VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 32484

Last change on this file since 32484 was 32108, checked in by vboxsync, 14 years ago

ATA/ATAPI: Clear the Led always
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 271.3 KB
Line 
1/* $Id: DevATA.cpp 32108 2010-08-31 07:24:04Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/stam.h>
55#include <VBox/mm.h>
56#include <VBox/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "../Builtins.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/* Media track type */
102#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
103#define ATA_MEDIA_TYPE_DATA 1 /**< Data CD */
104#define ATA_MEDIA_TYPE_CDDA 2 /**< CD-DA (audio) CD type */
105
106/**
107 * Length of the configurable VPD data (without termination)
108 */
109#define ATA_SERIAL_NUMBER_LENGTH 20
110#define ATA_FIRMWARE_REVISION_LENGTH 8
111#define ATA_MODEL_NUMBER_LENGTH 40
112#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
113#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
114#define ATAPI_INQUIRY_REVISION_LENGTH 4
115
116/*******************************************************************************
117* Structures and Typedefs *
118*******************************************************************************/
119/**
120 * The state of an ATA device.
121 *
122 * @implements PDMIBASE
123 * @implements PDMIBLOCKPORT
124 * @implements PDMIMOUNTNOTIFY
125 */
126typedef struct ATADevState
127{
128 /** Flag indicating whether the current command uses LBA48 mode. */
129 bool fLBA48;
130 /** Flag indicating whether this drive implements the ATAPI command set. */
131 bool fATAPI;
132 /** Set if this interface has asserted the IRQ. */
133 bool fIrqPending;
134 /** Currently configured number of sectors in a multi-sector transfer. */
135 uint8_t cMultSectors;
136 /** PCHS disk geometry. */
137 PDMMEDIAGEOMETRY PCHSGeometry;
138 /** Total number of sectors on this disk. */
139 uint64_t cTotalSectors;
140 /** Number of sectors to transfer per IRQ. */
141 uint32_t cSectorsPerIRQ;
142
143 /** ATA/ATAPI register 1: feature (write-only). */
144 uint8_t uATARegFeature;
145 /** ATA/ATAPI register 1: feature, high order byte. */
146 uint8_t uATARegFeatureHOB;
147 /** ATA/ATAPI register 1: error (read-only). */
148 uint8_t uATARegError;
149 /** ATA/ATAPI register 2: sector count (read/write). */
150 uint8_t uATARegNSector;
151 /** ATA/ATAPI register 2: sector count, high order byte. */
152 uint8_t uATARegNSectorHOB;
153 /** ATA/ATAPI register 3: sector (read/write). */
154 uint8_t uATARegSector;
155 /** ATA/ATAPI register 3: sector, high order byte. */
156 uint8_t uATARegSectorHOB;
157 /** ATA/ATAPI register 4: cylinder low (read/write). */
158 uint8_t uATARegLCyl;
159 /** ATA/ATAPI register 4: cylinder low, high order byte. */
160 uint8_t uATARegLCylHOB;
161 /** ATA/ATAPI register 5: cylinder high (read/write). */
162 uint8_t uATARegHCyl;
163 /** ATA/ATAPI register 5: cylinder high, high order byte. */
164 uint8_t uATARegHCylHOB;
165 /** ATA/ATAPI register 6: select drive/head (read/write). */
166 uint8_t uATARegSelect;
167 /** ATA/ATAPI register 7: status (read-only). */
168 uint8_t uATARegStatus;
169 /** ATA/ATAPI register 7: command (write-only). */
170 uint8_t uATARegCommand;
171 /** ATA/ATAPI drive control register (write-only). */
172 uint8_t uATARegDevCtl;
173
174 /** Currently active transfer mode (MDMA/UDMA) and speed. */
175 uint8_t uATATransferMode;
176 /** Current transfer direction. */
177 uint8_t uTxDir;
178 /** Index of callback for begin transfer. */
179 uint8_t iBeginTransfer;
180 /** Index of callback for source/sink of data. */
181 uint8_t iSourceSink;
182 /** Flag indicating whether the current command transfers data in DMA mode. */
183 bool fDMA;
184 /** Set to indicate that ATAPI transfer semantics must be used. */
185 bool fATAPITransfer;
186
187 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbTotalTransfer;
189 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
190 uint32_t cbElementaryTransfer;
191 /** Current read/write buffer position, shared PIO/DMA. */
192 uint32_t iIOBufferCur;
193 /** First element beyond end of valid buffer content, shared PIO/DMA. */
194 uint32_t iIOBufferEnd;
195
196 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataStart;
198 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
199 uint32_t iIOBufferPIODataEnd;
200
201 /** ATAPI current LBA position. */
202 uint32_t iATAPILBA;
203 /** ATAPI current sector size. */
204 uint32_t cbATAPISector;
205 /** ATAPI current command. */
206 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
207 /** ATAPI sense data. */
208 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
209 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
210 uint8_t cNotifiedMediaChange;
211 /** The same for GET_EVENT_STATUS for mechanism */
212 volatile uint32_t MediaEventStatus;
213
214 /** Media type if known. */
215 volatile uint32_t MediaTrackType;
216
217 /** The status LED state for this drive. */
218 PDMLED Led;
219
220 /** Size of I/O buffer. */
221 uint32_t cbIOBuffer;
222 /** Pointer to the I/O buffer. */
223 R3PTRTYPE(uint8_t *) pbIOBufferR3;
224 /** Pointer to the I/O buffer. */
225 R0PTRTYPE(uint8_t *) pbIOBufferR0;
226 /** Pointer to the I/O buffer. */
227 RCPTRTYPE(uint8_t *) pbIOBufferRC;
228
229 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
230
231 /*
232 * No data that is part of the saved state after this point!!!!!
233 */
234
235 /* Release statistics: number of ATA DMA commands. */
236 STAMCOUNTER StatATADMA;
237 /* Release statistics: number of ATA PIO commands. */
238 STAMCOUNTER StatATAPIO;
239 /* Release statistics: number of ATAPI PIO commands. */
240 STAMCOUNTER StatATAPIDMA;
241 /* Release statistics: number of ATAPI PIO commands. */
242 STAMCOUNTER StatATAPIPIO;
243#ifdef VBOX_INSTRUMENT_DMA_WRITES
244 /* Release statistics: number of DMA sector writes and the time spent. */
245 STAMPROFILEADV StatInstrVDWrites;
246#endif
247
248 /** Statistics: number of read operations and the time spent reading. */
249 STAMPROFILEADV StatReads;
250 /** Statistics: number of bytes read. */
251 STAMCOUNTER StatBytesRead;
252 /** Statistics: number of write operations and the time spent writing. */
253 STAMPROFILEADV StatWrites;
254 /** Statistics: number of bytes written. */
255 STAMCOUNTER StatBytesWritten;
256 /** Statistics: number of flush operations and the time spend flushing. */
257 STAMPROFILE StatFlushes;
258
259 /** Enable passing through commands directly to the ATAPI drive. */
260 bool fATAPIPassthrough;
261 /** Number of errors we've reported to the release log.
262 * This is to prevent flooding caused by something going horribly wrong.
263 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
264 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
265 uint32_t cErrors;
266 /** Timestamp of last started command. 0 if no command pending. */
267 uint64_t u64CmdTS;
268
269 /** Pointer to the attached driver's base interface. */
270 R3PTRTYPE(PPDMIBASE) pDrvBase;
271 /** Pointer to the attached driver's block interface. */
272 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
273 /** Pointer to the attached driver's block bios interface. */
274 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
275 /** Pointer to the attached driver's mount interface.
276 * This is NULL if the driver isn't a removable unit. */
277 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
278 /** The base interface. */
279 PDMIBASE IBase;
280 /** The block port interface. */
281 PDMIBLOCKPORT IPort;
282 /** The mount notify interface. */
283 PDMIMOUNTNOTIFY IMountNotify;
284 /** The LUN #. */
285 RTUINT iLUN;
286 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
287 /** Pointer to device instance. */
288 PPDMDEVINSR3 pDevInsR3;
289 /** Pointer to controller instance. */
290 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
291 /** Pointer to device instance. */
292 PPDMDEVINSR0 pDevInsR0;
293 /** Pointer to controller instance. */
294 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
295 /** Pointer to device instance. */
296 PPDMDEVINSRC pDevInsRC;
297 /** Pointer to controller instance. */
298 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
299
300 /** The serial number to use for IDENTIFY DEVICE commands. */
301 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
302 /** The firmware revision to use for IDENTIFY DEVICE commands. */
303 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
304 /** The model number to use for IDENTIFY DEVICE commands. */
305 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
306 /** The vendor identification string for SCSI INQUIRY commands. */
307 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
308 /** The product identification string for SCSI INQUIRY commands. */
309 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
310 /** The revision string for SCSI INQUIRY commands. */
311 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
312
313 uint8_t abAlignment3[7];
314} ATADevState;
315AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
316AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
317AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
318AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
319AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
320AssertCompileSizeAlignment(ATADevState, 8);
321
322
323typedef struct ATATransferRequest
324{
325 uint8_t iIf;
326 uint8_t iBeginTransfer;
327 uint8_t iSourceSink;
328 uint32_t cbTotalTransfer;
329 uint8_t uTxDir;
330} ATATransferRequest;
331
332
333typedef struct ATAAbortRequest
334{
335 uint8_t iIf;
336 bool fResetDrive;
337} ATAAbortRequest;
338
339
340typedef enum
341{
342 /** Begin a new transfer. */
343 ATA_AIO_NEW = 0,
344 /** Continue a DMA transfer. */
345 ATA_AIO_DMA,
346 /** Continue a PIO transfer. */
347 ATA_AIO_PIO,
348 /** Reset the drives on current controller, stop all transfer activity. */
349 ATA_AIO_RESET_ASSERTED,
350 /** Reset the drives on current controller, resume operation. */
351 ATA_AIO_RESET_CLEARED,
352 /** Abort the current transfer of a particular drive. */
353 ATA_AIO_ABORT
354} ATAAIO;
355
356
357typedef struct ATARequest
358{
359 ATAAIO ReqType;
360 union
361 {
362 ATATransferRequest t;
363 ATAAbortRequest a;
364 } u;
365} ATARequest;
366
367
368typedef struct ATACONTROLLER
369{
370 /** The base of the first I/O Port range. */
371 RTIOPORT IOPortBase1;
372 /** The base of the second I/O Port range. (0 if none) */
373 RTIOPORT IOPortBase2;
374 /** The assigned IRQ. */
375 RTUINT irq;
376 /** Access critical section */
377 PDMCRITSECT lock;
378
379 /** Selected drive. */
380 uint8_t iSelectedIf;
381 /** The interface on which to handle async I/O. */
382 uint8_t iAIOIf;
383 /** The state of the async I/O thread. */
384 uint8_t uAsyncIOState;
385 /** Flag indicating whether the next transfer is part of the current command. */
386 bool fChainedTransfer;
387 /** Set when the reset processing is currently active on this controller. */
388 bool fReset;
389 /** Flag whether the current transfer needs to be redone. */
390 bool fRedo;
391 /** Flag whether the redo suspend has been finished. */
392 bool fRedoIdle;
393 /** Flag whether the DMA operation to be redone is the final transfer. */
394 bool fRedoDMALastDesc;
395 /** The BusMaster DMA state. */
396 BMDMAState BmDma;
397 /** Pointer to first DMA descriptor. */
398 RTGCPHYS32 pFirstDMADesc;
399 /** Pointer to last DMA descriptor. */
400 RTGCPHYS32 pLastDMADesc;
401 /** Pointer to current DMA buffer (for redo operations). */
402 RTGCPHYS32 pRedoDMABuffer;
403 /** Size of current DMA buffer (for redo operations). */
404 uint32_t cbRedoDMABuffer;
405
406 /** The ATA/ATAPI interfaces of this controller. */
407 ATADevState aIfs[2];
408
409 /** Pointer to device instance. */
410 PPDMDEVINSR3 pDevInsR3;
411 /** Pointer to device instance. */
412 PPDMDEVINSR0 pDevInsR0;
413 /** Pointer to device instance. */
414 PPDMDEVINSRC pDevInsRC;
415
416 /** Set when the destroying the device instance and the thread must exit. */
417 uint32_t volatile fShutdown;
418 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
419 RTTHREAD AsyncIOThread;
420 /** The event semaphore the thread is waiting on for requests. */
421 RTSEMEVENT AsyncIOSem;
422 /** The request queue for the AIO thread. One element is always unused. */
423 ATARequest aAsyncIORequests[4];
424 /** The position at which to insert a new request for the AIO thread. */
425 volatile uint8_t AsyncIOReqHead;
426 /** The position at which to get a new request for the AIO thread. */
427 volatile uint8_t AsyncIOReqTail;
428 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
429 bool volatile fSignalIdle;
430 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
431 /** Magic delay before triggering interrupts in DMA mode. */
432 uint32_t DelayIRQMillies;
433 /** The mutex protecting the request queue. */
434 RTSEMMUTEX AsyncIORequestMutex;
435 /** The event semaphore the thread is waiting on during suspended I/O. */
436 RTSEMEVENT SuspendIOSem;
437#if 0 /*HC_ARCH_BITS == 32*/
438 uint32_t Alignment0;
439#endif
440
441 /** Timestamp we started the reset. */
442 uint64_t u64ResetTime;
443
444 /* Statistics */
445 STAMCOUNTER StatAsyncOps;
446 uint64_t StatAsyncMinWait;
447 uint64_t StatAsyncMaxWait;
448 STAMCOUNTER StatAsyncTimeUS;
449 STAMPROFILEADV StatAsyncTime;
450 STAMPROFILE StatLockWait;
451} ATACONTROLLER, *PATACONTROLLER;
452AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
453AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
456
457typedef enum CHIPSET
458{
459 /** PIIX3 chipset, must be 0 for saved state compatibility */
460 CHIPSET_PIIX3 = 0,
461 /** PIIX4 chipset, must be 1 for saved state compatibility */
462 CHIPSET_PIIX4 = 1,
463 /** ICH6 chipset */
464 CHIPSET_ICH6 = 2
465} CHIPSET;
466
467/**
468 * The state of the ATA PCI device.
469 *
470 * @extends PCIDEVICE
471 * @implements PDMILEDPORTS
472 */
473typedef struct PCIATAState
474{
475 PCIDEVICE dev;
476 /** The controllers. */
477 ATACONTROLLER aCts[2];
478 /** Pointer to device instance. */
479 PPDMDEVINSR3 pDevIns;
480 /** Status LUN: Base interface. */
481 PDMIBASE IBase;
482 /** Status LUN: Leds interface. */
483 PDMILEDPORTS ILeds;
484 /** Status LUN: Partner of ILeds. */
485 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
486 /** Flag whether GC is enabled. */
487 bool fGCEnabled;
488 /** Flag whether R0 is enabled. */
489 bool fR0Enabled;
490 /** Flag indicating chipset being emulated. */
491 uint8_t u8Type;
492 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
493} PCIATAState;
494
495#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
496#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
497#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
498#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
499#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
500#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
501
502#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
503
504#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
505#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
506#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
507#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
508
509#ifndef VBOX_DEVICE_STRUCT_TESTCASE
510/*******************************************************************************
511 * Internal Functions *
512 ******************************************************************************/
513RT_C_DECLS_BEGIN
514PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
515PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
516PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
517PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
518PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
520PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
521PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
522RT_C_DECLS_END
523
524
525
526DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
527{
528 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
529
530 /* Freeze status register contents while processing RESET. */
531 if (!pCtl->fReset)
532 {
533 s->uATARegStatus = stat;
534 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
535 }
536}
537
538
539DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
540{
541 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
542
543 /* Freeze status register contents while processing RESET. */
544 if (!pCtl->fReset)
545 {
546 s->uATARegStatus |= stat;
547 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
548 }
549}
550
551
552DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
553{
554 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
555
556 /* Freeze status register contents while processing RESET. */
557 if (!pCtl->fReset)
558 {
559 s->uATARegStatus &= ~stat;
560 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
561 }
562}
563
564#ifdef IN_RING3
565
566typedef void (*PBeginTransferFunc)(ATADevState *);
567typedef bool (*PSourceSinkFunc)(ATADevState *);
568
569static void ataReadWriteSectorsBT(ATADevState *);
570static void ataPacketBT(ATADevState *);
571static void atapiCmdBT(ATADevState *);
572static void atapiPassthroughCmdBT(ATADevState *);
573
574static bool ataIdentifySS(ATADevState *);
575static bool ataFlushSS(ATADevState *);
576static bool ataReadSectorsSS(ATADevState *);
577static bool ataWriteSectorsSS(ATADevState *);
578static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
579static bool ataPacketSS(ATADevState *);
580static bool atapiGetConfigurationSS(ATADevState *);
581static bool atapiGetEventStatusNotificationSS(ATADevState *);
582static bool atapiIdentifySS(ATADevState *);
583static bool atapiInquirySS(ATADevState *);
584static bool atapiMechanismStatusSS(ATADevState *);
585static bool atapiModeSenseErrorRecoverySS(ATADevState *);
586static bool atapiModeSenseCDStatusSS(ATADevState *);
587static bool atapiReadSS(ATADevState *);
588static bool atapiReadCapacitySS(ATADevState *);
589static bool atapiReadDiscInformationSS(ATADevState *);
590static bool atapiReadTOCNormalSS(ATADevState *);
591static bool atapiReadTOCMultiSS(ATADevState *);
592static bool atapiReadTOCRawSS(ATADevState *);
593static bool atapiReadTrackInformationSS(ATADevState *);
594static bool atapiRequestSenseSS(ATADevState *);
595static bool atapiPassthroughSS(ATADevState *);
596static bool atapiReadDVDStructureSS(ATADevState *);
597
598/**
599 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
600 */
601typedef enum ATAFNBT
602{
603 ATAFN_BT_NULL = 0,
604 ATAFN_BT_READ_WRITE_SECTORS,
605 ATAFN_BT_PACKET,
606 ATAFN_BT_ATAPI_CMD,
607 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
608 ATAFN_BT_MAX
609} ATAFNBT;
610
611/**
612 * Array of end transfer functions, the index is ATAFNET.
613 * Make sure ATAFNET and this array match!
614 */
615static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
616{
617 NULL,
618 ataReadWriteSectorsBT,
619 ataPacketBT,
620 atapiCmdBT,
621 atapiPassthroughCmdBT,
622};
623
624/**
625 * Source/sink function indexes for g_apfnSourceSinkFuncs.
626 */
627typedef enum ATAFNSS
628{
629 ATAFN_SS_NULL = 0,
630 ATAFN_SS_IDENTIFY,
631 ATAFN_SS_FLUSH,
632 ATAFN_SS_READ_SECTORS,
633 ATAFN_SS_WRITE_SECTORS,
634 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
635 ATAFN_SS_PACKET,
636 ATAFN_SS_ATAPI_GET_CONFIGURATION,
637 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
638 ATAFN_SS_ATAPI_IDENTIFY,
639 ATAFN_SS_ATAPI_INQUIRY,
640 ATAFN_SS_ATAPI_MECHANISM_STATUS,
641 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
642 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
643 ATAFN_SS_ATAPI_READ,
644 ATAFN_SS_ATAPI_READ_CAPACITY,
645 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
646 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
647 ATAFN_SS_ATAPI_READ_TOC_MULTI,
648 ATAFN_SS_ATAPI_READ_TOC_RAW,
649 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
650 ATAFN_SS_ATAPI_REQUEST_SENSE,
651 ATAFN_SS_ATAPI_PASSTHROUGH,
652 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
653 ATAFN_SS_MAX
654} ATAFNSS;
655
656/**
657 * Array of source/sink functions, the index is ATAFNSS.
658 * Make sure ATAFNSS and this array match!
659 */
660static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
661{
662 NULL,
663 ataIdentifySS,
664 ataFlushSS,
665 ataReadSectorsSS,
666 ataWriteSectorsSS,
667 ataExecuteDeviceDiagnosticSS,
668 ataPacketSS,
669 atapiGetConfigurationSS,
670 atapiGetEventStatusNotificationSS,
671 atapiIdentifySS,
672 atapiInquirySS,
673 atapiMechanismStatusSS,
674 atapiModeSenseErrorRecoverySS,
675 atapiModeSenseCDStatusSS,
676 atapiReadSS,
677 atapiReadCapacitySS,
678 atapiReadDiscInformationSS,
679 atapiReadTOCNormalSS,
680 atapiReadTOCMultiSS,
681 atapiReadTOCRawSS,
682 atapiReadTrackInformationSS,
683 atapiRequestSenseSS,
684 atapiPassthroughSS,
685 atapiReadDVDStructureSS
686};
687
688
689static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
690static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
691static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
692static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
693
694static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
695{
696 int rc;
697
698 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
699 AssertRC(rc);
700 pCtl->AsyncIOReqHead = 0;
701 pCtl->AsyncIOReqTail = 0;
702 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
703 AssertRC(rc);
704}
705
706
707static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
708{
709 int rc;
710
711 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
712 AssertRC(rc);
713 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
714 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
715 pCtl->AsyncIOReqHead++;
716 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
717 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
718 AssertRC(rc);
719 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
720 if (RT_FAILURE(rc))
721 {
722 rc = RTSemEventSignal(pCtl->AsyncIOSem);
723 AssertRC(rc);
724 }
725}
726
727
728static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
729{
730 int rc;
731 const ATARequest *pReq;
732
733 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
734 AssertRC(rc);
735 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
736 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
737 else
738 pReq = NULL;
739 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
740 AssertRC(rc);
741 return pReq;
742}
743
744
745/**
746 * Remove the request with the given type, as it's finished. The request
747 * is not removed blindly, as this could mean a RESET request that is not
748 * yet processed (but has cleared the request queue) is lost.
749 *
750 * @param pCtl Controller for which to remove the request.
751 * @param ReqType Type of the request to remove.
752 */
753static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
754{
755 int rc;
756
757 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
758 AssertRC(rc);
759 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
760 {
761 pCtl->AsyncIOReqTail++;
762 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
763 }
764 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
765 AssertRC(rc);
766}
767
768
769/**
770 * Dump the request queue for a particular controller. First dump the queue
771 * contents, then the already processed entries, as long as they haven't been
772 * overwritten.
773 *
774 * @param pCtl Controller for which to dump the queue.
775 */
776static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
777{
778 int rc;
779 uint8_t curr;
780
781 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
782 AssertRC(rc);
783 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
784 curr = pCtl->AsyncIOReqTail;
785 do
786 {
787 if (curr == pCtl->AsyncIOReqHead)
788 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
789 switch (pCtl->aAsyncIORequests[curr].ReqType)
790 {
791 case ATA_AIO_NEW:
792 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
793 break;
794 case ATA_AIO_DMA:
795 LogRel(("dma transfer continuation\n"));
796 break;
797 case ATA_AIO_PIO:
798 LogRel(("pio transfer continuation\n"));
799 break;
800 case ATA_AIO_RESET_ASSERTED:
801 LogRel(("reset asserted request\n"));
802 break;
803 case ATA_AIO_RESET_CLEARED:
804 LogRel(("reset cleared request\n"));
805 break;
806 case ATA_AIO_ABORT:
807 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
808 break;
809 default:
810 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
811 }
812 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
813 } while (curr != pCtl->AsyncIOReqTail);
814 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
815 AssertRC(rc);
816}
817
818
819/**
820 * Checks whether the request queue for a particular controller is empty
821 * or whether a particular controller is idle.
822 *
823 * @param pCtl Controller for which to check the queue.
824 * @param fStrict If set then the controller is checked to be idle.
825 */
826static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
827{
828 int rc;
829 bool fIdle;
830
831 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
832 AssertRC(rc);
833 fIdle = pCtl->fRedoIdle;
834 if (!fIdle)
835 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
836 if (fStrict)
837 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
838 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
839 AssertRC(rc);
840 return fIdle;
841}
842
843
844/**
845 * Send a transfer request to the async I/O thread.
846 *
847 * @param s Pointer to the ATA device state data.
848 * @param cbTotalTransfer Data transfer size.
849 * @param uTxDir Data transfer direction.
850 * @param iBeginTransfer Index of BeginTransfer callback.
851 * @param iSourceSink Index of SourceSink callback.
852 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
853 */
854static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
855{
856 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
857 ATARequest Req;
858
859 Assert(PDMCritSectIsOwner(&pCtl->lock));
860
861 /* Do not issue new requests while the RESET line is asserted. */
862 if (pCtl->fReset)
863 {
864 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
865 return;
866 }
867
868 /* If the controller is already doing something else right now, ignore
869 * the command that is being submitted. Some broken guests issue commands
870 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
871 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
872 {
873 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
874 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
875 return;
876 }
877
878 Req.ReqType = ATA_AIO_NEW;
879 if (fChainedTransfer)
880 Req.u.t.iIf = pCtl->iAIOIf;
881 else
882 Req.u.t.iIf = pCtl->iSelectedIf;
883 Req.u.t.cbTotalTransfer = cbTotalTransfer;
884 Req.u.t.uTxDir = uTxDir;
885 Req.u.t.iBeginTransfer = iBeginTransfer;
886 Req.u.t.iSourceSink = iSourceSink;
887 ataSetStatusValue(s, ATA_STAT_BUSY);
888 pCtl->fChainedTransfer = fChainedTransfer;
889
890 /*
891 * Kick the worker thread into action.
892 */
893 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
894 ataAsyncIOPutRequest(pCtl, &Req);
895}
896
897
898/**
899 * Send an abort command request to the async I/O thread.
900 *
901 * @param s Pointer to the ATA device state data.
902 * @param fResetDrive Whether to reset the drive or just abort a command.
903 */
904static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
905{
906 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
907 ATARequest Req;
908
909 Assert(PDMCritSectIsOwner(&pCtl->lock));
910
911 /* Do not issue new requests while the RESET line is asserted. */
912 if (pCtl->fReset)
913 {
914 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
915 return;
916 }
917
918 Req.ReqType = ATA_AIO_ABORT;
919 Req.u.a.iIf = pCtl->iSelectedIf;
920 Req.u.a.fResetDrive = fResetDrive;
921 ataSetStatus(s, ATA_STAT_BUSY);
922 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
923 ataAsyncIOPutRequest(pCtl, &Req);
924}
925
926
927static void ataSetIRQ(ATADevState *s)
928{
929 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
930 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
931
932 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
933 {
934 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
935 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
936 * line is asserted. It monitors the line for a rising edge. */
937 if (!s->fIrqPending)
938 pCtl->BmDma.u8Status |= BM_STATUS_INT;
939 /* Only actually set the IRQ line if updating the currently selected drive. */
940 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
941 {
942 /** @todo experiment with adaptive IRQ delivery: for reads it is
943 * better to wait for IRQ delivery, as it reduces latency. */
944 if (pCtl->irq == 16)
945 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
946 else
947 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
948 }
949 }
950 s->fIrqPending = true;
951}
952
953#endif /* IN_RING3 */
954
955static void ataUnsetIRQ(ATADevState *s)
956{
957 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
958 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
959
960 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
961 {
962 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
963 /* Only actually unset the IRQ line if updating the currently selected drive. */
964 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
965 {
966 if (pCtl->irq == 16)
967 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
968 else
969 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
970 }
971 }
972 s->fIrqPending = false;
973}
974
975#ifdef IN_RING3
976
977static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
978{
979 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
980 s->iIOBufferPIODataStart = start;
981 s->iIOBufferPIODataEnd = start + size;
982 ataSetStatus(s, ATA_STAT_DRQ);
983}
984
985
986static void ataPIOTransferStop(ATADevState *s)
987{
988 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
989 if (s->fATAPITransfer)
990 {
991 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
992 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
993 ataSetIRQ(s);
994 s->fATAPITransfer = false;
995 }
996 s->cbTotalTransfer = 0;
997 s->cbElementaryTransfer = 0;
998 s->iIOBufferPIODataStart = 0;
999 s->iIOBufferPIODataEnd = 0;
1000 s->iBeginTransfer = ATAFN_BT_NULL;
1001 s->iSourceSink = ATAFN_SS_NULL;
1002}
1003
1004
1005static void ataPIOTransferLimitATAPI(ATADevState *s)
1006{
1007 uint32_t cbLimit, cbTransfer;
1008
1009 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1010 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1011 if (cbLimit == 0)
1012 cbLimit = 0xfffe;
1013 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1014 if (cbLimit == 0xffff)
1015 cbLimit--;
1016 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1017 if (cbTransfer > cbLimit)
1018 {
1019 /* Byte count limit for clipping must be even in this case */
1020 if (cbLimit & 1)
1021 cbLimit--;
1022 cbTransfer = cbLimit;
1023 }
1024 s->uATARegLCyl = cbTransfer;
1025 s->uATARegHCyl = cbTransfer >> 8;
1026 s->cbElementaryTransfer = cbTransfer;
1027}
1028
1029
1030static uint32_t ataGetNSectors(ATADevState *s)
1031{
1032 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1033 if (s->fLBA48)
1034 {
1035 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1036 return 65536;
1037 else
1038 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1039 }
1040 else
1041 {
1042 if (!s->uATARegNSector)
1043 return 256;
1044 else
1045 return s->uATARegNSector;
1046 }
1047}
1048
1049
1050static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1051{
1052 for (uint32_t i = 0; i < cbSize; i++)
1053 {
1054 if (*pbSrc)
1055 pbDst[i ^ 1] = *pbSrc++;
1056 else
1057 pbDst[i ^ 1] = ' ';
1058 }
1059}
1060
1061
1062static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1063{
1064 for (uint32_t i = 0; i < cbSize; i++)
1065 {
1066 if (*pbSrc)
1067 pbDst[i] = *pbSrc++;
1068 else
1069 pbDst[i] = ' ';
1070 }
1071}
1072
1073
1074DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1075{
1076 pbBuf[0] = val >> 8;
1077 pbBuf[1] = val;
1078}
1079
1080
1081DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1082{
1083 pbBuf[0] = val >> 16;
1084 pbBuf[1] = val >> 8;
1085 pbBuf[2] = val;
1086}
1087
1088
1089DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1090{
1091 pbBuf[0] = val >> 24;
1092 pbBuf[1] = val >> 16;
1093 pbBuf[2] = val >> 8;
1094 pbBuf[3] = val;
1095}
1096
1097
1098DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1099{
1100 return (pbBuf[0] << 8) | pbBuf[1];
1101}
1102
1103
1104DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1105{
1106 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1107}
1108
1109
1110DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1111{
1112 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1113}
1114
1115
1116DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1117{
1118 iATAPILBA += 150;
1119 pbBuf[0] = (iATAPILBA / 75) / 60;
1120 pbBuf[1] = (iATAPILBA / 75) % 60;
1121 pbBuf[2] = iATAPILBA % 75;
1122}
1123
1124
1125DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1126{
1127 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1128}
1129
1130
1131static void ataCmdOK(ATADevState *s, uint8_t status)
1132{
1133 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1134 ataSetStatusValue(s, ATA_STAT_READY | status);
1135}
1136
1137
1138static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1139{
1140 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1141 Assert(uErrorCode);
1142 s->uATARegError = uErrorCode;
1143 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1144 s->cbTotalTransfer = 0;
1145 s->cbElementaryTransfer = 0;
1146 s->iIOBufferCur = 0;
1147 s->iIOBufferEnd = 0;
1148 s->uTxDir = PDMBLOCKTXDIR_NONE;
1149 s->iBeginTransfer = ATAFN_BT_NULL;
1150 s->iSourceSink = ATAFN_SS_NULL;
1151}
1152
1153static uint32_t ataChecksum(void* ptr, size_t count)
1154{
1155 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1156 size_t i;
1157
1158 for (i = 0; i < count; i++)
1159 {
1160 u8Sum += *p++;
1161 }
1162
1163 return (uint8_t)-(int32_t)u8Sum;
1164}
1165
1166static bool ataIdentifySS(ATADevState *s)
1167{
1168 uint16_t *p;
1169
1170 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1171 Assert(s->cbElementaryTransfer == 512);
1172
1173 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1174 memset(p, 0, 512);
1175 p[0] = RT_H2LE_U16(0x0040);
1176 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1177 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1178 /* Block size; obsolete, but required for the BIOS. */
1179 p[5] = RT_H2LE_U16(512);
1180 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1181 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1182 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1183 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1184 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1185 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1186 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1187#if ATA_MAX_MULT_SECTORS > 1
1188 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1189#endif
1190 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1191 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1192 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1193 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1194 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1195 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1196 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1197 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1198 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1199 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1200 * s->PCHSGeometry.cHeads
1201 * s->PCHSGeometry.cSectors);
1202 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1203 * s->PCHSGeometry.cHeads
1204 * s->PCHSGeometry.cSectors >> 16);
1205 if (s->cMultSectors)
1206 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1207 if (s->cTotalSectors <= (1 << 28) - 1)
1208 {
1209 p[60] = RT_H2LE_U16(s->cTotalSectors);
1210 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1211 }
1212 else
1213 {
1214 /* Report maximum number of sectors possible with LBA28 */
1215 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1216 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1217 }
1218 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1219 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1220 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1221 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1222 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1223 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1224 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1225 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1226 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1227 if (s->cTotalSectors <= (1 << 28) - 1)
1228 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1229 else
1230 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1231 p[84] = RT_H2LE_U16(1 << 14);
1232 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1233 if (s->cTotalSectors <= (1 << 28) - 1)
1234 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1235 else
1236 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1237 p[87] = RT_H2LE_U16(1 << 14);
1238 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1239 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1240 if (s->cTotalSectors > (1 << 28) - 1)
1241 {
1242 p[100] = RT_H2LE_U16(s->cTotalSectors);
1243 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1244 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1245 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1246 }
1247 uint32_t uCsum = ataChecksum(p, 510);
1248 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1249 s->iSourceSink = ATAFN_SS_NULL;
1250 ataCmdOK(s, ATA_STAT_SEEK);
1251 return false;
1252}
1253
1254
1255static bool ataFlushSS(ATADevState *s)
1256{
1257 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1258 int rc;
1259
1260 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1261 Assert(!s->cbElementaryTransfer);
1262
1263 PDMCritSectLeave(&pCtl->lock);
1264
1265 STAM_PROFILE_START(&s->StatFlushes, f);
1266 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1267 AssertRC(rc);
1268 STAM_PROFILE_STOP(&s->StatFlushes, f);
1269
1270 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1271 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1272 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1273 ataCmdOK(s, 0);
1274 return false;
1275}
1276
1277static bool atapiIdentifySS(ATADevState *s)
1278{
1279 uint16_t *p;
1280
1281 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1282 Assert(s->cbElementaryTransfer == 512);
1283
1284 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1285 memset(p, 0, 512);
1286 /* Removable CDROM, 50us response, 12 byte packets */
1287 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1288 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1289 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1290 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1291 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1292 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1293 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1294 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1295 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1296 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1297 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1298 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1299 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1300 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1301 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1302 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1303 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1304 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1305 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1306 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1307 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1308 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1309 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1310 p[83] = RT_H2LE_U16(1 << 14);
1311 p[84] = RT_H2LE_U16(1 << 14);
1312 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1313 p[86] = RT_H2LE_U16(0);
1314 p[87] = RT_H2LE_U16(1 << 14);
1315 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1316 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1317 /* According to ATAPI-5 spec:
1318 *
1319 * The use of this word is optional.
1320 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1321 * contain the data
1322 * structure checksum.
1323 * The data structure checksum is the twos complement of the sum of
1324 * all bytes in words 0 through 254 and the byte consisting of
1325 * bits 7:0 in word 255.
1326 * Each byte shall be added with unsigned arithmetic,
1327 * and overflow shall be ignored.
1328 * The sum of all 512 bytes is zero when the checksum is correct.
1329 */
1330 uint32_t uCsum = ataChecksum(p, 510);
1331 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1332
1333 s->iSourceSink = ATAFN_SS_NULL;
1334 ataCmdOK(s, ATA_STAT_SEEK);
1335 return false;
1336}
1337
1338
1339static void ataSetSignature(ATADevState *s)
1340{
1341 s->uATARegSelect &= 0xf0; /* clear head */
1342 /* put signature */
1343 s->uATARegNSector = 1;
1344 s->uATARegSector = 1;
1345 if (s->fATAPI)
1346 {
1347 s->uATARegLCyl = 0x14;
1348 s->uATARegHCyl = 0xeb;
1349 }
1350 else if (s->pDrvBlock)
1351 {
1352 s->uATARegLCyl = 0;
1353 s->uATARegHCyl = 0;
1354 }
1355 else
1356 {
1357 s->uATARegLCyl = 0xff;
1358 s->uATARegHCyl = 0xff;
1359 }
1360}
1361
1362
1363static uint64_t ataGetSector(ATADevState *s)
1364{
1365 uint64_t iLBA;
1366 if (s->uATARegSelect & 0x40)
1367 {
1368 /* any LBA variant */
1369 if (s->fLBA48)
1370 {
1371 /* LBA48 */
1372 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1373 ((uint64_t)s->uATARegLCylHOB << 32) |
1374 ((uint64_t)s->uATARegSectorHOB << 24) |
1375 ((uint64_t)s->uATARegHCyl << 16) |
1376 ((uint64_t)s->uATARegLCyl << 8) |
1377 s->uATARegSector;
1378 }
1379 else
1380 {
1381 /* LBA */
1382 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1383 (s->uATARegLCyl << 8) | s->uATARegSector;
1384 }
1385 }
1386 else
1387 {
1388 /* CHS */
1389 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1390 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1391 (s->uATARegSector - 1);
1392 }
1393 return iLBA;
1394}
1395
1396static void ataSetSector(ATADevState *s, uint64_t iLBA)
1397{
1398 uint32_t cyl, r;
1399 if (s->uATARegSelect & 0x40)
1400 {
1401 /* any LBA variant */
1402 if (s->fLBA48)
1403 {
1404 /* LBA48 */
1405 s->uATARegHCylHOB = iLBA >> 40;
1406 s->uATARegLCylHOB = iLBA >> 32;
1407 s->uATARegSectorHOB = iLBA >> 24;
1408 s->uATARegHCyl = iLBA >> 16;
1409 s->uATARegLCyl = iLBA >> 8;
1410 s->uATARegSector = iLBA;
1411 }
1412 else
1413 {
1414 /* LBA */
1415 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1416 s->uATARegHCyl = (iLBA >> 16);
1417 s->uATARegLCyl = (iLBA >> 8);
1418 s->uATARegSector = (iLBA);
1419 }
1420 }
1421 else
1422 {
1423 /* CHS */
1424 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1425 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1426 s->uATARegHCyl = cyl >> 8;
1427 s->uATARegLCyl = cyl;
1428 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1429 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1430 }
1431}
1432
1433
1434static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1435{
1436 int rc;
1437 LogRel(("PIIX3 ATA: Host disk full\n"));
1438 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_DISKFULL",
1439 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1440 AssertRC(rc);
1441}
1442
1443static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1444{
1445 int rc;
1446 LogRel(("PIIX3 ATA: File too big\n"));
1447 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_FILETOOBIG",
1448 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1449 AssertRC(rc);
1450}
1451
1452static void ataWarningISCSI(PPDMDEVINS pDevIns)
1453{
1454 int rc;
1455 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1456 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_ISCSIDOWN",
1457 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1458 AssertRC(rc);
1459}
1460
1461/**
1462 * Suspend I/O operations on a controller. Also suspends EMT, because it's
1463 * waiting for I/O to make progress. The next attempt to perform an I/O
1464 * operation will be made when EMT is resumed up again (as the resume
1465 * callback below restarts I/O).
1466 *
1467 * @param pCtl Controller for which to suspend I/O.
1468 */
1469static void ataSuspendRedo(PATACONTROLLER pCtl)
1470{
1471 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
1472 int rc;
1473
1474 pCtl->fRedoIdle = true;
1475 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
1476 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
1477 AssertReleaseRC(rc);
1478}
1479
1480bool ataIsRedoSetWarning(ATADevState *s, int rc)
1481{
1482 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1483 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1484 if (rc == VERR_DISK_FULL)
1485 {
1486 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1487 ataSuspendRedo(pCtl);
1488 return true;
1489 }
1490 if (rc == VERR_FILE_TOO_BIG)
1491 {
1492 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1493 ataSuspendRedo(pCtl);
1494 return true;
1495 }
1496 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1497 {
1498 /* iSCSI connection abort (first error) or failure to reestablish
1499 * connection (second error). Pause VM. On resume we'll retry. */
1500 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1501 ataSuspendRedo(pCtl);
1502 return true;
1503 }
1504 return false;
1505}
1506
1507
1508static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors, bool *fRedo)
1509{
1510 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1511 int rc;
1512
1513 PDMCritSectLeave(&pCtl->lock);
1514
1515 STAM_PROFILE_ADV_START(&s->StatReads, r);
1516 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1517 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1518 s->Led.Actual.s.fReading = 0;
1519 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1520
1521 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1522
1523 if (RT_SUCCESS(rc))
1524 *fRedo = false;
1525 else
1526 *fRedo = ataIsRedoSetWarning(s, rc);
1527
1528 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1529 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1530 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1531 return rc;
1532}
1533
1534
1535static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors, bool *fRedo)
1536{
1537 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1538 int rc;
1539
1540 PDMCritSectLeave(&pCtl->lock);
1541
1542 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1543 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1544#ifdef VBOX_INSTRUMENT_DMA_WRITES
1545 if (s->fDMA)
1546 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1547#endif
1548 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1549#ifdef VBOX_INSTRUMENT_DMA_WRITES
1550 if (s->fDMA)
1551 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1552#endif
1553 s->Led.Actual.s.fWriting = 0;
1554 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1555
1556 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1557
1558 if (RT_SUCCESS(rc))
1559 *fRedo = false;
1560 else
1561 *fRedo = ataIsRedoSetWarning(s, rc);
1562
1563 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1564 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1565 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1566 return rc;
1567}
1568
1569
1570static void ataReadWriteSectorsBT(ATADevState *s)
1571{
1572 uint32_t cSectors;
1573
1574 cSectors = s->cbTotalTransfer / 512;
1575 if (cSectors > s->cSectorsPerIRQ)
1576 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1577 else
1578 s->cbElementaryTransfer = cSectors * 512;
1579 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1580 ataCmdOK(s, 0);
1581}
1582
1583
1584static bool ataReadSectorsSS(ATADevState *s)
1585{
1586 int rc;
1587 uint32_t cSectors;
1588 uint64_t iLBA;
1589 bool fRedo;
1590
1591 cSectors = s->cbElementaryTransfer / 512;
1592 Assert(cSectors);
1593 iLBA = ataGetSector(s);
1594 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1595 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1596 if (RT_SUCCESS(rc))
1597 {
1598 ataSetSector(s, iLBA + cSectors);
1599 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1600 s->iSourceSink = ATAFN_SS_NULL;
1601 ataCmdOK(s, ATA_STAT_SEEK);
1602 }
1603 else
1604 {
1605 if (fRedo)
1606 return fRedo;
1607 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1608 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1609 s->iLUN, rc, iLBA, cSectors));
1610
1611 /*
1612 * Check if we got interrupted. We don't need to set status variables
1613 * because the request was aborted.
1614 */
1615 if (rc != VERR_INTERRUPTED)
1616 ataCmdError(s, ID_ERR);
1617 }
1618 return false;
1619}
1620
1621
1622static bool ataWriteSectorsSS(ATADevState *s)
1623{
1624 int rc;
1625 uint32_t cSectors;
1626 uint64_t iLBA;
1627 bool fRedo;
1628
1629 cSectors = s->cbElementaryTransfer / 512;
1630 Assert(cSectors);
1631 iLBA = ataGetSector(s);
1632 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1633 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1634 if (RT_SUCCESS(rc))
1635 {
1636 ataSetSector(s, iLBA + cSectors);
1637 if (!s->cbTotalTransfer)
1638 s->iSourceSink = ATAFN_SS_NULL;
1639 ataCmdOK(s, ATA_STAT_SEEK);
1640 }
1641 else
1642 {
1643 if (fRedo)
1644 return fRedo;
1645 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1646 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1647 s->iLUN, rc, iLBA, cSectors));
1648
1649 /*
1650 * Check if we got interrupted. We don't need to set status variables
1651 * because the request was aborted.
1652 */
1653 if (rc != VERR_INTERRUPTED)
1654 ataCmdError(s, ID_ERR);
1655 }
1656 return false;
1657}
1658
1659
1660static void atapiCmdOK(ATADevState *s)
1661{
1662 s->uATARegError = 0;
1663 ataSetStatusValue(s, ATA_STAT_READY);
1664 s->uATARegNSector = (s->uATARegNSector & ~7)
1665 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1666 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1667 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1668
1669 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1670 s->abATAPISense[0] = 0x70 | (1 << 7);
1671 s->abATAPISense[7] = 10;
1672}
1673
1674
1675static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1676{
1677 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1678 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1679 s->uATARegError = pabATAPISense[2] << 4;
1680 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1681 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1682 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1683 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1684 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1685 s->cbTotalTransfer = 0;
1686 s->cbElementaryTransfer = 0;
1687 s->iIOBufferCur = 0;
1688 s->iIOBufferEnd = 0;
1689 s->uTxDir = PDMBLOCKTXDIR_NONE;
1690 s->iBeginTransfer = ATAFN_BT_NULL;
1691 s->iSourceSink = ATAFN_SS_NULL;
1692}
1693
1694
1695/** @todo deprecated function - doesn't provide enough info. Replace by direct
1696 * calls to atapiCmdError() with full data. */
1697static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1698{
1699 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1700 memset(abATAPISense, '\0', sizeof(abATAPISense));
1701 abATAPISense[0] = 0x70 | (1 << 7);
1702 abATAPISense[2] = uATAPISenseKey & 0x0f;
1703 abATAPISense[7] = 10;
1704 abATAPISense[12] = uATAPIASC;
1705 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1706}
1707
1708
1709static void atapiCmdBT(ATADevState *s)
1710{
1711 s->fATAPITransfer = true;
1712 s->cbElementaryTransfer = s->cbTotalTransfer;
1713 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1714 atapiCmdOK(s);
1715}
1716
1717
1718static void atapiPassthroughCmdBT(ATADevState *s)
1719{
1720 /* @todo implement an algorithm for correctly determining the read and
1721 * write sector size without sending additional commands to the drive.
1722 * This should be doable by saving processing the configuration requests
1723 * and replies. */
1724#if 0
1725 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1726 {
1727 uint8_t cmd = s->aATAPICmd[0];
1728 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1729 {
1730 uint8_t aModeSenseCmd[10];
1731 uint8_t aModeSenseResult[16];
1732 uint8_t uDummySense;
1733 uint32_t cbTransfer;
1734 int rc;
1735
1736 cbTransfer = sizeof(aModeSenseResult);
1737 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1738 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1739 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1740 aModeSenseCmd[3] = 0; /* subpage code */
1741 aModeSenseCmd[4] = 0; /* reserved */
1742 aModeSenseCmd[5] = 0; /* reserved */
1743 aModeSenseCmd[6] = 0; /* reserved */
1744 aModeSenseCmd[7] = cbTransfer >> 8;
1745 aModeSenseCmd[8] = cbTransfer & 0xff;
1746 aModeSenseCmd[9] = 0; /* control */
1747 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1748 if (RT_FAILURE(rc))
1749 {
1750 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1751 return;
1752 }
1753 /* Select sector size based on the current data block type. */
1754 switch (aModeSenseResult[12] & 0x0f)
1755 {
1756 case 0:
1757 s->cbATAPISector = 2352;
1758 break;
1759 case 1:
1760 s->cbATAPISector = 2368;
1761 break;
1762 case 2:
1763 case 3:
1764 s->cbATAPISector = 2448;
1765 break;
1766 case 8:
1767 case 10:
1768 s->cbATAPISector = 2048;
1769 break;
1770 case 9:
1771 s->cbATAPISector = 2336;
1772 break;
1773 case 11:
1774 s->cbATAPISector = 2056;
1775 break;
1776 case 12:
1777 s->cbATAPISector = 2324;
1778 break;
1779 case 13:
1780 s->cbATAPISector = 2332;
1781 break;
1782 default:
1783 s->cbATAPISector = 0;
1784 }
1785 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1786 s->cbTotalTransfer *= s->cbATAPISector;
1787 if (s->cbTotalTransfer == 0)
1788 s->uTxDir = PDMBLOCKTXDIR_NONE;
1789 }
1790 }
1791#endif
1792 atapiCmdBT(s);
1793}
1794
1795
1796static bool atapiReadSS(ATADevState *s)
1797{
1798 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1799 int rc = VINF_SUCCESS;
1800 uint32_t cbTransfer, cSectors;
1801
1802 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1803 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1804 cSectors = cbTransfer / s->cbATAPISector;
1805 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1806 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1807
1808 PDMCritSectLeave(&pCtl->lock);
1809
1810 STAM_PROFILE_ADV_START(&s->StatReads, r);
1811 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1812 switch (s->cbATAPISector)
1813 {
1814 case 2048:
1815 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1816 break;
1817 case 2352:
1818 {
1819 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1820
1821 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1822 {
1823 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1824 *pbBuf++ = 0x00;
1825 memset(pbBuf, 0xff, 10);
1826 pbBuf += 10;
1827 *pbBuf++ = 0x00;
1828 /* MSF */
1829 ataLBA2MSF(pbBuf, i);
1830 pbBuf += 3;
1831 *pbBuf++ = 0x01; /* mode 1 data */
1832 /* data */
1833 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1834 if (RT_FAILURE(rc))
1835 break;
1836 pbBuf += 2048;
1837 /**
1838 * @todo: maybe compute ECC and parity, layout is:
1839 * 2072 4 EDC
1840 * 2076 172 P parity symbols
1841 * 2248 104 Q parity symbols
1842 */
1843 memset(pbBuf, 0, 280);
1844 pbBuf += 280;
1845 }
1846 }
1847 break;
1848 default:
1849 break;
1850 }
1851 s->Led.Actual.s.fReading = 0;
1852 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1853
1854 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1855 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1856 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1857
1858 if (RT_SUCCESS(rc))
1859 {
1860 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1861
1862 /* The initial buffer end value has been set up based on the total
1863 * transfer size. But the I/O buffer size limits what can actually be
1864 * done in one transfer, so set the actual value of the buffer end. */
1865 s->cbElementaryTransfer = cbTransfer;
1866 if (cbTransfer >= s->cbTotalTransfer)
1867 s->iSourceSink = ATAFN_SS_NULL;
1868 atapiCmdOK(s);
1869 s->iATAPILBA += cSectors;
1870 }
1871 else
1872 {
1873 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1874 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1875
1876 /*
1877 * Check if we got interrupted. We don't need to set status variables
1878 * because the request was aborted.
1879 */
1880 if (rc != VERR_INTERRUPTED)
1881 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1882 }
1883 return false;
1884}
1885
1886/**
1887 * Sets the given media track type.
1888 */
1889static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1890{
1891 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1892}
1893
1894static bool atapiPassthroughSS(ATADevState *s)
1895{
1896 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1897 int rc = VINF_SUCCESS;
1898 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1899 uint32_t cbTransfer;
1900 PSTAMPROFILEADV pProf = NULL;
1901
1902 cbTransfer = s->cbElementaryTransfer;
1903
1904 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1905 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1906
1907 /* Simple heuristics: if there is at least one sector of data
1908 * to transfer, it's worth updating the LEDs. */
1909 if (cbTransfer >= 2048)
1910 {
1911 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1912 {
1913 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1914 pProf = &s->StatReads;
1915 }
1916 else
1917 {
1918 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1919 pProf = &s->StatWrites;
1920 }
1921 }
1922
1923 PDMCritSectLeave(&pCtl->lock);
1924
1925 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1926 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1927 {
1928 /* Linux accepts commands with up to 100KB of data, but expects
1929 * us to handle commands with up to 128KB of data. The usual
1930 * imbalance of powers. */
1931 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1932 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1933 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1934
1935 switch (s->aATAPICmd[0])
1936 {
1937 case SCSI_READ_10:
1938 case SCSI_WRITE_10:
1939 case SCSI_WRITE_AND_VERIFY_10:
1940 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1941 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1942 break;
1943 case SCSI_READ_12:
1944 case SCSI_WRITE_12:
1945 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1946 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1947 break;
1948 case SCSI_READ_CD:
1949 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1950 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
1951 break;
1952 case SCSI_READ_CD_MSF:
1953 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1954 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1955 break;
1956 default:
1957 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1958 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1959 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1960 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1961 {
1962 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1963 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1964 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1965 }
1966 return false;
1967 }
1968 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1969 cReqSectors = 0;
1970 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1971 {
1972 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1973 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1974 else
1975 cReqSectors = i;
1976 cbCurrTX = s->cbATAPISector * cReqSectors;
1977 switch (s->aATAPICmd[0])
1978 {
1979 case SCSI_READ_10:
1980 case SCSI_WRITE_10:
1981 case SCSI_WRITE_AND_VERIFY_10:
1982 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1983 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1984 break;
1985 case SCSI_READ_12:
1986 case SCSI_WRITE_12:
1987 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1988 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1989 break;
1990 case SCSI_READ_CD:
1991 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1992 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
1993 break;
1994 case SCSI_READ_CD_MSF:
1995 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1996 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1997 break;
1998 }
1999 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2000 if (rc != VINF_SUCCESS)
2001 break;
2002 iATAPILBA += cReqSectors;
2003 pbBuf += s->cbATAPISector * cReqSectors;
2004 }
2005 }
2006 else
2007 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2008 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2009
2010 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2011 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2012 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2013
2014 /* Update the LEDs and the read/write statistics. */
2015 if (cbTransfer >= 2048)
2016 {
2017 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2018 {
2019 s->Led.Actual.s.fReading = 0;
2020 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2021 }
2022 else
2023 {
2024 s->Led.Actual.s.fWriting = 0;
2025 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2026 }
2027 }
2028
2029 if (RT_SUCCESS(rc))
2030 {
2031 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2032 {
2033 Assert(cbTransfer <= s->cbTotalTransfer);
2034 /* Reply with the same amount of data as the real drive. */
2035 s->cbTotalTransfer = cbTransfer;
2036 /* The initial buffer end value has been set up based on the total
2037 * transfer size. But the I/O buffer size limits what can actually be
2038 * done in one transfer, so set the actual value of the buffer end. */
2039 s->cbElementaryTransfer = cbTransfer;
2040 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2041 {
2042 /* Make sure that the real drive cannot be identified.
2043 * Motivation: changing the VM configuration should be as
2044 * invisible as possible to the guest. */
2045 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2046 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2047 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2048 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2049 }
2050 else if (s->aATAPICmd[0] == SCSI_READ_TOC_PMA_ATIP)
2051 {
2052 /* Set the media type if we can detect it. */
2053 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2054
2055 /** @todo: Implemented only for formatted TOC now. */
2056 if ( (s->aATAPICmd[1] & 0xf) == 0
2057 && cbTransfer >= 6)
2058 {
2059 uint32_t NewMediaType;
2060 uint32_t OldMediaType;
2061
2062 if (pbBuf[5] & 0x4)
2063 NewMediaType = ATA_MEDIA_TYPE_DATA;
2064 else
2065 NewMediaType = ATA_MEDIA_TYPE_CDDA;
2066
2067 OldMediaType = ataMediumTypeSet(s, NewMediaType);
2068
2069 if (OldMediaType != NewMediaType)
2070 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough, detected %s CD\n",
2071 s->iLUN,
2072 NewMediaType == ATA_MEDIA_TYPE_DATA
2073 ? "data"
2074 : "audio"));
2075 }
2076 else /* Play safe and set to unknown. */
2077 ataMediumTypeSet(s, ATA_MEDIA_TYPE_UNKNOWN);
2078 }
2079 if (cbTransfer)
2080 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2081 }
2082 s->iSourceSink = ATAFN_SS_NULL;
2083 atapiCmdOK(s);
2084 }
2085 else
2086 {
2087 if (s->cErrors < MAX_LOG_REL_ERRORS)
2088 {
2089 uint8_t u8Cmd = s->aATAPICmd[0];
2090 do
2091 {
2092 /* don't log superflous errors */
2093 if ( rc == VERR_DEV_IO_ERROR
2094 && ( u8Cmd == SCSI_TEST_UNIT_READY
2095 || u8Cmd == SCSI_READ_CAPACITY
2096 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2097 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2098 break;
2099 s->cErrors++;
2100 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2101 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2102 } while (0);
2103 }
2104 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2105 }
2106 return false;
2107}
2108
2109/** @todo: Revise ASAP. */
2110static bool atapiReadDVDStructureSS(ATADevState *s)
2111{
2112 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2113 int media = s->aATAPICmd[1];
2114 int format = s->aATAPICmd[7];
2115
2116 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2117
2118 memset(buf, 0, max_len);
2119
2120 switch (format) {
2121 case 0x00:
2122 case 0x01:
2123 case 0x02:
2124 case 0x03:
2125 case 0x04:
2126 case 0x05:
2127 case 0x06:
2128 case 0x07:
2129 case 0x08:
2130 case 0x09:
2131 case 0x0a:
2132 case 0x0b:
2133 case 0x0c:
2134 case 0x0d:
2135 case 0x0e:
2136 case 0x0f:
2137 case 0x10:
2138 case 0x11:
2139 case 0x30:
2140 case 0x31:
2141 case 0xff:
2142 if (media == 0)
2143 {
2144 int uASC = SCSI_ASC_NONE;
2145
2146 switch (format)
2147 {
2148 case 0x0: /* Physical format information */
2149 {
2150 int layer = s->aATAPICmd[6];
2151 uint64_t total_sectors;
2152
2153 if (layer != 0)
2154 {
2155 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2156 break;
2157 }
2158
2159 total_sectors = s->cTotalSectors;
2160 total_sectors >>= 2;
2161 if (total_sectors == 0)
2162 {
2163 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2164 break;
2165 }
2166
2167 buf[4] = 1; /* DVD-ROM, part version 1 */
2168 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2169 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2170 buf[7] = 0; /* default densities */
2171
2172 /* FIXME: 0x30000 per spec? */
2173 ataH2BE_U32(buf + 8, 0); /* start sector */
2174 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2175 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2176
2177 /* Size of buffer, not including 2 byte size field */
2178 ataH2BE_U32(&buf[0], 2048 + 2);
2179
2180 /* 2k data + 4 byte header */
2181 uASC = (2048 + 4);
2182 }
2183 break;
2184 case 0x01: /* DVD copyright information */
2185 buf[4] = 0; /* no copyright data */
2186 buf[5] = 0; /* no region restrictions */
2187
2188 /* Size of buffer, not including 2 byte size field */
2189 ataH2BE_U16(buf, 4 + 2);
2190
2191 /* 4 byte header + 4 byte data */
2192 uASC = (4 + 4);
2193
2194 case 0x03: /* BCA information - invalid field for no BCA info */
2195 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2196 break;
2197
2198 case 0x04: /* DVD disc manufacturing information */
2199 /* Size of buffer, not including 2 byte size field */
2200 ataH2BE_U16(buf, 2048 + 2);
2201
2202 /* 2k data + 4 byte header */
2203 uASC = (2048 + 4);
2204 break;
2205 case 0xff:
2206 /*
2207 * This lists all the command capabilities above. Add new ones
2208 * in order and update the length and buffer return values.
2209 */
2210
2211 buf[4] = 0x00; /* Physical format */
2212 buf[5] = 0x40; /* Not writable, is readable */
2213 ataH2BE_U16((buf + 6), 2048 + 4);
2214
2215 buf[8] = 0x01; /* Copyright info */
2216 buf[9] = 0x40; /* Not writable, is readable */
2217 ataH2BE_U16((buf + 10), 4 + 4);
2218
2219 buf[12] = 0x03; /* BCA info */
2220 buf[13] = 0x40; /* Not writable, is readable */
2221 ataH2BE_U16((buf + 14), 188 + 4);
2222
2223 buf[16] = 0x04; /* Manufacturing info */
2224 buf[17] = 0x40; /* Not writable, is readable */
2225 ataH2BE_U16((buf + 18), 2048 + 4);
2226
2227 /* Size of buffer, not including 2 byte size field */
2228 ataH2BE_U16(buf, 16 + 2);
2229
2230 /* data written + 4 byte header */
2231 uASC = (16 + 4);
2232 break;
2233 default: /* TODO: formats beyond DVD-ROM requires */
2234 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2235 }
2236
2237 if (uASC < 0)
2238 {
2239 s->iSourceSink = ATAFN_SS_NULL;
2240 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2241 return false;
2242 }
2243 break;
2244 }
2245 /* TODO: BD support, fall through for now */
2246
2247 /* Generic disk structures */
2248 case 0x80: /* TODO: AACS volume identifier */
2249 case 0x81: /* TODO: AACS media serial number */
2250 case 0x82: /* TODO: AACS media identifier */
2251 case 0x83: /* TODO: AACS media key block */
2252 case 0x90: /* TODO: List of recognized format layers */
2253 case 0xc0: /* TODO: Write protection status */
2254 default:
2255 s->iSourceSink = ATAFN_SS_NULL;
2256 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2257 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2258 return false;
2259 }
2260
2261 s->iSourceSink = ATAFN_SS_NULL;
2262 atapiCmdOK(s);
2263 return false;
2264}
2265
2266static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2267{
2268 Assert(cSectors > 0);
2269 s->iATAPILBA = iATAPILBA;
2270 s->cbATAPISector = cbSector;
2271 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2272 return false;
2273}
2274
2275
2276static bool atapiReadCapacitySS(ATADevState *s)
2277{
2278 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2279
2280 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2281 Assert(s->cbElementaryTransfer <= 8);
2282 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2283 ataH2BE_U32(pbBuf + 4, 2048);
2284 s->iSourceSink = ATAFN_SS_NULL;
2285 atapiCmdOK(s);
2286 return false;
2287}
2288
2289
2290static bool atapiReadDiscInformationSS(ATADevState *s)
2291{
2292 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2293
2294 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2295 Assert(s->cbElementaryTransfer <= 34);
2296 memset(pbBuf, '\0', 34);
2297 ataH2BE_U16(pbBuf, 32);
2298 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2299 pbBuf[3] = 1; /* number of first track */
2300 pbBuf[4] = 1; /* number of sessions (LSB) */
2301 pbBuf[5] = 1; /* first track number in last session (LSB) */
2302 pbBuf[6] = 1; /* last track number in last session (LSB) */
2303 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2304 pbBuf[8] = 0; /* disc type = CD-ROM */
2305 pbBuf[9] = 0; /* number of sessions (MSB) */
2306 pbBuf[10] = 0; /* number of sessions (MSB) */
2307 pbBuf[11] = 0; /* number of sessions (MSB) */
2308 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2309 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2310 s->iSourceSink = ATAFN_SS_NULL;
2311 atapiCmdOK(s);
2312 return false;
2313}
2314
2315
2316static bool atapiReadTrackInformationSS(ATADevState *s)
2317{
2318 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2319
2320 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2321 Assert(s->cbElementaryTransfer <= 36);
2322 /* Accept address/number type of 1 only, and only track 1 exists. */
2323 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2324 {
2325 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2326 return false;
2327 }
2328 memset(pbBuf, '\0', 36);
2329 ataH2BE_U16(pbBuf, 34);
2330 pbBuf[2] = 1; /* track number (LSB) */
2331 pbBuf[3] = 1; /* session number (LSB) */
2332 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2333 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2334 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2335 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2336 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2337 pbBuf[32] = 0; /* track number (MSB) */
2338 pbBuf[33] = 0; /* session number (MSB) */
2339 s->iSourceSink = ATAFN_SS_NULL;
2340 atapiCmdOK(s);
2341 return false;
2342}
2343
2344
2345static bool atapiGetConfigurationSS(ATADevState *s)
2346{
2347 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2348 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2349
2350 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2351 Assert(s->cbElementaryTransfer <= 32);
2352 /* Accept valid request types only, and only starting feature 0. */
2353 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2354 {
2355 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2356 return false;
2357 }
2358 memset(pbBuf, '\0', 32);
2359 ataH2BE_U32(pbBuf, 16);
2360 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2361 * way to differentiate them right now is based on the image size). Also
2362 * implement signalling "no current profile" if no medium is loaded. */
2363 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2364
2365 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2366 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2367 pbBuf[11] = 8; /* additional bytes for profiles */
2368 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2369 * before CD-ROM read capability. */
2370 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2371 pbBuf[14] = (0 << 0); /* NOT current profile */
2372 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2373 pbBuf[18] = (1 << 0); /* current profile */
2374 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2375 s->iSourceSink = ATAFN_SS_NULL;
2376 atapiCmdOK(s);
2377 return false;
2378}
2379
2380
2381static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2382{
2383 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2384
2385 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2386 Assert(s->cbElementaryTransfer <= 8);
2387
2388 if (!(s->aATAPICmd[1] & 1))
2389 {
2390 /* no asynchronous operation supported */
2391 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2392 return false;
2393 }
2394
2395 uint32_t OldStatus, NewStatus;
2396 do
2397 {
2398 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2399 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2400 switch (OldStatus)
2401 {
2402 case ATA_EVENT_STATUS_MEDIA_NEW:
2403 /* mount */
2404 ataH2BE_U16(pbBuf + 0, 6);
2405 pbBuf[2] = 0x04; /* media */
2406 pbBuf[3] = 0x5e; /* suppored = busy|media|external|power|operational */
2407 pbBuf[4] = 0x02; /* new medium */
2408 pbBuf[5] = 0x02; /* medium present / door closed */
2409 pbBuf[6] = 0x00;
2410 pbBuf[7] = 0x00;
2411 break;
2412
2413 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2414 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2415 /* umount */
2416 ataH2BE_U16(pbBuf + 0, 6);
2417 pbBuf[2] = 0x04; /* media */
2418 pbBuf[3] = 0x5e; /* suppored = busy|media|external|power|operational */
2419 pbBuf[4] = 0x03; /* media removal */
2420 pbBuf[5] = 0x00; /* medium absent / door closed */
2421 pbBuf[6] = 0x00;
2422 pbBuf[7] = 0x00;
2423 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2424 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2425 break;
2426
2427 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2428 ataH2BE_U16(pbBuf + 0, 6);
2429 pbBuf[2] = 0x04; /* media */
2430 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2431 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2432 pbBuf[5] = 0x02; /* medium present / door closed */
2433 pbBuf[6] = 0x00;
2434 pbBuf[7] = 0x00;
2435 break;
2436
2437 case ATA_EVENT_STATUS_UNCHANGED:
2438 default:
2439 ataH2BE_U16(pbBuf + 0, 6);
2440 pbBuf[2] = 0x01; /* operational change request / notification */
2441 pbBuf[3] = 0x5e; /* suppored = busy|media|external|power|operational */
2442 pbBuf[4] = 0x00;
2443 pbBuf[5] = 0x00;
2444 pbBuf[6] = 0x00;
2445 pbBuf[7] = 0x00;
2446 break;
2447 }
2448 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2449
2450 s->iSourceSink = ATAFN_SS_NULL;
2451 atapiCmdOK(s);
2452 return false;
2453}
2454
2455
2456static bool atapiInquirySS(ATADevState *s)
2457{
2458 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2459
2460 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2461 Assert(s->cbElementaryTransfer <= 36);
2462 pbBuf[0] = 0x05; /* CD-ROM */
2463 pbBuf[1] = 0x80; /* removable */
2464#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2465 pbBuf[2] = 0x00; /* ISO */
2466 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2467#else
2468 pbBuf[2] = 0x00; /* ISO */
2469 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2470#endif
2471 pbBuf[4] = 31; /* additional length */
2472 pbBuf[5] = 0; /* reserved */
2473 pbBuf[6] = 0; /* reserved */
2474 pbBuf[7] = 0; /* reserved */
2475 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2476 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2477 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2478 s->iSourceSink = ATAFN_SS_NULL;
2479 atapiCmdOK(s);
2480 return false;
2481}
2482
2483
2484static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2485{
2486 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2487
2488 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2489 Assert(s->cbElementaryTransfer <= 16);
2490 ataH2BE_U16(&pbBuf[0], 16 + 6);
2491 pbBuf[2] = 0x70;
2492 pbBuf[3] = 0;
2493 pbBuf[4] = 0;
2494 pbBuf[5] = 0;
2495 pbBuf[6] = 0;
2496 pbBuf[7] = 0;
2497
2498 pbBuf[8] = 0x01;
2499 pbBuf[9] = 0x06;
2500 pbBuf[10] = 0x00;
2501 pbBuf[11] = 0x05;
2502 pbBuf[12] = 0x00;
2503 pbBuf[13] = 0x00;
2504 pbBuf[14] = 0x00;
2505 pbBuf[15] = 0x00;
2506 s->iSourceSink = ATAFN_SS_NULL;
2507 atapiCmdOK(s);
2508 return false;
2509}
2510
2511
2512static bool atapiModeSenseCDStatusSS(ATADevState *s)
2513{
2514 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2515
2516 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2517 Assert(s->cbElementaryTransfer <= 40);
2518 ataH2BE_U16(&pbBuf[0], 38);
2519 pbBuf[2] = 0x70;
2520 pbBuf[3] = 0;
2521 pbBuf[4] = 0;
2522 pbBuf[5] = 0;
2523 pbBuf[6] = 0;
2524 pbBuf[7] = 0;
2525
2526 pbBuf[8] = 0x2a;
2527 pbBuf[9] = 30; /* page length */
2528 pbBuf[10] = 0x08; /* DVD-ROM read support */
2529 pbBuf[11] = 0x00; /* no write support */
2530 /* The following claims we support audio play. This is obviously false,
2531 * but the Linux generic CDROM support makes many features depend on this
2532 * capability. If it's not set, this causes many things to be disabled. */
2533 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2534 pbBuf[13] = 0x00; /* no subchannel reads supported */
2535 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2536 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2537 pbBuf[14] |= 1 << 1; /* report lock state */
2538 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2539 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2540 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2541 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2542 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2543 pbBuf[24] = 0; /* reserved */
2544 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2545 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2546 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2547 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2548 pbBuf[32] = 0; /* reserved */
2549 pbBuf[33] = 0; /* reserved */
2550 pbBuf[34] = 0; /* reserved */
2551 pbBuf[35] = 1; /* rotation control CAV */
2552 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2553 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2554 s->iSourceSink = ATAFN_SS_NULL;
2555 atapiCmdOK(s);
2556 return false;
2557}
2558
2559
2560static bool atapiRequestSenseSS(ATADevState *s)
2561{
2562 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2563
2564 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2565 memset(pbBuf, '\0', s->cbElementaryTransfer);
2566 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2567 s->iSourceSink = ATAFN_SS_NULL;
2568 atapiCmdOK(s);
2569 return false;
2570}
2571
2572
2573static bool atapiMechanismStatusSS(ATADevState *s)
2574{
2575 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2576
2577 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2578 Assert(s->cbElementaryTransfer <= 8);
2579 ataH2BE_U16(pbBuf, 0);
2580 /* no current LBA */
2581 pbBuf[2] = 0;
2582 pbBuf[3] = 0;
2583 pbBuf[4] = 0;
2584 pbBuf[5] = 1;
2585 ataH2BE_U16(pbBuf + 6, 0);
2586 s->iSourceSink = ATAFN_SS_NULL;
2587 atapiCmdOK(s);
2588 return false;
2589}
2590
2591
2592static bool atapiReadTOCNormalSS(ATADevState *s)
2593{
2594 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2595 bool fMSF;
2596 uint32_t cbSize;
2597
2598 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2599 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2600 iStartTrack = s->aATAPICmd[6];
2601 if (iStartTrack > 1 && iStartTrack != 0xaa)
2602 {
2603 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2604 return false;
2605 }
2606 q = pbBuf + 2;
2607 *q++ = 1; /* first session */
2608 *q++ = 1; /* last session */
2609 if (iStartTrack <= 1)
2610 {
2611 *q++ = 0; /* reserved */
2612 *q++ = 0x14; /* ADR, control */
2613 *q++ = 1; /* track number */
2614 *q++ = 0; /* reserved */
2615 if (fMSF)
2616 {
2617 *q++ = 0; /* reserved */
2618 ataLBA2MSF(q, 0);
2619 q += 3;
2620 }
2621 else
2622 {
2623 /* sector 0 */
2624 ataH2BE_U32(q, 0);
2625 q += 4;
2626 }
2627 }
2628 /* lead out track */
2629 *q++ = 0; /* reserved */
2630 *q++ = 0x14; /* ADR, control */
2631 *q++ = 0xaa; /* track number */
2632 *q++ = 0; /* reserved */
2633 if (fMSF)
2634 {
2635 *q++ = 0; /* reserved */
2636 ataLBA2MSF(q, s->cTotalSectors);
2637 q += 3;
2638 }
2639 else
2640 {
2641 ataH2BE_U32(q, s->cTotalSectors);
2642 q += 4;
2643 }
2644 cbSize = q - pbBuf;
2645 ataH2BE_U16(pbBuf, cbSize - 2);
2646 if (cbSize < s->cbTotalTransfer)
2647 s->cbTotalTransfer = cbSize;
2648 s->iSourceSink = ATAFN_SS_NULL;
2649 atapiCmdOK(s);
2650 return false;
2651}
2652
2653
2654static bool atapiReadTOCMultiSS(ATADevState *s)
2655{
2656 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2657 bool fMSF;
2658
2659 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2660 Assert(s->cbElementaryTransfer <= 12);
2661 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2662 /* multi session: only a single session defined */
2663/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2664 memset(pbBuf, 0, 12);
2665 pbBuf[1] = 0x0a;
2666 pbBuf[2] = 0x01;
2667 pbBuf[3] = 0x01;
2668 pbBuf[5] = 0x14; /* ADR, control */
2669 pbBuf[6] = 1; /* first track in last complete session */
2670 if (fMSF)
2671 {
2672 pbBuf[8] = 0; /* reserved */
2673 ataLBA2MSF(&pbBuf[9], 0);
2674 }
2675 else
2676 {
2677 /* sector 0 */
2678 ataH2BE_U32(pbBuf + 8, 0);
2679 }
2680 s->iSourceSink = ATAFN_SS_NULL;
2681 atapiCmdOK(s);
2682 return false;
2683}
2684
2685
2686static bool atapiReadTOCRawSS(ATADevState *s)
2687{
2688 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2689 bool fMSF;
2690 uint32_t cbSize;
2691
2692 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2693 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2694 iStartTrack = s->aATAPICmd[6];
2695
2696 q = pbBuf + 2;
2697 *q++ = 1; /* first session */
2698 *q++ = 1; /* last session */
2699
2700 *q++ = 1; /* session number */
2701 *q++ = 0x14; /* data track */
2702 *q++ = 0; /* track number */
2703 *q++ = 0xa0; /* first track in program area */
2704 *q++ = 0; /* min */
2705 *q++ = 0; /* sec */
2706 *q++ = 0; /* frame */
2707 *q++ = 0;
2708 *q++ = 1; /* first track */
2709 *q++ = 0x00; /* disk type CD-DA or CD data */
2710 *q++ = 0;
2711
2712 *q++ = 1; /* session number */
2713 *q++ = 0x14; /* data track */
2714 *q++ = 0; /* track number */
2715 *q++ = 0xa1; /* last track in program area */
2716 *q++ = 0; /* min */
2717 *q++ = 0; /* sec */
2718 *q++ = 0; /* frame */
2719 *q++ = 0;
2720 *q++ = 1; /* last track */
2721 *q++ = 0;
2722 *q++ = 0;
2723
2724 *q++ = 1; /* session number */
2725 *q++ = 0x14; /* data track */
2726 *q++ = 0; /* track number */
2727 *q++ = 0xa2; /* lead-out */
2728 *q++ = 0; /* min */
2729 *q++ = 0; /* sec */
2730 *q++ = 0; /* frame */
2731 if (fMSF)
2732 {
2733 *q++ = 0; /* reserved */
2734 ataLBA2MSF(q, s->cTotalSectors);
2735 q += 3;
2736 }
2737 else
2738 {
2739 ataH2BE_U32(q, s->cTotalSectors);
2740 q += 4;
2741 }
2742
2743 *q++ = 1; /* session number */
2744 *q++ = 0x14; /* ADR, control */
2745 *q++ = 0; /* track number */
2746 *q++ = 1; /* point */
2747 *q++ = 0; /* min */
2748 *q++ = 0; /* sec */
2749 *q++ = 0; /* frame */
2750 if (fMSF)
2751 {
2752 *q++ = 0; /* reserved */
2753 ataLBA2MSF(q, 0);
2754 q += 3;
2755 }
2756 else
2757 {
2758 /* sector 0 */
2759 ataH2BE_U32(q, 0);
2760 q += 4;
2761 }
2762
2763 cbSize = q - pbBuf;
2764 ataH2BE_U16(pbBuf, cbSize - 2);
2765 if (cbSize < s->cbTotalTransfer)
2766 s->cbTotalTransfer = cbSize;
2767 s->iSourceSink = ATAFN_SS_NULL;
2768 atapiCmdOK(s);
2769 return false;
2770}
2771
2772
2773static void atapiParseCmdVirtualATAPI(ATADevState *s)
2774{
2775 const uint8_t *pbPacket;
2776 uint8_t *pbBuf;
2777 uint32_t cbMax;
2778
2779 pbPacket = s->aATAPICmd;
2780 pbBuf = s->CTX_SUFF(pbIOBuffer);
2781 switch (pbPacket[0])
2782 {
2783 case SCSI_TEST_UNIT_READY:
2784 if (s->cNotifiedMediaChange > 0)
2785 {
2786 if (s->cNotifiedMediaChange-- > 2)
2787 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2788 else
2789 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2790 }
2791 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2792 atapiCmdOK(s);
2793 else
2794 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2795 break;
2796 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2797 cbMax = ataBE2H_U16(pbPacket + 7);
2798 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2799 break;
2800 case SCSI_MODE_SENSE_10:
2801 {
2802 uint8_t uPageControl, uPageCode;
2803 cbMax = ataBE2H_U16(pbPacket + 7);
2804 uPageControl = pbPacket[2] >> 6;
2805 uPageCode = pbPacket[2] & 0x3f;
2806 switch (uPageControl)
2807 {
2808 case SCSI_PAGECONTROL_CURRENT:
2809 switch (uPageCode)
2810 {
2811 case SCSI_MODEPAGE_ERROR_RECOVERY:
2812 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2813 break;
2814 case SCSI_MODEPAGE_CD_STATUS:
2815 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2816 break;
2817 default:
2818 goto error_cmd;
2819 }
2820 break;
2821 case SCSI_PAGECONTROL_CHANGEABLE:
2822 goto error_cmd;
2823 case SCSI_PAGECONTROL_DEFAULT:
2824 goto error_cmd;
2825 default:
2826 case SCSI_PAGECONTROL_SAVED:
2827 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2828 break;
2829 }
2830 }
2831 break;
2832 case SCSI_REQUEST_SENSE:
2833 cbMax = pbPacket[4];
2834 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2835 break;
2836 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2837 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2838 {
2839 if (pbPacket[4] & 1)
2840 s->pDrvMount->pfnLock(s->pDrvMount);
2841 else
2842 s->pDrvMount->pfnUnlock(s->pDrvMount);
2843 atapiCmdOK(s);
2844 }
2845 else
2846 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2847 break;
2848 case SCSI_READ_10:
2849 case SCSI_READ_12:
2850 {
2851 uint32_t cSectors, iATAPILBA;
2852
2853 if (s->cNotifiedMediaChange > 0)
2854 {
2855 s->cNotifiedMediaChange-- ;
2856 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2857 break;
2858 }
2859 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2860 {
2861 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2862 break;
2863 }
2864 if (pbPacket[0] == SCSI_READ_10)
2865 cSectors = ataBE2H_U16(pbPacket + 7);
2866 else
2867 cSectors = ataBE2H_U32(pbPacket + 6);
2868 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2869 if (cSectors == 0)
2870 {
2871 atapiCmdOK(s);
2872 break;
2873 }
2874 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2875 {
2876 /* Rate limited logging, one log line per second. For
2877 * guests that insist on reading from places outside the
2878 * valid area this often generates too many release log
2879 * entries otherwise. */
2880 static uint64_t uLastLogTS = 0;
2881 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2882 {
2883 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2884 uLastLogTS = RTTimeMilliTS();
2885 }
2886 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2887 break;
2888 }
2889 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2890 }
2891 break;
2892 case SCSI_READ_CD:
2893 {
2894 uint32_t cSectors, iATAPILBA;
2895
2896 if (s->cNotifiedMediaChange > 0)
2897 {
2898 s->cNotifiedMediaChange-- ;
2899 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2900 break;
2901 }
2902 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2903 {
2904 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2905 break;
2906 }
2907 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2908 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2909 if (cSectors == 0)
2910 {
2911 atapiCmdOK(s);
2912 break;
2913 }
2914 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2915 {
2916 /* Rate limited logging, one log line per second. For
2917 * guests that insist on reading from places outside the
2918 * valid area this often generates too many release log
2919 * entries otherwise. */
2920 static uint64_t uLastLogTS = 0;
2921 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2922 {
2923 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2924 uLastLogTS = RTTimeMilliTS();
2925 }
2926 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2927 break;
2928 }
2929 switch (pbPacket[9] & 0xf8)
2930 {
2931 case 0x00:
2932 /* nothing */
2933 atapiCmdOK(s);
2934 break;
2935 case 0x10:
2936 /* normal read */
2937 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2938 break;
2939 case 0xf8:
2940 /* read all data */
2941 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2942 break;
2943 default:
2944 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2945 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2946 break;
2947 }
2948 }
2949 break;
2950 case SCSI_SEEK_10:
2951 {
2952 uint32_t iATAPILBA;
2953 if (s->cNotifiedMediaChange > 0)
2954 {
2955 s->cNotifiedMediaChange-- ;
2956 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2957 break;
2958 }
2959 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2960 {
2961 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2962 break;
2963 }
2964 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2965 if (iATAPILBA > s->cTotalSectors)
2966 {
2967 /* Rate limited logging, one log line per second. For
2968 * guests that insist on seeking to places outside the
2969 * valid area this often generates too many release log
2970 * entries otherwise. */
2971 static uint64_t uLastLogTS = 0;
2972 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2973 {
2974 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2975 uLastLogTS = RTTimeMilliTS();
2976 }
2977 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2978 break;
2979 }
2980 atapiCmdOK(s);
2981 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2982 }
2983 break;
2984 case SCSI_START_STOP_UNIT:
2985 {
2986 int rc = VINF_SUCCESS;
2987 switch (pbPacket[4] & 3)
2988 {
2989 case 0: /* 00 - Stop motor */
2990 case 1: /* 01 - Start motor */
2991 break;
2992 case 2: /* 10 - Eject media */
2993 /* This must be done from EMT. */
2994 {
2995 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2996 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2997
2998 PDMCritSectLeave(&pCtl->lock);
2999 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3000 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
3001 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED));
3002 {
3003 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3004 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3005 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3006 }
3007 }
3008 break;
3009 case 3: /* 11 - Load media */
3010 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3011 break;
3012 }
3013 if (RT_SUCCESS(rc))
3014 atapiCmdOK(s);
3015 else
3016 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3017 }
3018 break;
3019 case SCSI_MECHANISM_STATUS:
3020 {
3021 cbMax = ataBE2H_U16(pbPacket + 8);
3022 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3023 }
3024 break;
3025 case SCSI_READ_TOC_PMA_ATIP:
3026 {
3027 uint8_t format;
3028
3029 if (s->cNotifiedMediaChange > 0)
3030 {
3031 s->cNotifiedMediaChange-- ;
3032 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3033 break;
3034 }
3035 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3036 {
3037 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3038 break;
3039 }
3040 cbMax = ataBE2H_U16(pbPacket + 7);
3041 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3042 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3043 * the other field is clear... */
3044 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3045 switch (format)
3046 {
3047 case 0:
3048 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3049 break;
3050 case 1:
3051 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3052 break;
3053 case 2:
3054 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3055 break;
3056 default:
3057 error_cmd:
3058 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3059 break;
3060 }
3061 }
3062 break;
3063 case SCSI_READ_CAPACITY:
3064 if (s->cNotifiedMediaChange > 0)
3065 {
3066 s->cNotifiedMediaChange-- ;
3067 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3068 break;
3069 }
3070 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3071 {
3072 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3073 break;
3074 }
3075 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3076 break;
3077 case SCSI_READ_DISC_INFORMATION:
3078 if (s->cNotifiedMediaChange > 0)
3079 {
3080 s->cNotifiedMediaChange-- ;
3081 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3082 break;
3083 }
3084 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3085 {
3086 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3087 break;
3088 }
3089 cbMax = ataBE2H_U16(pbPacket + 7);
3090 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3091 break;
3092 case SCSI_READ_TRACK_INFORMATION:
3093 if (s->cNotifiedMediaChange > 0)
3094 {
3095 s->cNotifiedMediaChange-- ;
3096 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3097 break;
3098 }
3099 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3100 {
3101 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3102 break;
3103 }
3104 cbMax = ataBE2H_U16(pbPacket + 7);
3105 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3106 break;
3107 case SCSI_GET_CONFIGURATION:
3108 /* No media change stuff here, it can confuse Linux guests. */
3109 cbMax = ataBE2H_U16(pbPacket + 7);
3110 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3111 break;
3112 case SCSI_INQUIRY:
3113 cbMax = ataBE2H_U16(pbPacket + 3);
3114 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3115 break;
3116 case SCSI_READ_DVD_STRUCTURE:
3117 {
3118 cbMax = ataBE2H_U16(pbPacket + 8);
3119 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3120 break;
3121 }
3122 default:
3123 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3124 break;
3125 }
3126}
3127
3128
3129/*
3130 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3131 */
3132static void atapiParseCmdPassthrough(ATADevState *s)
3133{
3134 const uint8_t *pbPacket;
3135 uint8_t *pbBuf;
3136 uint32_t cSectors, iATAPILBA;
3137 uint32_t cbTransfer = 0;
3138 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3139
3140 pbPacket = s->aATAPICmd;
3141 pbBuf = s->CTX_SUFF(pbIOBuffer);
3142 switch (pbPacket[0])
3143 {
3144 case SCSI_BLANK:
3145 goto sendcmd;
3146 case SCSI_CLOSE_TRACK_SESSION:
3147 goto sendcmd;
3148 case SCSI_ERASE_10:
3149 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3150 cbTransfer = ataBE2H_U16(pbPacket + 7);
3151 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3152 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3153 goto sendcmd;
3154 case SCSI_FORMAT_UNIT:
3155 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3156 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3157 goto sendcmd;
3158 case SCSI_GET_CONFIGURATION:
3159 cbTransfer = ataBE2H_U16(pbPacket + 7);
3160 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3161 goto sendcmd;
3162 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3163 cbTransfer = ataBE2H_U16(pbPacket + 7);
3164 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3165 {
3166 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3167 break;
3168 }
3169 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3170 goto sendcmd;
3171 case SCSI_GET_PERFORMANCE:
3172 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3173 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3174 goto sendcmd;
3175 case SCSI_INQUIRY:
3176 cbTransfer = ataBE2H_U16(pbPacket + 3);
3177 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3178 goto sendcmd;
3179 case SCSI_LOAD_UNLOAD_MEDIUM:
3180 goto sendcmd;
3181 case SCSI_MECHANISM_STATUS:
3182 cbTransfer = ataBE2H_U16(pbPacket + 8);
3183 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3184 goto sendcmd;
3185 case SCSI_MODE_SELECT_10:
3186 cbTransfer = ataBE2H_U16(pbPacket + 7);
3187 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3188 goto sendcmd;
3189 case SCSI_MODE_SENSE_10:
3190 cbTransfer = ataBE2H_U16(pbPacket + 7);
3191 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3192 goto sendcmd;
3193 case SCSI_PAUSE_RESUME:
3194 goto sendcmd;
3195 case SCSI_PLAY_AUDIO_10:
3196 goto sendcmd;
3197 case SCSI_PLAY_AUDIO_12:
3198 goto sendcmd;
3199 case SCSI_PLAY_AUDIO_MSF:
3200 goto sendcmd;
3201 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3202 /** @todo do not forget to unlock when a VM is shut down */
3203 goto sendcmd;
3204 case SCSI_READ_10:
3205 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3206 cSectors = ataBE2H_U16(pbPacket + 7);
3207 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3208 s->cbATAPISector = 2048;
3209 cbTransfer = cSectors * s->cbATAPISector;
3210 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3211 goto sendcmd;
3212 case SCSI_READ_12:
3213 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3214 cSectors = ataBE2H_U32(pbPacket + 6);
3215 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3216 s->cbATAPISector = 2048;
3217 cbTransfer = cSectors * s->cbATAPISector;
3218 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3219 goto sendcmd;
3220 case SCSI_READ_BUFFER:
3221 cbTransfer = ataBE2H_U24(pbPacket + 6);
3222 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3223 goto sendcmd;
3224 case SCSI_READ_BUFFER_CAPACITY:
3225 cbTransfer = ataBE2H_U16(pbPacket + 7);
3226 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3227 goto sendcmd;
3228 case SCSI_READ_CAPACITY:
3229 cbTransfer = 8;
3230 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3231 goto sendcmd;
3232 case SCSI_READ_CD:
3233 case SCSI_READ_CD_MSF:
3234 {
3235 /* Get sector size based on the expected sector type field. */
3236 switch ((pbPacket[1] >> 2) & 0x7)
3237 {
3238 case 0x0: /* All types. */
3239 if (ASMAtomicReadU32(&s->MediaTrackType) == ATA_MEDIA_TYPE_CDDA)
3240 s->cbATAPISector = 2352;
3241 else
3242 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3243 break;
3244 case 0x1: /* CD-DA */
3245 s->cbATAPISector = 2352;
3246 break;
3247 case 0x2: /* Mode 1 */
3248 s->cbATAPISector = 2048;
3249 break;
3250 case 0x3: /* Mode 2 formless */
3251 s->cbATAPISector = 2336;
3252 break;
3253 case 0x4: /* Mode 2 form 1 */
3254 s->cbATAPISector = 2048;
3255 break;
3256 case 0x5: /* Mode 2 form 2 */
3257 s->cbATAPISector = 2324;
3258 break;
3259 default: /* Reserved */
3260 AssertMsgFailed(("Unknown sector type\n"));
3261 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3262 }
3263
3264 if (pbPacket[0] == SCSI_READ_CD)
3265 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3266 else /* SCSI_READ_MSF */
3267 {
3268 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3269 if (cSectors > 32)
3270 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3271 cbTransfer = cSectors * s->cbATAPISector;
3272 }
3273 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3274 goto sendcmd;
3275 }
3276 case SCSI_READ_DISC_INFORMATION:
3277 cbTransfer = ataBE2H_U16(pbPacket + 7);
3278 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3279 goto sendcmd;
3280 case SCSI_READ_DVD_STRUCTURE:
3281 cbTransfer = ataBE2H_U16(pbPacket + 8);
3282 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3283 goto sendcmd;
3284 case SCSI_READ_FORMAT_CAPACITIES:
3285 cbTransfer = ataBE2H_U16(pbPacket + 7);
3286 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3287 goto sendcmd;
3288 case SCSI_READ_SUBCHANNEL:
3289 cbTransfer = ataBE2H_U16(pbPacket + 7);
3290 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3291 goto sendcmd;
3292 case SCSI_READ_TOC_PMA_ATIP:
3293 cbTransfer = ataBE2H_U16(pbPacket + 7);
3294 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3295 goto sendcmd;
3296 case SCSI_READ_TRACK_INFORMATION:
3297 cbTransfer = ataBE2H_U16(pbPacket + 7);
3298 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3299 goto sendcmd;
3300 case SCSI_REPAIR_TRACK:
3301 goto sendcmd;
3302 case SCSI_REPORT_KEY:
3303 cbTransfer = ataBE2H_U16(pbPacket + 8);
3304 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3305 goto sendcmd;
3306 case SCSI_REQUEST_SENSE:
3307 cbTransfer = pbPacket[4];
3308 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3309 {
3310 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3311 break;
3312 }
3313 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3314 goto sendcmd;
3315 case SCSI_RESERVE_TRACK:
3316 goto sendcmd;
3317 case SCSI_SCAN:
3318 goto sendcmd;
3319 case SCSI_SEEK_10:
3320 goto sendcmd;
3321 case SCSI_SEND_CUE_SHEET:
3322 cbTransfer = ataBE2H_U24(pbPacket + 6);
3323 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3324 goto sendcmd;
3325 case SCSI_SEND_DVD_STRUCTURE:
3326 cbTransfer = ataBE2H_U16(pbPacket + 8);
3327 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3328 goto sendcmd;
3329 case SCSI_SEND_EVENT:
3330 cbTransfer = ataBE2H_U16(pbPacket + 8);
3331 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3332 goto sendcmd;
3333 case SCSI_SEND_KEY:
3334 cbTransfer = ataBE2H_U16(pbPacket + 8);
3335 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3336 goto sendcmd;
3337 case SCSI_SEND_OPC_INFORMATION:
3338 cbTransfer = ataBE2H_U16(pbPacket + 7);
3339 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3340 goto sendcmd;
3341 case SCSI_SET_CD_SPEED:
3342 goto sendcmd;
3343 case SCSI_SET_READ_AHEAD:
3344 goto sendcmd;
3345 case SCSI_SET_STREAMING:
3346 cbTransfer = ataBE2H_U16(pbPacket + 9);
3347 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3348 goto sendcmd;
3349 case SCSI_START_STOP_UNIT:
3350 goto sendcmd;
3351 case SCSI_STOP_PLAY_SCAN:
3352 goto sendcmd;
3353 case SCSI_SYNCHRONIZE_CACHE:
3354 goto sendcmd;
3355 case SCSI_TEST_UNIT_READY:
3356 goto sendcmd;
3357 case SCSI_VERIFY_10:
3358 goto sendcmd;
3359 case SCSI_WRITE_10:
3360 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3361 cSectors = ataBE2H_U16(pbPacket + 7);
3362 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3363#if 0
3364 /* The sector size is determined by the async I/O thread. */
3365 s->cbATAPISector = 0;
3366 /* Preliminary, will be corrected once the sector size is known. */
3367 cbTransfer = cSectors;
3368#else
3369 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3370 cbTransfer = cSectors * s->cbATAPISector;
3371#endif
3372 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3373 goto sendcmd;
3374 case SCSI_WRITE_12:
3375 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3376 cSectors = ataBE2H_U32(pbPacket + 6);
3377 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3378#if 0
3379 /* The sector size is determined by the async I/O thread. */
3380 s->cbATAPISector = 0;
3381 /* Preliminary, will be corrected once the sector size is known. */
3382 cbTransfer = cSectors;
3383#else
3384 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3385 cbTransfer = cSectors * s->cbATAPISector;
3386#endif
3387 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3388 goto sendcmd;
3389 case SCSI_WRITE_AND_VERIFY_10:
3390 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3391 cSectors = ataBE2H_U16(pbPacket + 7);
3392 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3393 /* The sector size is determined by the async I/O thread. */
3394 s->cbATAPISector = 0;
3395 /* Preliminary, will be corrected once the sector size is known. */
3396 cbTransfer = cSectors;
3397 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3398 goto sendcmd;
3399 case SCSI_WRITE_BUFFER:
3400 switch (pbPacket[1] & 0x1f)
3401 {
3402 case 0x04: /* download microcode */
3403 case 0x05: /* download microcode and save */
3404 case 0x06: /* download microcode with offsets */
3405 case 0x07: /* download microcode with offsets and save */
3406 case 0x0e: /* download microcode with offsets and defer activation */
3407 case 0x0f: /* activate deferred microcode */
3408 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3409 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3410 break;
3411 default:
3412 cbTransfer = ataBE2H_U16(pbPacket + 6);
3413 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3414 goto sendcmd;
3415 }
3416 break;
3417 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3418 cbTransfer = ataBE2H_U32(pbPacket + 6);
3419 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3420 goto sendcmd;
3421 case SCSI_REZERO_UNIT:
3422 /* Obsolete command used by cdrecord. What else would one expect?
3423 * This command is not sent to the drive, it is handled internally,
3424 * as the Linux kernel doesn't like it (message "scsi: unknown
3425 * opcode 0x01" in syslog) and replies with a sense code of 0,
3426 * which sends cdrecord to an endless loop. */
3427 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3428 break;
3429 default:
3430 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3431 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3432 break;
3433 sendcmd:
3434 /* Send a command to the drive, passing data in/out as required. */
3435 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3436 Assert(cbTransfer <= s->cbIOBuffer);
3437 if (cbTransfer == 0)
3438 uTxDir = PDMBLOCKTXDIR_NONE;
3439 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3440 }
3441}
3442
3443
3444static void atapiParseCmd(ATADevState *s)
3445{
3446 const uint8_t *pbPacket;
3447
3448 pbPacket = s->aATAPICmd;
3449#ifdef DEBUG
3450 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3451#else /* !DEBUG */
3452 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3453#endif /* !DEBUG */
3454 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3455
3456 if (s->fATAPIPassthrough)
3457 atapiParseCmdPassthrough(s);
3458 else
3459 atapiParseCmdVirtualATAPI(s);
3460}
3461
3462
3463static bool ataPacketSS(ATADevState *s)
3464{
3465 s->fDMA = !!(s->uATARegFeature & 1);
3466 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3467 s->uTxDir = PDMBLOCKTXDIR_NONE;
3468 s->cbTotalTransfer = 0;
3469 s->cbElementaryTransfer = 0;
3470 atapiParseCmd(s);
3471 return false;
3472}
3473
3474
3475/**
3476 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3477 * from now on, regardless if there was a medium inserted or not.
3478 */
3479static void ataMediumRemoved(ATADevState *s)
3480{
3481 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3482}
3483
3484
3485/**
3486 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3487 * there was already a medium inserted, don't forget to send the "medium
3488 * removed" event first.
3489 */
3490static void ataMediumInserted(ATADevState *s)
3491{
3492 uint32_t OldStatus, NewStatus;
3493 do
3494 {
3495 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3496 switch (OldStatus)
3497 {
3498 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3499 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3500 /* no change, we will send "medium removed" + "medium inserted" */
3501 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3502 break;
3503 default:
3504 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3505 break;
3506 }
3507 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3508}
3509
3510/**
3511 * Called when a media is mounted.
3512 *
3513 * @param pInterface Pointer to the interface structure containing the called function pointer.
3514 */
3515static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3516{
3517 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3518 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3519
3520 /* Ignore the call if we're called while being attached. */
3521 if (!pIf->pDrvBlock)
3522 return;
3523
3524 if (pIf->fATAPI)
3525 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3526 else
3527 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3528
3529 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3530
3531 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3532 if (pIf->cNotifiedMediaChange < 2)
3533 pIf->cNotifiedMediaChange = 2;
3534 ataMediumInserted(pIf);
3535 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3536}
3537
3538/**
3539 * Called when a media is unmounted
3540 * @param pInterface Pointer to the interface structure containing the called function pointer.
3541 */
3542static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3543{
3544 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3545 Log(("%s:\n", __FUNCTION__));
3546 pIf->cTotalSectors = 0;
3547
3548 /*
3549 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3550 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3551 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3552 * present and 2 in which it is changed.
3553 */
3554 pIf->cNotifiedMediaChange = 4;
3555 ataMediumRemoved(pIf);
3556 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3557}
3558
3559static void ataPacketBT(ATADevState *s)
3560{
3561 s->cbElementaryTransfer = s->cbTotalTransfer;
3562 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3563 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3564 ataSetStatusValue(s, ATA_STAT_READY);
3565}
3566
3567
3568static void ataResetDevice(ATADevState *s)
3569{
3570 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3571 s->cNotifiedMediaChange = 0;
3572 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3573 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3574 ataUnsetIRQ(s);
3575
3576 s->uATARegSelect = 0x20;
3577 ataSetStatusValue(s, ATA_STAT_READY);
3578 ataSetSignature(s);
3579 s->cbTotalTransfer = 0;
3580 s->cbElementaryTransfer = 0;
3581 s->iIOBufferPIODataStart = 0;
3582 s->iIOBufferPIODataEnd = 0;
3583 s->iBeginTransfer = ATAFN_BT_NULL;
3584 s->iSourceSink = ATAFN_SS_NULL;
3585 s->fDMA = false;
3586 s->fATAPITransfer = false;
3587 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3588
3589 s->uATARegFeature = 0;
3590}
3591
3592
3593static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3594{
3595 ataSetSignature(s);
3596 if (s->fATAPI)
3597 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3598 else
3599 ataSetStatusValue(s, ATA_STAT_READY);
3600 s->uATARegError = 0x01;
3601 return false;
3602}
3603
3604
3605static void ataParseCmd(ATADevState *s, uint8_t cmd)
3606{
3607#ifdef DEBUG
3608 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3609#else /* !DEBUG */
3610 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3611#endif /* !DEBUG */
3612 s->fLBA48 = false;
3613 s->fDMA = false;
3614 if (cmd == ATA_IDLE_IMMEDIATE)
3615 {
3616 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3617 * would overwrite the failing command unfortunately), then RESET. */
3618 int32_t uCmdWait = -1;
3619 uint64_t uNow = RTTimeNanoTS();
3620 if (s->u64CmdTS)
3621 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3622 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3623 s->iLUN, s->uATARegCommand, uCmdWait));
3624 }
3625 s->uATARegCommand = cmd;
3626 switch (cmd)
3627 {
3628 case ATA_IDENTIFY_DEVICE:
3629 if (s->pDrvBlock && !s->fATAPI)
3630 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3631 else
3632 {
3633 if (s->fATAPI)
3634 ataSetSignature(s);
3635 ataCmdError(s, ABRT_ERR);
3636 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3637 }
3638 break;
3639 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3640 case ATA_RECALIBRATE:
3641 ataCmdOK(s, ATA_STAT_SEEK);
3642 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3643 break;
3644 case ATA_SET_MULTIPLE_MODE:
3645 if ( s->uATARegNSector != 0
3646 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3647 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3648 {
3649 ataCmdError(s, ABRT_ERR);
3650 }
3651 else
3652 {
3653 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3654 s->cMultSectors = s->uATARegNSector;
3655 ataCmdOK(s, 0);
3656 }
3657 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3658 break;
3659 case ATA_READ_VERIFY_SECTORS_EXT:
3660 s->fLBA48 = true;
3661 case ATA_READ_VERIFY_SECTORS:
3662 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3663 /* do sector number check ? */
3664 ataCmdOK(s, 0);
3665 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3666 break;
3667 case ATA_READ_SECTORS_EXT:
3668 s->fLBA48 = true;
3669 case ATA_READ_SECTORS:
3670 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3671 if (!s->pDrvBlock)
3672 goto abort_cmd;
3673 s->cSectorsPerIRQ = 1;
3674 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3675 break;
3676 case ATA_WRITE_SECTORS_EXT:
3677 s->fLBA48 = true;
3678 case ATA_WRITE_SECTORS:
3679 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3680 s->cSectorsPerIRQ = 1;
3681 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3682 break;
3683 case ATA_READ_MULTIPLE_EXT:
3684 s->fLBA48 = true;
3685 case ATA_READ_MULTIPLE:
3686 if (!s->cMultSectors)
3687 goto abort_cmd;
3688 s->cSectorsPerIRQ = s->cMultSectors;
3689 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3690 break;
3691 case ATA_WRITE_MULTIPLE_EXT:
3692 s->fLBA48 = true;
3693 case ATA_WRITE_MULTIPLE:
3694 if (!s->cMultSectors)
3695 goto abort_cmd;
3696 s->cSectorsPerIRQ = s->cMultSectors;
3697 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3698 break;
3699 case ATA_READ_DMA_EXT:
3700 s->fLBA48 = true;
3701 case ATA_READ_DMA:
3702 case ATA_READ_DMA_WITHOUT_RETRIES:
3703 if (!s->pDrvBlock)
3704 goto abort_cmd;
3705 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3706 s->fDMA = true;
3707 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3708 break;
3709 case ATA_WRITE_DMA_EXT:
3710 s->fLBA48 = true;
3711 case ATA_WRITE_DMA:
3712 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3713 if (!s->pDrvBlock)
3714 goto abort_cmd;
3715 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3716 s->fDMA = true;
3717 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3718 break;
3719 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3720 s->fLBA48 = true;
3721 ataSetSector(s, s->cTotalSectors - 1);
3722 ataCmdOK(s, 0);
3723 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3724 break;
3725 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3726 ataCmdOK(s, 0);
3727 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3728 break;
3729 case ATA_READ_NATIVE_MAX_ADDRESS:
3730 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3731 ataCmdOK(s, 0);
3732 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3733 break;
3734 case ATA_CHECK_POWER_MODE:
3735 s->uATARegNSector = 0xff; /* drive active or idle */
3736 ataCmdOK(s, 0);
3737 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3738 break;
3739 case ATA_SET_FEATURES:
3740 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3741 if (!s->pDrvBlock)
3742 goto abort_cmd;
3743 switch (s->uATARegFeature)
3744 {
3745 case 0x02: /* write cache enable */
3746 Log2(("%s: write cache enable\n", __FUNCTION__));
3747 ataCmdOK(s, ATA_STAT_SEEK);
3748 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3749 break;
3750 case 0xaa: /* read look-ahead enable */
3751 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3752 ataCmdOK(s, ATA_STAT_SEEK);
3753 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3754 break;
3755 case 0x55: /* read look-ahead disable */
3756 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3757 ataCmdOK(s, ATA_STAT_SEEK);
3758 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3759 break;
3760 case 0xcc: /* reverting to power-on defaults enable */
3761 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3762 ataCmdOK(s, ATA_STAT_SEEK);
3763 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3764 break;
3765 case 0x66: /* reverting to power-on defaults disable */
3766 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3767 ataCmdOK(s, ATA_STAT_SEEK);
3768 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3769 break;
3770 case 0x82: /* write cache disable */
3771 Log2(("%s: write cache disable\n", __FUNCTION__));
3772 /* As per the ATA/ATAPI-6 specs, a write cache disable
3773 * command MUST flush the write buffers to disc. */
3774 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3775 break;
3776 case 0x03: { /* set transfer mode */
3777 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3778 switch (s->uATARegNSector & 0xf8)
3779 {
3780 case 0x00: /* PIO default */
3781 case 0x08: /* PIO mode */
3782 break;
3783 case ATA_MODE_MDMA: /* MDMA mode */
3784 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3785 break;
3786 case ATA_MODE_UDMA: /* UDMA mode */
3787 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3788 break;
3789 default:
3790 goto abort_cmd;
3791 }
3792 ataCmdOK(s, ATA_STAT_SEEK);
3793 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3794 break;
3795 }
3796 default:
3797 goto abort_cmd;
3798 }
3799 /*
3800 * OS/2 workarond:
3801 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3802 * reset here. According to the specification, this is a driver bug as the register
3803 * contents are undefined after the call. This means we can just as well reset it.
3804 */
3805 s->uATARegFeature = 0;
3806 break;
3807 case ATA_FLUSH_CACHE_EXT:
3808 case ATA_FLUSH_CACHE:
3809 if (!s->pDrvBlock || s->fATAPI)
3810 goto abort_cmd;
3811 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3812 break;
3813 case ATA_STANDBY_IMMEDIATE:
3814 ataCmdOK(s, 0);
3815 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3816 break;
3817 case ATA_IDLE_IMMEDIATE:
3818 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3819 ataAbortCurrentCommand(s, false);
3820 break;
3821 case ATA_SLEEP:
3822 ataCmdOK(s, 0);
3823 ataSetIRQ(s);
3824 break;
3825 /* ATAPI commands */
3826 case ATA_IDENTIFY_PACKET_DEVICE:
3827 if (s->fATAPI)
3828 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3829 else
3830 {
3831 ataCmdError(s, ABRT_ERR);
3832 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3833 }
3834 break;
3835 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3836 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3837 break;
3838 case ATA_DEVICE_RESET:
3839 if (!s->fATAPI)
3840 goto abort_cmd;
3841 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3842 ataAbortCurrentCommand(s, true);
3843 break;
3844 case ATA_PACKET:
3845 if (!s->fATAPI)
3846 goto abort_cmd;
3847 /* overlapping commands not supported */
3848 if (s->uATARegFeature & 0x02)
3849 goto abort_cmd;
3850 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3851 break;
3852 default:
3853 abort_cmd:
3854 ataCmdError(s, ABRT_ERR);
3855 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3856 break;
3857 }
3858}
3859
3860#endif /* IN_RING3 */
3861
3862static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3863{
3864 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3865 addr &= 7;
3866 switch (addr)
3867 {
3868 case 0:
3869 break;
3870 case 1: /* feature register */
3871 /* NOTE: data is written to the two drives */
3872 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3873 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3874 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3875 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3876 pCtl->aIfs[0].uATARegFeature = val;
3877 pCtl->aIfs[1].uATARegFeature = val;
3878 break;
3879 case 2: /* sector count */
3880 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3881 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3882 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3883 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3884 pCtl->aIfs[0].uATARegNSector = val;
3885 pCtl->aIfs[1].uATARegNSector = val;
3886 break;
3887 case 3: /* sector number */
3888 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3889 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3890 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3891 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3892 pCtl->aIfs[0].uATARegSector = val;
3893 pCtl->aIfs[1].uATARegSector = val;
3894 break;
3895 case 4: /* cylinder low */
3896 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3897 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3898 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3899 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3900 pCtl->aIfs[0].uATARegLCyl = val;
3901 pCtl->aIfs[1].uATARegLCyl = val;
3902 break;
3903 case 5: /* cylinder high */
3904 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3905 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3906 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3907 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3908 pCtl->aIfs[0].uATARegHCyl = val;
3909 pCtl->aIfs[1].uATARegHCyl = val;
3910 break;
3911 case 6: /* drive/head */
3912 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3913 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3914 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3915 {
3916 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3917
3918 /* select another drive */
3919 pCtl->iSelectedIf = (val >> 4) & 1;
3920 /* The IRQ line is multiplexed between the two drives, so
3921 * update the state when switching to another drive. Only need
3922 * to update interrupt line if it is enabled and there is a
3923 * state change. */
3924 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3925 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3926 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3927 {
3928 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3929 {
3930 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3931 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3932 * the interrupt line is asserted. It monitors the line
3933 * for a rising edge. */
3934 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3935 if (pCtl->irq == 16)
3936 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
3937 else
3938 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
3939 }
3940 else
3941 {
3942 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3943 if (pCtl->irq == 16)
3944 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
3945 else
3946 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
3947 }
3948 }
3949 }
3950 break;
3951 default:
3952 case 7: /* command */
3953 /* ignore commands to non existant slave */
3954 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3955 break;
3956#ifndef IN_RING3
3957 /* Don't do anything complicated in GC */
3958 return VINF_IOM_HC_IOPORT_WRITE;
3959#else /* IN_RING3 */
3960 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3961#endif /* !IN_RING3 */
3962 }
3963 return VINF_SUCCESS;
3964}
3965
3966
3967static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3968{
3969 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3970 uint32_t val;
3971 bool fHOB;
3972
3973 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3974 switch (addr & 7)
3975 {
3976 case 0: /* data register */
3977 val = 0xff;
3978 break;
3979 case 1: /* error register */
3980 /* The ATA specification is very terse when it comes to specifying
3981 * the precise effects of reading back the error/feature register.
3982 * The error register (read-only) shares the register number with
3983 * the feature register (write-only), so it seems that it's not
3984 * necessary to support the usual HOB readback here. */
3985 if (!s->pDrvBlock)
3986 val = 0;
3987 else
3988 val = s->uATARegError;
3989 break;
3990 case 2: /* sector count */
3991 if (!s->pDrvBlock)
3992 val = 0;
3993 else if (fHOB)
3994 val = s->uATARegNSectorHOB;
3995 else
3996 val = s->uATARegNSector;
3997 break;
3998 case 3: /* sector number */
3999 if (!s->pDrvBlock)
4000 val = 0;
4001 else if (fHOB)
4002 val = s->uATARegSectorHOB;
4003 else
4004 val = s->uATARegSector;
4005 break;
4006 case 4: /* cylinder low */
4007 if (!s->pDrvBlock)
4008 val = 0;
4009 else if (fHOB)
4010 val = s->uATARegLCylHOB;
4011 else
4012 val = s->uATARegLCyl;
4013 break;
4014 case 5: /* cylinder high */
4015 if (!s->pDrvBlock)
4016 val = 0;
4017 else if (fHOB)
4018 val = s->uATARegHCylHOB;
4019 else
4020 val = s->uATARegHCyl;
4021 break;
4022 case 6: /* drive/head */
4023 /* This register must always work as long as there is at least
4024 * one drive attached to the controller. It is common between
4025 * both drives anyway (completely identical content). */
4026 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4027 val = 0;
4028 else
4029 val = s->uATARegSelect;
4030 break;
4031 default:
4032 case 7: /* primary status */
4033 {
4034 /* Counter for number of busy status seen in GC in a row. */
4035 static unsigned cBusy = 0;
4036
4037 if (!s->pDrvBlock)
4038 val = 0;
4039 else
4040 val = s->uATARegStatus;
4041
4042 /* Give the async I/O thread an opportunity to make progress,
4043 * don't let it starve by guests polling frequently. EMT has a
4044 * lower priority than the async I/O thread, but sometimes the
4045 * host OS doesn't care. With some guests we are only allowed to
4046 * be busy for about 5 milliseconds in some situations. Note that
4047 * this is no guarantee for any other VBox thread getting
4048 * scheduled, so this just lowers the CPU load a bit when drives
4049 * are busy. It cannot help with timing problems. */
4050 if (val & ATA_STAT_BUSY)
4051 {
4052#ifdef IN_RING3
4053 cBusy = 0;
4054 PDMCritSectLeave(&pCtl->lock);
4055
4056#ifndef RT_OS_WINDOWS
4057 /*
4058 * The thread might be stuck in an I/O operation
4059 * due to a high I/O load on the host. (see @bugref{3301})
4060 * To perform the reset successfully
4061 * we interrupt the operation by sending a signal to the thread
4062 * if the thread didn't responded in 10ms.
4063 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4064 * does the same but it was introduced with Vista) but so far
4065 * this hang was only observed on Linux and Mac OS X.
4066 *
4067 * This is a workaround and needs to be solved properly.
4068 */
4069 if (pCtl->fReset)
4070 {
4071 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4072
4073 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4074 {
4075 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4076 pCtl->u64ResetTime = u64ResetTimeStop;
4077 RTThreadPoke(pCtl->AsyncIOThread);
4078 }
4079 }
4080#endif
4081
4082 RTThreadYield();
4083
4084 {
4085 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4086 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4087 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4088 }
4089
4090 val = s->uATARegStatus;
4091#else /* !IN_RING3 */
4092 /* Cannot yield CPU in guest context. And switching to host
4093 * context for each and every busy status is too costly,
4094 * especially on SMP systems where we don't gain much by
4095 * yielding the CPU to someone else. */
4096 if (++cBusy >= 20)
4097 {
4098 cBusy = 0;
4099 return VINF_IOM_HC_IOPORT_READ;
4100 }
4101#endif /* !IN_RING3 */
4102 }
4103 else
4104 cBusy = 0;
4105 ataUnsetIRQ(s);
4106 break;
4107 }
4108 }
4109 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4110 *pu32 = val;
4111 return VINF_SUCCESS;
4112}
4113
4114
4115static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4116{
4117 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4118 uint32_t val;
4119
4120 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4121 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4122 val = 0;
4123 else
4124 val = s->uATARegStatus;
4125 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4126 return val;
4127}
4128
4129static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4130{
4131#ifndef IN_RING3
4132 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4133 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4134#endif /* !IN_RING3 */
4135
4136 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4137 /* RESET is common for both drives attached to a controller. */
4138 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4139 (val & ATA_DEVCTL_RESET))
4140 {
4141#ifdef IN_RING3
4142 /* Software RESET low to high */
4143 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4144 uint64_t uNow = RTTimeNanoTS();
4145 if (pCtl->aIfs[0].u64CmdTS)
4146 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4147 if (pCtl->aIfs[1].u64CmdTS)
4148 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4149 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4150 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4151 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4152 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4153 pCtl->fReset = true;
4154 /* Everything must be done after the reset flag is set, otherwise
4155 * there are unavoidable races with the currently executing request
4156 * (which might just finish in the mean time). */
4157 pCtl->fChainedTransfer = false;
4158 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4159 {
4160 ataResetDevice(&pCtl->aIfs[i]);
4161 /* The following cannot be done using ataSetStatusValue() since the
4162 * reset flag is already set, which suppresses all status changes. */
4163 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4164 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4165 pCtl->aIfs[i].uATARegError = 0x01;
4166 }
4167 ataAsyncIOClearRequests(pCtl);
4168 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4169 if (val & ATA_DEVCTL_HOB)
4170 {
4171 val &= ~ATA_DEVCTL_HOB;
4172 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4173 }
4174
4175 /* Save the timestamp we started the reset. */
4176 pCtl->u64ResetTime = RTTimeMilliTS();
4177
4178 /* Issue the reset request now. */
4179 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4180#else /* !IN_RING3 */
4181 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4182#endif /* IN_RING3 */
4183 }
4184 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4185 !(val & ATA_DEVCTL_RESET))
4186 {
4187#ifdef IN_RING3
4188 /* Software RESET high to low */
4189 Log(("%s: deasserting RESET\n", __FUNCTION__));
4190 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4191 if (val & ATA_DEVCTL_HOB)
4192 {
4193 val &= ~ATA_DEVCTL_HOB;
4194 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4195 }
4196 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4197#else /* !IN_RING3 */
4198 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4199#endif /* IN_RING3 */
4200 }
4201
4202 /* Change of interrupt disable flag. Update interrupt line if interrupt
4203 * is pending on the current interface. */
4204 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4205 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4206 {
4207 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4208 {
4209 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4210 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4211 * interrupt line is asserted. It monitors the line for a rising
4212 * edge. */
4213 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4214 if (pCtl->irq == 16)
4215 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4216 else
4217 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4218 }
4219 else
4220 {
4221 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4222 if (pCtl->irq == 16)
4223 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4224 else
4225 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4226 }
4227 }
4228
4229 if (val & ATA_DEVCTL_HOB)
4230 Log2(("%s: set HOB\n", __FUNCTION__));
4231
4232 pCtl->aIfs[0].uATARegDevCtl = val;
4233 pCtl->aIfs[1].uATARegDevCtl = val;
4234
4235 return VINF_SUCCESS;
4236}
4237
4238#ifdef IN_RING3
4239
4240static void ataPIOTransfer(PATACONTROLLER pCtl)
4241{
4242 ATADevState *s;
4243
4244 s = &pCtl->aIfs[pCtl->iAIOIf];
4245 Log3(("%s: if=%p\n", __FUNCTION__, s));
4246
4247 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4248 {
4249 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4250 /* Any guest OS that triggers this case has a pathetic ATA driver.
4251 * In a real system it would block the CPU via IORDY, here we do it
4252 * very similarly by not continuing with the current instruction
4253 * until the transfer to/from the storage medium is completed. */
4254 if (s->iSourceSink != ATAFN_SS_NULL)
4255 {
4256 bool fRedo;
4257 uint8_t status = s->uATARegStatus;
4258 ataSetStatusValue(s, ATA_STAT_BUSY);
4259 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4260 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4261 pCtl->fRedo = fRedo;
4262 if (RT_UNLIKELY(fRedo))
4263 return;
4264 ataSetStatusValue(s, status);
4265 s->iIOBufferCur = 0;
4266 s->iIOBufferEnd = s->cbElementaryTransfer;
4267 }
4268 }
4269 if (s->cbTotalTransfer)
4270 {
4271 if (s->fATAPITransfer)
4272 ataPIOTransferLimitATAPI(s);
4273
4274 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4275 s->cbElementaryTransfer = s->cbTotalTransfer;
4276
4277 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4278 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4279 s->cbTotalTransfer, s->cbElementaryTransfer,
4280 s->iIOBufferCur, s->iIOBufferEnd));
4281 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4282 s->cbTotalTransfer -= s->cbElementaryTransfer;
4283 s->iIOBufferCur += s->cbElementaryTransfer;
4284
4285 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4286 s->cbElementaryTransfer = s->cbTotalTransfer;
4287 }
4288 else
4289 ataPIOTransferStop(s);
4290}
4291
4292
4293DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4294{
4295 /* Do not interfere with RESET processing if the PIO transfer finishes
4296 * while the RESET line is asserted. */
4297 if (pCtl->fReset)
4298 {
4299 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4300 return;
4301 }
4302
4303 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4304 || ( s->iSourceSink != ATAFN_SS_NULL
4305 && s->iIOBufferCur >= s->iIOBufferEnd))
4306 {
4307 /* Need to continue the transfer in the async I/O thread. This is
4308 * the case for write operations or generally for not yet finished
4309 * transfers (some data might need to be read). */
4310 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4311 ataSetStatus(s, ATA_STAT_BUSY);
4312
4313 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4314 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4315 }
4316 else
4317 {
4318 /* Either everything finished (though some data might still be pending)
4319 * or some data is pending before the next read is due. */
4320
4321 /* Continue a previously started transfer. */
4322 ataUnsetStatus(s, ATA_STAT_DRQ);
4323 ataSetStatus(s, ATA_STAT_READY);
4324
4325 if (s->cbTotalTransfer)
4326 {
4327 /* There is more to transfer, happens usually for large ATAPI
4328 * reads - the protocol limits the chunk size to 65534 bytes. */
4329 ataPIOTransfer(pCtl);
4330 ataSetIRQ(s);
4331 }
4332 else
4333 {
4334 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4335 /* Finish PIO transfer. */
4336 ataPIOTransfer(pCtl);
4337 Assert(!pCtl->fRedo);
4338 }
4339 }
4340}
4341
4342#endif /* IN_RING3 */
4343
4344static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4345{
4346 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4347 uint8_t *p;
4348
4349 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4350 {
4351 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4352 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4353#ifndef IN_RING3
4354 /* All but the last transfer unit is simple enough for GC, but
4355 * sending a request to the async IO thread is too complicated. */
4356 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4357 {
4358 memcpy(p, pbBuf, cbSize);
4359 s->iIOBufferPIODataStart += cbSize;
4360 }
4361 else
4362 return VINF_IOM_HC_IOPORT_WRITE;
4363#else /* IN_RING3 */
4364 memcpy(p, pbBuf, cbSize);
4365 s->iIOBufferPIODataStart += cbSize;
4366 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4367 ataPIOTransferFinish(pCtl, s);
4368#endif /* !IN_RING3 */
4369 }
4370 else
4371 Log2(("%s: DUMMY data\n", __FUNCTION__));
4372 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4373 return VINF_SUCCESS;
4374}
4375
4376static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4377{
4378 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4379 uint8_t *p;
4380
4381 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4382 {
4383 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4384 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4385#ifndef IN_RING3
4386 /* All but the last transfer unit is simple enough for GC, but
4387 * sending a request to the async IO thread is too complicated. */
4388 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4389 {
4390 memcpy(pbBuf, p, cbSize);
4391 s->iIOBufferPIODataStart += cbSize;
4392 }
4393 else
4394 return VINF_IOM_HC_IOPORT_READ;
4395#else /* IN_RING3 */
4396 memcpy(pbBuf, p, cbSize);
4397 s->iIOBufferPIODataStart += cbSize;
4398 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4399 ataPIOTransferFinish(pCtl, s);
4400#endif /* !IN_RING3 */
4401 }
4402 else
4403 {
4404 Log2(("%s: DUMMY data\n", __FUNCTION__));
4405 memset(pbBuf, '\xff', cbSize);
4406 }
4407 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4408 return VINF_SUCCESS;
4409}
4410
4411#ifdef IN_RING3
4412
4413static void ataDMATransferStop(ATADevState *s)
4414{
4415 s->cbTotalTransfer = 0;
4416 s->cbElementaryTransfer = 0;
4417 s->iBeginTransfer = ATAFN_BT_NULL;
4418 s->iSourceSink = ATAFN_SS_NULL;
4419}
4420
4421
4422/**
4423 * Perform the entire DMA transfer in one go (unless a source/sink operation
4424 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4425 * this function cannot handle empty transfers.
4426 *
4427 * @param pCtl Controller for which to perform the transfer.
4428 */
4429static void ataDMATransfer(PATACONTROLLER pCtl)
4430{
4431 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4432 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4433 bool fRedo;
4434 RTGCPHYS32 pDesc;
4435 uint32_t cbTotalTransfer, cbElementaryTransfer;
4436 uint32_t iIOBufferCur, iIOBufferEnd;
4437 uint32_t dmalen;
4438 PDMBLOCKTXDIR uTxDir;
4439 bool fLastDesc = false;
4440
4441 Assert(sizeof(BMDMADesc) == 8);
4442
4443 fRedo = pCtl->fRedo;
4444 if (RT_LIKELY(!fRedo))
4445 Assert(s->cbTotalTransfer);
4446 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4447 cbTotalTransfer = s->cbTotalTransfer;
4448 cbElementaryTransfer = s->cbElementaryTransfer;
4449 iIOBufferCur = s->iIOBufferCur;
4450 iIOBufferEnd = s->iIOBufferEnd;
4451
4452 /* The DMA loop is designed to hold the lock only when absolutely
4453 * necessary. This avoids long freezes should the guest access the
4454 * ATA registers etc. for some reason. */
4455 PDMCritSectLeave(&pCtl->lock);
4456
4457 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4458 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4459 cbTotalTransfer, cbElementaryTransfer,
4460 iIOBufferCur, iIOBufferEnd));
4461 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4462 {
4463 BMDMADesc DMADesc;
4464 RTGCPHYS32 pBuffer;
4465 uint32_t cbBuffer;
4466
4467 if (RT_UNLIKELY(fRedo))
4468 {
4469 pBuffer = pCtl->pRedoDMABuffer;
4470 cbBuffer = pCtl->cbRedoDMABuffer;
4471 fLastDesc = pCtl->fRedoDMALastDesc;
4472 }
4473 else
4474 {
4475 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4476 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4477 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4478 fLastDesc = !!(cbBuffer & 0x80000000);
4479 cbBuffer &= 0xfffe;
4480 if (cbBuffer == 0)
4481 cbBuffer = 0x10000;
4482 if (cbBuffer > cbTotalTransfer)
4483 cbBuffer = cbTotalTransfer;
4484 }
4485
4486 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4487 {
4488 if (RT_LIKELY(!fRedo))
4489 {
4490 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4491 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4492 (int)pDesc, pBuffer, cbBuffer));
4493 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4494 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4495 else
4496 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4497 iIOBufferCur += dmalen;
4498 cbTotalTransfer -= dmalen;
4499 cbBuffer -= dmalen;
4500 pBuffer += dmalen;
4501 }
4502 if ( iIOBufferCur == iIOBufferEnd
4503 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4504 {
4505 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4506 cbElementaryTransfer = cbTotalTransfer;
4507
4508 {
4509 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4510 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4511 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4512 }
4513
4514 /* The RESET handler could have cleared the DMA transfer
4515 * state (since we didn't hold the lock until just now
4516 * the guest can continue in parallel). If so, the state
4517 * is already set up so the loop is exited immediately. */
4518 if (s->iSourceSink != ATAFN_SS_NULL)
4519 {
4520 s->iIOBufferCur = iIOBufferCur;
4521 s->iIOBufferEnd = iIOBufferEnd;
4522 s->cbElementaryTransfer = cbElementaryTransfer;
4523 s->cbTotalTransfer = cbTotalTransfer;
4524 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4525 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4526 if (RT_UNLIKELY(fRedo))
4527 {
4528 pCtl->pFirstDMADesc = pDesc;
4529 pCtl->pRedoDMABuffer = pBuffer;
4530 pCtl->cbRedoDMABuffer = cbBuffer;
4531 pCtl->fRedoDMALastDesc = fLastDesc;
4532 }
4533 else
4534 {
4535 cbTotalTransfer = s->cbTotalTransfer;
4536 cbElementaryTransfer = s->cbElementaryTransfer;
4537
4538 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4539 cbElementaryTransfer = cbTotalTransfer;
4540 iIOBufferCur = 0;
4541 iIOBufferEnd = cbElementaryTransfer;
4542 }
4543 pCtl->fRedo = fRedo;
4544 }
4545 else
4546 {
4547 /* This forces the loop to exit immediately. */
4548 pDesc = pCtl->pLastDMADesc + 1;
4549 }
4550
4551 PDMCritSectLeave(&pCtl->lock);
4552 if (RT_UNLIKELY(fRedo))
4553 break;
4554 }
4555 }
4556
4557 if (RT_UNLIKELY(fRedo))
4558 break;
4559
4560 /* end of transfer */
4561 if (!cbTotalTransfer || fLastDesc)
4562 break;
4563
4564 {
4565 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4566 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4567 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4568 }
4569
4570 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4571 {
4572 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4573 if (!pCtl->fReset)
4574 ataDMATransferStop(s);
4575 /* This forces the loop to exit immediately. */
4576 pDesc = pCtl->pLastDMADesc + 1;
4577 }
4578
4579 PDMCritSectLeave(&pCtl->lock);
4580 }
4581
4582 {
4583 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4584 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4585 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4586 }
4587
4588 if (RT_UNLIKELY(fRedo))
4589 return;
4590
4591 if (fLastDesc)
4592 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4593 s->cbTotalTransfer = cbTotalTransfer;
4594 s->cbElementaryTransfer = cbElementaryTransfer;
4595 s->iIOBufferCur = iIOBufferCur;
4596 s->iIOBufferEnd = iIOBufferEnd;
4597}
4598
4599/**
4600 * Signal PDM that we're idle (if we actually are).
4601 *
4602 * @param pCtl The controller.
4603 */
4604static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4605{
4606 /*
4607 * Take the mutex here and recheck the idle indicator to avoid
4608 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4609 */
4610 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4611
4612 if ( pCtl->fSignalIdle
4613 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4614 {
4615 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4616 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4617 }
4618
4619 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4620}
4621
4622/** Asynch I/O thread for an interface. Once upon a time this was readable
4623 * code with several loops and a different semaphore for each purpose. But
4624 * then came the "how can one save the state in the middle of a PIO transfer"
4625 * question. The solution was to use an ASM, which is what's there now. */
4626static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4627{
4628 const ATARequest *pReq;
4629 uint64_t u64TS = 0; /* shut up gcc */
4630 uint64_t uWait;
4631 int rc = VINF_SUCCESS;
4632 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4633 ATADevState *s;
4634
4635 pReq = NULL;
4636 pCtl->fChainedTransfer = false;
4637 while (!pCtl->fShutdown)
4638 {
4639 /* Keep this thread from doing anything as long as EMT is suspended. */
4640 while (pCtl->fRedoIdle)
4641 {
4642 if (pCtl->fSignalIdle)
4643 ataR3AsyncSignalIdle(pCtl);
4644 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4645 /* Continue if we got a signal by RTThreadPoke().
4646 * We will get notified if there is a request to process.
4647 */
4648 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4649 continue;
4650 if (RT_FAILURE(rc) || pCtl->fShutdown)
4651 break;
4652
4653 pCtl->fRedoIdle = false;
4654 }
4655
4656 /* Wait for work. */
4657 while (pReq == NULL)
4658 {
4659 if (pCtl->fSignalIdle)
4660 ataR3AsyncSignalIdle(pCtl);
4661 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4662 /* Continue if we got a signal by RTThreadPoke().
4663 * We will get notified if there is a request to process.
4664 */
4665 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4666 continue;
4667 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4668 break;
4669
4670 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4671 }
4672
4673 if (RT_FAILURE(rc) || pCtl->fShutdown)
4674 break;
4675
4676 if (pReq == NULL)
4677 continue;
4678
4679 ATAAIO ReqType = pReq->ReqType;
4680
4681 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4682 if (pCtl->uAsyncIOState != ReqType)
4683 {
4684 /* The new state is not the state that was expected by the normal
4685 * state changes. This is either a RESET/ABORT or there's something
4686 * really strange going on. */
4687 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4688 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4689 {
4690 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4691 ataAsyncIODumpRequests(pCtl);
4692 }
4693 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4694 }
4695
4696 /* Do our work. */
4697 {
4698 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4699 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4700 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4701 }
4702
4703 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4704 {
4705 u64TS = RTTimeNanoTS();
4706#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4707 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4708#endif /* DEBUG || VBOX_WITH_STATISTICS */
4709 }
4710
4711 switch (ReqType)
4712 {
4713 case ATA_AIO_NEW:
4714
4715 pCtl->iAIOIf = pReq->u.t.iIf;
4716 s = &pCtl->aIfs[pCtl->iAIOIf];
4717 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4718 s->uTxDir = pReq->u.t.uTxDir;
4719 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4720 s->iSourceSink = pReq->u.t.iSourceSink;
4721 s->iIOBufferEnd = 0;
4722 s->u64CmdTS = u64TS;
4723
4724 if (s->fATAPI)
4725 {
4726 if (pCtl->fChainedTransfer)
4727 {
4728 /* Only count the actual transfers, not the PIO
4729 * transfer of the ATAPI command bytes. */
4730 if (s->fDMA)
4731 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4732 else
4733 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4734 }
4735 }
4736 else
4737 {
4738 if (s->fDMA)
4739 STAM_REL_COUNTER_INC(&s->StatATADMA);
4740 else
4741 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4742 }
4743
4744 pCtl->fChainedTransfer = false;
4745
4746 if (s->iBeginTransfer != ATAFN_BT_NULL)
4747 {
4748 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4749 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4750 s->iBeginTransfer = ATAFN_BT_NULL;
4751 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4752 s->iIOBufferEnd = s->cbElementaryTransfer;
4753 }
4754 else
4755 {
4756 s->cbElementaryTransfer = s->cbTotalTransfer;
4757 s->iIOBufferEnd = s->cbTotalTransfer;
4758 }
4759 s->iIOBufferCur = 0;
4760
4761 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4762 {
4763 if (s->iSourceSink != ATAFN_SS_NULL)
4764 {
4765 bool fRedo;
4766 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4767 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4768 pCtl->fRedo = fRedo;
4769 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4770 {
4771 /* Operation failed at the initial transfer, restart
4772 * everything from scratch by resending the current
4773 * request. Occurs very rarely, not worth optimizing. */
4774 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4775 ataAsyncIOPutRequest(pCtl, pReq);
4776 break;
4777 }
4778 }
4779 else
4780 ataCmdOK(s, 0);
4781 s->iIOBufferEnd = s->cbElementaryTransfer;
4782
4783 }
4784
4785 /* Do not go into the transfer phase if RESET is asserted.
4786 * The CritSect is released while waiting for the host OS
4787 * to finish the I/O, thus RESET is possible here. Most
4788 * important: do not change uAsyncIOState. */
4789 if (pCtl->fReset)
4790 break;
4791
4792 if (s->fDMA)
4793 {
4794 if (s->cbTotalTransfer)
4795 {
4796 ataSetStatus(s, ATA_STAT_DRQ);
4797
4798 pCtl->uAsyncIOState = ATA_AIO_DMA;
4799 /* If BMDMA is already started, do the transfer now. */
4800 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4801 {
4802 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4803 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4804 }
4805 }
4806 else
4807 {
4808 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4809 /* Finish DMA transfer. */
4810 ataDMATransferStop(s);
4811 ataSetIRQ(s);
4812 pCtl->uAsyncIOState = ATA_AIO_NEW;
4813 }
4814 }
4815 else
4816 {
4817 if (s->cbTotalTransfer)
4818 {
4819 ataPIOTransfer(pCtl);
4820 Assert(!pCtl->fRedo);
4821 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4822 ataSetIRQ(s);
4823
4824 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4825 {
4826 /* Write operations and not yet finished transfers
4827 * must be completed in the async I/O thread. */
4828 pCtl->uAsyncIOState = ATA_AIO_PIO;
4829 }
4830 else
4831 {
4832 /* Finished read operation can be handled inline
4833 * in the end of PIO transfer handling code. Linux
4834 * depends on this, as it waits only briefly for
4835 * devices to become ready after incoming data
4836 * transfer. Cannot find anything in the ATA spec
4837 * that backs this assumption, but as all kernels
4838 * are affected (though most of the time it does
4839 * not cause any harm) this must work. */
4840 pCtl->uAsyncIOState = ATA_AIO_NEW;
4841 }
4842 }
4843 else
4844 {
4845 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4846 /* Finish PIO transfer. */
4847 ataPIOTransfer(pCtl);
4848 Assert(!pCtl->fRedo);
4849 if (!s->fATAPITransfer)
4850 ataSetIRQ(s);
4851 pCtl->uAsyncIOState = ATA_AIO_NEW;
4852 }
4853 }
4854 break;
4855
4856 case ATA_AIO_DMA:
4857 {
4858 BMDMAState *bm = &pCtl->BmDma;
4859 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4860 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4861
4862 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4863 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4864 else
4865 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4866
4867 if (RT_LIKELY(!pCtl->fRedo))
4868 {
4869 /* The specs say that the descriptor table must not cross a
4870 * 4K boundary. */
4871 pCtl->pFirstDMADesc = bm->pvAddr;
4872 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4873 }
4874 ataDMATransfer(pCtl);
4875
4876 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
4877 {
4878 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4879 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4880 break;
4881 }
4882
4883 /* The infamous delay IRQ hack. */
4884 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4885 && s->cbTotalTransfer == 0
4886 && pCtl->DelayIRQMillies)
4887 {
4888 /* Delay IRQ for writing. Required to get the Win2K
4889 * installation work reliably (otherwise it crashes,
4890 * usually during component install). So far no better
4891 * solution has been found. */
4892 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4893 PDMCritSectLeave(&pCtl->lock);
4894 RTThreadSleep(pCtl->DelayIRQMillies);
4895 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4896 }
4897
4898 ataUnsetStatus(s, ATA_STAT_DRQ);
4899 Assert(!pCtl->fChainedTransfer);
4900 Assert(s->iSourceSink == ATAFN_SS_NULL);
4901 if (s->fATAPITransfer)
4902 {
4903 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4904 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4905 s->fATAPITransfer = false;
4906 }
4907 ataSetIRQ(s);
4908 pCtl->uAsyncIOState = ATA_AIO_NEW;
4909 break;
4910 }
4911
4912 case ATA_AIO_PIO:
4913 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4914
4915 if (s->iSourceSink != ATAFN_SS_NULL)
4916 {
4917 bool fRedo;
4918 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4919 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4920 pCtl->fRedo = fRedo;
4921 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4922 {
4923 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4924 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4925 ataSuspendRedo(pCtl);
4926 break;
4927 }
4928 s->iIOBufferCur = 0;
4929 s->iIOBufferEnd = s->cbElementaryTransfer;
4930 }
4931 else
4932 {
4933 /* Continue a previously started transfer. */
4934 ataUnsetStatus(s, ATA_STAT_BUSY);
4935 ataSetStatus(s, ATA_STAT_READY);
4936 }
4937
4938 /* It is possible that the drives on this controller get RESET
4939 * during the above call to the source/sink function. If that's
4940 * the case, don't restart the transfer and don't finish it the
4941 * usual way. RESET handling took care of all that already.
4942 * Most important: do not change uAsyncIOState. */
4943 if (pCtl->fReset)
4944 break;
4945
4946 if (s->cbTotalTransfer)
4947 {
4948 ataPIOTransfer(pCtl);
4949 ataSetIRQ(s);
4950
4951 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4952 {
4953 /* Write operations and not yet finished transfers
4954 * must be completed in the async I/O thread. */
4955 pCtl->uAsyncIOState = ATA_AIO_PIO;
4956 }
4957 else
4958 {
4959 /* Finished read operation can be handled inline
4960 * in the end of PIO transfer handling code. Linux
4961 * depends on this, as it waits only briefly for
4962 * devices to become ready after incoming data
4963 * transfer. Cannot find anything in the ATA spec
4964 * that backs this assumption, but as all kernels
4965 * are affected (though most of the time it does
4966 * not cause any harm) this must work. */
4967 pCtl->uAsyncIOState = ATA_AIO_NEW;
4968 }
4969 }
4970 else
4971 {
4972 /* Finish PIO transfer. */
4973 ataPIOTransfer(pCtl);
4974 if ( !pCtl->fChainedTransfer
4975 && !s->fATAPITransfer
4976 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4977 {
4978 ataSetIRQ(s);
4979 }
4980 pCtl->uAsyncIOState = ATA_AIO_NEW;
4981 }
4982 break;
4983
4984 case ATA_AIO_RESET_ASSERTED:
4985 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4986 ataPIOTransferStop(&pCtl->aIfs[0]);
4987 ataPIOTransferStop(&pCtl->aIfs[1]);
4988 /* Do not change the DMA registers, they are not affected by the
4989 * ATA controller reset logic. It should be sufficient to issue a
4990 * new command, which is now possible as the state is cleared. */
4991 break;
4992
4993 case ATA_AIO_RESET_CLEARED:
4994 pCtl->uAsyncIOState = ATA_AIO_NEW;
4995 pCtl->fReset = false;
4996 /* Ensure that half-completed transfers are not redone. A reset
4997 * cancels the entire transfer, so continuing is wrong. */
4998 pCtl->fRedo = false;
4999 pCtl->fRedoDMALastDesc = false;
5000 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5001 ATACONTROLLER_IDX(pCtl)));
5002 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5003 {
5004 if (pCtl->aIfs[i].fATAPI)
5005 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5006 else
5007 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5008 ataSetSignature(&pCtl->aIfs[i]);
5009 }
5010 break;
5011
5012 case ATA_AIO_ABORT:
5013 /* Abort the current command only if it operates on the same interface. */
5014 if (pCtl->iAIOIf == pReq->u.a.iIf)
5015 {
5016 s = &pCtl->aIfs[pCtl->iAIOIf];
5017
5018 pCtl->uAsyncIOState = ATA_AIO_NEW;
5019 /* Do not change the DMA registers, they are not affected by the
5020 * ATA controller reset logic. It should be sufficient to issue a
5021 * new command, which is now possible as the state is cleared. */
5022 if (pReq->u.a.fResetDrive)
5023 {
5024 ataResetDevice(s);
5025 ataExecuteDeviceDiagnosticSS(s);
5026 }
5027 else
5028 {
5029 /* Stop any pending DMA transfer. */
5030 s->fDMA = false;
5031 ataPIOTransferStop(s);
5032 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5033 ataSetStatus(s, ATA_STAT_READY);
5034 ataSetIRQ(s);
5035 }
5036 }
5037 break;
5038
5039 default:
5040 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5041 }
5042
5043 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5044 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5045
5046 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5047 {
5048#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5049 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5050#endif /* DEBUG || VBOX_WITH_STATISTICS */
5051
5052 u64TS = RTTimeNanoTS() - u64TS;
5053 uWait = u64TS / 1000;
5054 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5055 /* Mark command as finished. */
5056 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5057
5058 /*
5059 * Release logging of command execution times depends on the
5060 * command type. ATAPI commands often take longer (due to CD/DVD
5061 * spin up time etc.) so the threshold is different.
5062 */
5063 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5064 {
5065 if (uWait > 8 * 1000 * 1000)
5066 {
5067 /*
5068 * Command took longer than 8 seconds. This is close
5069 * enough or over the guest's command timeout, so place
5070 * an entry in the release log to allow tracking such
5071 * timing errors (which are often caused by the host).
5072 */
5073 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5074 }
5075 }
5076 else
5077 {
5078 if (uWait > 20 * 1000 * 1000)
5079 {
5080 /*
5081 * Command took longer than 20 seconds. This is close
5082 * enough or over the guest's command timeout, so place
5083 * an entry in the release log to allow tracking such
5084 * timing errors (which are often caused by the host).
5085 */
5086 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5087 }
5088 }
5089
5090#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5091 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5092 pCtl->StatAsyncMinWait = uWait;
5093 if (uWait > pCtl->StatAsyncMaxWait)
5094 pCtl->StatAsyncMaxWait = uWait;
5095
5096 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5097 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5098#endif /* DEBUG || VBOX_WITH_STATISTICS */
5099 }
5100
5101 PDMCritSectLeave(&pCtl->lock);
5102 }
5103
5104 /* Signal the ultimate idleness. */
5105 RTThreadUserSignal(pCtl->AsyncIOThread);
5106 if (pCtl->fSignalIdle)
5107 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5108
5109 /* Cleanup the state. */
5110 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5111 pCtl->fShutdown = false;
5112
5113 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5114 return rc;
5115}
5116
5117#endif /* IN_RING3 */
5118
5119static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5120{
5121 uint32_t val = pCtl->BmDma.u8Cmd;
5122 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5123 return val;
5124}
5125
5126
5127static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5128{
5129 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5130 if (!(val & BM_CMD_START))
5131 {
5132 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5133 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5134 }
5135 else
5136 {
5137#ifdef IN_RING3
5138 /* Check whether the guest OS wants to change DMA direction in
5139 * mid-flight. Not allowed, according to the PIIX3 specs. */
5140 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5141 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5142 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5143 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5144
5145 /* Do not continue DMA transfers while the RESET line is asserted. */
5146 if (pCtl->fReset)
5147 {
5148 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5149 return;
5150 }
5151
5152 /* Do not start DMA transfers if there's a PIO transfer going on,
5153 * or if there is already a transfer started on this controller. */
5154 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5155 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5156 return;
5157
5158 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5159 {
5160 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5161 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5162 }
5163#else /* !IN_RING3 */
5164 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5165#endif /* IN_RING3 */
5166 }
5167}
5168
5169static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5170{
5171 uint32_t val = pCtl->BmDma.u8Status;
5172 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5173 return val;
5174}
5175
5176static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5177{
5178 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5179 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5180 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5181 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5182}
5183
5184static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5185{
5186 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5187 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5188 return val;
5189}
5190
5191static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5192{
5193 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5194 pCtl->BmDma.pvAddr = val & ~3;
5195}
5196
5197static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5198{
5199 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5200 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5201
5202}
5203
5204static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5205{
5206 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5207 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5208}
5209
5210#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5211
5212/**
5213 * Port I/O Handler for bus master DMA IN operations.
5214 * @see FNIOMIOPORTIN for details.
5215 */
5216PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5217{
5218 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5219 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5220 PATACONTROLLER pCtl = &pThis->aCts[i];
5221 int rc;
5222
5223 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5224 if (rc != VINF_SUCCESS)
5225 return rc;
5226 switch (VAL(Port, cb))
5227 {
5228 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5229 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5230 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5231 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5232 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5233 case VAL(0, 4):
5234 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5235 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5236 break;
5237 default:
5238 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5239 PDMCritSectLeave(&pCtl->lock);
5240 return VERR_IOM_IOPORT_UNUSED;
5241 }
5242 PDMCritSectLeave(&pCtl->lock);
5243 return rc;
5244}
5245
5246/**
5247 * Port I/O Handler for bus master DMA OUT operations.
5248 * @see FNIOMIOPORTOUT for details.
5249 */
5250PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5251{
5252 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5253 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5254 PATACONTROLLER pCtl = &pThis->aCts[i];
5255 int rc;
5256
5257 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5258 if (rc != VINF_SUCCESS)
5259 return rc;
5260 switch (VAL(Port, cb))
5261 {
5262 case VAL(0, 1):
5263#ifndef IN_RING3
5264 if (u32 & BM_CMD_START)
5265 {
5266 rc = VINF_IOM_HC_IOPORT_WRITE;
5267 break;
5268 }
5269#endif /* !IN_RING3 */
5270 ataBMDMACmdWriteB(pCtl, Port, u32);
5271 break;
5272 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5273 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5274 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5275 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5276 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5277 }
5278 PDMCritSectLeave(&pCtl->lock);
5279 return rc;
5280}
5281
5282#undef VAL
5283
5284#ifdef IN_RING3
5285
5286/**
5287 * Callback function for mapping an PCI I/O region.
5288 *
5289 * @return VBox status code.
5290 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5291 * @param iRegion The region number.
5292 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5293 * I/O port, else it's a physical address.
5294 * This address is *NOT* relative to pci_mem_base like earlier!
5295 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5296 */
5297static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5298{
5299 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5300 int rc = VINF_SUCCESS;
5301 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5302 Assert(iRegion == 4);
5303 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5304
5305 /* Register the port range. */
5306 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5307 {
5308 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5309 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5310 AssertRC(rc2);
5311 if (rc2 < rc)
5312 rc = rc2;
5313
5314 if (pThis->fGCEnabled)
5315 {
5316 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5317 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5318 AssertRC(rc2);
5319 if (rc2 < rc)
5320 rc = rc2;
5321 }
5322 if (pThis->fR0Enabled)
5323 {
5324 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5325 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5326 AssertRC(rc2);
5327 if (rc2 < rc)
5328 rc = rc2;
5329 }
5330 }
5331 return rc;
5332}
5333
5334
5335/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5336
5337/**
5338 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5339 */
5340static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5341{
5342 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5343 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5344 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5345 return NULL;
5346}
5347
5348
5349/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5350
5351/**
5352 * Gets the pointer to the status LED of a unit.
5353 *
5354 * @returns VBox status code.
5355 * @param pInterface Pointer to the interface structure containing the called function pointer.
5356 * @param iLUN The unit which status LED we desire.
5357 * @param ppLed Where to store the LED pointer.
5358 */
5359static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5360{
5361 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5362 if (iLUN < 4)
5363 {
5364 switch (iLUN)
5365 {
5366 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5367 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5368 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5369 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5370 }
5371 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5372 return VINF_SUCCESS;
5373 }
5374 return VERR_PDM_LUN_NOT_FOUND;
5375}
5376
5377
5378/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5379
5380/**
5381 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5382 */
5383static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5384{
5385 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5386 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5387 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5388 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5389 return NULL;
5390}
5391
5392#endif /* IN_RING3 */
5393
5394
5395/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5396
5397/**
5398 * Port I/O Handler for primary port range OUT operations.
5399 * @see FNIOMIOPORTOUT for details.
5400 */
5401PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5402{
5403 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5404 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5405 PATACONTROLLER pCtl = &pThis->aCts[i];
5406 int rc = VINF_SUCCESS;
5407
5408 Assert(i < 2);
5409
5410 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5411 if (rc != VINF_SUCCESS)
5412 return rc;
5413 if (cb == 1)
5414 rc = ataIOPortWriteU8(pCtl, Port, u32);
5415 else if (Port == pCtl->IOPortBase1)
5416 {
5417 Assert(cb == 2 || cb == 4);
5418 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5419 }
5420 else
5421 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5422 PDMCritSectLeave(&pCtl->lock);
5423 return rc;
5424}
5425
5426
5427/**
5428 * Port I/O Handler for primary port range IN operations.
5429 * @see FNIOMIOPORTIN for details.
5430 */
5431PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5432{
5433 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5434 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5435 PATACONTROLLER pCtl = &pThis->aCts[i];
5436 int rc = VINF_SUCCESS;
5437
5438 Assert(i < 2);
5439
5440 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5441 if (rc != VINF_SUCCESS)
5442 return rc;
5443 if (cb == 1)
5444 {
5445 rc = ataIOPortReadU8(pCtl, Port, pu32);
5446 }
5447 else if (Port == pCtl->IOPortBase1)
5448 {
5449 Assert(cb == 2 || cb == 4);
5450 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5451 if (cb == 2)
5452 *pu32 &= 0xffff;
5453 }
5454 else
5455 {
5456 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5457 rc = VERR_IOM_IOPORT_UNUSED;
5458 }
5459 PDMCritSectLeave(&pCtl->lock);
5460 return rc;
5461}
5462
5463#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5464/**
5465 * Port I/O Handler for primary port range IN string operations.
5466 * @see FNIOMIOPORTINSTRING for details.
5467 */
5468PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5469{
5470 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5471 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5472 PATACONTROLLER pCtl = &pThis->aCts[i];
5473 int rc = VINF_SUCCESS;
5474
5475 Assert(i < 2);
5476
5477 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5478 if (rc != VINF_SUCCESS)
5479 return rc;
5480 if (Port == pCtl->IOPortBase1)
5481 {
5482 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5483 RTGCPTR GCDst = *pGCPtrDst;
5484 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5485 Assert(cb == 2 || cb == 4);
5486
5487 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5488#ifndef IN_RING3
5489 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5490 if (!cTransAvailable)
5491 {
5492 PDMCritSectLeave(&pCtl->lock);
5493 return VINF_IOM_HC_IOPORT_READ;
5494 }
5495 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5496 cTransAvailable--;
5497#endif /* !IN_RING3 */
5498 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5499 * They are not performance-critical and generally shouldn't occur at all. */
5500 if (cTransAvailable > cTransfer)
5501 cTransAvailable = cTransfer;
5502 cbTransfer = cTransAvailable * cb;
5503
5504 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5505 Assert(rc == VINF_SUCCESS);
5506
5507 if (cbTransfer)
5508 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5509 s->iIOBufferPIODataStart += cbTransfer;
5510 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5511 *pcTransfer = cTransfer - cTransAvailable;
5512#ifdef IN_RING3
5513 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5514 ataPIOTransferFinish(pCtl, s);
5515#endif /* IN_RING3 */
5516 }
5517 PDMCritSectLeave(&pCtl->lock);
5518 return rc;
5519}
5520
5521
5522/**
5523 * Port I/O Handler for primary port range OUT string operations.
5524 * @see FNIOMIOPORTOUTSTRING for details.
5525 */
5526PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5527{
5528 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5529 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5530 PATACONTROLLER pCtl = &pThis->aCts[i];
5531 int rc;
5532
5533 Assert(i < 2);
5534
5535 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5536 if (rc != VINF_SUCCESS)
5537 return rc;
5538 if (Port == pCtl->IOPortBase1)
5539 {
5540 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5541 RTGCPTR GCSrc = *pGCPtrSrc;
5542 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5543 Assert(cb == 2 || cb == 4);
5544
5545 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5546#ifndef IN_RING3
5547 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5548 if (!cTransAvailable)
5549 {
5550 PDMCritSectLeave(&pCtl->lock);
5551 return VINF_IOM_HC_IOPORT_WRITE;
5552 }
5553 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5554 cTransAvailable--;
5555#endif /* !IN_RING3 */
5556 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5557 * They are not performance-critical and generally shouldn't occur at all. */
5558 if (cTransAvailable > cTransfer)
5559 cTransAvailable = cTransfer;
5560 cbTransfer = cTransAvailable * cb;
5561
5562 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5563 Assert(rc == VINF_SUCCESS);
5564
5565 if (cbTransfer)
5566 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5567 s->iIOBufferPIODataStart += cbTransfer;
5568 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5569 *pcTransfer = cTransfer - cTransAvailable;
5570#ifdef IN_RING3
5571 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5572 ataPIOTransferFinish(pCtl, s);
5573#endif /* IN_RING3 */
5574 }
5575 PDMCritSectLeave(&pCtl->lock);
5576 return rc;
5577}
5578#endif /* !IN_RING0 */
5579
5580/**
5581 * Port I/O Handler for secondary port range OUT operations.
5582 * @see FNIOMIOPORTOUT for details.
5583 */
5584PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5585{
5586 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5587 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5588 PATACONTROLLER pCtl = &pThis->aCts[i];
5589 int rc;
5590
5591 Assert(i < 2);
5592
5593 if (cb != 1)
5594 return VINF_SUCCESS;
5595 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5596 if (rc != VINF_SUCCESS)
5597 return rc;
5598 rc = ataControlWrite(pCtl, Port, u32);
5599 PDMCritSectLeave(&pCtl->lock);
5600 return rc;
5601}
5602
5603
5604/**
5605 * Port I/O Handler for secondary port range IN operations.
5606 * @see FNIOMIOPORTIN for details.
5607 */
5608PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5609{
5610 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5611 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5612 PATACONTROLLER pCtl = &pThis->aCts[i];
5613 int rc;
5614
5615 Assert(i < 2);
5616
5617 if (cb != 1)
5618 return VERR_IOM_IOPORT_UNUSED;
5619
5620 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5621 if (rc != VINF_SUCCESS)
5622 return rc;
5623 *pu32 = ataStatusRead(pCtl, Port);
5624 PDMCritSectLeave(&pCtl->lock);
5625 return VINF_SUCCESS;
5626}
5627
5628#ifdef IN_RING3
5629
5630
5631DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5632{
5633 if (s->pbIOBufferR3)
5634 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5635}
5636
5637
5638/**
5639 * @copydoc FNPDMDEVRELOCATE
5640 */
5641static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5642{
5643 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5644
5645 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5646 {
5647 pThis->aCts[i].pDevInsRC += offDelta;
5648 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5649 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5650 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5651 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5652 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5653 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5654 }
5655}
5656
5657
5658/**
5659 * Destroy a driver instance.
5660 *
5661 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5662 * resources can be freed correctly.
5663 *
5664 * @param pDevIns The device instance data.
5665 */
5666static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5667{
5668 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5669 int rc;
5670
5671 Log(("ataR3Destruct\n"));
5672 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
5673
5674 /*
5675 * Tell the async I/O threads to terminate.
5676 */
5677 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5678 {
5679 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5680 {
5681 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5682 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5683 AssertRC(rc);
5684 }
5685 }
5686
5687 /*
5688 * Wait for the threads to terminate before destroying their resources.
5689 */
5690 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5691 {
5692 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5693 {
5694 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5695 if (RT_SUCCESS(rc))
5696 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5697 else
5698 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5699 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5700 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5701 }
5702 }
5703
5704 /*
5705 * Free resources.
5706 */
5707 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5708 {
5709 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5710 {
5711 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5712 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5713 }
5714 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5715 {
5716 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5717 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5718 }
5719 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5720 {
5721 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5722 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5723 }
5724
5725 /* try one final time */
5726 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5727 {
5728 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5729 if (RT_SUCCESS(rc))
5730 {
5731 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5732 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5733 }
5734 }
5735 }
5736
5737 return VINF_SUCCESS;
5738}
5739
5740
5741/**
5742 * Detach notification.
5743 *
5744 * The DVD drive has been unplugged.
5745 *
5746 * @param pDevIns The device instance.
5747 * @param iLUN The logical unit which is being detached.
5748 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5749 */
5750static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5751{
5752 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5753 PATACONTROLLER pCtl;
5754 ATADevState *pIf;
5755 unsigned iController;
5756 unsigned iInterface;
5757
5758 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5759 ("PIIX3IDE: Device does not support hotplugging\n"));
5760
5761 /*
5762 * Locate the controller and stuff.
5763 */
5764 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5765 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5766 pCtl = &pThis->aCts[iController];
5767
5768 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5769 pIf = &pCtl->aIfs[iInterface];
5770
5771 /*
5772 * Zero some important members.
5773 */
5774 pIf->pDrvBase = NULL;
5775 pIf->pDrvBlock = NULL;
5776 pIf->pDrvBlockBios = NULL;
5777 pIf->pDrvMount = NULL;
5778
5779 /*
5780 * In case there was a medium inserted.
5781 */
5782 ataMediumRemoved(pIf);
5783}
5784
5785
5786/**
5787 * Configure a LUN.
5788 *
5789 * @returns VBox status code.
5790 * @param pDevIns The device instance.
5791 * @param pIf The ATA unit state.
5792 */
5793static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5794{
5795 int rc = VINF_SUCCESS;
5796 PDMBLOCKTYPE enmType;
5797
5798 /*
5799 * Query Block, Bios and Mount interfaces.
5800 */
5801 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5802 if (!pIf->pDrvBlock)
5803 {
5804 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5805 return VERR_PDM_MISSING_INTERFACE;
5806 }
5807
5808 /** @todo implement the BIOS invisible code path. */
5809 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5810 if (!pIf->pDrvBlockBios)
5811 {
5812 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5813 return VERR_PDM_MISSING_INTERFACE;
5814 }
5815 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5816
5817 /*
5818 * Validate type.
5819 */
5820 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5821 if ( enmType != PDMBLOCKTYPE_CDROM
5822 && enmType != PDMBLOCKTYPE_DVD
5823 && enmType != PDMBLOCKTYPE_HARD_DISK)
5824 {
5825 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5826 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5827 }
5828 if ( ( enmType == PDMBLOCKTYPE_DVD
5829 || enmType == PDMBLOCKTYPE_CDROM)
5830 && !pIf->pDrvMount)
5831 {
5832 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5833 return VERR_INTERNAL_ERROR;
5834 }
5835 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5836 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5837
5838 /*
5839 * Allocate I/O buffer.
5840 */
5841 PVM pVM = PDMDevHlpGetVM(pDevIns);
5842 if (pIf->cbIOBuffer)
5843 {
5844 /* Buffer is (probably) already allocated. Validate the fields,
5845 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5846 if (pIf->fATAPI)
5847 AssertRelease(pIf->cbIOBuffer == _128K);
5848 else
5849 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5850 Assert(pIf->pbIOBufferR3);
5851 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5852 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5853 }
5854 else
5855 {
5856 if (pIf->fATAPI)
5857 pIf->cbIOBuffer = _128K;
5858 else
5859 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5860 Assert(!pIf->pbIOBufferR3);
5861 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5862 if (RT_FAILURE(rc))
5863 return VERR_NO_MEMORY;
5864 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5865 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5866 }
5867
5868 /*
5869 * Init geometry (only for non-CD/DVD media).
5870 */
5871 if (pIf->fATAPI)
5872 {
5873 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5874 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5875 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5876 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5877 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5878 }
5879 else
5880 {
5881 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5882 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5883 &pIf->PCHSGeometry);
5884 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5885 {
5886 pIf->PCHSGeometry.cCylinders = 0;
5887 pIf->PCHSGeometry.cHeads = 16; /*??*/
5888 pIf->PCHSGeometry.cSectors = 63; /*??*/
5889 }
5890 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5891 {
5892 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5893 rc = VINF_SUCCESS;
5894 }
5895 AssertRC(rc);
5896
5897 if ( pIf->PCHSGeometry.cCylinders == 0
5898 || pIf->PCHSGeometry.cHeads == 0
5899 || pIf->PCHSGeometry.cSectors == 0
5900 )
5901 {
5902 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5903 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5904 pIf->PCHSGeometry.cHeads = 16;
5905 pIf->PCHSGeometry.cSectors = 63;
5906 /* Set the disk geometry information. Ignore errors. */
5907 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5908 &pIf->PCHSGeometry);
5909 rc = VINF_SUCCESS;
5910 }
5911 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5912 }
5913 return rc;
5914}
5915
5916
5917/**
5918 * Attach command.
5919 *
5920 * This is called when we change block driver for the DVD drive.
5921 *
5922 * @returns VBox status code.
5923 * @param pDevIns The device instance.
5924 * @param iLUN The logical unit which is being detached.
5925 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5926 */
5927static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5928{
5929 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5930 PATACONTROLLER pCtl;
5931 ATADevState *pIf;
5932 int rc;
5933 unsigned iController;
5934 unsigned iInterface;
5935
5936 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5937 ("PIIX3IDE: Device does not support hotplugging\n"),
5938 VERR_INVALID_PARAMETER);
5939
5940 /*
5941 * Locate the controller and stuff.
5942 */
5943 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5944 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5945 pCtl = &pThis->aCts[iController];
5946
5947 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5948 pIf = &pCtl->aIfs[iInterface];
5949
5950 /* the usual paranoia */
5951 AssertRelease(!pIf->pDrvBase);
5952 AssertRelease(!pIf->pDrvBlock);
5953 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5954 Assert(pIf->iLUN == iLUN);
5955
5956 /*
5957 * Try attach the block device and get the interfaces,
5958 * required as well as optional.
5959 */
5960 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5961 if (RT_SUCCESS(rc))
5962 {
5963 rc = ataConfigLun(pDevIns, pIf);
5964 /*
5965 * In case there is a medium inserted.
5966 */
5967 ataMediumInserted(pIf);
5968 }
5969 else
5970 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5971
5972 if (RT_FAILURE(rc))
5973 {
5974 pIf->pDrvBase = NULL;
5975 pIf->pDrvBlock = NULL;
5976 }
5977 return rc;
5978}
5979
5980
5981/**
5982 * Resume notification.
5983 *
5984 * @returns VBox status.
5985 * @param pDevIns The device instance data.
5986 */
5987static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
5988{
5989 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5990 int rc;
5991
5992 Log(("%s:\n", __FUNCTION__));
5993 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5994 {
5995 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5996 {
5997 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5998 AssertRC(rc);
5999 }
6000 }
6001 return;
6002}
6003
6004
6005/**
6006 * Checks if all (both) the async I/O threads have quiesced.
6007 *
6008 * @returns true on success.
6009 * @returns false when one or more threads is still processing.
6010 * @param pThis Pointer to the instance data.
6011 */
6012static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6013{
6014 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6015
6016 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6017 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6018 {
6019 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6020 if (!fRc)
6021 {
6022 /* Make it signal PDM & itself when its done */
6023 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6024 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6025 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6026 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6027 if (!fRc)
6028 {
6029#if 0 /** @todo Need to do some time tracking here... */
6030 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6031 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6032 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6033#endif
6034 return false;
6035 }
6036 }
6037 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6038 }
6039 return true;
6040}
6041
6042
6043/**
6044 * Callback employed by ataSuspend and ataR3PowerOff.
6045 *
6046 * @returns true if we've quiesced, false if we're still working.
6047 * @param pDevIns The device instance.
6048 */
6049static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6050{
6051 return ataR3AllAsyncIOIsIdle(pDevIns);
6052}
6053
6054
6055/**
6056 * Common worker for ataSuspend and ataR3PowerOff.
6057 */
6058static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6059{
6060 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6061 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6062}
6063
6064
6065/**
6066 * Power Off notification.
6067 *
6068 * @returns VBox status.
6069 * @param pDevIns The device instance data.
6070 */
6071static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6072{
6073 Log(("%s:\n", __FUNCTION__));
6074 ataR3SuspendOrPowerOff(pDevIns);
6075}
6076
6077
6078/**
6079 * Suspend notification.
6080 *
6081 * @returns VBox status.
6082 * @param pDevIns The device instance data.
6083 */
6084static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6085{
6086 Log(("%s:\n", __FUNCTION__));
6087 ataR3SuspendOrPowerOff(pDevIns);
6088}
6089
6090
6091/**
6092 * Callback employed by ataR3Reset.
6093 *
6094 * @returns true if we've quiesced, false if we're still working.
6095 * @param pDevIns The device instance.
6096 */
6097static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6098{
6099 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6100
6101 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6102 return false;
6103
6104 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6105 {
6106 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6107 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6108 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6109 PDMCritSectLeave(&pThis->aCts[i].lock);
6110 }
6111 return true;
6112}
6113
6114
6115/**
6116 * Common reset worker for ataR3Reset and ataR3Construct.
6117 *
6118 * @returns VBox status.
6119 * @param pDevIns The device instance data.
6120 * @param fConstruct Indicates who is calling.
6121 */
6122static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6123{
6124 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6125
6126 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6127 {
6128 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6129
6130 pThis->aCts[i].iSelectedIf = 0;
6131 pThis->aCts[i].iAIOIf = 0;
6132 pThis->aCts[i].BmDma.u8Cmd = 0;
6133 /* Report that both drives present on the bus are in DMA mode. This
6134 * pretends that there is a BIOS that has set it up. Normal reset
6135 * default is 0x00. */
6136 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6137 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6138 pThis->aCts[i].BmDma.pvAddr = 0;
6139
6140 pThis->aCts[i].fReset = true;
6141 pThis->aCts[i].fRedo = false;
6142 pThis->aCts[i].fRedoIdle = false;
6143 ataAsyncIOClearRequests(&pThis->aCts[i]);
6144 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6145 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6146 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6147
6148 PDMCritSectLeave(&pThis->aCts[i].lock);
6149 }
6150
6151 int rcRet = VINF_SUCCESS;
6152 if (!fConstruct)
6153 {
6154 /*
6155 * Setup asynchronous notification compmletion if the requests haven't
6156 * completed yet.
6157 */
6158 if (!ataR3IsAsyncResetDone(pDevIns))
6159 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6160 }
6161 else
6162 {
6163 /*
6164 * Wait for the requests for complete.
6165 *
6166 * Would be real nice if we could do it all from EMT(0) and not
6167 * involve the worker threads, then we could dispense with all the
6168 * waiting and semaphore ping-pong here...
6169 */
6170 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6171 {
6172 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6173 {
6174 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6175 AssertRC(rc);
6176
6177 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6178 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6179 AssertRC(rc);
6180
6181 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6182 AssertRC(rc);
6183
6184 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6185 {
6186 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6187 if (RT_FAILURE(rc))
6188 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6189 if (RT_FAILURE(rc))
6190 {
6191 AssertRC(rc);
6192 rcRet = rc;
6193 }
6194 }
6195 }
6196 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6197 }
6198 if (RT_SUCCESS(rcRet))
6199 {
6200 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6201 AssertRC(rcRet);
6202 }
6203 }
6204 return rcRet;
6205}
6206
6207
6208/**
6209 * Reset notification.
6210 *
6211 * @param pDevIns The device instance data.
6212 */
6213static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6214{
6215 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6216}
6217
6218
6219/**
6220 * Prepare state save and load operation.
6221 *
6222 * @returns VBox status code.
6223 * @param pDevIns Device instance of the device which registered the data unit.
6224 * @param pSSM SSM operation handle.
6225 */
6226static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6227{
6228 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6229
6230 /* sanity - the suspend notification will wait on the async stuff. */
6231 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6232 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6233 ("i=%u\n", i),
6234 VERR_SSM_IDE_ASYNC_TIMEOUT);
6235 return VINF_SUCCESS;
6236}
6237
6238/**
6239 * @copydoc FNSSMDEVLIVEEXEC
6240 */
6241static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6242{
6243 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6244
6245 SSMR3PutU8(pSSM, pThis->u8Type);
6246 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6247 {
6248 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6249 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6250 {
6251 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6252 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6253 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6254 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6255 }
6256 }
6257
6258 return VINF_SSM_DONT_CALL_AGAIN;
6259}
6260
6261
6262/**
6263 * @copydoc FNSSMDEVSAVEEXEC
6264 */
6265static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6266{
6267 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6268
6269 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6270
6271 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6272 {
6273 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6274 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6275 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6276 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6277 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6278 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6279 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6280 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6281 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6282 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6283 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6284 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6285 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6286
6287 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6288 {
6289 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6290 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6291 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6292 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6293 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6294 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6295 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6296 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6297 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6298 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6299 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6300 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6301 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6302 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6303 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6304 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6305 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6306 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6307 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6308 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6309 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6310 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6311 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6312 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6313 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6314 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6315 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6316 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6317 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6318 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6319 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6320 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6321 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6322 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6323 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6324 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6325 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6326 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6327 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6328 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6329 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6330 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6331 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6332 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6333 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6334 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6335 else
6336 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6337 }
6338 }
6339
6340 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6341}
6342
6343/**
6344 * Converts the LUN number into a message string.
6345 */
6346static const char *ataStringifyLun(unsigned iLun)
6347{
6348 switch (iLun)
6349 {
6350 case 0: return "primary master";
6351 case 1: return "primary slave";
6352 case 2: return "secondary master";
6353 case 3: return "secondary slave";
6354 default: AssertFailedReturn("unknown lun");
6355 }
6356}
6357
6358/**
6359 * FNSSMDEVLOADEXEC
6360 */
6361static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6362{
6363 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6364 int rc;
6365 uint32_t u32;
6366
6367 if ( uVersion != ATA_SAVED_STATE_VERSION
6368 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6369 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6370 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6371 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6372 {
6373 AssertMsgFailed(("uVersion=%d\n", uVersion));
6374 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6375 }
6376
6377 /*
6378 * Verify the configuration.
6379 */
6380 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6381 {
6382 uint8_t u8Type;
6383 rc = SSMR3GetU8(pSSM, &u8Type);
6384 AssertRCReturn(rc, rc);
6385 if (u8Type != pThis->u8Type)
6386 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6387
6388 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6389 {
6390 bool fEnabled;
6391 rc = SSMR3GetBool(pSSM, &fEnabled);
6392 AssertRCReturn(rc, rc);
6393 if (!fEnabled)
6394 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6395
6396 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6397 {
6398 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6399
6400 bool fInUse;
6401 rc = SSMR3GetBool(pSSM, &fInUse);
6402 AssertRCReturn(rc, rc);
6403 if (fInUse != (pIf->pDrvBase != NULL))
6404 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6405 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6406 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6407
6408 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6409 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6410 AssertRCReturn(rc, rc);
6411 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6412 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6413 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6414
6415 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6416 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6417 AssertRCReturn(rc, rc);
6418 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6419 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6420 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6421
6422 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6423 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6424 AssertRCReturn(rc, rc);
6425 if (strcmp(szModelNumber, pIf->szModelNumber))
6426 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6427 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6428 }
6429 }
6430 }
6431 if (uPass != SSM_PASS_FINAL)
6432 return VINF_SUCCESS;
6433
6434 /*
6435 * Restore valid parts of the PCIATAState structure
6436 */
6437 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6438 {
6439 /* integrity check */
6440 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6441 {
6442 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6443 return VERR_INTERNAL_ERROR_4;
6444 }
6445
6446 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6447 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6448 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6449 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6450 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6451 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6452 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6453 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6454 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6455 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6456 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6457 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6458 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6459
6460 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6461 {
6462 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6463 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6464 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6465 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6466 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6467 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6468 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6469 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6470 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6471 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6472 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6473 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6474 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6475 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6476 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6477 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6478 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6479 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6480 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6481 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6482 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6483 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6484 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6485 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6486 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6487 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6488 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6489 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6490 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6491 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6492 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6493 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6494 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6495 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6496 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6497 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6498 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6499 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6500 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6501 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6502 {
6503 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6504 }
6505 else
6506 {
6507 uint8_t uATAPISenseKey, uATAPIASC;
6508 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6509 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6510 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6511 SSMR3GetU8(pSSM, &uATAPISenseKey);
6512 SSMR3GetU8(pSSM, &uATAPIASC);
6513 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6514 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6515 }
6516 /** @todo triple-check this hack after passthrough is working */
6517 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6518 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6519 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6520 else
6521 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6522 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6523 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6524 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6525 {
6526 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6527 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6528 else
6529 {
6530 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6531 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6532 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6533
6534 /* skip the buffer if we're loading for the debugger / animator. */
6535 uint8_t u8Ignored;
6536 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6537 while (cbLeft-- > 0)
6538 SSMR3GetU8(pSSM, &u8Ignored);
6539 }
6540 }
6541 else
6542 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6543 }
6544 }
6545 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6546 SSMR3GetU8(pSSM, &pThis->u8Type);
6547
6548 rc = SSMR3GetU32(pSSM, &u32);
6549 if (RT_FAILURE(rc))
6550 return rc;
6551 if (u32 != ~0U)
6552 {
6553 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6554 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6555 return rc;
6556 }
6557
6558 return VINF_SUCCESS;
6559}
6560
6561/**
6562 * Convert config value to DEVPCBIOSBOOT.
6563 *
6564 * @returns VBox status code.
6565 * @param pDevIns The device instance data.
6566 * @param pCfg Configuration handle.
6567 * @param penmChipset Where to store the chipset type.
6568 */
6569static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
6570{
6571 char szType[20];
6572
6573 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
6574 if (RT_FAILURE(rc))
6575 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6576 N_("Configuration error: Querying \"Type\" as a string failed"));
6577 if (!strcmp(szType, "PIIX3"))
6578 *penmChipset = CHIPSET_PIIX3;
6579 else if (!strcmp(szType, "PIIX4"))
6580 *penmChipset = CHIPSET_PIIX4;
6581 else if (!strcmp(szType, "ICH6"))
6582 *penmChipset = CHIPSET_ICH6;
6583 else
6584 {
6585 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6586 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6587 szType);
6588 rc = VERR_INTERNAL_ERROR;
6589 }
6590 return rc;
6591}
6592
6593
6594/**
6595 * @interface_method_impl{PDMDEVREG,pfnConstruct}
6596 */
6597static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
6598{
6599 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6600 PPDMIBASE pBase;
6601 int rc;
6602 bool fGCEnabled;
6603 bool fR0Enabled;
6604 uint32_t DelayIRQMillies;
6605
6606 Assert(iInstance == 0);
6607 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
6608
6609 /*
6610 * Initialize NIL handle values (for the destructor).
6611 */
6612 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6613 {
6614 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6615 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6616 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6617 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6618 }
6619
6620 /*
6621 * Validate and read configuration.
6622 */
6623 if (!CFGMR3AreValuesValid(pCfg,
6624 "GCEnabled\0"
6625 "R0Enabled\0"
6626 "IRQDelay\0"
6627 "Type\0")
6628 /** @todo || invalid keys */)
6629 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6630 N_("PIIX3 configuration error: unknown option specified"));
6631
6632 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
6633 if (RT_FAILURE(rc))
6634 return PDMDEV_SET_ERROR(pDevIns, rc,
6635 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6636 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6637
6638 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
6639 if (RT_FAILURE(rc))
6640 return PDMDEV_SET_ERROR(pDevIns, rc,
6641 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6642 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6643
6644 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
6645 if (RT_FAILURE(rc))
6646 return PDMDEV_SET_ERROR(pDevIns, rc,
6647 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6648 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6649 Assert(DelayIRQMillies < 50);
6650
6651 CHIPSET enmChipset = CHIPSET_PIIX3;
6652 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
6653 if (RT_FAILURE(rc))
6654 return rc;
6655 pThis->u8Type = (uint8_t)enmChipset;
6656
6657 /*
6658 * Initialize data (most of it anyway).
6659 */
6660 /* Status LUN. */
6661 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6662 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6663
6664 /* PCI configuration space. */
6665 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6666
6667 /*
6668 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6669 * as it explicitly checks for PCI id for IDE controllers.
6670 */
6671 switch (pThis->u8Type)
6672 {
6673 case CHIPSET_ICH6:
6674 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6675 /** @todo: do we need it? Do we need anything else? */
6676 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6677 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6678 pThis->dev.config[0x4B] = 0x00;
6679 {
6680 /*
6681 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6682 * Report
6683 * WR_Ping-Pong_EN: must be set
6684 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6685 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6686 */
6687 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6688 pThis->dev.config[0x54] = u16Config & 0xff;
6689 pThis->dev.config[0x55] = u16Config >> 8;
6690 }
6691 break;
6692 case CHIPSET_PIIX4:
6693 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6694 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6695 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6696 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6697 pThis->dev.config[0x4B] = 0x00;
6698 break;
6699 case CHIPSET_PIIX3:
6700 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6701 break;
6702 default:
6703 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6704 }
6705
6706 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6707 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6708 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6709 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6710 PCIDevSetHeaderType(&pThis->dev, 0x00);
6711
6712 pThis->pDevIns = pDevIns;
6713 pThis->fGCEnabled = fGCEnabled;
6714 pThis->fR0Enabled = fR0Enabled;
6715 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6716 {
6717 pThis->aCts[i].pDevInsR3 = pDevIns;
6718 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6719 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6720 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6721 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6722 {
6723 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6724
6725 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6726 pIf->pDevInsR3 = pDevIns;
6727 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6728 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6729 pIf->pControllerR3 = &pThis->aCts[i];
6730 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6731 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6732 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6733 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6734 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6735 pIf->Led.u32Magic = PDMLED_MAGIC;
6736 }
6737 }
6738
6739 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6740 pThis->aCts[0].irq = 14;
6741 pThis->aCts[0].IOPortBase1 = 0x1f0;
6742 pThis->aCts[0].IOPortBase2 = 0x3f6;
6743 pThis->aCts[1].irq = 15;
6744 pThis->aCts[1].IOPortBase1 = 0x170;
6745 pThis->aCts[1].IOPortBase2 = 0x376;
6746
6747 /*
6748 * Register the PCI device.
6749 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6750 * device the slot next to itself.
6751 */
6752 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6753 if (RT_FAILURE(rc))
6754 return PDMDEV_SET_ERROR(pDevIns, rc,
6755 N_("PIIX3 cannot register PCI device"));
6756 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6757 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6758 if (RT_FAILURE(rc))
6759 return PDMDEV_SET_ERROR(pDevIns, rc,
6760 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6761
6762 /*
6763 * Register the I/O ports.
6764 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6765 */
6766 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6767 {
6768 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6769 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6770 if (RT_FAILURE(rc))
6771 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6772
6773 if (fGCEnabled)
6774 {
6775 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6776 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6777 if (RT_FAILURE(rc))
6778 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6779 }
6780
6781 if (fR0Enabled)
6782 {
6783#if 1
6784 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6785 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6786#else
6787 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6788 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6789#endif
6790 if (RT_FAILURE(rc))
6791 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6792 }
6793
6794 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6795 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6796 if (RT_FAILURE(rc))
6797 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6798
6799 if (fGCEnabled)
6800 {
6801 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6802 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6803 if (RT_FAILURE(rc))
6804 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6805 }
6806 if (fR0Enabled)
6807 {
6808 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6809 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6810 if (RT_FAILURE(rc))
6811 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6812 }
6813
6814 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6815 {
6816 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6817 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6818 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6819 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6820 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6821 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6822 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
6823 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6824 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
6825#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6826 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6827 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
6828#endif
6829 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6830 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
6831#ifdef VBOX_INSTRUMENT_DMA_WRITES
6832 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6833 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
6834#endif
6835#ifdef VBOX_WITH_STATISTICS
6836 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6837 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
6838#endif
6839 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6840 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
6841#ifdef VBOX_WITH_STATISTICS
6842 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6843 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
6844#endif
6845 }
6846#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6847 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6848 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
6849 /** @todo STAMUNIT_MICROSECS */
6850 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6851 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
6852 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6853 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
6854 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6855 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
6856 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6857 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
6858 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6859 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
6860#endif /* VBOX_WITH_STATISTICS */
6861
6862 /* Initialize per-controller critical section */
6863 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
6864 if (RT_FAILURE(rc))
6865 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6866 }
6867
6868 /*
6869 * Attach status driver (optional).
6870 */
6871 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6872 if (RT_SUCCESS(rc))
6873 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
6874 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6875 {
6876 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6877 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6878 }
6879
6880 /*
6881 * Attach the units.
6882 */
6883 uint32_t cbTotalBuffer = 0;
6884 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6885 {
6886 PATACONTROLLER pCtl = &pThis->aCts[i];
6887
6888 /*
6889 * Start the worker thread.
6890 */
6891 pCtl->uAsyncIOState = ATA_AIO_NEW;
6892 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6893 AssertLogRelRCReturn(rc, rc);
6894 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6895 AssertLogRelRCReturn(rc, rc);
6896 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6897 AssertLogRelRCReturn(rc, rc);
6898 ataAsyncIOClearRequests(pCtl);
6899 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
6900 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6901 AssertLogRelRCReturn(rc, rc);
6902 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6903 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6904
6905 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6906 {
6907 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6908 {
6909 { "Primary Master", "Primary Slave" },
6910 { "Secondary Master", "Secondary Slave" }
6911 };
6912
6913 /*
6914 * Try attach the block device and get the interfaces,
6915 * required as well as optional.
6916 */
6917 ATADevState *pIf = &pCtl->aIfs[j];
6918
6919 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6920 if (RT_SUCCESS(rc))
6921 {
6922 rc = ataConfigLun(pDevIns, pIf);
6923 if (RT_SUCCESS(rc))
6924 {
6925 /*
6926 * Init vendor product data.
6927 */
6928 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6929 {
6930 { "PrimaryMaster", "PrimarySlave" },
6931 { "SecondaryMaster", "SecondarySlave" }
6932 };
6933
6934 /* Generate a default serial number. */
6935 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6936 RTUUID Uuid;
6937 if (pIf->pDrvBlock)
6938 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6939 else
6940 RTUuidClear(&Uuid);
6941
6942 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6943 {
6944 /* Generate a predictable serial for drives which don't have a UUID. */
6945 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6946 pIf->iLUN + pDevIns->iInstance * 32,
6947 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6948 }
6949 else
6950 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6951
6952 /* Get user config if present using defaults otherwise. */
6953 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
6954 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6955 szSerial);
6956 if (RT_FAILURE(rc))
6957 {
6958 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6959 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6960 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6961 return PDMDEV_SET_ERROR(pDevIns, rc,
6962 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6963 }
6964
6965 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6966 "1.0");
6967 if (RT_FAILURE(rc))
6968 {
6969 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6970 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6971 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6972 return PDMDEV_SET_ERROR(pDevIns, rc,
6973 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6974 }
6975
6976 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
6977 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
6978 if (RT_FAILURE(rc))
6979 {
6980 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6981 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6982 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6983 return PDMDEV_SET_ERROR(pDevIns, rc,
6984 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6985 }
6986
6987 /* There are three other identification strings for CD drives used for INQUIRY */
6988 if (pIf->fATAPI)
6989 {
6990 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
6991 "VBOX");
6992 if (RT_FAILURE(rc))
6993 {
6994 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6995 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6996 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
6997 return PDMDEV_SET_ERROR(pDevIns, rc,
6998 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
6999 }
7000
7001 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7002 "CD-ROM");
7003 if (RT_FAILURE(rc))
7004 {
7005 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7006 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7007 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7008 return PDMDEV_SET_ERROR(pDevIns, rc,
7009 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7010 }
7011
7012 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7013 "1.0");
7014 if (RT_FAILURE(rc))
7015 {
7016 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7017 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7018 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7019 return PDMDEV_SET_ERROR(pDevIns, rc,
7020 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7021 }
7022 }
7023 }
7024
7025 }
7026 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7027 {
7028 pIf->pDrvBase = NULL;
7029 pIf->pDrvBlock = NULL;
7030 pIf->cbIOBuffer = 0;
7031 pIf->pbIOBufferR3 = NULL;
7032 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7033 pIf->pbIOBufferRC = NIL_RTGCPTR;
7034 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7035 }
7036 else
7037 {
7038 switch (rc)
7039 {
7040 case VERR_ACCESS_DENIED:
7041 /* Error already catched by DrvHostBase */
7042 return rc;
7043 default:
7044 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7045 N_("PIIX3 cannot attach drive to the %s"),
7046 s_apszDescs[i][j]);
7047 }
7048 }
7049 cbTotalBuffer += pIf->cbIOBuffer;
7050 }
7051 }
7052
7053 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7054 NULL, ataLiveExec, NULL,
7055 ataSaveLoadPrep, ataSaveExec, NULL,
7056 ataSaveLoadPrep, ataLoadExec, NULL);
7057 if (RT_FAILURE(rc))
7058 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7059
7060 /*
7061 * Initialize the device state.
7062 */
7063 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7064}
7065
7066
7067/**
7068 * The device registration structure.
7069 */
7070const PDMDEVREG g_DevicePIIX3IDE =
7071{
7072 /* u32Version */
7073 PDM_DEVREG_VERSION,
7074 /* szName */
7075 "piix3ide",
7076 /* szRCMod */
7077 "VBoxDDGC.gc",
7078 /* szR0Mod */
7079 "VBoxDDR0.r0",
7080 /* pszDescription */
7081 "Intel PIIX3 ATA controller.\n"
7082 " LUN #0 is primary master.\n"
7083 " LUN #1 is primary slave.\n"
7084 " LUN #2 is secondary master.\n"
7085 " LUN #3 is secondary slave.\n"
7086 " LUN #999 is the LED/Status connector.",
7087 /* fFlags */
7088 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7089 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7090 /* fClass */
7091 PDM_DEVREG_CLASS_STORAGE,
7092 /* cMaxInstances */
7093 1,
7094 /* cbInstance */
7095 sizeof(PCIATAState),
7096 /* pfnConstruct */
7097 ataR3Construct,
7098 /* pfnDestruct */
7099 ataR3Destruct,
7100 /* pfnRelocate */
7101 ataR3Relocate,
7102 /* pfnIOCtl */
7103 NULL,
7104 /* pfnPowerOn */
7105 NULL,
7106 /* pfnReset */
7107 ataR3Reset,
7108 /* pfnSuspend */
7109 ataR3Suspend,
7110 /* pfnResume */
7111 ataR3Resume,
7112 /* pfnAttach */
7113 ataR3Attach,
7114 /* pfnDetach */
7115 ataR3Detach,
7116 /* pfnQueryInterface. */
7117 NULL,
7118 /* pfnInitComplete */
7119 NULL,
7120 /* pfnPowerOff */
7121 ataR3PowerOff,
7122 /* pfnSoftReset */
7123 NULL,
7124 /* u32VersionEnd */
7125 PDM_DEVREG_VERSION
7126};
7127#endif /* IN_RING3 */
7128#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette