylinder low, high order byte. */
143 uint8_t uATARegLCylHOB;
144 /** ATA/ATAPI register 5: cylinder high (read/write). */
145 uint8_t uATARegHCyl;
146 /** ATA/ATAPI register 5: cylinder high, high order byte. */
147 uint8_t uATARegHCylHOB;
148 /** ATA/ATAPI register 6: select drive/head (read/write). */
149 uint8_t uATARegSelect;
150 /** ATA/ATAPI register 7: status (read-only). */
151 uint8_t uATARegStatus;
152 /** ATA/ATAPI register 7: command (write-only). */
153 uint8_t uATARegCommand;
154 /** ATA/ATAPI drive control register (write-only). */
155 uint8_t uATARegDevCtl;
156
157 /** Currently active transfer mode (MDMA/UDMA) and speed. */
158 uint8_t uATATransferMode;
159 /** Current transfer direction. */
160 uint8_t uTxDir;
161 /** Index of callback for begin transfer. */
162 uint8_t iBeginTransfer;
163 /** Index of callback for source/sink of data. */
164 uint8_t iSourceSink;
165 /** Flag indicating whether the current command transfers data in DMA mode. */
166 bool fDMA;
167 /** Set to indicate that ATAPI transfer semantics must be used. */
168 bool fATAPITransfer;
169
170 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
171 uint32_t cbTotalTransfer;
172 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
173 uint32_t cbElementaryTransfer;
174 /** Current read/write buffer position, shared PIO/DMA. */
175 uint32_t iIOBufferCur;
176 /** First element beyond end of valid buffer content, shared PIO/DMA. */
177 uint32_t iIOBufferEnd;
178
179 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
180 uint32_t iIOBufferPIODataStart;
181 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
182 uint32_t iIOBufferPIODataEnd;
183
184 /** ATAPI current LBA position. */
185 uint32_t iATAPILBA;
186 /** ATAPI current sector size. */
187 uint32_t cbATAPISector;
188 /** ATAPI current command. */
189 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
190 /** ATAPI sense data. */
191 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
192 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
193 uint8_t cNotifiedMediaChange;
194 /** The same for GET_EVENT_STATUS for mechanism */
195 volatile uint32_t MediaEventStatus;
196
197 uint32_t Alignment0;
198
199 /** The status LED state for this drive. */
200 PDMLED Led;
201
202 /** Size of I/O buffer. */
203 uint32_t cbIOBuffer;
204 /** Pointer to the I/O buffer. */
205 R3PTRTYPE(uint8_t *) pbIOBufferR3;
206 /** Pointer to the I/O buffer. */
207 R0PTRTYPE(uint8_t *) pbIOBufferR0;
208 /** Pointer to the I/O buffer. */
209 RCPTRTYPE(uint8_t *) pbIOBufferRC;
210
211 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
212
213 /*
214 * No data that is part of the saved state after this point!!!!!
215 */
216
217 /* Release statistics: number of ATA DMA commands. */
218 STAMCOUNTER StatATADMA;
219 /* Release statistics: number of ATA PIO commands. */
220 STAMCOUNTER StatATAPIO;
221 /* Release statistics: number of ATAPI PIO commands. */
222 STAMCOUNTER StatATAPIDMA;
223 /* Release statistics: number of ATAPI PIO commands. */
224 STAMCOUNTER StatATAPIPIO;
225#ifdef VBOX_INSTRUMENT_DMA_WRITES
226 /* Release statistics: number of DMA sector writes and the time spent. */
227 STAMPROFILEADV StatInstrVDWrites;
228#endif
229
230 /** Statistics: number of read operations and the time spent reading. */
231 STAMPROFILEADV StatReads;
232 /** Statistics: number of bytes read. */
233 STAMCOUNTER StatBytesRead;
234 /** Statistics: number of write operations and the time spent writing. */
235 STAMPROFILEADV StatWrites;
236 /** Statistics: number of bytes written. */
237 STAMCOUNTER StatBytesWritten;
238 /** Statistics: number of flush operations and the time spend flushing. */
239 STAMPROFILE StatFlushes;
240
241 /** Enable passing through commands directly to the ATAPI drive. */
242 bool fATAPIPassthrough;
243 /** Number of errors we've reported to the release log.
244 * This is to prevent flooding caused by something going horribly wrong.
245 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
246 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
247 uint32_t cErrors;
248 /** Timestamp of last started command. 0 if no command pending. */
249 uint64_t u64CmdTS;
250
251 /** Pointer to the attached driver's base interface. */
252 R3PTRTYPE(PPDMIBASE) pDrvBase;
253 /** Pointer to the attached driver's block interface. */
254 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
255 /** Pointer to the attached driver's block bios interface. */
256 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
257 /** Pointer to the attached driver's mount interface.
258 * This is NULL if the driver isn't a removable unit. */
259 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
260 /** The base interface. */
261 PDMIBASE IBase;
262 /** The block port interface. */
263 PDMIBLOCKPORT IPort;
264 /** The mount notify interface. */
265 PDMIMOUNTNOTIFY IMountNotify;
266 /** The LUN #. */
267 RTUINT iLUN;
268#if HC_ARCH_BITS == 64
269 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
270#endif
271 /** Pointer to device instance. */
272 PPDMDEVINSR3 pDevInsR3;
273 /** Pointer to controller instance. */
274 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
275 /** Pointer to device instance. */
276 PPDMDEVINSR0 pDevInsR0;
277 /** Pointer to controller instance. */
278 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
279 /** Pointer to device instance. */
280 PPDMDEVINSRC pDevInsRC;
281 /** Pointer to controller instance. */
282 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
283
284 /** The serial numnber to use for IDENTIFY DEVICE commands. */
285 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
286 /** The firmware revision to use for IDENTIFY DEVICE commands. */
287 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
288 /** The model number to use for IDENTIFY DEVICE commands. */
289 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
290
291#if HC_ARCH_BITS == 64
292 uint32_t Alignment3[2];
293#endif
294} ATADevState;
295
296
297typedef struct ATATransferRequest
298{
299 uint8_t iIf;
300 uint8_t iBeginTransfer;
301 uint8_t iSourceSink;
302 uint32_t cbTotalTransfer;
303 uint8_t uTxDir;
304} ATATransferRequest;
305
306
307typedef struct ATAAbortRequest
308{
309 uint8_t iIf;
310 bool fResetDrive;
311} ATAAbortRequest;
312
313
314typedef enum
315{
316 /** Begin a new transfer. */
317 ATA_AIO_NEW = 0,
318 /** Continue a DMA transfer. */
319 ATA_AIO_DMA,
320 /** Continue a PIO transfer. */
321 ATA_AIO_PIO,
322 /** Reset the drives on current controller, stop all transfer activity. */
323 ATA_AIO_RESET_ASSERTED,
324 /** Reset the drives on current controller, resume operation. */
325 ATA_AIO_RESET_CLEARED,
326 /** Abort the current transfer of a particular drive. */
327 ATA_AIO_ABORT
328} ATAAIO;
329
330
331typedef struct ATARequest
332{
333 ATAAIO ReqType;
334 union
335 {
336 ATATransferRequest t;
337 ATAAbortRequest a;
338 } u;
339} ATARequest;
340
341
342typedef struct ATACONTROLLER
343{
344 /** The base of the first I/O Port range. */
345 RTIOPORT IOPortBase1;
346 /** The base of the second I/O Port range. (0 if none) */
347 RTIOPORT IOPortBase2;
348 /** The assigned IRQ. */
349 RTUINT irq;
350 /** Access critical section */
351 PDMCRITSECT lock;
352
353 /** Selected drive. */
354 uint8_t iSelectedIf;
355 /** The interface on which to handle async I/O. */
356 uint8_t iAIOIf;
357 /** The state of the async I/O thread. */
358 uint8_t uAsyncIOState;
359 /** Flag indicating whether the next transfer is part of the current command. */
360 bool fChainedTransfer;
361 /** Set when the reset processing is currently active on this controller. */
362 bool fReset;
363 /** Flag whether the current transfer needs to be redone. */
364 bool fRedo;
365 /** Flag whether the redo suspend has been finished. */
366 bool fRedoIdle;
367 /** Flag whether the DMA operation to be redone is the final transfer. */
368 bool fRedoDMALastDesc;
369 /** The BusMaster DMA state. */
370 BMDMAState BmDma;
371 /** Pointer to first DMA descriptor. */
372 RTGCPHYS32 pFirstDMADesc;
373 /** Pointer to last DMA descriptor. */
374 RTGCPHYS32 pLastDMADesc;
375 /** Pointer to current DMA buffer (for redo operations). */
376 RTGCPHYS32 pRedoDMABuffer;
377 /** Size of current DMA buffer (for redo operations). */
378 uint32_t cbRedoDMABuffer;
379
380 /** The ATA/ATAPI interfaces of this controller. */
381 ATADevState aIfs[2];
382
383 /** Pointer to device instance. */
384 PPDMDEVINSR3 pDevInsR3;
385 /** Pointer to device instance. */
386 PPDMDEVINSR0 pDevInsR0;
387 /** Pointer to device instance. */
388 PPDMDEVINSRC pDevInsRC;
389
390 /** Set when the destroying the device instance and the thread must exit. */
391 uint32_t volatile fShutdown;
392 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
393 RTTHREAD AsyncIOThread;
394 /** The event semaphore the thread is waiting on for requests. */
395 RTSEMEVENT AsyncIOSem;
396 /** The request queue for the AIO thread. One element is always unused. */
397 ATARequest aAsyncIORequests[4];
398 /** The position at which to insert a new request for the AIO thread. */
399 uint8_t AsyncIOReqHead;
400 /** The position at which to get a new request for the AIO thread. */
401 uint8_t AsyncIOReqTail;
402 uint8_t Alignment3[2]; /**< Explicit padding of the 2 byte gap. */
403 /** Magic delay before triggering interrupts in DMA mode. */
404 uint32_t DelayIRQMillies;
405 /** The mutex protecting the request queue. */
406 RTSEMMUTEX AsyncIORequestMutex;
407 /** The event semaphore the thread is waiting on during suspended I/O. */
408 RTSEMEVENT SuspendIOSem;
409#if 0 /*HC_ARCH_BITS == 32*/
410 uint32_t Alignment0;
411#endif
412
413 /** Timestamp we started the reset. */
414 uint64_t u64ResetTime;
415
416 /* Statistics */
417 STAMCOUNTER StatAsyncOps;
418 uint64_t StatAsyncMinWait;
419 uint64_t StatAsyncMaxWait;
420 STAMCOUNTER StatAsyncTimeUS;
421 STAMPROFILEADV StatAsyncTime;
422 STAMPROFILE StatLockWait;
423} ATACONTROLLER, *PATACONTROLLER;
424
425typedef enum CHIPSET
426{
427 /** PIIX3 chipset, must be 0 for saved state compatibility */
428 CHIPSET_PIIX3 = 0,
429 /** PIIX4 chipset, must be 1 for saved state compatibility */
430 CHIPSET_PIIX4 = 1,
431 /** ICH6 chipset */
432 CHIPSET_ICH6 = 2
433} CHIPSET;
434
435typedef struct PCIATAState {
436 PCIDEVICE dev;
437 /** The controllers. */
438 ATACONTROLLER aCts[2];
439 /** Pointer to device instance. */
440 PPDMDEVINSR3 pDevIns;
441 /** Status Port - Base interface. */
442 PDMIBASE IBase;
443 /** Status Port - Leds interface. */
444 PDMILEDPORTS ILeds;
445 /** Partner of ILeds. */
446 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
447 /** Flag whether GC is enabled. */
448 bool fGCEnabled;
449 /** Flag whether R0 is enabled. */
450 bool fR0Enabled;
451 /** Flag indicating chipset being emulated. */
452 uint8_t u8Type;
453 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
454} PCIATAState;
455
456#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
457#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
458#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
459#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
460#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
461#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
462
463#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
464
465#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
466#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
467#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
468#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
469
470#ifndef VBOX_DEVICE_STRUCT_TESTCASE
471/*******************************************************************************
472 * Internal Functions *
473 ******************************************************************************/
474__BEGIN_DECLS
475PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
476PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
477PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
478PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
479PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
480PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
481PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
482PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
483__END_DECLS
484
485
486
487DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
488{
489 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
490
491 /* Freeze status register contents while processing RESET. */
492 if (!pCtl->fReset)
493 {
494 s->uATARegStatus = stat;
495 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
496 }
497}
498
499
500DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
501{
502 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
503
504 /* Freeze status register contents while processing RESET. */
505 if (!pCtl->fReset)
506 {
507 s->uATARegStatus |= stat;
508 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
509 }
510}
511
512
513DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
514{
515 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
516
517 /* Freeze status register contents while processing RESET. */
518 if (!pCtl->fReset)
519 {
520 s->uATARegStatus &= ~stat;
521 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
522 }
523}
524
525#ifdef IN_RING3
526
527typedef void (*PBeginTransferFunc)(ATADevState *);
528typedef bool (*PSourceSinkFunc)(ATADevState *);
529
530static void ataReadWriteSectorsBT(ATADevState *);
531static void ataPacketBT(ATADevState *);
532static void atapiCmdBT(ATADevState *);
533static void atapiPassthroughCmdBT(ATADevState *);
534
535static bool ataIdentifySS(ATADevState *);
536static bool ataFlushSS(ATADevState *);
537static bool ataReadSectorsSS(ATADevState *);
538static bool ataWriteSectorsSS(ATADevState *);
539static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
540static bool ataPacketSS(ATADevState *);
541static bool atapiGetConfigurationSS(ATADevState *);
542static bool atapiGetEventStatusNotificationSS(ATADevState *);
543static bool atapiIdentifySS(ATADevState *);
544static bool atapiInquirySS(ATADevState *);
545static bool atapiMechanismStatusSS(ATADevState *);
546static bool atapiModeSenseErrorRecoverySS(ATADevState *);
547static bool atapiModeSenseCDStatusSS(ATADevState *);
548static bool atapiReadSS(ATADevState *);
549static bool atapiReadCapacitySS(ATADevState *);
550static bool atapiReadDiscInformationSS(ATADevState *);
551static bool atapiReadTOCNormalSS(ATADevState *);
552static bool atapiReadTOCMultiSS(ATADevState *);
553static bool atapiReadTOCRawSS(ATADevState *);
554static bool atapiReadTrackInformationSS(ATADevState *);
555static bool atapiRequestSenseSS(ATADevState *);
556static bool atapiPassthroughSS(ATADevState *);
557
558/**
559 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
560 */
561typedef enum ATAFNBT
562{
563 ATAFN_BT_NULL = 0,
564 ATAFN_BT_READ_WRITE_SECTORS,
565 ATAFN_BT_PACKET,
566 ATAFN_BT_ATAPI_CMD,
567 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
568 ATAFN_BT_MAX
569} ATAFNBT;
570
571/**
572 * Array of end transfer functions, the index is ATAFNET.
573 * Make sure ATAFNET and this array match!
574 */
575static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
576{
577 NULL,
578 ataReadWriteSectorsBT,
579 ataPacketBT,
580 atapiCmdBT,
581 atapiPassthroughCmdBT,
582};
583
584/**
585 * Source/sink function indexes for g_apfnSourceSinkFuncs.
586 */
587typedef enum ATAFNSS
588{
589 ATAFN_SS_NULL = 0,
590 ATAFN_SS_IDENTIFY,
591 ATAFN_SS_FLUSH,
592 ATAFN_SS_READ_SECTORS,
593 ATAFN_SS_WRITE_SECTORS,
594 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
595 ATAFN_SS_PACKET,
596 ATAFN_SS_ATAPI_GET_CONFIGURATION,
597 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
598 ATAFN_SS_ATAPI_IDENTIFY,
599 ATAFN_SS_ATAPI_INQUIRY,
600 ATAFN_SS_ATAPI_MECHANISM_STATUS,
601 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
602 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
603 ATAFN_SS_ATAPI_READ,
604 ATAFN_SS_ATAPI_READ_CAPACITY,
605 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
606 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
607 ATAFN_SS_ATAPI_READ_TOC_MULTI,
608 ATAFN_SS_ATAPI_READ_TOC_RAW,
609 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
610 ATAFN_SS_ATAPI_REQUEST_SENSE,
611 ATAFN_SS_ATAPI_PASSTHROUGH,
612 ATAFN_SS_MAX
613} ATAFNSS;
614
615/**
616 * Array of source/sink functions, the index is ATAFNSS.
617 * Make sure ATAFNSS and this array match!
618 */
619static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
620{
621 NULL,
622 ataIdentifySS,
623 ataFlushSS,
624 ataReadSectorsSS,
625 ataWriteSectorsSS,
626 ataExecuteDeviceDiagnosticSS,
627 ataPacketSS,
628 atapiGetConfigurationSS,
629 atapiGetEventStatusNotificationSS,
630 atapiIdentifySS,
631 atapiInquirySS,
632 atapiMechanismStatusSS,
633 atapiModeSenseErrorRecoverySS,
634 atapiModeSenseCDStatusSS,
635 atapiReadSS,
636 atapiReadCapacitySS,
637 atapiReadDiscInformationSS,
638 atapiReadTOCNormalSS,
639 atapiReadTOCMultiSS,
640 atapiReadTOCRawSS,
641 atapiReadTrackInformationSS,
642 atapiRequestSenseSS,
643 atapiPassthroughSS
644};
645
646
647static const ATARequest ataDMARequest = { ATA_AIO_DMA, };
648static const ATARequest ataPIORequest = { ATA_AIO_PIO, };
649static const ATARequest ataResetARequest = { ATA_AIO_RESET_ASSERTED, };
650static const ATARequest ataResetCRequest = { ATA_AIO_RESET_CLEARED, };
651
652
653static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
654{
655 int rc;
656
657 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
658 AssertRC(rc);
659 pCtl->AsyncIOReqHead = 0;
660 pCtl->AsyncIOReqTail = 0;
661 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
662 AssertRC(rc);
663}
664
665
666static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
667{
668 int rc;
669
670 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
671 AssertRC(rc);
672 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
673 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
674 pCtl->AsyncIOReqHead++;
675 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
676 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
677 AssertRC(rc);
678 LogBird(("ata: %x: signalling\n", pCtl->IOPortBase1));
679 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
680 if (RT_FAILURE(rc))
681 {
682 LogBird(("ata: %x: schedule failed, rc=%Rrc\n", pCtl->IOPortBase1, rc));
683 rc = RTSemEventSignal(pCtl->AsyncIOSem);
684 AssertRC(rc);
685 }
686}
687
688
689static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
690{
691 int rc;
692 const ATARequest *pReq;
693
694 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
695 AssertRC(rc);
696 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
697 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
698 else
699 pReq = NULL;
700 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
701 AssertRC(rc);
702 return pReq;
703}
704
705
706/**
707 * Remove the request with the given type, as it's finished. The request
708 * is not removed blindly, as this could mean a RESET request that is not
709 * yet processed (but has cleared the request queue) is lost.
710 *
711 * @param pCtl Controller for which to remove the request.
712 * @param ReqType Type of the request to remove.
713 */
714static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
715{
716 int rc;
717
718 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
719 AssertRC(rc);
720 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
721 {
722 pCtl->AsyncIOReqTail++;
723 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
724 }
725 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
726 AssertRC(rc);
727}
728
729
730/**
731 * Dump the request queue for a particular controller. First dump the queue
732 * contents, then the already processed entries, as long as they haven't been
733 * overwritten.
734 *
735 * @param pCtl Controller for which to dump the queue.
736 */
737static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
738{
739 int rc;
740 uint8_t curr;
741
742 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
743 AssertRC(rc);
744 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
745 curr = pCtl->AsyncIOReqTail;
746 do
747 {
748 if (curr == pCtl->AsyncIOReqHead)
749 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
750 switch (pCtl->aAsyncIORequests[curr].ReqType)
751 {
752 case ATA_AIO_NEW:
753 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
754 break;
755 case ATA_AIO_DMA:
756 LogRel(("dma transfer finished\n"));
757 break;
758 case ATA_AIO_PIO:
759 LogRel(("pio transfer finished\n"));
760 break;
761 case ATA_AIO_RESET_ASSERTED:
762 LogRel(("reset asserted request\n"));
763 break;
764 case ATA_AIO_RESET_CLEARED:
765 LogRel(("reset cleared request\n"));
766 break;
767 case ATA_AIO_ABORT:
768 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
769 break;
770 default:
771 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
772 }
773 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
774 } while (curr != pCtl->AsyncIOReqTail);
775 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
776 AssertRC(rc);
777}
778
779
780/**
781 * Checks whether the request queue for a particular controller is empty
782 * or whether a particular controller is idle.
783 *
784 * @param pCtl Controller for which to check the queue.
785 * @param fStrict If set then the controller is checked to be idle.
786 */
787static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
788{
789 int rc;
790 bool fIdle;
791
792 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
793 AssertRC(rc);
794 fIdle = pCtl->fRedoIdle;
795 if (!fIdle)
796 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
797 if (fStrict)
798 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
799 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
800 AssertRC(rc);
801 return fIdle;
802}
803
804
805/**
806 * Send a transfer request to the async I/O thread.
807 *
808 * @param s Pointer to the ATA device state data.
809 * @param cbTotalTransfer Data transfer size.
810 * @param uTxDir Data transfer direction.
811 * @param iBeginTransfer Index of BeginTransfer callback.
812 * @param iSourceSink Index of SourceSink callback.
813 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
814 */
815static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
816{
817 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
818 ATARequest Req;
819
820 Assert(PDMCritSectIsOwner(&pCtl->lock));
821
822 /* Do not issue new requests while the RESET line is asserted. */
823 if (pCtl->fReset)
824 {
825 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
826 return;
827 }
828
829 /* If the controller is already doing something else right now, ignore
830 * the command that is being submitted. Some broken guests issue commands
831 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
832 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true))
833 {
834 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
835 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
836 return;
837 }
838
839 Req.ReqType = ATA_AIO_NEW;
840 if (fChainedTransfer)
841 Req.u.t.iIf = pCtl->iAIOIf;
842 else
843 Req.u.t.iIf = pCtl->iSelectedIf;
844 Req.u.t.cbTotalTransfer = cbTotalTransfer;
845 Req.u.t.uTxDir = uTxDir;
846 Req.u.t.iBeginTransfer = iBeginTransfer;
847 Req.u.t.iSourceSink = iSourceSink;
848 ataSetStatusValue(s, ATA_STAT_BUSY);
849 pCtl->fChainedTransfer = fChainedTransfer;
850
851 /*
852 * Kick the worker thread into action.
853 */
854 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
855 ataAsyncIOPutRequest(pCtl, &Req);
856}
857
858
859/**
860 * Send an abort command request to the async I/O thread.
861 *
862 * @param s Pointer to the ATA device state data.
863 * @param fResetDrive Whether to reset the drive or just abort a command.
864 */
865static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
866{
867 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
868 ATARequest Req;
869
870 Assert(PDMCritSectIsOwner(&pCtl->lock));
871
872 /* Do not issue new requests while the RESET line is asserted. */
873 if (pCtl->fReset)
874 {
875 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
876 return;
877 }
878
879 Req.ReqType = ATA_AIO_ABORT;
880 Req.u.a.iIf = pCtl->iSelectedIf;
881 Req.u.a.fResetDrive = fResetDrive;
882 ataSetStatus(s, ATA_STAT_BUSY);
883 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
884 ataAsyncIOPutRequest(pCtl, &Req);
885}
886
887
888static void ataSetIRQ(ATADevState *s)
889{
890 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
891 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
892
893 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
894 {
895 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
896 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
897 * line is asserted. It monitors the line for a rising edge. */
898 if (!s->fIrqPending)
899 pCtl->BmDma.u8Status |= BM_STATUS_INT;
900 /* Only actually set the IRQ line if updating the currently selected drive. */
901 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
902 {
903 /** @todo experiment with adaptive IRQ delivery: for reads it is
904 * better to wait for IRQ delivery, as it reduces latency. */
905 if (pCtl->irq == 16)
906 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
907 else
908 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
909 }
910 }
911 s->fIrqPending = true;
912}
913
914#endif /* IN_RING3 */
915
916static void ataUnsetIRQ(ATADevState *s)
917{
918 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
919 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
920
921 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
922 {
923 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
924 /* Only actually unset the IRQ line if updating the currently selected drive. */
925 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
926 {
927 if (pCtl->irq == 16)
928 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
929 else
930 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
931 }
932 }
933 s->fIrqPending = false;
934}
935
936#ifdef IN_RING3
937
938static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
939{
940 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
941 s->iIOBufferPIODataStart = start;
942 s->iIOBufferPIODataEnd = start + size;
943 ataSetStatus(s, ATA_STAT_DRQ);
944}
945
946
947static void ataPIOTransferStop(ATADevState *s)
948{
949 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
950 if (s->fATAPITransfer)
951 {
952 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
953 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
954 ataSetIRQ(s);
955 s->fATAPITransfer = false;
956 }
957 s->cbTotalTransfer = 0;
958 s->cbElementaryTransfer = 0;
959 s->iIOBufferPIODataStart = 0;
960 s->iIOBufferPIODataEnd = 0;
961 s->iBeginTransfer = ATAFN_BT_NULL;
962 s->iSourceSink = ATAFN_SS_NULL;
963}
964
965
966static void ataPIOTransferLimitATAPI(ATADevState *s)
967{
968 uint32_t cbLimit, cbTransfer;
969
970 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
971 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
972 if (cbLimit == 0)
973 cbLimit = 0xfffe;
974 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
975 if (cbLimit == 0xffff)
976 cbLimit--;
977 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
978 if (cbTransfer > cbLimit)
979 {
980 /* Byte count limit for clipping must be even in this case */
981 if (cbLimit & 1)
982 cbLimit--;
983 cbTransfer = cbLimit;
984 }
985 s->uATARegLCyl = cbTransfer;
986 s->uATARegHCyl = cbTransfer >> 8;
987 s->cbElementaryTransfer = cbTransfer;
988}
989
990
991static uint32_t ataGetNSectors(ATADevState *s)
992{
993 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
994 if (s->fLBA48)
995 {
996 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
997 return 65536;
998 else
999 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1000 }
1001 else
1002 {
1003 if (!s->uATARegNSector)
1004 return 256;
1005 else
1006 return s->uATARegNSector;
1007 }
1008}
1009
1010
1011static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1012{
1013 for (uint32_t i = 0; i < cbSize; i++)
1014 {
1015 if (*pbSrc)
1016 pbDst[i ^ 1] = *pbSrc++;
1017 else
1018 pbDst[i ^ 1] = ' ';
1019 }
1020}
1021
1022
1023static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1024{
1025 for (uint32_t i = 0; i < cbSize; i++)
1026 {
1027 if (*pbSrc)
1028 pbDst[i] = *pbSrc++;
1029 else
1030 pbDst[i] = ' ';
1031 }
1032}
1033
1034
1035DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1036{
1037 pbBuf[0] = val >> 8;
1038 pbBuf[1] = val;
1039}
1040
1041
1042DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1043{
1044 pbBuf[0] = val >> 16;
1045 pbBuf[1] = val >> 8;
1046 pbBuf[2] = val;
1047}
1048
1049
1050DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1051{
1052 pbBuf[0] = val >> 24;
1053 pbBuf[1] = val >> 16;
1054 pbBuf[2] = val >> 8;
1055 pbBuf[3] = val;
1056}
1057
1058
1059DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1060{
1061 return (pbBuf[0] << 8) | pbBuf[1];
1062}
1063
1064
1065DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1066{
1067 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1068}
1069
1070
1071DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1072{
1073 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1074}
1075
1076
1077DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1078{
1079 iATAPILBA += 150;
1080 pbBuf[0] = (iATAPILBA / 75) / 60;
1081 pbBuf[1] = (iATAPILBA / 75) % 60;
1082 pbBuf[2] = iATAPILBA % 75;
1083}
1084
1085
1086DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1087{
1088 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1089}
1090
1091
1092static void ataCmdOK(ATADevState *s, uint8_t status)
1093{
1094 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1095 ataSetStatusValue(s, ATA_STAT_READY | status);
1096}
1097
1098
1099static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1100{
1101 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1102 s->uATARegError = uErrorCode;
1103 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1104 s->cbTotalTransfer = 0;
1105 s->cbElementaryTransfer = 0;
1106 s->iIOBufferCur = 0;
1107 s->iIOBufferEnd = 0;
1108 s->uTxDir = PDMBLOCKTXDIR_NONE;
1109 s->iBeginTransfer = ATAFN_BT_NULL;
1110 s->iSourceSink = ATAFN_SS_NULL;
1111}
1112
1113
1114static bool ataIdentifySS(ATADevState *s)
1115{
1116 uint16_t *p;
1117
1118 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1119 Assert(s->cbElementaryTransfer == 512);
1120
1121 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1122 memset(p, 0, 512);
1123 p[0] = RT_H2LE_U16(0x0040);
1124 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1125 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1126 /* Block size; obsolete, but required for the BIOS. */
1127 p[5] = RT_H2LE_U16(512);
1128 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1129 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1130 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1131 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1132 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1133 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1134 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1135#if ATA_MAX_MULT_SECTORS > 1
1136 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1137#endif
1138 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1139 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1140 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1141 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1142 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1143 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1144 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1145 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1146 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1147 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1148 * s->PCHSGeometry.cHeads
1149 * s->PCHSGeometry.cSectors);
1150 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1151 * s->PCHSGeometry.cHeads
1152 * s->PCHSGeometry.cSectors >> 16);
1153 if (s->cMultSectors)
1154 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1155 if (s->cTotalSectors <= (1 << 28) - 1)
1156 {
1157 p[60] = RT_H2LE_U16(s->cTotalSectors);
1158 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1159 }
1160 else
1161 {
1162 /* Report maximum number of sectors possible with LBA28 */
1163 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1164 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1165 }
1166 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1167 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1168 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1169 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1170 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1171 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1172 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1173 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1174 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1175 if (s->cTotalSectors <= (1 << 28) - 1)
1176 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1177 else
1178 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1179 p[84] = RT_H2LE_U16(1 << 14);
1180 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1181 if (s->cTotalSectors <= (1 << 28) - 1)
1182 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1183 else
1184 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1185 p[87] = RT_H2LE_U16(1 << 14);
1186 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1187 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1188 if (s->cTotalSectors > (1 << 28) - 1)
1189 {
1190 p[100] = RT_H2LE_U16(s->cTotalSectors);
1191 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1192 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1193 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1194 }
1195 s->iSourceSink = ATAFN_SS_NULL;
1196 ataCmdOK(s, ATA_STAT_SEEK);
1197 return false;
1198}
1199
1200
1201static bool ataFlushSS(ATADevState *s)
1202{
1203 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1204 int rc;
1205
1206 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1207 Assert(!s->cbElementaryTransfer);
1208
1209 PDMCritSectLeave(&pCtl->lock);
1210
1211 STAM_PROFILE_START(&s->StatFlushes, f);
1212 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1213 AssertRC(rc);
1214 STAM_PROFILE_STOP(&s->StatFlushes, f);
1215
1216 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1217 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1218 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1219 ataCmdOK(s, 0);
1220 return false;
1221}
1222
1223
1224static bool atapiIdentifySS(ATADevState *s)
1225{
1226 uint16_t *p;
1227
1228 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1229 Assert(s->cbElementaryTransfer == 512);
1230
1231 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1232 memset(p, 0, 512);
1233 /* Removable CDROM, 50us response, 12 byte packets */
1234 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1235 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1236 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1237 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1238 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1239 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1240 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1241 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1242 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1243 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1244 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1245 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1246 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1247 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1248 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1249 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1250 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1251 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1252 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1253 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1254 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1255 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1256 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1257 p[83] = RT_H2LE_U16(1 << 14);
1258 p[84] = RT_H2LE_U16(1 << 14);
1259 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1260 p[86] = RT_H2LE_U16(0);
1261 p[87] = RT_H2LE_U16(1 << 14);
1262 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1263 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1264 s->iSourceSink = ATAFN_SS_NULL;
1265 ataCmdOK(s, ATA_STAT_SEEK);
1266 return false;
1267}
1268
1269
1270static void ataSetSignature(ATADevState *s)
1271{
1272 s->uATARegSelect &= 0xf0; /* clear head */
1273 /* put signature */
1274 s->uATARegNSector = 1;
1275 s->uATARegSector = 1;
1276 if (s->fATAPI)
1277 {
1278 s->uATARegLCyl = 0x14;
1279 s->uATARegHCyl = 0xeb;
1280 }
1281 else if (s->pDrvBlock)
1282 {
1283 s->uATARegLCyl = 0;
1284 s->uATARegHCyl = 0;
1285 }
1286 else
1287 {
1288 s->uATARegLCyl = 0xff;
1289 s->uATARegHCyl = 0xff;
1290 }
1291}
1292
1293
1294static uint64_t ataGetSector(ATADevState *s)
1295{
1296 uint64_t iLBA;
1297 if (s->uATARegSelect & 0x40)
1298 {
1299 /* any LBA variant */
1300 if (s->fLBA48)
1301 {
1302 /* LBA48 */
1303 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1304 ((uint64_t)s->uATARegLCylHOB << 32) |
1305 ((uint64_t)s->uATARegSectorHOB << 24) |
1306 ((uint64_t)s->uATARegHCyl << 16) |
1307 ((uint64_t)s->uATARegLCyl << 8) |
1308 s->uATARegSector;
1309 }
1310 else
1311 {
1312 /* LBA */
1313 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1314 (s->uATARegLCyl << 8) | s->uATARegSector;
1315 }
1316 }
1317 else
1318 {
1319 /* CHS */
1320 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1321 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1322 (s->uATARegSector - 1);
1323 }
1324 return iLBA;
1325}
1326
1327static void ataSetSector(ATADevState *s, uint64_t iLBA)
1328{
1329 uint32_t cyl, r;
1330 if (s->uATARegSelect & 0x40)
1331 {
1332 /* any LBA variant */
1333 if (s->fLBA48)
1334 {
1335 /* LBA48 */
1336 s->uATARegHCylHOB = iLBA >> 40;
1337 s->uATARegLCylHOB = iLBA >> 32;
1338 s->uATARegSectorHOB = iLBA >> 24;
1339 s->uATARegHCyl = iLBA >> 16;
1340 s->uATARegLCyl = iLBA >> 8;
1341 s->uATARegSector = iLBA;
1342 }
1343 else
1344 {
1345 /* LBA */
1346 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1347 s->uATARegHCyl = (iLBA >> 16);
1348 s->uATARegLCyl = (iLBA >> 8);
1349 s->uATARegSector = (iLBA);
1350 }
1351 }
1352 else
1353 {
1354 /* CHS */
1355 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1356 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1357 s->uATARegHCyl = cyl >> 8;
1358 s->uATARegLCyl = cyl;
1359 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1360 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1361 }
1362}
1363
1364
1365static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1366{
1367 int rc;
1368 LogRel(("PIIX3 ATA: Host disk full\n"));
1369 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1370 false, "DevATA_DISKFULL",
1371 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1372 AssertRC(rc);
1373}
1374
1375static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1376{
1377 int rc;
1378 LogRel(("PIIX3 ATA: File too big\n"));
1379 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1380 false, "DevATA_FILETOOBIG",
1381 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1382 AssertRC(rc);
1383}
1384
1385static void ataWarningISCSI(PPDMDEVINS pDevIns)
1386{
1387 int rc;
1388 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1389 rc = VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
1390 false, "DevATA_ISCSIDOWN",
1391 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1392 AssertRC(rc);
1393}
1394
1395/**
1396 * Suspend I/O operations on a controller. Also suspends EMT, because it's
1397 * waiting for I/O to make progress. The next attempt to perform an I/O
1398 * operation will be made when EMT is resumed up again (as the resume
1399 * callback below restarts I/O).
1400 *
1401 * @param pCtl Controller for which to suspend I/O.
1402 */
1403static void ataSuspendRedo(PATACONTROLLER pCtl)
1404{
1405 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
1406 PVMREQ pReq;
1407 int rc;
1408
1409 pCtl->fRedoIdle = true;
1410 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
1411 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
1412 AssertReleaseRC(rc);
1413 VMR3ReqFree(pReq);
1414}
1415
1416bool ataIsRedoSetWarning(ATADevState *s, int rc)
1417{
1418 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1419 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1420 if (rc == VERR_DISK_FULL)
1421 {
1422 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1423 ataSuspendRedo(pCtl);
1424 return true;
1425 }
1426 if (rc == VERR_FILE_TOO_BIG)
1427 {
1428 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1429 ataSuspendRedo(pCtl);
1430 return true;
1431 }
1432 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1433 {
1434 /* iSCSI connection abort (first error) or failure to reestablish
1435 * connection (second error). Pause VM. On resume we'll retry. */
1436 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1437 ataSuspendRedo(pCtl);
1438 return true;
1439 }
1440 return false;
1441}
1442
1443
1444static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors, bool *fRedo)
1445{
1446 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1447 int rc;
1448
1449 PDMCritSectLeave(&pCtl->lock);
1450
1451 STAM_PROFILE_ADV_START(&s->StatReads, r);
1452 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1453 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1454 s->Led.Actual.s.fReading = 0;
1455 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1456
1457 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1458
1459 if (RT_SUCCESS(rc))
1460 *fRedo = false;
1461 else
1462 *fRedo = ataIsRedoSetWarning(s, rc);
1463
1464 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1465 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1466 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1467 return rc;
1468}
1469
1470
1471static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors, bool *fRedo)
1472{
1473 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1474 int rc;
1475
1476 PDMCritSectLeave(&pCtl->lock);
1477
1478 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1479 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1480#ifdef VBOX_INSTRUMENT_DMA_WRITES
1481 if (s->fDMA)
1482 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1483#endif
1484 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1485#ifdef VBOX_INSTRUMENT_DMA_WRITES
1486 if (s->fDMA)
1487 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1488#endif
1489 s->Led.Actual.s.fWriting = 0;
1490 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1491
1492 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1493
1494 if (RT_SUCCESS(rc))
1495 *fRedo = false;
1496 else
1497 *fRedo = ataIsRedoSetWarning(s, rc);
1498
1499 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1500 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1501 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1502 return rc;
1503}
1504
1505
1506static void ataReadWriteSectorsBT(ATADevState *s)
1507{
1508 uint32_t cSectors;
1509
1510 cSectors = s->cbTotalTransfer / 512;
1511 if (cSectors > s->cSectorsPerIRQ)
1512 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1513 else
1514 s->cbElementaryTransfer = cSectors * 512;
1515 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1516 ataCmdOK(s, 0);
1517}
1518
1519
1520static bool ataReadSectorsSS(ATADevState *s)
1521{
1522 int rc;
1523 uint32_t cSectors;
1524 uint64_t iLBA;
1525 bool fRedo;
1526
1527 cSectors = s->cbElementaryTransfer / 512;
1528 Assert(cSectors);
1529 iLBA = ataGetSector(s);
1530 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1531 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1532 if (RT_SUCCESS(rc))
1533 {
1534 ataSetSector(s, iLBA + cSectors);
1535 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1536 s->iSourceSink = ATAFN_SS_NULL;
1537 ataCmdOK(s, ATA_STAT_SEEK);
1538 }
1539 else
1540 {
1541 if (fRedo)
1542 return fRedo;
1543 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1544 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1545 s->iLUN, rc, iLBA, cSectors));
1546
1547 /*
1548 * Check if we got interrupted. We don't need to set status variables
1549 * because the request was aborted.
1550 */
1551 if (rc != VERR_INTERRUPTED)
1552 ataCmdError(s, ID_ERR);
1553 }
1554 return false;
1555}
1556
1557
1558static bool ataWriteSectorsSS(ATADevState *s)
1559{
1560 int rc;
1561 uint32_t cSectors;
1562 uint64_t iLBA;
1563 bool fRedo;
1564
1565 cSectors = s->cbElementaryTransfer / 512;
1566 Assert(cSectors);
1567 iLBA = ataGetSector(s);
1568 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1569 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1570 if (RT_SUCCESS(rc))
1571 {
1572 ataSetSector(s, iLBA + cSectors);
1573 if (!s->cbTotalTransfer)
1574 s->iSourceSink = ATAFN_SS_NULL;
1575 ataCmdOK(s, ATA_STAT_SEEK);
1576 }
1577 else
1578 {
1579 if (fRedo)
1580 return fRedo;
1581 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1582 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1583 s->iLUN, rc, iLBA, cSectors));
1584
1585 /*
1586 * Check if we got interrupted. We don't need to set status variables
1587 * because the request was aborted.
1588 */
1589 if (rc != VERR_INTERRUPTED)
1590 ataCmdError(s, ID_ERR);
1591 }
1592 return false;
1593}
1594
1595
1596static void atapiCmdOK(ATADevState *s)
1597{
1598 s->uATARegError = 0;
1599 ataSetStatusValue(s, ATA_STAT_READY);
1600 s->uATARegNSector = (s->uATARegNSector & ~7)
1601 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1602 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1603 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1604
1605 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1606 s->abATAPISense[0] = 0x70 | (1 << 7);
1607 s->abATAPISense[7] = 10;
1608}
1609
1610
1611static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1612{
1613 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1614 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1615 s->uATARegError = pabATAPISense[2] << 4;
1616 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1617 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1618 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1619 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1620 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1621 s->cbTotalTransfer = 0;
1622 s->cbElementaryTransfer = 0;
1623 s->iIOBufferCur = 0;
1624 s->iIOBufferEnd = 0;
1625 s->uTxDir = PDMBLOCKTXDIR_NONE;
1626 s->iBeginTransfer = ATAFN_BT_NULL;
1627 s->iSourceSink = ATAFN_SS_NULL;
1628}
1629
1630
1631/** @todo deprecated function - doesn't provide enough info. Replace by direct
1632 * calls to atapiCmdError() with full data. */
1633static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1634{
1635 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1636 memset(abATAPISense, '\0', sizeof(abATAPISense));
1637 abATAPISense[0] = 0x70 | (1 << 7);
1638 abATAPISense[2] = uATAPISenseKey & 0x0f;
1639 abATAPISense[7] = 10;
1640 abATAPISense[12] = uATAPIASC;
1641 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1642}
1643
1644
1645static void atapiCmdBT(ATADevState *s)
1646{
1647 s->fATAPITransfer = true;
1648 s->cbElementaryTransfer = s->cbTotalTransfer;
1649 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1650 atapiCmdOK(s);
1651}
1652
1653
1654static void atapiPassthroughCmdBT(ATADevState *s)
1655{
1656 /* @todo implement an algorithm for correctly determining the read and
1657 * write sector size without sending additional commands to the drive.
1658 * This should be doable by saving processing the configuration requests
1659 * and replies. */
1660#if 0
1661 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1662 {
1663 uint8_t cmd = s->aATAPICmd[0];
1664 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1665 {
1666 uint8_t aModeSenseCmd[10];
1667 uint8_t aModeSenseResult[16];
1668 uint8_t uDummySense;
1669 uint32_t cbTransfer;
1670 int rc;
1671
1672 cbTransfer = sizeof(aModeSenseResult);
1673 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1674 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1675 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1676 aModeSenseCmd[3] = 0; /* subpage code */
1677 aModeSenseCmd[4] = 0; /* reserved */
1678 aModeSenseCmd[5] = 0; /* reserved */
1679 aModeSenseCmd[6] = 0; /* reserved */
1680 aModeSenseCmd[7] = cbTransfer >> 8;
1681 aModeSenseCmd[8] = cbTransfer & 0xff;
1682 aModeSenseCmd[9] = 0; /* control */
1683 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1684 if (RT_FAILURE(rc))
1685 {
1686 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1687 return;
1688 }
1689 /* Select sector size based on the current data block type. */
1690 switch (aModeSenseResult[12] & 0x0f)
1691 {
1692 case 0:
1693 s->cbATAPISector = 2352;
1694 break;
1695 case 1:
1696 s->cbATAPISector = 2368;
1697 break;
1698 case 2:
1699 case 3:
1700 s->cbATAPISector = 2448;
1701 break;
1702 case 8:
1703 case 10:
1704 s->cbATAPISector = 2048;
1705 break;
1706 case 9:
1707 s->cbATAPISector = 2336;
1708 break;
1709 case 11:
1710 s->cbATAPISector = 2056;
1711 break;
1712 case 12:
1713 s->cbATAPISector = 2324;
1714 break;
1715 case 13:
1716 s->cbATAPISector = 2332;
1717 break;
1718 default:
1719 s->cbATAPISector = 0;
1720 }
1721 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1722 s->cbTotalTransfer *= s->cbATAPISector;
1723 if (s->cbTotalTransfer == 0)
1724 s->uTxDir = PDMBLOCKTXDIR_NONE;
1725 }
1726 }
1727#endif
1728 atapiCmdBT(s);
1729}
1730
1731
1732static bool atapiReadSS(ATADevState *s)
1733{
1734 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1735 int rc = VINF_SUCCESS;
1736 uint32_t cbTransfer, cSectors;
1737
1738 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1739 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1740 cSectors = cbTransfer / s->cbATAPISector;
1741 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1742 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1743
1744 PDMCritSectLeave(&pCtl->lock);
1745
1746 STAM_PROFILE_ADV_START(&s->StatReads, r);
1747 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1748 switch (s->cbATAPISector)
1749 {
1750 case 2048:
1751 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1752 break;
1753 case 2352:
1754 {
1755 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1756
1757 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1758 {
1759 /* sync bytes */
1760 *pbBuf++ = 0x00;
1761 memset(pbBuf, 0xff, 11);
1762 pbBuf += 11;
1763 /* MSF */
1764 ataLBA2MSF(pbBuf, i);
1765 pbBuf += 3;
1766 *pbBuf++ = 0x01; /* mode 1 data */
1767 /* data */
1768 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1769 if (RT_FAILURE(rc))
1770 break;
1771 pbBuf += 2048;
1772 /* ECC */
1773 memset(pbBuf, 0, 288);
1774 pbBuf += 288;
1775 }
1776 }
1777 break;
1778 default:
1779 break;
1780 }
1781 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1782
1783 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1784 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1785 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1786
1787 if (RT_SUCCESS(rc))
1788 {
1789 s->Led.Actual.s.fReading = 0;
1790 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1791
1792 /* The initial buffer end value has been set up based on the total
1793 * transfer size. But the I/O buffer size limits what can actually be
1794 * done in one transfer, so set the actual value of the buffer end. */
1795 s->cbElementaryTransfer = cbTransfer;
1796 if (cbTransfer >= s->cbTotalTransfer)
1797 s->iSourceSink = ATAFN_SS_NULL;
1798 atapiCmdOK(s);
1799 s->iATAPILBA += cSectors;
1800 }
1801 else
1802 {
1803 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1804 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1805
1806 /*
1807 * Check if we got interrupted. We don't need to set status variables
1808 * because the request was aborted.
1809 */
1810 if (rc != VERR_INTERRUPTED)
1811 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1812 }
1813 return false;
1814}
1815
1816
1817static bool atapiPassthroughSS(ATADevState *s)
1818{
1819 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1820 int rc = VINF_SUCCESS;
1821 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1822 size_t cbTransfer;
1823 PSTAMPROFILEADV pProf = NULL;
1824
1825 cbTransfer = s->cbElementaryTransfer;
1826
1827 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1828 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1829
1830 /* Simple heuristics: if there is at least one sector of data
1831 * to transfer, it's worth updating the LEDs. */
1832 if (cbTransfer >= 2048)
1833 {
1834 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1835 {
1836 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1837 pProf = &s->StatReads;
1838 }
1839 else
1840 {
1841 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1842 pProf = &s->StatWrites;
1843 }
1844 }
1845
1846 PDMCritSectLeave(&pCtl->lock);
1847
1848 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1849 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1850 {
1851 /* Linux accepts commands with up to 100KB of data, but expects
1852 * us to handle commands with up to 128KB of data. The usual
1853 * imbalance of powers. */
1854 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1855 uint32_t iATAPILBA, cSectors, cReqSectors;
1856 size_t cbCurrTX;
1857 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1858
1859 switch (s->aATAPICmd[0])
1860 {
1861 case SCSI_READ_10:
1862 case SCSI_WRITE_10:
1863 case SCSI_WRITE_AND_VERIFY_10:
1864 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1865 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1866 break;
1867 case SCSI_READ_12:
1868 case SCSI_WRITE_12:
1869 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1870 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1871 break;
1872 case SCSI_READ_CD:
1873 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1874 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1875 break;
1876 case SCSI_READ_CD_MSF:
1877 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1878 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1879 break;
1880 default:
1881 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1882 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1883 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1884 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1885 {
1886 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1887 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1888 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1889 }
1890 return false;
1891 }
1892 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1893 cReqSectors = 0;
1894 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1895 {
1896 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1897 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1898 else
1899 cReqSectors = i;
1900 cbCurrTX = s->cbATAPISector * cReqSectors;
1901 switch (s->aATAPICmd[0])
1902 {
1903 case SCSI_READ_10:
1904 case SCSI_WRITE_10:
1905 case SCSI_WRITE_AND_VERIFY_10:
1906 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1907 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1908 break;
1909 case SCSI_READ_12:
1910 case SCSI_WRITE_12:
1911 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1912 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1913 break;
1914 case SCSI_READ_CD:
1915 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1916 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1917 break;
1918 case SCSI_READ_CD_MSF:
1919 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1920 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1921 break;
1922 }
1923 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1924 if (rc != VINF_SUCCESS)
1925 break;
1926 iATAPILBA += cReqSectors;
1927 pbBuf += s->cbATAPISector * cReqSectors;
1928 }
1929 }
1930 else
1931 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1932 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1933
1934 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1935 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1936 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1937
1938 /* Update the LEDs and the read/write statistics. */
1939 if (cbTransfer >= 2048)
1940 {
1941 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1942 {
1943 s->Led.Actual.s.fReading = 0;
1944 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
1945 }
1946 else
1947 {
1948 s->Led.Actual.s.fWriting = 0;
1949 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
1950 }
1951 }
1952
1953 if (RT_SUCCESS(rc))
1954 {
1955 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
1956 {
1957 Assert(cbTransfer <= s->cbTotalTransfer);
1958 /* Reply with the same amount of data as the real drive. */
1959 s->cbTotalTransfer = cbTransfer;
1960 /* The initial buffer end value has been set up based on the total
1961 * transfer size. But the I/O buffer size limits what can actually be
1962 * done in one transfer, so set the actual value of the buffer end. */
1963 s->cbElementaryTransfer = cbTransfer;
1964 if (s->aATAPICmd[0] == SCSI_INQUIRY)
1965 {
1966 /* Make sure that the real drive cannot be identified.
1967 * Motivation: changing the VM configuration should be as
1968 * invisible as possible to the guest. */
1969 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1970 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
1971 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
1972 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
1973 }
1974 if (cbTransfer)
1975 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1976 }
1977 s->iSourceSink = ATAFN_SS_NULL;
1978 atapiCmdOK(s);
1979 }
1980 else
1981 {
1982 if (s->cErrors < MAX_LOG_REL_ERRORS)
1983 {
1984 uint8_t u8Cmd = s->aATAPICmd[0];
1985 do
1986 {
1987 /* don't log superflous errors */
1988 if ( rc == VERR_DEV_IO_ERROR
1989 && ( u8Cmd == SCSI_TEST_UNIT_READY
1990 || u8Cmd == SCSI_READ_CAPACITY
1991 || u8Cmd == SCSI_READ_DVD_STRUCTURE
1992 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
1993 break;
1994 s->cErrors++;
1995 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
1996 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
1997 } while (0);
1998 }
1999 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2000 }
2001 return false;
2002}
2003
2004
2005static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2006{
2007 Assert(cSectors > 0);
2008 s->iATAPILBA = iATAPILBA;
2009 s->cbATAPISector = cbSector;
2010 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2011 return false;
2012}
2013
2014
2015static bool atapiReadCapacitySS(ATADevState *s)
2016{
2017 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2018
2019 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2020 Assert(s->cbElementaryTransfer <= 8);
2021 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2022 ataH2BE_U32(pbBuf + 4, 2048);
2023 s->iSourceSink = ATAFN_SS_NULL;
2024 atapiCmdOK(s);
2025 return false;
2026}
2027
2028
2029static bool atapiReadDiscInformationSS(ATADevState *s)
2030{
2031 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2032
2033 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2034 Assert(s->cbElementaryTransfer <= 34);
2035 memset(pbBuf, '\0', 34);
2036 ataH2BE_U16(pbBuf, 32);
2037 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2038 pbBuf[3] = 1; /* number of first track */
2039 pbBuf[4] = 1; /* number of sessions (LSB) */
2040 pbBuf[5] = 1; /* first track number in last session (LSB) */
2041 pbBuf[6] = 1; /* last track number in last session (LSB) */
2042 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2043 pbBuf[8] = 0; /* disc type = CD-ROM */
2044 pbBuf[9] = 0; /* number of sessions (MSB) */
2045 pbBuf[10] = 0; /* number of sessions (MSB) */
2046 pbBuf[11] = 0; /* number of sessions (MSB) */
2047 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2048 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2049 s->iSourceSink = ATAFN_SS_NULL;
2050 atapiCmdOK(s);
2051 return false;
2052}
2053
2054
2055static bool atapiReadTrackInformationSS(ATADevState *s)
2056{
2057 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2058
2059 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2060 Assert(s->cbElementaryTransfer <= 36);
2061 /* Accept address/number type of 1 only, and only track 1 exists. */
2062 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2063 {
2064 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2065 return false;
2066 }
2067 memset(pbBuf, '\0', 36);
2068 ataH2BE_U16(pbBuf, 34);
2069 pbBuf[2] = 1; /* track number (LSB) */
2070 pbBuf[3] = 1; /* session number (LSB) */
2071 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2072 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2073 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2074 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2075 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2076 pbBuf[32] = 0; /* track number (MSB) */
2077 pbBuf[33] = 0; /* session number (MSB) */
2078 s->iSourceSink = ATAFN_SS_NULL;
2079 atapiCmdOK(s);
2080 return false;
2081}
2082
2083
2084static bool atapiGetConfigurationSS(ATADevState *s)
2085{
2086 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2087 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2088
2089 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2090 Assert(s->cbElementaryTransfer <= 32);
2091 /* Accept valid request types only, and only starting feature 0. */
2092 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2093 {
2094 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2095 return false;
2096 }
2097 memset(pbBuf, '\0', 32);
2098 ataH2BE_U32(pbBuf, 16);
2099 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2100 * way to differentiate them right now is based on the image size). Also
2101 * implement signalling "no current profile" if no medium is loaded. */
2102 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2103
2104 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2105 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2106 pbBuf[11] = 8; /* additional bytes for profiles */
2107 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2108 * before CD-ROM read capability. */
2109 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2110 pbBuf[14] = (0 << 0); /* NOT current profile */
2111 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2112 pbBuf[18] = (1 << 0); /* current profile */
2113 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2114 s->iSourceSink = ATAFN_SS_NULL;
2115 atapiCmdOK(s);
2116 return false;
2117}
2118
2119
2120static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2121{
2122 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2123
2124 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2125 Assert(s->cbElementaryTransfer <= 8);
2126
2127 if (!(s->aATAPICmd[1] & 1))
2128 {
2129 /* no asynchronous operation supported */
2130 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2131 return false;
2132 }
2133
2134 uint32_t OldStatus, NewStatus;
2135 do
2136 {
2137 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2138 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2139 switch (OldStatus)
2140 {
2141 case ATA_EVENT_STATUS_MEDIA_NEW:
2142 /* mount */
2143 ataH2BE_U16(pbBuf + 0, 6);
2144 pbBuf[2] = 0x04;
2145 pbBuf[3] = 0x5e;
2146 pbBuf[4] = 0x02;
2147 pbBuf[5] = 0x02;
2148 pbBuf[6] = 0x00;
2149 pbBuf[7] = 0x00;
2150 break;
2151
2152 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2153 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2154 /* umount */
2155 ataH2BE_U16(pbBuf + 0, 6);
2156 pbBuf[2] = 0x04;
2157 pbBuf[3] = 0x5e;
2158 pbBuf[4] = 0x03;
2159 pbBuf[5] = 0x00;
2160 pbBuf[6] = 0x00;
2161 pbBuf[7] = 0x00;
2162 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2163 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2164 break;
2165
2166 case ATA_EVENT_STATUS_UNCHANGED:
2167 default:
2168 ataH2BE_U16(pbBuf + 0, 6);
2169 pbBuf[2] = 0x01;
2170 pbBuf[3] = 0x5e;
2171 pbBuf[4] = 0x00;
2172 pbBuf[5] = 0x00;
2173 pbBuf[6] = 0x00;
2174 pbBuf[7] = 0x00;
2175 break;
2176 }
2177 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2178
2179 s->iSourceSink = ATAFN_SS_NULL;
2180 atapiCmdOK(s);
2181 return false;
2182}
2183
2184
2185static bool atapiInquirySS(ATADevState *s)
2186{
2187 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2188
2189 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2190 Assert(s->cbElementaryTransfer <= 36);
2191 pbBuf[0] = 0x05; /* CD-ROM */
2192 pbBuf[1] = 0x80; /* removable */
2193#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2194 pbBuf[2] = 0x00; /* ISO */
2195 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2196#else
2197 pbBuf[2] = 0x00; /* ISO */
2198 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2199#endif
2200 pbBuf[4] = 31; /* additional length */
2201 pbBuf[5] = 0; /* reserved */
2202 pbBuf[6] = 0; /* reserved */
2203 pbBuf[7] = 0; /* reserved */
2204 ataSCSIPadStr(pbBuf + 8, "VBOX", 8);
2205 ataSCSIPadStr(pbBuf + 16, "CD-ROM", 16);
2206 ataSCSIPadStr(pbBuf + 32, "1.0", 4);
2207 s->iSourceSink = ATAFN_SS_NULL;
2208 atapiCmdOK(s);
2209 return false;
2210}
2211
2212
2213static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2214{
2215 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2216
2217 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2218 Assert(s->cbElementaryTransfer <= 16);
2219 ataH2BE_U16(&pbBuf[0], 16 + 6);
2220 pbBuf[2] = 0x70;
2221 pbBuf[3] = 0;
2222 pbBuf[4] = 0;
2223 pbBuf[5] = 0;
2224 pbBuf[6] = 0;
2225 pbBuf[7] = 0;
2226
2227 pbBuf[8] = 0x01;
2228 pbBuf[9] = 0x06;
2229 pbBuf[10] = 0x00;
2230 pbBuf[11] = 0x05;
2231 pbBuf[12] = 0x00;
2232 pbBuf[13] = 0x00;
2233 pbBuf[14] = 0x00;
2234 pbBuf[15] = 0x00;
2235 s->iSourceSink = ATAFN_SS_NULL;
2236 atapiCmdOK(s);
2237 return false;
2238}
2239
2240
2241static bool atapiModeSenseCDStatusSS(ATADevState *s)
2242{
2243 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2244
2245 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2246 Assert(s->cbElementaryTransfer <= 40);
2247 ataH2BE_U16(&pbBuf[0], 38);
2248 pbBuf[2] = 0x70;
2249 pbBuf[3] = 0;
2250 pbBuf[4] = 0;
2251 pbBuf[5] = 0;
2252 pbBuf[6] = 0;
2253 pbBuf[7] = 0;
2254
2255 pbBuf[8] = 0x2a;
2256 pbBuf[9] = 30; /* page length */
2257 pbBuf[10] = 0x08; /* DVD-ROM read support */
2258 pbBuf[11] = 0x00; /* no write support */
2259 /* The following claims we support audio play. This is obviously false,
2260 * but the Linux generic CDROM support makes many features depend on this
2261 * capability. If it's not set, this causes many things to be disabled. */
2262 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2263 pbBuf[13] = 0x00; /* no subchannel reads supported */
2264 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2265 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2266 pbBuf[14] |= 1 << 1; /* report lock state */
2267 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2268 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2269 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2270 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2271 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2272 pbBuf[24] = 0; /* reserved */
2273 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2274 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2275 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2276 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2277 pbBuf[32] = 0; /* reserved */
2278 pbBuf[33] = 0; /* reserved */
2279 pbBuf[34] = 0; /* reserved */
2280 pbBuf[35] = 1; /* rotation control CAV */
2281 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2282 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2283 s->iSourceSink = ATAFN_SS_NULL;
2284 atapiCmdOK(s);
2285 return false;
2286}
2287
2288
2289static bool atapiRequestSenseSS(ATADevState *s)
2290{
2291 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2292
2293 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2294 memset(pbBuf, '\0', s->cbElementaryTransfer);
2295 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2296 s->iSourceSink = ATAFN_SS_NULL;
2297 atapiCmdOK(s);
2298 return false;
2299}
2300
2301
2302static bool atapiMechanismStatusSS(ATADevState *s)
2303{
2304 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2305
2306 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2307 Assert(s->cbElementaryTransfer <= 8);
2308 ataH2BE_U16(pbBuf, 0);
2309 /* no current LBA */
2310 pbBuf[2] = 0;
2311 pbBuf[3] = 0;
2312 pbBuf[4] = 0;
2313 pbBuf[5] = 1;
2314 ataH2BE_U16(pbBuf + 6, 0);
2315 s->iSourceSink = ATAFN_SS_NULL;
2316 atapiCmdOK(s);
2317 return false;
2318}
2319
2320
2321static bool atapiReadTOCNormalSS(ATADevState *s)
2322{
2323 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2324 bool fMSF;
2325 uint32_t cbSize;
2326
2327 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2328 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2329 iStartTrack = s->aATAPICmd[6];
2330 if (iStartTrack > 1 && iStartTrack != 0xaa)
2331 {
2332 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2333 return false;
2334 }
2335 q = pbBuf + 2;
2336 *q++ = 1; /* first session */
2337 *q++ = 1; /* last session */
2338 if (iStartTrack <= 1)
2339 {
2340 *q++ = 0; /* reserved */
2341 *q++ = 0x14; /* ADR, control */
2342 *q++ = 1; /* track number */
2343 *q++ = 0; /* reserved */
2344 if (fMSF)
2345 {
2346 *q++ = 0; /* reserved */
2347 ataLBA2MSF(q, 0);
2348 q += 3;
2349 }
2350 else
2351 {
2352 /* sector 0 */
2353 ataH2BE_U32(q, 0);
2354 q += 4;
2355 }
2356 }
2357 /* lead out track */
2358 *q++ = 0; /* reserved */
2359 *q++ = 0x14; /* ADR, control */
2360 *q++ = 0xaa; /* track number */
2361 *q++ = 0; /* reserved */
2362 if (fMSF)
2363 {
2364 *q++ = 0; /* reserved */
2365 ataLBA2MSF(q, s->cTotalSectors);
2366 q += 3;
2367 }
2368 else
2369 {
2370 ataH2BE_U32(q, s->cTotalSectors);
2371 q += 4;
2372 }
2373 cbSize = q - pbBuf;
2374 ataH2BE_U16(pbBuf, cbSize - 2);
2375 if (cbSize < s->cbTotalTransfer)
2376 s->cbTotalTransfer = cbSize;
2377 s->iSourceSink = ATAFN_SS_NULL;
2378 atapiCmdOK(s);
2379 return false;
2380}
2381
2382
2383static bool atapiReadTOCMultiSS(ATADevState *s)
2384{
2385 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2386 bool fMSF;
2387
2388 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2389 Assert(s->cbElementaryTransfer <= 12);
2390 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2391 /* multi session: only a single session defined */
2392/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2393 memset(pbBuf, 0, 12);
2394 pbBuf[1] = 0x0a;
2395 pbBuf[2] = 0x01;
2396 pbBuf[3] = 0x01;
2397 pbBuf[5] = 0x14; /* ADR, control */
2398 pbBuf[6] = 1; /* first track in last complete session */
2399 if (fMSF)
2400 {
2401 pbBuf[8] = 0; /* reserved */
2402 ataLBA2MSF(&pbBuf[9], 0);
2403 }
2404 else
2405 {
2406 /* sector 0 */
2407 ataH2BE_U32(pbBuf + 8, 0);
2408 }
2409 s->iSourceSink = ATAFN_SS_NULL;
2410 atapiCmdOK(s);
2411 return false;
2412}
2413
2414
2415static bool atapiReadTOCRawSS(ATADevState *s)
2416{
2417 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2418 bool fMSF;
2419 uint32_t cbSize;
2420
2421 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2422 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2423 iStartTrack = s->aATAPICmd[6];
2424
2425 q = pbBuf + 2;
2426 *q++ = 1; /* first session */
2427 *q++ = 1; /* last session */
2428
2429 *q++ = 1; /* session number */
2430 *q++ = 0x14; /* data track */
2431 *q++ = 0; /* track number */
2432 *q++ = 0xa0; /* first track in program area */
2433 *q++ = 0; /* min */
2434 *q++ = 0; /* sec */
2435 *q++ = 0; /* frame */
2436 *q++ = 0;
2437 *q++ = 1; /* first track */
2438 *q++ = 0x00; /* disk type CD-DA or CD data */
2439 *q++ = 0;
2440
2441 *q++ = 1; /* session number */
2442 *q++ = 0x14; /* data track */
2443 *q++ = 0; /* track number */
2444 *q++ = 0xa1; /* last track in program area */
2445 *q++ = 0; /* min */
2446 *q++ = 0; /* sec */
2447 *q++ = 0; /* frame */
2448 *q++ = 0;
2449 *q++ = 1; /* last track */
2450 *q++ = 0;
2451 *q++ = 0;
2452
2453 *q++ = 1; /* session number */
2454 *q++ = 0x14; /* data track */
2455 *q++ = 0; /* track number */
2456 *q++ = 0xa2; /* lead-out */
2457 *q++ = 0; /* min */
2458 *q++ = 0; /* sec */
2459 *q++ = 0; /* frame */
2460 if (fMSF)
2461 {
2462 *q++ = 0; /* reserved */
2463 ataLBA2MSF(q, s->cTotalSectors);
2464 q += 3;
2465 }
2466 else
2467 {
2468 ataH2BE_U32(q, s->cTotalSectors);
2469 q += 4;
2470 }
2471
2472 *q++ = 1; /* session number */
2473 *q++ = 0x14; /* ADR, control */
2474 *q++ = 0; /* track number */
2475 *q++ = 1; /* point */
2476 *q++ = 0; /* min */
2477 *q++ = 0; /* sec */
2478 *q++ = 0; /* frame */
2479 if (fMSF)
2480 {
2481 *q++ = 0; /* reserved */
2482 ataLBA2MSF(q, 0);
2483 q += 3;
2484 }
2485 else
2486 {
2487 /* sector 0 */
2488 ataH2BE_U32(q, 0);
2489 q += 4;
2490 }
2491
2492 cbSize = q - pbBuf;
2493 ataH2BE_U16(pbBuf, cbSize - 2);
2494 if (cbSize < s->cbTotalTransfer)
2495 s->cbTotalTransfer = cbSize;
2496 s->iSourceSink = ATAFN_SS_NULL;
2497 atapiCmdOK(s);
2498 return false;
2499}
2500
2501
2502static void atapiParseCmdVirtualATAPI(ATADevState *s)
2503{
2504 const uint8_t *pbPacket;
2505 uint8_t *pbBuf;
2506 uint32_t cbMax;
2507
2508 pbPacket = s->aATAPICmd;
2509 pbBuf = s->CTX_SUFF(pbIOBuffer);
2510 switch (pbPacket[0])
2511 {
2512 case SCSI_TEST_UNIT_READY:
2513 if (s->cNotifiedMediaChange > 0)
2514 {
2515 if (s->cNotifiedMediaChange-- > 2)
2516 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2517 else
2518 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2519 }
2520 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2521 atapiCmdOK(s);
2522 else
2523 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2524 break;
2525 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2526 cbMax = ataBE2H_U16(pbPacket + 7);
2527 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2528 break;
2529 case SCSI_MODE_SENSE_10:
2530 {
2531 uint8_t uPageControl, uPageCode;
2532 cbMax = ataBE2H_U16(pbPacket + 7);
2533 uPageControl = pbPacket[2] >> 6;
2534 uPageCode = pbPacket[2] & 0x3f;
2535 switch (uPageControl)
2536 {
2537 case SCSI_PAGECONTROL_CURRENT:
2538 switch (uPageCode)
2539 {
2540 case SCSI_MODEPAGE_ERROR_RECOVERY:
2541 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2542 break;
2543 case SCSI_MODEPAGE_CD_STATUS:
2544 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2545 break;
2546 default:
2547 goto error_cmd;
2548 }
2549 break;
2550 case SCSI_PAGECONTROL_CHANGEABLE:
2551 goto error_cmd;
2552 case SCSI_PAGECONTROL_DEFAULT:
2553 goto error_cmd;
2554 default:
2555 case SCSI_PAGECONTROL_SAVED:
2556 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2557 break;
2558 }
2559 }
2560 break;
2561 case SCSI_REQUEST_SENSE:
2562 cbMax = pbPacket[4];
2563 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2564 break;
2565 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2566 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2567 {
2568 if (pbPacket[4] & 1)
2569 s->pDrvMount->pfnLock(s->pDrvMount);
2570 else
2571 s->pDrvMount->pfnUnlock(s->pDrvMount);
2572 atapiCmdOK(s);
2573 }
2574 else
2575 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2576 break;
2577 case SCSI_READ_10:
2578 case SCSI_READ_12:
2579 {
2580 uint32_t cSectors, iATAPILBA;
2581
2582 if (s->cNotifiedMediaChange > 0)
2583 {
2584 s->cNotifiedMediaChange-- ;
2585 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2586 break;
2587 }
2588 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2589 {
2590 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2591 break;
2592 }
2593 if (pbPacket[0] == SCSI_READ_10)
2594 cSectors = ataBE2H_U16(pbPacket + 7);
2595 else
2596 cSectors = ataBE2H_U32(pbPacket + 6);
2597 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2598 if (cSectors == 0)
2599 {
2600 atapiCmdOK(s);
2601 break;
2602 }
2603 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2604 {
2605 /* Rate limited logging, one log line per second. For
2606 * guests that insist on reading from places outside the
2607 * valid area this often generates too many release log
2608 * entries otherwise. */
2609 static uint64_t uLastLogTS = 0;
2610 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2611 {
2612 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2613 uLastLogTS = RTTimeMilliTS();
2614 }
2615 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2616 break;
2617 }
2618 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2619 }
2620 break;
2621 case SCSI_READ_CD:
2622 {
2623 uint32_t cSectors, iATAPILBA;
2624
2625 if (s->cNotifiedMediaChange > 0)
2626 {
2627 s->cNotifiedMediaChange-- ;
2628 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2629 break;
2630 }
2631 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2632 {
2633 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2634 break;
2635 }
2636 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2637 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2638 if (cSectors == 0)
2639 {
2640 atapiCmdOK(s);
2641 break;
2642 }
2643 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2644 {
2645 /* Rate limited logging, one log line per second. For
2646 * guests that insist on reading from places outside the
2647 * valid area this often generates too many release log
2648 * entries otherwise. */
2649 static uint64_t uLastLogTS = 0;
2650 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2651 {
2652 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2653 uLastLogTS = RTTimeMilliTS();
2654 }
2655 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2656 break;
2657 }
2658 switch (pbPacket[9] & 0xf8)
2659 {
2660 case 0x00:
2661 /* nothing */
2662 atapiCmdOK(s);
2663 break;
2664 case 0x10:
2665 /* normal read */
2666 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2667 break;
2668 case 0xf8:
2669 /* read all data */
2670 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2671 break;
2672 default:
2673 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2674 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2675 break;
2676 }
2677 }
2678 break;
2679 case SCSI_SEEK_10:
2680 {
2681 uint32_t iATAPILBA;
2682 if (s->cNotifiedMediaChange > 0)
2683 {
2684 s->cNotifiedMediaChange-- ;
2685 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2686 break;
2687 }
2688 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2689 {
2690 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2691 break;
2692 }
2693 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2694 if (iATAPILBA > s->cTotalSectors)
2695 {
2696 /* Rate limited logging, one log line per second. For
2697 * guests that insist on seeking to places outside the
2698 * valid area this often generates too many release log
2699 * entries otherwise. */
2700 static uint64_t uLastLogTS = 0;
2701 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2702 {
2703 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2704 uLastLogTS = RTTimeMilliTS();
2705 }
2706 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2707 break;
2708 }
2709 atapiCmdOK(s);
2710 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2711 }
2712 break;
2713 case SCSI_START_STOP_UNIT:
2714 {
2715 int rc = VINF_SUCCESS;
2716 switch (pbPacket[4] & 3)
2717 {
2718 case 0: /* 00 - Stop motor */
2719 case 1: /* 01 - Start motor */
2720 break;
2721 case 2: /* 10 - Eject media */
2722 /* This must be done from EMT. */
2723 {
2724 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2725 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2726 PVMREQ pReq;
2727
2728 PDMCritSectLeave(&pCtl->lock);
2729 rc = VMR3ReqCall(PDMDevHlpGetVM(pDevIns), VMREQDEST_ANY, &pReq, RT_INDEFINITE_WAIT,
2730 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2731 AssertReleaseRC(rc);
2732 VMR3ReqFree(pReq);
2733 {
2734 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2735 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2736 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2737 }
2738 }
2739 break;
2740 case 3: /* 11 - Load media */
2741 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2742 break;
2743 }
2744 if (RT_SUCCESS(rc))
2745 atapiCmdOK(s);
2746 else
2747 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2748 }
2749 break;
2750 case SCSI_MECHANISM_STATUS:
2751 {
2752 cbMax = ataBE2H_U16(pbPacket + 8);
2753 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2754 }
2755 break;
2756 case SCSI_READ_TOC_PMA_ATIP:
2757 {
2758 uint8_t format;
2759
2760 if (s->cNotifiedMediaChange > 0)
2761 {
2762 s->cNotifiedMediaChange-- ;
2763 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2764 break;
2765 }
2766 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2767 {
2768 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2769 break;
2770 }
2771 cbMax = ataBE2H_U16(pbPacket + 7);
2772 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2773 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2774 * the other field is clear... */
2775 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2776 switch (format)
2777 {
2778 case 0:
2779 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
2780 break;
2781 case 1:
2782 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
2783 break;
2784 case 2:
2785 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
2786 break;
2787 default:
2788 error_cmd:
2789 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2790 break;
2791 }
2792 }
2793 break;
2794 case SCSI_READ_CAPACITY:
2795 if (s->cNotifiedMediaChange > 0)
2796 {
2797 s->cNotifiedMediaChange-- ;
2798 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2799 break;
2800 }
2801 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2802 {
2803 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2804 break;
2805 }
2806 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
2807 break;
2808 case SCSI_READ_DISC_INFORMATION:
2809 if (s->cNotifiedMediaChange > 0)
2810 {
2811 s->cNotifiedMediaChange-- ;
2812 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2813 break;
2814 }
2815 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2816 {
2817 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2818 break;
2819 }
2820 cbMax = ataBE2H_U16(pbPacket + 7);
2821 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
2822 break;
2823 case SCSI_READ_TRACK_INFORMATION:
2824 if (s->cNotifiedMediaChange > 0)
2825 {
2826 s->cNotifiedMediaChange-- ;
2827 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2828 break;
2829 }
2830 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2831 {
2832 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2833 break;
2834 }
2835 cbMax = ataBE2H_U16(pbPacket + 7);
2836 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
2837 break;
2838 case SCSI_GET_CONFIGURATION:
2839 /* No media change stuff here, it can confuse Linux guests. */
2840 cbMax = ataBE2H_U16(pbPacket + 7);
2841 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
2842 break;
2843 case SCSI_INQUIRY:
2844 cbMax = ataBE2H_U16(pbPacket + 3);
2845 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
2846 break;
2847 default:
2848 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2849 break;
2850 }
2851}
2852
2853
2854/*
2855 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
2856 */
2857static void atapiParseCmdPassthrough(ATADevState *s)
2858{
2859 const uint8_t *pbPacket;
2860 uint8_t *pbBuf;
2861 uint32_t cSectors, iATAPILBA;
2862 uint32_t cbTransfer = 0;
2863 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
2864
2865 pbPacket = s->aATAPICmd;
2866 pbBuf = s->CTX_SUFF(pbIOBuffer);
2867 switch (pbPacket[0])
2868 {
2869 case SCSI_BLANK:
2870 goto sendcmd;
2871 case SCSI_CLOSE_TRACK_SESSION:
2872 goto sendcmd;
2873 case SCSI_ERASE_10:
2874 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2875 cbTransfer = ataBE2H_U16(pbPacket + 7);
2876 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
2877 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2878 goto sendcmd;
2879 case SCSI_FORMAT_UNIT:
2880 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2881 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2882 goto sendcmd;
2883 case SCSI_GET_CONFIGURATION:
2884 cbTransfer = ataBE2H_U16(pbPacket + 7);
2885 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2886 goto sendcmd;
2887 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2888 cbTransfer = ataBE2H_U16(pbPacket + 7);
2889 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
2890 {
2891 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2892 break;
2893 }
2894 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2895 goto sendcmd;
2896 case SCSI_GET_PERFORMANCE:
2897 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
2898 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2899 goto sendcmd;
2900 case SCSI_INQUIRY:
2901 cbTransfer = ataBE2H_U16(pbPacket + 3);
2902 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2903 goto sendcmd;
2904 case SCSI_LOAD_UNLOAD_MEDIUM:
2905 goto sendcmd;
2906 case SCSI_MECHANISM_STATUS:
2907 cbTransfer = ataBE2H_U16(pbPacket + 8);
2908 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2909 goto sendcmd;
2910 case SCSI_MODE_SELECT_10:
2911 cbTransfer = ataBE2H_U16(pbPacket + 7);
2912 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
2913 goto sendcmd;
2914 case SCSI_MODE_SENSE_10:
2915 cbTransfer = ataBE2H_U16(pbPacket + 7);
2916 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2917 goto sendcmd;
2918 case SCSI_PAUSE_RESUME:
2919 goto sendcmd;
2920 case SCSI_PLAY_AUDIO_10:
2921 goto sendcmd;
2922 case SCSI_PLAY_AUDIO_12:
2923 goto sendcmd;
2924 case SCSI_PLAY_AUDIO_MSF:
2925 goto sendcmd;
2926 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2927 /** @todo do not forget to unlock when a VM is shut down */
2928 goto sendcmd;
2929 case SCSI_READ_10:
2930 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2931 cSectors = ataBE2H_U16(pbPacket + 7);
2932 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2933 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2934 cbTransfer = cSectors * s->cbATAPISector;
2935 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2936 goto sendcmd;
2937 case SCSI_READ_12:
2938 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2939 cSectors = ataBE2H_U32(pbPacket + 6);
2940 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
2941 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2942 cbTransfer = cSectors * s->cbATAPISector;
2943 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2944 goto sendcmd;
2945 case SCSI_READ_BUFFER:
2946 cbTransfer = ataBE2H_U24(pbPacket + 6);
2947 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2948 goto sendcmd;
2949 case SCSI_READ_BUFFER_CAPACITY:
2950 cbTransfer = ataBE2H_U16(pbPacket + 7);
2951 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2952 goto sendcmd;
2953 case SCSI_READ_CAPACITY:
2954 cbTransfer = 8;
2955 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2956 goto sendcmd;
2957 case SCSI_READ_CD:
2958 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2959 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
2960 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2961 goto sendcmd;
2962 case SCSI_READ_CD_MSF:
2963 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
2964 if (cSectors > 32)
2965 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
2966 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
2967 cbTransfer = cSectors * s->cbATAPISector;
2968 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2969 goto sendcmd;
2970 case SCSI_READ_DISC_INFORMATION:
2971 cbTransfer = ataBE2H_U16(pbPacket + 7);
2972 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2973 goto sendcmd;
2974 case SCSI_READ_DVD_STRUCTURE:
2975 cbTransfer = ataBE2H_U16(pbPacket + 8);
2976 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2977 goto sendcmd;
2978 case SCSI_READ_FORMAT_CAPACITIES:
2979 cbTransfer = ataBE2H_U16(pbPacket + 7);
2980 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2981 goto sendcmd;
2982 case SCSI_READ_SUBCHANNEL:
2983 cbTransfer = ataBE2H_U16(pbPacket + 7);
2984 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2985 goto sendcmd;
2986 case SCSI_READ_TOC_PMA_ATIP:
2987 cbTransfer = ataBE2H_U16(pbPacket + 7);
2988 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2989 goto sendcmd;
2990 case SCSI_READ_TRACK_INFORMATION:
2991 cbTransfer = ataBE2H_U16(pbPacket + 7);
2992 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2993 goto sendcmd;
2994 case SCSI_REPAIR_TRACK:
2995 goto sendcmd;
2996 case SCSI_REPORT_KEY:
2997 cbTransfer = ataBE2H_U16(pbPacket + 8);
2998 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
2999 goto sendcmd;
3000 case SCSI_REQUEST_SENSE:
3001 cbTransfer = pbPacket[4];
3002 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3003 {
3004 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3005 break;
3006 }
3007 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3008 goto sendcmd;
3009 case SCSI_RESERVE_TRACK:
3010 goto sendcmd;
3011 case SCSI_SCAN:
3012 goto sendcmd;
3013 case SCSI_SEEK_10:
3014 goto sendcmd;
3015 case SCSI_SEND_CUE_SHEET:
3016 cbTransfer = ataBE2H_U24(pbPacket + 6);
3017 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3018 goto sendcmd;
3019 case SCSI_SEND_DVD_STRUCTURE:
3020 cbTransfer = ataBE2H_U16(pbPacket + 8);
3021 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3022 goto sendcmd;
3023 case SCSI_SEND_EVENT:
3024 cbTransfer = ataBE2H_U16(pbPacket + 8);
3025 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3026 goto sendcmd;
3027 case SCSI_SEND_KEY:
3028 cbTransfer = ataBE2H_U16(pbPacket + 8);
3029 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3030 goto sendcmd;
3031 case SCSI_SEND_OPC_INFORMATION:
3032 cbTransfer = ataBE2H_U16(pbPacket + 7);
3033 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3034 goto sendcmd;
3035 case SCSI_SET_CD_SPEED:
3036 goto sendcmd;
3037 case SCSI_SET_READ_AHEAD:
3038 goto sendcmd;
3039 case SCSI_SET_STREAMING:
3040 cbTransfer = ataBE2H_U16(pbPacket + 9);
3041 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3042 goto sendcmd;
3043 case SCSI_START_STOP_UNIT:
3044 goto sendcmd;
3045 case SCSI_STOP_PLAY_SCAN:
3046 goto sendcmd;
3047 case SCSI_SYNCHRONIZE_CACHE:
3048 goto sendcmd;
3049 case SCSI_TEST_UNIT_READY:
3050 goto sendcmd;
3051 case SCSI_VERIFY_10:
3052 goto sendcmd;
3053 case SCSI_WRITE_10:
3054 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3055 cSectors = ataBE2H_U16(pbPacket + 7);
3056 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3057#if 0
3058 /* The sector size is determined by the async I/O thread. */
3059 s->cbATAPISector = 0;
3060 /* Preliminary, will be corrected once the sector size is known. */
3061 cbTransfer = cSectors;
3062#else
3063 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3064 cbTransfer = cSectors * s->cbATAPISector;
3065#endif
3066 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3067 goto sendcmd;
3068 case SCSI_WRITE_12:
3069 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3070 cSectors = ataBE2H_U32(pbPacket + 6);
3071 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3072#if 0
3073 /* The sector size is determined by the async I/O thread. */
3074 s->cbATAPISector = 0;
3075 /* Preliminary, will be corrected once the sector size is known. */
3076 cbTransfer = cSectors;
3077#else
3078 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3079 cbTransfer = cSectors * s->cbATAPISector;
3080#endif
3081 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3082 goto sendcmd;
3083 case SCSI_WRITE_AND_VERIFY_10:
3084 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3085 cSectors = ataBE2H_U16(pbPacket + 7);
3086 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3087 /* The sector size is determined by the async I/O thread. */
3088 s->cbATAPISector = 0;
3089 /* Preliminary, will be corrected once the sector size is known. */
3090 cbTransfer = cSectors;
3091 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3092 goto sendcmd;
3093 case SCSI_WRITE_BUFFER:
3094 switch (pbPacket[1] & 0x1f)
3095 {
3096 case 0x04: /* download microcode */
3097 case 0x05: /* download microcode and save */
3098 case 0x06: /* download microcode with offsets */
3099 case 0x07: /* download microcode with offsets and save */
3100 case 0x0e: /* download microcode with offsets and defer activation */
3101 case 0x0f: /* activate deferred microcode */
3102 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3103 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3104 break;
3105 default:
3106 cbTransfer = ataBE2H_U16(pbPacket + 6);
3107 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3108 goto sendcmd;
3109 }
3110 break;
3111 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3112 cbTransfer = ataBE2H_U32(pbPacket + 6);
3113 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3114 goto sendcmd;
3115 case SCSI_REZERO_UNIT:
3116 /* Obsolete command used by cdrecord. What else would one expect?
3117 * This command is not sent to the drive, it is handled internally,
3118 * as the Linux kernel doesn't like it (message "scsi: unknown
3119 * opcode 0x01" in syslog) and replies with a sense code of 0,
3120 * which sends cdrecord to an endless loop. */
3121 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3122 break;
3123 default:
3124 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3125 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3126 break;
3127 sendcmd:
3128 /* Send a command to the drive, passing data in/out as required. */
3129 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3130 Assert(cbTransfer <= s->cbIOBuffer);
3131 if (cbTransfer == 0)
3132 uTxDir = PDMBLOCKTXDIR_NONE;
3133 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3134 }
3135}
3136
3137
3138static void atapiParseCmd(ATADevState *s)
3139{
3140 const uint8_t *pbPacket;
3141
3142 pbPacket = s->aATAPICmd;
3143#ifdef DEBUG
3144 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3145#else /* !DEBUG */
3146 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3147#endif /* !DEBUG */
3148 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3149
3150 if (s->fATAPIPassthrough)
3151 atapiParseCmdPassthrough(s);
3152 else
3153 atapiParseCmdVirtualATAPI(s);
3154}
3155
3156
3157static bool ataPacketSS(ATADevState *s)
3158{
3159 s->fDMA = !!(s->uATARegFeature & 1);
3160 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3161 s->uTxDir = PDMBLOCKTXDIR_NONE;
3162 s->cbTotalTransfer = 0;
3163 s->cbElementaryTransfer = 0;
3164 atapiParseCmd(s);
3165 return false;
3166}
3167
3168
3169/**
3170 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3171 * from now on, regardless if there was a medium inserted or not.
3172 */
3173static void ataMediumRemoved(ATADevState *s)
3174{
3175 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3176}
3177
3178
3179/**
3180 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3181 * there was already a medium inserted, don't forget to send the "medium
3182 * removed" event first.
3183 */
3184static void ataMediumInserted(ATADevState *s)
3185{
3186 uint32_t OldStatus, NewStatus;
3187 do
3188 {
3189 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3190 switch (OldStatus)
3191 {
3192 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3193 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3194 /* no change, we will send "medium removed" + "medium inserted" */
3195 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3196 break;
3197 default:
3198 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3199 break;
3200 }
3201 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3202}
3203
3204
3205/**
3206 * Called when a media is mounted.
3207 *
3208 * @param pInterface Pointer to the interface structure containing the called function pointer.
3209 */
3210static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3211{
3212 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3213 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3214
3215 /* Ignore the call if we're called while being attached. */
3216 if (!pIf->pDrvBlock)
3217 return;
3218
3219 if (pIf->fATAPI)
3220 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3221 else
3222 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3223
3224 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3225 if (pIf->cNotifiedMediaChange < 2)
3226 pIf->cNotifiedMediaChange = 2;
3227 ataMediumInserted(pIf);
3228}
3229
3230/**
3231 * Called when a media is unmounted
3232 * @param pInterface Pointer to the interface structure containing the called function pointer.
3233 */
3234static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3235{
3236 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3237 Log(("%s:\n", __FUNCTION__));
3238 pIf->cTotalSectors = 0;
3239
3240 /*
3241 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3242 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3243 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3244 * present and 2 in which it is changed.
3245 */
3246 pIf->cNotifiedMediaChange = 4;
3247 ataMediumRemoved(pIf);
3248}
3249
3250static void ataPacketBT(ATADevState *s)
3251{
3252 s->cbElementaryTransfer = s->cbTotalTransfer;
3253 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3254 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3255 ataSetStatusValue(s, ATA_STAT_READY);
3256}
3257
3258
3259static void ataResetDevice(ATADevState *s)
3260{
3261 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3262 s->cNotifiedMediaChange = 0;
3263 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3264 ataUnsetIRQ(s);
3265
3266 s->uATARegSelect = 0x20;
3267 ataSetStatusValue(s, ATA_STAT_READY);
3268 ataSetSignature(s);
3269 s->cbTotalTransfer = 0;
3270 s->cbElementaryTransfer = 0;
3271 s->iIOBufferPIODataStart = 0;
3272 s->iIOBufferPIODataEnd = 0;
3273 s->iBeginTransfer = ATAFN_BT_NULL;
3274 s->iSourceSink = ATAFN_SS_NULL;
3275 s->fATAPITransfer = false;
3276 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3277
3278 s->uATARegFeature = 0;
3279}
3280
3281
3282static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3283{
3284 ataSetSignature(s);
3285 if (s->fATAPI)
3286 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3287 else
3288 ataSetStatusValue(s, ATA_STAT_READY);
3289 s->uATARegError = 0x01;
3290 return false;
3291}
3292
3293
3294static void ataParseCmd(ATADevState *s, uint8_t cmd)
3295{
3296#ifdef DEBUG
3297 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3298#else /* !DEBUG */
3299 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3300#endif /* !DEBUG */
3301 s->fLBA48 = false;
3302 s->fDMA = false;
3303 if (cmd == ATA_IDLE_IMMEDIATE)
3304 {
3305 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3306 * would overwrite the failing command unfortunately), then RESET. */
3307 int32_t uCmdWait = -1;
3308 uint64_t uNow = RTTimeNanoTS();
3309 if (s->u64CmdTS)
3310 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3311 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3312 s->iLUN, s->uATARegCommand, uCmdWait));
3313 }
3314 s->uATARegCommand = cmd;
3315 switch (cmd)
3316 {
3317 case ATA_IDENTIFY_DEVICE:
3318 if (s->pDrvBlock && !s->fATAPI)
3319 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3320 else
3321 {
3322 if (s->fATAPI)
3323 ataSetSignature(s);
3324 ataCmdError(s, ABRT_ERR);
3325 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3326 }
3327 break;
3328 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3329 case ATA_RECALIBRATE:
3330 ataCmdOK(s, ATA_STAT_SEEK);
3331 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3332 break;
3333 case ATA_SET_MULTIPLE_MODE:
3334 if ( s->uATARegNSector != 0
3335 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3336 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3337 {
3338 ataCmdError(s, ABRT_ERR);
3339 }
3340 else
3341 {
3342 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3343 s->cMultSectors = s->uATARegNSector;
3344 ataCmdOK(s, 0);
3345 }
3346 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3347 break;
3348 case ATA_READ_VERIFY_SECTORS_EXT:
3349 s->fLBA48 = true;
3350 case ATA_READ_VERIFY_SECTORS:
3351 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3352 /* do sector number check ? */
3353 ataCmdOK(s, 0);
3354 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3355 break;
3356 case ATA_READ_SECTORS_EXT:
3357 s->fLBA48 = true;
3358 case ATA_READ_SECTORS:
3359 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3360 if (!s->pDrvBlock)
3361 goto abort_cmd;
3362 s->cSectorsPerIRQ = 1;
3363 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3364 break;
3365 case ATA_WRITE_SECTORS_EXT:
3366 s->fLBA48 = true;
3367 case ATA_WRITE_SECTORS:
3368 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3369 s->cSectorsPerIRQ = 1;
3370 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3371 break;
3372 case ATA_READ_MULTIPLE_EXT:
3373 s->fLBA48 = true;
3374 case ATA_READ_MULTIPLE:
3375 if (!s->cMultSectors)
3376 goto abort_cmd;
3377 s->cSectorsPerIRQ = s->cMultSectors;
3378 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3379 break;
3380 case ATA_WRITE_MULTIPLE_EXT:
3381 s->fLBA48 = true;
3382 case ATA_WRITE_MULTIPLE:
3383 if (!s->cMultSectors)
3384 goto abort_cmd;
3385 s->cSectorsPerIRQ = s->cMultSectors;
3386 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3387 break;
3388 case ATA_READ_DMA_EXT:
3389 s->fLBA48 = true;
3390 case ATA_READ_DMA:
3391 case ATA_READ_DMA_WITHOUT_RETRIES:
3392 if (!s->pDrvBlock)
3393 goto abort_cmd;
3394 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3395 s->fDMA = true;
3396 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3397 break;
3398 case ATA_WRITE_DMA_EXT:
3399 s->fLBA48 = true;
3400 case ATA_WRITE_DMA:
3401 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3402 if (!s->pDrvBlock)
3403 goto abort_cmd;
3404 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3405 s->fDMA = true;
3406 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3407 break;
3408 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3409 s->fLBA48 = true;
3410 ataSetSector(s, s->cTotalSectors - 1);
3411 ataCmdOK(s, 0);
3412 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3413 break;
3414 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3415 ataCmdOK(s, 0);
3416 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3417 break;
3418 case ATA_READ_NATIVE_MAX_ADDRESS:
3419 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3420 ataCmdOK(s, 0);
3421 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3422 break;
3423 case ATA_CHECK_POWER_MODE:
3424 s->uATARegNSector = 0xff; /* drive active or idle */
3425 ataCmdOK(s, 0);
3426 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3427 break;
3428 case ATA_SET_FEATURES:
3429 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3430 if (!s->pDrvBlock)
3431 goto abort_cmd;
3432 switch (s->uATARegFeature)
3433 {
3434 case 0x02: /* write cache enable */
3435 Log2(("%s: write cache enable\n", __FUNCTION__));
3436 ataCmdOK(s, ATA_STAT_SEEK);
3437 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3438 break;
3439 case 0xaa: /* read look-ahead enable */
3440 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3441 ataCmdOK(s, ATA_STAT_SEEK);
3442 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3443 break;
3444 case 0x55: /* read look-ahead disable */
3445 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3446 ataCmdOK(s, ATA_STAT_SEEK);
3447 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3448 break;
3449 case 0xcc: /* reverting to power-on defaults enable */
3450 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3451 ataCmdOK(s, ATA_STAT_SEEK);
3452 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3453 break;
3454 case 0x66: /* reverting to power-on defaults disable */
3455 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3456 ataCmdOK(s, ATA_STAT_SEEK);
3457 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3458 break;
3459 case 0x82: /* write cache disable */
3460 Log2(("%s: write cache disable\n", __FUNCTION__));
3461 /* As per the ATA/ATAPI-6 specs, a write cache disable
3462 * command MUST flush the write buffers to disc. */
3463 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3464 break;
3465 case 0x03: { /* set transfer mode */
3466 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3467 switch (s->uATARegNSector & 0xf8)
3468 {
3469 case 0x00: /* PIO default */
3470 case 0x08: /* PIO mode */
3471 break;
3472 case ATA_MODE_MDMA: /* MDMA mode */
3473 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3474 break;
3475 case ATA_MODE_UDMA: /* UDMA mode */
3476 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3477 break;
3478 default:
3479 goto abort_cmd;
3480 }
3481 ataCmdOK(s, ATA_STAT_SEEK);
3482 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3483 break;
3484 }
3485 default:
3486 goto abort_cmd;
3487 }
3488 /*
3489 * OS/2 workarond:
3490 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3491 * reset here. According to the specification, this is a driver bug as the register
3492 * contents are undefined after the call. This means we can just as well reset it.
3493 */
3494 s->uATARegFeature = 0;
3495 break;
3496 case ATA_FLUSH_CACHE_EXT:
3497 case ATA_FLUSH_CACHE:
3498 if (!s->pDrvBlock || s->fATAPI)
3499 goto abort_cmd;
3500 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3501 break;
3502 case ATA_STANDBY_IMMEDIATE:
3503 ataCmdOK(s, 0);
3504 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3505 break;
3506 case ATA_IDLE_IMMEDIATE:
3507 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3508 ataAbortCurrentCommand(s, false);
3509 break;
3510 /* ATAPI commands */
3511 case ATA_IDENTIFY_PACKET_DEVICE:
3512 if (s->fATAPI)
3513 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3514 else
3515 {
3516 ataCmdError(s, ABRT_ERR);
3517 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3518 }
3519 break;
3520 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3521 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3522 break;
3523 case ATA_DEVICE_RESET:
3524 if (!s->fATAPI)
3525 goto abort_cmd;
3526 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3527 ataAbortCurrentCommand(s, true);
3528 break;
3529 case ATA_PACKET:
3530 if (!s->fATAPI)
3531 goto abort_cmd;
3532 /* overlapping commands not supported */
3533 if (s->uATARegFeature & 0x02)
3534 goto abort_cmd;
3535 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3536 break;
3537 default:
3538 abort_cmd:
3539 ataCmdError(s, ABRT_ERR);
3540 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3541 break;
3542 }
3543}
3544
3545
3546/**
3547 * Waits for a particular async I/O thread to complete whatever it
3548 * is doing at the moment.
3549 *
3550 * @returns true on success.
3551 * @returns false when the thread is still processing.
3552 * @param pThis Pointer to the controller data.
3553 * @param cMillies How long to wait (total).
3554 */
3555static bool ataWaitForAsyncIOIsIdle(PATACONTROLLER pCtl, unsigned cMillies)
3556{
3557 uint64_t u64Start;
3558
3559 /*
3560 * Wait for any pending async operation to finish
3561 */
3562 u64Start = RTTimeMilliTS();
3563 for (;;)
3564 {
3565 if (ataAsyncIOIsIdle(pCtl, false))
3566 return true;
3567 if (RTTimeMilliTS() - u64Start >= cMillies)
3568 break;
3569
3570 /* Sleep for a bit. */
3571 RTThreadSleep(100);
3572 }
3573
3574 return false;
3575}
3576
3577#endif /* IN_RING3 */
3578
3579static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3580{
3581 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3582 addr &= 7;
3583 switch (addr)
3584 {
3585 case 0:
3586 break;
3587 case 1: /* feature register */
3588 /* NOTE: data is written to the two drives */
3589 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3590 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3591 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3592 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3593 pCtl->aIfs[0].uATARegFeature = val;
3594 pCtl->aIfs[1].uATARegFeature = val;
3595 break;
3596 case 2: /* sector count */
3597 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3598 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3599 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3600 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3601 pCtl->aIfs[0].uATARegNSector = val;
3602 pCtl->aIfs[1].uATARegNSector = val;
3603 break;
3604 case 3: /* sector number */
3605 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3606 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3607 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3608 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3609 pCtl->aIfs[0].uATARegSector = val;
3610 pCtl->aIfs[1].uATARegSector = val;
3611 break;
3612 case 4: /* cylinder low */
3613 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3614 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3615 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3616 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3617 pCtl->aIfs[0].uATARegLCyl = val;
3618 pCtl->aIfs[1].uATARegLCyl = val;
3619 break;
3620 case 5: /* cylinder high */
3621 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3622 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3623 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3624 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3625 pCtl->aIfs[0].uATARegHCyl = val;
3626 pCtl->aIfs[1].uATARegHCyl = val;
3627 break;
3628 case 6: /* drive/head */
3629 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3630 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3631 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3632 {
3633 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3634
3635 /* select another drive */
3636 pCtl->iSelectedIf = (val >> 4) & 1;
3637 /* The IRQ line is multiplexed between the two drives, so
3638 * update the state when switching to another drive. Only need
3639 * to update interrupt line if it is enabled and there is a
3640 * state change. */
3641 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3642 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3643 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3644 {
3645 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3646 {
3647 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3648 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3649 * the interrupt line is asserted. It monitors the line
3650 * for a rising edge. */
3651 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3652 if (pCtl->irq == 16)
3653 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3654 else
3655 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3656 }
3657 else
3658 {
3659 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3660 if (pCtl->irq == 16)
3661 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3662 else
3663 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3664 }
3665 }
3666 }
3667 break;
3668 default:
3669 case 7: /* command */
3670 /* ignore commands to non existant slave */
3671 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3672 break;
3673#ifndef IN_RING3
3674 /* Don't do anything complicated in GC */
3675 return VINF_IOM_HC_IOPORT_WRITE;
3676#else /* IN_RING3 */
3677 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3678#endif /* !IN_RING3 */
3679 }
3680 return VINF_SUCCESS;
3681}
3682
3683
3684static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3685{
3686 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3687 uint32_t val;
3688 bool fHOB;
3689
3690 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3691 switch (addr & 7)
3692 {
3693 case 0: /* data register */
3694 val = 0xff;
3695 break;
3696 case 1: /* error register */
3697 /* The ATA specification is very terse when it comes to specifying
3698 * the precise effects of reading back the error/feature register.
3699 * The error register (read-only) shares the register number with
3700 * the feature register (write-only), so it seems that it's not
3701 * necessary to support the usual HOB readback here. */
3702 if (!s->pDrvBlock)
3703 val = 0;
3704 else
3705 val = s->uATARegError;
3706 break;
3707 case 2: /* sector count */
3708 if (!s->pDrvBlock)
3709 val = 0;
3710 else if (fHOB)
3711 val = s->uATARegNSectorHOB;
3712 else
3713 val = s->uATARegNSector;
3714 break;
3715 case 3: /* sector number */
3716 if (!s->pDrvBlock)
3717 val = 0;
3718 else if (fHOB)
3719 val = s->uATARegSectorHOB;
3720 else
3721 val = s->uATARegSector;
3722 break;
3723 case 4: /* cylinder low */
3724 if (!s->pDrvBlock)
3725 val = 0;
3726 else if (fHOB)
3727 val = s->uATARegLCylHOB;
3728 else
3729 val = s->uATARegLCyl;
3730 break;
3731 case 5: /* cylinder high */
3732 if (!s->pDrvBlock)
3733 val = 0;
3734 else if (fHOB)
3735 val = s->uATARegHCylHOB;
3736 else
3737 val = s->uATARegHCyl;
3738 break;
3739 case 6: /* drive/head */
3740 /* This register must always work as long as there is at least
3741 * one drive attached to the controller. It is common between
3742 * both drives anyway (completely identical content). */
3743 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3744 val = 0;
3745 else
3746 val = s->uATARegSelect;
3747 break;
3748 default:
3749 case 7: /* primary status */
3750 {
3751 /* Counter for number of busy status seen in GC in a row. */
3752 static unsigned cBusy = 0;
3753
3754 if (!s->pDrvBlock)
3755 val = 0;
3756 else
3757 val = s->uATARegStatus;
3758
3759 /* Give the async I/O thread an opportunity to make progress,
3760 * don't let it starve by guests polling frequently. EMT has a
3761 * lower priority than the async I/O thread, but sometimes the
3762 * host OS doesn't care. With some guests we are only allowed to
3763 * be busy for about 5 milliseconds in some situations. Note that
3764 * this is no guarantee for any other VBox thread getting
3765 * scheduled, so this just lowers the CPU load a bit when drives
3766 * are busy. It cannot help with timing problems. */
3767 if (val & ATA_STAT_BUSY)
3768 {
3769#ifdef IN_RING3
3770 cBusy = 0;
3771 PDMCritSectLeave(&pCtl->lock);
3772
3773#ifndef RT_OS_WINDOWS
3774 /*
3775 * The thread might be stuck in an I/O operation
3776 * due to a high I/O load on the host. (see @bugref{3301})
3777 * To perform the reset successfully
3778 * we interrupt the operation by sending a signal to the thread
3779 * if the thread didn't responded in 10ms.
3780 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
3781 * does the same but it was introduced with Vista) but so far
3782 * this hang was only observed on Linux and Mac OS X.
3783 *
3784 * This is a workaround and needs to be solved properly.
3785 */
3786 if (pCtl->fReset)
3787 {
3788 uint64_t u64ResetTimeStop = RTTimeMilliTS();
3789
3790 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
3791 {
3792 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
3793 pCtl->u64ResetTime = u64ResetTimeStop;
3794 RTThreadPoke(pCtl->AsyncIOThread);
3795 }
3796 }
3797#endif
3798
3799 RTThreadYield();
3800
3801 {
3802 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3803 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3804 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3805 }
3806
3807 val = s->uATARegStatus;
3808#else /* !IN_RING3 */
3809 /* Cannot yield CPU in guest context. And switching to host
3810 * context for each and every busy status is too costly,
3811 * especially on SMP systems where we don't gain much by
3812 * yielding the CPU to someone else. */
3813 if (++cBusy >= 20)
3814 {
3815 cBusy = 0;
3816 return VINF_IOM_HC_IOPORT_READ;
3817 }
3818#endif /* !IN_RING3 */
3819 }
3820 else
3821 cBusy = 0;
3822 ataUnsetIRQ(s);
3823 break;
3824 }
3825 }
3826 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3827 *pu32 = val;
3828 return VINF_SUCCESS;
3829}
3830
3831
3832static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
3833{
3834 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3835 uint32_t val;
3836
3837 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
3838 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
3839 val = 0;
3840 else
3841 val = s->uATARegStatus;
3842 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3843 return val;
3844}
3845
3846static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3847{
3848#ifndef IN_RING3
3849 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
3850 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
3851#endif /* !IN_RING3 */
3852
3853 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3854 /* RESET is common for both drives attached to a controller. */
3855 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3856 (val & ATA_DEVCTL_RESET))
3857 {
3858#ifdef IN_RING3
3859 /* Software RESET low to high */
3860 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
3861 uint64_t uNow = RTTimeNanoTS();
3862 if (pCtl->aIfs[0].u64CmdTS)
3863 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
3864 if (pCtl->aIfs[1].u64CmdTS)
3865 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
3866 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
3867 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
3868 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
3869 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
3870 pCtl->fReset = true;
3871 /* Everything must be done after the reset flag is set, otherwise
3872 * there are unavoidable races with the currently executing request
3873 * (which might just finish in the mean time). */
3874 pCtl->fChainedTransfer = false;
3875 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
3876 {
3877 ataResetDevice(&pCtl->aIfs[i]);
3878 /* The following cannot be done using ataSetStatusValue() since the
3879 * reset flag is already set, which suppresses all status changes. */
3880 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
3881 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
3882 pCtl->aIfs[i].uATARegError = 0x01;
3883 }
3884 ataAsyncIOClearRequests(pCtl);
3885 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3886 if (val & ATA_DEVCTL_HOB)
3887 {
3888 val &= ~ATA_DEVCTL_HOB;
3889 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3890 }
3891
3892 /* Save the timestamp we started the reset. */
3893 pCtl->u64ResetTime = RTTimeMilliTS();
3894
3895 /* Issue the reset request now. */
3896 ataAsyncIOPutRequest(pCtl, &ataResetARequest);
3897#else /* !IN_RING3 */
3898 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3899#endif /* IN_RING3 */
3900 }
3901 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
3902 !(val & ATA_DEVCTL_RESET))
3903 {
3904#ifdef IN_RING3
3905 /* Software RESET high to low */
3906 Log(("%s: deasserting RESET\n", __FUNCTION__));
3907 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
3908 if (val & ATA_DEVCTL_HOB)
3909 {
3910 val &= ~ATA_DEVCTL_HOB;
3911 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
3912 }
3913 ataAsyncIOPutRequest(pCtl, &ataResetCRequest);
3914#else /* !IN_RING3 */
3915 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
3916#endif /* IN_RING3 */
3917 }
3918
3919 /* Change of interrupt disable flag. Update interrupt line if interrupt
3920 * is pending on the current interface. */
3921 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
3922 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3923 {
3924 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
3925 {
3926 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3927 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
3928 * interrupt line is asserted. It monitors the line for a rising
3929 * edge. */
3930 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3931 if (pCtl->irq == 16)
3932 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
3933 else
3934 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
3935 }
3936 else
3937 {
3938 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3939 if (pCtl->irq == 16)
3940 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
3941 else
3942 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
3943 }
3944 }
3945
3946 if (val & ATA_DEVCTL_HOB)
3947 Log2(("%s: set HOB\n", __FUNCTION__));
3948
3949 pCtl->aIfs[0].uATARegDevCtl = val;
3950 pCtl->aIfs[1].uATARegDevCtl = val;
3951
3952 return VINF_SUCCESS;
3953}
3954
3955#ifdef IN_RING3
3956
3957static void ataPIOTransfer(PATACONTROLLER pCtl)
3958{
3959 ATADevState *s;
3960
3961 s = &pCtl->aIfs[pCtl->iAIOIf];
3962 Log3(("%s: if=%p\n", __FUNCTION__, s));
3963
3964 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
3965 {
3966 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
3967 /* Any guest OS that triggers this case has a pathetic ATA driver.
3968 * In a real system it would block the CPU via IORDY, here we do it
3969 * very similarly by not continuing with the current instruction
3970 * until the transfer to/from the storage medium is completed. */
3971 if (s->iSourceSink != ATAFN_SS_NULL)
3972 {
3973 bool fRedo;
3974 uint8_t status = s->uATARegStatus;
3975 ataSetStatusValue(s, ATA_STAT_BUSY);
3976 Log2(("%s: calling source/sink function\n", __FUNCTION__));
3977 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
3978 pCtl->fRedo = fRedo;
3979 if (RT_UNLIKELY(fRedo))
3980 return;
3981 ataSetStatusValue(s, status);
3982 s->iIOBufferCur = 0;
3983 s->iIOBufferEnd = s->cbElementaryTransfer;
3984 }
3985 }
3986 if (s->cbTotalTransfer)
3987 {
3988 if (s->fATAPITransfer)
3989 ataPIOTransferLimitATAPI(s);
3990
3991 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
3992 s->cbElementaryTransfer = s->cbTotalTransfer;
3993
3994 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
3995 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
3996 s->cbTotalTransfer, s->cbElementaryTransfer,
3997 s->iIOBufferCur, s->iIOBufferEnd));
3998 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
3999 s->cbTotalTransfer -= s->cbElementaryTransfer;
4000 s->iIOBufferCur += s->cbElementaryTransfer;
4001
4002 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4003 s->cbElementaryTransfer = s->cbTotalTransfer;
4004 }
4005 else
4006 ataPIOTransferStop(s);
4007}
4008
4009
4010DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4011{
4012 /* Do not interfere with RESET processing if the PIO transfer finishes
4013 * while the RESET line is asserted. */
4014 if (pCtl->fReset)
4015 {
4016 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4017 return;
4018 }
4019
4020 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4021 || ( s->iSourceSink != ATAFN_SS_NULL
4022 && s->iIOBufferCur >= s->iIOBufferEnd))
4023 {
4024 /* Need to continue the transfer in the async I/O thread. This is
4025 * the case for write operations or generally for not yet finished
4026 * transfers (some data might need to be read). */
4027 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4028 ataSetStatus(s, ATA_STAT_BUSY);
4029
4030 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4031 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4032 }
4033 else
4034 {
4035 /* Either everything finished (though some data might still be pending)
4036 * or some data is pending before the next read is due. */
4037
4038 /* Continue a previously started transfer. */
4039 ataUnsetStatus(s, ATA_STAT_DRQ);
4040 ataSetStatus(s, ATA_STAT_READY);
4041
4042 if (s->cbTotalTransfer)
4043 {
4044 /* There is more to transfer, happens usually for large ATAPI
4045 * reads - the protocol limits the chunk size to 65534 bytes. */
4046 ataPIOTransfer(pCtl);
4047 ataSetIRQ(s);
4048 }
4049 else
4050 {
4051 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4052 /* Finish PIO transfer. */
4053 ataPIOTransfer(pCtl);
4054 Assert(!pCtl->fRedo);
4055 }
4056 }
4057}
4058
4059#endif /* IN_RING3 */
4060
4061static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4062{
4063 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4064 uint8_t *p;
4065
4066 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4067 {
4068 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4069 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4070#ifndef IN_RING3
4071 /* All but the last transfer unit is simple enough for GC, but
4072 * sending a request to the async IO thread is too complicated. */
4073 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4074 {
4075 memcpy(p, pbBuf, cbSize);
4076 s->iIOBufferPIODataStart += cbSize;
4077 }
4078 else
4079 return VINF_IOM_HC_IOPORT_WRITE;
4080#else /* IN_RING3 */
4081 memcpy(p, pbBuf, cbSize);
4082 s->iIOBufferPIODataStart += cbSize;
4083 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4084 ataPIOTransferFinish(pCtl, s);
4085#endif /* !IN_RING3 */
4086 }
4087 else
4088 Log2(("%s: DUMMY data\n", __FUNCTION__));
4089 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4090 return VINF_SUCCESS;
4091}
4092
4093static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4094{
4095 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4096 uint8_t *p;
4097
4098 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4099 {
4100 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4101 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4102#ifndef IN_RING3
4103 /* All but the last transfer unit is simple enough for GC, but
4104 * sending a request to the async IO thread is too complicated. */
4105 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4106 {
4107 memcpy(pbBuf, p, cbSize);
4108 s->iIOBufferPIODataStart += cbSize;
4109 }
4110 else
4111 return VINF_IOM_HC_IOPORT_READ;
4112#else /* IN_RING3 */
4113 memcpy(pbBuf, p, cbSize);
4114 s->iIOBufferPIODataStart += cbSize;
4115 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4116 ataPIOTransferFinish(pCtl, s);
4117#endif /* !IN_RING3 */
4118 }
4119 else
4120 {
4121 Log2(("%s: DUMMY data\n", __FUNCTION__));
4122 memset(pbBuf, '\xff', cbSize);
4123 }
4124 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4125 return VINF_SUCCESS;
4126}
4127
4128#ifdef IN_RING3
4129
4130static void ataDMATransferStop(ATADevState *s)
4131{
4132 s->cbTotalTransfer = 0;
4133 s->cbElementaryTransfer = 0;
4134 s->iBeginTransfer = ATAFN_BT_NULL;
4135 s->iSourceSink = ATAFN_SS_NULL;
4136}
4137
4138
4139/**
4140 * Perform the entire DMA transfer in one go (unless a source/sink operation
4141 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4142 * this function cannot handle empty transfers.
4143 *
4144 * @param pCtl Controller for which to perform the transfer.
4145 */
4146static void ataDMATransfer(PATACONTROLLER pCtl)
4147{
4148 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4149 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4150 bool fRedo;
4151 RTGCPHYS32 pDesc;
4152 uint32_t cbTotalTransfer, cbElementaryTransfer;
4153 uint32_t iIOBufferCur, iIOBufferEnd;
4154 uint32_t dmalen;
4155 PDMBLOCKTXDIR uTxDir;
4156 bool fLastDesc = false;
4157
4158 Assert(sizeof(BMDMADesc) == 8);
4159
4160 fRedo = pCtl->fRedo;
4161 if (RT_LIKELY(!fRedo))
4162 Assert(s->cbTotalTransfer);
4163 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4164 cbTotalTransfer = s->cbTotalTransfer;
4165 cbElementaryTransfer = s->cbElementaryTransfer;
4166 iIOBufferCur = s->iIOBufferCur;
4167 iIOBufferEnd = s->iIOBufferEnd;
4168
4169 /* The DMA loop is designed to hold the lock only when absolutely
4170 * necessary. This avoids long freezes should the guest access the
4171 * ATA registers etc. for some reason. */
4172 PDMCritSectLeave(&pCtl->lock);
4173
4174 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4175 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4176 cbTotalTransfer, cbElementaryTransfer,
4177 iIOBufferCur, iIOBufferEnd));
4178 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4179 {
4180 BMDMADesc DMADesc;
4181 RTGCPHYS32 pBuffer;
4182 uint32_t cbBuffer;
4183
4184 if (RT_UNLIKELY(fRedo))
4185 {
4186 pBuffer = pCtl->pRedoDMABuffer;
4187 cbBuffer = pCtl->cbRedoDMABuffer;
4188 fLastDesc = pCtl->fRedoDMALastDesc;
4189 }
4190 else
4191 {
4192 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4193 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4194 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4195 fLastDesc = !!(cbBuffer & 0x80000000);
4196 cbBuffer &= 0xfffe;
4197 if (cbBuffer == 0)
4198 cbBuffer = 0x10000;
4199 if (cbBuffer > cbTotalTransfer)
4200 cbBuffer = cbTotalTransfer;
4201 }
4202
4203 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4204 {
4205 if (RT_LIKELY(!fRedo))
4206 {
4207 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4208 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4209 (int)pDesc, pBuffer, cbBuffer));
4210 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4211 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4212 else
4213 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4214 iIOBufferCur += dmalen;
4215 cbTotalTransfer -= dmalen;
4216 cbBuffer -= dmalen;
4217 pBuffer += dmalen;
4218 }
4219 if ( iIOBufferCur == iIOBufferEnd
4220 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4221 {
4222 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4223 cbElementaryTransfer = cbTotalTransfer;
4224
4225 {
4226 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4227 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4228 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4229 }
4230
4231 /* The RESET handler could have cleared the DMA transfer
4232 * state (since we didn't hold the lock until just now
4233 * the guest can continue in parallel). If so, the state
4234 * is already set up so the loop is exited immediately. */
4235 if (s->iSourceSink != ATAFN_SS_NULL)
4236 {
4237 s->iIOBufferCur = iIOBufferCur;
4238 s->iIOBufferEnd = iIOBufferEnd;
4239 s->cbElementaryTransfer = cbElementaryTransfer;
4240 s->cbTotalTransfer = cbTotalTransfer;
4241 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4242 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4243 if (RT_UNLIKELY(fRedo))
4244 {
4245 pCtl->pFirstDMADesc = pDesc;
4246 pCtl->pRedoDMABuffer = pBuffer;
4247 pCtl->cbRedoDMABuffer = cbBuffer;
4248 pCtl->fRedoDMALastDesc = fLastDesc;
4249 }
4250 else
4251 {
4252 cbTotalTransfer = s->cbTotalTransfer;
4253 cbElementaryTransfer = s->cbElementaryTransfer;
4254
4255 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4256 cbElementaryTransfer = cbTotalTransfer;
4257 iIOBufferCur = 0;
4258 iIOBufferEnd = cbElementaryTransfer;
4259 }
4260 pCtl->fRedo = fRedo;
4261 }
4262 else
4263 {
4264 /* This forces the loop to exit immediately. */
4265 pDesc = pCtl->pLastDMADesc + 1;
4266 }
4267
4268 PDMCritSectLeave(&pCtl->lock);
4269 if (RT_UNLIKELY(fRedo))
4270 break;
4271 }
4272 }
4273
4274 if (RT_UNLIKELY(fRedo))
4275 break;
4276
4277 /* end of transfer */
4278 if (!cbTotalTransfer || fLastDesc)
4279 break;
4280
4281 {
4282 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4283 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4284 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4285 }
4286
4287 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4288 {
4289 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4290 if (!pCtl->fReset)
4291 ataDMATransferStop(s);
4292 /* This forces the loop to exit immediately. */
4293 pDesc = pCtl->pLastDMADesc + 1;
4294 }
4295
4296 PDMCritSectLeave(&pCtl->lock);
4297 }
4298
4299 {
4300 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4301 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4302 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4303 }
4304
4305 if (RT_UNLIKELY(fRedo))
4306 return;
4307
4308 if (fLastDesc)
4309 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4310 s->cbTotalTransfer = cbTotalTransfer;
4311 s->cbElementaryTransfer = cbElementaryTransfer;
4312 s->iIOBufferCur = iIOBufferCur;
4313 s->iIOBufferEnd = iIOBufferEnd;
4314}
4315
4316
4317/** Asynch I/O thread for an interface. Once upon a time this was readable
4318 * code with several loops and a different semaphore for each purpose. But
4319 * then came the "how can one save the state in the middle of a PIO transfer"
4320 * question. The solution was to use an ASM, which is what's there now. */
4321static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4322{
4323 const ATARequest *pReq;
4324 uint64_t u64TS = 0; /* shut up gcc */
4325 uint64_t uWait;
4326 int rc = VINF_SUCCESS;
4327 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4328 ATADevState *s;
4329
4330 pReq = NULL;
4331 pCtl->fChainedTransfer = false;
4332 while (!pCtl->fShutdown)
4333 {
4334 /* Keep this thread from doing anything as long as EMT is suspended. */
4335 while (pCtl->fRedoIdle)
4336 {
4337 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4338 /* Continue if we got a signal by RTThreadPoke().
4339 * We will get notified if there is a request to process.
4340 */
4341 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4342 continue;
4343 if (RT_FAILURE(rc) || pCtl->fShutdown)
4344 break;
4345
4346 pCtl->fRedoIdle = false;
4347 }
4348
4349 /* Wait for work. */
4350 while (pReq == NULL)
4351 {
4352 LogBird(("ata: %x: going to sleep...\n", pCtl->IOPortBase1));
4353 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4354 LogBird(("ata: %x: waking up\n", pCtl->IOPortBase1));
4355 /* Continue if we got a signal by RTThreadPoke().
4356 * We will get notified if there is a request to process.
4357 */
4358 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4359 continue;
4360 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4361 break;
4362
4363 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4364 }
4365
4366 if (RT_FAILURE(rc) || pCtl->fShutdown)
4367 break;
4368
4369 if (pReq == NULL)
4370 continue;
4371
4372 ATAAIO ReqType = pReq->ReqType;
4373
4374 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4375 if (pCtl->uAsyncIOState != ReqType)
4376 {
4377 /* The new state is not the state that was expected by the normal
4378 * state changes. This is either a RESET/ABORT or there's something
4379 * really strange going on. */
4380 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4381 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4382 {
4383 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4384 ataAsyncIODumpRequests(pCtl);
4385 }
4386 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4387 }
4388
4389 /* Do our work. */
4390 {
4391 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4392 LogBird(("ata: %x: entering critsect\n", pCtl->IOPortBase1));
4393 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4394 LogBird(("ata: %x: entered\n", pCtl->IOPortBase1));
4395 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4396 }
4397
4398 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4399 {
4400 u64TS = RTTimeNanoTS();
4401#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4402 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4403#endif /* DEBUG || VBOX_WITH_STATISTICS */
4404 }
4405
4406 switch (ReqType)
4407 {
4408 case ATA_AIO_NEW:
4409
4410 pCtl->iAIOIf = pReq->u.t.iIf;
4411 s = &pCtl->aIfs[pCtl->iAIOIf];
4412 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4413 s->uTxDir = pReq->u.t.uTxDir;
4414 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4415 s->iSourceSink = pReq->u.t.iSourceSink;
4416 s->iIOBufferEnd = 0;
4417 s->u64CmdTS = u64TS;
4418
4419 if (s->fATAPI)
4420 {
4421 if (pCtl->fChainedTransfer)
4422 {
4423 /* Only count the actual transfers, not the PIO
4424 * transfer of the ATAPI command bytes. */
4425 if (s->fDMA)
4426 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4427 else
4428 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4429 }
4430 }
4431 else
4432 {
4433 if (s->fDMA)
4434 STAM_REL_COUNTER_INC(&s->StatATADMA);
4435 else
4436 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4437 }
4438
4439 pCtl->fChainedTransfer = false;
4440
4441 if (s->iBeginTransfer != ATAFN_BT_NULL)
4442 {
4443 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4444 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4445 s->iBeginTransfer = ATAFN_BT_NULL;
4446 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4447 s->iIOBufferEnd = s->cbElementaryTransfer;
4448 }
4449 else
4450 {
4451 s->cbElementaryTransfer = s->cbTotalTransfer;
4452 s->iIOBufferEnd = s->cbTotalTransfer;
4453 }
4454 s->iIOBufferCur = 0;
4455
4456 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4457 {
4458 if (s->iSourceSink != ATAFN_SS_NULL)
4459 {
4460 bool fRedo;
4461 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4462 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4463 pCtl->fRedo = fRedo;
4464 if (RT_UNLIKELY(fRedo))
4465 {
4466 /* Operation failed at the initial transfer, restart
4467 * everything from scratch by resending the current
4468 * request. Occurs very rarely, not worth optimizing. */
4469 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4470 ataAsyncIOPutRequest(pCtl, pReq);
4471 break;
4472 }
4473 }
4474 else
4475 ataCmdOK(s, 0);
4476 s->iIOBufferEnd = s->cbElementaryTransfer;
4477
4478 }
4479
4480 /* Do not go into the transfer phase if RESET is asserted.
4481 * The CritSect is released while waiting for the host OS
4482 * to finish the I/O, thus RESET is possible here. Most
4483 * important: do not change uAsyncIOState. */
4484 if (pCtl->fReset)
4485 break;
4486
4487 if (s->fDMA)
4488 {
4489 if (s->cbTotalTransfer)
4490 {
4491 ataSetStatus(s, ATA_STAT_DRQ);
4492
4493 pCtl->uAsyncIOState = ATA_AIO_DMA;
4494 /* If BMDMA is already started, do the transfer now. */
4495 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4496 {
4497 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4498 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4499 }
4500 }
4501 else
4502 {
4503 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4504 /* Finish DMA transfer. */
4505 ataDMATransferStop(s);
4506 ataSetIRQ(s);
4507 pCtl->uAsyncIOState = ATA_AIO_NEW;
4508 }
4509 }
4510 else
4511 {
4512 if (s->cbTotalTransfer)
4513 {
4514 ataPIOTransfer(pCtl);
4515 Assert(!pCtl->fRedo);
4516 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4517 ataSetIRQ(s);
4518
4519 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4520 {
4521 /* Write operations and not yet finished transfers
4522 * must be completed in the async I/O thread. */
4523 pCtl->uAsyncIOState = ATA_AIO_PIO;
4524 }
4525 else
4526 {
4527 /* Finished read operation can be handled inline
4528 * in the end of PIO transfer handling code. Linux
4529 * depends on this, as it waits only briefly for
4530 * devices to become ready after incoming data
4531 * transfer. Cannot find anything in the ATA spec
4532 * that backs this assumption, but as all kernels
4533 * are affected (though most of the time it does
4534 * not cause any harm) this must work. */
4535 pCtl->uAsyncIOState = ATA_AIO_NEW;
4536 }
4537 }
4538 else
4539 {
4540 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4541 /* Finish PIO transfer. */
4542 ataPIOTransfer(pCtl);
4543 Assert(!pCtl->fRedo);
4544 if (!s->fATAPITransfer)
4545 ataSetIRQ(s);
4546 pCtl->uAsyncIOState = ATA_AIO_NEW;
4547 }
4548 }
4549 break;
4550
4551 case ATA_AIO_DMA:
4552 {
4553 BMDMAState *bm = &pCtl->BmDma;
4554 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4555 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4556
4557 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4558 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4559 else
4560 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4561
4562 if (RT_LIKELY(!pCtl->fRedo))
4563 {
4564 /* The specs say that the descriptor table must not cross a
4565 * 4K boundary. */
4566 pCtl->pFirstDMADesc = bm->pvAddr;
4567 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4568 }
4569 ataDMATransfer(pCtl);
4570
4571 if (RT_UNLIKELY(pCtl->fRedo))
4572 {
4573 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4574 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4575 break;
4576 }
4577
4578 /* The infamous delay IRQ hack. */
4579 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4580 && s->cbTotalTransfer == 0
4581 && pCtl->DelayIRQMillies)
4582 {
4583 /* Delay IRQ for writing. Required to get the Win2K
4584 * installation work reliably (otherwise it crashes,
4585 * usually during component install). So far no better
4586 * solution has been found. */
4587 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4588 PDMCritSectLeave(&pCtl->lock);
4589 RTThreadSleep(pCtl->DelayIRQMillies);
4590 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4591 }
4592
4593 ataUnsetStatus(s, ATA_STAT_DRQ);
4594 Assert(!pCtl->fChainedTransfer);
4595 Assert(s->iSourceSink == ATAFN_SS_NULL);
4596 if (s->fATAPITransfer)
4597 {
4598 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4599 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4600 s->fATAPITransfer = false;
4601 }
4602 ataSetIRQ(s);
4603 pCtl->uAsyncIOState = ATA_AIO_NEW;
4604 break;
4605 }
4606
4607 case ATA_AIO_PIO:
4608 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4609
4610 if (s->iSourceSink != ATAFN_SS_NULL)
4611 {
4612 bool fRedo;
4613 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4614 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4615 pCtl->fRedo = fRedo;
4616 if (RT_UNLIKELY(fRedo))
4617 {
4618 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4619 ataAsyncIOPutRequest(pCtl, &ataPIORequest);
4620 ataSuspendRedo(pCtl);
4621 break;
4622 }
4623 s->iIOBufferCur = 0;
4624 s->iIOBufferEnd = s->cbElementaryTransfer;
4625 }
4626 else
4627 {
4628 /* Continue a previously started transfer. */
4629 ataUnsetStatus(s, ATA_STAT_BUSY);
4630 ataSetStatus(s, ATA_STAT_READY);
4631 }
4632
4633 /* It is possible that the drives on this controller get RESET
4634 * during the above call to the source/sink function. If that's
4635 * the case, don't restart the transfer and don't finish it the
4636 * usual way. RESET handling took care of all that already.
4637 * Most important: do not change uAsyncIOState. */
4638 if (pCtl->fReset)
4639 break;
4640
4641 if (s->cbTotalTransfer)
4642 {
4643 ataPIOTransfer(pCtl);
4644 ataSetIRQ(s);
4645
4646 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4647 {
4648 /* Write operations and not yet finished transfers
4649 * must be completed in the async I/O thread. */
4650 pCtl->uAsyncIOState = ATA_AIO_PIO;
4651 }
4652 else
4653 {
4654 /* Finished read operation can be handled inline
4655 * in the end of PIO transfer handling code. Linux
4656 * depends on this, as it waits only briefly for
4657 * devices to become ready after incoming data
4658 * transfer. Cannot find anything in the ATA spec
4659 * that backs this assumption, but as all kernels
4660 * are affected (though most of the time it does
4661 * not cause any harm) this must work. */
4662 pCtl->uAsyncIOState = ATA_AIO_NEW;
4663 }
4664 }
4665 else
4666 {
4667 /* Finish PIO transfer. */
4668 ataPIOTransfer(pCtl);
4669 if ( !pCtl->fChainedTransfer
4670 && !s->fATAPITransfer
4671 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4672 {
4673 ataSetIRQ(s);
4674 }
4675 pCtl->uAsyncIOState = ATA_AIO_NEW;
4676 }
4677 break;
4678
4679 case ATA_AIO_RESET_ASSERTED:
4680 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4681 ataPIOTransferStop(&pCtl->aIfs[0]);
4682 ataPIOTransferStop(&pCtl->aIfs[1]);
4683 /* Do not change the DMA registers, they are not affected by the
4684 * ATA controller reset logic. It should be sufficient to issue a
4685 * new command, which is now possible as the state is cleared. */
4686 break;
4687
4688 case ATA_AIO_RESET_CLEARED:
4689 pCtl->uAsyncIOState = ATA_AIO_NEW;
4690 pCtl->fReset = false;
4691 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4692 ATACONTROLLER_IDX(pCtl)));
4693 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4694 {
4695 if (pCtl->aIfs[i].fATAPI)
4696 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4697 else
4698 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4699 ataSetSignature(&pCtl->aIfs[i]);
4700 }
4701 break;
4702
4703 case ATA_AIO_ABORT:
4704 /* Abort the current command only if it operates on the same interface. */
4705 if (pCtl->iAIOIf == pReq->u.a.iIf)
4706 {
4707 s = &pCtl->aIfs[pCtl->iAIOIf];
4708
4709 pCtl->uAsyncIOState = ATA_AIO_NEW;
4710 /* Do not change the DMA registers, they are not affected by the
4711 * ATA controller reset logic. It should be sufficient to issue a
4712 * new command, which is now possible as the state is cleared. */
4713 if (pReq->u.a.fResetDrive)
4714 {
4715 ataResetDevice(s);
4716 ataExecuteDeviceDiagnosticSS(s);
4717 }
4718 else
4719 {
4720 ataPIOTransferStop(s);
4721 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4722 ataSetStatus(s, ATA_STAT_READY);
4723 ataSetIRQ(s);
4724 }
4725 }
4726 break;
4727
4728 default:
4729 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4730 }
4731
4732 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4733 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4734
4735 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4736 {
4737#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4738 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4739#endif /* DEBUG || VBOX_WITH_STATISTICS */
4740
4741 u64TS = RTTimeNanoTS() - u64TS;
4742 uWait = u64TS / 1000;
4743 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4744 /* Mark command as finished. */
4745 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4746
4747 /*
4748 * Release logging of command execution times depends on the
4749 * command type. ATAPI commands often take longer (due to CD/DVD
4750 * spin up time etc.) so the threshold is different.
4751 */
4752 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4753 {
4754 if (uWait > 8 * 1000 * 1000)
4755 {
4756 /*
4757 * Command took longer than 8 seconds. This is close
4758 * enough or over the guest's command timeout, so place
4759 * an entry in the release log to allow tracking such
4760 * timing errors (which are often caused by the host).
4761 */
4762 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
4763 }
4764 }
4765 else
4766 {
4767 if (uWait > 20 * 1000 * 1000)
4768 {
4769 /*
4770 * Command took longer than 20 seconds. This is close
4771 * enough or over the guest's command timeout, so place
4772 * an entry in the release log to allow tracking such
4773 * timing errors (which are often caused by the host).
4774 */
4775 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
4776 }
4777 }
4778
4779#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4780 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
4781 pCtl->StatAsyncMinWait = uWait;
4782 if (uWait > pCtl->StatAsyncMaxWait)
4783 pCtl->StatAsyncMaxWait = uWait;
4784
4785 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
4786 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
4787#endif /* DEBUG || VBOX_WITH_STATISTICS */
4788 }
4789
4790 LogBird(("ata: %x: leaving critsect\n", pCtl->IOPortBase1));
4791 PDMCritSectLeave(&pCtl->lock);
4792 }
4793
4794 /* Cleanup the state. */
4795 if (pCtl->AsyncIOSem)
4796 {
4797 RTSemEventDestroy(pCtl->AsyncIOSem);
4798 pCtl->AsyncIOSem = NIL_RTSEMEVENT;
4799 }
4800 if (pCtl->SuspendIOSem)
4801 {
4802 RTSemEventDestroy(pCtl->SuspendIOSem);
4803 pCtl->SuspendIOSem = NIL_RTSEMEVENT;
4804 }
4805 /* Do not destroy request mutex yet, still needed for proper shutdown. */
4806 pCtl->fShutdown = false;
4807 /* This must be last, as it also signals thread exit to EMT. */
4808 pCtl->AsyncIOThread = NIL_RTTHREAD;
4809
4810 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
4811 return rc;
4812}
4813
4814#endif /* IN_RING3 */
4815
4816static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
4817{
4818 uint32_t val = pCtl->BmDma.u8Cmd;
4819 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4820 return val;
4821}
4822
4823
4824static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4825{
4826 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4827 if (!(val & BM_CMD_START))
4828 {
4829 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4830 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4831 }
4832 else
4833 {
4834#ifdef IN_RING3
4835 /* Check whether the guest OS wants to change DMA direction in
4836 * mid-flight. Not allowed, according to the PIIX3 specs. */
4837 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
4838 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
4839 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
4840
4841 /* Do not continue DMA transfers while the RESET line is asserted. */
4842 if (pCtl->fReset)
4843 {
4844 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4845 return;
4846 }
4847
4848 /* Do not start DMA transfers if there's a PIO transfer going on. */
4849 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
4850 return;
4851
4852 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
4853 {
4854 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4855 ataAsyncIOPutRequest(pCtl, &ataDMARequest);
4856 }
4857#else /* !IN_RING3 */
4858 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
4859#endif /* IN_RING3 */
4860 }
4861}
4862
4863static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
4864{
4865 uint32_t val = pCtl->BmDma.u8Status;
4866 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4867 return val;
4868}
4869
4870static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4871{
4872 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
4873 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
4874 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
4875 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
4876}
4877
4878static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
4879{
4880 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
4881 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4882 return val;
4883}
4884
4885static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4886{
4887 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4888 pCtl->BmDma.pvAddr = val & ~3;
4889}
4890
4891static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4892{
4893 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4894 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
4895
4896}
4897
4898static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4899{
4900 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
4901 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
4902}
4903
4904#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
4905
4906/**
4907 * Port I/O Handler for bus master DMA IN operations.
4908 * @see FNIOMIOPORTIN for details.
4909 */
4910PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
4911{
4912 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4913 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4914 PATACONTROLLER pCtl = &pThis->aCts[i];
4915 int rc;
4916
4917 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
4918 if (rc != VINF_SUCCESS)
4919 return rc;
4920 switch (VAL(Port, cb))
4921 {
4922 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4923 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
4924 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4925 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
4926 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
4927 case VAL(0, 4):
4928 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
4929 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
4930 break;
4931 default:
4932 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
4933 PDMCritSectLeave(&pCtl->lock);
4934 return VERR_IOM_IOPORT_UNUSED;
4935 }
4936 PDMCritSectLeave(&pCtl->lock);
4937 return rc;
4938}
4939
4940/**
4941 * Port I/O Handler for bus master DMA OUT operations.
4942 * @see FNIOMIOPORTOUT for details.
4943 */
4944PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
4945{
4946 uint32_t i = (uint32_t)(uintptr_t)pvUser;
4947 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
4948 PATACONTROLLER pCtl = &pThis->aCts[i];
4949 int rc;
4950
4951 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
4952 if (rc != VINF_SUCCESS)
4953 return rc;
4954 switch (VAL(Port, cb))
4955 {
4956 case VAL(0, 1):
4957#ifndef IN_RING3
4958 if (u32 & BM_CMD_START)
4959 {
4960 rc = VINF_IOM_HC_IOPORT_WRITE;
4961 break;
4962 }
4963#endif /* !IN_RING3 */
4964 ataBMDMACmdWriteB(pCtl, Port, u32);
4965 break;
4966 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
4967 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
4968 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
4969 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
4970 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
4971 }
4972 PDMCritSectLeave(&pCtl->lock);
4973 return rc;
4974}
4975
4976#undef VAL
4977
4978#ifdef IN_RING3
4979
4980/**
4981 * Callback function for mapping an PCI I/O region.
4982 *
4983 * @return VBox status code.
4984 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
4985 * @param iRegion The region number.
4986 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
4987 * I/O port, else it's a physical address.
4988 * This address is *NOT* relative to pci_mem_base like earlier!
4989 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
4990 */
4991static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
4992{
4993 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
4994 int rc = VINF_SUCCESS;
4995 Assert(enmType == PCI_ADDRESS_SPACE_IO);
4996 Assert(iRegion == 4);
4997 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
4998
4999 /* Register the port range. */
5000 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5001 {
5002 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5003 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5004 AssertRC(rc2);
5005 if (rc2 < rc)
5006 rc = rc2;
5007
5008 if (pThis->fGCEnabled)
5009 {
5010 rc2 = PDMDevHlpIOPortRegisterGC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5011 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5012 AssertRC(rc2);
5013 if (rc2 < rc)
5014 rc = rc2;
5015 }
5016 if (pThis->fR0Enabled)
5017 {
5018 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5019 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5020 AssertRC(rc2);
5021 if (rc2 < rc)
5022 rc = rc2;
5023 }
5024 }
5025 return rc;
5026}
5027
5028
5029/**
5030 * Reset notification.
5031 *
5032 * @returns VBox status.
5033 * @param pDevIns The device instance data.
5034 */
5035static DECLCALLBACK(void) ataReset(PPDMDEVINS pDevIns)
5036{
5037 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5038
5039 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5040 {
5041 pThis->aCts[i].iSelectedIf = 0;
5042 pThis->aCts[i].iAIOIf = 0;
5043 pThis->aCts[i].BmDma.u8Cmd = 0;
5044 /* Report that both drives present on the bus are in DMA mode. This
5045 * pretends that there is a BIOS that has set it up. Normal reset
5046 * default is 0x00. */
5047 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
5048 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
5049 pThis->aCts[i].BmDma.pvAddr = 0;
5050
5051 pThis->aCts[i].fReset = true;
5052 pThis->aCts[i].fRedo = false;
5053 pThis->aCts[i].fRedoIdle = false;
5054 ataAsyncIOClearRequests(&pThis->aCts[i]);
5055 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
5056 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetARequest);
5057 ataAsyncIOPutRequest(&pThis->aCts[i], &ataResetCRequest);
5058 if (!ataWaitForAsyncIOIsIdle(&pThis->aCts[i], 30000))
5059 {
5060 VMSetRuntimeError(PDMDevHlpGetVM(pDevIns),
5061 false, "DevATA_ASYNCBUSY",
5062 N_("The IDE async I/O thread remained busy after a reset, usually a host filesystem performance problem\n"));
5063 AssertMsgFailed(("Async I/O thread busy after reset\n"));
5064 }
5065
5066 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5067 ataResetDevice(&pThis->aCts[i].aIfs[j]);
5068 }
5069}
5070
5071
5072/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5073
5074/**
5075 * Queries an interface to the driver.
5076 *
5077 * @returns Pointer to interface.
5078 * @returns NULL if the interface was not supported by the device.
5079 * @param pInterface Pointer to ATADevState::IBase.
5080 * @param enmInterface The requested interface identification.
5081 */
5082static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5083{
5084 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5085 switch (enmInterface)
5086 {
5087 case PDMINTERFACE_BASE:
5088 return &pThis->IBase;
5089 case PDMINTERFACE_LED_PORTS:
5090 return &pThis->ILeds;
5091 default:
5092 return NULL;
5093 }
5094}
5095
5096
5097/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5098
5099/**
5100 * Gets the pointer to the status LED of a unit.
5101 *
5102 * @returns VBox status code.
5103 * @param pInterface Pointer to the interface structure containing the called function pointer.
5104 * @param iLUN The unit which status LED we desire.
5105 * @param ppLed Where to store the LED pointer.
5106 */
5107static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5108{
5109 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5110 if (iLUN < 4)
5111 {
5112 switch (iLUN)
5113 {
5114 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5115 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5116 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5117 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5118 }
5119 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5120 return VINF_SUCCESS;
5121 }
5122 return VERR_PDM_LUN_NOT_FOUND;
5123}
5124
5125
5126/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5127
5128/**
5129 * Queries an interface to the driver.
5130 *
5131 * @returns Pointer to interface.
5132 * @returns NULL if the interface was not supported by the device.
5133 * @param pInterface Pointer to ATADevState::IBase.
5134 * @param enmInterface The requested interface identification.
5135 */
5136static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, PDMINTERFACE enmInterface)
5137{
5138 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5139 switch (enmInterface)
5140 {
5141 case PDMINTERFACE_BASE:
5142 return &pIf->IBase;
5143 case PDMINTERFACE_BLOCK_PORT:
5144 return &pIf->IPort;
5145 case PDMINTERFACE_MOUNT_NOTIFY:
5146 return &pIf->IMountNotify;
5147 default:
5148 return NULL;
5149 }
5150}
5151
5152#endif /* IN_RING3 */
5153
5154
5155/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5156
5157/**
5158 * Port I/O Handler for primary port range OUT operations.
5159 * @see FNIOMIOPORTOUT for details.
5160 */
5161PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5162{
5163 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5164 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5165 PATACONTROLLER pCtl = &pThis->aCts[i];
5166 int rc = VINF_SUCCESS;
5167
5168 Assert(i < 2);
5169
5170 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5171 if (rc != VINF_SUCCESS)
5172 return rc;
5173 if (cb == 1)
5174 rc = ataIOPortWriteU8(pCtl, Port, u32);
5175 else if (Port == pCtl->IOPortBase1)
5176 {
5177 Assert(cb == 2 || cb == 4);
5178 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5179 }
5180 else
5181 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5182 LogBird(("ata: leaving critsect\n"));
5183 PDMCritSectLeave(&pCtl->lock);
5184 LogBird(("ata: left critsect\n"));
5185 return rc;
5186}
5187
5188
5189/**
5190 * Port I/O Handler for primary port range IN operations.
5191 * @see FNIOMIOPORTIN for details.
5192 */
5193PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5194{
5195 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5196 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5197 PATACONTROLLER pCtl = &pThis->aCts[i];
5198 int rc = VINF_SUCCESS;
5199
5200 Assert(i < 2);
5201
5202 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5203 if (rc != VINF_SUCCESS)
5204 return rc;
5205 if (cb == 1)
5206 {
5207 rc = ataIOPortReadU8(pCtl, Port, pu32);
5208 }
5209 else if (Port == pCtl->IOPortBase1)
5210 {
5211 Assert(cb == 2 || cb == 4);
5212 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5213 if (cb == 2)
5214 *pu32 &= 0xffff;
5215 }
5216 else
5217 {
5218 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5219 rc = VERR_IOM_IOPORT_UNUSED;
5220 }
5221 PDMCritSectLeave(&pCtl->lock);
5222 return rc;
5223}
5224
5225#ifndef IN_RING0
5226/**
5227 * Port I/O Handler for primary port range IN string operations.
5228 * @see FNIOMIOPORTINSTRING for details.
5229 */
5230PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5231{
5232 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5233 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5234 PATACONTROLLER pCtl = &pThis->aCts[i];
5235 int rc = VINF_SUCCESS;
5236
5237 Assert(i < 2);
5238
5239 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5240 if (rc != VINF_SUCCESS)
5241 return rc;
5242 if (Port == pCtl->IOPortBase1)
5243 {
5244 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5245 RTGCPTR GCDst = *pGCPtrDst;
5246 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5247 Assert(cb == 2 || cb == 4);
5248
5249 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5250#ifndef IN_RING3
5251 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5252 cTransAvailable--;
5253#endif /* !IN_RING3 */
5254 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5255 * They are not performance-critical and generally shouldn't occur at all. */
5256 if (cTransAvailable > cTransfer)
5257 cTransAvailable = cTransfer;
5258 cbTransfer = cTransAvailable * cb;
5259
5260#ifdef IN_RC
5261 for (uint32_t i = 0; i < cbTransfer; i += cb)
5262 MMGCRamWriteNoTrapHandler((char *)GCDst + i, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, cb);
5263#else /* !IN_RC */
5264 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVM(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5265 Assert(rc == VINF_SUCCESS);
5266#endif /* IN_RC */
5267
5268 if (cbTransfer)
5269 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5270 s->iIOBufferPIODataStart += cbTransfer;
5271 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5272 *pcTransfer = cTransfer - cTransAvailable;
5273#ifdef IN_RING3
5274 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5275 ataPIOTransferFinish(pCtl, s);
5276#endif /* IN_RING3 */
5277 }
5278 PDMCritSectLeave(&pCtl->lock);
5279 return rc;
5280}
5281
5282
5283/**
5284 * Port I/O Handler for primary port range OUT string operations.
5285 * @see FNIOMIOPORTOUTSTRING for details.
5286 */
5287PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5288{
5289 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5290 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5291 PATACONTROLLER pCtl = &pThis->aCts[i];
5292 int rc;
5293
5294 Assert(i < 2);
5295
5296 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5297 if (rc != VINF_SUCCESS)
5298 return rc;
5299 if (Port == pCtl->IOPortBase1)
5300 {
5301 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5302 RTGCPTR GCSrc = *pGCPtrSrc;
5303 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5304 Assert(cb == 2 || cb == 4);
5305
5306 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5307#ifndef IN_RING3
5308 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5309 cTransAvailable--;
5310#endif /* !IN_RING3 */
5311 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5312 * They are not performance-critical and generally shouldn't occur at all. */
5313 if (cTransAvailable > cTransfer)
5314 cTransAvailable = cTransfer;
5315 cbTransfer = cTransAvailable * cb;
5316
5317#ifdef IN_RC
5318 for (uint32_t i = 0; i < cbTransfer; i += cb)
5319 MMGCRamReadNoTrapHandler(s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart + i, (char *)GCSrc + i, cb);
5320#else /* !IN_RC */
5321 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVM(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5322 Assert(rc == VINF_SUCCESS);
5323#endif /* IN_RC */
5324
5325 if (cbTransfer)
5326 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5327 s->iIOBufferPIODataStart += cbTransfer;
5328 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5329 *pcTransfer = cTransfer - cTransAvailable;
5330#ifdef IN_RING3
5331 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5332 ataPIOTransferFinish(pCtl, s);
5333#endif /* IN_RING3 */
5334 }
5335 PDMCritSectLeave(&pCtl->lock);
5336 return rc;
5337}
5338#endif /* !IN_RING0 */
5339
5340/**
5341 * Port I/O Handler for secondary port range OUT operations.
5342 * @see FNIOMIOPORTOUT for details.
5343 */
5344PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5345{
5346 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5347 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5348 PATACONTROLLER pCtl = &pThis->aCts[i];
5349 int rc;
5350
5351 Assert(i < 2);
5352
5353 if (cb != 1)
5354 return VINF_SUCCESS;
5355 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5356 if (rc != VINF_SUCCESS)
5357 return rc;
5358 rc = ataControlWrite(pCtl, Port, u32);
5359 PDMCritSectLeave(&pCtl->lock);
5360 return rc;
5361}
5362
5363
5364/**
5365 * Port I/O Handler for secondary port range IN operations.
5366 * @see FNIOMIOPORTIN for details.
5367 */
5368PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5369{
5370 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5371 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5372 PATACONTROLLER pCtl = &pThis->aCts[i];
5373 int rc;
5374
5375 Assert(i < 2);
5376
5377 if (cb != 1)
5378 return VERR_IOM_IOPORT_UNUSED;
5379
5380 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5381 if (rc != VINF_SUCCESS)
5382 return rc;
5383 *pu32 = ataStatusRead(pCtl, Port);
5384 PDMCritSectLeave(&pCtl->lock);
5385 return VINF_SUCCESS;
5386}
5387
5388#ifdef IN_RING3
5389
5390/**
5391 * Waits for all async I/O threads to complete whatever they
5392 * are doing at the moment.
5393 *
5394 * @returns true on success.
5395 * @returns false when one or more threads is still processing.
5396 * @param pThis Pointer to the instance data.
5397 * @param cMillies How long to wait (total).
5398 */
5399static bool ataWaitForAllAsyncIOIsIdle(PPDMDEVINS pDevIns, unsigned cMillies)
5400{
5401 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5402 bool fVMLocked;
5403 uint64_t u64Start;
5404 PATACONTROLLER pCtl;
5405 bool fAllIdle = false;
5406
5407 /* The only way to deal cleanly with the VM lock is to check whether
5408 * it is owned now (it always is owned by EMT, which is the current
5409 * thread). Since this function is called several times during VM
5410 * shutdown, and the VM lock is only held for the first call (which
5411 * can be either from ataPowerOff or ataSuspend), there is no other
5412 * reasonable solution. */
5413 fVMLocked = VMMR3LockIsOwner(PDMDevHlpGetVM(pDevIns));
5414
5415 if (fVMLocked)
5416 pDevIns->pDevHlpR3->pfnUnlockVM(pDevIns);
5417 /*
5418 * Wait for any pending async operation to finish
5419 */
5420 u64Start = RTTimeMilliTS();
5421 for (;;)
5422 {
5423 /* Check all async I/O threads. */
5424 fAllIdle = true;
5425 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5426 {
5427 pCtl = &pThis->aCts[i];
5428
5429 /*
5430 * Only check if the thread is idling if the request mutex is set up.
5431 * It is possible that the creation of the first controller failed and that
5432 * the request mutex is not initialized on the second one yet
5433 * But it would be called without the following check.
5434 */
5435 if (pCtl->AsyncIORequestMutex != NIL_RTSEMEVENT)
5436 {
5437 fAllIdle &= ataAsyncIOIsIdle(pCtl, false);
5438 if (!fAllIdle)
5439 break;
5440 }
5441 }
5442 if ( fAllIdle
5443 || RTTimeMilliTS() - u64Start >= cMillies)
5444 break;
5445
5446 /* Sleep for a bit. */
5447 RTThreadSleep(100);
5448 }
5449
5450 if (fVMLocked)
5451 pDevIns->pDevHlpR3->pfnLockVM(pDevIns);
5452
5453 if (!fAllIdle)
5454 LogRel(("PIIX3 ATA: Ctl#%d is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5455 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
5456 pCtl->aIfs[0].uATARegCommand, pCtl->aIfs[1].uATARegCommand));
5457
5458 return fAllIdle;
5459}
5460
5461
5462DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5463{
5464 if (s->pbIOBufferR3)
5465 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5466}
5467
5468
5469/**
5470 * @copydoc FNPDMDEVRELOCATE
5471 */
5472static DECLCALLBACK(void) ataRelocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5473{
5474 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5475
5476 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5477 {
5478 pThis->aCts[i].pDevInsRC += offDelta;
5479 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5480 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5481 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5482 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5483 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5484 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5485 }
5486}
5487
5488
5489/**
5490 * Destroy a driver instance.
5491 *
5492 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5493 * resources can be freed correctly.
5494 *
5495 * @param pDevIns The device instance data.
5496 */
5497static DECLCALLBACK(int) ataDestruct(PPDMDEVINS pDevIns)
5498{
5499 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5500 int rc;
5501
5502 Log(("%s:\n", __FUNCTION__));
5503
5504 /*
5505 * Terminate all async helper threads
5506 */
5507 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5508 {
5509 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5510 {
5511 ASMAtomicXchgU32(&pThis->aCts[i].fShutdown, true);
5512 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5513 AssertRC(rc);
5514 }
5515 }
5516
5517 /*
5518 * Wait for them to complete whatever they are doing and then
5519 * for them to terminate.
5520 */
5521 if (ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5522 {
5523 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5524 {
5525 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5526 AssertMsgRC(rc || rc == VERR_INVALID_HANDLE, ("rc=%Rrc i=%d\n", rc, i));
5527 }
5528 }
5529 else
5530 AssertMsgFailed(("Async I/O is still busy!\n"));
5531
5532 /*
5533 * Now the request mutexes are no longer needed. Free resources.
5534 */
5535 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5536 {
5537 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMEVENT)
5538 {
5539 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5540 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
5541 }
5542 }
5543 return VINF_SUCCESS;
5544}
5545
5546
5547/**
5548 * Detach notification.
5549 *
5550 * The DVD drive has been unplugged.
5551 *
5552 * @param pDevIns The device instance.
5553 * @param iLUN The logical unit which is being detached.
5554 */
5555static DECLCALLBACK(void) ataDetach(PPDMDEVINS pDevIns, unsigned iLUN)
5556{
5557 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5558 PATACONTROLLER pCtl;
5559 ATADevState *pIf;
5560 unsigned iController;
5561 unsigned iInterface;
5562
5563 /*
5564 * Locate the controller and stuff.
5565 */
5566 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5567 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5568 pCtl = &pThis->aCts[iController];
5569
5570 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5571 pIf = &pCtl->aIfs[iInterface];
5572
5573 /*
5574 * Zero some important members.
5575 */
5576 pIf->pDrvBase = NULL;
5577 pIf->pDrvBlock = NULL;
5578 pIf->pDrvBlockBios = NULL;
5579 pIf->pDrvMount = NULL;
5580
5581 /*
5582 * In case there was a medium inserted.
5583 */
5584 ataMediumRemoved(pIf);
5585}
5586
5587
5588/**
5589 * Configure a LUN.
5590 *
5591 * @returns VBox status code.
5592 * @param pDevIns The device instance.
5593 * @param pIf The ATA unit state.
5594 */
5595static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5596{
5597 int rc;
5598 PDMBLOCKTYPE enmType;
5599
5600 /*
5601 * Query Block, Bios and Mount interfaces.
5602 */
5603 pIf->pDrvBlock = (PDMIBLOCK *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK);
5604 if (!pIf->pDrvBlock)
5605 {
5606 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5607 return VERR_PDM_MISSING_INTERFACE;
5608 }
5609
5610 /** @todo implement the BIOS invisible code path. */
5611 pIf->pDrvBlockBios = (PDMIBLOCKBIOS *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_BLOCK_BIOS);
5612 if (!pIf->pDrvBlockBios)
5613 {
5614 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5615 return VERR_PDM_MISSING_INTERFACE;
5616 }
5617 pIf->pDrvMount = (PDMIMOUNT *)pIf->pDrvBase->pfnQueryInterface(pIf->pDrvBase, PDMINTERFACE_MOUNT);
5618
5619 /*
5620 * Validate type.
5621 */
5622 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5623 if ( enmType != PDMBLOCKTYPE_CDROM
5624 && enmType != PDMBLOCKTYPE_DVD
5625 && enmType != PDMBLOCKTYPE_HARD_DISK)
5626 {
5627 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5628 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5629 }
5630 if ( ( enmType == PDMBLOCKTYPE_DVD
5631 || enmType == PDMBLOCKTYPE_CDROM)
5632 && !pIf->pDrvMount)
5633 {
5634 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5635 return VERR_INTERNAL_ERROR;
5636 }
5637 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5638 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5639
5640 /*
5641 * Allocate I/O buffer.
5642 */
5643 PVM pVM = PDMDevHlpGetVM(pDevIns);
5644 if (pIf->cbIOBuffer)
5645 {
5646 /* Buffer is (probably) already allocated. Validate the fields,
5647 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5648 if (pIf->fATAPI)
5649 AssertRelease(pIf->cbIOBuffer == _128K);
5650 else
5651 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5652 Assert(pIf->pbIOBufferR3);
5653 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5654 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5655 }
5656 else
5657 {
5658 if (pIf->fATAPI)
5659 pIf->cbIOBuffer = _128K;
5660 else
5661 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5662 Assert(!pIf->pbIOBufferR3);
5663 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5664 if (RT_FAILURE(rc))
5665 return VERR_NO_MEMORY;
5666 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5667 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5668 }
5669
5670 /*
5671 * Init geometry (only for non-CD/DVD media).
5672 */
5673 if (pIf->fATAPI)
5674 {
5675 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5676 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5677 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5678 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5679 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5680 }
5681 else
5682 {
5683 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5684 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5685 &pIf->PCHSGeometry);
5686 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5687 {
5688 pIf->PCHSGeometry.cCylinders = 0;
5689 pIf->PCHSGeometry.cHeads = 16; /*??*/
5690 pIf->PCHSGeometry.cSectors = 63; /*??*/
5691 }
5692 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5693 {
5694 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5695 rc = VINF_SUCCESS;
5696 }
5697 AssertRC(rc);
5698
5699 if ( pIf->PCHSGeometry.cCylinders == 0
5700 || pIf->PCHSGeometry.cHeads == 0
5701 || pIf->PCHSGeometry.cSectors == 0
5702 )
5703 {
5704 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5705 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5706 pIf->PCHSGeometry.cHeads = 16;
5707 pIf->PCHSGeometry.cSectors = 63;
5708 /* Set the disk geometry information. */
5709 rc = pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5710 &pIf->PCHSGeometry);
5711 }
5712 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5713 }
5714 return VINF_SUCCESS;
5715}
5716
5717
5718/**
5719 * Attach command.
5720 *
5721 * This is called when we change block driver for the DVD drive.
5722 *
5723 * @returns VBox status code.
5724 * @param pDevIns The device instance.
5725 * @param iLUN The logical unit which is being detached.
5726 */
5727static DECLCALLBACK(int) ataAttach(PPDMDEVINS pDevIns, unsigned iLUN)
5728{
5729 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5730 PATACONTROLLER pCtl;
5731 ATADevState *pIf;
5732 int rc;
5733 unsigned iController;
5734 unsigned iInterface;
5735
5736 /*
5737 * Locate the controller and stuff.
5738 */
5739 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5740 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5741 pCtl = &pThis->aCts[iController];
5742
5743 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5744 pIf = &pCtl->aIfs[iInterface];
5745
5746 /* the usual paranoia */
5747 AssertRelease(!pIf->pDrvBase);
5748 AssertRelease(!pIf->pDrvBlock);
5749 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5750 Assert(pIf->iLUN == iLUN);
5751
5752 /*
5753 * Try attach the block device and get the interfaces,
5754 * required as well as optional.
5755 */
5756 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5757 if (RT_SUCCESS(rc))
5758 {
5759 rc = ataConfigLun(pDevIns, pIf);
5760 /*
5761 * In case there is a medium inserted.
5762 */
5763 ataMediumInserted(pIf);
5764 }
5765 else
5766 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5767
5768 if (RT_FAILURE(rc))
5769 {
5770 pIf->pDrvBase = NULL;
5771 pIf->pDrvBlock = NULL;
5772 }
5773 return rc;
5774}
5775
5776
5777/**
5778 * Suspend notification.
5779 *
5780 * @returns VBox status.
5781 * @param pDevIns The device instance data.
5782 */
5783static DECLCALLBACK(void) ataSuspend(PPDMDEVINS pDevIns)
5784{
5785 Log(("%s:\n", __FUNCTION__));
5786 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5787 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5788 return;
5789}
5790
5791
5792/**
5793 * Resume notification.
5794 *
5795 * @returns VBox status.
5796 * @param pDevIns The device instance data.
5797 */
5798static DECLCALLBACK(void) ataResume(PPDMDEVINS pDevIns)
5799{
5800 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5801 int rc;
5802
5803 Log(("%s:\n", __FUNCTION__));
5804 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5805 {
5806 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5807 {
5808 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5809 AssertRC(rc);
5810 }
5811 }
5812 return;
5813}
5814
5815
5816/**
5817 * Power Off notification.
5818 *
5819 * @returns VBox status.
5820 * @param pDevIns The device instance data.
5821 */
5822static DECLCALLBACK(void) ataPowerOff(PPDMDEVINS pDevIns)
5823{
5824 Log(("%s:\n", __FUNCTION__));
5825 if (!ataWaitForAllAsyncIOIsIdle(pDevIns, 20000))
5826 AssertMsgFailed(("Async I/O didn't stop in 20 seconds!\n"));
5827 return;
5828}
5829
5830
5831/**
5832 * Prepare state save and load operation.
5833 *
5834 * @returns VBox status code.
5835 * @param pDevIns Device instance of the device which registered the data unit.
5836 * @param pSSM SSM operation handle.
5837 */
5838static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
5839{
5840 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5841
5842 /* sanity - the suspend notification will wait on the async stuff. */
5843 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5844 {
5845 Assert(ataAsyncIOIsIdle(&pThis->aCts[i], false));
5846 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5847 return VERR_SSM_IDE_ASYNC_TIMEOUT;
5848 }
5849 return VINF_SUCCESS;
5850}
5851
5852
5853/**
5854 * Saves a state of the ATA device.
5855 *
5856 * @returns VBox status code.
5857 * @param pDevIns The device instance.
5858 * @param pSSMHandle The handle to save the state to.
5859 */
5860static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle)
5861{
5862 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5863
5864 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5865 {
5866 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iSelectedIf);
5867 SSMR3PutU8(pSSMHandle, pThis->aCts[i].iAIOIf);
5868 SSMR3PutU8(pSSMHandle, pThis->aCts[i].uAsyncIOState);
5869 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fChainedTransfer);
5870 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fReset);
5871 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedo);
5872 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoIdle);
5873 SSMR3PutBool(pSSMHandle, pThis->aCts[i].fRedoDMALastDesc);
5874 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5875 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pFirstDMADesc);
5876 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pLastDMADesc);
5877 SSMR3PutGCPhys32(pSSMHandle, pThis->aCts[i].pRedoDMABuffer);
5878 SSMR3PutU32(pSSMHandle, pThis->aCts[i].cbRedoDMABuffer);
5879
5880 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5881 {
5882 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fLBA48);
5883 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPI);
5884 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fIrqPending);
5885 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cMultSectors);
5886 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5887 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5888 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5889 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5890 SSMR3PutU64(pSSMHandle, pThis->aCts[i].aIfs[j].cTotalSectors);
5891 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeature);
5892 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
5893 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegError);
5894 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSector);
5895 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
5896 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSector);
5897 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
5898 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCyl);
5899 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
5900 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCyl);
5901 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
5902 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegSelect);
5903 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegStatus);
5904 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegCommand);
5905 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATARegDevCtl);
5906 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uATATransferMode);
5907 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].uTxDir);
5908 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iBeginTransfer);
5909 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].iSourceSink);
5910 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fDMA);
5911 SSMR3PutBool(pSSMHandle, pThis->aCts[i].aIfs[j].fATAPITransfer);
5912 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbTotalTransfer);
5913 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
5914 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferCur);
5915 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferEnd);
5916 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
5917 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
5918 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].iATAPILBA);
5919 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbATAPISector);
5920 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
5921 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
5922 SSMR3PutU8(pSSMHandle, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
5923 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].MediaEventStatus);
5924 SSMR3PutMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
5925 SSMR3PutU32(pSSMHandle, pThis->aCts[i].aIfs[j].cbIOBuffer);
5926 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
5927 SSMR3PutMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
5928 else
5929 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
5930 }
5931 }
5932 SSMR3PutU8(pSSMHandle, pThis->u8Type);
5933
5934 return SSMR3PutU32(pSSMHandle, ~0); /* sanity/terminator */
5935}
5936
5937
5938/**
5939 * Loads a saved ATA device state.
5940 *
5941 * @returns VBox status code.
5942 * @param pDevIns The device instance.
5943 * @param pSSMHandle The handle to the saved state.
5944 * @param u32Version The data unit version number.
5945 */
5946static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSMHandle, uint32_t u32Version)
5947{
5948 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5949 int rc;
5950 uint32_t u32;
5951
5952 if ( u32Version != ATA_SAVED_STATE_VERSION
5953 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
5954 && u32Version != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
5955 && u32Version != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
5956 {
5957 AssertMsgFailed(("u32Version=%d\n", u32Version));
5958 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
5959 }
5960
5961 /*
5962 * Restore valid parts of the PCIATAState structure
5963 */
5964 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5965 {
5966 /* integrity check */
5967 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
5968 {
5969 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
5970 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
5971 return rc;
5972 }
5973
5974 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iSelectedIf);
5975 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].iAIOIf);
5976 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].uAsyncIOState);
5977 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].fChainedTransfer);
5978 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fReset);
5979 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedo);
5980 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoIdle);
5981 SSMR3GetBool(pSSMHandle, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
5982 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
5983 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pFirstDMADesc);
5984 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pLastDMADesc);
5985 SSMR3GetGCPhys32(pSSMHandle, &pThis->aCts[i].pRedoDMABuffer);
5986 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].cbRedoDMABuffer);
5987
5988 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
5989 {
5990 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fLBA48);
5991 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPI);
5992 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fIrqPending);
5993 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cMultSectors);
5994 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
5995 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
5996 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
5997 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
5998 SSMR3GetU64(pSSMHandle, &pThis->aCts[i].aIfs[j].cTotalSectors);
5999 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeature);
6000 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6001 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegError);
6002 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSector);
6003 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6004 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSector);
6005 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6006 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6007 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6008 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6009 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6010 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegSelect);
6011 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegStatus);
6012 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegCommand);
6013 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6014 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uATATransferMode);
6015 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].uTxDir);
6016 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6017 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].iSourceSink);
6018 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fDMA);
6019 SSMR3GetBool(pSSMHandle, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6020 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6021 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6022 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6023 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6024 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6025 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6026 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].iATAPILBA);
6027 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbATAPISector);
6028 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6029 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6030 {
6031 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6032 }
6033 else
6034 {
6035 uint8_t uATAPISenseKey, uATAPIASC;
6036 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6037 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6038 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6039 SSMR3GetU8(pSSMHandle, &uATAPISenseKey);
6040 SSMR3GetU8(pSSMHandle, &uATAPIASC);
6041 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6042 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6043 }
6044 /** @todo triple-check this hack after passthrough is working */
6045 SSMR3GetU8(pSSMHandle, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6046 if (u32Version > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6047 SSMR3GetU32(pSSMHandle, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6048 else
6049 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6050 SSMR3GetMem(pSSMHandle, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6051 SSMR3GetU32(pSSMHandle, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6052 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6053 {
6054 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6055 SSMR3GetMem(pSSMHandle, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6056 else
6057 {
6058 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6059 if (SSMR3HandleGetAfter(pSSMHandle) != SSMAFTER_DEBUG_IT)
6060 return VERR_SSM_LOAD_CONFIG_MISMATCH;
6061
6062 /* skip the buffer if we're loading for the debugger / animator. */
6063 uint8_t u8Ignored;
6064 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6065 while (cbLeft-- > 0)
6066 SSMR3GetU8(pSSMHandle, &u8Ignored);
6067 }
6068 }
6069 else
6070 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6071 }
6072 }
6073 SSMR3GetU8(pSSMHandle, &pThis->u8Type);
6074
6075 rc = SSMR3GetU32(pSSMHandle, &u32);
6076 if (RT_FAILURE(rc))
6077 return rc;
6078 if (u32 != ~0U)
6079 {
6080 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6081 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6082 return rc;
6083 }
6084
6085 return VINF_SUCCESS;
6086}
6087
6088
6089/**
6090 * Construct a device instance for a VM.
6091 *
6092 * @returns VBox status.
6093 * @param pDevIns The device instance data.
6094 * If the registration structure is needed, pDevIns->pDevReg points to it.
6095 * @param iInstance Instance number. Use this to figure out which registers and such to use.
6096 * The device number is also found in pDevIns->iInstance, but since it's
6097 * likely to be freqently used PDM passes it as parameter.
6098 * @param pCfgHandle Configuration node handle for the device. Use this to obtain the configuration
6099 * of the device instance. It's also found in pDevIns->pCfgHandle, but like
6100 * iInstance it's expected to be used a bit in this function.
6101 */
6102static DECLCALLBACK(int) ataConstruct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfgHandle)
6103{
6104 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6105 PPDMIBASE pBase;
6106 int rc;
6107 bool fGCEnabled;
6108 bool fR0Enabled;
6109 uint32_t DelayIRQMillies;
6110
6111 Assert(iInstance == 0);
6112
6113 /*
6114 * Initialize NIL handle values (for the destructor).
6115 */
6116 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6117 {
6118 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6119 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6120 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMEVENT;
6121 }
6122
6123 /*
6124 * Validate and read configuration.
6125 */
6126 if (!CFGMR3AreValuesValid(pCfgHandle, "GCEnabled\0IRQDelay\0R0Enabled\0PIIX4\0ICH6\0"))
6127 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6128 N_("PIIX3 configuration error: unknown option specified"));
6129
6130 rc = CFGMR3QueryBoolDef(pCfgHandle, "GCEnabled", &fGCEnabled, true);
6131 if (RT_FAILURE(rc))
6132 return PDMDEV_SET_ERROR(pDevIns, rc,
6133 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6134 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6135
6136 rc = CFGMR3QueryBoolDef(pCfgHandle, "R0Enabled", &fR0Enabled, true);
6137 if (RT_FAILURE(rc))
6138 return PDMDEV_SET_ERROR(pDevIns, rc,
6139 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6140 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6141
6142 rc = CFGMR3QueryU32Def(pCfgHandle, "IRQDelay", &DelayIRQMillies, 0);
6143 if (RT_FAILURE(rc))
6144 return PDMDEV_SET_ERROR(pDevIns, rc,
6145 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6146 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6147 Assert(DelayIRQMillies < 50);
6148
6149 pThis->u8Type = CHIPSET_PIIX3;
6150 bool fPIIX4;
6151 rc = CFGMR3QueryBoolDef(pCfgHandle, "PIIX4", &fPIIX4, false);
6152 if (RT_FAILURE(rc))
6153 return PDMDEV_SET_ERROR(pDevIns, rc,
6154 N_("PIIX3 configuration error: failed to read PIIX4 as boolean"));
6155 Log(("%s: fPIIX4=%d\n", __FUNCTION__, fPIIX4));
6156 if (fPIIX4)
6157 pThis->u8Type = CHIPSET_PIIX4;
6158
6159 /** @todo: Need to implement better IDE chipset configuration mechanism */
6160 bool fICH6;
6161 rc = CFGMR3QueryBoolDef(pCfgHandle, "ICH6", &fICH6, false);
6162 if (RT_FAILURE(rc))
6163 return PDMDEV_SET_ERROR(pDevIns, rc,
6164 N_("PIIX3 configuration error: failed to read ICH6 as boolean"));
6165 Log(("%s: fICH6=%d\n", __FUNCTION__, fICH6));
6166 if (fICH6)
6167 pThis->u8Type = CHIPSET_ICH6;
6168
6169 /*
6170 * Initialize data (most of it anyway).
6171 */
6172 /* Status LUN. */
6173 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6174 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6175
6176 /* PCI configuration space. */
6177 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6178
6179 /*
6180 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6181 * as it explicitly checks for PCI id for IDE controllers.
6182 */
6183 switch (pThis->u8Type)
6184 {
6185 case CHIPSET_ICH6:
6186 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6187 /** @todo: do we need it? Do we need anything else? */
6188 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6189 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6190 pThis->dev.config[0x4B] = 0x00;
6191 break;
6192 case CHIPSET_PIIX4:
6193 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6194 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6195 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6196 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6197 pThis->dev.config[0x4B] = 0x00;
6198 break;
6199 case CHIPSET_PIIX3:
6200 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6201 break;
6202 default:
6203 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6204 }
6205
6206 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6207 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6208 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6209 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6210 PCIDevSetHeaderType(&pThis->dev, 0x00);
6211
6212 pThis->pDevIns = pDevIns;
6213 pThis->fGCEnabled = fGCEnabled;
6214 pThis->fR0Enabled = fR0Enabled;
6215 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6216 {
6217 pThis->aCts[i].pDevInsR3 = pDevIns;
6218 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6219 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6220 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6221 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6222 {
6223 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6224
6225 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6226 pIf->pDevInsR3 = pDevIns;
6227 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6228 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6229 pIf->pControllerR3 = &pThis->aCts[i];
6230 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6231 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6232 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6233 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6234 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6235 pIf->Led.u32Magic = PDMLED_MAGIC;
6236 }
6237 }
6238
6239 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6240 pThis->aCts[0].irq = 14;
6241 pThis->aCts[0].IOPortBase1 = 0x1f0;
6242 pThis->aCts[0].IOPortBase2 = 0x3f6;
6243 pThis->aCts[1].irq = 15;
6244 pThis->aCts[1].IOPortBase1 = 0x170;
6245 pThis->aCts[1].IOPortBase2 = 0x376;
6246
6247 /*
6248 * Register the PCI device.
6249 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6250 * device the slot next to itself.
6251 */
6252 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6253 if (RT_FAILURE(rc))
6254 return PDMDEV_SET_ERROR(pDevIns, rc,
6255 N_("PIIX3 cannot register PCI device"));
6256 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6257 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6258 if (RT_FAILURE(rc))
6259 return PDMDEV_SET_ERROR(pDevIns, rc,
6260 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6261
6262 /*
6263 * Register the I/O ports.
6264 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6265 */
6266 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6267 {
6268 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6269 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6270 if (RT_FAILURE(rc))
6271 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6272
6273 if (fGCEnabled)
6274 {
6275 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6276 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6277 if (RT_FAILURE(rc))
6278 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6279 }
6280
6281 if (fR0Enabled)
6282 {
6283#if 1
6284 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6285 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6286#else
6287 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6288 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6289#endif
6290 if (RT_FAILURE(rc))
6291 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6292 }
6293
6294 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6295 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6296 if (RT_FAILURE(rc))
6297 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6298
6299 if (fGCEnabled)
6300 {
6301 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6302 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6303 if (RT_FAILURE(rc))
6304 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6305 }
6306 if (fR0Enabled)
6307 {
6308 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6309 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6310 if (RT_FAILURE(rc))
6311 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6312 }
6313
6314 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6315 {
6316 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6317 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA DMA transfers.", "/Devices/ATA%d/Unit%d/DMA", i, j);
6318 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATA PIO transfers.", "/Devices/ATA%d/Unit%d/PIO", i, j);
6319 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI DMA transfers.", "/Devices/ATA%d/Unit%d/AtapiDMA", i, j);
6320 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "Number of ATAPI PIO transfers.", "/Devices/ATA%d/Unit%d/AtapiPIO", i, j);
6321#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6322 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the read operations.", "/Devices/ATA%d/Unit%d/Reads", i, j);
6323#endif
6324 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data read.", "/Devices/ATA%d/Unit%d/ReadBytes", i, j);
6325#ifdef VBOX_INSTRUMENT_DMA_WRITES
6326 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the VD DMA write operations.","/Devices/ATA%d/Unit%d/InstrVDWrites", i, j);
6327#endif
6328#ifdef VBOX_WITH_STATISTICS
6329 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the write operations.","/Devices/ATA%d/Unit%d/Writes", i, j);
6330#endif
6331 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES, "Amount of data written.", "/Devices/ATA%d/Unit%d/WrittenBytes", i, j);
6332#ifdef VBOX_WITH_STATISTICS
6333 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of the flush operations.","/Devices/ATA%d/Unit%d/Flushes", i, j);
6334#endif
6335 }
6336#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6337 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES, "The number of async operations.", "/Devices/ATA%d/Async/Operations", i);
6338 /** @todo STAMUNIT_MICROSECS */
6339 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Minimum wait in microseconds.", "/Devices/ATA%d/Async/MinWait", i);
6340 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Maximum wait in microseconds.", "/Devices/ATA%d/Async/MaxWait", i);
6341 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE, "Total time spent in microseconds.","/Devices/ATA%d/Async/TotalTimeUS", i);
6342 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of async operations.", "/Devices/ATA%d/Async/Time", i);
6343 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling of locks.", "/Devices/ATA%d/Async/LockWait", i);
6344#endif /* VBOX_WITH_STATISTICS */
6345
6346 /* Initialize per-controller critical section */
6347 char szName[24];
6348 RTStrPrintf(szName, sizeof(szName), "ATA%d", i);
6349 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, szName);
6350 if (RT_FAILURE(rc))
6351 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6352 }
6353
6354 /*
6355 * Attach status driver (optional).
6356 */
6357 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6358 if (RT_SUCCESS(rc))
6359 pThis->pLedsConnector = (PDMILEDCONNECTORS *)pBase->pfnQueryInterface(pBase, PDMINTERFACE_LED_CONNECTORS);
6360 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6361 {
6362 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6363 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6364 }
6365
6366 /*
6367 * Attach the units.
6368 */
6369 uint32_t cbTotalBuffer = 0;
6370 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6371 {
6372 PATACONTROLLER pCtl = &pThis->aCts[i];
6373
6374 /*
6375 * Start the worker thread.
6376 */
6377 pCtl->uAsyncIOState = ATA_AIO_NEW;
6378 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6379 AssertRC(rc);
6380 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6381 AssertRC(rc);
6382 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6383 AssertRC(rc);
6384 ataAsyncIOClearRequests(pCtl);
6385 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024, RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6386 AssertRC(rc);
6387 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6388 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6389
6390 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6391 {
6392 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6393 {
6394 { "Primary Master", "Primary Slave" },
6395 { "Secondary Master", "Secondary Slave" }
6396 };
6397
6398 /*
6399 * Try attach the block device and get the interfaces,
6400 * required as well as optional.
6401 */
6402 ATADevState *pIf = &pCtl->aIfs[j];
6403
6404 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6405 if (RT_SUCCESS(rc))
6406 {
6407 rc = ataConfigLun(pDevIns, pIf);
6408 if (RT_SUCCESS(rc))
6409 {
6410 /*
6411 * Init vendor product data.
6412 */
6413 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6414 {
6415 { "PrimaryMaster", "PrimarySlave" },
6416 { "SecondaryMaster", "SecondarySlave" }
6417 };
6418
6419 /* Generate a default serial number. */
6420 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6421 RTUUID Uuid;
6422 if (pIf->pDrvBlock)
6423 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6424 else
6425 RTUuidClear(&Uuid);
6426
6427 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6428 {
6429 /* Generate a predictable serial for drives which don't have a UUID. */
6430 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6431 pIf->iLUN + pDevIns->iInstance * 32,
6432 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6433 }
6434 else
6435 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6436
6437 /* Get user config if present using defaults otherwise. */
6438 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfgHandle, s_apszCFGMKeys[i][j]);
6439 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6440 szSerial);
6441 if (RT_FAILURE(rc))
6442 {
6443 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6444 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6445 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6446 return PDMDEV_SET_ERROR(pDevIns, rc,
6447 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6448 }
6449
6450 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6451 "1.0");
6452 if (RT_FAILURE(rc))
6453 {
6454 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6455 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6456 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6457 return PDMDEV_SET_ERROR(pDevIns, rc,
6458 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6459 }
6460
6461 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
6462 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
6463 if (RT_FAILURE(rc))
6464 {
6465 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6466 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6467 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6468 return PDMDEV_SET_ERROR(pDevIns, rc,
6469 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6470 }
6471 }
6472
6473 }
6474 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6475 {
6476 pIf->pDrvBase = NULL;
6477 pIf->pDrvBlock = NULL;
6478 pIf->cbIOBuffer = 0;
6479 pIf->pbIOBufferR3 = NULL;
6480 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6481 pIf->pbIOBufferRC = NIL_RTGCPTR;
6482 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6483 }
6484 else
6485 {
6486 switch (rc)
6487 {
6488 case VERR_ACCESS_DENIED:
6489 /* Error already catched by DrvHostBase */
6490 return rc;
6491 default:
6492 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6493 N_("PIIX3 cannot attach drive to the %s"),
6494 s_apszDescs[i][j]);
6495 }
6496 }
6497 cbTotalBuffer += pIf->cbIOBuffer;
6498 }
6499 }
6500
6501 rc = PDMDevHlpSSMRegister(pDevIns, pDevIns->pDevReg->szDeviceName, iInstance,
6502 ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer,
6503 ataSaveLoadPrep, ataSaveExec, NULL,
6504 ataSaveLoadPrep, ataLoadExec, NULL);
6505 if (RT_FAILURE(rc))
6506 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6507
6508 /*
6509 * Initialize the device state.
6510 */
6511 ataReset(pDevIns);
6512
6513 return VINF_SUCCESS;
6514}
6515
6516
6517/**
6518 * The device registration structure.
6519 */
6520const PDMDEVREG g_DevicePIIX3IDE =
6521{
6522 /* u32Version */
6523 PDM_DEVREG_VERSION,
6524 /* szDeviceName */
6525 "piix3ide",
6526 /* szRCMod */
6527 "VBoxDDGC.gc",
6528 /* szR0Mod */
6529 "VBoxDDR0.r0",
6530 /* pszDescription */
6531 "Intel PIIX3 ATA controller.\n"
6532 " LUN #0 is primary master.\n"
6533 " LUN #1 is primary slave.\n"
6534 " LUN #2 is secondary master.\n"
6535 " LUN #3 is secondary slave.\n"
6536 " LUN #999 is the LED/Status connector.",
6537 /* fFlags */
6538 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
6539 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
6540 /* fClass */
6541 PDM_DEVREG_CLASS_STORAGE,
6542 /* cMaxInstances */
6543 1,
6544 /* cbInstance */
6545 sizeof(PCIATAState),
6546 /* pfnConstruct */
6547 ataConstruct,
6548 /* pfnDestruct */
6549 ataDestruct,
6550 /* pfnRelocate */
6551 ataRelocate,
6552 /* pfnIOCtl */
6553 NULL,
6554 /* pfnPowerOn */
6555 NULL,
6556 /* pfnReset */
6557 ataReset,
6558 /* pfnSuspend */
6559 ataSuspend,
6560 /* pfnResume */
6561 ataResume,
6562 /* pfnAttach */
6563 ataAttach,
6564 /* pfnDetach */
6565 ataDetach,
6566 /* pfnQueryInterface. */
6567 NULL,
6568 /* pfnInitComplete */
6569 NULL,
6570 /* pfnPowerOff */
6571 ataPowerOff,
6572 /* pfnSoftReset */
6573 NULL,
6574 /* u32VersionEnd */
6575 PDM_DEVREG_VERSION
6576};
6577#endif /* IN_RING3 */
6578#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette