VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 26285

Last change on this file since 26285 was 26285, checked in by vboxsync, 15 years ago

DevATA: Initializers... wonder if all compilers will like this.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 267.5 KB
Line 
1/* $Id: DevATA.cpp 26285 2010-02-05 13:45:22Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/** @name The SSM saved state versions.
30 * @{
31 */
32/** The current saved state version. */
33#define ATA_SAVED_STATE_VERSION 20
34/** The saved state version used by VirtualBox 3.0.
35 * This lacks the config part and has the type at the and. */
36#define ATA_SAVED_STATE_VERSION_VBOX_30 19
37#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
38#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
39#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
40/** @} */
41
42/*******************************************************************************
43* Header Files *
44*******************************************************************************/
45#define LOG_GROUP LOG_GROUP_DEV_IDE
46#include <VBox/pdmdev.h>
47#include <iprt/assert.h>
48#include <iprt/string.h>
49#ifdef IN_RING3
50# include <iprt/uuid.h>
51# include <iprt/semaphore.h>
52# include <iprt/thread.h>
53# include <iprt/time.h>
54# include <iprt/alloc.h>
55#endif /* IN_RING3 */
56#include <iprt/critsect.h>
57#include <iprt/asm.h>
58#include <VBox/stam.h>
59#include <VBox/mm.h>
60#include <VBox/pgm.h>
61
62#include <VBox/scsi.h>
63
64#include "PIIX3ATABmDma.h"
65#include "ide.h"
66#include "../Builtins.h"
67
68/*******************************************************************************
69* Defined Constants And Macros *
70*******************************************************************************/
71/**
72 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
73 * Set to 1 to disable multi-sector read support. According to the ATA
74 * specification this must be a power of 2 and it must fit in an 8 bit
75 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
76 */
77#define ATA_MAX_MULT_SECTORS 128
78
79/**
80 * Fastest PIO mode supported by the drive.
81 */
82#define ATA_PIO_MODE_MAX 4
83/**
84 * Fastest MDMA mode supported by the drive.
85 */
86#define ATA_MDMA_MODE_MAX 2
87/**
88 * Fastest UDMA mode supported by the drive.
89 */
90#define ATA_UDMA_MODE_MAX 6
91
92/** ATAPI sense info size. */
93#define ATAPI_SENSE_SIZE 64
94
95/** The maximum number of release log entries per device. */
96#define MAX_LOG_REL_ERRORS 1024
97
98/* MediaEventStatus */
99#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
100#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
101#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
102#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
103
104/**
105 * Length of the configurable VPD data (without termination)
106 */
107#define ATA_SERIAL_NUMBER_LENGTH 20
108#define ATA_FIRMWARE_REVISION_LENGTH 8
109#define ATA_MODEL_NUMBER_LENGTH 40
110#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
111#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
112#define ATAPI_INQUIRY_REVISION_LENGTH 4
113
114/*******************************************************************************
115* Structures and Typedefs *
116*******************************************************************************/
117/**
118 * The state of an ATA device.
119 *
120 * @implements PDMIBASE
121 * @implements PDMIBLOCKPORT
122 * @implements PDMIMOUNTNOTIFY
123 */
124typedef struct ATADevState
125{
126 /** Flag indicating whether the current command uses LBA48 mode. */
127 bool fLBA48;
128 /** Flag indicating whether this drive implements the ATAPI command set. */
129 bool fATAPI;
130 /** Set if this interface has asserted the IRQ. */
131 bool fIrqPending;
132 /** Currently configured number of sectors in a multi-sector transfer. */
133 uint8_t cMultSectors;
134 /** PCHS disk geometry. */
135 PDMMEDIAGEOMETRY PCHSGeometry;
136 /** Total number of sectors on this disk. */
137 uint64_t cTotalSectors;
138 /** Number of sectors to transfer per IRQ. */
139 uint32_t cSectorsPerIRQ;
140
141 /** ATA/ATAPI register 1: feature (write-only). */
142 uint8_t uATARegFeature;
143 /** ATA/ATAPI register 1: feature, high order byte. */
144 uint8_t uATARegFeatureHOB;
145 /** ATA/ATAPI register 1: error (read-only). */
146 uint8_t uATARegError;
147 /** ATA/ATAPI register 2: sector count (read/write). */
148 uint8_t uATARegNSector;
149 /** ATA/ATAPI register 2: sector count, high order byte. */
150 uint8_t uATARegNSectorHOB;
151 /** ATA/ATAPI register 3: sector (read/write). */
152 uint8_t uATARegSector;
153 /** ATA/ATAPI register 3: sector, high order byte. */
154 uint8_t uATARegSectorHOB;
155 /** ATA/ATAPI register 4: cylinder low (read/write). */
156 uint8_t uATARegLCyl;
157 /** ATA/ATAPI register 4: cylinder low, high order byte. */
158 uint8_t uATARegLCylHOB;
159 /** ATA/ATAPI register 5: cylinder high (read/write). */
160 uint8_t uATARegHCyl;
161 /** ATA/ATAPI register 5: cylinder high, high order byte. */
162 uint8_t uATARegHCylHOB;
163 /** ATA/ATAPI register 6: select drive/head (read/write). */
164 uint8_t uATARegSelect;
165 /** ATA/ATAPI register 7: status (read-only). */
166 uint8_t uATARegStatus;
167 /** ATA/ATAPI register 7: command (write-only). */
168 uint8_t uATARegCommand;
169 /** ATA/ATAPI drive control register (write-only). */
170 uint8_t uATARegDevCtl;
171
172 /** Currently active transfer mode (MDMA/UDMA) and speed. */
173 uint8_t uATATransferMode;
174 /** Current transfer direction. */
175 uint8_t uTxDir;
176 /** Index of callback for begin transfer. */
177 uint8_t iBeginTransfer;
178 /** Index of callback for source/sink of data. */
179 uint8_t iSourceSink;
180 /** Flag indicating whether the current command transfers data in DMA mode. */
181 bool fDMA;
182 /** Set to indicate that ATAPI transfer semantics must be used. */
183 bool fATAPITransfer;
184
185 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
186 uint32_t cbTotalTransfer;
187 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbElementaryTransfer;
189 /** Current read/write buffer position, shared PIO/DMA. */
190 uint32_t iIOBufferCur;
191 /** First element beyond end of valid buffer content, shared PIO/DMA. */
192 uint32_t iIOBufferEnd;
193
194 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
195 uint32_t iIOBufferPIODataStart;
196 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataEnd;
198
199 /** ATAPI current LBA position. */
200 uint32_t iATAPILBA;
201 /** ATAPI current sector size. */
202 uint32_t cbATAPISector;
203 /** ATAPI current command. */
204 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
205 /** ATAPI sense data. */
206 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
207 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
208 uint8_t cNotifiedMediaChange;
209 /** The same for GET_EVENT_STATUS for mechanism */
210 volatile uint32_t MediaEventStatus;
211
212 uint32_t Alignment0;
213
214 /** The status LED state for this drive. */
215 PDMLED Led;
216
217 /** Size of I/O buffer. */
218 uint32_t cbIOBuffer;
219 /** Pointer to the I/O buffer. */
220 R3PTRTYPE(uint8_t *) pbIOBufferR3;
221 /** Pointer to the I/O buffer. */
222 R0PTRTYPE(uint8_t *) pbIOBufferR0;
223 /** Pointer to the I/O buffer. */
224 RCPTRTYPE(uint8_t *) pbIOBufferRC;
225
226 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
227
228 /*
229 * No data that is part of the saved state after this point!!!!!
230 */
231
232 /* Release statistics: number of ATA DMA commands. */
233 STAMCOUNTER StatATADMA;
234 /* Release statistics: number of ATA PIO commands. */
235 STAMCOUNTER StatATAPIO;
236 /* Release statistics: number of ATAPI PIO commands. */
237 STAMCOUNTER StatATAPIDMA;
238 /* Release statistics: number of ATAPI PIO commands. */
239 STAMCOUNTER StatATAPIPIO;
240#ifdef VBOX_INSTRUMENT_DMA_WRITES
241 /* Release statistics: number of DMA sector writes and the time spent. */
242 STAMPROFILEADV StatInstrVDWrites;
243#endif
244
245 /** Statistics: number of read operations and the time spent reading. */
246 STAMPROFILEADV StatReads;
247 /** Statistics: number of bytes read. */
248 STAMCOUNTER StatBytesRead;
249 /** Statistics: number of write operations and the time spent writing. */
250 STAMPROFILEADV StatWrites;
251 /** Statistics: number of bytes written. */
252 STAMCOUNTER StatBytesWritten;
253 /** Statistics: number of flush operations and the time spend flushing. */
254 STAMPROFILE StatFlushes;
255
256 /** Enable passing through commands directly to the ATAPI drive. */
257 bool fATAPIPassthrough;
258 /** Number of errors we've reported to the release log.
259 * This is to prevent flooding caused by something going horribly wrong.
260 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
261 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
262 uint32_t cErrors;
263 /** Timestamp of last started command. 0 if no command pending. */
264 uint64_t u64CmdTS;
265
266 /** Pointer to the attached driver's base interface. */
267 R3PTRTYPE(PPDMIBASE) pDrvBase;
268 /** Pointer to the attached driver's block interface. */
269 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
270 /** Pointer to the attached driver's block bios interface. */
271 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
272 /** Pointer to the attached driver's mount interface.
273 * This is NULL if the driver isn't a removable unit. */
274 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
275 /** The base interface. */
276 PDMIBASE IBase;
277 /** The block port interface. */
278 PDMIBLOCKPORT IPort;
279 /** The mount notify interface. */
280 PDMIMOUNTNOTIFY IMountNotify;
281 /** The LUN #. */
282 RTUINT iLUN;
283 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
284 /** Pointer to device instance. */
285 PPDMDEVINSR3 pDevInsR3;
286 /** Pointer to controller instance. */
287 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
288 /** Pointer to device instance. */
289 PPDMDEVINSR0 pDevInsR0;
290 /** Pointer to controller instance. */
291 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
292 /** Pointer to device instance. */
293 PPDMDEVINSRC pDevInsRC;
294 /** Pointer to controller instance. */
295 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
296
297 /** The serial number to use for IDENTIFY DEVICE commands. */
298 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
299 /** The firmware revision to use for IDENTIFY DEVICE commands. */
300 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
301 /** The model number to use for IDENTIFY DEVICE commands. */
302 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
303 /** The vendor identification string for SCSI INQUIRY commands. */
304 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
305 /** The product identification string for SCSI INQUIRY commands. */
306 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
307 /** The revision string for SCSI INQUIRY commands. */
308 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
309
310 uint8_t abAlignment3[7];
311} ATADevState;
312AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
313AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
314AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
315AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
316AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
317AssertCompileSizeAlignment(ATADevState, 8);
318
319
320typedef struct ATATransferRequest
321{
322 uint8_t iIf;
323 uint8_t iBeginTransfer;
324 uint8_t iSourceSink;
325 uint32_t cbTotalTransfer;
326 uint8_t uTxDir;
327} ATATransferRequest;
328
329
330typedef struct ATAAbortRequest
331{
332 uint8_t iIf;
333 bool fResetDrive;
334} ATAAbortRequest;
335
336
337typedef enum
338{
339 /** Begin a new transfer. */
340 ATA_AIO_NEW = 0,
341 /** Continue a DMA transfer. */
342 ATA_AIO_DMA,
343 /** Continue a PIO transfer. */
344 ATA_AIO_PIO,
345 /** Reset the drives on current controller, stop all transfer activity. */
346 ATA_AIO_RESET_ASSERTED,
347 /** Reset the drives on current controller, resume operation. */
348 ATA_AIO_RESET_CLEARED,
349 /** Abort the current transfer of a particular drive. */
350 ATA_AIO_ABORT
351} ATAAIO;
352
353
354typedef struct ATARequest
355{
356 ATAAIO ReqType;
357 union
358 {
359 ATATransferRequest t;
360 ATAAbortRequest a;
361 } u;
362} ATARequest;
363
364
365typedef struct ATACONTROLLER
366{
367 /** The base of the first I/O Port range. */
368 RTIOPORT IOPortBase1;
369 /** The base of the second I/O Port range. (0 if none) */
370 RTIOPORT IOPortBase2;
371 /** The assigned IRQ. */
372 RTUINT irq;
373 /** Access critical section */
374 PDMCRITSECT lock;
375
376 /** Selected drive. */
377 uint8_t iSelectedIf;
378 /** The interface on which to handle async I/O. */
379 uint8_t iAIOIf;
380 /** The state of the async I/O thread. */
381 uint8_t uAsyncIOState;
382 /** Flag indicating whether the next transfer is part of the current command. */
383 bool fChainedTransfer;
384 /** Set when the reset processing is currently active on this controller. */
385 bool fReset;
386 /** Flag whether the current transfer needs to be redone. */
387 bool fRedo;
388 /** Flag whether the redo suspend has been finished. */
389 bool fRedoIdle;
390 /** Flag whether the DMA operation to be redone is the final transfer. */
391 bool fRedoDMALastDesc;
392 /** The BusMaster DMA state. */
393 BMDMAState BmDma;
394 /** Pointer to first DMA descriptor. */
395 RTGCPHYS32 pFirstDMADesc;
396 /** Pointer to last DMA descriptor. */
397 RTGCPHYS32 pLastDMADesc;
398 /** Pointer to current DMA buffer (for redo operations). */
399 RTGCPHYS32 pRedoDMABuffer;
400 /** Size of current DMA buffer (for redo operations). */
401 uint32_t cbRedoDMABuffer;
402
403 /** The ATA/ATAPI interfaces of this controller. */
404 ATADevState aIfs[2];
405
406 /** Pointer to device instance. */
407 PPDMDEVINSR3 pDevInsR3;
408 /** Pointer to device instance. */
409 PPDMDEVINSR0 pDevInsR0;
410 /** Pointer to device instance. */
411 PPDMDEVINSRC pDevInsRC;
412
413 /** Set when the destroying the device instance and the thread must exit. */
414 uint32_t volatile fShutdown;
415 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
416 RTTHREAD AsyncIOThread;
417 /** The event semaphore the thread is waiting on for requests. */
418 RTSEMEVENT AsyncIOSem;
419 /** The request queue for the AIO thread. One element is always unused. */
420 ATARequest aAsyncIORequests[4];
421 /** The position at which to insert a new request for the AIO thread. */
422 uint8_t AsyncIOReqHead;
423 /** The position at which to get a new request for the AIO thread. */
424 uint8_t AsyncIOReqTail;
425 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
426 bool volatile fSignalIdle;
427 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
428 /** Magic delay before triggering interrupts in DMA mode. */
429 uint32_t DelayIRQMillies;
430 /** The mutex protecting the request queue. */
431 RTSEMMUTEX AsyncIORequestMutex;
432 /** The event semaphore the thread is waiting on during suspended I/O. */
433 RTSEMEVENT SuspendIOSem;
434#if 0 /*HC_ARCH_BITS == 32*/
435 uint32_t Alignment0;
436#endif
437
438 /** Timestamp we started the reset. */
439 uint64_t u64ResetTime;
440
441 /* Statistics */
442 STAMCOUNTER StatAsyncOps;
443 uint64_t StatAsyncMinWait;
444 uint64_t StatAsyncMaxWait;
445 STAMCOUNTER StatAsyncTimeUS;
446 STAMPROFILEADV StatAsyncTime;
447 STAMPROFILE StatLockWait;
448} ATACONTROLLER, *PATACONTROLLER;
449AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
450AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
451AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
452AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
453
454typedef enum CHIPSET
455{
456 /** PIIX3 chipset, must be 0 for saved state compatibility */
457 CHIPSET_PIIX3 = 0,
458 /** PIIX4 chipset, must be 1 for saved state compatibility */
459 CHIPSET_PIIX4 = 1,
460 /** ICH6 chipset */
461 CHIPSET_ICH6 = 2
462} CHIPSET;
463
464/**
465 * The state of the ATA PCI device.
466 *
467 * @extends PCIDEVICE
468 * @implements PDMILEDPORTS
469 */
470typedef struct PCIATAState
471{
472 PCIDEVICE dev;
473 /** The controllers. */
474 ATACONTROLLER aCts[2];
475 /** Pointer to device instance. */
476 PPDMDEVINSR3 pDevIns;
477 /** Status LUN: Base interface. */
478 PDMIBASE IBase;
479 /** Status LUN: Leds interface. */
480 PDMILEDPORTS ILeds;
481 /** Status LUN: Partner of ILeds. */
482 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
483 /** Flag whether GC is enabled. */
484 bool fGCEnabled;
485 /** Flag whether R0 is enabled. */
486 bool fR0Enabled;
487 /** Flag indicating chipset being emulated. */
488 uint8_t u8Type;
489 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
490} PCIATAState;
491
492#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
493#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
494#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
495#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
496#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
497#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
498
499#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
500
501#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
502#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
503#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
504#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
505
506#ifndef VBOX_DEVICE_STRUCT_TESTCASE
507/*******************************************************************************
508 * Internal Functions *
509 ******************************************************************************/
510RT_C_DECLS_BEGIN
511PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
512PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
513PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
514PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
515PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
516PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
517PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
518PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
519RT_C_DECLS_END
520
521
522
523DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
524{
525 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
526
527 /* Freeze status register contents while processing RESET. */
528 if (!pCtl->fReset)
529 {
530 s->uATARegStatus = stat;
531 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
532 }
533}
534
535
536DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
537{
538 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
539
540 /* Freeze status register contents while processing RESET. */
541 if (!pCtl->fReset)
542 {
543 s->uATARegStatus |= stat;
544 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
545 }
546}
547
548
549DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
550{
551 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
552
553 /* Freeze status register contents while processing RESET. */
554 if (!pCtl->fReset)
555 {
556 s->uATARegStatus &= ~stat;
557 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
558 }
559}
560
561#ifdef IN_RING3
562
563typedef void (*PBeginTransferFunc)(ATADevState *);
564typedef bool (*PSourceSinkFunc)(ATADevState *);
565
566static void ataReadWriteSectorsBT(ATADevState *);
567static void ataPacketBT(ATADevState *);
568static void atapiCmdBT(ATADevState *);
569static void atapiPassthroughCmdBT(ATADevState *);
570
571static bool ataIdentifySS(ATADevState *);
572static bool ataFlushSS(ATADevState *);
573static bool ataReadSectorsSS(ATADevState *);
574static bool ataWriteSectorsSS(ATADevState *);
575static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
576static bool ataPacketSS(ATADevState *);
577static bool atapiGetConfigurationSS(ATADevState *);
578static bool atapiGetEventStatusNotificationSS(ATADevState *);
579static bool atapiIdentifySS(ATADevState *);
580static bool atapiInquirySS(ATADevState *);
581static bool atapiMechanismStatusSS(ATADevState *);
582static bool atapiModeSenseErrorRecoverySS(ATADevState *);
583static bool atapiModeSenseCDStatusSS(ATADevState *);
584static bool atapiReadSS(ATADevState *);
585static bool atapiReadCapacitySS(ATADevState *);
586static bool atapiReadDiscInformationSS(ATADevState *);
587static bool atapiReadTOCNormalSS(ATADevState *);
588static bool atapiReadTOCMultiSS(ATADevState *);
589static bool atapiReadTOCRawSS(ATADevState *);
590static bool atapiReadTrackInformationSS(ATADevState *);
591static bool atapiRequestSenseSS(ATADevState *);
592static bool atapiPassthroughSS(ATADevState *);
593static bool atapiReadDVDStructureSS(ATADevState *);
594
595/**
596 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
597 */
598typedef enum ATAFNBT
599{
600 ATAFN_BT_NULL = 0,
601 ATAFN_BT_READ_WRITE_SECTORS,
602 ATAFN_BT_PACKET,
603 ATAFN_BT_ATAPI_CMD,
604 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
605 ATAFN_BT_MAX
606} ATAFNBT;
607
608/**
609 * Array of end transfer functions, the index is ATAFNET.
610 * Make sure ATAFNET and this array match!
611 */
612static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
613{
614 NULL,
615 ataReadWriteSectorsBT,
616 ataPacketBT,
617 atapiCmdBT,
618 atapiPassthroughCmdBT,
619};
620
621/**
622 * Source/sink function indexes for g_apfnSourceSinkFuncs.
623 */
624typedef enum ATAFNSS
625{
626 ATAFN_SS_NULL = 0,
627 ATAFN_SS_IDENTIFY,
628 ATAFN_SS_FLUSH,
629 ATAFN_SS_READ_SECTORS,
630 ATAFN_SS_WRITE_SECTORS,
631 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
632 ATAFN_SS_PACKET,
633 ATAFN_SS_ATAPI_GET_CONFIGURATION,
634 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
635 ATAFN_SS_ATAPI_IDENTIFY,
636 ATAFN_SS_ATAPI_INQUIRY,
637 ATAFN_SS_ATAPI_MECHANISM_STATUS,
638 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
639 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
640 ATAFN_SS_ATAPI_READ,
641 ATAFN_SS_ATAPI_READ_CAPACITY,
642 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
643 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
644 ATAFN_SS_ATAPI_READ_TOC_MULTI,
645 ATAFN_SS_ATAPI_READ_TOC_RAW,
646 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
647 ATAFN_SS_ATAPI_REQUEST_SENSE,
648 ATAFN_SS_ATAPI_PASSTHROUGH,
649 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
650 ATAFN_SS_MAX
651} ATAFNSS;
652
653/**
654 * Array of source/sink functions, the index is ATAFNSS.
655 * Make sure ATAFNSS and this array match!
656 */
657static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
658{
659 NULL,
660 ataIdentifySS,
661 ataFlushSS,
662 ataReadSectorsSS,
663 ataWriteSectorsSS,
664 ataExecuteDeviceDiagnosticSS,
665 ataPacketSS,
666 atapiGetConfigurationSS,
667 atapiGetEventStatusNotificationSS,
668 atapiIdentifySS,
669 atapiInquirySS,
670 atapiMechanismStatusSS,
671 atapiModeSenseErrorRecoverySS,
672 atapiModeSenseCDStatusSS,
673 atapiReadSS,
674 atapiReadCapacitySS,
675 atapiReadDiscInformationSS,
676 atapiReadTOCNormalSS,
677 atapiReadTOCMultiSS,
678 atapiReadTOCRawSS,
679 atapiReadTrackInformationSS,
680 atapiRequestSenseSS,
681 atapiPassthroughSS,
682 atapiReadDVDStructureSS
683};
684
685
686static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
687static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
688static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
689static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
690
691static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
692{
693 int rc;
694
695 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
696 AssertRC(rc);
697 pCtl->AsyncIOReqHead = 0;
698 pCtl->AsyncIOReqTail = 0;
699 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
700 AssertRC(rc);
701}
702
703
704static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
705{
706 int rc;
707
708 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
709 AssertRC(rc);
710 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
711 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
712 pCtl->AsyncIOReqHead++;
713 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
714 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
715 AssertRC(rc);
716 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
717 if (RT_FAILURE(rc))
718 {
719 rc = RTSemEventSignal(pCtl->AsyncIOSem);
720 AssertRC(rc);
721 }
722}
723
724
725static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
726{
727 int rc;
728 const ATARequest *pReq;
729
730 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
731 AssertRC(rc);
732 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
733 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
734 else
735 pReq = NULL;
736 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
737 AssertRC(rc);
738 return pReq;
739}
740
741
742/**
743 * Remove the request with the given type, as it's finished. The request
744 * is not removed blindly, as this could mean a RESET request that is not
745 * yet processed (but has cleared the request queue) is lost.
746 *
747 * @param pCtl Controller for which to remove the request.
748 * @param ReqType Type of the request to remove.
749 */
750static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
751{
752 int rc;
753
754 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
755 AssertRC(rc);
756 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
757 {
758 pCtl->AsyncIOReqTail++;
759 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
760 }
761 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
762 AssertRC(rc);
763}
764
765
766/**
767 * Dump the request queue for a particular controller. First dump the queue
768 * contents, then the already processed entries, as long as they haven't been
769 * overwritten.
770 *
771 * @param pCtl Controller for which to dump the queue.
772 */
773static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
774{
775 int rc;
776 uint8_t curr;
777
778 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
779 AssertRC(rc);
780 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
781 curr = pCtl->AsyncIOReqTail;
782 do
783 {
784 if (curr == pCtl->AsyncIOReqHead)
785 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
786 switch (pCtl->aAsyncIORequests[curr].ReqType)
787 {
788 case ATA_AIO_NEW:
789 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
790 break;
791 case ATA_AIO_DMA:
792 LogRel(("dma transfer continuation\n"));
793 break;
794 case ATA_AIO_PIO:
795 LogRel(("pio transfer continuation\n"));
796 break;
797 case ATA_AIO_RESET_ASSERTED:
798 LogRel(("reset asserted request\n"));
799 break;
800 case ATA_AIO_RESET_CLEARED:
801 LogRel(("reset cleared request\n"));
802 break;
803 case ATA_AIO_ABORT:
804 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
805 break;
806 default:
807 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
808 }
809 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
810 } while (curr != pCtl->AsyncIOReqTail);
811 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
812 AssertRC(rc);
813}
814
815
816/**
817 * Checks whether the request queue for a particular controller is empty
818 * or whether a particular controller is idle.
819 *
820 * @param pCtl Controller for which to check the queue.
821 * @param fStrict If set then the controller is checked to be idle.
822 */
823static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
824{
825 int rc;
826 bool fIdle;
827
828 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
829 AssertRC(rc);
830 fIdle = pCtl->fRedoIdle;
831 if (!fIdle)
832 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
833 if (fStrict)
834 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
835 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
836 AssertRC(rc);
837 return fIdle;
838}
839
840
841/**
842 * Send a transfer request to the async I/O thread.
843 *
844 * @param s Pointer to the ATA device state data.
845 * @param cbTotalTransfer Data transfer size.
846 * @param uTxDir Data transfer direction.
847 * @param iBeginTransfer Index of BeginTransfer callback.
848 * @param iSourceSink Index of SourceSink callback.
849 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
850 */
851static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
852{
853 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
854 ATARequest Req;
855
856 Assert(PDMCritSectIsOwner(&pCtl->lock));
857
858 /* Do not issue new requests while the RESET line is asserted. */
859 if (pCtl->fReset)
860 {
861 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
862 return;
863 }
864
865 /* If the controller is already doing something else right now, ignore
866 * the command that is being submitted. Some broken guests issue commands
867 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
868 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
869 {
870 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
871 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
872 return;
873 }
874
875 Req.ReqType = ATA_AIO_NEW;
876 if (fChainedTransfer)
877 Req.u.t.iIf = pCtl->iAIOIf;
878 else
879 Req.u.t.iIf = pCtl->iSelectedIf;
880 Req.u.t.cbTotalTransfer = cbTotalTransfer;
881 Req.u.t.uTxDir = uTxDir;
882 Req.u.t.iBeginTransfer = iBeginTransfer;
883 Req.u.t.iSourceSink = iSourceSink;
884 ataSetStatusValue(s, ATA_STAT_BUSY);
885 pCtl->fChainedTransfer = fChainedTransfer;
886
887 /*
888 * Kick the worker thread into action.
889 */
890 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
891 ataAsyncIOPutRequest(pCtl, &Req);
892}
893
894
895/**
896 * Send an abort command request to the async I/O thread.
897 *
898 * @param s Pointer to the ATA device state data.
899 * @param fResetDrive Whether to reset the drive or just abort a command.
900 */
901static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
902{
903 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
904 ATARequest Req;
905
906 Assert(PDMCritSectIsOwner(&pCtl->lock));
907
908 /* Do not issue new requests while the RESET line is asserted. */
909 if (pCtl->fReset)
910 {
911 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
912 return;
913 }
914
915 Req.ReqType = ATA_AIO_ABORT;
916 Req.u.a.iIf = pCtl->iSelectedIf;
917 Req.u.a.fResetDrive = fResetDrive;
918 ataSetStatus(s, ATA_STAT_BUSY);
919 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
920 ataAsyncIOPutRequest(pCtl, &Req);
921}
922
923
924static void ataSetIRQ(ATADevState *s)
925{
926 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
927 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
928
929 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
930 {
931 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
932 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
933 * line is asserted. It monitors the line for a rising edge. */
934 if (!s->fIrqPending)
935 pCtl->BmDma.u8Status |= BM_STATUS_INT;
936 /* Only actually set the IRQ line if updating the currently selected drive. */
937 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
938 {
939 /** @todo experiment with adaptive IRQ delivery: for reads it is
940 * better to wait for IRQ delivery, as it reduces latency. */
941 if (pCtl->irq == 16)
942 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
943 else
944 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
945 }
946 }
947 s->fIrqPending = true;
948}
949
950#endif /* IN_RING3 */
951
952static void ataUnsetIRQ(ATADevState *s)
953{
954 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
955 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
956
957 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
958 {
959 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
960 /* Only actually unset the IRQ line if updating the currently selected drive. */
961 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
962 {
963 if (pCtl->irq == 16)
964 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
965 else
966 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
967 }
968 }
969 s->fIrqPending = false;
970}
971
972#ifdef IN_RING3
973
974static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
975{
976 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
977 s->iIOBufferPIODataStart = start;
978 s->iIOBufferPIODataEnd = start + size;
979 ataSetStatus(s, ATA_STAT_DRQ);
980}
981
982
983static void ataPIOTransferStop(ATADevState *s)
984{
985 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
986 if (s->fATAPITransfer)
987 {
988 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
989 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
990 ataSetIRQ(s);
991 s->fATAPITransfer = false;
992 }
993 s->cbTotalTransfer = 0;
994 s->cbElementaryTransfer = 0;
995 s->iIOBufferPIODataStart = 0;
996 s->iIOBufferPIODataEnd = 0;
997 s->iBeginTransfer = ATAFN_BT_NULL;
998 s->iSourceSink = ATAFN_SS_NULL;
999}
1000
1001
1002static void ataPIOTransferLimitATAPI(ATADevState *s)
1003{
1004 uint32_t cbLimit, cbTransfer;
1005
1006 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1007 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1008 if (cbLimit == 0)
1009 cbLimit = 0xfffe;
1010 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1011 if (cbLimit == 0xffff)
1012 cbLimit--;
1013 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1014 if (cbTransfer > cbLimit)
1015 {
1016 /* Byte count limit for clipping must be even in this case */
1017 if (cbLimit & 1)
1018 cbLimit--;
1019 cbTransfer = cbLimit;
1020 }
1021 s->uATARegLCyl = cbTransfer;
1022 s->uATARegHCyl = cbTransfer >> 8;
1023 s->cbElementaryTransfer = cbTransfer;
1024}
1025
1026
1027static uint32_t ataGetNSectors(ATADevState *s)
1028{
1029 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1030 if (s->fLBA48)
1031 {
1032 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1033 return 65536;
1034 else
1035 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1036 }
1037 else
1038 {
1039 if (!s->uATARegNSector)
1040 return 256;
1041 else
1042 return s->uATARegNSector;
1043 }
1044}
1045
1046
1047static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1048{
1049 for (uint32_t i = 0; i < cbSize; i++)
1050 {
1051 if (*pbSrc)
1052 pbDst[i ^ 1] = *pbSrc++;
1053 else
1054 pbDst[i ^ 1] = ' ';
1055 }
1056}
1057
1058
1059static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1060{
1061 for (uint32_t i = 0; i < cbSize; i++)
1062 {
1063 if (*pbSrc)
1064 pbDst[i] = *pbSrc++;
1065 else
1066 pbDst[i] = ' ';
1067 }
1068}
1069
1070
1071DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1072{
1073 pbBuf[0] = val >> 8;
1074 pbBuf[1] = val;
1075}
1076
1077
1078DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1079{
1080 pbBuf[0] = val >> 16;
1081 pbBuf[1] = val >> 8;
1082 pbBuf[2] = val;
1083}
1084
1085
1086DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1087{
1088 pbBuf[0] = val >> 24;
1089 pbBuf[1] = val >> 16;
1090 pbBuf[2] = val >> 8;
1091 pbBuf[3] = val;
1092}
1093
1094
1095DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1096{
1097 return (pbBuf[0] << 8) | pbBuf[1];
1098}
1099
1100
1101DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1102{
1103 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1104}
1105
1106
1107DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1108{
1109 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1110}
1111
1112
1113DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1114{
1115 iATAPILBA += 150;
1116 pbBuf[0] = (iATAPILBA / 75) / 60;
1117 pbBuf[1] = (iATAPILBA / 75) % 60;
1118 pbBuf[2] = iATAPILBA % 75;
1119}
1120
1121
1122DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1123{
1124 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1125}
1126
1127
1128static void ataCmdOK(ATADevState *s, uint8_t status)
1129{
1130 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1131 ataSetStatusValue(s, ATA_STAT_READY | status);
1132}
1133
1134
1135static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1136{
1137 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1138 s->uATARegError = uErrorCode;
1139 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1140 s->cbTotalTransfer = 0;
1141 s->cbElementaryTransfer = 0;
1142 s->iIOBufferCur = 0;
1143 s->iIOBufferEnd = 0;
1144 s->uTxDir = PDMBLOCKTXDIR_NONE;
1145 s->iBeginTransfer = ATAFN_BT_NULL;
1146 s->iSourceSink = ATAFN_SS_NULL;
1147}
1148
1149static uint32_t ataChecksum(void* ptr, size_t count)
1150{
1151 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1152 size_t i;
1153
1154 for (i = 0; i < count; i++)
1155 {
1156 u8Sum += *p++;
1157 }
1158
1159 return (uint8_t)-(int32_t)u8Sum;
1160}
1161
1162static bool ataIdentifySS(ATADevState *s)
1163{
1164 uint16_t *p;
1165
1166 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1167 Assert(s->cbElementaryTransfer == 512);
1168
1169 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1170 memset(p, 0, 512);
1171 p[0] = RT_H2LE_U16(0x0040);
1172 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1173 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1174 /* Block size; obsolete, but required for the BIOS. */
1175 p[5] = RT_H2LE_U16(512);
1176 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1177 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1178 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1179 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1180 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1181 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1182 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1183#if ATA_MAX_MULT_SECTORS > 1
1184 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1185#endif
1186 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1187 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1188 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1189 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1190 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1191 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1192 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1193 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1194 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1195 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1196 * s->PCHSGeometry.cHeads
1197 * s->PCHSGeometry.cSectors);
1198 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1199 * s->PCHSGeometry.cHeads
1200 * s->PCHSGeometry.cSectors >> 16);
1201 if (s->cMultSectors)
1202 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1203 if (s->cTotalSectors <= (1 << 28) - 1)
1204 {
1205 p[60] = RT_H2LE_U16(s->cTotalSectors);
1206 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1207 }
1208 else
1209 {
1210 /* Report maximum number of sectors possible with LBA28 */
1211 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1212 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1213 }
1214 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1215 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1216 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1217 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1218 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1219 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1220 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1221 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1222 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1223 if (s->cTotalSectors <= (1 << 28) - 1)
1224 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1225 else
1226 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1227 p[84] = RT_H2LE_U16(1 << 14);
1228 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1229 if (s->cTotalSectors <= (1 << 28) - 1)
1230 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1231 else
1232 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1233 p[87] = RT_H2LE_U16(1 << 14);
1234 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1235 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1236 if (s->cTotalSectors > (1 << 28) - 1)
1237 {
1238 p[100] = RT_H2LE_U16(s->cTotalSectors);
1239 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1240 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1241 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1242 }
1243 uint32_t uCsum = ataChecksum(p, 510);
1244 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1245 s->iSourceSink = ATAFN_SS_NULL;
1246 ataCmdOK(s, ATA_STAT_SEEK);
1247 return false;
1248}
1249
1250
1251static bool ataFlushSS(ATADevState *s)
1252{
1253 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1254 int rc;
1255
1256 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1257 Assert(!s->cbElementaryTransfer);
1258
1259 PDMCritSectLeave(&pCtl->lock);
1260
1261 STAM_PROFILE_START(&s->StatFlushes, f);
1262 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1263 AssertRC(rc);
1264 STAM_PROFILE_STOP(&s->StatFlushes, f);
1265
1266 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1267 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1268 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1269 ataCmdOK(s, 0);
1270 return false;
1271}
1272
1273static bool atapiIdentifySS(ATADevState *s)
1274{
1275 uint16_t *p;
1276
1277 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1278 Assert(s->cbElementaryTransfer == 512);
1279
1280 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1281 memset(p, 0, 512);
1282 /* Removable CDROM, 50us response, 12 byte packets */
1283 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1284 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1285 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1286 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1287 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1288 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1289 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1290 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1291 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1292 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1293 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1294 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1295 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1296 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1297 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1298 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1299 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1300 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1301 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1302 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1303 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1304 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1305 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1306 p[83] = RT_H2LE_U16(1 << 14);
1307 p[84] = RT_H2LE_U16(1 << 14);
1308 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1309 p[86] = RT_H2LE_U16(0);
1310 p[87] = RT_H2LE_U16(1 << 14);
1311 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1312 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1313 /* According to ATAPI-5 spec:
1314 *
1315 * The use of this word is optional.
1316 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1317 * contain the data
1318 * structure checksum.
1319 * The data structure checksum is the twos complement of the sum of
1320 * all bytes in words 0 through 254 and the byte consisting of
1321 * bits 7:0 in word 255.
1322 * Each byte shall be added with unsigned arithmetic,
1323 * and overflow shall be ignored.
1324 * The sum of all 512 bytes is zero when the checksum is correct.
1325 */
1326 uint32_t uCsum = ataChecksum(p, 510);
1327 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1328
1329 s->iSourceSink = ATAFN_SS_NULL;
1330 ataCmdOK(s, ATA_STAT_SEEK);
1331 return false;
1332}
1333
1334
1335static void ataSetSignature(ATADevState *s)
1336{
1337 s->uATARegSelect &= 0xf0; /* clear head */
1338 /* put signature */
1339 s->uATARegNSector = 1;
1340 s->uATARegSector = 1;
1341 if (s->fATAPI)
1342 {
1343 s->uATARegLCyl = 0x14;
1344 s->uATARegHCyl = 0xeb;
1345 }
1346 else if (s->pDrvBlock)
1347 {
1348 s->uATARegLCyl = 0;
1349 s->uATARegHCyl = 0;
1350 }
1351 else
1352 {
1353 s->uATARegLCyl = 0xff;
1354 s->uATARegHCyl = 0xff;
1355 }
1356}
1357
1358
1359static uint64_t ataGetSector(ATADevState *s)
1360{
1361 uint64_t iLBA;
1362 if (s->uATARegSelect & 0x40)
1363 {
1364 /* any LBA variant */
1365 if (s->fLBA48)
1366 {
1367 /* LBA48 */
1368 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1369 ((uint64_t)s->uATARegLCylHOB << 32) |
1370 ((uint64_t)s->uATARegSectorHOB << 24) |
1371 ((uint64_t)s->uATARegHCyl << 16) |
1372 ((uint64_t)s->uATARegLCyl << 8) |
1373 s->uATARegSector;
1374 }
1375 else
1376 {
1377 /* LBA */
1378 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1379 (s->uATARegLCyl << 8) | s->uATARegSector;
1380 }
1381 }
1382 else
1383 {
1384 /* CHS */
1385 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1386 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1387 (s->uATARegSector - 1);
1388 }
1389 return iLBA;
1390}
1391
1392static void ataSetSector(ATADevState *s, uint64_t iLBA)
1393{
1394 uint32_t cyl, r;
1395 if (s->uATARegSelect & 0x40)
1396 {
1397 /* any LBA variant */
1398 if (s->fLBA48)
1399 {
1400 /* LBA48 */
1401 s->uATARegHCylHOB = iLBA >> 40;
1402 s->uATARegLCylHOB = iLBA >> 32;
1403 s->uATARegSectorHOB = iLBA >> 24;
1404 s->uATARegHCyl = iLBA >> 16;
1405 s->uATARegLCyl = iLBA >> 8;
1406 s->uATARegSector = iLBA;
1407 }
1408 else
1409 {
1410 /* LBA */
1411 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1412 s->uATARegHCyl = (iLBA >> 16);
1413 s->uATARegLCyl = (iLBA >> 8);
1414 s->uATARegSector = (iLBA);
1415 }
1416 }
1417 else
1418 {
1419 /* CHS */
1420 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1421 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1422 s->uATARegHCyl = cyl >> 8;
1423 s->uATARegLCyl = cyl;
1424 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1425 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1426 }
1427}
1428
1429
1430static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1431{
1432 int rc;
1433 LogRel(("PIIX3 ATA: Host disk full\n"));
1434 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_DISKFULL",
1435 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1436 AssertRC(rc);
1437}
1438
1439static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1440{
1441 int rc;
1442 LogRel(("PIIX3 ATA: File too big\n"));
1443 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_FILETOOBIG",
1444 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1445 AssertRC(rc);
1446}
1447
1448static void ataWarningISCSI(PPDMDEVINS pDevIns)
1449{
1450 int rc;
1451 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1452 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_ISCSIDOWN",
1453 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1454 AssertRC(rc);
1455}
1456
1457/**
1458 * Suspend I/O operations on a controller. Also suspends EMT, because it's
1459 * waiting for I/O to make progress. The next attempt to perform an I/O
1460 * operation will be made when EMT is resumed up again (as the resume
1461 * callback below restarts I/O).
1462 *
1463 * @param pCtl Controller for which to suspend I/O.
1464 */
1465static void ataSuspendRedo(PATACONTROLLER pCtl)
1466{
1467 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
1468 int rc;
1469
1470 pCtl->fRedoIdle = true;
1471 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
1472 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
1473 AssertReleaseRC(rc);
1474}
1475
1476bool ataIsRedoSetWarning(ATADevState *s, int rc)
1477{
1478 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1479 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1480 if (rc == VERR_DISK_FULL)
1481 {
1482 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1483 ataSuspendRedo(pCtl);
1484 return true;
1485 }
1486 if (rc == VERR_FILE_TOO_BIG)
1487 {
1488 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1489 ataSuspendRedo(pCtl);
1490 return true;
1491 }
1492 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1493 {
1494 /* iSCSI connection abort (first error) or failure to reestablish
1495 * connection (second error). Pause VM. On resume we'll retry. */
1496 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1497 ataSuspendRedo(pCtl);
1498 return true;
1499 }
1500 return false;
1501}
1502
1503
1504static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors, bool *fRedo)
1505{
1506 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1507 int rc;
1508
1509 PDMCritSectLeave(&pCtl->lock);
1510
1511 STAM_PROFILE_ADV_START(&s->StatReads, r);
1512 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1513 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1514 s->Led.Actual.s.fReading = 0;
1515 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1516
1517 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1518
1519 if (RT_SUCCESS(rc))
1520 *fRedo = false;
1521 else
1522 *fRedo = ataIsRedoSetWarning(s, rc);
1523
1524 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1525 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1526 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1527 return rc;
1528}
1529
1530
1531static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors, bool *fRedo)
1532{
1533 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1534 int rc;
1535
1536 PDMCritSectLeave(&pCtl->lock);
1537
1538 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1539 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1540#ifdef VBOX_INSTRUMENT_DMA_WRITES
1541 if (s->fDMA)
1542 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1543#endif
1544 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1545#ifdef VBOX_INSTRUMENT_DMA_WRITES
1546 if (s->fDMA)
1547 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1548#endif
1549 s->Led.Actual.s.fWriting = 0;
1550 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1551
1552 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1553
1554 if (RT_SUCCESS(rc))
1555 *fRedo = false;
1556 else
1557 *fRedo = ataIsRedoSetWarning(s, rc);
1558
1559 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1560 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1561 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1562 return rc;
1563}
1564
1565
1566static void ataReadWriteSectorsBT(ATADevState *s)
1567{
1568 uint32_t cSectors;
1569
1570 cSectors = s->cbTotalTransfer / 512;
1571 if (cSectors > s->cSectorsPerIRQ)
1572 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1573 else
1574 s->cbElementaryTransfer = cSectors * 512;
1575 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1576 ataCmdOK(s, 0);
1577}
1578
1579
1580static bool ataReadSectorsSS(ATADevState *s)
1581{
1582 int rc;
1583 uint32_t cSectors;
1584 uint64_t iLBA;
1585 bool fRedo;
1586
1587 cSectors = s->cbElementaryTransfer / 512;
1588 Assert(cSectors);
1589 iLBA = ataGetSector(s);
1590 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1591 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1592 if (RT_SUCCESS(rc))
1593 {
1594 ataSetSector(s, iLBA + cSectors);
1595 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1596 s->iSourceSink = ATAFN_SS_NULL;
1597 ataCmdOK(s, ATA_STAT_SEEK);
1598 }
1599 else
1600 {
1601 if (fRedo)
1602 return fRedo;
1603 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1604 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1605 s->iLUN, rc, iLBA, cSectors));
1606
1607 /*
1608 * Check if we got interrupted. We don't need to set status variables
1609 * because the request was aborted.
1610 */
1611 if (rc != VERR_INTERRUPTED)
1612 ataCmdError(s, ID_ERR);
1613 }
1614 return false;
1615}
1616
1617
1618static bool ataWriteSectorsSS(ATADevState *s)
1619{
1620 int rc;
1621 uint32_t cSectors;
1622 uint64_t iLBA;
1623 bool fRedo;
1624
1625 cSectors = s->cbElementaryTransfer / 512;
1626 Assert(cSectors);
1627 iLBA = ataGetSector(s);
1628 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1629 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1630 if (RT_SUCCESS(rc))
1631 {
1632 ataSetSector(s, iLBA + cSectors);
1633 if (!s->cbTotalTransfer)
1634 s->iSourceSink = ATAFN_SS_NULL;
1635 ataCmdOK(s, ATA_STAT_SEEK);
1636 }
1637 else
1638 {
1639 if (fRedo)
1640 return fRedo;
1641 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1642 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1643 s->iLUN, rc, iLBA, cSectors));
1644
1645 /*
1646 * Check if we got interrupted. We don't need to set status variables
1647 * because the request was aborted.
1648 */
1649 if (rc != VERR_INTERRUPTED)
1650 ataCmdError(s, ID_ERR);
1651 }
1652 return false;
1653}
1654
1655
1656static void atapiCmdOK(ATADevState *s)
1657{
1658 s->uATARegError = 0;
1659 ataSetStatusValue(s, ATA_STAT_READY);
1660 s->uATARegNSector = (s->uATARegNSector & ~7)
1661 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1662 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1663 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1664
1665 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1666 s->abATAPISense[0] = 0x70 | (1 << 7);
1667 s->abATAPISense[7] = 10;
1668}
1669
1670
1671static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1672{
1673 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1674 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1675 s->uATARegError = pabATAPISense[2] << 4;
1676 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1677 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1678 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1679 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1680 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1681 s->cbTotalTransfer = 0;
1682 s->cbElementaryTransfer = 0;
1683 s->iIOBufferCur = 0;
1684 s->iIOBufferEnd = 0;
1685 s->uTxDir = PDMBLOCKTXDIR_NONE;
1686 s->iBeginTransfer = ATAFN_BT_NULL;
1687 s->iSourceSink = ATAFN_SS_NULL;
1688}
1689
1690
1691/** @todo deprecated function - doesn't provide enough info. Replace by direct
1692 * calls to atapiCmdError() with full data. */
1693static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1694{
1695 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1696 memset(abATAPISense, '\0', sizeof(abATAPISense));
1697 abATAPISense[0] = 0x70 | (1 << 7);
1698 abATAPISense[2] = uATAPISenseKey & 0x0f;
1699 abATAPISense[7] = 10;
1700 abATAPISense[12] = uATAPIASC;
1701 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1702}
1703
1704
1705static void atapiCmdBT(ATADevState *s)
1706{
1707 s->fATAPITransfer = true;
1708 s->cbElementaryTransfer = s->cbTotalTransfer;
1709 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1710 atapiCmdOK(s);
1711}
1712
1713
1714static void atapiPassthroughCmdBT(ATADevState *s)
1715{
1716 /* @todo implement an algorithm for correctly determining the read and
1717 * write sector size without sending additional commands to the drive.
1718 * This should be doable by saving processing the configuration requests
1719 * and replies. */
1720#if 0
1721 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1722 {
1723 uint8_t cmd = s->aATAPICmd[0];
1724 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1725 {
1726 uint8_t aModeSenseCmd[10];
1727 uint8_t aModeSenseResult[16];
1728 uint8_t uDummySense;
1729 uint32_t cbTransfer;
1730 int rc;
1731
1732 cbTransfer = sizeof(aModeSenseResult);
1733 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1734 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1735 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1736 aModeSenseCmd[3] = 0; /* subpage code */
1737 aModeSenseCmd[4] = 0; /* reserved */
1738 aModeSenseCmd[5] = 0; /* reserved */
1739 aModeSenseCmd[6] = 0; /* reserved */
1740 aModeSenseCmd[7] = cbTransfer >> 8;
1741 aModeSenseCmd[8] = cbTransfer & 0xff;
1742 aModeSenseCmd[9] = 0; /* control */
1743 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1744 if (RT_FAILURE(rc))
1745 {
1746 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1747 return;
1748 }
1749 /* Select sector size based on the current data block type. */
1750 switch (aModeSenseResult[12] & 0x0f)
1751 {
1752 case 0:
1753 s->cbATAPISector = 2352;
1754 break;
1755 case 1:
1756 s->cbATAPISector = 2368;
1757 break;
1758 case 2:
1759 case 3:
1760 s->cbATAPISector = 2448;
1761 break;
1762 case 8:
1763 case 10:
1764 s->cbATAPISector = 2048;
1765 break;
1766 case 9:
1767 s->cbATAPISector = 2336;
1768 break;
1769 case 11:
1770 s->cbATAPISector = 2056;
1771 break;
1772 case 12:
1773 s->cbATAPISector = 2324;
1774 break;
1775 case 13:
1776 s->cbATAPISector = 2332;
1777 break;
1778 default:
1779 s->cbATAPISector = 0;
1780 }
1781 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1782 s->cbTotalTransfer *= s->cbATAPISector;
1783 if (s->cbTotalTransfer == 0)
1784 s->uTxDir = PDMBLOCKTXDIR_NONE;
1785 }
1786 }
1787#endif
1788 atapiCmdBT(s);
1789}
1790
1791
1792static bool atapiReadSS(ATADevState *s)
1793{
1794 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1795 int rc = VINF_SUCCESS;
1796 uint32_t cbTransfer, cSectors;
1797
1798 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1799 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1800 cSectors = cbTransfer / s->cbATAPISector;
1801 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1802 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1803
1804 PDMCritSectLeave(&pCtl->lock);
1805
1806 STAM_PROFILE_ADV_START(&s->StatReads, r);
1807 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1808 switch (s->cbATAPISector)
1809 {
1810 case 2048:
1811 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1812 break;
1813 case 2352:
1814 {
1815 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1816
1817 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1818 {
1819 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1820 *pbBuf++ = 0x00;
1821 memset(pbBuf, 0xff, 10);
1822 pbBuf += 10;
1823 *pbBuf++ = 0x00;
1824 /* MSF */
1825 ataLBA2MSF(pbBuf, i);
1826 pbBuf += 3;
1827 *pbBuf++ = 0x01; /* mode 1 data */
1828 /* data */
1829 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1830 if (RT_FAILURE(rc))
1831 break;
1832 pbBuf += 2048;
1833 /**
1834 * @todo: maybe compute ECC and parity, layout is:
1835 * 2072 4 EDC
1836 * 2076 172 P parity symbols
1837 * 2248 104 Q parity symbols
1838 */
1839 memset(pbBuf, 0, 280);
1840 pbBuf += 280;
1841 }
1842 }
1843 break;
1844 default:
1845 break;
1846 }
1847 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1848
1849 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1850 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1851 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1852
1853 if (RT_SUCCESS(rc))
1854 {
1855 s->Led.Actual.s.fReading = 0;
1856 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1857
1858 /* The initial buffer end value has been set up based on the total
1859 * transfer size. But the I/O buffer size limits what can actually be
1860 * done in one transfer, so set the actual value of the buffer end. */
1861 s->cbElementaryTransfer = cbTransfer;
1862 if (cbTransfer >= s->cbTotalTransfer)
1863 s->iSourceSink = ATAFN_SS_NULL;
1864 atapiCmdOK(s);
1865 s->iATAPILBA += cSectors;
1866 }
1867 else
1868 {
1869 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1870 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1871
1872 /*
1873 * Check if we got interrupted. We don't need to set status variables
1874 * because the request was aborted.
1875 */
1876 if (rc != VERR_INTERRUPTED)
1877 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1878 }
1879 return false;
1880}
1881
1882
1883static bool atapiPassthroughSS(ATADevState *s)
1884{
1885 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1886 int rc = VINF_SUCCESS;
1887 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1888 uint32_t cbTransfer;
1889 PSTAMPROFILEADV pProf = NULL;
1890
1891 cbTransfer = s->cbElementaryTransfer;
1892
1893 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1894 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1895
1896 /* Simple heuristics: if there is at least one sector of data
1897 * to transfer, it's worth updating the LEDs. */
1898 if (cbTransfer >= 2048)
1899 {
1900 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1901 {
1902 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1903 pProf = &s->StatReads;
1904 }
1905 else
1906 {
1907 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1908 pProf = &s->StatWrites;
1909 }
1910 }
1911
1912 PDMCritSectLeave(&pCtl->lock);
1913
1914 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1915 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1916 {
1917 /* Linux accepts commands with up to 100KB of data, but expects
1918 * us to handle commands with up to 128KB of data. The usual
1919 * imbalance of powers. */
1920 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1921 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1922 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1923
1924 switch (s->aATAPICmd[0])
1925 {
1926 case SCSI_READ_10:
1927 case SCSI_WRITE_10:
1928 case SCSI_WRITE_AND_VERIFY_10:
1929 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1930 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1931 break;
1932 case SCSI_READ_12:
1933 case SCSI_WRITE_12:
1934 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1935 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1936 break;
1937 case SCSI_READ_CD:
1938 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1939 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1940 break;
1941 case SCSI_READ_CD_MSF:
1942 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1943 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1944 break;
1945 default:
1946 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1947 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1948 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1949 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1950 {
1951 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1952 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1953 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1954 }
1955 return false;
1956 }
1957 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1958 cReqSectors = 0;
1959 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1960 {
1961 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1962 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1963 else
1964 cReqSectors = i;
1965 cbCurrTX = s->cbATAPISector * cReqSectors;
1966 switch (s->aATAPICmd[0])
1967 {
1968 case SCSI_READ_10:
1969 case SCSI_WRITE_10:
1970 case SCSI_WRITE_AND_VERIFY_10:
1971 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1972 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1973 break;
1974 case SCSI_READ_12:
1975 case SCSI_WRITE_12:
1976 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1977 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1978 break;
1979 case SCSI_READ_CD:
1980 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1981 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1982 break;
1983 case SCSI_READ_CD_MSF:
1984 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1985 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1986 break;
1987 }
1988 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1989 if (rc != VINF_SUCCESS)
1990 break;
1991 iATAPILBA += cReqSectors;
1992 pbBuf += s->cbATAPISector * cReqSectors;
1993 }
1994 }
1995 else
1996 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1997 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1998
1999 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2000 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2001 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2002
2003 /* Update the LEDs and the read/write statistics. */
2004 if (cbTransfer >= 2048)
2005 {
2006 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2007 {
2008 s->Led.Actual.s.fReading = 0;
2009 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2010 }
2011 else
2012 {
2013 s->Led.Actual.s.fWriting = 0;
2014 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2015 }
2016 }
2017
2018 if (RT_SUCCESS(rc))
2019 {
2020 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2021 {
2022 Assert(cbTransfer <= s->cbTotalTransfer);
2023 /* Reply with the same amount of data as the real drive. */
2024 s->cbTotalTransfer = cbTransfer;
2025 /* The initial buffer end value has been set up based on the total
2026 * transfer size. But the I/O buffer size limits what can actually be
2027 * done in one transfer, so set the actual value of the buffer end. */
2028 s->cbElementaryTransfer = cbTransfer;
2029 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2030 {
2031 /* Make sure that the real drive cannot be identified.
2032 * Motivation: changing the VM configuration should be as
2033 * invisible as possible to the guest. */
2034 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2035 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2036 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2037 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2038 }
2039 if (cbTransfer)
2040 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2041 }
2042 s->iSourceSink = ATAFN_SS_NULL;
2043 atapiCmdOK(s);
2044 }
2045 else
2046 {
2047 if (s->cErrors < MAX_LOG_REL_ERRORS)
2048 {
2049 uint8_t u8Cmd = s->aATAPICmd[0];
2050 do
2051 {
2052 /* don't log superflous errors */
2053 if ( rc == VERR_DEV_IO_ERROR
2054 && ( u8Cmd == SCSI_TEST_UNIT_READY
2055 || u8Cmd == SCSI_READ_CAPACITY
2056 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2057 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2058 break;
2059 s->cErrors++;
2060 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2061 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2062 } while (0);
2063 }
2064 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2065 }
2066 return false;
2067}
2068
2069/** @todo: Revise ASAP. */
2070static bool atapiReadDVDStructureSS(ATADevState *s)
2071{
2072 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2073 int media = s->aATAPICmd[1];
2074 int format = s->aATAPICmd[7];
2075
2076 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2077
2078 memset(buf, 0, max_len);
2079
2080 switch (format) {
2081 case 0x00:
2082 case 0x01:
2083 case 0x02:
2084 case 0x03:
2085 case 0x04:
2086 case 0x05:
2087 case 0x06:
2088 case 0x07:
2089 case 0x08:
2090 case 0x09:
2091 case 0x0a:
2092 case 0x0b:
2093 case 0x0c:
2094 case 0x0d:
2095 case 0x0e:
2096 case 0x0f:
2097 case 0x10:
2098 case 0x11:
2099 case 0x30:
2100 case 0x31:
2101 case 0xff:
2102 if (media == 0)
2103 {
2104 int uASC = SCSI_ASC_NONE;
2105
2106 switch (format)
2107 {
2108 case 0x0: /* Physical format information */
2109 {
2110 int layer = s->aATAPICmd[6];
2111 uint64_t total_sectors;
2112
2113 if (layer != 0)
2114 {
2115 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2116 break;
2117 }
2118
2119 total_sectors = s->cTotalSectors;
2120 total_sectors >>= 2;
2121 if (total_sectors == 0)
2122 {
2123 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2124 break;
2125 }
2126
2127 buf[4] = 1; /* DVD-ROM, part version 1 */
2128 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2129 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2130 buf[7] = 0; /* default densities */
2131
2132 /* FIXME: 0x30000 per spec? */
2133 ataH2BE_U32(buf + 8, 0); /* start sector */
2134 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2135 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2136
2137 /* Size of buffer, not including 2 byte size field */
2138 ataH2BE_U32(&buf[0], 2048 + 2);
2139
2140 /* 2k data + 4 byte header */
2141 uASC = (2048 + 4);
2142 }
2143 break;
2144 case 0x01: /* DVD copyright information */
2145 buf[4] = 0; /* no copyright data */
2146 buf[5] = 0; /* no region restrictions */
2147
2148 /* Size of buffer, not including 2 byte size field */
2149 ataH2BE_U16(buf, 4 + 2);
2150
2151 /* 4 byte header + 4 byte data */
2152 uASC = (4 + 4);
2153
2154 case 0x03: /* BCA information - invalid field for no BCA info */
2155 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2156 break;
2157
2158 case 0x04: /* DVD disc manufacturing information */
2159 /* Size of buffer, not including 2 byte size field */
2160 ataH2BE_U16(buf, 2048 + 2);
2161
2162 /* 2k data + 4 byte header */
2163 uASC = (2048 + 4);
2164 break;
2165 case 0xff:
2166 /*
2167 * This lists all the command capabilities above. Add new ones
2168 * in order and update the length and buffer return values.
2169 */
2170
2171 buf[4] = 0x00; /* Physical format */
2172 buf[5] = 0x40; /* Not writable, is readable */
2173 ataH2BE_U16((buf + 6), 2048 + 4);
2174
2175 buf[8] = 0x01; /* Copyright info */
2176 buf[9] = 0x40; /* Not writable, is readable */
2177 ataH2BE_U16((buf + 10), 4 + 4);
2178
2179 buf[12] = 0x03; /* BCA info */
2180 buf[13] = 0x40; /* Not writable, is readable */
2181 ataH2BE_U16((buf + 14), 188 + 4);
2182
2183 buf[16] = 0x04; /* Manufacturing info */
2184 buf[17] = 0x40; /* Not writable, is readable */
2185 ataH2BE_U16((buf + 18), 2048 + 4);
2186
2187 /* Size of buffer, not including 2 byte size field */
2188 ataH2BE_U16(buf, 16 + 2);
2189
2190 /* data written + 4 byte header */
2191 uASC = (16 + 4);
2192 break;
2193 default: /* TODO: formats beyond DVD-ROM requires */
2194 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2195 }
2196
2197 if (uASC < 0)
2198 {
2199 s->iSourceSink = ATAFN_SS_NULL;
2200 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2201 return false;
2202 }
2203 break;
2204 }
2205 /* TODO: BD support, fall through for now */
2206
2207 /* Generic disk structures */
2208 case 0x80: /* TODO: AACS volume identifier */
2209 case 0x81: /* TODO: AACS media serial number */
2210 case 0x82: /* TODO: AACS media identifier */
2211 case 0x83: /* TODO: AACS media key block */
2212 case 0x90: /* TODO: List of recognized format layers */
2213 case 0xc0: /* TODO: Write protection status */
2214 default:
2215 s->iSourceSink = ATAFN_SS_NULL;
2216 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2217 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2218 return false;
2219 }
2220
2221 s->iSourceSink = ATAFN_SS_NULL;
2222 atapiCmdOK(s);
2223 return false;
2224}
2225
2226static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2227{
2228 Assert(cSectors > 0);
2229 s->iATAPILBA = iATAPILBA;
2230 s->cbATAPISector = cbSector;
2231 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2232 return false;
2233}
2234
2235
2236static bool atapiReadCapacitySS(ATADevState *s)
2237{
2238 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2239
2240 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2241 Assert(s->cbElementaryTransfer <= 8);
2242 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2243 ataH2BE_U32(pbBuf + 4, 2048);
2244 s->iSourceSink = ATAFN_SS_NULL;
2245 atapiCmdOK(s);
2246 return false;
2247}
2248
2249
2250static bool atapiReadDiscInformationSS(ATADevState *s)
2251{
2252 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2253
2254 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2255 Assert(s->cbElementaryTransfer <= 34);
2256 memset(pbBuf, '\0', 34);
2257 ataH2BE_U16(pbBuf, 32);
2258 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2259 pbBuf[3] = 1; /* number of first track */
2260 pbBuf[4] = 1; /* number of sessions (LSB) */
2261 pbBuf[5] = 1; /* first track number in last session (LSB) */
2262 pbBuf[6] = 1; /* last track number in last session (LSB) */
2263 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2264 pbBuf[8] = 0; /* disc type = CD-ROM */
2265 pbBuf[9] = 0; /* number of sessions (MSB) */
2266 pbBuf[10] = 0; /* number of sessions (MSB) */
2267 pbBuf[11] = 0; /* number of sessions (MSB) */
2268 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2269 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2270 s->iSourceSink = ATAFN_SS_NULL;
2271 atapiCmdOK(s);
2272 return false;
2273}
2274
2275
2276static bool atapiReadTrackInformationSS(ATADevState *s)
2277{
2278 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2279
2280 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2281 Assert(s->cbElementaryTransfer <= 36);
2282 /* Accept address/number type of 1 only, and only track 1 exists. */
2283 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2284 {
2285 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2286 return false;
2287 }
2288 memset(pbBuf, '\0', 36);
2289 ataH2BE_U16(pbBuf, 34);
2290 pbBuf[2] = 1; /* track number (LSB) */
2291 pbBuf[3] = 1; /* session number (LSB) */
2292 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2293 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2294 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2295 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2296 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2297 pbBuf[32] = 0; /* track number (MSB) */
2298 pbBuf[33] = 0; /* session number (MSB) */
2299 s->iSourceSink = ATAFN_SS_NULL;
2300 atapiCmdOK(s);
2301 return false;
2302}
2303
2304
2305static bool atapiGetConfigurationSS(ATADevState *s)
2306{
2307 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2308 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2309
2310 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2311 Assert(s->cbElementaryTransfer <= 32);
2312 /* Accept valid request types only, and only starting feature 0. */
2313 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2314 {
2315 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2316 return false;
2317 }
2318 memset(pbBuf, '\0', 32);
2319 ataH2BE_U32(pbBuf, 16);
2320 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2321 * way to differentiate them right now is based on the image size). Also
2322 * implement signalling "no current profile" if no medium is loaded. */
2323 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2324
2325 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2326 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2327 pbBuf[11] = 8; /* additional bytes for profiles */
2328 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2329 * before CD-ROM read capability. */
2330 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2331 pbBuf[14] = (0 << 0); /* NOT current profile */
2332 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2333 pbBuf[18] = (1 << 0); /* current profile */
2334 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2335 s->iSourceSink = ATAFN_SS_NULL;
2336 atapiCmdOK(s);
2337 return false;
2338}
2339
2340
2341static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2342{
2343 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2344
2345 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2346 Assert(s->cbElementaryTransfer <= 8);
2347
2348 if (!(s->aATAPICmd[1] & 1))
2349 {
2350 /* no asynchronous operation supported */
2351 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2352 return false;
2353 }
2354
2355 uint32_t OldStatus, NewStatus;
2356 do
2357 {
2358 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2359 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2360 switch (OldStatus)
2361 {
2362 case ATA_EVENT_STATUS_MEDIA_NEW:
2363 /* mount */
2364 ataH2BE_U16(pbBuf + 0, 6);
2365 pbBuf[2] = 0x04;
2366 pbBuf[3] = 0x5e;
2367 pbBuf[4] = 0x02;
2368 pbBuf[5] = 0x02;
2369 pbBuf[6] = 0x00;
2370 pbBuf[7] = 0x00;
2371 break;
2372
2373 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2374 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2375 /* umount */
2376 ataH2BE_U16(pbBuf + 0, 6);
2377 pbBuf[2] = 0x04;
2378 pbBuf[3] = 0x5e;
2379 pbBuf[4] = 0x03;
2380 pbBuf[5] = 0x00;
2381 pbBuf[6] = 0x00;
2382 pbBuf[7] = 0x00;
2383 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2384 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2385 break;
2386
2387 case ATA_EVENT_STATUS_UNCHANGED:
2388 default:
2389 ataH2BE_U16(pbBuf + 0, 6);
2390 pbBuf[2] = 0x01;
2391 pbBuf[3] = 0x5e;
2392 pbBuf[4] = 0x00;
2393 pbBuf[5] = 0x00;
2394 pbBuf[6] = 0x00;
2395 pbBuf[7] = 0x00;
2396 break;
2397 }
2398 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2399
2400 s->iSourceSink = ATAFN_SS_NULL;
2401 atapiCmdOK(s);
2402 return false;
2403}
2404
2405
2406static bool atapiInquirySS(ATADevState *s)
2407{
2408 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2409
2410 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2411 Assert(s->cbElementaryTransfer <= 36);
2412 pbBuf[0] = 0x05; /* CD-ROM */
2413 pbBuf[1] = 0x80; /* removable */
2414#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2415 pbBuf[2] = 0x00; /* ISO */
2416 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2417#else
2418 pbBuf[2] = 0x00; /* ISO */
2419 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2420#endif
2421 pbBuf[4] = 31; /* additional length */
2422 pbBuf[5] = 0; /* reserved */
2423 pbBuf[6] = 0; /* reserved */
2424 pbBuf[7] = 0; /* reserved */
2425 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2426 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2427 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2428 s->iSourceSink = ATAFN_SS_NULL;
2429 atapiCmdOK(s);
2430 return false;
2431}
2432
2433
2434static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2435{
2436 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2437
2438 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2439 Assert(s->cbElementaryTransfer <= 16);
2440 ataH2BE_U16(&pbBuf[0], 16 + 6);
2441 pbBuf[2] = 0x70;
2442 pbBuf[3] = 0;
2443 pbBuf[4] = 0;
2444 pbBuf[5] = 0;
2445 pbBuf[6] = 0;
2446 pbBuf[7] = 0;
2447
2448 pbBuf[8] = 0x01;
2449 pbBuf[9] = 0x06;
2450 pbBuf[10] = 0x00;
2451 pbBuf[11] = 0x05;
2452 pbBuf[12] = 0x00;
2453 pbBuf[13] = 0x00;
2454 pbBuf[14] = 0x00;
2455 pbBuf[15] = 0x00;
2456 s->iSourceSink = ATAFN_SS_NULL;
2457 atapiCmdOK(s);
2458 return false;
2459}
2460
2461
2462static bool atapiModeSenseCDStatusSS(ATADevState *s)
2463{
2464 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2465
2466 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2467 Assert(s->cbElementaryTransfer <= 40);
2468 ataH2BE_U16(&pbBuf[0], 38);
2469 pbBuf[2] = 0x70;
2470 pbBuf[3] = 0;
2471 pbBuf[4] = 0;
2472 pbBuf[5] = 0;
2473 pbBuf[6] = 0;
2474 pbBuf[7] = 0;
2475
2476 pbBuf[8] = 0x2a;
2477 pbBuf[9] = 30; /* page length */
2478 pbBuf[10] = 0x08; /* DVD-ROM read support */
2479 pbBuf[11] = 0x00; /* no write support */
2480 /* The following claims we support audio play. This is obviously false,
2481 * but the Linux generic CDROM support makes many features depend on this
2482 * capability. If it's not set, this causes many things to be disabled. */
2483 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2484 pbBuf[13] = 0x00; /* no subchannel reads supported */
2485 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2486 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2487 pbBuf[14] |= 1 << 1; /* report lock state */
2488 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2489 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2490 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2491 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2492 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2493 pbBuf[24] = 0; /* reserved */
2494 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2495 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2496 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2497 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2498 pbBuf[32] = 0; /* reserved */
2499 pbBuf[33] = 0; /* reserved */
2500 pbBuf[34] = 0; /* reserved */
2501 pbBuf[35] = 1; /* rotation control CAV */
2502 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2503 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2504 s->iSourceSink = ATAFN_SS_NULL;
2505 atapiCmdOK(s);
2506 return false;
2507}
2508
2509
2510static bool atapiRequestSenseSS(ATADevState *s)
2511{
2512 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2513
2514 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2515 memset(pbBuf, '\0', s->cbElementaryTransfer);
2516 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2517 s->iSourceSink = ATAFN_SS_NULL;
2518 atapiCmdOK(s);
2519 return false;
2520}
2521
2522
2523static bool atapiMechanismStatusSS(ATADevState *s)
2524{
2525 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2526
2527 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2528 Assert(s->cbElementaryTransfer <= 8);
2529 ataH2BE_U16(pbBuf, 0);
2530 /* no current LBA */
2531 pbBuf[2] = 0;
2532 pbBuf[3] = 0;
2533 pbBuf[4] = 0;
2534 pbBuf[5] = 1;
2535 ataH2BE_U16(pbBuf + 6, 0);
2536 s->iSourceSink = ATAFN_SS_NULL;
2537 atapiCmdOK(s);
2538 return false;
2539}
2540
2541
2542static bool atapiReadTOCNormalSS(ATADevState *s)
2543{
2544 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2545 bool fMSF;
2546 uint32_t cbSize;
2547
2548 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2549 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2550 iStartTrack = s->aATAPICmd[6];
2551 if (iStartTrack > 1 && iStartTrack != 0xaa)
2552 {
2553 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2554 return false;
2555 }
2556 q = pbBuf + 2;
2557 *q++ = 1; /* first session */
2558 *q++ = 1; /* last session */
2559 if (iStartTrack <= 1)
2560 {
2561 *q++ = 0; /* reserved */
2562 *q++ = 0x14; /* ADR, control */
2563 *q++ = 1; /* track number */
2564 *q++ = 0; /* reserved */
2565 if (fMSF)
2566 {
2567 *q++ = 0; /* reserved */
2568 ataLBA2MSF(q, 0);
2569 q += 3;
2570 }
2571 else
2572 {
2573 /* sector 0 */
2574 ataH2BE_U32(q, 0);
2575 q += 4;
2576 }
2577 }
2578 /* lead out track */
2579 *q++ = 0; /* reserved */
2580 *q++ = 0x14; /* ADR, control */
2581 *q++ = 0xaa; /* track number */
2582 *q++ = 0; /* reserved */
2583 if (fMSF)
2584 {
2585 *q++ = 0; /* reserved */
2586 ataLBA2MSF(q, s->cTotalSectors);
2587 q += 3;
2588 }
2589 else
2590 {
2591 ataH2BE_U32(q, s->cTotalSectors);
2592 q += 4;
2593 }
2594 cbSize = q - pbBuf;
2595 ataH2BE_U16(pbBuf, cbSize - 2);
2596 if (cbSize < s->cbTotalTransfer)
2597 s->cbTotalTransfer = cbSize;
2598 s->iSourceSink = ATAFN_SS_NULL;
2599 atapiCmdOK(s);
2600 return false;
2601}
2602
2603
2604static bool atapiReadTOCMultiSS(ATADevState *s)
2605{
2606 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2607 bool fMSF;
2608
2609 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2610 Assert(s->cbElementaryTransfer <= 12);
2611 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2612 /* multi session: only a single session defined */
2613/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2614 memset(pbBuf, 0, 12);
2615 pbBuf[1] = 0x0a;
2616 pbBuf[2] = 0x01;
2617 pbBuf[3] = 0x01;
2618 pbBuf[5] = 0x14; /* ADR, control */
2619 pbBuf[6] = 1; /* first track in last complete session */
2620 if (fMSF)
2621 {
2622 pbBuf[8] = 0; /* reserved */
2623 ataLBA2MSF(&pbBuf[9], 0);
2624 }
2625 else
2626 {
2627 /* sector 0 */
2628 ataH2BE_U32(pbBuf + 8, 0);
2629 }
2630 s->iSourceSink = ATAFN_SS_NULL;
2631 atapiCmdOK(s);
2632 return false;
2633}
2634
2635
2636static bool atapiReadTOCRawSS(ATADevState *s)
2637{
2638 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2639 bool fMSF;
2640 uint32_t cbSize;
2641
2642 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2643 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2644 iStartTrack = s->aATAPICmd[6];
2645
2646 q = pbBuf + 2;
2647 *q++ = 1; /* first session */
2648 *q++ = 1; /* last session */
2649
2650 *q++ = 1; /* session number */
2651 *q++ = 0x14; /* data track */
2652 *q++ = 0; /* track number */
2653 *q++ = 0xa0; /* first track in program area */
2654 *q++ = 0; /* min */
2655 *q++ = 0; /* sec */
2656 *q++ = 0; /* frame */
2657 *q++ = 0;
2658 *q++ = 1; /* first track */
2659 *q++ = 0x00; /* disk type CD-DA or CD data */
2660 *q++ = 0;
2661
2662 *q++ = 1; /* session number */
2663 *q++ = 0x14; /* data track */
2664 *q++ = 0; /* track number */
2665 *q++ = 0xa1; /* last track in program area */
2666 *q++ = 0; /* min */
2667 *q++ = 0; /* sec */
2668 *q++ = 0; /* frame */
2669 *q++ = 0;
2670 *q++ = 1; /* last track */
2671 *q++ = 0;
2672 *q++ = 0;
2673
2674 *q++ = 1; /* session number */
2675 *q++ = 0x14; /* data track */
2676 *q++ = 0; /* track number */
2677 *q++ = 0xa2; /* lead-out */
2678 *q++ = 0; /* min */
2679 *q++ = 0; /* sec */
2680 *q++ = 0; /* frame */
2681 if (fMSF)
2682 {
2683 *q++ = 0; /* reserved */
2684 ataLBA2MSF(q, s->cTotalSectors);
2685 q += 3;
2686 }
2687 else
2688 {
2689 ataH2BE_U32(q, s->cTotalSectors);
2690 q += 4;
2691 }
2692
2693 *q++ = 1; /* session number */
2694 *q++ = 0x14; /* ADR, control */
2695 *q++ = 0; /* track number */
2696 *q++ = 1; /* point */
2697 *q++ = 0; /* min */
2698 *q++ = 0; /* sec */
2699 *q++ = 0; /* frame */
2700 if (fMSF)
2701 {
2702 *q++ = 0; /* reserved */
2703 ataLBA2MSF(q, 0);
2704 q += 3;
2705 }
2706 else
2707 {
2708 /* sector 0 */
2709 ataH2BE_U32(q, 0);
2710 q += 4;
2711 }
2712
2713 cbSize = q - pbBuf;
2714 ataH2BE_U16(pbBuf, cbSize - 2);
2715 if (cbSize < s->cbTotalTransfer)
2716 s->cbTotalTransfer = cbSize;
2717 s->iSourceSink = ATAFN_SS_NULL;
2718 atapiCmdOK(s);
2719 return false;
2720}
2721
2722
2723static void atapiParseCmdVirtualATAPI(ATADevState *s)
2724{
2725 const uint8_t *pbPacket;
2726 uint8_t *pbBuf;
2727 uint32_t cbMax;
2728
2729 pbPacket = s->aATAPICmd;
2730 pbBuf = s->CTX_SUFF(pbIOBuffer);
2731 switch (pbPacket[0])
2732 {
2733 case SCSI_TEST_UNIT_READY:
2734 if (s->cNotifiedMediaChange > 0)
2735 {
2736 if (s->cNotifiedMediaChange-- > 2)
2737 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2738 else
2739 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2740 }
2741 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2742 atapiCmdOK(s);
2743 else
2744 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2745 break;
2746 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2747 cbMax = ataBE2H_U16(pbPacket + 7);
2748 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2749 break;
2750 case SCSI_MODE_SENSE_10:
2751 {
2752 uint8_t uPageControl, uPageCode;
2753 cbMax = ataBE2H_U16(pbPacket + 7);
2754 uPageControl = pbPacket[2] >> 6;
2755 uPageCode = pbPacket[2] & 0x3f;
2756 switch (uPageControl)
2757 {
2758 case SCSI_PAGECONTROL_CURRENT:
2759 switch (uPageCode)
2760 {
2761 case SCSI_MODEPAGE_ERROR_RECOVERY:
2762 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2763 break;
2764 case SCSI_MODEPAGE_CD_STATUS:
2765 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2766 break;
2767 default:
2768 goto error_cmd;
2769 }
2770 break;
2771 case SCSI_PAGECONTROL_CHANGEABLE:
2772 goto error_cmd;
2773 case SCSI_PAGECONTROL_DEFAULT:
2774 goto error_cmd;
2775 default:
2776 case SCSI_PAGECONTROL_SAVED:
2777 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2778 break;
2779 }
2780 }
2781 break;
2782 case SCSI_REQUEST_SENSE:
2783 cbMax = pbPacket[4];
2784 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2785 break;
2786 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2787 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2788 {
2789 if (pbPacket[4] & 1)
2790 s->pDrvMount->pfnLock(s->pDrvMount);
2791 else
2792 s->pDrvMount->pfnUnlock(s->pDrvMount);
2793 atapiCmdOK(s);
2794 }
2795 else
2796 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2797 break;
2798 case SCSI_READ_10:
2799 case SCSI_READ_12:
2800 {
2801 uint32_t cSectors, iATAPILBA;
2802
2803 if (s->cNotifiedMediaChange > 0)
2804 {
2805 s->cNotifiedMediaChange-- ;
2806 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2807 break;
2808 }
2809 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2810 {
2811 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2812 break;
2813 }
2814 if (pbPacket[0] == SCSI_READ_10)
2815 cSectors = ataBE2H_U16(pbPacket + 7);
2816 else
2817 cSectors = ataBE2H_U32(pbPacket + 6);
2818 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2819 if (cSectors == 0)
2820 {
2821 atapiCmdOK(s);
2822 break;
2823 }
2824 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2825 {
2826 /* Rate limited logging, one log line per second. For
2827 * guests that insist on reading from places outside the
2828 * valid area this often generates too many release log
2829 * entries otherwise. */
2830 static uint64_t uLastLogTS = 0;
2831 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2832 {
2833 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2834 uLastLogTS = RTTimeMilliTS();
2835 }
2836 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2837 break;
2838 }
2839 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2840 }
2841 break;
2842 case SCSI_READ_CD:
2843 {
2844 uint32_t cSectors, iATAPILBA;
2845
2846 if (s->cNotifiedMediaChange > 0)
2847 {
2848 s->cNotifiedMediaChange-- ;
2849 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2850 break;
2851 }
2852 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2853 {
2854 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2855 break;
2856 }
2857 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2858 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2859 if (cSectors == 0)
2860 {
2861 atapiCmdOK(s);
2862 break;
2863 }
2864 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2865 {
2866 /* Rate limited logging, one log line per second. For
2867 * guests that insist on reading from places outside the
2868 * valid area this often generates too many release log
2869 * entries otherwise. */
2870 static uint64_t uLastLogTS = 0;
2871 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2872 {
2873 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2874 uLastLogTS = RTTimeMilliTS();
2875 }
2876 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2877 break;
2878 }
2879 switch (pbPacket[9] & 0xf8)
2880 {
2881 case 0x00:
2882 /* nothing */
2883 atapiCmdOK(s);
2884 break;
2885 case 0x10:
2886 /* normal read */
2887 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2888 break;
2889 case 0xf8:
2890 /* read all data */
2891 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2892 break;
2893 default:
2894 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2895 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2896 break;
2897 }
2898 }
2899 break;
2900 case SCSI_SEEK_10:
2901 {
2902 uint32_t iATAPILBA;
2903 if (s->cNotifiedMediaChange > 0)
2904 {
2905 s->cNotifiedMediaChange-- ;
2906 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2907 break;
2908 }
2909 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2910 {
2911 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2912 break;
2913 }
2914 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2915 if (iATAPILBA > s->cTotalSectors)
2916 {
2917 /* Rate limited logging, one log line per second. For
2918 * guests that insist on seeking to places outside the
2919 * valid area this often generates too many release log
2920 * entries otherwise. */
2921 static uint64_t uLastLogTS = 0;
2922 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2923 {
2924 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2925 uLastLogTS = RTTimeMilliTS();
2926 }
2927 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2928 break;
2929 }
2930 atapiCmdOK(s);
2931 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2932 }
2933 break;
2934 case SCSI_START_STOP_UNIT:
2935 {
2936 int rc = VINF_SUCCESS;
2937 switch (pbPacket[4] & 3)
2938 {
2939 case 0: /* 00 - Stop motor */
2940 case 1: /* 01 - Start motor */
2941 break;
2942 case 2: /* 10 - Eject media */
2943 /* This must be done from EMT. */
2944 {
2945 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2946 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2947
2948 PDMCritSectLeave(&pCtl->lock);
2949 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
2950 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2951 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED));
2952 {
2953 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2954 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2955 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2956 }
2957 }
2958 break;
2959 case 3: /* 11 - Load media */
2960 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2961 break;
2962 }
2963 if (RT_SUCCESS(rc))
2964 atapiCmdOK(s);
2965 else
2966 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2967 }
2968 break;
2969 case SCSI_MECHANISM_STATUS:
2970 {
2971 cbMax = ataBE2H_U16(pbPacket + 8);
2972 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2973 }
2974 break;
2975 case SCSI_READ_TOC_PMA_ATIP:
2976 {
2977 uint8_t format;
2978
2979 if (s->cNotifiedMediaChange > 0)
2980 {
2981 s->cNotifiedMediaChange-- ;
2982 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2983 break;
2984 }
2985 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2986 {
2987 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2988 break;
2989 }
2990 cbMax = ataBE2H_U16(pbPacket + 7);
2991 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2992 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2993 * the other field is clear... */
2994 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2995 switch (format)
2996 {
2997 case 0:
2998 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
2999 break;
3000 case 1:
3001 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3002 break;
3003 case 2:
3004 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3005 break;
3006 default:
3007 error_cmd:
3008 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3009 break;
3010 }
3011 }
3012 break;
3013 case SCSI_READ_CAPACITY:
3014 if (s->cNotifiedMediaChange > 0)
3015 {
3016 s->cNotifiedMediaChange-- ;
3017 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3018 break;
3019 }
3020 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3021 {
3022 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3023 break;
3024 }
3025 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3026 break;
3027 case SCSI_READ_DISC_INFORMATION:
3028 if (s->cNotifiedMediaChange > 0)
3029 {
3030 s->cNotifiedMediaChange-- ;
3031 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3032 break;
3033 }
3034 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3035 {
3036 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3037 break;
3038 }
3039 cbMax = ataBE2H_U16(pbPacket + 7);
3040 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3041 break;
3042 case SCSI_READ_TRACK_INFORMATION:
3043 if (s->cNotifiedMediaChange > 0)
3044 {
3045 s->cNotifiedMediaChange-- ;
3046 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3047 break;
3048 }
3049 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3050 {
3051 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3052 break;
3053 }
3054 cbMax = ataBE2H_U16(pbPacket + 7);
3055 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3056 break;
3057 case SCSI_GET_CONFIGURATION:
3058 /* No media change stuff here, it can confuse Linux guests. */
3059 cbMax = ataBE2H_U16(pbPacket + 7);
3060 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3061 break;
3062 case SCSI_INQUIRY:
3063 cbMax = ataBE2H_U16(pbPacket + 3);
3064 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3065 break;
3066 case SCSI_READ_DVD_STRUCTURE:
3067 {
3068 cbMax = ataBE2H_U16(pbPacket + 8);
3069 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3070 break;
3071 }
3072 default:
3073 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3074 break;
3075 }
3076}
3077
3078
3079/*
3080 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3081 */
3082static void atapiParseCmdPassthrough(ATADevState *s)
3083{
3084 const uint8_t *pbPacket;
3085 uint8_t *pbBuf;
3086 uint32_t cSectors, iATAPILBA;
3087 uint32_t cbTransfer = 0;
3088 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3089
3090 pbPacket = s->aATAPICmd;
3091 pbBuf = s->CTX_SUFF(pbIOBuffer);
3092 switch (pbPacket[0])
3093 {
3094 case SCSI_BLANK:
3095 goto sendcmd;
3096 case SCSI_CLOSE_TRACK_SESSION:
3097 goto sendcmd;
3098 case SCSI_ERASE_10:
3099 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3100 cbTransfer = ataBE2H_U16(pbPacket + 7);
3101 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3102 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3103 goto sendcmd;
3104 case SCSI_FORMAT_UNIT:
3105 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3106 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3107 goto sendcmd;
3108 case SCSI_GET_CONFIGURATION:
3109 cbTransfer = ataBE2H_U16(pbPacket + 7);
3110 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3111 goto sendcmd;
3112 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3113 cbTransfer = ataBE2H_U16(pbPacket + 7);
3114 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3115 {
3116 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3117 break;
3118 }
3119 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3120 goto sendcmd;
3121 case SCSI_GET_PERFORMANCE:
3122 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3123 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3124 goto sendcmd;
3125 case SCSI_INQUIRY:
3126 cbTransfer = ataBE2H_U16(pbPacket + 3);
3127 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3128 goto sendcmd;
3129 case SCSI_LOAD_UNLOAD_MEDIUM:
3130 goto sendcmd;
3131 case SCSI_MECHANISM_STATUS:
3132 cbTransfer = ataBE2H_U16(pbPacket + 8);
3133 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3134 goto sendcmd;
3135 case SCSI_MODE_SELECT_10:
3136 cbTransfer = ataBE2H_U16(pbPacket + 7);
3137 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3138 goto sendcmd;
3139 case SCSI_MODE_SENSE_10:
3140 cbTransfer = ataBE2H_U16(pbPacket + 7);
3141 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3142 goto sendcmd;
3143 case SCSI_PAUSE_RESUME:
3144 goto sendcmd;
3145 case SCSI_PLAY_AUDIO_10:
3146 goto sendcmd;
3147 case SCSI_PLAY_AUDIO_12:
3148 goto sendcmd;
3149 case SCSI_PLAY_AUDIO_MSF:
3150 goto sendcmd;
3151 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3152 /** @todo do not forget to unlock when a VM is shut down */
3153 goto sendcmd;
3154 case SCSI_READ_10:
3155 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3156 cSectors = ataBE2H_U16(pbPacket + 7);
3157 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3158 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3159 cbTransfer = cSectors * s->cbATAPISector;
3160 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3161 goto sendcmd;
3162 case SCSI_READ_12:
3163 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3164 cSectors = ataBE2H_U32(pbPacket + 6);
3165 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3166 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3167 cbTransfer = cSectors * s->cbATAPISector;
3168 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3169 goto sendcmd;
3170 case SCSI_READ_BUFFER:
3171 cbTransfer = ataBE2H_U24(pbPacket + 6);
3172 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3173 goto sendcmd;
3174 case SCSI_READ_BUFFER_CAPACITY:
3175 cbTransfer = ataBE2H_U16(pbPacket + 7);
3176 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3177 goto sendcmd;
3178 case SCSI_READ_CAPACITY:
3179 cbTransfer = 8;
3180 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3181 goto sendcmd;
3182 case SCSI_READ_CD:
3183 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3184 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
3185 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3186 goto sendcmd;
3187 case SCSI_READ_CD_MSF:
3188 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3189 if (cSectors > 32)
3190 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3191 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3192 cbTransfer = cSectors * s->cbATAPISector;
3193 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3194 goto sendcmd;
3195 case SCSI_READ_DISC_INFORMATION:
3196 cbTransfer = ataBE2H_U16(pbPacket + 7);
3197 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3198 goto sendcmd;
3199 case SCSI_READ_DVD_STRUCTURE:
3200 cbTransfer = ataBE2H_U16(pbPacket + 8);
3201 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3202 goto sendcmd;
3203 case SCSI_READ_FORMAT_CAPACITIES:
3204 cbTransfer = ataBE2H_U16(pbPacket + 7);
3205 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3206 goto sendcmd;
3207 case SCSI_READ_SUBCHANNEL:
3208 cbTransfer = ataBE2H_U16(pbPacket + 7);
3209 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3210 goto sendcmd;
3211 case SCSI_READ_TOC_PMA_ATIP:
3212 cbTransfer = ataBE2H_U16(pbPacket + 7);
3213 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3214 goto sendcmd;
3215 case SCSI_READ_TRACK_INFORMATION:
3216 cbTransfer = ataBE2H_U16(pbPacket + 7);
3217 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3218 goto sendcmd;
3219 case SCSI_REPAIR_TRACK:
3220 goto sendcmd;
3221 case SCSI_REPORT_KEY:
3222 cbTransfer = ataBE2H_U16(pbPacket + 8);
3223 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3224 goto sendcmd;
3225 case SCSI_REQUEST_SENSE:
3226 cbTransfer = pbPacket[4];
3227 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3228 {
3229 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3230 break;
3231 }
3232 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3233 goto sendcmd;
3234 case SCSI_RESERVE_TRACK:
3235 goto sendcmd;
3236 case SCSI_SCAN:
3237 goto sendcmd;
3238 case SCSI_SEEK_10:
3239 goto sendcmd;
3240 case SCSI_SEND_CUE_SHEET:
3241 cbTransfer = ataBE2H_U24(pbPacket + 6);
3242 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3243 goto sendcmd;
3244 case SCSI_SEND_DVD_STRUCTURE:
3245 cbTransfer = ataBE2H_U16(pbPacket + 8);
3246 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3247 goto sendcmd;
3248 case SCSI_SEND_EVENT:
3249 cbTransfer = ataBE2H_U16(pbPacket + 8);
3250 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3251 goto sendcmd;
3252 case SCSI_SEND_KEY:
3253 cbTransfer = ataBE2H_U16(pbPacket + 8);
3254 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3255 goto sendcmd;
3256 case SCSI_SEND_OPC_INFORMATION:
3257 cbTransfer = ataBE2H_U16(pbPacket + 7);
3258 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3259 goto sendcmd;
3260 case SCSI_SET_CD_SPEED:
3261 goto sendcmd;
3262 case SCSI_SET_READ_AHEAD:
3263 goto sendcmd;
3264 case SCSI_SET_STREAMING:
3265 cbTransfer = ataBE2H_U16(pbPacket + 9);
3266 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3267 goto sendcmd;
3268 case SCSI_START_STOP_UNIT:
3269 goto sendcmd;
3270 case SCSI_STOP_PLAY_SCAN:
3271 goto sendcmd;
3272 case SCSI_SYNCHRONIZE_CACHE:
3273 goto sendcmd;
3274 case SCSI_TEST_UNIT_READY:
3275 goto sendcmd;
3276 case SCSI_VERIFY_10:
3277 goto sendcmd;
3278 case SCSI_WRITE_10:
3279 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3280 cSectors = ataBE2H_U16(pbPacket + 7);
3281 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3282#if 0
3283 /* The sector size is determined by the async I/O thread. */
3284 s->cbATAPISector = 0;
3285 /* Preliminary, will be corrected once the sector size is known. */
3286 cbTransfer = cSectors;
3287#else
3288 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3289 cbTransfer = cSectors * s->cbATAPISector;
3290#endif
3291 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3292 goto sendcmd;
3293 case SCSI_WRITE_12:
3294 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3295 cSectors = ataBE2H_U32(pbPacket + 6);
3296 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3297#if 0
3298 /* The sector size is determined by the async I/O thread. */
3299 s->cbATAPISector = 0;
3300 /* Preliminary, will be corrected once the sector size is known. */
3301 cbTransfer = cSectors;
3302#else
3303 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3304 cbTransfer = cSectors * s->cbATAPISector;
3305#endif
3306 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3307 goto sendcmd;
3308 case SCSI_WRITE_AND_VERIFY_10:
3309 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3310 cSectors = ataBE2H_U16(pbPacket + 7);
3311 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3312 /* The sector size is determined by the async I/O thread. */
3313 s->cbATAPISector = 0;
3314 /* Preliminary, will be corrected once the sector size is known. */
3315 cbTransfer = cSectors;
3316 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3317 goto sendcmd;
3318 case SCSI_WRITE_BUFFER:
3319 switch (pbPacket[1] & 0x1f)
3320 {
3321 case 0x04: /* download microcode */
3322 case 0x05: /* download microcode and save */
3323 case 0x06: /* download microcode with offsets */
3324 case 0x07: /* download microcode with offsets and save */
3325 case 0x0e: /* download microcode with offsets and defer activation */
3326 case 0x0f: /* activate deferred microcode */
3327 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3328 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3329 break;
3330 default:
3331 cbTransfer = ataBE2H_U16(pbPacket + 6);
3332 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3333 goto sendcmd;
3334 }
3335 break;
3336 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3337 cbTransfer = ataBE2H_U32(pbPacket + 6);
3338 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3339 goto sendcmd;
3340 case SCSI_REZERO_UNIT:
3341 /* Obsolete command used by cdrecord. What else would one expect?
3342 * This command is not sent to the drive, it is handled internally,
3343 * as the Linux kernel doesn't like it (message "scsi: unknown
3344 * opcode 0x01" in syslog) and replies with a sense code of 0,
3345 * which sends cdrecord to an endless loop. */
3346 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3347 break;
3348 default:
3349 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3350 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3351 break;
3352 sendcmd:
3353 /* Send a command to the drive, passing data in/out as required. */
3354 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3355 Assert(cbTransfer <= s->cbIOBuffer);
3356 if (cbTransfer == 0)
3357 uTxDir = PDMBLOCKTXDIR_NONE;
3358 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3359 }
3360}
3361
3362
3363static void atapiParseCmd(ATADevState *s)
3364{
3365 const uint8_t *pbPacket;
3366
3367 pbPacket = s->aATAPICmd;
3368#ifdef DEBUG
3369 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3370#else /* !DEBUG */
3371 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3372#endif /* !DEBUG */
3373 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3374
3375 if (s->fATAPIPassthrough)
3376 atapiParseCmdPassthrough(s);
3377 else
3378 atapiParseCmdVirtualATAPI(s);
3379}
3380
3381
3382static bool ataPacketSS(ATADevState *s)
3383{
3384 s->fDMA = !!(s->uATARegFeature & 1);
3385 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3386 s->uTxDir = PDMBLOCKTXDIR_NONE;
3387 s->cbTotalTransfer = 0;
3388 s->cbElementaryTransfer = 0;
3389 atapiParseCmd(s);
3390 return false;
3391}
3392
3393
3394/**
3395 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3396 * from now on, regardless if there was a medium inserted or not.
3397 */
3398static void ataMediumRemoved(ATADevState *s)
3399{
3400 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3401}
3402
3403
3404/**
3405 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3406 * there was already a medium inserted, don't forget to send the "medium
3407 * removed" event first.
3408 */
3409static void ataMediumInserted(ATADevState *s)
3410{
3411 uint32_t OldStatus, NewStatus;
3412 do
3413 {
3414 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3415 switch (OldStatus)
3416 {
3417 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3418 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3419 /* no change, we will send "medium removed" + "medium inserted" */
3420 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3421 break;
3422 default:
3423 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3424 break;
3425 }
3426 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3427}
3428
3429
3430/**
3431 * Called when a media is mounted.
3432 *
3433 * @param pInterface Pointer to the interface structure containing the called function pointer.
3434 */
3435static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3436{
3437 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3438 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3439
3440 /* Ignore the call if we're called while being attached. */
3441 if (!pIf->pDrvBlock)
3442 return;
3443
3444 if (pIf->fATAPI)
3445 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3446 else
3447 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3448
3449 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3450
3451 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3452 if (pIf->cNotifiedMediaChange < 2)
3453 pIf->cNotifiedMediaChange = 2;
3454 ataMediumInserted(pIf);
3455}
3456
3457/**
3458 * Called when a media is unmounted
3459 * @param pInterface Pointer to the interface structure containing the called function pointer.
3460 */
3461static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3462{
3463 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3464 Log(("%s:\n", __FUNCTION__));
3465 pIf->cTotalSectors = 0;
3466
3467 /*
3468 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3469 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3470 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3471 * present and 2 in which it is changed.
3472 */
3473 pIf->cNotifiedMediaChange = 4;
3474 ataMediumRemoved(pIf);
3475}
3476
3477static void ataPacketBT(ATADevState *s)
3478{
3479 s->cbElementaryTransfer = s->cbTotalTransfer;
3480 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3481 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3482 ataSetStatusValue(s, ATA_STAT_READY);
3483}
3484
3485
3486static void ataResetDevice(ATADevState *s)
3487{
3488 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3489 s->cNotifiedMediaChange = 0;
3490 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3491 ataUnsetIRQ(s);
3492
3493 s->uATARegSelect = 0x20;
3494 ataSetStatusValue(s, ATA_STAT_READY);
3495 ataSetSignature(s);
3496 s->cbTotalTransfer = 0;
3497 s->cbElementaryTransfer = 0;
3498 s->iIOBufferPIODataStart = 0;
3499 s->iIOBufferPIODataEnd = 0;
3500 s->iBeginTransfer = ATAFN_BT_NULL;
3501 s->iSourceSink = ATAFN_SS_NULL;
3502 s->fDMA = false;
3503 s->fATAPITransfer = false;
3504 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3505
3506 s->uATARegFeature = 0;
3507}
3508
3509
3510static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3511{
3512 ataSetSignature(s);
3513 if (s->fATAPI)
3514 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3515 else
3516 ataSetStatusValue(s, ATA_STAT_READY);
3517 s->uATARegError = 0x01;
3518 return false;
3519}
3520
3521
3522static void ataParseCmd(ATADevState *s, uint8_t cmd)
3523{
3524#ifdef DEBUG
3525 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3526#else /* !DEBUG */
3527 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3528#endif /* !DEBUG */
3529 s->fLBA48 = false;
3530 s->fDMA = false;
3531 if (cmd == ATA_IDLE_IMMEDIATE)
3532 {
3533 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3534 * would overwrite the failing command unfortunately), then RESET. */
3535 int32_t uCmdWait = -1;
3536 uint64_t uNow = RTTimeNanoTS();
3537 if (s->u64CmdTS)
3538 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3539 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3540 s->iLUN, s->uATARegCommand, uCmdWait));
3541 }
3542 s->uATARegCommand = cmd;
3543 switch (cmd)
3544 {
3545 case ATA_IDENTIFY_DEVICE:
3546 if (s->pDrvBlock && !s->fATAPI)
3547 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3548 else
3549 {
3550 if (s->fATAPI)
3551 ataSetSignature(s);
3552 ataCmdError(s, ABRT_ERR);
3553 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3554 }
3555 break;
3556 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3557 case ATA_RECALIBRATE:
3558 ataCmdOK(s, ATA_STAT_SEEK);
3559 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3560 break;
3561 case ATA_SET_MULTIPLE_MODE:
3562 if ( s->uATARegNSector != 0
3563 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3564 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3565 {
3566 ataCmdError(s, ABRT_ERR);
3567 }
3568 else
3569 {
3570 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3571 s->cMultSectors = s->uATARegNSector;
3572 ataCmdOK(s, 0);
3573 }
3574 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3575 break;
3576 case ATA_READ_VERIFY_SECTORS_EXT:
3577 s->fLBA48 = true;
3578 case ATA_READ_VERIFY_SECTORS:
3579 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3580 /* do sector number check ? */
3581 ataCmdOK(s, 0);
3582 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3583 break;
3584 case ATA_READ_SECTORS_EXT:
3585 s->fLBA48 = true;
3586 case ATA_READ_SECTORS:
3587 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3588 if (!s->pDrvBlock)
3589 goto abort_cmd;
3590 s->cSectorsPerIRQ = 1;
3591 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3592 break;
3593 case ATA_WRITE_SECTORS_EXT:
3594 s->fLBA48 = true;
3595 case ATA_WRITE_SECTORS:
3596 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3597 s->cSectorsPerIRQ = 1;
3598 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3599 break;
3600 case ATA_READ_MULTIPLE_EXT:
3601 s->fLBA48 = true;
3602 case ATA_READ_MULTIPLE:
3603 if (!s->cMultSectors)
3604 goto abort_cmd;
3605 s->cSectorsPerIRQ = s->cMultSectors;
3606 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3607 break;
3608 case ATA_WRITE_MULTIPLE_EXT:
3609 s->fLBA48 = true;
3610 case ATA_WRITE_MULTIPLE:
3611 if (!s->cMultSectors)
3612 goto abort_cmd;
3613 s->cSectorsPerIRQ = s->cMultSectors;
3614 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3615 break;
3616 case ATA_READ_DMA_EXT:
3617 s->fLBA48 = true;
3618 case ATA_READ_DMA:
3619 case ATA_READ_DMA_WITHOUT_RETRIES:
3620 if (!s->pDrvBlock)
3621 goto abort_cmd;
3622 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3623 s->fDMA = true;
3624 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3625 break;
3626 case ATA_WRITE_DMA_EXT:
3627 s->fLBA48 = true;
3628 case ATA_WRITE_DMA:
3629 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3630 if (!s->pDrvBlock)
3631 goto abort_cmd;
3632 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3633 s->fDMA = true;
3634 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3635 break;
3636 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3637 s->fLBA48 = true;
3638 ataSetSector(s, s->cTotalSectors - 1);
3639 ataCmdOK(s, 0);
3640 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3641 break;
3642 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3643 ataCmdOK(s, 0);
3644 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3645 break;
3646 case ATA_READ_NATIVE_MAX_ADDRESS:
3647 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3648 ataCmdOK(s, 0);
3649 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3650 break;
3651 case ATA_CHECK_POWER_MODE:
3652 s->uATARegNSector = 0xff; /* drive active or idle */
3653 ataCmdOK(s, 0);
3654 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3655 break;
3656 case ATA_SET_FEATURES:
3657 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3658 if (!s->pDrvBlock)
3659 goto abort_cmd;
3660 switch (s->uATARegFeature)
3661 {
3662 case 0x02: /* write cache enable */
3663 Log2(("%s: write cache enable\n", __FUNCTION__));
3664 ataCmdOK(s, ATA_STAT_SEEK);
3665 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3666 break;
3667 case 0xaa: /* read look-ahead enable */
3668 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3669 ataCmdOK(s, ATA_STAT_SEEK);
3670 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3671 break;
3672 case 0x55: /* read look-ahead disable */
3673 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3674 ataCmdOK(s, ATA_STAT_SEEK);
3675 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3676 break;
3677 case 0xcc: /* reverting to power-on defaults enable */
3678 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3679 ataCmdOK(s, ATA_STAT_SEEK);
3680 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3681 break;
3682 case 0x66: /* reverting to power-on defaults disable */
3683 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3684 ataCmdOK(s, ATA_STAT_SEEK);
3685 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3686 break;
3687 case 0x82: /* write cache disable */
3688 Log2(("%s: write cache disable\n", __FUNCTION__));
3689 /* As per the ATA/ATAPI-6 specs, a write cache disable
3690 * command MUST flush the write buffers to disc. */
3691 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3692 break;
3693 case 0x03: { /* set transfer mode */
3694 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3695 switch (s->uATARegNSector & 0xf8)
3696 {
3697 case 0x00: /* PIO default */
3698 case 0x08: /* PIO mode */
3699 break;
3700 case ATA_MODE_MDMA: /* MDMA mode */
3701 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3702 break;
3703 case ATA_MODE_UDMA: /* UDMA mode */
3704 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3705 break;
3706 default:
3707 goto abort_cmd;
3708 }
3709 ataCmdOK(s, ATA_STAT_SEEK);
3710 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3711 break;
3712 }
3713 default:
3714 goto abort_cmd;
3715 }
3716 /*
3717 * OS/2 workarond:
3718 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3719 * reset here. According to the specification, this is a driver bug as the register
3720 * contents are undefined after the call. This means we can just as well reset it.
3721 */
3722 s->uATARegFeature = 0;
3723 break;
3724 case ATA_FLUSH_CACHE_EXT:
3725 case ATA_FLUSH_CACHE:
3726 if (!s->pDrvBlock || s->fATAPI)
3727 goto abort_cmd;
3728 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3729 break;
3730 case ATA_STANDBY_IMMEDIATE:
3731 ataCmdOK(s, 0);
3732 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3733 break;
3734 case ATA_IDLE_IMMEDIATE:
3735 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3736 ataAbortCurrentCommand(s, false);
3737 break;
3738 /* ATAPI commands */
3739 case ATA_IDENTIFY_PACKET_DEVICE:
3740 if (s->fATAPI)
3741 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3742 else
3743 {
3744 ataCmdError(s, ABRT_ERR);
3745 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3746 }
3747 break;
3748 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3749 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3750 break;
3751 case ATA_DEVICE_RESET:
3752 if (!s->fATAPI)
3753 goto abort_cmd;
3754 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3755 ataAbortCurrentCommand(s, true);
3756 break;
3757 case ATA_PACKET:
3758 if (!s->fATAPI)
3759 goto abort_cmd;
3760 /* overlapping commands not supported */
3761 if (s->uATARegFeature & 0x02)
3762 goto abort_cmd;
3763 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3764 break;
3765 default:
3766 abort_cmd:
3767 ataCmdError(s, ABRT_ERR);
3768 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3769 break;
3770 }
3771}
3772
3773#endif /* IN_RING3 */
3774
3775static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3776{
3777 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3778 addr &= 7;
3779 switch (addr)
3780 {
3781 case 0:
3782 break;
3783 case 1: /* feature register */
3784 /* NOTE: data is written to the two drives */
3785 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3786 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3787 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3788 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3789 pCtl->aIfs[0].uATARegFeature = val;
3790 pCtl->aIfs[1].uATARegFeature = val;
3791 break;
3792 case 2: /* sector count */
3793 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3794 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3795 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3796 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3797 pCtl->aIfs[0].uATARegNSector = val;
3798 pCtl->aIfs[1].uATARegNSector = val;
3799 break;
3800 case 3: /* sector number */
3801 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3802 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3803 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3804 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3805 pCtl->aIfs[0].uATARegSector = val;
3806 pCtl->aIfs[1].uATARegSector = val;
3807 break;
3808 case 4: /* cylinder low */
3809 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3810 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3811 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3812 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3813 pCtl->aIfs[0].uATARegLCyl = val;
3814 pCtl->aIfs[1].uATARegLCyl = val;
3815 break;
3816 case 5: /* cylinder high */
3817 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3818 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3819 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3820 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3821 pCtl->aIfs[0].uATARegHCyl = val;
3822 pCtl->aIfs[1].uATARegHCyl = val;
3823 break;
3824 case 6: /* drive/head */
3825 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3826 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3827 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3828 {
3829 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3830
3831 /* select another drive */
3832 pCtl->iSelectedIf = (val >> 4) & 1;
3833 /* The IRQ line is multiplexed between the two drives, so
3834 * update the state when switching to another drive. Only need
3835 * to update interrupt line if it is enabled and there is a
3836 * state change. */
3837 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3838 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3839 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3840 {
3841 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3842 {
3843 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3844 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3845 * the interrupt line is asserted. It monitors the line
3846 * for a rising edge. */
3847 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3848 if (pCtl->irq == 16)
3849 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3850 else
3851 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3852 }
3853 else
3854 {
3855 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3856 if (pCtl->irq == 16)
3857 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3858 else
3859 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3860 }
3861 }
3862 }
3863 break;
3864 default:
3865 case 7: /* command */
3866 /* ignore commands to non existant slave */
3867 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3868 break;
3869#ifndef IN_RING3
3870 /* Don't do anything complicated in GC */
3871 return VINF_IOM_HC_IOPORT_WRITE;
3872#else /* IN_RING3 */
3873 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3874#endif /* !IN_RING3 */
3875 }
3876 return VINF_SUCCESS;
3877}
3878
3879
3880static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3881{
3882 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3883 uint32_t val;
3884 bool fHOB;
3885
3886 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3887 switch (addr & 7)
3888 {
3889 case 0: /* data register */
3890 val = 0xff;
3891 break;
3892 case 1: /* error register */
3893 /* The ATA specification is very terse when it comes to specifying
3894 * the precise effects of reading back the error/feature register.
3895 * The error register (read-only) shares the register number with
3896 * the feature register (write-only), so it seems that it's not
3897 * necessary to support the usual HOB readback here. */
3898 if (!s->pDrvBlock)
3899 val = 0;
3900 else
3901 val = s->uATARegError;
3902 break;
3903 case 2: /* sector count */
3904 if (!s->pDrvBlock)
3905 val = 0;
3906 else if (fHOB)
3907 val = s->uATARegNSectorHOB;
3908 else
3909 val = s->uATARegNSector;
3910 break;
3911 case 3: /* sector number */
3912 if (!s->pDrvBlock)
3913 val = 0;
3914 else if (fHOB)
3915 val = s->uATARegSectorHOB;
3916 else
3917 val = s->uATARegSector;
3918 break;
3919 case 4: /* cylinder low */
3920 if (!s->pDrvBlock)
3921 val = 0;
3922 else if (fHOB)
3923 val = s->uATARegLCylHOB;
3924 else
3925 val = s->uATARegLCyl;
3926 break;
3927 case 5: /* cylinder high */
3928 if (!s->pDrvBlock)
3929 val = 0;
3930 else if (fHOB)
3931 val = s->uATARegHCylHOB;
3932 else
3933 val = s->uATARegHCyl;
3934 break;
3935 case 6: /* drive/head */
3936 /* This register must always work as long as there is at least
3937 * one drive attached to the controller. It is common between
3938 * both drives anyway (completely identical content). */
3939 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3940 val = 0;
3941 else
3942 val = s->uATARegSelect;
3943 break;
3944 default:
3945 case 7: /* primary status */
3946 {
3947 /* Counter for number of busy status seen in GC in a row. */
3948 static unsigned cBusy = 0;
3949
3950 if (!s->pDrvBlock)
3951 val = 0;
3952 else
3953 val = s->uATARegStatus;
3954
3955 /* Give the async I/O thread an opportunity to make progress,
3956 * don't let it starve by guests polling frequently. EMT has a
3957 * lower priority than the async I/O thread, but sometimes the
3958 * host OS doesn't care. With some guests we are only allowed to
3959 * be busy for about 5 milliseconds in some situations. Note that
3960 * this is no guarantee for any other VBox thread getting
3961 * scheduled, so this just lowers the CPU load a bit when drives
3962 * are busy. It cannot help with timing problems. */
3963 if (val & ATA_STAT_BUSY)
3964 {
3965#ifdef IN_RING3
3966 cBusy = 0;
3967 PDMCritSectLeave(&pCtl->lock);
3968
3969#ifndef RT_OS_WINDOWS
3970 /*
3971 * The thread might be stuck in an I/O operation
3972 * due to a high I/O load on the host. (see @bugref{3301})
3973 * To perform the reset successfully
3974 * we interrupt the operation by sending a signal to the thread
3975 * if the thread didn't responded in 10ms.
3976 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
3977 * does the same but it was introduced with Vista) but so far
3978 * this hang was only observed on Linux and Mac OS X.
3979 *
3980 * This is a workaround and needs to be solved properly.
3981 */
3982 if (pCtl->fReset)
3983 {
3984 uint64_t u64ResetTimeStop = RTTimeMilliTS();
3985
3986 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
3987 {
3988 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
3989 pCtl->u64ResetTime = u64ResetTimeStop;
3990 RTThreadPoke(pCtl->AsyncIOThread);
3991 }
3992 }
3993#endif
3994
3995 RTThreadYield();
3996
3997 {
3998 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3999 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4000 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4001 }
4002
4003 val = s->uATARegStatus;
4004#else /* !IN_RING3 */
4005 /* Cannot yield CPU in guest context. And switching to host
4006 * context for each and every busy status is too costly,
4007 * especially on SMP systems where we don't gain much by
4008 * yielding the CPU to someone else. */
4009 if (++cBusy >= 20)
4010 {
4011 cBusy = 0;
4012 return VINF_IOM_HC_IOPORT_READ;
4013 }
4014#endif /* !IN_RING3 */
4015 }
4016 else
4017 cBusy = 0;
4018 ataUnsetIRQ(s);
4019 break;
4020 }
4021 }
4022 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4023 *pu32 = val;
4024 return VINF_SUCCESS;
4025}
4026
4027
4028static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4029{
4030 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4031 uint32_t val;
4032
4033 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4034 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4035 val = 0;
4036 else
4037 val = s->uATARegStatus;
4038 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4039 return val;
4040}
4041
4042static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4043{
4044#ifndef IN_RING3
4045 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4046 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4047#endif /* !IN_RING3 */
4048
4049 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4050 /* RESET is common for both drives attached to a controller. */
4051 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4052 (val & ATA_DEVCTL_RESET))
4053 {
4054#ifdef IN_RING3
4055 /* Software RESET low to high */
4056 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4057 uint64_t uNow = RTTimeNanoTS();
4058 if (pCtl->aIfs[0].u64CmdTS)
4059 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4060 if (pCtl->aIfs[1].u64CmdTS)
4061 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4062 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4063 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4064 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4065 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4066 pCtl->fReset = true;
4067 /* Everything must be done after the reset flag is set, otherwise
4068 * there are unavoidable races with the currently executing request
4069 * (which might just finish in the mean time). */
4070 pCtl->fChainedTransfer = false;
4071 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4072 {
4073 ataResetDevice(&pCtl->aIfs[i]);
4074 /* The following cannot be done using ataSetStatusValue() since the
4075 * reset flag is already set, which suppresses all status changes. */
4076 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4077 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4078 pCtl->aIfs[i].uATARegError = 0x01;
4079 }
4080 ataAsyncIOClearRequests(pCtl);
4081 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4082 if (val & ATA_DEVCTL_HOB)
4083 {
4084 val &= ~ATA_DEVCTL_HOB;
4085 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4086 }
4087
4088 /* Save the timestamp we started the reset. */
4089 pCtl->u64ResetTime = RTTimeMilliTS();
4090
4091 /* Issue the reset request now. */
4092 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4093#else /* !IN_RING3 */
4094 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4095#endif /* IN_RING3 */
4096 }
4097 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4098 !(val & ATA_DEVCTL_RESET))
4099 {
4100#ifdef IN_RING3
4101 /* Software RESET high to low */
4102 Log(("%s: deasserting RESET\n", __FUNCTION__));
4103 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4104 if (val & ATA_DEVCTL_HOB)
4105 {
4106 val &= ~ATA_DEVCTL_HOB;
4107 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4108 }
4109 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4110#else /* !IN_RING3 */
4111 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4112#endif /* IN_RING3 */
4113 }
4114
4115 /* Change of interrupt disable flag. Update interrupt line if interrupt
4116 * is pending on the current interface. */
4117 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4118 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4119 {
4120 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4121 {
4122 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4123 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4124 * interrupt line is asserted. It monitors the line for a rising
4125 * edge. */
4126 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4127 if (pCtl->irq == 16)
4128 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4129 else
4130 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4131 }
4132 else
4133 {
4134 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4135 if (pCtl->irq == 16)
4136 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4137 else
4138 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4139 }
4140 }
4141
4142 if (val & ATA_DEVCTL_HOB)
4143 Log2(("%s: set HOB\n", __FUNCTION__));
4144
4145 pCtl->aIfs[0].uATARegDevCtl = val;
4146 pCtl->aIfs[1].uATARegDevCtl = val;
4147
4148 return VINF_SUCCESS;
4149}
4150
4151#ifdef IN_RING3
4152
4153static void ataPIOTransfer(PATACONTROLLER pCtl)
4154{
4155 ATADevState *s;
4156
4157 s = &pCtl->aIfs[pCtl->iAIOIf];
4158 Log3(("%s: if=%p\n", __FUNCTION__, s));
4159
4160 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4161 {
4162 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4163 /* Any guest OS that triggers this case has a pathetic ATA driver.
4164 * In a real system it would block the CPU via IORDY, here we do it
4165 * very similarly by not continuing with the current instruction
4166 * until the transfer to/from the storage medium is completed. */
4167 if (s->iSourceSink != ATAFN_SS_NULL)
4168 {
4169 bool fRedo;
4170 uint8_t status = s->uATARegStatus;
4171 ataSetStatusValue(s, ATA_STAT_BUSY);
4172 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4173 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4174 pCtl->fRedo = fRedo;
4175 if (RT_UNLIKELY(fRedo))
4176 return;
4177 ataSetStatusValue(s, status);
4178 s->iIOBufferCur = 0;
4179 s->iIOBufferEnd = s->cbElementaryTransfer;
4180 }
4181 }
4182 if (s->cbTotalTransfer)
4183 {
4184 if (s->fATAPITransfer)
4185 ataPIOTransferLimitATAPI(s);
4186
4187 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4188 s->cbElementaryTransfer = s->cbTotalTransfer;
4189
4190 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4191 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4192 s->cbTotalTransfer, s->cbElementaryTransfer,
4193 s->iIOBufferCur, s->iIOBufferEnd));
4194 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4195 s->cbTotalTransfer -= s->cbElementaryTransfer;
4196 s->iIOBufferCur += s->cbElementaryTransfer;
4197
4198 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4199 s->cbElementaryTransfer = s->cbTotalTransfer;
4200 }
4201 else
4202 ataPIOTransferStop(s);
4203}
4204
4205
4206DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4207{
4208 /* Do not interfere with RESET processing if the PIO transfer finishes
4209 * while the RESET line is asserted. */
4210 if (pCtl->fReset)
4211 {
4212 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4213 return;
4214 }
4215
4216 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4217 || ( s->iSourceSink != ATAFN_SS_NULL
4218 && s->iIOBufferCur >= s->iIOBufferEnd))
4219 {
4220 /* Need to continue the transfer in the async I/O thread. This is
4221 * the case for write operations or generally for not yet finished
4222 * transfers (some data might need to be read). */
4223 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4224 ataSetStatus(s, ATA_STAT_BUSY);
4225
4226 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4227 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4228 }
4229 else
4230 {
4231 /* Either everything finished (though some data might still be pending)
4232 * or some data is pending before the next read is due. */
4233
4234 /* Continue a previously started transfer. */
4235 ataUnsetStatus(s, ATA_STAT_DRQ);
4236 ataSetStatus(s, ATA_STAT_READY);
4237
4238 if (s->cbTotalTransfer)
4239 {
4240 /* There is more to transfer, happens usually for large ATAPI
4241 * reads - the protocol limits the chunk size to 65534 bytes. */
4242 ataPIOTransfer(pCtl);
4243 ataSetIRQ(s);
4244 }
4245 else
4246 {
4247 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4248 /* Finish PIO transfer. */
4249 ataPIOTransfer(pCtl);
4250 Assert(!pCtl->fRedo);
4251 }
4252 }
4253}
4254
4255#endif /* IN_RING3 */
4256
4257static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4258{
4259 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4260 uint8_t *p;
4261
4262 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4263 {
4264 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4265 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4266#ifndef IN_RING3
4267 /* All but the last transfer unit is simple enough for GC, but
4268 * sending a request to the async IO thread is too complicated. */
4269 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4270 {
4271 memcpy(p, pbBuf, cbSize);
4272 s->iIOBufferPIODataStart += cbSize;
4273 }
4274 else
4275 return VINF_IOM_HC_IOPORT_WRITE;
4276#else /* IN_RING3 */
4277 memcpy(p, pbBuf, cbSize);
4278 s->iIOBufferPIODataStart += cbSize;
4279 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4280 ataPIOTransferFinish(pCtl, s);
4281#endif /* !IN_RING3 */
4282 }
4283 else
4284 Log2(("%s: DUMMY data\n", __FUNCTION__));
4285 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4286 return VINF_SUCCESS;
4287}
4288
4289static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4290{
4291 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4292 uint8_t *p;
4293
4294 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4295 {
4296 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4297 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4298#ifndef IN_RING3
4299 /* All but the last transfer unit is simple enough for GC, but
4300 * sending a request to the async IO thread is too complicated. */
4301 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4302 {
4303 memcpy(pbBuf, p, cbSize);
4304 s->iIOBufferPIODataStart += cbSize;
4305 }
4306 else
4307 return VINF_IOM_HC_IOPORT_READ;
4308#else /* IN_RING3 */
4309 memcpy(pbBuf, p, cbSize);
4310 s->iIOBufferPIODataStart += cbSize;
4311 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4312 ataPIOTransferFinish(pCtl, s);
4313#endif /* !IN_RING3 */
4314 }
4315 else
4316 {
4317 Log2(("%s: DUMMY data\n", __FUNCTION__));
4318 memset(pbBuf, '\xff', cbSize);
4319 }
4320 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4321 return VINF_SUCCESS;
4322}
4323
4324#ifdef IN_RING3
4325
4326static void ataDMATransferStop(ATADevState *s)
4327{
4328 s->cbTotalTransfer = 0;
4329 s->cbElementaryTransfer = 0;
4330 s->iBeginTransfer = ATAFN_BT_NULL;
4331 s->iSourceSink = ATAFN_SS_NULL;
4332}
4333
4334
4335/**
4336 * Perform the entire DMA transfer in one go (unless a source/sink operation
4337 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4338 * this function cannot handle empty transfers.
4339 *
4340 * @param pCtl Controller for which to perform the transfer.
4341 */
4342static void ataDMATransfer(PATACONTROLLER pCtl)
4343{
4344 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4345 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4346 bool fRedo;
4347 RTGCPHYS32 pDesc;
4348 uint32_t cbTotalTransfer, cbElementaryTransfer;
4349 uint32_t iIOBufferCur, iIOBufferEnd;
4350 uint32_t dmalen;
4351 PDMBLOCKTXDIR uTxDir;
4352 bool fLastDesc = false;
4353
4354 Assert(sizeof(BMDMADesc) == 8);
4355
4356 fRedo = pCtl->fRedo;
4357 if (RT_LIKELY(!fRedo))
4358 Assert(s->cbTotalTransfer);
4359 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4360 cbTotalTransfer = s->cbTotalTransfer;
4361 cbElementaryTransfer = s->cbElementaryTransfer;
4362 iIOBufferCur = s->iIOBufferCur;
4363 iIOBufferEnd = s->iIOBufferEnd;
4364
4365 /* The DMA loop is designed to hold the lock only when absolutely
4366 * necessary. This avoids long freezes should the guest access the
4367 * ATA registers etc. for some reason. */
4368 PDMCritSectLeave(&pCtl->lock);
4369
4370 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4371 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4372 cbTotalTransfer, cbElementaryTransfer,
4373 iIOBufferCur, iIOBufferEnd));
4374 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4375 {
4376 BMDMADesc DMADesc;
4377 RTGCPHYS32 pBuffer;
4378 uint32_t cbBuffer;
4379
4380 if (RT_UNLIKELY(fRedo))
4381 {
4382 pBuffer = pCtl->pRedoDMABuffer;
4383 cbBuffer = pCtl->cbRedoDMABuffer;
4384 fLastDesc = pCtl->fRedoDMALastDesc;
4385 }
4386 else
4387 {
4388 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4389 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4390 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4391 fLastDesc = !!(cbBuffer & 0x80000000);
4392 cbBuffer &= 0xfffe;
4393 if (cbBuffer == 0)
4394 cbBuffer = 0x10000;
4395 if (cbBuffer > cbTotalTransfer)
4396 cbBuffer = cbTotalTransfer;
4397 }
4398
4399 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4400 {
4401 if (RT_LIKELY(!fRedo))
4402 {
4403 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4404 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4405 (int)pDesc, pBuffer, cbBuffer));
4406 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4407 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4408 else
4409 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4410 iIOBufferCur += dmalen;
4411 cbTotalTransfer -= dmalen;
4412 cbBuffer -= dmalen;
4413 pBuffer += dmalen;
4414 }
4415 if ( iIOBufferCur == iIOBufferEnd
4416 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4417 {
4418 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4419 cbElementaryTransfer = cbTotalTransfer;
4420
4421 {
4422 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4423 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4424 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4425 }
4426
4427 /* The RESET handler could have cleared the DMA transfer
4428 * state (since we didn't hold the lock until just now
4429 * the guest can continue in parallel). If so, the state
4430 * is already set up so the loop is exited immediately. */
4431 if (s->iSourceSink != ATAFN_SS_NULL)
4432 {
4433 s->iIOBufferCur = iIOBufferCur;
4434 s->iIOBufferEnd = iIOBufferEnd;
4435 s->cbElementaryTransfer = cbElementaryTransfer;
4436 s->cbTotalTransfer = cbTotalTransfer;
4437 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4438 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4439 if (RT_UNLIKELY(fRedo))
4440 {
4441 pCtl->pFirstDMADesc = pDesc;
4442 pCtl->pRedoDMABuffer = pBuffer;
4443 pCtl->cbRedoDMABuffer = cbBuffer;
4444 pCtl->fRedoDMALastDesc = fLastDesc;
4445 }
4446 else
4447 {
4448 cbTotalTransfer = s->cbTotalTransfer;
4449 cbElementaryTransfer = s->cbElementaryTransfer;
4450
4451 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4452 cbElementaryTransfer = cbTotalTransfer;
4453 iIOBufferCur = 0;
4454 iIOBufferEnd = cbElementaryTransfer;
4455 }
4456 pCtl->fRedo = fRedo;
4457 }
4458 else
4459 {
4460 /* This forces the loop to exit immediately. */
4461 pDesc = pCtl->pLastDMADesc + 1;
4462 }
4463
4464 PDMCritSectLeave(&pCtl->lock);
4465 if (RT_UNLIKELY(fRedo))
4466 break;
4467 }
4468 }
4469
4470 if (RT_UNLIKELY(fRedo))
4471 break;
4472
4473 /* end of transfer */
4474 if (!cbTotalTransfer || fLastDesc)
4475 break;
4476
4477 {
4478 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4479 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4480 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4481 }
4482
4483 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4484 {
4485 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4486 if (!pCtl->fReset)
4487 ataDMATransferStop(s);
4488 /* This forces the loop to exit immediately. */
4489 pDesc = pCtl->pLastDMADesc + 1;
4490 }
4491
4492 PDMCritSectLeave(&pCtl->lock);
4493 }
4494
4495 {
4496 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4497 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4498 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4499 }
4500
4501 if (RT_UNLIKELY(fRedo))
4502 return;
4503
4504 if (fLastDesc)
4505 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4506 s->cbTotalTransfer = cbTotalTransfer;
4507 s->cbElementaryTransfer = cbElementaryTransfer;
4508 s->iIOBufferCur = iIOBufferCur;
4509 s->iIOBufferEnd = iIOBufferEnd;
4510}
4511
4512/**
4513 * Signal PDM that we're idle (if we actually are).
4514 *
4515 * @param pCtl The controller.
4516 */
4517static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4518{
4519 /*
4520 * Take the mutex here and recheck the idle indicator to avoid
4521 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4522 */
4523 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4524
4525 if ( pCtl->fSignalIdle
4526 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4527 {
4528 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4529 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4530 }
4531
4532 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4533}
4534
4535/** Asynch I/O thread for an interface. Once upon a time this was readable
4536 * code with several loops and a different semaphore for each purpose. But
4537 * then came the "how can one save the state in the middle of a PIO transfer"
4538 * question. The solution was to use an ASM, which is what's there now. */
4539static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4540{
4541 const ATARequest *pReq;
4542 uint64_t u64TS = 0; /* shut up gcc */
4543 uint64_t uWait;
4544 int rc = VINF_SUCCESS;
4545 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4546 ATADevState *s;
4547
4548 pReq = NULL;
4549 pCtl->fChainedTransfer = false;
4550 while (!pCtl->fShutdown)
4551 {
4552 /* Keep this thread from doing anything as long as EMT is suspended. */
4553 while (pCtl->fRedoIdle)
4554 {
4555 if (pCtl->fSignalIdle)
4556 ataR3AsyncSignalIdle(pCtl);
4557 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4558 /* Continue if we got a signal by RTThreadPoke().
4559 * We will get notified if there is a request to process.
4560 */
4561 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4562 continue;
4563 if (RT_FAILURE(rc) || pCtl->fShutdown)
4564 break;
4565
4566 pCtl->fRedoIdle = false;
4567 }
4568
4569 /* Wait for work. */
4570 while (pReq == NULL)
4571 {
4572 if (pCtl->fSignalIdle)
4573 ataR3AsyncSignalIdle(pCtl);
4574 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4575 /* Continue if we got a signal by RTThreadPoke().
4576 * We will get notified if there is a request to process.
4577 */
4578 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4579 continue;
4580 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4581 break;
4582
4583 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4584 }
4585
4586 if (RT_FAILURE(rc) || pCtl->fShutdown)
4587 break;
4588
4589 if (pReq == NULL)
4590 continue;
4591
4592 ATAAIO ReqType = pReq->ReqType;
4593
4594 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4595 if (pCtl->uAsyncIOState != ReqType)
4596 {
4597 /* The new state is not the state that was expected by the normal
4598 * state changes. This is either a RESET/ABORT or there's something
4599 * really strange going on. */
4600 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4601 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4602 {
4603 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4604 ataAsyncIODumpRequests(pCtl);
4605 }
4606 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4607 }
4608
4609 /* Do our work. */
4610 {
4611 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4612 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4613 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4614 }
4615
4616 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4617 {
4618 u64TS = RTTimeNanoTS();
4619#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4620 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4621#endif /* DEBUG || VBOX_WITH_STATISTICS */
4622 }
4623
4624 switch (ReqType)
4625 {
4626 case ATA_AIO_NEW:
4627
4628 pCtl->iAIOIf = pReq->u.t.iIf;
4629 s = &pCtl->aIfs[pCtl->iAIOIf];
4630 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4631 s->uTxDir = pReq->u.t.uTxDir;
4632 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4633 s->iSourceSink = pReq->u.t.iSourceSink;
4634 s->iIOBufferEnd = 0;
4635 s->u64CmdTS = u64TS;
4636
4637 if (s->fATAPI)
4638 {
4639 if (pCtl->fChainedTransfer)
4640 {
4641 /* Only count the actual transfers, not the PIO
4642 * transfer of the ATAPI command bytes. */
4643 if (s->fDMA)
4644 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4645 else
4646 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4647 }
4648 }
4649 else
4650 {
4651 if (s->fDMA)
4652 STAM_REL_COUNTER_INC(&s->StatATADMA);
4653 else
4654 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4655 }
4656
4657 pCtl->fChainedTransfer = false;
4658
4659 if (s->iBeginTransfer != ATAFN_BT_NULL)
4660 {
4661 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4662 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4663 s->iBeginTransfer = ATAFN_BT_NULL;
4664 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4665 s->iIOBufferEnd = s->cbElementaryTransfer;
4666 }
4667 else
4668 {
4669 s->cbElementaryTransfer = s->cbTotalTransfer;
4670 s->iIOBufferEnd = s->cbTotalTransfer;
4671 }
4672 s->iIOBufferCur = 0;
4673
4674 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4675 {
4676 if (s->iSourceSink != ATAFN_SS_NULL)
4677 {
4678 bool fRedo;
4679 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4680 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4681 pCtl->fRedo = fRedo;
4682 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4683 {
4684 /* Operation failed at the initial transfer, restart
4685 * everything from scratch by resending the current
4686 * request. Occurs very rarely, not worth optimizing. */
4687 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4688 ataAsyncIOPutRequest(pCtl, pReq);
4689 break;
4690 }
4691 }
4692 else
4693 ataCmdOK(s, 0);
4694 s->iIOBufferEnd = s->cbElementaryTransfer;
4695
4696 }
4697
4698 /* Do not go into the transfer phase if RESET is asserted.
4699 * The CritSect is released while waiting for the host OS
4700 * to finish the I/O, thus RESET is possible here. Most
4701 * important: do not change uAsyncIOState. */
4702 if (pCtl->fReset)
4703 break;
4704
4705 if (s->fDMA)
4706 {
4707 if (s->cbTotalTransfer)
4708 {
4709 ataSetStatus(s, ATA_STAT_DRQ);
4710
4711 pCtl->uAsyncIOState = ATA_AIO_DMA;
4712 /* If BMDMA is already started, do the transfer now. */
4713 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4714 {
4715 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4716 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4717 }
4718 }
4719 else
4720 {
4721 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4722 /* Finish DMA transfer. */
4723 ataDMATransferStop(s);
4724 ataSetIRQ(s);
4725 pCtl->uAsyncIOState = ATA_AIO_NEW;
4726 }
4727 }
4728 else
4729 {
4730 if (s->cbTotalTransfer)
4731 {
4732 ataPIOTransfer(pCtl);
4733 Assert(!pCtl->fRedo);
4734 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4735 ataSetIRQ(s);
4736
4737 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4738 {
4739 /* Write operations and not yet finished transfers
4740 * must be completed in the async I/O thread. */
4741 pCtl->uAsyncIOState = ATA_AIO_PIO;
4742 }
4743 else
4744 {
4745 /* Finished read operation can be handled inline
4746 * in the end of PIO transfer handling code. Linux
4747 * depends on this, as it waits only briefly for
4748 * devices to become ready after incoming data
4749 * transfer. Cannot find anything in the ATA spec
4750 * that backs this assumption, but as all kernels
4751 * are affected (though most of the time it does
4752 * not cause any harm) this must work. */
4753 pCtl->uAsyncIOState = ATA_AIO_NEW;
4754 }
4755 }
4756 else
4757 {
4758 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4759 /* Finish PIO transfer. */
4760 ataPIOTransfer(pCtl);
4761 Assert(!pCtl->fRedo);
4762 if (!s->fATAPITransfer)
4763 ataSetIRQ(s);
4764 pCtl->uAsyncIOState = ATA_AIO_NEW;
4765 }
4766 }
4767 break;
4768
4769 case ATA_AIO_DMA:
4770 {
4771 BMDMAState *bm = &pCtl->BmDma;
4772 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4773 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4774
4775 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4776 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4777 else
4778 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4779
4780 if (RT_LIKELY(!pCtl->fRedo))
4781 {
4782 /* The specs say that the descriptor table must not cross a
4783 * 4K boundary. */
4784 pCtl->pFirstDMADesc = bm->pvAddr;
4785 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4786 }
4787 ataDMATransfer(pCtl);
4788
4789 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
4790 {
4791 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4792 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4793 break;
4794 }
4795
4796 /* The infamous delay IRQ hack. */
4797 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4798 && s->cbTotalTransfer == 0
4799 && pCtl->DelayIRQMillies)
4800 {
4801 /* Delay IRQ for writing. Required to get the Win2K
4802 * installation work reliably (otherwise it crashes,
4803 * usually during component install). So far no better
4804 * solution has been found. */
4805 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4806 PDMCritSectLeave(&pCtl->lock);
4807 RTThreadSleep(pCtl->DelayIRQMillies);
4808 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4809 }
4810
4811 ataUnsetStatus(s, ATA_STAT_DRQ);
4812 Assert(!pCtl->fChainedTransfer);
4813 Assert(s->iSourceSink == ATAFN_SS_NULL);
4814 if (s->fATAPITransfer)
4815 {
4816 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4817 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4818 s->fATAPITransfer = false;
4819 }
4820 ataSetIRQ(s);
4821 pCtl->uAsyncIOState = ATA_AIO_NEW;
4822 break;
4823 }
4824
4825 case ATA_AIO_PIO:
4826 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4827
4828 if (s->iSourceSink != ATAFN_SS_NULL)
4829 {
4830 bool fRedo;
4831 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4832 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4833 pCtl->fRedo = fRedo;
4834 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4835 {
4836 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4837 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4838 ataSuspendRedo(pCtl);
4839 break;
4840 }
4841 s->iIOBufferCur = 0;
4842 s->iIOBufferEnd = s->cbElementaryTransfer;
4843 }
4844 else
4845 {
4846 /* Continue a previously started transfer. */
4847 ataUnsetStatus(s, ATA_STAT_BUSY);
4848 ataSetStatus(s, ATA_STAT_READY);
4849 }
4850
4851 /* It is possible that the drives on this controller get RESET
4852 * during the above call to the source/sink function. If that's
4853 * the case, don't restart the transfer and don't finish it the
4854 * usual way. RESET handling took care of all that already.
4855 * Most important: do not change uAsyncIOState. */
4856 if (pCtl->fReset)
4857 break;
4858
4859 if (s->cbTotalTransfer)
4860 {
4861 ataPIOTransfer(pCtl);
4862 ataSetIRQ(s);
4863
4864 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4865 {
4866 /* Write operations and not yet finished transfers
4867 * must be completed in the async I/O thread. */
4868 pCtl->uAsyncIOState = ATA_AIO_PIO;
4869 }
4870 else
4871 {
4872 /* Finished read operation can be handled inline
4873 * in the end of PIO transfer handling code. Linux
4874 * depends on this, as it waits only briefly for
4875 * devices to become ready after incoming data
4876 * transfer. Cannot find anything in the ATA spec
4877 * that backs this assumption, but as all kernels
4878 * are affected (though most of the time it does
4879 * not cause any harm) this must work. */
4880 pCtl->uAsyncIOState = ATA_AIO_NEW;
4881 }
4882 }
4883 else
4884 {
4885 /* Finish PIO transfer. */
4886 ataPIOTransfer(pCtl);
4887 if ( !pCtl->fChainedTransfer
4888 && !s->fATAPITransfer
4889 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4890 {
4891 ataSetIRQ(s);
4892 }
4893 pCtl->uAsyncIOState = ATA_AIO_NEW;
4894 }
4895 break;
4896
4897 case ATA_AIO_RESET_ASSERTED:
4898 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4899 ataPIOTransferStop(&pCtl->aIfs[0]);
4900 ataPIOTransferStop(&pCtl->aIfs[1]);
4901 /* Do not change the DMA registers, they are not affected by the
4902 * ATA controller reset logic. It should be sufficient to issue a
4903 * new command, which is now possible as the state is cleared. */
4904 break;
4905
4906 case ATA_AIO_RESET_CLEARED:
4907 pCtl->uAsyncIOState = ATA_AIO_NEW;
4908 pCtl->fReset = false;
4909 /* Ensure that half-completed transfers are not redone. A reset
4910 * cancels the entire transfer, so continuing is wrong. */
4911 pCtl->fRedo = false;
4912 pCtl->fRedoDMALastDesc = false;
4913 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4914 ATACONTROLLER_IDX(pCtl)));
4915 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4916 {
4917 if (pCtl->aIfs[i].fATAPI)
4918 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4919 else
4920 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4921 ataSetSignature(&pCtl->aIfs[i]);
4922 }
4923 break;
4924
4925 case ATA_AIO_ABORT:
4926 /* Abort the current command only if it operates on the same interface. */
4927 if (pCtl->iAIOIf == pReq->u.a.iIf)
4928 {
4929 s = &pCtl->aIfs[pCtl->iAIOIf];
4930
4931 pCtl->uAsyncIOState = ATA_AIO_NEW;
4932 /* Do not change the DMA registers, they are not affected by the
4933 * ATA controller reset logic. It should be sufficient to issue a
4934 * new command, which is now possible as the state is cleared. */
4935 if (pReq->u.a.fResetDrive)
4936 {
4937 ataResetDevice(s);
4938 ataExecuteDeviceDiagnosticSS(s);
4939 }
4940 else
4941 {
4942 /* Stop any pending DMA transfer. */
4943 s->fDMA = false;
4944 ataPIOTransferStop(s);
4945 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4946 ataSetStatus(s, ATA_STAT_READY);
4947 ataSetIRQ(s);
4948 }
4949 }
4950 break;
4951
4952 default:
4953 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4954 }
4955
4956 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4957 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4958
4959 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4960 {
4961#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4962 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4963#endif /* DEBUG || VBOX_WITH_STATISTICS */
4964
4965 u64TS = RTTimeNanoTS() - u64TS;
4966 uWait = u64TS / 1000;
4967 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4968 /* Mark command as finished. */
4969 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4970
4971 /*
4972 * Release logging of command execution times depends on the
4973 * command type. ATAPI commands often take longer (due to CD/DVD
4974 * spin up time etc.) so the threshold is different.
4975 */
4976 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4977 {
4978 if (uWait > 8 * 1000 * 1000)
4979 {
4980 /*
4981 * Command took longer than 8 seconds. This is close
4982 * enough or over the guest's command timeout, so place
4983 * an entry in the release log to allow tracking such
4984 * timing errors (which are often caused by the host).
4985 */
4986 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
4987 }
4988 }
4989 else
4990 {
4991 if (uWait > 20 * 1000 * 1000)
4992 {
4993 /*
4994 * Command took longer than 20 seconds. This is close
4995 * enough or over the guest's command timeout, so place
4996 * an entry in the release log to allow tracking such
4997 * timing errors (which are often caused by the host).
4998 */
4999 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5000 }
5001 }
5002
5003#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5004 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5005 pCtl->StatAsyncMinWait = uWait;
5006 if (uWait > pCtl->StatAsyncMaxWait)
5007 pCtl->StatAsyncMaxWait = uWait;
5008
5009 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5010 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5011#endif /* DEBUG || VBOX_WITH_STATISTICS */
5012 }
5013
5014 PDMCritSectLeave(&pCtl->lock);
5015 }
5016
5017 /* Signal the ultimate idleness. */
5018 RTThreadUserSignal(pCtl->AsyncIOThread);
5019 if (pCtl->fSignalIdle)
5020 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5021
5022 /* Cleanup the state. */
5023 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5024 pCtl->fShutdown = false;
5025
5026 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5027 return rc;
5028}
5029
5030#endif /* IN_RING3 */
5031
5032static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5033{
5034 uint32_t val = pCtl->BmDma.u8Cmd;
5035 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5036 return val;
5037}
5038
5039
5040static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5041{
5042 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5043 if (!(val & BM_CMD_START))
5044 {
5045 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5046 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5047 }
5048 else
5049 {
5050#ifdef IN_RING3
5051 /* Check whether the guest OS wants to change DMA direction in
5052 * mid-flight. Not allowed, according to the PIIX3 specs. */
5053 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5054 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5055 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5056
5057 /* Do not continue DMA transfers while the RESET line is asserted. */
5058 if (pCtl->fReset)
5059 {
5060 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5061 return;
5062 }
5063
5064 /* Do not start DMA transfers if there's a PIO transfer going on. */
5065 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
5066 return;
5067
5068 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5069 {
5070 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5071 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5072 }
5073#else /* !IN_RING3 */
5074 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5075#endif /* IN_RING3 */
5076 }
5077}
5078
5079static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5080{
5081 uint32_t val = pCtl->BmDma.u8Status;
5082 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5083 return val;
5084}
5085
5086static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5087{
5088 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5089 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5090 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5091 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5092}
5093
5094static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5095{
5096 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5097 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5098 return val;
5099}
5100
5101static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5102{
5103 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5104 pCtl->BmDma.pvAddr = val & ~3;
5105}
5106
5107static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5108{
5109 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5110 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5111
5112}
5113
5114static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5115{
5116 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5117 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5118}
5119
5120#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5121
5122/**
5123 * Port I/O Handler for bus master DMA IN operations.
5124 * @see FNIOMIOPORTIN for details.
5125 */
5126PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5127{
5128 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5129 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5130 PATACONTROLLER pCtl = &pThis->aCts[i];
5131 int rc;
5132
5133 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5134 if (rc != VINF_SUCCESS)
5135 return rc;
5136 switch (VAL(Port, cb))
5137 {
5138 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5139 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5140 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5141 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5142 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5143 case VAL(0, 4):
5144 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5145 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5146 break;
5147 default:
5148 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5149 PDMCritSectLeave(&pCtl->lock);
5150 return VERR_IOM_IOPORT_UNUSED;
5151 }
5152 PDMCritSectLeave(&pCtl->lock);
5153 return rc;
5154}
5155
5156/**
5157 * Port I/O Handler for bus master DMA OUT operations.
5158 * @see FNIOMIOPORTOUT for details.
5159 */
5160PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5161{
5162 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5163 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5164 PATACONTROLLER pCtl = &pThis->aCts[i];
5165 int rc;
5166
5167 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5168 if (rc != VINF_SUCCESS)
5169 return rc;
5170 switch (VAL(Port, cb))
5171 {
5172 case VAL(0, 1):
5173#ifndef IN_RING3
5174 if (u32 & BM_CMD_START)
5175 {
5176 rc = VINF_IOM_HC_IOPORT_WRITE;
5177 break;
5178 }
5179#endif /* !IN_RING3 */
5180 ataBMDMACmdWriteB(pCtl, Port, u32);
5181 break;
5182 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5183 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5184 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5185 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5186 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5187 }
5188 PDMCritSectLeave(&pCtl->lock);
5189 return rc;
5190}
5191
5192#undef VAL
5193
5194#ifdef IN_RING3
5195
5196/**
5197 * Callback function for mapping an PCI I/O region.
5198 *
5199 * @return VBox status code.
5200 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5201 * @param iRegion The region number.
5202 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5203 * I/O port, else it's a physical address.
5204 * This address is *NOT* relative to pci_mem_base like earlier!
5205 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5206 */
5207static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5208{
5209 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5210 int rc = VINF_SUCCESS;
5211 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5212 Assert(iRegion == 4);
5213 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5214
5215 /* Register the port range. */
5216 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5217 {
5218 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5219 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5220 AssertRC(rc2);
5221 if (rc2 < rc)
5222 rc = rc2;
5223
5224 if (pThis->fGCEnabled)
5225 {
5226 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5227 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5228 AssertRC(rc2);
5229 if (rc2 < rc)
5230 rc = rc2;
5231 }
5232 if (pThis->fR0Enabled)
5233 {
5234 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5235 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5236 AssertRC(rc2);
5237 if (rc2 < rc)
5238 rc = rc2;
5239 }
5240 }
5241 return rc;
5242}
5243
5244
5245/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5246
5247/**
5248 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5249 */
5250static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5251{
5252 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5253 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5254 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5255 return NULL;
5256}
5257
5258
5259/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5260
5261/**
5262 * Gets the pointer to the status LED of a unit.
5263 *
5264 * @returns VBox status code.
5265 * @param pInterface Pointer to the interface structure containing the called function pointer.
5266 * @param iLUN The unit which status LED we desire.
5267 * @param ppLed Where to store the LED pointer.
5268 */
5269static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5270{
5271 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5272 if (iLUN < 4)
5273 {
5274 switch (iLUN)
5275 {
5276 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5277 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5278 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5279 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5280 }
5281 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5282 return VINF_SUCCESS;
5283 }
5284 return VERR_PDM_LUN_NOT_FOUND;
5285}
5286
5287
5288/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5289
5290/**
5291 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5292 */
5293static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5294{
5295 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5296 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5297 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5298 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5299 return NULL;
5300}
5301
5302#endif /* IN_RING3 */
5303
5304
5305/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5306
5307/**
5308 * Port I/O Handler for primary port range OUT operations.
5309 * @see FNIOMIOPORTOUT for details.
5310 */
5311PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5312{
5313 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5314 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5315 PATACONTROLLER pCtl = &pThis->aCts[i];
5316 int rc = VINF_SUCCESS;
5317
5318 Assert(i < 2);
5319
5320 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5321 if (rc != VINF_SUCCESS)
5322 return rc;
5323 if (cb == 1)
5324 rc = ataIOPortWriteU8(pCtl, Port, u32);
5325 else if (Port == pCtl->IOPortBase1)
5326 {
5327 Assert(cb == 2 || cb == 4);
5328 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5329 }
5330 else
5331 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5332 PDMCritSectLeave(&pCtl->lock);
5333 return rc;
5334}
5335
5336
5337/**
5338 * Port I/O Handler for primary port range IN operations.
5339 * @see FNIOMIOPORTIN for details.
5340 */
5341PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5342{
5343 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5344 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5345 PATACONTROLLER pCtl = &pThis->aCts[i];
5346 int rc = VINF_SUCCESS;
5347
5348 Assert(i < 2);
5349
5350 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5351 if (rc != VINF_SUCCESS)
5352 return rc;
5353 if (cb == 1)
5354 {
5355 rc = ataIOPortReadU8(pCtl, Port, pu32);
5356 }
5357 else if (Port == pCtl->IOPortBase1)
5358 {
5359 Assert(cb == 2 || cb == 4);
5360 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5361 if (cb == 2)
5362 *pu32 &= 0xffff;
5363 }
5364 else
5365 {
5366 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5367 rc = VERR_IOM_IOPORT_UNUSED;
5368 }
5369 PDMCritSectLeave(&pCtl->lock);
5370 return rc;
5371}
5372
5373#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5374/**
5375 * Port I/O Handler for primary port range IN string operations.
5376 * @see FNIOMIOPORTINSTRING for details.
5377 */
5378PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5379{
5380 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5381 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5382 PATACONTROLLER pCtl = &pThis->aCts[i];
5383 int rc = VINF_SUCCESS;
5384
5385 Assert(i < 2);
5386
5387 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5388 if (rc != VINF_SUCCESS)
5389 return rc;
5390 if (Port == pCtl->IOPortBase1)
5391 {
5392 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5393 RTGCPTR GCDst = *pGCPtrDst;
5394 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5395 Assert(cb == 2 || cb == 4);
5396
5397 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5398#ifndef IN_RING3
5399 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5400 if (!cTransAvailable)
5401 {
5402 PDMCritSectLeave(&pCtl->lock);
5403 return VINF_IOM_HC_IOPORT_READ;
5404 }
5405 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5406 cTransAvailable--;
5407#endif /* !IN_RING3 */
5408 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5409 * They are not performance-critical and generally shouldn't occur at all. */
5410 if (cTransAvailable > cTransfer)
5411 cTransAvailable = cTransfer;
5412 cbTransfer = cTransAvailable * cb;
5413
5414 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5415 Assert(rc == VINF_SUCCESS);
5416
5417 if (cbTransfer)
5418 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5419 s->iIOBufferPIODataStart += cbTransfer;
5420 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5421 *pcTransfer = cTransfer - cTransAvailable;
5422#ifdef IN_RING3
5423 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5424 ataPIOTransferFinish(pCtl, s);
5425#endif /* IN_RING3 */
5426 }
5427 PDMCritSectLeave(&pCtl->lock);
5428 return rc;
5429}
5430
5431
5432/**
5433 * Port I/O Handler for primary port range OUT string operations.
5434 * @see FNIOMIOPORTOUTSTRING for details.
5435 */
5436PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5437{
5438 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5439 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5440 PATACONTROLLER pCtl = &pThis->aCts[i];
5441 int rc;
5442
5443 Assert(i < 2);
5444
5445 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5446 if (rc != VINF_SUCCESS)
5447 return rc;
5448 if (Port == pCtl->IOPortBase1)
5449 {
5450 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5451 RTGCPTR GCSrc = *pGCPtrSrc;
5452 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5453 Assert(cb == 2 || cb == 4);
5454
5455 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5456#ifndef IN_RING3
5457 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5458 if (!cTransAvailable)
5459 {
5460 PDMCritSectLeave(&pCtl->lock);
5461 return VINF_IOM_HC_IOPORT_WRITE;
5462 }
5463 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5464 cTransAvailable--;
5465#endif /* !IN_RING3 */
5466 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5467 * They are not performance-critical and generally shouldn't occur at all. */
5468 if (cTransAvailable > cTransfer)
5469 cTransAvailable = cTransfer;
5470 cbTransfer = cTransAvailable * cb;
5471
5472 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5473 Assert(rc == VINF_SUCCESS);
5474
5475 if (cbTransfer)
5476 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5477 s->iIOBufferPIODataStart += cbTransfer;
5478 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5479 *pcTransfer = cTransfer - cTransAvailable;
5480#ifdef IN_RING3
5481 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5482 ataPIOTransferFinish(pCtl, s);
5483#endif /* IN_RING3 */
5484 }
5485 PDMCritSectLeave(&pCtl->lock);
5486 return rc;
5487}
5488#endif /* !IN_RING0 */
5489
5490/**
5491 * Port I/O Handler for secondary port range OUT operations.
5492 * @see FNIOMIOPORTOUT for details.
5493 */
5494PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5495{
5496 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5497 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5498 PATACONTROLLER pCtl = &pThis->aCts[i];
5499 int rc;
5500
5501 Assert(i < 2);
5502
5503 if (cb != 1)
5504 return VINF_SUCCESS;
5505 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5506 if (rc != VINF_SUCCESS)
5507 return rc;
5508 rc = ataControlWrite(pCtl, Port, u32);
5509 PDMCritSectLeave(&pCtl->lock);
5510 return rc;
5511}
5512
5513
5514/**
5515 * Port I/O Handler for secondary port range IN operations.
5516 * @see FNIOMIOPORTIN for details.
5517 */
5518PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5519{
5520 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5521 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5522 PATACONTROLLER pCtl = &pThis->aCts[i];
5523 int rc;
5524
5525 Assert(i < 2);
5526
5527 if (cb != 1)
5528 return VERR_IOM_IOPORT_UNUSED;
5529
5530 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5531 if (rc != VINF_SUCCESS)
5532 return rc;
5533 *pu32 = ataStatusRead(pCtl, Port);
5534 PDMCritSectLeave(&pCtl->lock);
5535 return VINF_SUCCESS;
5536}
5537
5538#ifdef IN_RING3
5539
5540
5541DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5542{
5543 if (s->pbIOBufferR3)
5544 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5545}
5546
5547
5548/**
5549 * @copydoc FNPDMDEVRELOCATE
5550 */
5551static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5552{
5553 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5554
5555 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5556 {
5557 pThis->aCts[i].pDevInsRC += offDelta;
5558 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5559 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5560 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5561 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5562 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5563 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5564 }
5565}
5566
5567
5568/**
5569 * Destroy a driver instance.
5570 *
5571 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5572 * resources can be freed correctly.
5573 *
5574 * @param pDevIns The device instance data.
5575 */
5576static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5577{
5578 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5579 int rc;
5580
5581 Log(("ataR3Destruct\n"));
5582 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
5583
5584 /*
5585 * Tell the async I/O threads to terminate.
5586 */
5587 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5588 {
5589 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5590 {
5591 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5592 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5593 AssertRC(rc);
5594 }
5595 }
5596
5597 /*
5598 * Wait for the threads to terminate before destroying their resources.
5599 */
5600 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5601 {
5602 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5603 {
5604 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5605 if (RT_SUCCESS(rc))
5606 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5607 else
5608 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5609 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5610 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5611 }
5612 }
5613
5614 /*
5615 * Free resources.
5616 */
5617 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5618 {
5619 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5620 {
5621 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5622 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5623 }
5624 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5625 {
5626 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5627 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5628 }
5629 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5630 {
5631 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5632 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5633 }
5634
5635 /* try one final time */
5636 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5637 {
5638 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5639 if (RT_SUCCESS(rc))
5640 {
5641 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5642 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5643 }
5644 }
5645 }
5646
5647 return VINF_SUCCESS;
5648}
5649
5650
5651/**
5652 * Detach notification.
5653 *
5654 * The DVD drive has been unplugged.
5655 *
5656 * @param pDevIns The device instance.
5657 * @param iLUN The logical unit which is being detached.
5658 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5659 */
5660static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5661{
5662 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5663 PATACONTROLLER pCtl;
5664 ATADevState *pIf;
5665 unsigned iController;
5666 unsigned iInterface;
5667
5668 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5669 ("PIIX3IDE: Device does not support hotplugging\n"));
5670
5671 /*
5672 * Locate the controller and stuff.
5673 */
5674 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5675 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5676 pCtl = &pThis->aCts[iController];
5677
5678 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5679 pIf = &pCtl->aIfs[iInterface];
5680
5681 /*
5682 * Zero some important members.
5683 */
5684 pIf->pDrvBase = NULL;
5685 pIf->pDrvBlock = NULL;
5686 pIf->pDrvBlockBios = NULL;
5687 pIf->pDrvMount = NULL;
5688
5689 /*
5690 * In case there was a medium inserted.
5691 */
5692 ataMediumRemoved(pIf);
5693}
5694
5695
5696/**
5697 * Configure a LUN.
5698 *
5699 * @returns VBox status code.
5700 * @param pDevIns The device instance.
5701 * @param pIf The ATA unit state.
5702 */
5703static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5704{
5705 int rc = VINF_SUCCESS;
5706 PDMBLOCKTYPE enmType;
5707
5708 /*
5709 * Query Block, Bios and Mount interfaces.
5710 */
5711 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5712 if (!pIf->pDrvBlock)
5713 {
5714 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5715 return VERR_PDM_MISSING_INTERFACE;
5716 }
5717
5718 /** @todo implement the BIOS invisible code path. */
5719 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5720 if (!pIf->pDrvBlockBios)
5721 {
5722 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5723 return VERR_PDM_MISSING_INTERFACE;
5724 }
5725 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5726
5727 /*
5728 * Validate type.
5729 */
5730 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5731 if ( enmType != PDMBLOCKTYPE_CDROM
5732 && enmType != PDMBLOCKTYPE_DVD
5733 && enmType != PDMBLOCKTYPE_HARD_DISK)
5734 {
5735 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5736 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5737 }
5738 if ( ( enmType == PDMBLOCKTYPE_DVD
5739 || enmType == PDMBLOCKTYPE_CDROM)
5740 && !pIf->pDrvMount)
5741 {
5742 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5743 return VERR_INTERNAL_ERROR;
5744 }
5745 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5746 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5747
5748 /*
5749 * Allocate I/O buffer.
5750 */
5751 PVM pVM = PDMDevHlpGetVM(pDevIns);
5752 if (pIf->cbIOBuffer)
5753 {
5754 /* Buffer is (probably) already allocated. Validate the fields,
5755 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5756 if (pIf->fATAPI)
5757 AssertRelease(pIf->cbIOBuffer == _128K);
5758 else
5759 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5760 Assert(pIf->pbIOBufferR3);
5761 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5762 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5763 }
5764 else
5765 {
5766 if (pIf->fATAPI)
5767 pIf->cbIOBuffer = _128K;
5768 else
5769 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5770 Assert(!pIf->pbIOBufferR3);
5771 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5772 if (RT_FAILURE(rc))
5773 return VERR_NO_MEMORY;
5774 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5775 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5776 }
5777
5778 /*
5779 * Init geometry (only for non-CD/DVD media).
5780 */
5781 if (pIf->fATAPI)
5782 {
5783 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5784 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5785 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5786 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5787 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5788 }
5789 else
5790 {
5791 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5792 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5793 &pIf->PCHSGeometry);
5794 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5795 {
5796 pIf->PCHSGeometry.cCylinders = 0;
5797 pIf->PCHSGeometry.cHeads = 16; /*??*/
5798 pIf->PCHSGeometry.cSectors = 63; /*??*/
5799 }
5800 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5801 {
5802 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5803 rc = VINF_SUCCESS;
5804 }
5805 AssertRC(rc);
5806
5807 if ( pIf->PCHSGeometry.cCylinders == 0
5808 || pIf->PCHSGeometry.cHeads == 0
5809 || pIf->PCHSGeometry.cSectors == 0
5810 )
5811 {
5812 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5813 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5814 pIf->PCHSGeometry.cHeads = 16;
5815 pIf->PCHSGeometry.cSectors = 63;
5816 /* Set the disk geometry information. Ignore errors. */
5817 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5818 &pIf->PCHSGeometry);
5819 rc = VINF_SUCCESS;
5820 }
5821 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5822 }
5823 return rc;
5824}
5825
5826
5827/**
5828 * Attach command.
5829 *
5830 * This is called when we change block driver for the DVD drive.
5831 *
5832 * @returns VBox status code.
5833 * @param pDevIns The device instance.
5834 * @param iLUN The logical unit which is being detached.
5835 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5836 */
5837static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5838{
5839 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5840 PATACONTROLLER pCtl;
5841 ATADevState *pIf;
5842 int rc;
5843 unsigned iController;
5844 unsigned iInterface;
5845
5846 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5847 ("PIIX3IDE: Device does not support hotplugging\n"),
5848 VERR_INVALID_PARAMETER);
5849
5850 /*
5851 * Locate the controller and stuff.
5852 */
5853 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5854 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5855 pCtl = &pThis->aCts[iController];
5856
5857 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5858 pIf = &pCtl->aIfs[iInterface];
5859
5860 /* the usual paranoia */
5861 AssertRelease(!pIf->pDrvBase);
5862 AssertRelease(!pIf->pDrvBlock);
5863 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5864 Assert(pIf->iLUN == iLUN);
5865
5866 /*
5867 * Try attach the block device and get the interfaces,
5868 * required as well as optional.
5869 */
5870 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5871 if (RT_SUCCESS(rc))
5872 {
5873 rc = ataConfigLun(pDevIns, pIf);
5874 /*
5875 * In case there is a medium inserted.
5876 */
5877 ataMediumInserted(pIf);
5878 }
5879 else
5880 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5881
5882 if (RT_FAILURE(rc))
5883 {
5884 pIf->pDrvBase = NULL;
5885 pIf->pDrvBlock = NULL;
5886 }
5887 return rc;
5888}
5889
5890
5891/**
5892 * Resume notification.
5893 *
5894 * @returns VBox status.
5895 * @param pDevIns The device instance data.
5896 */
5897static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
5898{
5899 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5900 int rc;
5901
5902 Log(("%s:\n", __FUNCTION__));
5903 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5904 {
5905 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5906 {
5907 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5908 AssertRC(rc);
5909 }
5910 }
5911 return;
5912}
5913
5914
5915/**
5916 * Checks if all (both) the async I/O threads have quiesced.
5917 *
5918 * @returns true on success.
5919 * @returns false when one or more threads is still processing.
5920 * @param pThis Pointer to the instance data.
5921 */
5922static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
5923{
5924 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5925
5926 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5927 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5928 {
5929 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
5930 if (!fRc)
5931 {
5932 /* Make it signal PDM & itself when its done */
5933 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
5934 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
5935 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
5936 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
5937 if (!fRc)
5938 {
5939#if 0 /** @todo Need to do some time tracking here... */
5940 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5941 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5942 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
5943#endif
5944 return false;
5945 }
5946 }
5947 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
5948 }
5949 return true;
5950}
5951
5952
5953/**
5954 * Callback employed by ataSuspend and ataR3PowerOff.
5955 *
5956 * @returns true if we've quiesced, false if we're still working.
5957 * @param pDevIns The device instance.
5958 */
5959static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
5960{
5961 return ataR3AllAsyncIOIsIdle(pDevIns);
5962}
5963
5964
5965/**
5966 * Common worker for ataSuspend and ataR3PowerOff.
5967 */
5968static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
5969{
5970 if (!ataR3AllAsyncIOIsIdle(pDevIns))
5971 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
5972}
5973
5974
5975/**
5976 * Power Off notification.
5977 *
5978 * @returns VBox status.
5979 * @param pDevIns The device instance data.
5980 */
5981static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
5982{
5983 Log(("%s:\n", __FUNCTION__));
5984 ataR3SuspendOrPowerOff(pDevIns);
5985}
5986
5987
5988/**
5989 * Suspend notification.
5990 *
5991 * @returns VBox status.
5992 * @param pDevIns The device instance data.
5993 */
5994static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
5995{
5996 Log(("%s:\n", __FUNCTION__));
5997 ataR3SuspendOrPowerOff(pDevIns);
5998}
5999
6000
6001/**
6002 * Callback employed by ataR3Reset.
6003 *
6004 * @returns true if we've quiesced, false if we're still working.
6005 * @param pDevIns The device instance.
6006 */
6007static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6008{
6009 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6010
6011 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6012 return false;
6013
6014 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6015 {
6016 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6017 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6018 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6019 PDMCritSectLeave(&pThis->aCts[i].lock);
6020 }
6021 return true;
6022}
6023
6024
6025/**
6026 * Common reset worker for ataR3Reset and ataR3Construct.
6027 *
6028 * @returns VBox status.
6029 * @param pDevIns The device instance data.
6030 * @param fConstruct Indicates who is calling.
6031 */
6032static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6033{
6034 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6035
6036 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6037 {
6038 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6039
6040 pThis->aCts[i].iSelectedIf = 0;
6041 pThis->aCts[i].iAIOIf = 0;
6042 pThis->aCts[i].BmDma.u8Cmd = 0;
6043 /* Report that both drives present on the bus are in DMA mode. This
6044 * pretends that there is a BIOS that has set it up. Normal reset
6045 * default is 0x00. */
6046 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6047 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6048 pThis->aCts[i].BmDma.pvAddr = 0;
6049
6050 pThis->aCts[i].fReset = true;
6051 pThis->aCts[i].fRedo = false;
6052 pThis->aCts[i].fRedoIdle = false;
6053 ataAsyncIOClearRequests(&pThis->aCts[i]);
6054 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6055 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6056 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6057
6058 PDMCritSectLeave(&pThis->aCts[i].lock);
6059 }
6060
6061 int rcRet = VINF_SUCCESS;
6062 if (!fConstruct)
6063 {
6064 /*
6065 * Setup asynchronous notification compmletion if the requests haven't
6066 * completed yet.
6067 */
6068 if (!ataR3IsAsyncResetDone(pDevIns))
6069 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6070 }
6071 else
6072 {
6073 /*
6074 * Wait for the requests for complete.
6075 *
6076 * Would be real nice if we could do it all from EMT(0) and not
6077 * involve the worker threads, then we could dispense with all the
6078 * waiting and semaphore ping-pong here...
6079 */
6080 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6081 {
6082 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6083 {
6084 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6085 AssertRC(rc);
6086
6087 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6088 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6089 AssertRC(rc);
6090
6091 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6092 AssertRC(rc);
6093
6094 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6095 {
6096 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6097 if (RT_FAILURE(rc))
6098 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6099 if (RT_FAILURE(rc))
6100 {
6101 AssertRC(rc);
6102 rcRet = rc;
6103 }
6104 }
6105 }
6106 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6107 }
6108 if (RT_SUCCESS(rcRet))
6109 {
6110 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6111 AssertRC(rcRet);
6112 }
6113 }
6114 return rcRet;
6115}
6116
6117
6118/**
6119 * Reset notification.
6120 *
6121 * @param pDevIns The device instance data.
6122 */
6123static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6124{
6125 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6126}
6127
6128
6129/**
6130 * Prepare state save and load operation.
6131 *
6132 * @returns VBox status code.
6133 * @param pDevIns Device instance of the device which registered the data unit.
6134 * @param pSSM SSM operation handle.
6135 */
6136static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6137{
6138 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6139
6140 /* sanity - the suspend notification will wait on the async stuff. */
6141 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6142 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6143 ("i=%u\n", i),
6144 VERR_SSM_IDE_ASYNC_TIMEOUT);
6145 return VINF_SUCCESS;
6146}
6147
6148/**
6149 * @copydoc FNSSMDEVLIVEEXEC
6150 */
6151static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6152{
6153 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6154
6155 SSMR3PutU8(pSSM, pThis->u8Type);
6156 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6157 {
6158 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6159 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6160 {
6161 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6162 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6163 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6164 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6165 }
6166 }
6167
6168 return VINF_SSM_DONT_CALL_AGAIN;
6169}
6170
6171
6172/**
6173 * @copydoc FNSSMDEVSAVEEXEC
6174 */
6175static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6176{
6177 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6178
6179 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6180
6181 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6182 {
6183 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6184 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6185 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6186 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6187 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6188 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6189 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6190 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6191 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6192 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6193 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6194 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6195 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6196
6197 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6198 {
6199 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6200 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6201 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6202 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6203 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6204 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6205 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6206 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6207 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6208 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6209 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6210 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6211 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6212 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6213 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6214 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6215 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6216 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6217 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6218 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6219 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6220 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6221 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6222 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6223 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6224 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6225 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6226 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6227 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6228 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6229 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6230 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6231 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6232 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6233 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6234 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6235 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6236 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6237 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6238 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6239 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6240 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6241 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6242 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6243 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6244 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6245 else
6246 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6247 }
6248 }
6249
6250 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6251}
6252
6253/**
6254 * Converts the LUN number into a message string.
6255 */
6256static const char *ataStringifyLun(unsigned iLun)
6257{
6258 switch (iLun)
6259 {
6260 case 0: return "primary master";
6261 case 1: return "primary slave";
6262 case 2: return "secondary master";
6263 case 3: return "secondary slave";
6264 default: AssertFailedReturn("unknown lun");
6265 }
6266}
6267
6268/**
6269 * FNSSMDEVLOADEXEC
6270 */
6271static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6272{
6273 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6274 int rc;
6275 uint32_t u32;
6276
6277 if ( uVersion != ATA_SAVED_STATE_VERSION
6278 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6279 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6280 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6281 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6282 {
6283 AssertMsgFailed(("uVersion=%d\n", uVersion));
6284 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6285 }
6286
6287 /*
6288 * Verify the configuration.
6289 */
6290 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6291 {
6292 uint8_t u8Type;
6293 rc = SSMR3GetU8(pSSM, &u8Type);
6294 AssertRCReturn(rc, rc);
6295 if (u8Type != pThis->u8Type)
6296 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6297
6298 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6299 {
6300 bool fEnabled;
6301 rc = SSMR3GetBool(pSSM, &fEnabled);
6302 AssertRCReturn(rc, rc);
6303 if (!fEnabled)
6304 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6305
6306 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6307 {
6308 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6309
6310 bool fInUse;
6311 rc = SSMR3GetBool(pSSM, &fInUse);
6312 AssertRCReturn(rc, rc);
6313 if (fInUse != (pIf->pDrvBase != NULL))
6314 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6315 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6316 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6317
6318 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6319 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6320 AssertRCReturn(rc, rc);
6321 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6322 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6323 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6324
6325 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6326 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6327 AssertRCReturn(rc, rc);
6328 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6329 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6330 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6331
6332 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6333 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6334 AssertRCReturn(rc, rc);
6335 if (strcmp(szModelNumber, pIf->szModelNumber))
6336 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6337 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6338 }
6339 }
6340 }
6341 if (uPass != SSM_PASS_FINAL)
6342 return VINF_SUCCESS;
6343
6344 /*
6345 * Restore valid parts of the PCIATAState structure
6346 */
6347 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6348 {
6349 /* integrity check */
6350 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6351 {
6352 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6353 return VERR_INTERNAL_ERROR_4;
6354 }
6355
6356 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6357 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6358 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6359 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6360 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6361 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6362 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6363 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6364 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6365 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6366 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6367 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6368 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6369
6370 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6371 {
6372 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6373 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6374 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6375 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6376 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6377 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6378 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6379 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6380 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6381 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6382 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6383 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6384 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6385 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6386 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6387 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6388 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6389 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6390 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6391 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6392 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6393 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6394 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6395 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6396 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6397 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6398 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6399 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6400 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6401 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6402 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6403 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6404 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6405 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6406 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6407 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6408 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6409 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6410 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6411 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6412 {
6413 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6414 }
6415 else
6416 {
6417 uint8_t uATAPISenseKey, uATAPIASC;
6418 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6419 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6420 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6421 SSMR3GetU8(pSSM, &uATAPISenseKey);
6422 SSMR3GetU8(pSSM, &uATAPIASC);
6423 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6424 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6425 }
6426 /** @todo triple-check this hack after passthrough is working */
6427 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6428 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6429 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6430 else
6431 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6432 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6433 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6434 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6435 {
6436 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6437 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6438 else
6439 {
6440 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6441 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6442 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6443
6444 /* skip the buffer if we're loading for the debugger / animator. */
6445 uint8_t u8Ignored;
6446 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6447 while (cbLeft-- > 0)
6448 SSMR3GetU8(pSSM, &u8Ignored);
6449 }
6450 }
6451 else
6452 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6453 }
6454 }
6455 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6456 SSMR3GetU8(pSSM, &pThis->u8Type);
6457
6458 rc = SSMR3GetU32(pSSM, &u32);
6459 if (RT_FAILURE(rc))
6460 return rc;
6461 if (u32 != ~0U)
6462 {
6463 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6464 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6465 return rc;
6466 }
6467
6468 return VINF_SUCCESS;
6469}
6470
6471/**
6472 * Convert config value to DEVPCBIOSBOOT.
6473 *
6474 * @returns VBox status code.
6475 * @param pDevIns The device instance data.
6476 * @param pCfg Configuration handle.
6477 * @param penmChipset Where to store the chipset type.
6478 */
6479static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
6480{
6481 char szType[20];
6482
6483 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
6484 if (RT_FAILURE(rc))
6485 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6486 N_("Configuration error: Querying \"Type\" as a string failed"));
6487 if (!strcmp(szType, "PIIX3"))
6488 *penmChipset = CHIPSET_PIIX3;
6489 else if (!strcmp(szType, "PIIX4"))
6490 *penmChipset = CHIPSET_PIIX4;
6491 else if (!strcmp(szType, "ICH6"))
6492 *penmChipset = CHIPSET_ICH6;
6493 else
6494 {
6495 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6496 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6497 szType);
6498 rc = VERR_INTERNAL_ERROR;
6499 }
6500 return rc;
6501}
6502
6503
6504/**
6505 * @interface_method_impl{PDMDEVREG,pfnConstruct}
6506 */
6507static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
6508{
6509 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6510 PPDMIBASE pBase;
6511 int rc;
6512 bool fGCEnabled;
6513 bool fR0Enabled;
6514 uint32_t DelayIRQMillies;
6515
6516 Assert(iInstance == 0);
6517 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
6518
6519 /*
6520 * Initialize NIL handle values (for the destructor).
6521 */
6522 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6523 {
6524 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6525 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6526 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6527 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6528 }
6529
6530 /*
6531 * Validate and read configuration.
6532 */
6533 if (!CFGMR3AreValuesValid(pCfg,
6534 "GCEnabled\0"
6535 "R0Enabled\0"
6536 "IRQDelay\0"
6537 "Type\0")
6538 /** @todo || invalid keys */)
6539 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6540 N_("PIIX3 configuration error: unknown option specified"));
6541
6542 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
6543 if (RT_FAILURE(rc))
6544 return PDMDEV_SET_ERROR(pDevIns, rc,
6545 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6546 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6547
6548 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
6549 if (RT_FAILURE(rc))
6550 return PDMDEV_SET_ERROR(pDevIns, rc,
6551 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6552 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6553
6554 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
6555 if (RT_FAILURE(rc))
6556 return PDMDEV_SET_ERROR(pDevIns, rc,
6557 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6558 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6559 Assert(DelayIRQMillies < 50);
6560
6561 CHIPSET enmChipset = CHIPSET_PIIX3;
6562 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
6563 if (RT_FAILURE(rc))
6564 return rc;
6565 pThis->u8Type = (uint8_t)enmChipset;
6566
6567 /*
6568 * Initialize data (most of it anyway).
6569 */
6570 /* Status LUN. */
6571 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6572 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6573
6574 /* PCI configuration space. */
6575 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6576
6577 /*
6578 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6579 * as it explicitly checks for PCI id for IDE controllers.
6580 */
6581 switch (pThis->u8Type)
6582 {
6583 case CHIPSET_ICH6:
6584 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6585 /** @todo: do we need it? Do we need anything else? */
6586 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6587 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6588 pThis->dev.config[0x4B] = 0x00;
6589 {
6590 /*
6591 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6592 * Report
6593 * WR_Ping-Pong_EN: must be set
6594 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6595 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6596 */
6597 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6598 pThis->dev.config[0x54] = u16Config & 0xff;
6599 pThis->dev.config[0x55] = u16Config >> 8;
6600 }
6601 break;
6602 case CHIPSET_PIIX4:
6603 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6604 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6605 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6606 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6607 pThis->dev.config[0x4B] = 0x00;
6608 break;
6609 case CHIPSET_PIIX3:
6610 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6611 break;
6612 default:
6613 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6614 }
6615
6616 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6617 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6618 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6619 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6620 PCIDevSetHeaderType(&pThis->dev, 0x00);
6621
6622 pThis->pDevIns = pDevIns;
6623 pThis->fGCEnabled = fGCEnabled;
6624 pThis->fR0Enabled = fR0Enabled;
6625 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6626 {
6627 pThis->aCts[i].pDevInsR3 = pDevIns;
6628 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6629 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6630 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6631 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6632 {
6633 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6634
6635 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6636 pIf->pDevInsR3 = pDevIns;
6637 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6638 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6639 pIf->pControllerR3 = &pThis->aCts[i];
6640 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6641 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6642 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6643 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6644 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6645 pIf->Led.u32Magic = PDMLED_MAGIC;
6646 }
6647 }
6648
6649 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6650 pThis->aCts[0].irq = 14;
6651 pThis->aCts[0].IOPortBase1 = 0x1f0;
6652 pThis->aCts[0].IOPortBase2 = 0x3f6;
6653 pThis->aCts[1].irq = 15;
6654 pThis->aCts[1].IOPortBase1 = 0x170;
6655 pThis->aCts[1].IOPortBase2 = 0x376;
6656
6657 /*
6658 * Register the PCI device.
6659 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6660 * device the slot next to itself.
6661 */
6662 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6663 if (RT_FAILURE(rc))
6664 return PDMDEV_SET_ERROR(pDevIns, rc,
6665 N_("PIIX3 cannot register PCI device"));
6666 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6667 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6668 if (RT_FAILURE(rc))
6669 return PDMDEV_SET_ERROR(pDevIns, rc,
6670 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6671
6672 /*
6673 * Register the I/O ports.
6674 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6675 */
6676 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6677 {
6678 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6679 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6680 if (RT_FAILURE(rc))
6681 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6682
6683 if (fGCEnabled)
6684 {
6685 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6686 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6687 if (RT_FAILURE(rc))
6688 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6689 }
6690
6691 if (fR0Enabled)
6692 {
6693#if 1
6694 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6695 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6696#else
6697 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6698 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6699#endif
6700 if (RT_FAILURE(rc))
6701 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6702 }
6703
6704 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6705 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6706 if (RT_FAILURE(rc))
6707 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6708
6709 if (fGCEnabled)
6710 {
6711 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6712 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6713 if (RT_FAILURE(rc))
6714 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6715 }
6716 if (fR0Enabled)
6717 {
6718 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6719 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6720 if (RT_FAILURE(rc))
6721 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6722 }
6723
6724 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6725 {
6726 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6727 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6728 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6729 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6730 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6731 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6732 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
6733 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6734 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
6735#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6736 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6737 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
6738#endif
6739 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6740 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
6741#ifdef VBOX_INSTRUMENT_DMA_WRITES
6742 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6743 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
6744#endif
6745#ifdef VBOX_WITH_STATISTICS
6746 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6747 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
6748#endif
6749 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6750 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
6751#ifdef VBOX_WITH_STATISTICS
6752 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6753 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
6754#endif
6755 }
6756#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6757 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6758 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
6759 /** @todo STAMUNIT_MICROSECS */
6760 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6761 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
6762 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6763 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
6764 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6765 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
6766 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6767 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
6768 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6769 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
6770#endif /* VBOX_WITH_STATISTICS */
6771
6772 /* Initialize per-controller critical section */
6773 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
6774 if (RT_FAILURE(rc))
6775 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6776 }
6777
6778 /*
6779 * Attach status driver (optional).
6780 */
6781 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6782 if (RT_SUCCESS(rc))
6783 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
6784 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6785 {
6786 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6787 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6788 }
6789
6790 /*
6791 * Attach the units.
6792 */
6793 uint32_t cbTotalBuffer = 0;
6794 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6795 {
6796 PATACONTROLLER pCtl = &pThis->aCts[i];
6797
6798 /*
6799 * Start the worker thread.
6800 */
6801 pCtl->uAsyncIOState = ATA_AIO_NEW;
6802 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6803 AssertLogRelRCReturn(rc, rc);
6804 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6805 AssertLogRelRCReturn(rc, rc);
6806 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6807 AssertLogRelRCReturn(rc, rc);
6808 ataAsyncIOClearRequests(pCtl);
6809 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
6810 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6811 AssertLogRelRCReturn(rc, rc);
6812 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6813 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6814
6815 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6816 {
6817 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6818 {
6819 { "Primary Master", "Primary Slave" },
6820 { "Secondary Master", "Secondary Slave" }
6821 };
6822
6823 /*
6824 * Try attach the block device and get the interfaces,
6825 * required as well as optional.
6826 */
6827 ATADevState *pIf = &pCtl->aIfs[j];
6828
6829 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6830 if (RT_SUCCESS(rc))
6831 {
6832 rc = ataConfigLun(pDevIns, pIf);
6833 if (RT_SUCCESS(rc))
6834 {
6835 /*
6836 * Init vendor product data.
6837 */
6838 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6839 {
6840 { "PrimaryMaster", "PrimarySlave" },
6841 { "SecondaryMaster", "SecondarySlave" }
6842 };
6843
6844 /* Generate a default serial number. */
6845 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6846 RTUUID Uuid;
6847 if (pIf->pDrvBlock)
6848 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6849 else
6850 RTUuidClear(&Uuid);
6851
6852 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6853 {
6854 /* Generate a predictable serial for drives which don't have a UUID. */
6855 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6856 pIf->iLUN + pDevIns->iInstance * 32,
6857 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6858 }
6859 else
6860 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6861
6862 /* Get user config if present using defaults otherwise. */
6863 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
6864 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6865 szSerial);
6866 if (RT_FAILURE(rc))
6867 {
6868 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6869 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6870 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6871 return PDMDEV_SET_ERROR(pDevIns, rc,
6872 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6873 }
6874
6875 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6876 "1.0");
6877 if (RT_FAILURE(rc))
6878 {
6879 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6880 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6881 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6882 return PDMDEV_SET_ERROR(pDevIns, rc,
6883 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6884 }
6885
6886 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
6887 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
6888 if (RT_FAILURE(rc))
6889 {
6890 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6891 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6892 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6893 return PDMDEV_SET_ERROR(pDevIns, rc,
6894 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6895 }
6896
6897 /* There are three other identification strings for CD drives used for INQUIRY */
6898 if (pIf->fATAPI)
6899 {
6900 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
6901 "VBOX");
6902 if (RT_FAILURE(rc))
6903 {
6904 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6905 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6906 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
6907 return PDMDEV_SET_ERROR(pDevIns, rc,
6908 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
6909 }
6910
6911 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
6912 "CD-ROM");
6913 if (RT_FAILURE(rc))
6914 {
6915 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6916 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6917 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
6918 return PDMDEV_SET_ERROR(pDevIns, rc,
6919 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
6920 }
6921
6922 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
6923 "1.0");
6924 if (RT_FAILURE(rc))
6925 {
6926 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6927 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6928 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
6929 return PDMDEV_SET_ERROR(pDevIns, rc,
6930 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
6931 }
6932 }
6933 }
6934
6935 }
6936 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6937 {
6938 pIf->pDrvBase = NULL;
6939 pIf->pDrvBlock = NULL;
6940 pIf->cbIOBuffer = 0;
6941 pIf->pbIOBufferR3 = NULL;
6942 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6943 pIf->pbIOBufferRC = NIL_RTGCPTR;
6944 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6945 }
6946 else
6947 {
6948 switch (rc)
6949 {
6950 case VERR_ACCESS_DENIED:
6951 /* Error already catched by DrvHostBase */
6952 return rc;
6953 default:
6954 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6955 N_("PIIX3 cannot attach drive to the %s"),
6956 s_apszDescs[i][j]);
6957 }
6958 }
6959 cbTotalBuffer += pIf->cbIOBuffer;
6960 }
6961 }
6962
6963 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
6964 NULL, ataLiveExec, NULL,
6965 ataSaveLoadPrep, ataSaveExec, NULL,
6966 ataSaveLoadPrep, ataLoadExec, NULL);
6967 if (RT_FAILURE(rc))
6968 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6969
6970 /*
6971 * Initialize the device state.
6972 */
6973 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
6974}
6975
6976
6977/**
6978 * The device registration structure.
6979 */
6980const PDMDEVREG g_DevicePIIX3IDE =
6981{
6982 /* u32Version */
6983 PDM_DEVREG_VERSION,
6984 /* szName */
6985 "piix3ide",
6986 /* szRCMod */
6987 "VBoxDDGC.gc",
6988 /* szR0Mod */
6989 "VBoxDDR0.r0",
6990 /* pszDescription */
6991 "Intel PIIX3 ATA controller.\n"
6992 " LUN #0 is primary master.\n"
6993 " LUN #1 is primary slave.\n"
6994 " LUN #2 is secondary master.\n"
6995 " LUN #3 is secondary slave.\n"
6996 " LUN #999 is the LED/Status connector.",
6997 /* fFlags */
6998 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
6999 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7000 /* fClass */
7001 PDM_DEVREG_CLASS_STORAGE,
7002 /* cMaxInstances */
7003 1,
7004 /* cbInstance */
7005 sizeof(PCIATAState),
7006 /* pfnConstruct */
7007 ataR3Construct,
7008 /* pfnDestruct */
7009 ataR3Destruct,
7010 /* pfnRelocate */
7011 ataR3Relocate,
7012 /* pfnIOCtl */
7013 NULL,
7014 /* pfnPowerOn */
7015 NULL,
7016 /* pfnReset */
7017 ataR3Reset,
7018 /* pfnSuspend */
7019 ataR3Suspend,
7020 /* pfnResume */
7021 ataR3Resume,
7022 /* pfnAttach */
7023 ataR3Attach,
7024 /* pfnDetach */
7025 ataR3Detach,
7026 /* pfnQueryInterface. */
7027 NULL,
7028 /* pfnInitComplete */
7029 NULL,
7030 /* pfnPowerOff */
7031 ataR3PowerOff,
7032 /* pfnSoftReset */
7033 NULL,
7034 /* u32VersionEnd */
7035 PDM_DEVREG_VERSION
7036};
7037#endif /* IN_RING3 */
7038#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette