VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 34921

Last change on this file since 34921 was 34433, checked in by vboxsync, 14 years ago

Storage: Introduce interface to query the location of a medium (device + instance + LUN) in a VM to generate IDs which are constant for saved states
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 272.2 KB
Line 
1/* $Id: DevATA.cpp 34433 2010-11-27 11:09:38Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/stam.h>
55#include <VBox/mm.h>
56#include <VBox/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "../Builtins.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/* Media track type */
102#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
103#define ATA_MEDIA_TYPE_DATA 1 /**< Data CD */
104#define ATA_MEDIA_TYPE_CDDA 2 /**< CD-DA (audio) CD type */
105
106/**
107 * Length of the configurable VPD data (without termination)
108 */
109#define ATA_SERIAL_NUMBER_LENGTH 20
110#define ATA_FIRMWARE_REVISION_LENGTH 8
111#define ATA_MODEL_NUMBER_LENGTH 40
112#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
113#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
114#define ATAPI_INQUIRY_REVISION_LENGTH 4
115
116/*******************************************************************************
117* Structures and Typedefs *
118*******************************************************************************/
119/**
120 * The state of an ATA device.
121 *
122 * @implements PDMIBASE
123 * @implements PDMIBLOCKPORT
124 * @implements PDMIMOUNTNOTIFY
125 */
126typedef struct ATADevState
127{
128 /** Flag indicating whether the current command uses LBA48 mode. */
129 bool fLBA48;
130 /** Flag indicating whether this drive implements the ATAPI command set. */
131 bool fATAPI;
132 /** Set if this interface has asserted the IRQ. */
133 bool fIrqPending;
134 /** Currently configured number of sectors in a multi-sector transfer. */
135 uint8_t cMultSectors;
136 /** PCHS disk geometry. */
137 PDMMEDIAGEOMETRY PCHSGeometry;
138 /** Total number of sectors on this disk. */
139 uint64_t cTotalSectors;
140 /** Number of sectors to transfer per IRQ. */
141 uint32_t cSectorsPerIRQ;
142
143 /** ATA/ATAPI register 1: feature (write-only). */
144 uint8_t uATARegFeature;
145 /** ATA/ATAPI register 1: feature, high order byte. */
146 uint8_t uATARegFeatureHOB;
147 /** ATA/ATAPI register 1: error (read-only). */
148 uint8_t uATARegError;
149 /** ATA/ATAPI register 2: sector count (read/write). */
150 uint8_t uATARegNSector;
151 /** ATA/ATAPI register 2: sector count, high order byte. */
152 uint8_t uATARegNSectorHOB;
153 /** ATA/ATAPI register 3: sector (read/write). */
154 uint8_t uATARegSector;
155 /** ATA/ATAPI register 3: sector, high order byte. */
156 uint8_t uATARegSectorHOB;
157 /** ATA/ATAPI register 4: cylinder low (read/write). */
158 uint8_t uATARegLCyl;
159 /** ATA/ATAPI register 4: cylinder low, high order byte. */
160 uint8_t uATARegLCylHOB;
161 /** ATA/ATAPI register 5: cylinder high (read/write). */
162 uint8_t uATARegHCyl;
163 /** ATA/ATAPI register 5: cylinder high, high order byte. */
164 uint8_t uATARegHCylHOB;
165 /** ATA/ATAPI register 6: select drive/head (read/write). */
166 uint8_t uATARegSelect;
167 /** ATA/ATAPI register 7: status (read-only). */
168 uint8_t uATARegStatus;
169 /** ATA/ATAPI register 7: command (write-only). */
170 uint8_t uATARegCommand;
171 /** ATA/ATAPI drive control register (write-only). */
172 uint8_t uATARegDevCtl;
173
174 /** Currently active transfer mode (MDMA/UDMA) and speed. */
175 uint8_t uATATransferMode;
176 /** Current transfer direction. */
177 uint8_t uTxDir;
178 /** Index of callback for begin transfer. */
179 uint8_t iBeginTransfer;
180 /** Index of callback for source/sink of data. */
181 uint8_t iSourceSink;
182 /** Flag indicating whether the current command transfers data in DMA mode. */
183 bool fDMA;
184 /** Set to indicate that ATAPI transfer semantics must be used. */
185 bool fATAPITransfer;
186
187 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbTotalTransfer;
189 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
190 uint32_t cbElementaryTransfer;
191 /** Current read/write buffer position, shared PIO/DMA. */
192 uint32_t iIOBufferCur;
193 /** First element beyond end of valid buffer content, shared PIO/DMA. */
194 uint32_t iIOBufferEnd;
195
196 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataStart;
198 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
199 uint32_t iIOBufferPIODataEnd;
200
201 /** ATAPI current LBA position. */
202 uint32_t iATAPILBA;
203 /** ATAPI current sector size. */
204 uint32_t cbATAPISector;
205 /** ATAPI current command. */
206 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
207 /** ATAPI sense data. */
208 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
209 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
210 uint8_t cNotifiedMediaChange;
211 /** The same for GET_EVENT_STATUS for mechanism */
212 volatile uint32_t MediaEventStatus;
213
214 /** Media type if known. */
215 volatile uint32_t MediaTrackType;
216
217 /** The status LED state for this drive. */
218 PDMLED Led;
219
220 /** Size of I/O buffer. */
221 uint32_t cbIOBuffer;
222 /** Pointer to the I/O buffer. */
223 R3PTRTYPE(uint8_t *) pbIOBufferR3;
224 /** Pointer to the I/O buffer. */
225 R0PTRTYPE(uint8_t *) pbIOBufferR0;
226 /** Pointer to the I/O buffer. */
227 RCPTRTYPE(uint8_t *) pbIOBufferRC;
228
229 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
230
231 /*
232 * No data that is part of the saved state after this point!!!!!
233 */
234
235 /* Release statistics: number of ATA DMA commands. */
236 STAMCOUNTER StatATADMA;
237 /* Release statistics: number of ATA PIO commands. */
238 STAMCOUNTER StatATAPIO;
239 /* Release statistics: number of ATAPI PIO commands. */
240 STAMCOUNTER StatATAPIDMA;
241 /* Release statistics: number of ATAPI PIO commands. */
242 STAMCOUNTER StatATAPIPIO;
243#ifdef VBOX_INSTRUMENT_DMA_WRITES
244 /* Release statistics: number of DMA sector writes and the time spent. */
245 STAMPROFILEADV StatInstrVDWrites;
246#endif
247
248 /** Statistics: number of read operations and the time spent reading. */
249 STAMPROFILEADV StatReads;
250 /** Statistics: number of bytes read. */
251 STAMCOUNTER StatBytesRead;
252 /** Statistics: number of write operations and the time spent writing. */
253 STAMPROFILEADV StatWrites;
254 /** Statistics: number of bytes written. */
255 STAMCOUNTER StatBytesWritten;
256 /** Statistics: number of flush operations and the time spend flushing. */
257 STAMPROFILE StatFlushes;
258
259 /** Enable passing through commands directly to the ATAPI drive. */
260 bool fATAPIPassthrough;
261 /** Number of errors we've reported to the release log.
262 * This is to prevent flooding caused by something going horribly wrong.
263 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
264 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
265 uint32_t cErrors;
266 /** Timestamp of last started command. 0 if no command pending. */
267 uint64_t u64CmdTS;
268
269 /** Pointer to the attached driver's base interface. */
270 R3PTRTYPE(PPDMIBASE) pDrvBase;
271 /** Pointer to the attached driver's block interface. */
272 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
273 /** Pointer to the attached driver's block bios interface. */
274 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
275 /** Pointer to the attached driver's mount interface.
276 * This is NULL if the driver isn't a removable unit. */
277 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
278 /** The base interface. */
279 PDMIBASE IBase;
280 /** The block port interface. */
281 PDMIBLOCKPORT IPort;
282 /** The mount notify interface. */
283 PDMIMOUNTNOTIFY IMountNotify;
284 /** The LUN #. */
285 RTUINT iLUN;
286 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
287 /** Pointer to device instance. */
288 PPDMDEVINSR3 pDevInsR3;
289 /** Pointer to controller instance. */
290 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
291 /** Pointer to device instance. */
292 PPDMDEVINSR0 pDevInsR0;
293 /** Pointer to controller instance. */
294 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
295 /** Pointer to device instance. */
296 PPDMDEVINSRC pDevInsRC;
297 /** Pointer to controller instance. */
298 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
299
300 /** The serial number to use for IDENTIFY DEVICE commands. */
301 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
302 /** The firmware revision to use for IDENTIFY DEVICE commands. */
303 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
304 /** The model number to use for IDENTIFY DEVICE commands. */
305 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
306 /** The vendor identification string for SCSI INQUIRY commands. */
307 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
308 /** The product identification string for SCSI INQUIRY commands. */
309 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
310 /** The revision string for SCSI INQUIRY commands. */
311 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
312
313 uint8_t abAlignment3[7];
314} ATADevState;
315AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
316AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
317AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
318AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
319AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
320AssertCompileSizeAlignment(ATADevState, 8);
321
322
323typedef struct ATATransferRequest
324{
325 uint8_t iIf;
326 uint8_t iBeginTransfer;
327 uint8_t iSourceSink;
328 uint32_t cbTotalTransfer;
329 uint8_t uTxDir;
330} ATATransferRequest;
331
332
333typedef struct ATAAbortRequest
334{
335 uint8_t iIf;
336 bool fResetDrive;
337} ATAAbortRequest;
338
339
340typedef enum
341{
342 /** Begin a new transfer. */
343 ATA_AIO_NEW = 0,
344 /** Continue a DMA transfer. */
345 ATA_AIO_DMA,
346 /** Continue a PIO transfer. */
347 ATA_AIO_PIO,
348 /** Reset the drives on current controller, stop all transfer activity. */
349 ATA_AIO_RESET_ASSERTED,
350 /** Reset the drives on current controller, resume operation. */
351 ATA_AIO_RESET_CLEARED,
352 /** Abort the current transfer of a particular drive. */
353 ATA_AIO_ABORT
354} ATAAIO;
355
356
357typedef struct ATARequest
358{
359 ATAAIO ReqType;
360 union
361 {
362 ATATransferRequest t;
363 ATAAbortRequest a;
364 } u;
365} ATARequest;
366
367
368typedef struct ATACONTROLLER
369{
370 /** The base of the first I/O Port range. */
371 RTIOPORT IOPortBase1;
372 /** The base of the second I/O Port range. (0 if none) */
373 RTIOPORT IOPortBase2;
374 /** The assigned IRQ. */
375 RTUINT irq;
376 /** Access critical section */
377 PDMCRITSECT lock;
378
379 /** Selected drive. */
380 uint8_t iSelectedIf;
381 /** The interface on which to handle async I/O. */
382 uint8_t iAIOIf;
383 /** The state of the async I/O thread. */
384 uint8_t uAsyncIOState;
385 /** Flag indicating whether the next transfer is part of the current command. */
386 bool fChainedTransfer;
387 /** Set when the reset processing is currently active on this controller. */
388 bool fReset;
389 /** Flag whether the current transfer needs to be redone. */
390 bool fRedo;
391 /** Flag whether the redo suspend has been finished. */
392 bool fRedoIdle;
393 /** Flag whether the DMA operation to be redone is the final transfer. */
394 bool fRedoDMALastDesc;
395 /** The BusMaster DMA state. */
396 BMDMAState BmDma;
397 /** Pointer to first DMA descriptor. */
398 RTGCPHYS32 pFirstDMADesc;
399 /** Pointer to last DMA descriptor. */
400 RTGCPHYS32 pLastDMADesc;
401 /** Pointer to current DMA buffer (for redo operations). */
402 RTGCPHYS32 pRedoDMABuffer;
403 /** Size of current DMA buffer (for redo operations). */
404 uint32_t cbRedoDMABuffer;
405
406 /** The ATA/ATAPI interfaces of this controller. */
407 ATADevState aIfs[2];
408
409 /** Pointer to device instance. */
410 PPDMDEVINSR3 pDevInsR3;
411 /** Pointer to device instance. */
412 PPDMDEVINSR0 pDevInsR0;
413 /** Pointer to device instance. */
414 PPDMDEVINSRC pDevInsRC;
415
416 /** Set when the destroying the device instance and the thread must exit. */
417 uint32_t volatile fShutdown;
418 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
419 RTTHREAD AsyncIOThread;
420 /** The event semaphore the thread is waiting on for requests. */
421 RTSEMEVENT AsyncIOSem;
422 /** The request queue for the AIO thread. One element is always unused. */
423 ATARequest aAsyncIORequests[4];
424 /** The position at which to insert a new request for the AIO thread. */
425 volatile uint8_t AsyncIOReqHead;
426 /** The position at which to get a new request for the AIO thread. */
427 volatile uint8_t AsyncIOReqTail;
428 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
429 bool volatile fSignalIdle;
430 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
431 /** Magic delay before triggering interrupts in DMA mode. */
432 uint32_t DelayIRQMillies;
433 /** The mutex protecting the request queue. */
434 RTSEMMUTEX AsyncIORequestMutex;
435 /** The event semaphore the thread is waiting on during suspended I/O. */
436 RTSEMEVENT SuspendIOSem;
437#if 0 /*HC_ARCH_BITS == 32*/
438 uint32_t Alignment0;
439#endif
440
441 /** Timestamp we started the reset. */
442 uint64_t u64ResetTime;
443
444 /* Statistics */
445 STAMCOUNTER StatAsyncOps;
446 uint64_t StatAsyncMinWait;
447 uint64_t StatAsyncMaxWait;
448 STAMCOUNTER StatAsyncTimeUS;
449 STAMPROFILEADV StatAsyncTime;
450 STAMPROFILE StatLockWait;
451} ATACONTROLLER, *PATACONTROLLER;
452AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
453AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
456
457typedef enum CHIPSET
458{
459 /** PIIX3 chipset, must be 0 for saved state compatibility */
460 CHIPSET_PIIX3 = 0,
461 /** PIIX4 chipset, must be 1 for saved state compatibility */
462 CHIPSET_PIIX4 = 1,
463 /** ICH6 chipset */
464 CHIPSET_ICH6 = 2
465} CHIPSET;
466
467/**
468 * The state of the ATA PCI device.
469 *
470 * @extends PCIDEVICE
471 * @implements PDMILEDPORTS
472 */
473typedef struct PCIATAState
474{
475 PCIDEVICE dev;
476 /** The controllers. */
477 ATACONTROLLER aCts[2];
478 /** Pointer to device instance. */
479 PPDMDEVINSR3 pDevIns;
480 /** Status LUN: Base interface. */
481 PDMIBASE IBase;
482 /** Status LUN: Leds interface. */
483 PDMILEDPORTS ILeds;
484 /** Status LUN: Partner of ILeds. */
485 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
486 /** Flag whether GC is enabled. */
487 bool fGCEnabled;
488 /** Flag whether R0 is enabled. */
489 bool fR0Enabled;
490 /** Flag indicating chipset being emulated. */
491 uint8_t u8Type;
492 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
493} PCIATAState;
494
495#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
496#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
497#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
498#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
499#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
500#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
501
502#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
503
504#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
505#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
506#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
507#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
508#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
509
510#ifndef VBOX_DEVICE_STRUCT_TESTCASE
511/*******************************************************************************
512 * Internal Functions *
513 ******************************************************************************/
514RT_C_DECLS_BEGIN
515PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
516PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
517PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
518PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
521PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
522PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
523RT_C_DECLS_END
524
525
526
527DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
528{
529 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
530
531 /* Freeze status register contents while processing RESET. */
532 if (!pCtl->fReset)
533 {
534 s->uATARegStatus = stat;
535 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
536 }
537}
538
539
540DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
541{
542 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
543
544 /* Freeze status register contents while processing RESET. */
545 if (!pCtl->fReset)
546 {
547 s->uATARegStatus |= stat;
548 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
549 }
550}
551
552
553DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
554{
555 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
556
557 /* Freeze status register contents while processing RESET. */
558 if (!pCtl->fReset)
559 {
560 s->uATARegStatus &= ~stat;
561 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
562 }
563}
564
565#ifdef IN_RING3
566
567typedef void (*PBeginTransferFunc)(ATADevState *);
568typedef bool (*PSourceSinkFunc)(ATADevState *);
569
570static void ataReadWriteSectorsBT(ATADevState *);
571static void ataPacketBT(ATADevState *);
572static void atapiCmdBT(ATADevState *);
573static void atapiPassthroughCmdBT(ATADevState *);
574
575static bool ataIdentifySS(ATADevState *);
576static bool ataFlushSS(ATADevState *);
577static bool ataReadSectorsSS(ATADevState *);
578static bool ataWriteSectorsSS(ATADevState *);
579static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
580static bool ataPacketSS(ATADevState *);
581static bool atapiGetConfigurationSS(ATADevState *);
582static bool atapiGetEventStatusNotificationSS(ATADevState *);
583static bool atapiIdentifySS(ATADevState *);
584static bool atapiInquirySS(ATADevState *);
585static bool atapiMechanismStatusSS(ATADevState *);
586static bool atapiModeSenseErrorRecoverySS(ATADevState *);
587static bool atapiModeSenseCDStatusSS(ATADevState *);
588static bool atapiReadSS(ATADevState *);
589static bool atapiReadCapacitySS(ATADevState *);
590static bool atapiReadDiscInformationSS(ATADevState *);
591static bool atapiReadTOCNormalSS(ATADevState *);
592static bool atapiReadTOCMultiSS(ATADevState *);
593static bool atapiReadTOCRawSS(ATADevState *);
594static bool atapiReadTrackInformationSS(ATADevState *);
595static bool atapiRequestSenseSS(ATADevState *);
596static bool atapiPassthroughSS(ATADevState *);
597static bool atapiReadDVDStructureSS(ATADevState *);
598
599/**
600 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
601 */
602typedef enum ATAFNBT
603{
604 ATAFN_BT_NULL = 0,
605 ATAFN_BT_READ_WRITE_SECTORS,
606 ATAFN_BT_PACKET,
607 ATAFN_BT_ATAPI_CMD,
608 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
609 ATAFN_BT_MAX
610} ATAFNBT;
611
612/**
613 * Array of end transfer functions, the index is ATAFNET.
614 * Make sure ATAFNET and this array match!
615 */
616static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
617{
618 NULL,
619 ataReadWriteSectorsBT,
620 ataPacketBT,
621 atapiCmdBT,
622 atapiPassthroughCmdBT,
623};
624
625/**
626 * Source/sink function indexes for g_apfnSourceSinkFuncs.
627 */
628typedef enum ATAFNSS
629{
630 ATAFN_SS_NULL = 0,
631 ATAFN_SS_IDENTIFY,
632 ATAFN_SS_FLUSH,
633 ATAFN_SS_READ_SECTORS,
634 ATAFN_SS_WRITE_SECTORS,
635 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
636 ATAFN_SS_PACKET,
637 ATAFN_SS_ATAPI_GET_CONFIGURATION,
638 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
639 ATAFN_SS_ATAPI_IDENTIFY,
640 ATAFN_SS_ATAPI_INQUIRY,
641 ATAFN_SS_ATAPI_MECHANISM_STATUS,
642 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
643 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
644 ATAFN_SS_ATAPI_READ,
645 ATAFN_SS_ATAPI_READ_CAPACITY,
646 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
647 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
648 ATAFN_SS_ATAPI_READ_TOC_MULTI,
649 ATAFN_SS_ATAPI_READ_TOC_RAW,
650 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
651 ATAFN_SS_ATAPI_REQUEST_SENSE,
652 ATAFN_SS_ATAPI_PASSTHROUGH,
653 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
654 ATAFN_SS_MAX
655} ATAFNSS;
656
657/**
658 * Array of source/sink functions, the index is ATAFNSS.
659 * Make sure ATAFNSS and this array match!
660 */
661static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
662{
663 NULL,
664 ataIdentifySS,
665 ataFlushSS,
666 ataReadSectorsSS,
667 ataWriteSectorsSS,
668 ataExecuteDeviceDiagnosticSS,
669 ataPacketSS,
670 atapiGetConfigurationSS,
671 atapiGetEventStatusNotificationSS,
672 atapiIdentifySS,
673 atapiInquirySS,
674 atapiMechanismStatusSS,
675 atapiModeSenseErrorRecoverySS,
676 atapiModeSenseCDStatusSS,
677 atapiReadSS,
678 atapiReadCapacitySS,
679 atapiReadDiscInformationSS,
680 atapiReadTOCNormalSS,
681 atapiReadTOCMultiSS,
682 atapiReadTOCRawSS,
683 atapiReadTrackInformationSS,
684 atapiRequestSenseSS,
685 atapiPassthroughSS,
686 atapiReadDVDStructureSS
687};
688
689
690static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
691static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
692static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
693static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
694
695static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
696{
697 int rc;
698
699 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
700 AssertRC(rc);
701 pCtl->AsyncIOReqHead = 0;
702 pCtl->AsyncIOReqTail = 0;
703 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
704 AssertRC(rc);
705}
706
707
708static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
709{
710 int rc;
711
712 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
713 AssertRC(rc);
714 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
715 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
716 pCtl->AsyncIOReqHead++;
717 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
718 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
719 AssertRC(rc);
720 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
721 if (RT_FAILURE(rc))
722 {
723 rc = RTSemEventSignal(pCtl->AsyncIOSem);
724 AssertRC(rc);
725 }
726}
727
728
729static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
730{
731 int rc;
732 const ATARequest *pReq;
733
734 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
735 AssertRC(rc);
736 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
737 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
738 else
739 pReq = NULL;
740 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
741 AssertRC(rc);
742 return pReq;
743}
744
745
746/**
747 * Remove the request with the given type, as it's finished. The request
748 * is not removed blindly, as this could mean a RESET request that is not
749 * yet processed (but has cleared the request queue) is lost.
750 *
751 * @param pCtl Controller for which to remove the request.
752 * @param ReqType Type of the request to remove.
753 */
754static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
755{
756 int rc;
757
758 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
759 AssertRC(rc);
760 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
761 {
762 pCtl->AsyncIOReqTail++;
763 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
764 }
765 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
766 AssertRC(rc);
767}
768
769
770/**
771 * Dump the request queue for a particular controller. First dump the queue
772 * contents, then the already processed entries, as long as they haven't been
773 * overwritten.
774 *
775 * @param pCtl Controller for which to dump the queue.
776 */
777static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
778{
779 int rc;
780 uint8_t curr;
781
782 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
783 AssertRC(rc);
784 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
785 curr = pCtl->AsyncIOReqTail;
786 do
787 {
788 if (curr == pCtl->AsyncIOReqHead)
789 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
790 switch (pCtl->aAsyncIORequests[curr].ReqType)
791 {
792 case ATA_AIO_NEW:
793 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
794 break;
795 case ATA_AIO_DMA:
796 LogRel(("dma transfer continuation\n"));
797 break;
798 case ATA_AIO_PIO:
799 LogRel(("pio transfer continuation\n"));
800 break;
801 case ATA_AIO_RESET_ASSERTED:
802 LogRel(("reset asserted request\n"));
803 break;
804 case ATA_AIO_RESET_CLEARED:
805 LogRel(("reset cleared request\n"));
806 break;
807 case ATA_AIO_ABORT:
808 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
809 break;
810 default:
811 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
812 }
813 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
814 } while (curr != pCtl->AsyncIOReqTail);
815 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
816 AssertRC(rc);
817}
818
819
820/**
821 * Checks whether the request queue for a particular controller is empty
822 * or whether a particular controller is idle.
823 *
824 * @param pCtl Controller for which to check the queue.
825 * @param fStrict If set then the controller is checked to be idle.
826 */
827static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
828{
829 int rc;
830 bool fIdle;
831
832 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
833 AssertRC(rc);
834 fIdle = pCtl->fRedoIdle;
835 if (!fIdle)
836 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
837 if (fStrict)
838 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
839 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
840 AssertRC(rc);
841 return fIdle;
842}
843
844
845/**
846 * Send a transfer request to the async I/O thread.
847 *
848 * @param s Pointer to the ATA device state data.
849 * @param cbTotalTransfer Data transfer size.
850 * @param uTxDir Data transfer direction.
851 * @param iBeginTransfer Index of BeginTransfer callback.
852 * @param iSourceSink Index of SourceSink callback.
853 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
854 */
855static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
856{
857 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
858 ATARequest Req;
859
860 Assert(PDMCritSectIsOwner(&pCtl->lock));
861
862 /* Do not issue new requests while the RESET line is asserted. */
863 if (pCtl->fReset)
864 {
865 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
866 return;
867 }
868
869 /* If the controller is already doing something else right now, ignore
870 * the command that is being submitted. Some broken guests issue commands
871 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
872 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
873 {
874 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
875 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
876 return;
877 }
878
879 Req.ReqType = ATA_AIO_NEW;
880 if (fChainedTransfer)
881 Req.u.t.iIf = pCtl->iAIOIf;
882 else
883 Req.u.t.iIf = pCtl->iSelectedIf;
884 Req.u.t.cbTotalTransfer = cbTotalTransfer;
885 Req.u.t.uTxDir = uTxDir;
886 Req.u.t.iBeginTransfer = iBeginTransfer;
887 Req.u.t.iSourceSink = iSourceSink;
888 ataSetStatusValue(s, ATA_STAT_BUSY);
889 pCtl->fChainedTransfer = fChainedTransfer;
890
891 /*
892 * Kick the worker thread into action.
893 */
894 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
895 ataAsyncIOPutRequest(pCtl, &Req);
896}
897
898
899/**
900 * Send an abort command request to the async I/O thread.
901 *
902 * @param s Pointer to the ATA device state data.
903 * @param fResetDrive Whether to reset the drive or just abort a command.
904 */
905static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
906{
907 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
908 ATARequest Req;
909
910 Assert(PDMCritSectIsOwner(&pCtl->lock));
911
912 /* Do not issue new requests while the RESET line is asserted. */
913 if (pCtl->fReset)
914 {
915 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
916 return;
917 }
918
919 Req.ReqType = ATA_AIO_ABORT;
920 Req.u.a.iIf = pCtl->iSelectedIf;
921 Req.u.a.fResetDrive = fResetDrive;
922 ataSetStatus(s, ATA_STAT_BUSY);
923 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
924 ataAsyncIOPutRequest(pCtl, &Req);
925}
926
927
928static void ataSetIRQ(ATADevState *s)
929{
930 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
931 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
932
933 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
934 {
935 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
936 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
937 * line is asserted. It monitors the line for a rising edge. */
938 if (!s->fIrqPending)
939 pCtl->BmDma.u8Status |= BM_STATUS_INT;
940 /* Only actually set the IRQ line if updating the currently selected drive. */
941 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
942 {
943 /** @todo experiment with adaptive IRQ delivery: for reads it is
944 * better to wait for IRQ delivery, as it reduces latency. */
945 if (pCtl->irq == 16)
946 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
947 else
948 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
949 }
950 }
951 s->fIrqPending = true;
952}
953
954#endif /* IN_RING3 */
955
956static void ataUnsetIRQ(ATADevState *s)
957{
958 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
959 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
960
961 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
962 {
963 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
964 /* Only actually unset the IRQ line if updating the currently selected drive. */
965 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
966 {
967 if (pCtl->irq == 16)
968 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
969 else
970 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
971 }
972 }
973 s->fIrqPending = false;
974}
975
976#ifdef IN_RING3
977
978static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
979{
980 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
981 s->iIOBufferPIODataStart = start;
982 s->iIOBufferPIODataEnd = start + size;
983 ataSetStatus(s, ATA_STAT_DRQ);
984}
985
986
987static void ataPIOTransferStop(ATADevState *s)
988{
989 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
990 if (s->fATAPITransfer)
991 {
992 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
993 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
994 ataSetIRQ(s);
995 s->fATAPITransfer = false;
996 }
997 s->cbTotalTransfer = 0;
998 s->cbElementaryTransfer = 0;
999 s->iIOBufferPIODataStart = 0;
1000 s->iIOBufferPIODataEnd = 0;
1001 s->iBeginTransfer = ATAFN_BT_NULL;
1002 s->iSourceSink = ATAFN_SS_NULL;
1003}
1004
1005
1006static void ataPIOTransferLimitATAPI(ATADevState *s)
1007{
1008 uint32_t cbLimit, cbTransfer;
1009
1010 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1011 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1012 if (cbLimit == 0)
1013 cbLimit = 0xfffe;
1014 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1015 if (cbLimit == 0xffff)
1016 cbLimit--;
1017 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1018 if (cbTransfer > cbLimit)
1019 {
1020 /* Byte count limit for clipping must be even in this case */
1021 if (cbLimit & 1)
1022 cbLimit--;
1023 cbTransfer = cbLimit;
1024 }
1025 s->uATARegLCyl = cbTransfer;
1026 s->uATARegHCyl = cbTransfer >> 8;
1027 s->cbElementaryTransfer = cbTransfer;
1028}
1029
1030
1031static uint32_t ataGetNSectors(ATADevState *s)
1032{
1033 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1034 if (s->fLBA48)
1035 {
1036 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1037 return 65536;
1038 else
1039 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1040 }
1041 else
1042 {
1043 if (!s->uATARegNSector)
1044 return 256;
1045 else
1046 return s->uATARegNSector;
1047 }
1048}
1049
1050
1051static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1052{
1053 for (uint32_t i = 0; i < cbSize; i++)
1054 {
1055 if (*pbSrc)
1056 pbDst[i ^ 1] = *pbSrc++;
1057 else
1058 pbDst[i ^ 1] = ' ';
1059 }
1060}
1061
1062
1063static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1064{
1065 for (uint32_t i = 0; i < cbSize; i++)
1066 {
1067 if (*pbSrc)
1068 pbDst[i] = *pbSrc++;
1069 else
1070 pbDst[i] = ' ';
1071 }
1072}
1073
1074
1075DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1076{
1077 pbBuf[0] = val >> 8;
1078 pbBuf[1] = val;
1079}
1080
1081
1082DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1083{
1084 pbBuf[0] = val >> 16;
1085 pbBuf[1] = val >> 8;
1086 pbBuf[2] = val;
1087}
1088
1089
1090DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1091{
1092 pbBuf[0] = val >> 24;
1093 pbBuf[1] = val >> 16;
1094 pbBuf[2] = val >> 8;
1095 pbBuf[3] = val;
1096}
1097
1098
1099DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1100{
1101 return (pbBuf[0] << 8) | pbBuf[1];
1102}
1103
1104
1105DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1114}
1115
1116
1117DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1118{
1119 iATAPILBA += 150;
1120 pbBuf[0] = (iATAPILBA / 75) / 60;
1121 pbBuf[1] = (iATAPILBA / 75) % 60;
1122 pbBuf[2] = iATAPILBA % 75;
1123}
1124
1125
1126DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1127{
1128 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1129}
1130
1131
1132static void ataCmdOK(ATADevState *s, uint8_t status)
1133{
1134 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1135 ataSetStatusValue(s, ATA_STAT_READY | status);
1136}
1137
1138
1139static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1140{
1141 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1142 Assert(uErrorCode);
1143 s->uATARegError = uErrorCode;
1144 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1145 s->cbTotalTransfer = 0;
1146 s->cbElementaryTransfer = 0;
1147 s->iIOBufferCur = 0;
1148 s->iIOBufferEnd = 0;
1149 s->uTxDir = PDMBLOCKTXDIR_NONE;
1150 s->iBeginTransfer = ATAFN_BT_NULL;
1151 s->iSourceSink = ATAFN_SS_NULL;
1152}
1153
1154static uint32_t ataChecksum(void* ptr, size_t count)
1155{
1156 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1157 size_t i;
1158
1159 for (i = 0; i < count; i++)
1160 {
1161 u8Sum += *p++;
1162 }
1163
1164 return (uint8_t)-(int32_t)u8Sum;
1165}
1166
1167static bool ataIdentifySS(ATADevState *s)
1168{
1169 uint16_t *p;
1170
1171 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1172 Assert(s->cbElementaryTransfer == 512);
1173
1174 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1175 memset(p, 0, 512);
1176 p[0] = RT_H2LE_U16(0x0040);
1177 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1178 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1179 /* Block size; obsolete, but required for the BIOS. */
1180 p[5] = RT_H2LE_U16(512);
1181 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1182 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1183 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1184 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1185 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1186 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1187 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1188#if ATA_MAX_MULT_SECTORS > 1
1189 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1190#endif
1191 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1192 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1193 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1194 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1195 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1196 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1197 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1198 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1199 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1200 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1201 * s->PCHSGeometry.cHeads
1202 * s->PCHSGeometry.cSectors);
1203 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1204 * s->PCHSGeometry.cHeads
1205 * s->PCHSGeometry.cSectors >> 16);
1206 if (s->cMultSectors)
1207 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1208 if (s->cTotalSectors <= (1 << 28) - 1)
1209 {
1210 p[60] = RT_H2LE_U16(s->cTotalSectors);
1211 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1212 }
1213 else
1214 {
1215 /* Report maximum number of sectors possible with LBA28 */
1216 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1217 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1218 }
1219 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1220 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1221 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1222 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1223 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1224 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1225 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1226 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1227 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1228 if (s->cTotalSectors <= (1 << 28) - 1)
1229 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1230 else
1231 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1232 p[84] = RT_H2LE_U16(1 << 14);
1233 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1234 if (s->cTotalSectors <= (1 << 28) - 1)
1235 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1236 else
1237 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1238 p[87] = RT_H2LE_U16(1 << 14);
1239 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1240 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1241 if (s->cTotalSectors > (1 << 28) - 1)
1242 {
1243 p[100] = RT_H2LE_U16(s->cTotalSectors);
1244 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1245 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1246 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1247 }
1248 uint32_t uCsum = ataChecksum(p, 510);
1249 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1250 s->iSourceSink = ATAFN_SS_NULL;
1251 ataCmdOK(s, ATA_STAT_SEEK);
1252 return false;
1253}
1254
1255
1256static bool ataFlushSS(ATADevState *s)
1257{
1258 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1259 int rc;
1260
1261 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1262 Assert(!s->cbElementaryTransfer);
1263
1264 PDMCritSectLeave(&pCtl->lock);
1265
1266 STAM_PROFILE_START(&s->StatFlushes, f);
1267 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1268 AssertRC(rc);
1269 STAM_PROFILE_STOP(&s->StatFlushes, f);
1270
1271 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1272 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1273 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1274 ataCmdOK(s, 0);
1275 return false;
1276}
1277
1278static bool atapiIdentifySS(ATADevState *s)
1279{
1280 uint16_t *p;
1281
1282 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1283 Assert(s->cbElementaryTransfer == 512);
1284
1285 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1286 memset(p, 0, 512);
1287 /* Removable CDROM, 50us response, 12 byte packets */
1288 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1289 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1290 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1291 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1292 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1293 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1294 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1295 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1296 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1297 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1298 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1299 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1300 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1301 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1302 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1303 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1304 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1305 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1306 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1307 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1308 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1309 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1310 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1311 p[83] = RT_H2LE_U16(1 << 14);
1312 p[84] = RT_H2LE_U16(1 << 14);
1313 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1314 p[86] = RT_H2LE_U16(0);
1315 p[87] = RT_H2LE_U16(1 << 14);
1316 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1317 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1318 /* According to ATAPI-5 spec:
1319 *
1320 * The use of this word is optional.
1321 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1322 * contain the data
1323 * structure checksum.
1324 * The data structure checksum is the twos complement of the sum of
1325 * all bytes in words 0 through 254 and the byte consisting of
1326 * bits 7:0 in word 255.
1327 * Each byte shall be added with unsigned arithmetic,
1328 * and overflow shall be ignored.
1329 * The sum of all 512 bytes is zero when the checksum is correct.
1330 */
1331 uint32_t uCsum = ataChecksum(p, 510);
1332 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1333
1334 s->iSourceSink = ATAFN_SS_NULL;
1335 ataCmdOK(s, ATA_STAT_SEEK);
1336 return false;
1337}
1338
1339
1340static void ataSetSignature(ATADevState *s)
1341{
1342 s->uATARegSelect &= 0xf0; /* clear head */
1343 /* put signature */
1344 s->uATARegNSector = 1;
1345 s->uATARegSector = 1;
1346 if (s->fATAPI)
1347 {
1348 s->uATARegLCyl = 0x14;
1349 s->uATARegHCyl = 0xeb;
1350 }
1351 else if (s->pDrvBlock)
1352 {
1353 s->uATARegLCyl = 0;
1354 s->uATARegHCyl = 0;
1355 }
1356 else
1357 {
1358 s->uATARegLCyl = 0xff;
1359 s->uATARegHCyl = 0xff;
1360 }
1361}
1362
1363
1364static uint64_t ataGetSector(ATADevState *s)
1365{
1366 uint64_t iLBA;
1367 if (s->uATARegSelect & 0x40)
1368 {
1369 /* any LBA variant */
1370 if (s->fLBA48)
1371 {
1372 /* LBA48 */
1373 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1374 ((uint64_t)s->uATARegLCylHOB << 32) |
1375 ((uint64_t)s->uATARegSectorHOB << 24) |
1376 ((uint64_t)s->uATARegHCyl << 16) |
1377 ((uint64_t)s->uATARegLCyl << 8) |
1378 s->uATARegSector;
1379 }
1380 else
1381 {
1382 /* LBA */
1383 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1384 (s->uATARegLCyl << 8) | s->uATARegSector;
1385 }
1386 }
1387 else
1388 {
1389 /* CHS */
1390 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1391 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1392 (s->uATARegSector - 1);
1393 }
1394 return iLBA;
1395}
1396
1397static void ataSetSector(ATADevState *s, uint64_t iLBA)
1398{
1399 uint32_t cyl, r;
1400 if (s->uATARegSelect & 0x40)
1401 {
1402 /* any LBA variant */
1403 if (s->fLBA48)
1404 {
1405 /* LBA48 */
1406 s->uATARegHCylHOB = iLBA >> 40;
1407 s->uATARegLCylHOB = iLBA >> 32;
1408 s->uATARegSectorHOB = iLBA >> 24;
1409 s->uATARegHCyl = iLBA >> 16;
1410 s->uATARegLCyl = iLBA >> 8;
1411 s->uATARegSector = iLBA;
1412 }
1413 else
1414 {
1415 /* LBA */
1416 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1417 s->uATARegHCyl = (iLBA >> 16);
1418 s->uATARegLCyl = (iLBA >> 8);
1419 s->uATARegSector = (iLBA);
1420 }
1421 }
1422 else
1423 {
1424 /* CHS */
1425 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1426 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1427 s->uATARegHCyl = cyl >> 8;
1428 s->uATARegLCyl = cyl;
1429 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1430 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1431 }
1432}
1433
1434
1435static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1436{
1437 int rc;
1438 LogRel(("PIIX3 ATA: Host disk full\n"));
1439 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1440 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1441 AssertRC(rc);
1442}
1443
1444static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1445{
1446 int rc;
1447 LogRel(("PIIX3 ATA: File too big\n"));
1448 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1449 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1450 AssertRC(rc);
1451}
1452
1453static void ataWarningISCSI(PPDMDEVINS pDevIns)
1454{
1455 int rc;
1456 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1457 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1458 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1459 AssertRC(rc);
1460}
1461
1462static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1463{
1464 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1465 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1466 if (rc == VERR_DISK_FULL)
1467 {
1468 pCtl->fRedoIdle = true;
1469 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1470 return true;
1471 }
1472 if (rc == VERR_FILE_TOO_BIG)
1473 {
1474 pCtl->fRedoIdle = true;
1475 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1476 return true;
1477 }
1478 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1479 {
1480 pCtl->fRedoIdle = true;
1481 /* iSCSI connection abort (first error) or failure to reestablish
1482 * connection (second error). Pause VM. On resume we'll retry. */
1483 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1484 return true;
1485 }
1486 return false;
1487}
1488
1489
1490static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1491 uint32_t cSectors, bool *pfRedo)
1492{
1493 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1494 int rc;
1495
1496 PDMCritSectLeave(&pCtl->lock);
1497
1498 STAM_PROFILE_ADV_START(&s->StatReads, r);
1499 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1500 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1501 s->Led.Actual.s.fReading = 0;
1502 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1503
1504 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1505
1506 if (RT_SUCCESS(rc))
1507 *pfRedo = false;
1508 else
1509 *pfRedo = ataIsRedoSetWarning(s, rc);
1510
1511 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1512 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1513 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1514 return rc;
1515}
1516
1517
1518static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1519 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1520{
1521 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1522 int rc;
1523
1524 PDMCritSectLeave(&pCtl->lock);
1525
1526 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1527 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1528#ifdef VBOX_INSTRUMENT_DMA_WRITES
1529 if (s->fDMA)
1530 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1531#endif
1532 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1533#ifdef VBOX_INSTRUMENT_DMA_WRITES
1534 if (s->fDMA)
1535 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1536#endif
1537 s->Led.Actual.s.fWriting = 0;
1538 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1539
1540 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1541
1542 if (RT_SUCCESS(rc))
1543 *pfRedo = false;
1544 else
1545 *pfRedo = ataIsRedoSetWarning(s, rc);
1546
1547 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1548 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1549 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1550 return rc;
1551}
1552
1553
1554static void ataReadWriteSectorsBT(ATADevState *s)
1555{
1556 uint32_t cSectors;
1557
1558 cSectors = s->cbTotalTransfer / 512;
1559 if (cSectors > s->cSectorsPerIRQ)
1560 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1561 else
1562 s->cbElementaryTransfer = cSectors * 512;
1563 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1564 ataCmdOK(s, 0);
1565}
1566
1567
1568static bool ataReadSectorsSS(ATADevState *s)
1569{
1570 int rc;
1571 uint32_t cSectors;
1572 uint64_t iLBA;
1573 bool fRedo;
1574
1575 cSectors = s->cbElementaryTransfer / 512;
1576 Assert(cSectors);
1577 iLBA = ataGetSector(s);
1578 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1579 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1580 if (RT_SUCCESS(rc))
1581 {
1582 ataSetSector(s, iLBA + cSectors);
1583 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1584 s->iSourceSink = ATAFN_SS_NULL;
1585 ataCmdOK(s, ATA_STAT_SEEK);
1586 }
1587 else
1588 {
1589 if (fRedo)
1590 return fRedo;
1591 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1592 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1593 s->iLUN, rc, iLBA, cSectors));
1594
1595 /*
1596 * Check if we got interrupted. We don't need to set status variables
1597 * because the request was aborted.
1598 */
1599 if (rc != VERR_INTERRUPTED)
1600 ataCmdError(s, ID_ERR);
1601 }
1602 return false;
1603}
1604
1605
1606static bool ataWriteSectorsSS(ATADevState *s)
1607{
1608 int rc;
1609 uint32_t cSectors;
1610 uint64_t iLBA;
1611 bool fRedo;
1612
1613 cSectors = s->cbElementaryTransfer / 512;
1614 Assert(cSectors);
1615 iLBA = ataGetSector(s);
1616 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1617 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1618 if (RT_SUCCESS(rc))
1619 {
1620 ataSetSector(s, iLBA + cSectors);
1621 if (!s->cbTotalTransfer)
1622 s->iSourceSink = ATAFN_SS_NULL;
1623 ataCmdOK(s, ATA_STAT_SEEK);
1624 }
1625 else
1626 {
1627 if (fRedo)
1628 return fRedo;
1629 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1630 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1631 s->iLUN, rc, iLBA, cSectors));
1632
1633 /*
1634 * Check if we got interrupted. We don't need to set status variables
1635 * because the request was aborted.
1636 */
1637 if (rc != VERR_INTERRUPTED)
1638 ataCmdError(s, ID_ERR);
1639 }
1640 return false;
1641}
1642
1643
1644static void atapiCmdOK(ATADevState *s)
1645{
1646 s->uATARegError = 0;
1647 ataSetStatusValue(s, ATA_STAT_READY);
1648 s->uATARegNSector = (s->uATARegNSector & ~7)
1649 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1650 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1651 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1652
1653 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1654 s->abATAPISense[0] = 0x70 | (1 << 7);
1655 s->abATAPISense[7] = 10;
1656}
1657
1658
1659static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1660{
1661 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1662 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1663 s->uATARegError = pabATAPISense[2] << 4;
1664 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1665 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1666 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1667 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1668 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1669 s->cbTotalTransfer = 0;
1670 s->cbElementaryTransfer = 0;
1671 s->iIOBufferCur = 0;
1672 s->iIOBufferEnd = 0;
1673 s->uTxDir = PDMBLOCKTXDIR_NONE;
1674 s->iBeginTransfer = ATAFN_BT_NULL;
1675 s->iSourceSink = ATAFN_SS_NULL;
1676}
1677
1678
1679/** @todo deprecated function - doesn't provide enough info. Replace by direct
1680 * calls to atapiCmdError() with full data. */
1681static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1682{
1683 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1684 memset(abATAPISense, '\0', sizeof(abATAPISense));
1685 abATAPISense[0] = 0x70 | (1 << 7);
1686 abATAPISense[2] = uATAPISenseKey & 0x0f;
1687 abATAPISense[7] = 10;
1688 abATAPISense[12] = uATAPIASC;
1689 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1690}
1691
1692
1693static void atapiCmdBT(ATADevState *s)
1694{
1695 s->fATAPITransfer = true;
1696 s->cbElementaryTransfer = s->cbTotalTransfer;
1697 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1698 atapiCmdOK(s);
1699}
1700
1701
1702static void atapiPassthroughCmdBT(ATADevState *s)
1703{
1704 /* @todo implement an algorithm for correctly determining the read and
1705 * write sector size without sending additional commands to the drive.
1706 * This should be doable by saving processing the configuration requests
1707 * and replies. */
1708#if 0
1709 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1710 {
1711 uint8_t cmd = s->aATAPICmd[0];
1712 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1713 {
1714 uint8_t aModeSenseCmd[10];
1715 uint8_t aModeSenseResult[16];
1716 uint8_t uDummySense;
1717 uint32_t cbTransfer;
1718 int rc;
1719
1720 cbTransfer = sizeof(aModeSenseResult);
1721 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1722 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1723 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1724 aModeSenseCmd[3] = 0; /* subpage code */
1725 aModeSenseCmd[4] = 0; /* reserved */
1726 aModeSenseCmd[5] = 0; /* reserved */
1727 aModeSenseCmd[6] = 0; /* reserved */
1728 aModeSenseCmd[7] = cbTransfer >> 8;
1729 aModeSenseCmd[8] = cbTransfer & 0xff;
1730 aModeSenseCmd[9] = 0; /* control */
1731 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1732 if (RT_FAILURE(rc))
1733 {
1734 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1735 return;
1736 }
1737 /* Select sector size based on the current data block type. */
1738 switch (aModeSenseResult[12] & 0x0f)
1739 {
1740 case 0:
1741 s->cbATAPISector = 2352;
1742 break;
1743 case 1:
1744 s->cbATAPISector = 2368;
1745 break;
1746 case 2:
1747 case 3:
1748 s->cbATAPISector = 2448;
1749 break;
1750 case 8:
1751 case 10:
1752 s->cbATAPISector = 2048;
1753 break;
1754 case 9:
1755 s->cbATAPISector = 2336;
1756 break;
1757 case 11:
1758 s->cbATAPISector = 2056;
1759 break;
1760 case 12:
1761 s->cbATAPISector = 2324;
1762 break;
1763 case 13:
1764 s->cbATAPISector = 2332;
1765 break;
1766 default:
1767 s->cbATAPISector = 0;
1768 }
1769 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1770 s->cbTotalTransfer *= s->cbATAPISector;
1771 if (s->cbTotalTransfer == 0)
1772 s->uTxDir = PDMBLOCKTXDIR_NONE;
1773 }
1774 }
1775#endif
1776 atapiCmdBT(s);
1777}
1778
1779
1780static bool atapiReadSS(ATADevState *s)
1781{
1782 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1783 int rc = VINF_SUCCESS;
1784 uint32_t cbTransfer, cSectors;
1785
1786 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1787 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1788 cSectors = cbTransfer / s->cbATAPISector;
1789 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1790 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1791
1792 PDMCritSectLeave(&pCtl->lock);
1793
1794 STAM_PROFILE_ADV_START(&s->StatReads, r);
1795 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1796 switch (s->cbATAPISector)
1797 {
1798 case 2048:
1799 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1800 break;
1801 case 2352:
1802 {
1803 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1804
1805 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1806 {
1807 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1808 *pbBuf++ = 0x00;
1809 memset(pbBuf, 0xff, 10);
1810 pbBuf += 10;
1811 *pbBuf++ = 0x00;
1812 /* MSF */
1813 ataLBA2MSF(pbBuf, i);
1814 pbBuf += 3;
1815 *pbBuf++ = 0x01; /* mode 1 data */
1816 /* data */
1817 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1818 if (RT_FAILURE(rc))
1819 break;
1820 pbBuf += 2048;
1821 /**
1822 * @todo: maybe compute ECC and parity, layout is:
1823 * 2072 4 EDC
1824 * 2076 172 P parity symbols
1825 * 2248 104 Q parity symbols
1826 */
1827 memset(pbBuf, 0, 280);
1828 pbBuf += 280;
1829 }
1830 }
1831 break;
1832 default:
1833 break;
1834 }
1835 s->Led.Actual.s.fReading = 0;
1836 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1837
1838 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1839 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1840 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1841
1842 if (RT_SUCCESS(rc))
1843 {
1844 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1845
1846 /* The initial buffer end value has been set up based on the total
1847 * transfer size. But the I/O buffer size limits what can actually be
1848 * done in one transfer, so set the actual value of the buffer end. */
1849 s->cbElementaryTransfer = cbTransfer;
1850 if (cbTransfer >= s->cbTotalTransfer)
1851 s->iSourceSink = ATAFN_SS_NULL;
1852 atapiCmdOK(s);
1853 s->iATAPILBA += cSectors;
1854 }
1855 else
1856 {
1857 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1858 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1859
1860 /*
1861 * Check if we got interrupted. We don't need to set status variables
1862 * because the request was aborted.
1863 */
1864 if (rc != VERR_INTERRUPTED)
1865 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1866 }
1867 return false;
1868}
1869
1870/**
1871 * Sets the given media track type.
1872 */
1873static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1874{
1875 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1876}
1877
1878static bool atapiPassthroughSS(ATADevState *s)
1879{
1880 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1881 int rc = VINF_SUCCESS;
1882 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1883 uint32_t cbTransfer;
1884 PSTAMPROFILEADV pProf = NULL;
1885
1886 cbTransfer = s->cbElementaryTransfer;
1887
1888 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1889 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1890
1891 /* Simple heuristics: if there is at least one sector of data
1892 * to transfer, it's worth updating the LEDs. */
1893 if (cbTransfer >= 2048)
1894 {
1895 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1896 {
1897 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1898 pProf = &s->StatReads;
1899 }
1900 else
1901 {
1902 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1903 pProf = &s->StatWrites;
1904 }
1905 }
1906
1907 PDMCritSectLeave(&pCtl->lock);
1908
1909 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1910 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1911 {
1912 /* Linux accepts commands with up to 100KB of data, but expects
1913 * us to handle commands with up to 128KB of data. The usual
1914 * imbalance of powers. */
1915 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1916 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1917 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1918
1919 switch (s->aATAPICmd[0])
1920 {
1921 case SCSI_READ_10:
1922 case SCSI_WRITE_10:
1923 case SCSI_WRITE_AND_VERIFY_10:
1924 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1925 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1926 break;
1927 case SCSI_READ_12:
1928 case SCSI_WRITE_12:
1929 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1930 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1931 break;
1932 case SCSI_READ_CD:
1933 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1934 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
1935 break;
1936 case SCSI_READ_CD_MSF:
1937 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1938 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1939 break;
1940 default:
1941 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1942 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1943 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1944 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1945 {
1946 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1947 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1948 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1949 }
1950 return false;
1951 }
1952 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1953 cReqSectors = 0;
1954 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1955 {
1956 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1957 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1958 else
1959 cReqSectors = i;
1960 cbCurrTX = s->cbATAPISector * cReqSectors;
1961 switch (s->aATAPICmd[0])
1962 {
1963 case SCSI_READ_10:
1964 case SCSI_WRITE_10:
1965 case SCSI_WRITE_AND_VERIFY_10:
1966 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1967 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1968 break;
1969 case SCSI_READ_12:
1970 case SCSI_WRITE_12:
1971 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1972 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1973 break;
1974 case SCSI_READ_CD:
1975 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1976 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
1977 break;
1978 case SCSI_READ_CD_MSF:
1979 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1980 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1981 break;
1982 }
1983 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1984 if (rc != VINF_SUCCESS)
1985 break;
1986 iATAPILBA += cReqSectors;
1987 pbBuf += s->cbATAPISector * cReqSectors;
1988 }
1989 }
1990 else
1991 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1992 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1993
1994 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1995 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1996 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1997
1998 /* Update the LEDs and the read/write statistics. */
1999 if (cbTransfer >= 2048)
2000 {
2001 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2002 {
2003 s->Led.Actual.s.fReading = 0;
2004 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2005 }
2006 else
2007 {
2008 s->Led.Actual.s.fWriting = 0;
2009 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2010 }
2011 }
2012
2013 if (RT_SUCCESS(rc))
2014 {
2015 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2016 {
2017 Assert(cbTransfer <= s->cbTotalTransfer);
2018 /* Reply with the same amount of data as the real drive. */
2019 s->cbTotalTransfer = cbTransfer;
2020 /* The initial buffer end value has been set up based on the total
2021 * transfer size. But the I/O buffer size limits what can actually be
2022 * done in one transfer, so set the actual value of the buffer end. */
2023 s->cbElementaryTransfer = cbTransfer;
2024 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2025 {
2026 /* Make sure that the real drive cannot be identified.
2027 * Motivation: changing the VM configuration should be as
2028 * invisible as possible to the guest. */
2029 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2030 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2031 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2032 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2033 }
2034 else if (s->aATAPICmd[0] == SCSI_READ_TOC_PMA_ATIP)
2035 {
2036 /* Set the media type if we can detect it. */
2037 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2038
2039 /** @todo: Implemented only for formatted TOC now. */
2040 if ( (s->aATAPICmd[1] & 0xf) == 0
2041 && cbTransfer >= 6)
2042 {
2043 uint32_t NewMediaType;
2044 uint32_t OldMediaType;
2045
2046 if (pbBuf[5] & 0x4)
2047 NewMediaType = ATA_MEDIA_TYPE_DATA;
2048 else
2049 NewMediaType = ATA_MEDIA_TYPE_CDDA;
2050
2051 OldMediaType = ataMediumTypeSet(s, NewMediaType);
2052
2053 if (OldMediaType != NewMediaType)
2054 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough, detected %s CD\n",
2055 s->iLUN,
2056 NewMediaType == ATA_MEDIA_TYPE_DATA
2057 ? "data"
2058 : "audio"));
2059 }
2060 else /* Play safe and set to unknown. */
2061 ataMediumTypeSet(s, ATA_MEDIA_TYPE_UNKNOWN);
2062 }
2063 if (cbTransfer)
2064 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2065 }
2066 s->iSourceSink = ATAFN_SS_NULL;
2067 atapiCmdOK(s);
2068 }
2069 else
2070 {
2071 if (s->cErrors < MAX_LOG_REL_ERRORS)
2072 {
2073 uint8_t u8Cmd = s->aATAPICmd[0];
2074 do
2075 {
2076 /* don't log superfluous errors */
2077 if ( rc == VERR_DEV_IO_ERROR
2078 && ( u8Cmd == SCSI_TEST_UNIT_READY
2079 || u8Cmd == SCSI_READ_CAPACITY
2080 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2081 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2082 break;
2083 s->cErrors++;
2084 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2085 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2086 } while (0);
2087 }
2088 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2089 }
2090 return false;
2091}
2092
2093/** @todo: Revise ASAP. */
2094static bool atapiReadDVDStructureSS(ATADevState *s)
2095{
2096 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2097 int media = s->aATAPICmd[1];
2098 int format = s->aATAPICmd[7];
2099
2100 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2101
2102 memset(buf, 0, max_len);
2103
2104 switch (format) {
2105 case 0x00:
2106 case 0x01:
2107 case 0x02:
2108 case 0x03:
2109 case 0x04:
2110 case 0x05:
2111 case 0x06:
2112 case 0x07:
2113 case 0x08:
2114 case 0x09:
2115 case 0x0a:
2116 case 0x0b:
2117 case 0x0c:
2118 case 0x0d:
2119 case 0x0e:
2120 case 0x0f:
2121 case 0x10:
2122 case 0x11:
2123 case 0x30:
2124 case 0x31:
2125 case 0xff:
2126 if (media == 0)
2127 {
2128 int uASC = SCSI_ASC_NONE;
2129
2130 switch (format)
2131 {
2132 case 0x0: /* Physical format information */
2133 {
2134 int layer = s->aATAPICmd[6];
2135 uint64_t total_sectors;
2136
2137 if (layer != 0)
2138 {
2139 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2140 break;
2141 }
2142
2143 total_sectors = s->cTotalSectors;
2144 total_sectors >>= 2;
2145 if (total_sectors == 0)
2146 {
2147 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2148 break;
2149 }
2150
2151 buf[4] = 1; /* DVD-ROM, part version 1 */
2152 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2153 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2154 buf[7] = 0; /* default densities */
2155
2156 /* FIXME: 0x30000 per spec? */
2157 ataH2BE_U32(buf + 8, 0); /* start sector */
2158 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2159 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2160
2161 /* Size of buffer, not including 2 byte size field */
2162 ataH2BE_U32(&buf[0], 2048 + 2);
2163
2164 /* 2k data + 4 byte header */
2165 uASC = (2048 + 4);
2166 }
2167 break;
2168 case 0x01: /* DVD copyright information */
2169 buf[4] = 0; /* no copyright data */
2170 buf[5] = 0; /* no region restrictions */
2171
2172 /* Size of buffer, not including 2 byte size field */
2173 ataH2BE_U16(buf, 4 + 2);
2174
2175 /* 4 byte header + 4 byte data */
2176 uASC = (4 + 4);
2177
2178 case 0x03: /* BCA information - invalid field for no BCA info */
2179 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2180 break;
2181
2182 case 0x04: /* DVD disc manufacturing information */
2183 /* Size of buffer, not including 2 byte size field */
2184 ataH2BE_U16(buf, 2048 + 2);
2185
2186 /* 2k data + 4 byte header */
2187 uASC = (2048 + 4);
2188 break;
2189 case 0xff:
2190 /*
2191 * This lists all the command capabilities above. Add new ones
2192 * in order and update the length and buffer return values.
2193 */
2194
2195 buf[4] = 0x00; /* Physical format */
2196 buf[5] = 0x40; /* Not writable, is readable */
2197 ataH2BE_U16((buf + 6), 2048 + 4);
2198
2199 buf[8] = 0x01; /* Copyright info */
2200 buf[9] = 0x40; /* Not writable, is readable */
2201 ataH2BE_U16((buf + 10), 4 + 4);
2202
2203 buf[12] = 0x03; /* BCA info */
2204 buf[13] = 0x40; /* Not writable, is readable */
2205 ataH2BE_U16((buf + 14), 188 + 4);
2206
2207 buf[16] = 0x04; /* Manufacturing info */
2208 buf[17] = 0x40; /* Not writable, is readable */
2209 ataH2BE_U16((buf + 18), 2048 + 4);
2210
2211 /* Size of buffer, not including 2 byte size field */
2212 ataH2BE_U16(buf, 16 + 2);
2213
2214 /* data written + 4 byte header */
2215 uASC = (16 + 4);
2216 break;
2217 default: /* TODO: formats beyond DVD-ROM requires */
2218 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2219 }
2220
2221 if (uASC < 0)
2222 {
2223 s->iSourceSink = ATAFN_SS_NULL;
2224 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2225 return false;
2226 }
2227 break;
2228 }
2229 /* TODO: BD support, fall through for now */
2230
2231 /* Generic disk structures */
2232 case 0x80: /* TODO: AACS volume identifier */
2233 case 0x81: /* TODO: AACS media serial number */
2234 case 0x82: /* TODO: AACS media identifier */
2235 case 0x83: /* TODO: AACS media key block */
2236 case 0x90: /* TODO: List of recognized format layers */
2237 case 0xc0: /* TODO: Write protection status */
2238 default:
2239 s->iSourceSink = ATAFN_SS_NULL;
2240 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2241 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2242 return false;
2243 }
2244
2245 s->iSourceSink = ATAFN_SS_NULL;
2246 atapiCmdOK(s);
2247 return false;
2248}
2249
2250static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2251{
2252 Assert(cSectors > 0);
2253 s->iATAPILBA = iATAPILBA;
2254 s->cbATAPISector = cbSector;
2255 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2256 return false;
2257}
2258
2259
2260static bool atapiReadCapacitySS(ATADevState *s)
2261{
2262 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2263
2264 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2265 Assert(s->cbElementaryTransfer <= 8);
2266 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2267 ataH2BE_U32(pbBuf + 4, 2048);
2268 s->iSourceSink = ATAFN_SS_NULL;
2269 atapiCmdOK(s);
2270 return false;
2271}
2272
2273
2274static bool atapiReadDiscInformationSS(ATADevState *s)
2275{
2276 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2277
2278 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2279 Assert(s->cbElementaryTransfer <= 34);
2280 memset(pbBuf, '\0', 34);
2281 ataH2BE_U16(pbBuf, 32);
2282 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2283 pbBuf[3] = 1; /* number of first track */
2284 pbBuf[4] = 1; /* number of sessions (LSB) */
2285 pbBuf[5] = 1; /* first track number in last session (LSB) */
2286 pbBuf[6] = 1; /* last track number in last session (LSB) */
2287 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2288 pbBuf[8] = 0; /* disc type = CD-ROM */
2289 pbBuf[9] = 0; /* number of sessions (MSB) */
2290 pbBuf[10] = 0; /* number of sessions (MSB) */
2291 pbBuf[11] = 0; /* number of sessions (MSB) */
2292 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2293 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2294 s->iSourceSink = ATAFN_SS_NULL;
2295 atapiCmdOK(s);
2296 return false;
2297}
2298
2299
2300static bool atapiReadTrackInformationSS(ATADevState *s)
2301{
2302 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2303
2304 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2305 Assert(s->cbElementaryTransfer <= 36);
2306 /* Accept address/number type of 1 only, and only track 1 exists. */
2307 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2308 {
2309 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2310 return false;
2311 }
2312 memset(pbBuf, '\0', 36);
2313 ataH2BE_U16(pbBuf, 34);
2314 pbBuf[2] = 1; /* track number (LSB) */
2315 pbBuf[3] = 1; /* session number (LSB) */
2316 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2317 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2318 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2319 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2320 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2321 pbBuf[32] = 0; /* track number (MSB) */
2322 pbBuf[33] = 0; /* session number (MSB) */
2323 s->iSourceSink = ATAFN_SS_NULL;
2324 atapiCmdOK(s);
2325 return false;
2326}
2327
2328
2329static bool atapiGetConfigurationSS(ATADevState *s)
2330{
2331 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2332 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2333
2334 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2335 Assert(s->cbElementaryTransfer <= 32);
2336 /* Accept valid request types only, and only starting feature 0. */
2337 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2338 {
2339 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2340 return false;
2341 }
2342 memset(pbBuf, '\0', 32);
2343 ataH2BE_U32(pbBuf, 16);
2344 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2345 * way to differentiate them right now is based on the image size). Also
2346 * implement signalling "no current profile" if no medium is loaded. */
2347 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2348
2349 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2350 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2351 pbBuf[11] = 8; /* additional bytes for profiles */
2352 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2353 * before CD-ROM read capability. */
2354 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2355 pbBuf[14] = (0 << 0); /* NOT current profile */
2356 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2357 pbBuf[18] = (1 << 0); /* current profile */
2358 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2359 s->iSourceSink = ATAFN_SS_NULL;
2360 atapiCmdOK(s);
2361 return false;
2362}
2363
2364
2365static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2366{
2367 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2368
2369 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2370 Assert(s->cbElementaryTransfer <= 8);
2371
2372 if (!(s->aATAPICmd[1] & 1))
2373 {
2374 /* no asynchronous operation supported */
2375 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2376 return false;
2377 }
2378
2379 uint32_t OldStatus, NewStatus;
2380 do
2381 {
2382 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2383 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2384 switch (OldStatus)
2385 {
2386 case ATA_EVENT_STATUS_MEDIA_NEW:
2387 /* mount */
2388 ataH2BE_U16(pbBuf + 0, 6);
2389 pbBuf[2] = 0x04; /* media */
2390 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2391 pbBuf[4] = 0x02; /* new medium */
2392 pbBuf[5] = 0x02; /* medium present / door closed */
2393 pbBuf[6] = 0x00;
2394 pbBuf[7] = 0x00;
2395 break;
2396
2397 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2398 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2399 /* umount */
2400 ataH2BE_U16(pbBuf + 0, 6);
2401 pbBuf[2] = 0x04; /* media */
2402 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2403 pbBuf[4] = 0x03; /* media removal */
2404 pbBuf[5] = 0x00; /* medium absent / door closed */
2405 pbBuf[6] = 0x00;
2406 pbBuf[7] = 0x00;
2407 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2408 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2409 break;
2410
2411 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2412 ataH2BE_U16(pbBuf + 0, 6);
2413 pbBuf[2] = 0x04; /* media */
2414 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2415 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2416 pbBuf[5] = 0x02; /* medium present / door closed */
2417 pbBuf[6] = 0x00;
2418 pbBuf[7] = 0x00;
2419 break;
2420
2421 case ATA_EVENT_STATUS_UNCHANGED:
2422 default:
2423 ataH2BE_U16(pbBuf + 0, 6);
2424 pbBuf[2] = 0x01; /* operational change request / notification */
2425 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2426 pbBuf[4] = 0x00;
2427 pbBuf[5] = 0x00;
2428 pbBuf[6] = 0x00;
2429 pbBuf[7] = 0x00;
2430 break;
2431 }
2432 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2433
2434 s->iSourceSink = ATAFN_SS_NULL;
2435 atapiCmdOK(s);
2436 return false;
2437}
2438
2439
2440static bool atapiInquirySS(ATADevState *s)
2441{
2442 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2443
2444 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2445 Assert(s->cbElementaryTransfer <= 36);
2446 pbBuf[0] = 0x05; /* CD-ROM */
2447 pbBuf[1] = 0x80; /* removable */
2448#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2449 pbBuf[2] = 0x00; /* ISO */
2450 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2451#else
2452 pbBuf[2] = 0x00; /* ISO */
2453 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2454#endif
2455 pbBuf[4] = 31; /* additional length */
2456 pbBuf[5] = 0; /* reserved */
2457 pbBuf[6] = 0; /* reserved */
2458 pbBuf[7] = 0; /* reserved */
2459 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2460 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2461 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2462 s->iSourceSink = ATAFN_SS_NULL;
2463 atapiCmdOK(s);
2464 return false;
2465}
2466
2467
2468static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2469{
2470 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2471
2472 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2473 Assert(s->cbElementaryTransfer <= 16);
2474 ataH2BE_U16(&pbBuf[0], 16 + 6);
2475 pbBuf[2] = 0x70;
2476 pbBuf[3] = 0;
2477 pbBuf[4] = 0;
2478 pbBuf[5] = 0;
2479 pbBuf[6] = 0;
2480 pbBuf[7] = 0;
2481
2482 pbBuf[8] = 0x01;
2483 pbBuf[9] = 0x06;
2484 pbBuf[10] = 0x00;
2485 pbBuf[11] = 0x05;
2486 pbBuf[12] = 0x00;
2487 pbBuf[13] = 0x00;
2488 pbBuf[14] = 0x00;
2489 pbBuf[15] = 0x00;
2490 s->iSourceSink = ATAFN_SS_NULL;
2491 atapiCmdOK(s);
2492 return false;
2493}
2494
2495
2496static bool atapiModeSenseCDStatusSS(ATADevState *s)
2497{
2498 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2499
2500 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2501 Assert(s->cbElementaryTransfer <= 40);
2502 ataH2BE_U16(&pbBuf[0], 38);
2503 pbBuf[2] = 0x70;
2504 pbBuf[3] = 0;
2505 pbBuf[4] = 0;
2506 pbBuf[5] = 0;
2507 pbBuf[6] = 0;
2508 pbBuf[7] = 0;
2509
2510 pbBuf[8] = 0x2a;
2511 pbBuf[9] = 30; /* page length */
2512 pbBuf[10] = 0x08; /* DVD-ROM read support */
2513 pbBuf[11] = 0x00; /* no write support */
2514 /* The following claims we support audio play. This is obviously false,
2515 * but the Linux generic CDROM support makes many features depend on this
2516 * capability. If it's not set, this causes many things to be disabled. */
2517 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2518 pbBuf[13] = 0x00; /* no subchannel reads supported */
2519 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2520 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2521 pbBuf[14] |= 1 << 1; /* report lock state */
2522 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2523 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2524 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2525 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2526 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2527 pbBuf[24] = 0; /* reserved */
2528 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2529 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2530 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2531 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2532 pbBuf[32] = 0; /* reserved */
2533 pbBuf[33] = 0; /* reserved */
2534 pbBuf[34] = 0; /* reserved */
2535 pbBuf[35] = 1; /* rotation control CAV */
2536 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2537 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2538 s->iSourceSink = ATAFN_SS_NULL;
2539 atapiCmdOK(s);
2540 return false;
2541}
2542
2543
2544static bool atapiRequestSenseSS(ATADevState *s)
2545{
2546 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2547
2548 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2549 memset(pbBuf, '\0', s->cbElementaryTransfer);
2550 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2551 s->iSourceSink = ATAFN_SS_NULL;
2552 atapiCmdOK(s);
2553 return false;
2554}
2555
2556
2557static bool atapiMechanismStatusSS(ATADevState *s)
2558{
2559 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2560
2561 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2562 Assert(s->cbElementaryTransfer <= 8);
2563 ataH2BE_U16(pbBuf, 0);
2564 /* no current LBA */
2565 pbBuf[2] = 0;
2566 pbBuf[3] = 0;
2567 pbBuf[4] = 0;
2568 pbBuf[5] = 1;
2569 ataH2BE_U16(pbBuf + 6, 0);
2570 s->iSourceSink = ATAFN_SS_NULL;
2571 atapiCmdOK(s);
2572 return false;
2573}
2574
2575
2576static bool atapiReadTOCNormalSS(ATADevState *s)
2577{
2578 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2579 bool fMSF;
2580 uint32_t cbSize;
2581
2582 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2583 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2584 iStartTrack = s->aATAPICmd[6];
2585 if (iStartTrack > 1 && iStartTrack != 0xaa)
2586 {
2587 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2588 return false;
2589 }
2590 q = pbBuf + 2;
2591 *q++ = 1; /* first session */
2592 *q++ = 1; /* last session */
2593 if (iStartTrack <= 1)
2594 {
2595 *q++ = 0; /* reserved */
2596 *q++ = 0x14; /* ADR, control */
2597 *q++ = 1; /* track number */
2598 *q++ = 0; /* reserved */
2599 if (fMSF)
2600 {
2601 *q++ = 0; /* reserved */
2602 ataLBA2MSF(q, 0);
2603 q += 3;
2604 }
2605 else
2606 {
2607 /* sector 0 */
2608 ataH2BE_U32(q, 0);
2609 q += 4;
2610 }
2611 }
2612 /* lead out track */
2613 *q++ = 0; /* reserved */
2614 *q++ = 0x14; /* ADR, control */
2615 *q++ = 0xaa; /* track number */
2616 *q++ = 0; /* reserved */
2617 if (fMSF)
2618 {
2619 *q++ = 0; /* reserved */
2620 ataLBA2MSF(q, s->cTotalSectors);
2621 q += 3;
2622 }
2623 else
2624 {
2625 ataH2BE_U32(q, s->cTotalSectors);
2626 q += 4;
2627 }
2628 cbSize = q - pbBuf;
2629 ataH2BE_U16(pbBuf, cbSize - 2);
2630 if (cbSize < s->cbTotalTransfer)
2631 s->cbTotalTransfer = cbSize;
2632 s->iSourceSink = ATAFN_SS_NULL;
2633 atapiCmdOK(s);
2634 return false;
2635}
2636
2637
2638static bool atapiReadTOCMultiSS(ATADevState *s)
2639{
2640 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2641 bool fMSF;
2642
2643 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2644 Assert(s->cbElementaryTransfer <= 12);
2645 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2646 /* multi session: only a single session defined */
2647/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2648 memset(pbBuf, 0, 12);
2649 pbBuf[1] = 0x0a;
2650 pbBuf[2] = 0x01;
2651 pbBuf[3] = 0x01;
2652 pbBuf[5] = 0x14; /* ADR, control */
2653 pbBuf[6] = 1; /* first track in last complete session */
2654 if (fMSF)
2655 {
2656 pbBuf[8] = 0; /* reserved */
2657 ataLBA2MSF(&pbBuf[9], 0);
2658 }
2659 else
2660 {
2661 /* sector 0 */
2662 ataH2BE_U32(pbBuf + 8, 0);
2663 }
2664 s->iSourceSink = ATAFN_SS_NULL;
2665 atapiCmdOK(s);
2666 return false;
2667}
2668
2669
2670static bool atapiReadTOCRawSS(ATADevState *s)
2671{
2672 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2673 bool fMSF;
2674 uint32_t cbSize;
2675
2676 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2677 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2678 iStartTrack = s->aATAPICmd[6];
2679
2680 q = pbBuf + 2;
2681 *q++ = 1; /* first session */
2682 *q++ = 1; /* last session */
2683
2684 *q++ = 1; /* session number */
2685 *q++ = 0x14; /* data track */
2686 *q++ = 0; /* track number */
2687 *q++ = 0xa0; /* first track in program area */
2688 *q++ = 0; /* min */
2689 *q++ = 0; /* sec */
2690 *q++ = 0; /* frame */
2691 *q++ = 0;
2692 *q++ = 1; /* first track */
2693 *q++ = 0x00; /* disk type CD-DA or CD data */
2694 *q++ = 0;
2695
2696 *q++ = 1; /* session number */
2697 *q++ = 0x14; /* data track */
2698 *q++ = 0; /* track number */
2699 *q++ = 0xa1; /* last track in program area */
2700 *q++ = 0; /* min */
2701 *q++ = 0; /* sec */
2702 *q++ = 0; /* frame */
2703 *q++ = 0;
2704 *q++ = 1; /* last track */
2705 *q++ = 0;
2706 *q++ = 0;
2707
2708 *q++ = 1; /* session number */
2709 *q++ = 0x14; /* data track */
2710 *q++ = 0; /* track number */
2711 *q++ = 0xa2; /* lead-out */
2712 *q++ = 0; /* min */
2713 *q++ = 0; /* sec */
2714 *q++ = 0; /* frame */
2715 if (fMSF)
2716 {
2717 *q++ = 0; /* reserved */
2718 ataLBA2MSF(q, s->cTotalSectors);
2719 q += 3;
2720 }
2721 else
2722 {
2723 ataH2BE_U32(q, s->cTotalSectors);
2724 q += 4;
2725 }
2726
2727 *q++ = 1; /* session number */
2728 *q++ = 0x14; /* ADR, control */
2729 *q++ = 0; /* track number */
2730 *q++ = 1; /* point */
2731 *q++ = 0; /* min */
2732 *q++ = 0; /* sec */
2733 *q++ = 0; /* frame */
2734 if (fMSF)
2735 {
2736 *q++ = 0; /* reserved */
2737 ataLBA2MSF(q, 0);
2738 q += 3;
2739 }
2740 else
2741 {
2742 /* sector 0 */
2743 ataH2BE_U32(q, 0);
2744 q += 4;
2745 }
2746
2747 cbSize = q - pbBuf;
2748 ataH2BE_U16(pbBuf, cbSize - 2);
2749 if (cbSize < s->cbTotalTransfer)
2750 s->cbTotalTransfer = cbSize;
2751 s->iSourceSink = ATAFN_SS_NULL;
2752 atapiCmdOK(s);
2753 return false;
2754}
2755
2756
2757static void atapiParseCmdVirtualATAPI(ATADevState *s)
2758{
2759 const uint8_t *pbPacket;
2760 uint8_t *pbBuf;
2761 uint32_t cbMax;
2762
2763 pbPacket = s->aATAPICmd;
2764 pbBuf = s->CTX_SUFF(pbIOBuffer);
2765 switch (pbPacket[0])
2766 {
2767 case SCSI_TEST_UNIT_READY:
2768 if (s->cNotifiedMediaChange > 0)
2769 {
2770 if (s->cNotifiedMediaChange-- > 2)
2771 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2772 else
2773 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2774 }
2775 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2776 atapiCmdOK(s);
2777 else
2778 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2779 break;
2780 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2781 cbMax = ataBE2H_U16(pbPacket + 7);
2782 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2783 break;
2784 case SCSI_MODE_SENSE_10:
2785 {
2786 uint8_t uPageControl, uPageCode;
2787 cbMax = ataBE2H_U16(pbPacket + 7);
2788 uPageControl = pbPacket[2] >> 6;
2789 uPageCode = pbPacket[2] & 0x3f;
2790 switch (uPageControl)
2791 {
2792 case SCSI_PAGECONTROL_CURRENT:
2793 switch (uPageCode)
2794 {
2795 case SCSI_MODEPAGE_ERROR_RECOVERY:
2796 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2797 break;
2798 case SCSI_MODEPAGE_CD_STATUS:
2799 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2800 break;
2801 default:
2802 goto error_cmd;
2803 }
2804 break;
2805 case SCSI_PAGECONTROL_CHANGEABLE:
2806 goto error_cmd;
2807 case SCSI_PAGECONTROL_DEFAULT:
2808 goto error_cmd;
2809 default:
2810 case SCSI_PAGECONTROL_SAVED:
2811 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2812 break;
2813 }
2814 }
2815 break;
2816 case SCSI_REQUEST_SENSE:
2817 cbMax = pbPacket[4];
2818 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2819 break;
2820 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2821 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2822 {
2823 if (pbPacket[4] & 1)
2824 s->pDrvMount->pfnLock(s->pDrvMount);
2825 else
2826 s->pDrvMount->pfnUnlock(s->pDrvMount);
2827 atapiCmdOK(s);
2828 }
2829 else
2830 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2831 break;
2832 case SCSI_READ_10:
2833 case SCSI_READ_12:
2834 {
2835 uint32_t cSectors, iATAPILBA;
2836
2837 if (s->cNotifiedMediaChange > 0)
2838 {
2839 s->cNotifiedMediaChange-- ;
2840 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2841 break;
2842 }
2843 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2844 {
2845 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2846 break;
2847 }
2848 if (pbPacket[0] == SCSI_READ_10)
2849 cSectors = ataBE2H_U16(pbPacket + 7);
2850 else
2851 cSectors = ataBE2H_U32(pbPacket + 6);
2852 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2853 if (cSectors == 0)
2854 {
2855 atapiCmdOK(s);
2856 break;
2857 }
2858 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2859 {
2860 /* Rate limited logging, one log line per second. For
2861 * guests that insist on reading from places outside the
2862 * valid area this often generates too many release log
2863 * entries otherwise. */
2864 static uint64_t uLastLogTS = 0;
2865 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2866 {
2867 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2868 uLastLogTS = RTTimeMilliTS();
2869 }
2870 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2871 break;
2872 }
2873 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2874 }
2875 break;
2876 case SCSI_READ_CD:
2877 {
2878 uint32_t cSectors, iATAPILBA;
2879
2880 if (s->cNotifiedMediaChange > 0)
2881 {
2882 s->cNotifiedMediaChange-- ;
2883 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2884 break;
2885 }
2886 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2887 {
2888 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2889 break;
2890 }
2891 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2892 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2893 if (cSectors == 0)
2894 {
2895 atapiCmdOK(s);
2896 break;
2897 }
2898 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2899 {
2900 /* Rate limited logging, one log line per second. For
2901 * guests that insist on reading from places outside the
2902 * valid area this often generates too many release log
2903 * entries otherwise. */
2904 static uint64_t uLastLogTS = 0;
2905 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2906 {
2907 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2908 uLastLogTS = RTTimeMilliTS();
2909 }
2910 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2911 break;
2912 }
2913 switch (pbPacket[9] & 0xf8)
2914 {
2915 case 0x00:
2916 /* nothing */
2917 atapiCmdOK(s);
2918 break;
2919 case 0x10:
2920 /* normal read */
2921 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2922 break;
2923 case 0xf8:
2924 /* read all data */
2925 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2926 break;
2927 default:
2928 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2929 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2930 break;
2931 }
2932 }
2933 break;
2934 case SCSI_SEEK_10:
2935 {
2936 uint32_t iATAPILBA;
2937 if (s->cNotifiedMediaChange > 0)
2938 {
2939 s->cNotifiedMediaChange-- ;
2940 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2941 break;
2942 }
2943 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2944 {
2945 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2946 break;
2947 }
2948 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2949 if (iATAPILBA > s->cTotalSectors)
2950 {
2951 /* Rate limited logging, one log line per second. For
2952 * guests that insist on seeking to places outside the
2953 * valid area this often generates too many release log
2954 * entries otherwise. */
2955 static uint64_t uLastLogTS = 0;
2956 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2957 {
2958 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2959 uLastLogTS = RTTimeMilliTS();
2960 }
2961 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2962 break;
2963 }
2964 atapiCmdOK(s);
2965 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2966 }
2967 break;
2968 case SCSI_START_STOP_UNIT:
2969 {
2970 int rc = VINF_SUCCESS;
2971 switch (pbPacket[4] & 3)
2972 {
2973 case 0: /* 00 - Stop motor */
2974 case 1: /* 01 - Start motor */
2975 break;
2976 case 2: /* 10 - Eject media */
2977 /* This must be done from EMT. */
2978 {
2979 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2980 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2981
2982 PDMCritSectLeave(&pCtl->lock);
2983 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
2984 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2985 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED));
2986 {
2987 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2988 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2989 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2990 }
2991 }
2992 break;
2993 case 3: /* 11 - Load media */
2994 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2995 break;
2996 }
2997 if (RT_SUCCESS(rc))
2998 atapiCmdOK(s);
2999 else
3000 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3001 }
3002 break;
3003 case SCSI_MECHANISM_STATUS:
3004 {
3005 cbMax = ataBE2H_U16(pbPacket + 8);
3006 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3007 }
3008 break;
3009 case SCSI_READ_TOC_PMA_ATIP:
3010 {
3011 uint8_t format;
3012
3013 if (s->cNotifiedMediaChange > 0)
3014 {
3015 s->cNotifiedMediaChange-- ;
3016 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3017 break;
3018 }
3019 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3020 {
3021 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3022 break;
3023 }
3024 cbMax = ataBE2H_U16(pbPacket + 7);
3025 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3026 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3027 * the other field is clear... */
3028 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3029 switch (format)
3030 {
3031 case 0:
3032 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3033 break;
3034 case 1:
3035 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3036 break;
3037 case 2:
3038 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3039 break;
3040 default:
3041 error_cmd:
3042 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3043 break;
3044 }
3045 }
3046 break;
3047 case SCSI_READ_CAPACITY:
3048 if (s->cNotifiedMediaChange > 0)
3049 {
3050 s->cNotifiedMediaChange-- ;
3051 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3052 break;
3053 }
3054 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3055 {
3056 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3057 break;
3058 }
3059 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3060 break;
3061 case SCSI_READ_DISC_INFORMATION:
3062 if (s->cNotifiedMediaChange > 0)
3063 {
3064 s->cNotifiedMediaChange-- ;
3065 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3066 break;
3067 }
3068 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3069 {
3070 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3071 break;
3072 }
3073 cbMax = ataBE2H_U16(pbPacket + 7);
3074 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3075 break;
3076 case SCSI_READ_TRACK_INFORMATION:
3077 if (s->cNotifiedMediaChange > 0)
3078 {
3079 s->cNotifiedMediaChange-- ;
3080 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3081 break;
3082 }
3083 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3084 {
3085 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3086 break;
3087 }
3088 cbMax = ataBE2H_U16(pbPacket + 7);
3089 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3090 break;
3091 case SCSI_GET_CONFIGURATION:
3092 /* No media change stuff here, it can confuse Linux guests. */
3093 cbMax = ataBE2H_U16(pbPacket + 7);
3094 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3095 break;
3096 case SCSI_INQUIRY:
3097 cbMax = ataBE2H_U16(pbPacket + 3);
3098 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3099 break;
3100 case SCSI_READ_DVD_STRUCTURE:
3101 {
3102 cbMax = ataBE2H_U16(pbPacket + 8);
3103 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3104 break;
3105 }
3106 default:
3107 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3108 break;
3109 }
3110}
3111
3112
3113/*
3114 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3115 */
3116static void atapiParseCmdPassthrough(ATADevState *s)
3117{
3118 const uint8_t *pbPacket;
3119 uint8_t *pbBuf;
3120 uint32_t cSectors, iATAPILBA;
3121 uint32_t cbTransfer = 0;
3122 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3123
3124 pbPacket = s->aATAPICmd;
3125 pbBuf = s->CTX_SUFF(pbIOBuffer);
3126 switch (pbPacket[0])
3127 {
3128 case SCSI_BLANK:
3129 goto sendcmd;
3130 case SCSI_CLOSE_TRACK_SESSION:
3131 goto sendcmd;
3132 case SCSI_ERASE_10:
3133 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3134 cbTransfer = ataBE2H_U16(pbPacket + 7);
3135 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3136 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3137 goto sendcmd;
3138 case SCSI_FORMAT_UNIT:
3139 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3140 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3141 goto sendcmd;
3142 case SCSI_GET_CONFIGURATION:
3143 cbTransfer = ataBE2H_U16(pbPacket + 7);
3144 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3145 goto sendcmd;
3146 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3147 cbTransfer = ataBE2H_U16(pbPacket + 7);
3148 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3149 {
3150 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3151 break;
3152 }
3153 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3154 goto sendcmd;
3155 case SCSI_GET_PERFORMANCE:
3156 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3157 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3158 goto sendcmd;
3159 case SCSI_INQUIRY:
3160 cbTransfer = ataBE2H_U16(pbPacket + 3);
3161 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3162 goto sendcmd;
3163 case SCSI_LOAD_UNLOAD_MEDIUM:
3164 goto sendcmd;
3165 case SCSI_MECHANISM_STATUS:
3166 cbTransfer = ataBE2H_U16(pbPacket + 8);
3167 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3168 goto sendcmd;
3169 case SCSI_MODE_SELECT_10:
3170 cbTransfer = ataBE2H_U16(pbPacket + 7);
3171 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3172 goto sendcmd;
3173 case SCSI_MODE_SENSE_10:
3174 cbTransfer = ataBE2H_U16(pbPacket + 7);
3175 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3176 goto sendcmd;
3177 case SCSI_PAUSE_RESUME:
3178 goto sendcmd;
3179 case SCSI_PLAY_AUDIO_10:
3180 goto sendcmd;
3181 case SCSI_PLAY_AUDIO_12:
3182 goto sendcmd;
3183 case SCSI_PLAY_AUDIO_MSF:
3184 goto sendcmd;
3185 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3186 /** @todo do not forget to unlock when a VM is shut down */
3187 goto sendcmd;
3188 case SCSI_READ_10:
3189 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3190 cSectors = ataBE2H_U16(pbPacket + 7);
3191 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3192 s->cbATAPISector = 2048;
3193 cbTransfer = cSectors * s->cbATAPISector;
3194 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3195 goto sendcmd;
3196 case SCSI_READ_12:
3197 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3198 cSectors = ataBE2H_U32(pbPacket + 6);
3199 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3200 s->cbATAPISector = 2048;
3201 cbTransfer = cSectors * s->cbATAPISector;
3202 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3203 goto sendcmd;
3204 case SCSI_READ_BUFFER:
3205 cbTransfer = ataBE2H_U24(pbPacket + 6);
3206 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3207 goto sendcmd;
3208 case SCSI_READ_BUFFER_CAPACITY:
3209 cbTransfer = ataBE2H_U16(pbPacket + 7);
3210 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3211 goto sendcmd;
3212 case SCSI_READ_CAPACITY:
3213 cbTransfer = 8;
3214 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3215 goto sendcmd;
3216 case SCSI_READ_CD:
3217 case SCSI_READ_CD_MSF:
3218 {
3219 /* Get sector size based on the expected sector type field. */
3220 switch ((pbPacket[1] >> 2) & 0x7)
3221 {
3222 case 0x0: /* All types. */
3223 if (ASMAtomicReadU32(&s->MediaTrackType) == ATA_MEDIA_TYPE_CDDA)
3224 s->cbATAPISector = 2352;
3225 else
3226 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3227 break;
3228 case 0x1: /* CD-DA */
3229 s->cbATAPISector = 2352;
3230 break;
3231 case 0x2: /* Mode 1 */
3232 s->cbATAPISector = 2048;
3233 break;
3234 case 0x3: /* Mode 2 formless */
3235 s->cbATAPISector = 2336;
3236 break;
3237 case 0x4: /* Mode 2 form 1 */
3238 s->cbATAPISector = 2048;
3239 break;
3240 case 0x5: /* Mode 2 form 2 */
3241 s->cbATAPISector = 2324;
3242 break;
3243 default: /* Reserved */
3244 AssertMsgFailed(("Unknown sector type\n"));
3245 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3246 }
3247
3248 if (pbPacket[0] == SCSI_READ_CD)
3249 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3250 else /* SCSI_READ_MSF */
3251 {
3252 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3253 if (cSectors > 32)
3254 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3255 cbTransfer = cSectors * s->cbATAPISector;
3256 }
3257 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3258 goto sendcmd;
3259 }
3260 case SCSI_READ_DISC_INFORMATION:
3261 cbTransfer = ataBE2H_U16(pbPacket + 7);
3262 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3263 goto sendcmd;
3264 case SCSI_READ_DVD_STRUCTURE:
3265 cbTransfer = ataBE2H_U16(pbPacket + 8);
3266 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3267 goto sendcmd;
3268 case SCSI_READ_FORMAT_CAPACITIES:
3269 cbTransfer = ataBE2H_U16(pbPacket + 7);
3270 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3271 goto sendcmd;
3272 case SCSI_READ_SUBCHANNEL:
3273 cbTransfer = ataBE2H_U16(pbPacket + 7);
3274 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3275 goto sendcmd;
3276 case SCSI_READ_TOC_PMA_ATIP:
3277 cbTransfer = ataBE2H_U16(pbPacket + 7);
3278 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3279 goto sendcmd;
3280 case SCSI_READ_TRACK_INFORMATION:
3281 cbTransfer = ataBE2H_U16(pbPacket + 7);
3282 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3283 goto sendcmd;
3284 case SCSI_REPAIR_TRACK:
3285 goto sendcmd;
3286 case SCSI_REPORT_KEY:
3287 cbTransfer = ataBE2H_U16(pbPacket + 8);
3288 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3289 goto sendcmd;
3290 case SCSI_REQUEST_SENSE:
3291 cbTransfer = pbPacket[4];
3292 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3293 {
3294 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3295 break;
3296 }
3297 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3298 goto sendcmd;
3299 case SCSI_RESERVE_TRACK:
3300 goto sendcmd;
3301 case SCSI_SCAN:
3302 goto sendcmd;
3303 case SCSI_SEEK_10:
3304 goto sendcmd;
3305 case SCSI_SEND_CUE_SHEET:
3306 cbTransfer = ataBE2H_U24(pbPacket + 6);
3307 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3308 goto sendcmd;
3309 case SCSI_SEND_DVD_STRUCTURE:
3310 cbTransfer = ataBE2H_U16(pbPacket + 8);
3311 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3312 goto sendcmd;
3313 case SCSI_SEND_EVENT:
3314 cbTransfer = ataBE2H_U16(pbPacket + 8);
3315 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3316 goto sendcmd;
3317 case SCSI_SEND_KEY:
3318 cbTransfer = ataBE2H_U16(pbPacket + 8);
3319 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3320 goto sendcmd;
3321 case SCSI_SEND_OPC_INFORMATION:
3322 cbTransfer = ataBE2H_U16(pbPacket + 7);
3323 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3324 goto sendcmd;
3325 case SCSI_SET_CD_SPEED:
3326 goto sendcmd;
3327 case SCSI_SET_READ_AHEAD:
3328 goto sendcmd;
3329 case SCSI_SET_STREAMING:
3330 cbTransfer = ataBE2H_U16(pbPacket + 9);
3331 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3332 goto sendcmd;
3333 case SCSI_START_STOP_UNIT:
3334 goto sendcmd;
3335 case SCSI_STOP_PLAY_SCAN:
3336 goto sendcmd;
3337 case SCSI_SYNCHRONIZE_CACHE:
3338 goto sendcmd;
3339 case SCSI_TEST_UNIT_READY:
3340 goto sendcmd;
3341 case SCSI_VERIFY_10:
3342 goto sendcmd;
3343 case SCSI_WRITE_10:
3344 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3345 cSectors = ataBE2H_U16(pbPacket + 7);
3346 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3347#if 0
3348 /* The sector size is determined by the async I/O thread. */
3349 s->cbATAPISector = 0;
3350 /* Preliminary, will be corrected once the sector size is known. */
3351 cbTransfer = cSectors;
3352#else
3353 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3354 cbTransfer = cSectors * s->cbATAPISector;
3355#endif
3356 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3357 goto sendcmd;
3358 case SCSI_WRITE_12:
3359 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3360 cSectors = ataBE2H_U32(pbPacket + 6);
3361 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3362#if 0
3363 /* The sector size is determined by the async I/O thread. */
3364 s->cbATAPISector = 0;
3365 /* Preliminary, will be corrected once the sector size is known. */
3366 cbTransfer = cSectors;
3367#else
3368 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3369 cbTransfer = cSectors * s->cbATAPISector;
3370#endif
3371 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3372 goto sendcmd;
3373 case SCSI_WRITE_AND_VERIFY_10:
3374 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3375 cSectors = ataBE2H_U16(pbPacket + 7);
3376 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3377 /* The sector size is determined by the async I/O thread. */
3378 s->cbATAPISector = 0;
3379 /* Preliminary, will be corrected once the sector size is known. */
3380 cbTransfer = cSectors;
3381 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3382 goto sendcmd;
3383 case SCSI_WRITE_BUFFER:
3384 switch (pbPacket[1] & 0x1f)
3385 {
3386 case 0x04: /* download microcode */
3387 case 0x05: /* download microcode and save */
3388 case 0x06: /* download microcode with offsets */
3389 case 0x07: /* download microcode with offsets and save */
3390 case 0x0e: /* download microcode with offsets and defer activation */
3391 case 0x0f: /* activate deferred microcode */
3392 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3393 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3394 break;
3395 default:
3396 cbTransfer = ataBE2H_U16(pbPacket + 6);
3397 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3398 goto sendcmd;
3399 }
3400 break;
3401 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3402 cbTransfer = ataBE2H_U32(pbPacket + 6);
3403 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3404 goto sendcmd;
3405 case SCSI_REZERO_UNIT:
3406 /* Obsolete command used by cdrecord. What else would one expect?
3407 * This command is not sent to the drive, it is handled internally,
3408 * as the Linux kernel doesn't like it (message "scsi: unknown
3409 * opcode 0x01" in syslog) and replies with a sense code of 0,
3410 * which sends cdrecord to an endless loop. */
3411 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3412 break;
3413 default:
3414 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3415 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3416 break;
3417 sendcmd:
3418 /* Send a command to the drive, passing data in/out as required. */
3419 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3420 Assert(cbTransfer <= s->cbIOBuffer);
3421 if (cbTransfer == 0)
3422 uTxDir = PDMBLOCKTXDIR_NONE;
3423 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3424 }
3425}
3426
3427
3428static void atapiParseCmd(ATADevState *s)
3429{
3430 const uint8_t *pbPacket;
3431
3432 pbPacket = s->aATAPICmd;
3433#ifdef DEBUG
3434 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3435#else /* !DEBUG */
3436 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3437#endif /* !DEBUG */
3438 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3439
3440 if (s->fATAPIPassthrough)
3441 atapiParseCmdPassthrough(s);
3442 else
3443 atapiParseCmdVirtualATAPI(s);
3444}
3445
3446
3447static bool ataPacketSS(ATADevState *s)
3448{
3449 s->fDMA = !!(s->uATARegFeature & 1);
3450 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3451 s->uTxDir = PDMBLOCKTXDIR_NONE;
3452 s->cbTotalTransfer = 0;
3453 s->cbElementaryTransfer = 0;
3454 atapiParseCmd(s);
3455 return false;
3456}
3457
3458
3459/**
3460 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3461 * from now on, regardless if there was a medium inserted or not.
3462 */
3463static void ataMediumRemoved(ATADevState *s)
3464{
3465 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3466}
3467
3468
3469/**
3470 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3471 * there was already a medium inserted, don't forget to send the "medium
3472 * removed" event first.
3473 */
3474static void ataMediumInserted(ATADevState *s)
3475{
3476 uint32_t OldStatus, NewStatus;
3477 do
3478 {
3479 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3480 switch (OldStatus)
3481 {
3482 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3483 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3484 /* no change, we will send "medium removed" + "medium inserted" */
3485 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3486 break;
3487 default:
3488 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3489 break;
3490 }
3491 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3492}
3493
3494/**
3495 * Called when a media is mounted.
3496 *
3497 * @param pInterface Pointer to the interface structure containing the called function pointer.
3498 */
3499static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3500{
3501 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3502 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3503
3504 /* Ignore the call if we're called while being attached. */
3505 if (!pIf->pDrvBlock)
3506 return;
3507
3508 if (pIf->fATAPI)
3509 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3510 else
3511 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3512
3513 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3514
3515 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3516 if (pIf->cNotifiedMediaChange < 2)
3517 pIf->cNotifiedMediaChange = 2;
3518 ataMediumInserted(pIf);
3519 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3520}
3521
3522/**
3523 * Called when a media is unmounted
3524 * @param pInterface Pointer to the interface structure containing the called function pointer.
3525 */
3526static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3527{
3528 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3529 Log(("%s:\n", __FUNCTION__));
3530 pIf->cTotalSectors = 0;
3531
3532 /*
3533 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3534 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3535 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3536 * present and 2 in which it is changed.
3537 */
3538 pIf->cNotifiedMediaChange = 4;
3539 ataMediumRemoved(pIf);
3540 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3541}
3542
3543static void ataPacketBT(ATADevState *s)
3544{
3545 s->cbElementaryTransfer = s->cbTotalTransfer;
3546 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3547 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3548 ataSetStatusValue(s, ATA_STAT_READY);
3549}
3550
3551
3552static void ataResetDevice(ATADevState *s)
3553{
3554 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3555 s->cNotifiedMediaChange = 0;
3556 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3557 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3558 ataUnsetIRQ(s);
3559
3560 s->uATARegSelect = 0x20;
3561 ataSetStatusValue(s, ATA_STAT_READY);
3562 ataSetSignature(s);
3563 s->cbTotalTransfer = 0;
3564 s->cbElementaryTransfer = 0;
3565 s->iIOBufferPIODataStart = 0;
3566 s->iIOBufferPIODataEnd = 0;
3567 s->iBeginTransfer = ATAFN_BT_NULL;
3568 s->iSourceSink = ATAFN_SS_NULL;
3569 s->fDMA = false;
3570 s->fATAPITransfer = false;
3571 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3572
3573 s->uATARegFeature = 0;
3574}
3575
3576
3577static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3578{
3579 ataSetSignature(s);
3580 if (s->fATAPI)
3581 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3582 else
3583 ataSetStatusValue(s, ATA_STAT_READY);
3584 s->uATARegError = 0x01;
3585 return false;
3586}
3587
3588
3589static void ataParseCmd(ATADevState *s, uint8_t cmd)
3590{
3591#ifdef DEBUG
3592 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3593#else /* !DEBUG */
3594 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3595#endif /* !DEBUG */
3596 s->fLBA48 = false;
3597 s->fDMA = false;
3598 if (cmd == ATA_IDLE_IMMEDIATE)
3599 {
3600 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3601 * would overwrite the failing command unfortunately), then RESET. */
3602 int32_t uCmdWait = -1;
3603 uint64_t uNow = RTTimeNanoTS();
3604 if (s->u64CmdTS)
3605 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3606 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3607 s->iLUN, s->uATARegCommand, uCmdWait));
3608 }
3609 s->uATARegCommand = cmd;
3610 switch (cmd)
3611 {
3612 case ATA_IDENTIFY_DEVICE:
3613 if (s->pDrvBlock && !s->fATAPI)
3614 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3615 else
3616 {
3617 if (s->fATAPI)
3618 ataSetSignature(s);
3619 ataCmdError(s, ABRT_ERR);
3620 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3621 }
3622 break;
3623 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3624 case ATA_RECALIBRATE:
3625 ataCmdOK(s, ATA_STAT_SEEK);
3626 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3627 break;
3628 case ATA_SET_MULTIPLE_MODE:
3629 if ( s->uATARegNSector != 0
3630 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3631 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3632 {
3633 ataCmdError(s, ABRT_ERR);
3634 }
3635 else
3636 {
3637 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3638 s->cMultSectors = s->uATARegNSector;
3639 ataCmdOK(s, 0);
3640 }
3641 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3642 break;
3643 case ATA_READ_VERIFY_SECTORS_EXT:
3644 s->fLBA48 = true;
3645 case ATA_READ_VERIFY_SECTORS:
3646 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3647 /* do sector number check ? */
3648 ataCmdOK(s, 0);
3649 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3650 break;
3651 case ATA_READ_SECTORS_EXT:
3652 s->fLBA48 = true;
3653 case ATA_READ_SECTORS:
3654 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3655 if (!s->pDrvBlock)
3656 goto abort_cmd;
3657 s->cSectorsPerIRQ = 1;
3658 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3659 break;
3660 case ATA_WRITE_SECTORS_EXT:
3661 s->fLBA48 = true;
3662 case ATA_WRITE_SECTORS:
3663 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3664 s->cSectorsPerIRQ = 1;
3665 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3666 break;
3667 case ATA_READ_MULTIPLE_EXT:
3668 s->fLBA48 = true;
3669 case ATA_READ_MULTIPLE:
3670 if (!s->cMultSectors)
3671 goto abort_cmd;
3672 s->cSectorsPerIRQ = s->cMultSectors;
3673 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3674 break;
3675 case ATA_WRITE_MULTIPLE_EXT:
3676 s->fLBA48 = true;
3677 case ATA_WRITE_MULTIPLE:
3678 if (!s->cMultSectors)
3679 goto abort_cmd;
3680 s->cSectorsPerIRQ = s->cMultSectors;
3681 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3682 break;
3683 case ATA_READ_DMA_EXT:
3684 s->fLBA48 = true;
3685 case ATA_READ_DMA:
3686 case ATA_READ_DMA_WITHOUT_RETRIES:
3687 if (!s->pDrvBlock)
3688 goto abort_cmd;
3689 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3690 s->fDMA = true;
3691 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3692 break;
3693 case ATA_WRITE_DMA_EXT:
3694 s->fLBA48 = true;
3695 case ATA_WRITE_DMA:
3696 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3697 if (!s->pDrvBlock)
3698 goto abort_cmd;
3699 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3700 s->fDMA = true;
3701 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3702 break;
3703 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3704 s->fLBA48 = true;
3705 ataSetSector(s, s->cTotalSectors - 1);
3706 ataCmdOK(s, 0);
3707 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3708 break;
3709 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3710 ataCmdOK(s, 0);
3711 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3712 break;
3713 case ATA_READ_NATIVE_MAX_ADDRESS:
3714 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3715 ataCmdOK(s, 0);
3716 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3717 break;
3718 case ATA_CHECK_POWER_MODE:
3719 s->uATARegNSector = 0xff; /* drive active or idle */
3720 ataCmdOK(s, 0);
3721 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3722 break;
3723 case ATA_SET_FEATURES:
3724 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3725 if (!s->pDrvBlock)
3726 goto abort_cmd;
3727 switch (s->uATARegFeature)
3728 {
3729 case 0x02: /* write cache enable */
3730 Log2(("%s: write cache enable\n", __FUNCTION__));
3731 ataCmdOK(s, ATA_STAT_SEEK);
3732 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3733 break;
3734 case 0xaa: /* read look-ahead enable */
3735 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3736 ataCmdOK(s, ATA_STAT_SEEK);
3737 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3738 break;
3739 case 0x55: /* read look-ahead disable */
3740 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3741 ataCmdOK(s, ATA_STAT_SEEK);
3742 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3743 break;
3744 case 0xcc: /* reverting to power-on defaults enable */
3745 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3746 ataCmdOK(s, ATA_STAT_SEEK);
3747 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3748 break;
3749 case 0x66: /* reverting to power-on defaults disable */
3750 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3751 ataCmdOK(s, ATA_STAT_SEEK);
3752 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3753 break;
3754 case 0x82: /* write cache disable */
3755 Log2(("%s: write cache disable\n", __FUNCTION__));
3756 /* As per the ATA/ATAPI-6 specs, a write cache disable
3757 * command MUST flush the write buffers to disc. */
3758 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3759 break;
3760 case 0x03: { /* set transfer mode */
3761 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3762 switch (s->uATARegNSector & 0xf8)
3763 {
3764 case 0x00: /* PIO default */
3765 case 0x08: /* PIO mode */
3766 break;
3767 case ATA_MODE_MDMA: /* MDMA mode */
3768 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3769 break;
3770 case ATA_MODE_UDMA: /* UDMA mode */
3771 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3772 break;
3773 default:
3774 goto abort_cmd;
3775 }
3776 ataCmdOK(s, ATA_STAT_SEEK);
3777 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3778 break;
3779 }
3780 default:
3781 goto abort_cmd;
3782 }
3783 /*
3784 * OS/2 workarond:
3785 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3786 * reset here. According to the specification, this is a driver bug as the register
3787 * contents are undefined after the call. This means we can just as well reset it.
3788 */
3789 s->uATARegFeature = 0;
3790 break;
3791 case ATA_FLUSH_CACHE_EXT:
3792 case ATA_FLUSH_CACHE:
3793 if (!s->pDrvBlock || s->fATAPI)
3794 goto abort_cmd;
3795 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3796 break;
3797 case ATA_STANDBY_IMMEDIATE:
3798 ataCmdOK(s, 0);
3799 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3800 break;
3801 case ATA_IDLE_IMMEDIATE:
3802 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3803 ataAbortCurrentCommand(s, false);
3804 break;
3805 case ATA_SLEEP:
3806 ataCmdOK(s, 0);
3807 ataSetIRQ(s);
3808 break;
3809 /* ATAPI commands */
3810 case ATA_IDENTIFY_PACKET_DEVICE:
3811 if (s->fATAPI)
3812 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3813 else
3814 {
3815 ataCmdError(s, ABRT_ERR);
3816 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3817 }
3818 break;
3819 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3820 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3821 break;
3822 case ATA_DEVICE_RESET:
3823 if (!s->fATAPI)
3824 goto abort_cmd;
3825 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3826 ataAbortCurrentCommand(s, true);
3827 break;
3828 case ATA_PACKET:
3829 if (!s->fATAPI)
3830 goto abort_cmd;
3831 /* overlapping commands not supported */
3832 if (s->uATARegFeature & 0x02)
3833 goto abort_cmd;
3834 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3835 break;
3836 default:
3837 abort_cmd:
3838 ataCmdError(s, ABRT_ERR);
3839 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3840 break;
3841 }
3842}
3843
3844#endif /* IN_RING3 */
3845
3846static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3847{
3848 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3849 addr &= 7;
3850 switch (addr)
3851 {
3852 case 0:
3853 break;
3854 case 1: /* feature register */
3855 /* NOTE: data is written to the two drives */
3856 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3857 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3858 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3859 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3860 pCtl->aIfs[0].uATARegFeature = val;
3861 pCtl->aIfs[1].uATARegFeature = val;
3862 break;
3863 case 2: /* sector count */
3864 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3865 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3866 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3867 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3868 pCtl->aIfs[0].uATARegNSector = val;
3869 pCtl->aIfs[1].uATARegNSector = val;
3870 break;
3871 case 3: /* sector number */
3872 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3873 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3874 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3875 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3876 pCtl->aIfs[0].uATARegSector = val;
3877 pCtl->aIfs[1].uATARegSector = val;
3878 break;
3879 case 4: /* cylinder low */
3880 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3881 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3882 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3883 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3884 pCtl->aIfs[0].uATARegLCyl = val;
3885 pCtl->aIfs[1].uATARegLCyl = val;
3886 break;
3887 case 5: /* cylinder high */
3888 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3889 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3890 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3891 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3892 pCtl->aIfs[0].uATARegHCyl = val;
3893 pCtl->aIfs[1].uATARegHCyl = val;
3894 break;
3895 case 6: /* drive/head */
3896 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3897 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3898 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3899 {
3900 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3901
3902 /* select another drive */
3903 pCtl->iSelectedIf = (val >> 4) & 1;
3904 /* The IRQ line is multiplexed between the two drives, so
3905 * update the state when switching to another drive. Only need
3906 * to update interrupt line if it is enabled and there is a
3907 * state change. */
3908 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3909 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3910 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3911 {
3912 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3913 {
3914 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3915 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3916 * the interrupt line is asserted. It monitors the line
3917 * for a rising edge. */
3918 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3919 if (pCtl->irq == 16)
3920 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
3921 else
3922 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
3923 }
3924 else
3925 {
3926 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3927 if (pCtl->irq == 16)
3928 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
3929 else
3930 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
3931 }
3932 }
3933 }
3934 break;
3935 default:
3936 case 7: /* command */
3937 /* ignore commands to non existant slave */
3938 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3939 break;
3940#ifndef IN_RING3
3941 /* Don't do anything complicated in GC */
3942 return VINF_IOM_HC_IOPORT_WRITE;
3943#else /* IN_RING3 */
3944 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3945#endif /* !IN_RING3 */
3946 }
3947 return VINF_SUCCESS;
3948}
3949
3950
3951static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3952{
3953 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3954 uint32_t val;
3955 bool fHOB;
3956
3957 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3958 switch (addr & 7)
3959 {
3960 case 0: /* data register */
3961 val = 0xff;
3962 break;
3963 case 1: /* error register */
3964 /* The ATA specification is very terse when it comes to specifying
3965 * the precise effects of reading back the error/feature register.
3966 * The error register (read-only) shares the register number with
3967 * the feature register (write-only), so it seems that it's not
3968 * necessary to support the usual HOB readback here. */
3969 if (!s->pDrvBlock)
3970 val = 0;
3971 else
3972 val = s->uATARegError;
3973 break;
3974 case 2: /* sector count */
3975 if (!s->pDrvBlock)
3976 val = 0;
3977 else if (fHOB)
3978 val = s->uATARegNSectorHOB;
3979 else
3980 val = s->uATARegNSector;
3981 break;
3982 case 3: /* sector number */
3983 if (!s->pDrvBlock)
3984 val = 0;
3985 else if (fHOB)
3986 val = s->uATARegSectorHOB;
3987 else
3988 val = s->uATARegSector;
3989 break;
3990 case 4: /* cylinder low */
3991 if (!s->pDrvBlock)
3992 val = 0;
3993 else if (fHOB)
3994 val = s->uATARegLCylHOB;
3995 else
3996 val = s->uATARegLCyl;
3997 break;
3998 case 5: /* cylinder high */
3999 if (!s->pDrvBlock)
4000 val = 0;
4001 else if (fHOB)
4002 val = s->uATARegHCylHOB;
4003 else
4004 val = s->uATARegHCyl;
4005 break;
4006 case 6: /* drive/head */
4007 /* This register must always work as long as there is at least
4008 * one drive attached to the controller. It is common between
4009 * both drives anyway (completely identical content). */
4010 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4011 val = 0;
4012 else
4013 val = s->uATARegSelect;
4014 break;
4015 default:
4016 case 7: /* primary status */
4017 {
4018 /* Counter for number of busy status seen in GC in a row. */
4019 static unsigned cBusy = 0;
4020
4021 if (!s->pDrvBlock)
4022 val = 0;
4023 else
4024 val = s->uATARegStatus;
4025
4026 /* Give the async I/O thread an opportunity to make progress,
4027 * don't let it starve by guests polling frequently. EMT has a
4028 * lower priority than the async I/O thread, but sometimes the
4029 * host OS doesn't care. With some guests we are only allowed to
4030 * be busy for about 5 milliseconds in some situations. Note that
4031 * this is no guarantee for any other VBox thread getting
4032 * scheduled, so this just lowers the CPU load a bit when drives
4033 * are busy. It cannot help with timing problems. */
4034 if (val & ATA_STAT_BUSY)
4035 {
4036#ifdef IN_RING3
4037 cBusy = 0;
4038 PDMCritSectLeave(&pCtl->lock);
4039
4040#ifndef RT_OS_WINDOWS
4041 /*
4042 * The thread might be stuck in an I/O operation
4043 * due to a high I/O load on the host. (see @bugref{3301})
4044 * To perform the reset successfully
4045 * we interrupt the operation by sending a signal to the thread
4046 * if the thread didn't responded in 10ms.
4047 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4048 * does the same but it was introduced with Vista) but so far
4049 * this hang was only observed on Linux and Mac OS X.
4050 *
4051 * This is a workaround and needs to be solved properly.
4052 */
4053 if (pCtl->fReset)
4054 {
4055 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4056
4057 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4058 {
4059 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4060 pCtl->u64ResetTime = u64ResetTimeStop;
4061 RTThreadPoke(pCtl->AsyncIOThread);
4062 }
4063 }
4064#endif
4065
4066 RTThreadYield();
4067
4068 {
4069 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4070 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4071 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4072 }
4073
4074 val = s->uATARegStatus;
4075#else /* !IN_RING3 */
4076 /* Cannot yield CPU in guest context. And switching to host
4077 * context for each and every busy status is too costly,
4078 * especially on SMP systems where we don't gain much by
4079 * yielding the CPU to someone else. */
4080 if (++cBusy >= 20)
4081 {
4082 cBusy = 0;
4083 return VINF_IOM_HC_IOPORT_READ;
4084 }
4085#endif /* !IN_RING3 */
4086 }
4087 else
4088 cBusy = 0;
4089 ataUnsetIRQ(s);
4090 break;
4091 }
4092 }
4093 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4094 *pu32 = val;
4095 return VINF_SUCCESS;
4096}
4097
4098
4099static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4100{
4101 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4102 uint32_t val;
4103
4104 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4105 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4106 val = 0;
4107 else
4108 val = s->uATARegStatus;
4109 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4110 return val;
4111}
4112
4113static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4114{
4115#ifndef IN_RING3
4116 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4117 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4118#endif /* !IN_RING3 */
4119
4120 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4121 /* RESET is common for both drives attached to a controller. */
4122 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4123 (val & ATA_DEVCTL_RESET))
4124 {
4125#ifdef IN_RING3
4126 /* Software RESET low to high */
4127 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4128 uint64_t uNow = RTTimeNanoTS();
4129 if (pCtl->aIfs[0].u64CmdTS)
4130 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4131 if (pCtl->aIfs[1].u64CmdTS)
4132 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4133 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4134 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4135 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4136 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4137 pCtl->fReset = true;
4138 /* Everything must be done after the reset flag is set, otherwise
4139 * there are unavoidable races with the currently executing request
4140 * (which might just finish in the mean time). */
4141 pCtl->fChainedTransfer = false;
4142 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4143 {
4144 ataResetDevice(&pCtl->aIfs[i]);
4145 /* The following cannot be done using ataSetStatusValue() since the
4146 * reset flag is already set, which suppresses all status changes. */
4147 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4148 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4149 pCtl->aIfs[i].uATARegError = 0x01;
4150 }
4151 ataAsyncIOClearRequests(pCtl);
4152 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4153 if (val & ATA_DEVCTL_HOB)
4154 {
4155 val &= ~ATA_DEVCTL_HOB;
4156 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4157 }
4158
4159 /* Save the timestamp we started the reset. */
4160 pCtl->u64ResetTime = RTTimeMilliTS();
4161
4162 /* Issue the reset request now. */
4163 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4164#else /* !IN_RING3 */
4165 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4166#endif /* IN_RING3 */
4167 }
4168 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4169 !(val & ATA_DEVCTL_RESET))
4170 {
4171#ifdef IN_RING3
4172 /* Software RESET high to low */
4173 Log(("%s: deasserting RESET\n", __FUNCTION__));
4174 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4175 if (val & ATA_DEVCTL_HOB)
4176 {
4177 val &= ~ATA_DEVCTL_HOB;
4178 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4179 }
4180 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4181#else /* !IN_RING3 */
4182 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4183#endif /* IN_RING3 */
4184 }
4185
4186 /* Change of interrupt disable flag. Update interrupt line if interrupt
4187 * is pending on the current interface. */
4188 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4189 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4190 {
4191 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4192 {
4193 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4194 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4195 * interrupt line is asserted. It monitors the line for a rising
4196 * edge. */
4197 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4198 if (pCtl->irq == 16)
4199 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4200 else
4201 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4202 }
4203 else
4204 {
4205 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4206 if (pCtl->irq == 16)
4207 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4208 else
4209 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4210 }
4211 }
4212
4213 if (val & ATA_DEVCTL_HOB)
4214 Log2(("%s: set HOB\n", __FUNCTION__));
4215
4216 pCtl->aIfs[0].uATARegDevCtl = val;
4217 pCtl->aIfs[1].uATARegDevCtl = val;
4218
4219 return VINF_SUCCESS;
4220}
4221
4222#ifdef IN_RING3
4223
4224static void ataPIOTransfer(PATACONTROLLER pCtl)
4225{
4226 ATADevState *s;
4227
4228 s = &pCtl->aIfs[pCtl->iAIOIf];
4229 Log3(("%s: if=%p\n", __FUNCTION__, s));
4230
4231 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4232 {
4233 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4234 /* Any guest OS that triggers this case has a pathetic ATA driver.
4235 * In a real system it would block the CPU via IORDY, here we do it
4236 * very similarly by not continuing with the current instruction
4237 * until the transfer to/from the storage medium is completed. */
4238 if (s->iSourceSink != ATAFN_SS_NULL)
4239 {
4240 bool fRedo;
4241 uint8_t status = s->uATARegStatus;
4242 ataSetStatusValue(s, ATA_STAT_BUSY);
4243 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4244 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4245 pCtl->fRedo = fRedo;
4246 if (RT_UNLIKELY(fRedo))
4247 return;
4248 ataSetStatusValue(s, status);
4249 s->iIOBufferCur = 0;
4250 s->iIOBufferEnd = s->cbElementaryTransfer;
4251 }
4252 }
4253 if (s->cbTotalTransfer)
4254 {
4255 if (s->fATAPITransfer)
4256 ataPIOTransferLimitATAPI(s);
4257
4258 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4259 s->cbElementaryTransfer = s->cbTotalTransfer;
4260
4261 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4262 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4263 s->cbTotalTransfer, s->cbElementaryTransfer,
4264 s->iIOBufferCur, s->iIOBufferEnd));
4265 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4266 s->cbTotalTransfer -= s->cbElementaryTransfer;
4267 s->iIOBufferCur += s->cbElementaryTransfer;
4268
4269 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4270 s->cbElementaryTransfer = s->cbTotalTransfer;
4271 }
4272 else
4273 ataPIOTransferStop(s);
4274}
4275
4276
4277DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4278{
4279 /* Do not interfere with RESET processing if the PIO transfer finishes
4280 * while the RESET line is asserted. */
4281 if (pCtl->fReset)
4282 {
4283 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4284 return;
4285 }
4286
4287 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4288 || ( s->iSourceSink != ATAFN_SS_NULL
4289 && s->iIOBufferCur >= s->iIOBufferEnd))
4290 {
4291 /* Need to continue the transfer in the async I/O thread. This is
4292 * the case for write operations or generally for not yet finished
4293 * transfers (some data might need to be read). */
4294 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4295 ataSetStatus(s, ATA_STAT_BUSY);
4296
4297 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4298 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4299 }
4300 else
4301 {
4302 /* Either everything finished (though some data might still be pending)
4303 * or some data is pending before the next read is due. */
4304
4305 /* Continue a previously started transfer. */
4306 ataUnsetStatus(s, ATA_STAT_DRQ);
4307 ataSetStatus(s, ATA_STAT_READY);
4308
4309 if (s->cbTotalTransfer)
4310 {
4311 /* There is more to transfer, happens usually for large ATAPI
4312 * reads - the protocol limits the chunk size to 65534 bytes. */
4313 ataPIOTransfer(pCtl);
4314 ataSetIRQ(s);
4315 }
4316 else
4317 {
4318 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4319 /* Finish PIO transfer. */
4320 ataPIOTransfer(pCtl);
4321 Assert(!pCtl->fRedo);
4322 }
4323 }
4324}
4325
4326#endif /* IN_RING3 */
4327
4328static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4329{
4330 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4331 uint8_t *p;
4332
4333 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4334 {
4335 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4336 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4337#ifndef IN_RING3
4338 /* All but the last transfer unit is simple enough for GC, but
4339 * sending a request to the async IO thread is too complicated. */
4340 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4341 {
4342 memcpy(p, pbBuf, cbSize);
4343 s->iIOBufferPIODataStart += cbSize;
4344 }
4345 else
4346 return VINF_IOM_HC_IOPORT_WRITE;
4347#else /* IN_RING3 */
4348 memcpy(p, pbBuf, cbSize);
4349 s->iIOBufferPIODataStart += cbSize;
4350 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4351 ataPIOTransferFinish(pCtl, s);
4352#endif /* !IN_RING3 */
4353 }
4354 else
4355 Log2(("%s: DUMMY data\n", __FUNCTION__));
4356 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4357 return VINF_SUCCESS;
4358}
4359
4360static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4361{
4362 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4363 uint8_t *p;
4364
4365 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4366 {
4367 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4368 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4369#ifndef IN_RING3
4370 /* All but the last transfer unit is simple enough for GC, but
4371 * sending a request to the async IO thread is too complicated. */
4372 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4373 {
4374 memcpy(pbBuf, p, cbSize);
4375 s->iIOBufferPIODataStart += cbSize;
4376 }
4377 else
4378 return VINF_IOM_HC_IOPORT_READ;
4379#else /* IN_RING3 */
4380 memcpy(pbBuf, p, cbSize);
4381 s->iIOBufferPIODataStart += cbSize;
4382 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4383 ataPIOTransferFinish(pCtl, s);
4384#endif /* !IN_RING3 */
4385 }
4386 else
4387 {
4388 Log2(("%s: DUMMY data\n", __FUNCTION__));
4389 memset(pbBuf, '\xff', cbSize);
4390 }
4391 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4392 return VINF_SUCCESS;
4393}
4394
4395#ifdef IN_RING3
4396
4397static void ataDMATransferStop(ATADevState *s)
4398{
4399 s->cbTotalTransfer = 0;
4400 s->cbElementaryTransfer = 0;
4401 s->iBeginTransfer = ATAFN_BT_NULL;
4402 s->iSourceSink = ATAFN_SS_NULL;
4403}
4404
4405
4406/**
4407 * Perform the entire DMA transfer in one go (unless a source/sink operation
4408 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4409 * this function cannot handle empty transfers.
4410 *
4411 * @param pCtl Controller for which to perform the transfer.
4412 */
4413static void ataDMATransfer(PATACONTROLLER pCtl)
4414{
4415 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4416 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4417 bool fRedo;
4418 RTGCPHYS32 pDesc;
4419 uint32_t cbTotalTransfer, cbElementaryTransfer;
4420 uint32_t iIOBufferCur, iIOBufferEnd;
4421 uint32_t dmalen;
4422 PDMBLOCKTXDIR uTxDir;
4423 bool fLastDesc = false;
4424
4425 Assert(sizeof(BMDMADesc) == 8);
4426
4427 fRedo = pCtl->fRedo;
4428 if (RT_LIKELY(!fRedo))
4429 Assert(s->cbTotalTransfer);
4430 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4431 cbTotalTransfer = s->cbTotalTransfer;
4432 cbElementaryTransfer = s->cbElementaryTransfer;
4433 iIOBufferCur = s->iIOBufferCur;
4434 iIOBufferEnd = s->iIOBufferEnd;
4435
4436 /* The DMA loop is designed to hold the lock only when absolutely
4437 * necessary. This avoids long freezes should the guest access the
4438 * ATA registers etc. for some reason. */
4439 PDMCritSectLeave(&pCtl->lock);
4440
4441 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4442 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4443 cbTotalTransfer, cbElementaryTransfer,
4444 iIOBufferCur, iIOBufferEnd));
4445 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4446 {
4447 BMDMADesc DMADesc;
4448 RTGCPHYS32 pBuffer;
4449 uint32_t cbBuffer;
4450
4451 if (RT_UNLIKELY(fRedo))
4452 {
4453 pBuffer = pCtl->pRedoDMABuffer;
4454 cbBuffer = pCtl->cbRedoDMABuffer;
4455 fLastDesc = pCtl->fRedoDMALastDesc;
4456 }
4457 else
4458 {
4459 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4460 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4461 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4462 fLastDesc = !!(cbBuffer & 0x80000000);
4463 cbBuffer &= 0xfffe;
4464 if (cbBuffer == 0)
4465 cbBuffer = 0x10000;
4466 if (cbBuffer > cbTotalTransfer)
4467 cbBuffer = cbTotalTransfer;
4468 }
4469
4470 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4471 {
4472 if (RT_LIKELY(!fRedo))
4473 {
4474 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4475 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4476 (int)pDesc, pBuffer, cbBuffer));
4477 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4478 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4479 else
4480 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4481 iIOBufferCur += dmalen;
4482 cbTotalTransfer -= dmalen;
4483 cbBuffer -= dmalen;
4484 pBuffer += dmalen;
4485 }
4486 if ( iIOBufferCur == iIOBufferEnd
4487 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4488 {
4489 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4490 cbElementaryTransfer = cbTotalTransfer;
4491
4492 {
4493 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4494 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4495 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4496 }
4497
4498 /* The RESET handler could have cleared the DMA transfer
4499 * state (since we didn't hold the lock until just now
4500 * the guest can continue in parallel). If so, the state
4501 * is already set up so the loop is exited immediately. */
4502 if (s->iSourceSink != ATAFN_SS_NULL)
4503 {
4504 s->iIOBufferCur = iIOBufferCur;
4505 s->iIOBufferEnd = iIOBufferEnd;
4506 s->cbElementaryTransfer = cbElementaryTransfer;
4507 s->cbTotalTransfer = cbTotalTransfer;
4508 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4509 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4510 if (RT_UNLIKELY(fRedo))
4511 {
4512 pCtl->pFirstDMADesc = pDesc;
4513 pCtl->pRedoDMABuffer = pBuffer;
4514 pCtl->cbRedoDMABuffer = cbBuffer;
4515 pCtl->fRedoDMALastDesc = fLastDesc;
4516 }
4517 else
4518 {
4519 cbTotalTransfer = s->cbTotalTransfer;
4520 cbElementaryTransfer = s->cbElementaryTransfer;
4521
4522 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4523 cbElementaryTransfer = cbTotalTransfer;
4524 iIOBufferCur = 0;
4525 iIOBufferEnd = cbElementaryTransfer;
4526 }
4527 pCtl->fRedo = fRedo;
4528 }
4529 else
4530 {
4531 /* This forces the loop to exit immediately. */
4532 pDesc = pCtl->pLastDMADesc + 1;
4533 }
4534
4535 PDMCritSectLeave(&pCtl->lock);
4536 if (RT_UNLIKELY(fRedo))
4537 break;
4538 }
4539 }
4540
4541 if (RT_UNLIKELY(fRedo))
4542 break;
4543
4544 /* end of transfer */
4545 if (!cbTotalTransfer || fLastDesc)
4546 break;
4547
4548 {
4549 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4550 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4551 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4552 }
4553
4554 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4555 {
4556 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4557 if (!pCtl->fReset)
4558 ataDMATransferStop(s);
4559 /* This forces the loop to exit immediately. */
4560 pDesc = pCtl->pLastDMADesc + 1;
4561 }
4562
4563 PDMCritSectLeave(&pCtl->lock);
4564 }
4565
4566 {
4567 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4568 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4569 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4570 }
4571
4572 if (RT_UNLIKELY(fRedo))
4573 return;
4574
4575 if (fLastDesc)
4576 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4577 s->cbTotalTransfer = cbTotalTransfer;
4578 s->cbElementaryTransfer = cbElementaryTransfer;
4579 s->iIOBufferCur = iIOBufferCur;
4580 s->iIOBufferEnd = iIOBufferEnd;
4581}
4582
4583/**
4584 * Signal PDM that we're idle (if we actually are).
4585 *
4586 * @param pCtl The controller.
4587 */
4588static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4589{
4590 /*
4591 * Take the mutex here and recheck the idle indicator to avoid
4592 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4593 */
4594 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4595
4596 if ( pCtl->fSignalIdle
4597 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4598 {
4599 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4600 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4601 }
4602
4603 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4604}
4605
4606/** Async I/O thread for an interface. Once upon a time this was readable
4607 * code with several loops and a different semaphore for each purpose. But
4608 * then came the "how can one save the state in the middle of a PIO transfer"
4609 * question. The solution was to use an ASM, which is what's there now. */
4610static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4611{
4612 const ATARequest *pReq;
4613 uint64_t u64TS = 0; /* shut up gcc */
4614 uint64_t uWait;
4615 int rc = VINF_SUCCESS;
4616 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4617 ATADevState *s;
4618
4619 pReq = NULL;
4620 pCtl->fChainedTransfer = false;
4621 while (!pCtl->fShutdown)
4622 {
4623 /* Keep this thread from doing anything as long as EMT is suspended. */
4624 while (pCtl->fRedoIdle)
4625 {
4626 if (pCtl->fSignalIdle)
4627 ataR3AsyncSignalIdle(pCtl);
4628 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4629 /* Continue if we got a signal by RTThreadPoke().
4630 * We will get notified if there is a request to process.
4631 */
4632 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4633 continue;
4634 if (RT_FAILURE(rc) || pCtl->fShutdown)
4635 break;
4636
4637 pCtl->fRedoIdle = false;
4638 }
4639
4640 /* Wait for work. */
4641 while (pReq == NULL)
4642 {
4643 if (pCtl->fSignalIdle)
4644 ataR3AsyncSignalIdle(pCtl);
4645 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4646 /* Continue if we got a signal by RTThreadPoke().
4647 * We will get notified if there is a request to process.
4648 */
4649 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4650 continue;
4651 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4652 break;
4653
4654 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4655 }
4656
4657 if (RT_FAILURE(rc) || pCtl->fShutdown)
4658 break;
4659
4660 if (pReq == NULL)
4661 continue;
4662
4663 ATAAIO ReqType = pReq->ReqType;
4664
4665 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4666 if (pCtl->uAsyncIOState != ReqType)
4667 {
4668 /* The new state is not the state that was expected by the normal
4669 * state changes. This is either a RESET/ABORT or there's something
4670 * really strange going on. */
4671 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4672 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4673 {
4674 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4675 ataAsyncIODumpRequests(pCtl);
4676 }
4677 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4678 }
4679
4680 /* Do our work. */
4681 {
4682 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4683 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4684 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4685 }
4686
4687 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4688 {
4689 u64TS = RTTimeNanoTS();
4690#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4691 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4692#endif /* DEBUG || VBOX_WITH_STATISTICS */
4693 }
4694
4695 switch (ReqType)
4696 {
4697 case ATA_AIO_NEW:
4698
4699 pCtl->iAIOIf = pReq->u.t.iIf;
4700 s = &pCtl->aIfs[pCtl->iAIOIf];
4701 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4702 s->uTxDir = pReq->u.t.uTxDir;
4703 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4704 s->iSourceSink = pReq->u.t.iSourceSink;
4705 s->iIOBufferEnd = 0;
4706 s->u64CmdTS = u64TS;
4707
4708 if (s->fATAPI)
4709 {
4710 if (pCtl->fChainedTransfer)
4711 {
4712 /* Only count the actual transfers, not the PIO
4713 * transfer of the ATAPI command bytes. */
4714 if (s->fDMA)
4715 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4716 else
4717 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4718 }
4719 }
4720 else
4721 {
4722 if (s->fDMA)
4723 STAM_REL_COUNTER_INC(&s->StatATADMA);
4724 else
4725 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4726 }
4727
4728 pCtl->fChainedTransfer = false;
4729
4730 if (s->iBeginTransfer != ATAFN_BT_NULL)
4731 {
4732 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4733 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4734 s->iBeginTransfer = ATAFN_BT_NULL;
4735 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4736 s->iIOBufferEnd = s->cbElementaryTransfer;
4737 }
4738 else
4739 {
4740 s->cbElementaryTransfer = s->cbTotalTransfer;
4741 s->iIOBufferEnd = s->cbTotalTransfer;
4742 }
4743 s->iIOBufferCur = 0;
4744
4745 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4746 {
4747 if (s->iSourceSink != ATAFN_SS_NULL)
4748 {
4749 bool fRedo;
4750 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4751 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4752 pCtl->fRedo = fRedo;
4753 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4754 {
4755 /* Operation failed at the initial transfer, restart
4756 * everything from scratch by resending the current
4757 * request. Occurs very rarely, not worth optimizing. */
4758 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4759 ataAsyncIOPutRequest(pCtl, pReq);
4760 break;
4761 }
4762 }
4763 else
4764 ataCmdOK(s, 0);
4765 s->iIOBufferEnd = s->cbElementaryTransfer;
4766
4767 }
4768
4769 /* Do not go into the transfer phase if RESET is asserted.
4770 * The CritSect is released while waiting for the host OS
4771 * to finish the I/O, thus RESET is possible here. Most
4772 * important: do not change uAsyncIOState. */
4773 if (pCtl->fReset)
4774 break;
4775
4776 if (s->fDMA)
4777 {
4778 if (s->cbTotalTransfer)
4779 {
4780 ataSetStatus(s, ATA_STAT_DRQ);
4781
4782 pCtl->uAsyncIOState = ATA_AIO_DMA;
4783 /* If BMDMA is already started, do the transfer now. */
4784 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4785 {
4786 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4787 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4788 }
4789 }
4790 else
4791 {
4792 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4793 /* Finish DMA transfer. */
4794 ataDMATransferStop(s);
4795 ataSetIRQ(s);
4796 pCtl->uAsyncIOState = ATA_AIO_NEW;
4797 }
4798 }
4799 else
4800 {
4801 if (s->cbTotalTransfer)
4802 {
4803 ataPIOTransfer(pCtl);
4804 Assert(!pCtl->fRedo);
4805 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4806 ataSetIRQ(s);
4807
4808 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4809 {
4810 /* Write operations and not yet finished transfers
4811 * must be completed in the async I/O thread. */
4812 pCtl->uAsyncIOState = ATA_AIO_PIO;
4813 }
4814 else
4815 {
4816 /* Finished read operation can be handled inline
4817 * in the end of PIO transfer handling code. Linux
4818 * depends on this, as it waits only briefly for
4819 * devices to become ready after incoming data
4820 * transfer. Cannot find anything in the ATA spec
4821 * that backs this assumption, but as all kernels
4822 * are affected (though most of the time it does
4823 * not cause any harm) this must work. */
4824 pCtl->uAsyncIOState = ATA_AIO_NEW;
4825 }
4826 }
4827 else
4828 {
4829 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4830 /* Finish PIO transfer. */
4831 ataPIOTransfer(pCtl);
4832 Assert(!pCtl->fRedo);
4833 if (!s->fATAPITransfer)
4834 ataSetIRQ(s);
4835 pCtl->uAsyncIOState = ATA_AIO_NEW;
4836 }
4837 }
4838 break;
4839
4840 case ATA_AIO_DMA:
4841 {
4842 BMDMAState *bm = &pCtl->BmDma;
4843 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4844 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4845
4846 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4847 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4848 else
4849 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4850
4851 if (RT_LIKELY(!pCtl->fRedo))
4852 {
4853 /* The specs say that the descriptor table must not cross a
4854 * 4K boundary. */
4855 pCtl->pFirstDMADesc = bm->pvAddr;
4856 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4857 }
4858 ataDMATransfer(pCtl);
4859
4860 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
4861 {
4862 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4863 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4864 break;
4865 }
4866
4867 /* The infamous delay IRQ hack. */
4868 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4869 && s->cbTotalTransfer == 0
4870 && pCtl->DelayIRQMillies)
4871 {
4872 /* Delay IRQ for writing. Required to get the Win2K
4873 * installation work reliably (otherwise it crashes,
4874 * usually during component install). So far no better
4875 * solution has been found. */
4876 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4877 PDMCritSectLeave(&pCtl->lock);
4878 RTThreadSleep(pCtl->DelayIRQMillies);
4879 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4880 }
4881
4882 ataUnsetStatus(s, ATA_STAT_DRQ);
4883 Assert(!pCtl->fChainedTransfer);
4884 Assert(s->iSourceSink == ATAFN_SS_NULL);
4885 if (s->fATAPITransfer)
4886 {
4887 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4888 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4889 s->fATAPITransfer = false;
4890 }
4891 ataSetIRQ(s);
4892 pCtl->uAsyncIOState = ATA_AIO_NEW;
4893 break;
4894 }
4895
4896 case ATA_AIO_PIO:
4897 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4898
4899 if (s->iSourceSink != ATAFN_SS_NULL)
4900 {
4901 bool fRedo;
4902 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4903 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4904 pCtl->fRedo = fRedo;
4905 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4906 {
4907 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4908 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4909 break;
4910 }
4911 s->iIOBufferCur = 0;
4912 s->iIOBufferEnd = s->cbElementaryTransfer;
4913 }
4914 else
4915 {
4916 /* Continue a previously started transfer. */
4917 ataUnsetStatus(s, ATA_STAT_BUSY);
4918 ataSetStatus(s, ATA_STAT_READY);
4919 }
4920
4921 /* It is possible that the drives on this controller get RESET
4922 * during the above call to the source/sink function. If that's
4923 * the case, don't restart the transfer and don't finish it the
4924 * usual way. RESET handling took care of all that already.
4925 * Most important: do not change uAsyncIOState. */
4926 if (pCtl->fReset)
4927 break;
4928
4929 if (s->cbTotalTransfer)
4930 {
4931 ataPIOTransfer(pCtl);
4932 ataSetIRQ(s);
4933
4934 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4935 {
4936 /* Write operations and not yet finished transfers
4937 * must be completed in the async I/O thread. */
4938 pCtl->uAsyncIOState = ATA_AIO_PIO;
4939 }
4940 else
4941 {
4942 /* Finished read operation can be handled inline
4943 * in the end of PIO transfer handling code. Linux
4944 * depends on this, as it waits only briefly for
4945 * devices to become ready after incoming data
4946 * transfer. Cannot find anything in the ATA spec
4947 * that backs this assumption, but as all kernels
4948 * are affected (though most of the time it does
4949 * not cause any harm) this must work. */
4950 pCtl->uAsyncIOState = ATA_AIO_NEW;
4951 }
4952 }
4953 else
4954 {
4955 /* Finish PIO transfer. */
4956 ataPIOTransfer(pCtl);
4957 if ( !pCtl->fChainedTransfer
4958 && !s->fATAPITransfer
4959 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4960 {
4961 ataSetIRQ(s);
4962 }
4963 pCtl->uAsyncIOState = ATA_AIO_NEW;
4964 }
4965 break;
4966
4967 case ATA_AIO_RESET_ASSERTED:
4968 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4969 ataPIOTransferStop(&pCtl->aIfs[0]);
4970 ataPIOTransferStop(&pCtl->aIfs[1]);
4971 /* Do not change the DMA registers, they are not affected by the
4972 * ATA controller reset logic. It should be sufficient to issue a
4973 * new command, which is now possible as the state is cleared. */
4974 break;
4975
4976 case ATA_AIO_RESET_CLEARED:
4977 pCtl->uAsyncIOState = ATA_AIO_NEW;
4978 pCtl->fReset = false;
4979 /* Ensure that half-completed transfers are not redone. A reset
4980 * cancels the entire transfer, so continuing is wrong. */
4981 pCtl->fRedo = false;
4982 pCtl->fRedoDMALastDesc = false;
4983 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4984 ATACONTROLLER_IDX(pCtl)));
4985 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4986 {
4987 if (pCtl->aIfs[i].fATAPI)
4988 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4989 else
4990 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4991 ataSetSignature(&pCtl->aIfs[i]);
4992 }
4993 break;
4994
4995 case ATA_AIO_ABORT:
4996 /* Abort the current command only if it operates on the same interface. */
4997 if (pCtl->iAIOIf == pReq->u.a.iIf)
4998 {
4999 s = &pCtl->aIfs[pCtl->iAIOIf];
5000
5001 pCtl->uAsyncIOState = ATA_AIO_NEW;
5002 /* Do not change the DMA registers, they are not affected by the
5003 * ATA controller reset logic. It should be sufficient to issue a
5004 * new command, which is now possible as the state is cleared. */
5005 if (pReq->u.a.fResetDrive)
5006 {
5007 ataResetDevice(s);
5008 ataExecuteDeviceDiagnosticSS(s);
5009 }
5010 else
5011 {
5012 /* Stop any pending DMA transfer. */
5013 s->fDMA = false;
5014 ataPIOTransferStop(s);
5015 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5016 ataSetStatus(s, ATA_STAT_READY);
5017 ataSetIRQ(s);
5018 }
5019 }
5020 break;
5021
5022 default:
5023 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5024 }
5025
5026 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5027 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5028
5029 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5030 {
5031#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5032 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5033#endif /* DEBUG || VBOX_WITH_STATISTICS */
5034
5035 u64TS = RTTimeNanoTS() - u64TS;
5036 uWait = u64TS / 1000;
5037 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5038 /* Mark command as finished. */
5039 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5040
5041 /*
5042 * Release logging of command execution times depends on the
5043 * command type. ATAPI commands often take longer (due to CD/DVD
5044 * spin up time etc.) so the threshold is different.
5045 */
5046 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5047 {
5048 if (uWait > 8 * 1000 * 1000)
5049 {
5050 /*
5051 * Command took longer than 8 seconds. This is close
5052 * enough or over the guest's command timeout, so place
5053 * an entry in the release log to allow tracking such
5054 * timing errors (which are often caused by the host).
5055 */
5056 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5057 }
5058 }
5059 else
5060 {
5061 if (uWait > 20 * 1000 * 1000)
5062 {
5063 /*
5064 * Command took longer than 20 seconds. This is close
5065 * enough or over the guest's command timeout, so place
5066 * an entry in the release log to allow tracking such
5067 * timing errors (which are often caused by the host).
5068 */
5069 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5070 }
5071 }
5072
5073#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5074 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5075 pCtl->StatAsyncMinWait = uWait;
5076 if (uWait > pCtl->StatAsyncMaxWait)
5077 pCtl->StatAsyncMaxWait = uWait;
5078
5079 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5080 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5081#endif /* DEBUG || VBOX_WITH_STATISTICS */
5082 }
5083
5084 PDMCritSectLeave(&pCtl->lock);
5085 }
5086
5087 /* Signal the ultimate idleness. */
5088 RTThreadUserSignal(pCtl->AsyncIOThread);
5089 if (pCtl->fSignalIdle)
5090 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5091
5092 /* Cleanup the state. */
5093 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5094 pCtl->fShutdown = false;
5095
5096 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5097 return rc;
5098}
5099
5100#endif /* IN_RING3 */
5101
5102static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5103{
5104 uint32_t val = pCtl->BmDma.u8Cmd;
5105 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5106 return val;
5107}
5108
5109
5110static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5111{
5112 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5113 if (!(val & BM_CMD_START))
5114 {
5115 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5116 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5117 }
5118 else
5119 {
5120#ifdef IN_RING3
5121 /* Check whether the guest OS wants to change DMA direction in
5122 * mid-flight. Not allowed, according to the PIIX3 specs. */
5123 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5124 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5125 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5126 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5127
5128 /* Do not continue DMA transfers while the RESET line is asserted. */
5129 if (pCtl->fReset)
5130 {
5131 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5132 return;
5133 }
5134
5135 /* Do not start DMA transfers if there's a PIO transfer going on,
5136 * or if there is already a transfer started on this controller. */
5137 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5138 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5139 return;
5140
5141 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5142 {
5143 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5144 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5145 }
5146#else /* !IN_RING3 */
5147 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5148#endif /* IN_RING3 */
5149 }
5150}
5151
5152static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5153{
5154 uint32_t val = pCtl->BmDma.u8Status;
5155 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5156 return val;
5157}
5158
5159static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5160{
5161 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5162 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5163 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5164 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5165}
5166
5167static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5168{
5169 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5170 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5171 return val;
5172}
5173
5174static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5175{
5176 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5177 pCtl->BmDma.pvAddr = val & ~3;
5178}
5179
5180static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5181{
5182 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5183 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5184
5185}
5186
5187static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5188{
5189 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5190 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5191}
5192
5193#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5194
5195/**
5196 * Port I/O Handler for bus master DMA IN operations.
5197 * @see FNIOMIOPORTIN for details.
5198 */
5199PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5200{
5201 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5202 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5203 PATACONTROLLER pCtl = &pThis->aCts[i];
5204 int rc;
5205
5206 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5207 if (rc != VINF_SUCCESS)
5208 return rc;
5209 switch (VAL(Port, cb))
5210 {
5211 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5212 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5213 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5214 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5215 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5216 case VAL(0, 4):
5217 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5218 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5219 break;
5220 default:
5221 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5222 PDMCritSectLeave(&pCtl->lock);
5223 return VERR_IOM_IOPORT_UNUSED;
5224 }
5225 PDMCritSectLeave(&pCtl->lock);
5226 return rc;
5227}
5228
5229/**
5230 * Port I/O Handler for bus master DMA OUT operations.
5231 * @see FNIOMIOPORTOUT for details.
5232 */
5233PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5234{
5235 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5236 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5237 PATACONTROLLER pCtl = &pThis->aCts[i];
5238 int rc;
5239
5240 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5241 if (rc != VINF_SUCCESS)
5242 return rc;
5243 switch (VAL(Port, cb))
5244 {
5245 case VAL(0, 1):
5246#ifndef IN_RING3
5247 if (u32 & BM_CMD_START)
5248 {
5249 rc = VINF_IOM_HC_IOPORT_WRITE;
5250 break;
5251 }
5252#endif /* !IN_RING3 */
5253 ataBMDMACmdWriteB(pCtl, Port, u32);
5254 break;
5255 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5256 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5257 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5258 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5259 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5260 }
5261 PDMCritSectLeave(&pCtl->lock);
5262 return rc;
5263}
5264
5265#undef VAL
5266
5267#ifdef IN_RING3
5268
5269/**
5270 * Callback function for mapping an PCI I/O region.
5271 *
5272 * @return VBox status code.
5273 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5274 * @param iRegion The region number.
5275 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5276 * I/O port, else it's a physical address.
5277 * This address is *NOT* relative to pci_mem_base like earlier!
5278 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5279 */
5280static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5281{
5282 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5283 int rc = VINF_SUCCESS;
5284 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5285 Assert(iRegion == 4);
5286 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5287
5288 /* Register the port range. */
5289 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5290 {
5291 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5292 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5293 AssertRC(rc2);
5294 if (rc2 < rc)
5295 rc = rc2;
5296
5297 if (pThis->fGCEnabled)
5298 {
5299 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5300 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5301 AssertRC(rc2);
5302 if (rc2 < rc)
5303 rc = rc2;
5304 }
5305 if (pThis->fR0Enabled)
5306 {
5307 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5308 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5309 AssertRC(rc2);
5310 if (rc2 < rc)
5311 rc = rc2;
5312 }
5313 }
5314 return rc;
5315}
5316
5317
5318/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5319
5320/**
5321 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5322 */
5323static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5324{
5325 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5326 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5327 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5328 return NULL;
5329}
5330
5331
5332/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5333
5334/**
5335 * Gets the pointer to the status LED of a unit.
5336 *
5337 * @returns VBox status code.
5338 * @param pInterface Pointer to the interface structure containing the called function pointer.
5339 * @param iLUN The unit which status LED we desire.
5340 * @param ppLed Where to store the LED pointer.
5341 */
5342static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5343{
5344 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5345 if (iLUN < 4)
5346 {
5347 switch (iLUN)
5348 {
5349 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5350 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5351 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5352 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5353 }
5354 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5355 return VINF_SUCCESS;
5356 }
5357 return VERR_PDM_LUN_NOT_FOUND;
5358}
5359
5360
5361/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5362
5363/**
5364 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5365 */
5366static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5367{
5368 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5369 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5370 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5371 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5372 return NULL;
5373}
5374
5375
5376/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5377
5378/**
5379 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5380 */
5381static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5382 uint32_t *piInstance, uint32_t *piLUN)
5383{
5384 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5385 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5386
5387 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5388 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5389 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5390
5391 *ppcszController = pDevIns->pReg->szName;
5392 *piInstance = pDevIns->iInstance;
5393 *piLUN = pIf->iLUN;
5394
5395 return VINF_SUCCESS;
5396}
5397#endif /* IN_RING3 */
5398
5399
5400/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5401
5402/**
5403 * Port I/O Handler for primary port range OUT operations.
5404 * @see FNIOMIOPORTOUT for details.
5405 */
5406PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5407{
5408 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5409 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5410 PATACONTROLLER pCtl = &pThis->aCts[i];
5411 int rc = VINF_SUCCESS;
5412
5413 Assert(i < 2);
5414
5415 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5416 if (rc != VINF_SUCCESS)
5417 return rc;
5418 if (cb == 1)
5419 rc = ataIOPortWriteU8(pCtl, Port, u32);
5420 else if (Port == pCtl->IOPortBase1)
5421 {
5422 Assert(cb == 2 || cb == 4);
5423 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5424 }
5425 else
5426 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5427 PDMCritSectLeave(&pCtl->lock);
5428 return rc;
5429}
5430
5431
5432/**
5433 * Port I/O Handler for primary port range IN operations.
5434 * @see FNIOMIOPORTIN for details.
5435 */
5436PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5437{
5438 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5439 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5440 PATACONTROLLER pCtl = &pThis->aCts[i];
5441 int rc = VINF_SUCCESS;
5442
5443 Assert(i < 2);
5444
5445 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5446 if (rc != VINF_SUCCESS)
5447 return rc;
5448 if (cb == 1)
5449 {
5450 rc = ataIOPortReadU8(pCtl, Port, pu32);
5451 }
5452 else if (Port == pCtl->IOPortBase1)
5453 {
5454 Assert(cb == 2 || cb == 4);
5455 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5456 if (cb == 2)
5457 *pu32 &= 0xffff;
5458 }
5459 else
5460 {
5461 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5462 rc = VERR_IOM_IOPORT_UNUSED;
5463 }
5464 PDMCritSectLeave(&pCtl->lock);
5465 return rc;
5466}
5467
5468#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5469/**
5470 * Port I/O Handler for primary port range IN string operations.
5471 * @see FNIOMIOPORTINSTRING for details.
5472 */
5473PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5474{
5475 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5476 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5477 PATACONTROLLER pCtl = &pThis->aCts[i];
5478 int rc = VINF_SUCCESS;
5479
5480 Assert(i < 2);
5481
5482 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5483 if (rc != VINF_SUCCESS)
5484 return rc;
5485 if (Port == pCtl->IOPortBase1)
5486 {
5487 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5488 RTGCPTR GCDst = *pGCPtrDst;
5489 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5490 Assert(cb == 2 || cb == 4);
5491
5492 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5493#ifndef IN_RING3
5494 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5495 if (!cTransAvailable)
5496 {
5497 PDMCritSectLeave(&pCtl->lock);
5498 return VINF_IOM_HC_IOPORT_READ;
5499 }
5500 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5501 cTransAvailable--;
5502#endif /* !IN_RING3 */
5503 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5504 * They are not performance-critical and generally shouldn't occur at all. */
5505 if (cTransAvailable > cTransfer)
5506 cTransAvailable = cTransfer;
5507 cbTransfer = cTransAvailable * cb;
5508
5509 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5510#ifndef IN_RING3
5511 /* Paranoia. */
5512 if (RT_FAILURE(rc))
5513 {
5514 PDMCritSectLeave(&pCtl->lock);
5515 AssertFailed();
5516 return VINF_IOM_HC_IOPORT_READ;
5517 }
5518#else
5519 Assert(rc == VINF_SUCCESS);
5520#endif
5521
5522 if (cbTransfer)
5523 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5524 s->iIOBufferPIODataStart += cbTransfer;
5525 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5526 *pcTransfer = cTransfer - cTransAvailable;
5527#ifdef IN_RING3
5528 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5529 ataPIOTransferFinish(pCtl, s);
5530#endif /* IN_RING3 */
5531 }
5532 PDMCritSectLeave(&pCtl->lock);
5533 return rc;
5534}
5535
5536
5537/**
5538 * Port I/O Handler for primary port range OUT string operations.
5539 * @see FNIOMIOPORTOUTSTRING for details.
5540 */
5541PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5542{
5543 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5544 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5545 PATACONTROLLER pCtl = &pThis->aCts[i];
5546 int rc;
5547
5548 Assert(i < 2);
5549
5550 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5551 if (rc != VINF_SUCCESS)
5552 return rc;
5553 if (Port == pCtl->IOPortBase1)
5554 {
5555 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5556 RTGCPTR GCSrc = *pGCPtrSrc;
5557 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5558 Assert(cb == 2 || cb == 4);
5559
5560 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5561#ifndef IN_RING3
5562 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5563 if (!cTransAvailable)
5564 {
5565 PDMCritSectLeave(&pCtl->lock);
5566 return VINF_IOM_HC_IOPORT_WRITE;
5567 }
5568 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5569 cTransAvailable--;
5570#endif /* !IN_RING3 */
5571 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5572 * They are not performance-critical and generally shouldn't occur at all. */
5573 if (cTransAvailable > cTransfer)
5574 cTransAvailable = cTransfer;
5575 cbTransfer = cTransAvailable * cb;
5576
5577 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5578#ifndef IN_RING3
5579 /* Paranoia. */
5580 if (RT_FAILURE(rc))
5581 {
5582 PDMCritSectLeave(&pCtl->lock);
5583 AssertFailed();
5584 return VINF_IOM_HC_IOPORT_WRITE;
5585 }
5586#else
5587 Assert(rc == VINF_SUCCESS);
5588#endif
5589
5590 if (cbTransfer)
5591 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5592 s->iIOBufferPIODataStart += cbTransfer;
5593 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5594 *pcTransfer = cTransfer - cTransAvailable;
5595#ifdef IN_RING3
5596 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5597 ataPIOTransferFinish(pCtl, s);
5598#endif /* IN_RING3 */
5599 }
5600 PDMCritSectLeave(&pCtl->lock);
5601 return rc;
5602}
5603#endif /* !IN_RING0 */
5604
5605/**
5606 * Port I/O Handler for secondary port range OUT operations.
5607 * @see FNIOMIOPORTOUT for details.
5608 */
5609PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5610{
5611 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5612 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5613 PATACONTROLLER pCtl = &pThis->aCts[i];
5614 int rc;
5615
5616 Assert(i < 2);
5617
5618 if (cb != 1)
5619 return VINF_SUCCESS;
5620 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5621 if (rc != VINF_SUCCESS)
5622 return rc;
5623 rc = ataControlWrite(pCtl, Port, u32);
5624 PDMCritSectLeave(&pCtl->lock);
5625 return rc;
5626}
5627
5628
5629/**
5630 * Port I/O Handler for secondary port range IN operations.
5631 * @see FNIOMIOPORTIN for details.
5632 */
5633PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5634{
5635 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5636 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5637 PATACONTROLLER pCtl = &pThis->aCts[i];
5638 int rc;
5639
5640 Assert(i < 2);
5641
5642 if (cb != 1)
5643 return VERR_IOM_IOPORT_UNUSED;
5644
5645 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5646 if (rc != VINF_SUCCESS)
5647 return rc;
5648 *pu32 = ataStatusRead(pCtl, Port);
5649 PDMCritSectLeave(&pCtl->lock);
5650 return VINF_SUCCESS;
5651}
5652
5653#ifdef IN_RING3
5654
5655
5656DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5657{
5658 if (s->pbIOBufferR3)
5659 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5660}
5661
5662
5663/**
5664 * @copydoc FNPDMDEVRELOCATE
5665 */
5666static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5667{
5668 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5669
5670 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5671 {
5672 pThis->aCts[i].pDevInsRC += offDelta;
5673 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5674 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5675 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5676 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5677 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5678 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5679 }
5680}
5681
5682
5683/**
5684 * Destroy a driver instance.
5685 *
5686 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5687 * resources can be freed correctly.
5688 *
5689 * @param pDevIns The device instance data.
5690 */
5691static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5692{
5693 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5694 int rc;
5695
5696 Log(("ataR3Destruct\n"));
5697 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
5698
5699 /*
5700 * Tell the async I/O threads to terminate.
5701 */
5702 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5703 {
5704 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5705 {
5706 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5707 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5708 AssertRC(rc);
5709 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5710 AssertRC(rc);
5711 }
5712 }
5713
5714 /*
5715 * Wait for the threads to terminate before destroying their resources.
5716 */
5717 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5718 {
5719 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5720 {
5721 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5722 if (RT_SUCCESS(rc))
5723 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5724 else
5725 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5726 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5727 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5728 }
5729 }
5730
5731 /*
5732 * Free resources.
5733 */
5734 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5735 {
5736 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5737 {
5738 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5739 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5740 }
5741 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5742 {
5743 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5744 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5745 }
5746 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5747 {
5748 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5749 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5750 }
5751
5752 /* try one final time */
5753 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5754 {
5755 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5756 if (RT_SUCCESS(rc))
5757 {
5758 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5759 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5760 }
5761 }
5762 }
5763
5764 return VINF_SUCCESS;
5765}
5766
5767
5768/**
5769 * Detach notification.
5770 *
5771 * The DVD drive has been unplugged.
5772 *
5773 * @param pDevIns The device instance.
5774 * @param iLUN The logical unit which is being detached.
5775 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5776 */
5777static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5778{
5779 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5780 PATACONTROLLER pCtl;
5781 ATADevState *pIf;
5782 unsigned iController;
5783 unsigned iInterface;
5784
5785 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5786 ("PIIX3IDE: Device does not support hotplugging\n"));
5787
5788 /*
5789 * Locate the controller and stuff.
5790 */
5791 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5792 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5793 pCtl = &pThis->aCts[iController];
5794
5795 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5796 pIf = &pCtl->aIfs[iInterface];
5797
5798 /*
5799 * Zero some important members.
5800 */
5801 pIf->pDrvBase = NULL;
5802 pIf->pDrvBlock = NULL;
5803 pIf->pDrvBlockBios = NULL;
5804 pIf->pDrvMount = NULL;
5805
5806 /*
5807 * In case there was a medium inserted.
5808 */
5809 ataMediumRemoved(pIf);
5810}
5811
5812
5813/**
5814 * Configure a LUN.
5815 *
5816 * @returns VBox status code.
5817 * @param pDevIns The device instance.
5818 * @param pIf The ATA unit state.
5819 */
5820static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5821{
5822 int rc = VINF_SUCCESS;
5823 PDMBLOCKTYPE enmType;
5824
5825 /*
5826 * Query Block, Bios and Mount interfaces.
5827 */
5828 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5829 if (!pIf->pDrvBlock)
5830 {
5831 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5832 return VERR_PDM_MISSING_INTERFACE;
5833 }
5834
5835 /** @todo implement the BIOS invisible code path. */
5836 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5837 if (!pIf->pDrvBlockBios)
5838 {
5839 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5840 return VERR_PDM_MISSING_INTERFACE;
5841 }
5842 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5843
5844 /*
5845 * Validate type.
5846 */
5847 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5848 if ( enmType != PDMBLOCKTYPE_CDROM
5849 && enmType != PDMBLOCKTYPE_DVD
5850 && enmType != PDMBLOCKTYPE_HARD_DISK)
5851 {
5852 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5853 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5854 }
5855 if ( ( enmType == PDMBLOCKTYPE_DVD
5856 || enmType == PDMBLOCKTYPE_CDROM)
5857 && !pIf->pDrvMount)
5858 {
5859 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5860 return VERR_INTERNAL_ERROR;
5861 }
5862 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5863 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5864
5865 /*
5866 * Allocate I/O buffer.
5867 */
5868 PVM pVM = PDMDevHlpGetVM(pDevIns);
5869 if (pIf->cbIOBuffer)
5870 {
5871 /* Buffer is (probably) already allocated. Validate the fields,
5872 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5873 if (pIf->fATAPI)
5874 AssertRelease(pIf->cbIOBuffer == _128K);
5875 else
5876 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5877 Assert(pIf->pbIOBufferR3);
5878 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5879 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5880 }
5881 else
5882 {
5883 if (pIf->fATAPI)
5884 pIf->cbIOBuffer = _128K;
5885 else
5886 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5887 Assert(!pIf->pbIOBufferR3);
5888 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5889 if (RT_FAILURE(rc))
5890 return VERR_NO_MEMORY;
5891 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5892 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5893 }
5894
5895 /*
5896 * Init geometry (only for non-CD/DVD media).
5897 */
5898 if (pIf->fATAPI)
5899 {
5900 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5901 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5902 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5903 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5904 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5905 }
5906 else
5907 {
5908 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5909 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5910 &pIf->PCHSGeometry);
5911 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5912 {
5913 pIf->PCHSGeometry.cCylinders = 0;
5914 pIf->PCHSGeometry.cHeads = 16; /*??*/
5915 pIf->PCHSGeometry.cSectors = 63; /*??*/
5916 }
5917 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5918 {
5919 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5920 rc = VINF_SUCCESS;
5921 }
5922 AssertRC(rc);
5923
5924 if ( pIf->PCHSGeometry.cCylinders == 0
5925 || pIf->PCHSGeometry.cHeads == 0
5926 || pIf->PCHSGeometry.cSectors == 0
5927 )
5928 {
5929 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5930 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5931 pIf->PCHSGeometry.cHeads = 16;
5932 pIf->PCHSGeometry.cSectors = 63;
5933 /* Set the disk geometry information. Ignore errors. */
5934 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5935 &pIf->PCHSGeometry);
5936 rc = VINF_SUCCESS;
5937 }
5938 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5939 }
5940 return rc;
5941}
5942
5943
5944/**
5945 * Attach command.
5946 *
5947 * This is called when we change block driver for the DVD drive.
5948 *
5949 * @returns VBox status code.
5950 * @param pDevIns The device instance.
5951 * @param iLUN The logical unit which is being detached.
5952 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5953 */
5954static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5955{
5956 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5957 PATACONTROLLER pCtl;
5958 ATADevState *pIf;
5959 int rc;
5960 unsigned iController;
5961 unsigned iInterface;
5962
5963 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5964 ("PIIX3IDE: Device does not support hotplugging\n"),
5965 VERR_INVALID_PARAMETER);
5966
5967 /*
5968 * Locate the controller and stuff.
5969 */
5970 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5971 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5972 pCtl = &pThis->aCts[iController];
5973
5974 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5975 pIf = &pCtl->aIfs[iInterface];
5976
5977 /* the usual paranoia */
5978 AssertRelease(!pIf->pDrvBase);
5979 AssertRelease(!pIf->pDrvBlock);
5980 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5981 Assert(pIf->iLUN == iLUN);
5982
5983 /*
5984 * Try attach the block device and get the interfaces,
5985 * required as well as optional.
5986 */
5987 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5988 if (RT_SUCCESS(rc))
5989 {
5990 rc = ataConfigLun(pDevIns, pIf);
5991 /*
5992 * In case there is a medium inserted.
5993 */
5994 ataMediumInserted(pIf);
5995 }
5996 else
5997 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5998
5999 if (RT_FAILURE(rc))
6000 {
6001 pIf->pDrvBase = NULL;
6002 pIf->pDrvBlock = NULL;
6003 }
6004 return rc;
6005}
6006
6007
6008/**
6009 * Resume notification.
6010 *
6011 * @returns VBox status.
6012 * @param pDevIns The device instance data.
6013 */
6014static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6015{
6016 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6017 int rc;
6018
6019 Log(("%s:\n", __FUNCTION__));
6020 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6021 {
6022 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6023 {
6024 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6025 AssertRC(rc);
6026 }
6027 }
6028 return;
6029}
6030
6031
6032/**
6033 * Checks if all (both) the async I/O threads have quiesced.
6034 *
6035 * @returns true on success.
6036 * @returns false when one or more threads is still processing.
6037 * @param pThis Pointer to the instance data.
6038 */
6039static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6040{
6041 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6042
6043 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6044 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6045 {
6046 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6047 if (!fRc)
6048 {
6049 /* Make it signal PDM & itself when its done */
6050 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6051 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6052 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6053 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6054 if (!fRc)
6055 {
6056#if 0 /** @todo Need to do some time tracking here... */
6057 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6058 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6059 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6060#endif
6061 return false;
6062 }
6063 }
6064 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6065 }
6066 return true;
6067}
6068
6069
6070/**
6071 * Callback employed by ataSuspend and ataR3PowerOff.
6072 *
6073 * @returns true if we've quiesced, false if we're still working.
6074 * @param pDevIns The device instance.
6075 */
6076static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6077{
6078 return ataR3AllAsyncIOIsIdle(pDevIns);
6079}
6080
6081
6082/**
6083 * Common worker for ataSuspend and ataR3PowerOff.
6084 */
6085static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6086{
6087 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6088 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6089}
6090
6091
6092/**
6093 * Power Off notification.
6094 *
6095 * @returns VBox status.
6096 * @param pDevIns The device instance data.
6097 */
6098static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6099{
6100 Log(("%s:\n", __FUNCTION__));
6101 ataR3SuspendOrPowerOff(pDevIns);
6102}
6103
6104
6105/**
6106 * Suspend notification.
6107 *
6108 * @returns VBox status.
6109 * @param pDevIns The device instance data.
6110 */
6111static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6112{
6113 Log(("%s:\n", __FUNCTION__));
6114 ataR3SuspendOrPowerOff(pDevIns);
6115}
6116
6117
6118/**
6119 * Callback employed by ataR3Reset.
6120 *
6121 * @returns true if we've quiesced, false if we're still working.
6122 * @param pDevIns The device instance.
6123 */
6124static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6125{
6126 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6127
6128 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6129 return false;
6130
6131 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6132 {
6133 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6134 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6135 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6136 PDMCritSectLeave(&pThis->aCts[i].lock);
6137 }
6138 return true;
6139}
6140
6141
6142/**
6143 * Common reset worker for ataR3Reset and ataR3Construct.
6144 *
6145 * @returns VBox status.
6146 * @param pDevIns The device instance data.
6147 * @param fConstruct Indicates who is calling.
6148 */
6149static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6150{
6151 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6152
6153 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6154 {
6155 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6156
6157 pThis->aCts[i].iSelectedIf = 0;
6158 pThis->aCts[i].iAIOIf = 0;
6159 pThis->aCts[i].BmDma.u8Cmd = 0;
6160 /* Report that both drives present on the bus are in DMA mode. This
6161 * pretends that there is a BIOS that has set it up. Normal reset
6162 * default is 0x00. */
6163 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6164 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6165 pThis->aCts[i].BmDma.pvAddr = 0;
6166
6167 pThis->aCts[i].fReset = true;
6168 pThis->aCts[i].fRedo = false;
6169 pThis->aCts[i].fRedoIdle = false;
6170 ataAsyncIOClearRequests(&pThis->aCts[i]);
6171 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6172 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6173 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6174
6175 PDMCritSectLeave(&pThis->aCts[i].lock);
6176 }
6177
6178 int rcRet = VINF_SUCCESS;
6179 if (!fConstruct)
6180 {
6181 /*
6182 * Setup asynchronous notification completion if the requests haven't
6183 * completed yet.
6184 */
6185 if (!ataR3IsAsyncResetDone(pDevIns))
6186 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6187 }
6188 else
6189 {
6190 /*
6191 * Wait for the requests for complete.
6192 *
6193 * Would be real nice if we could do it all from EMT(0) and not
6194 * involve the worker threads, then we could dispense with all the
6195 * waiting and semaphore ping-pong here...
6196 */
6197 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6198 {
6199 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6200 {
6201 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6202 AssertRC(rc);
6203
6204 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6205 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6206 AssertRC(rc);
6207
6208 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6209 AssertRC(rc);
6210
6211 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6212 {
6213 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6214 if (RT_FAILURE(rc))
6215 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6216 if (RT_FAILURE(rc))
6217 {
6218 AssertRC(rc);
6219 rcRet = rc;
6220 }
6221 }
6222 }
6223 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6224 }
6225 if (RT_SUCCESS(rcRet))
6226 {
6227 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6228 AssertRC(rcRet);
6229 }
6230 }
6231 return rcRet;
6232}
6233
6234
6235/**
6236 * Reset notification.
6237 *
6238 * @param pDevIns The device instance data.
6239 */
6240static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6241{
6242 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6243}
6244
6245
6246/**
6247 * Prepare state save and load operation.
6248 *
6249 * @returns VBox status code.
6250 * @param pDevIns Device instance of the device which registered the data unit.
6251 * @param pSSM SSM operation handle.
6252 */
6253static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6254{
6255 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6256
6257 /* sanity - the suspend notification will wait on the async stuff. */
6258 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6259 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6260 ("i=%u\n", i),
6261 VERR_SSM_IDE_ASYNC_TIMEOUT);
6262 return VINF_SUCCESS;
6263}
6264
6265/**
6266 * @copydoc FNSSMDEVLIVEEXEC
6267 */
6268static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6269{
6270 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6271
6272 SSMR3PutU8(pSSM, pThis->u8Type);
6273 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6274 {
6275 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6276 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6277 {
6278 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6279 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6280 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6281 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6282 }
6283 }
6284
6285 return VINF_SSM_DONT_CALL_AGAIN;
6286}
6287
6288
6289/**
6290 * @copydoc FNSSMDEVSAVEEXEC
6291 */
6292static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6293{
6294 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6295
6296 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6297
6298 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6299 {
6300 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6301 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6302 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6303 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6304 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6305 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6306 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6307 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6308 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6309 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6310 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6311 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6312 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6313
6314 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6315 {
6316 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6317 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6318 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6319 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6320 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6321 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6322 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6323 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6324 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6325 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6326 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6327 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6328 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6329 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6330 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6331 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6332 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6333 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6334 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6335 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6336 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6337 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6338 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6339 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6340 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6341 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6342 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6343 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6344 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6345 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6346 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6347 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6348 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6349 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6350 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6351 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6352 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6353 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6354 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6355 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6356 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6357 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6358 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6359 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6360 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6361 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6362 else
6363 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6364 }
6365 }
6366
6367 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6368}
6369
6370/**
6371 * Converts the LUN number into a message string.
6372 */
6373static const char *ataStringifyLun(unsigned iLun)
6374{
6375 switch (iLun)
6376 {
6377 case 0: return "primary master";
6378 case 1: return "primary slave";
6379 case 2: return "secondary master";
6380 case 3: return "secondary slave";
6381 default: AssertFailedReturn("unknown lun");
6382 }
6383}
6384
6385/**
6386 * FNSSMDEVLOADEXEC
6387 */
6388static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6389{
6390 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6391 int rc;
6392 uint32_t u32;
6393
6394 if ( uVersion != ATA_SAVED_STATE_VERSION
6395 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6396 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6397 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6398 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6399 {
6400 AssertMsgFailed(("uVersion=%d\n", uVersion));
6401 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6402 }
6403
6404 /*
6405 * Verify the configuration.
6406 */
6407 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6408 {
6409 uint8_t u8Type;
6410 rc = SSMR3GetU8(pSSM, &u8Type);
6411 AssertRCReturn(rc, rc);
6412 if (u8Type != pThis->u8Type)
6413 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6414
6415 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6416 {
6417 bool fEnabled;
6418 rc = SSMR3GetBool(pSSM, &fEnabled);
6419 AssertRCReturn(rc, rc);
6420 if (!fEnabled)
6421 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6422
6423 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6424 {
6425 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6426
6427 bool fInUse;
6428 rc = SSMR3GetBool(pSSM, &fInUse);
6429 AssertRCReturn(rc, rc);
6430 if (fInUse != (pIf->pDrvBase != NULL))
6431 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6432 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6433 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6434
6435 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6436 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6437 AssertRCReturn(rc, rc);
6438 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6439 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6440 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6441
6442 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6443 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6444 AssertRCReturn(rc, rc);
6445 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6446 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6447 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6448
6449 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6450 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6451 AssertRCReturn(rc, rc);
6452 if (strcmp(szModelNumber, pIf->szModelNumber))
6453 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6454 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6455 }
6456 }
6457 }
6458 if (uPass != SSM_PASS_FINAL)
6459 return VINF_SUCCESS;
6460
6461 /*
6462 * Restore valid parts of the PCIATAState structure
6463 */
6464 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6465 {
6466 /* integrity check */
6467 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6468 {
6469 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6470 return VERR_INTERNAL_ERROR_4;
6471 }
6472
6473 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6474 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6475 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6476 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6477 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6478 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6479 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6480 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6481 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6482 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6483 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6484 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6485 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6486
6487 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6488 {
6489 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6490 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6491 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6492 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6493 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6494 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6495 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6496 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6497 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6498 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6499 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6500 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6501 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6502 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6503 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6504 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6505 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6506 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6507 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6508 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6509 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6510 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6511 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6512 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6513 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6514 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6515 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6516 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6517 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6518 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6519 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6520 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6521 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6522 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6523 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6524 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6525 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6526 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6527 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6528 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6529 {
6530 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6531 }
6532 else
6533 {
6534 uint8_t uATAPISenseKey, uATAPIASC;
6535 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6536 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6537 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6538 SSMR3GetU8(pSSM, &uATAPISenseKey);
6539 SSMR3GetU8(pSSM, &uATAPIASC);
6540 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6541 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6542 }
6543 /** @todo triple-check this hack after passthrough is working */
6544 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6545 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6546 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6547 else
6548 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6549 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6550 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6551 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6552 {
6553 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6554 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6555 else
6556 {
6557 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6558 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6559 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6560
6561 /* skip the buffer if we're loading for the debugger / animator. */
6562 uint8_t u8Ignored;
6563 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6564 while (cbLeft-- > 0)
6565 SSMR3GetU8(pSSM, &u8Ignored);
6566 }
6567 }
6568 else
6569 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6570 }
6571 }
6572 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6573 SSMR3GetU8(pSSM, &pThis->u8Type);
6574
6575 rc = SSMR3GetU32(pSSM, &u32);
6576 if (RT_FAILURE(rc))
6577 return rc;
6578 if (u32 != ~0U)
6579 {
6580 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6581 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6582 return rc;
6583 }
6584
6585 return VINF_SUCCESS;
6586}
6587
6588/**
6589 * Convert config value to DEVPCBIOSBOOT.
6590 *
6591 * @returns VBox status code.
6592 * @param pDevIns The device instance data.
6593 * @param pCfg Configuration handle.
6594 * @param penmChipset Where to store the chipset type.
6595 */
6596static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
6597{
6598 char szType[20];
6599
6600 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
6601 if (RT_FAILURE(rc))
6602 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6603 N_("Configuration error: Querying \"Type\" as a string failed"));
6604 if (!strcmp(szType, "PIIX3"))
6605 *penmChipset = CHIPSET_PIIX3;
6606 else if (!strcmp(szType, "PIIX4"))
6607 *penmChipset = CHIPSET_PIIX4;
6608 else if (!strcmp(szType, "ICH6"))
6609 *penmChipset = CHIPSET_ICH6;
6610 else
6611 {
6612 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6613 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6614 szType);
6615 rc = VERR_INTERNAL_ERROR;
6616 }
6617 return rc;
6618}
6619
6620
6621/**
6622 * @interface_method_impl{PDMDEVREG,pfnConstruct}
6623 */
6624static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
6625{
6626 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6627 PPDMIBASE pBase;
6628 int rc;
6629 bool fGCEnabled;
6630 bool fR0Enabled;
6631 uint32_t DelayIRQMillies;
6632
6633 Assert(iInstance == 0);
6634 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
6635
6636 /*
6637 * Initialize NIL handle values (for the destructor).
6638 */
6639 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6640 {
6641 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6642 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6643 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6644 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6645 }
6646
6647 /*
6648 * Validate and read configuration.
6649 */
6650 if (!CFGMR3AreValuesValid(pCfg,
6651 "GCEnabled\0"
6652 "R0Enabled\0"
6653 "IRQDelay\0"
6654 "Type\0")
6655 /** @todo || invalid keys */)
6656 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6657 N_("PIIX3 configuration error: unknown option specified"));
6658
6659 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
6660 if (RT_FAILURE(rc))
6661 return PDMDEV_SET_ERROR(pDevIns, rc,
6662 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6663 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6664
6665 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
6666 if (RT_FAILURE(rc))
6667 return PDMDEV_SET_ERROR(pDevIns, rc,
6668 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6669 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6670
6671 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
6672 if (RT_FAILURE(rc))
6673 return PDMDEV_SET_ERROR(pDevIns, rc,
6674 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6675 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6676 Assert(DelayIRQMillies < 50);
6677
6678 CHIPSET enmChipset = CHIPSET_PIIX3;
6679 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
6680 if (RT_FAILURE(rc))
6681 return rc;
6682 pThis->u8Type = (uint8_t)enmChipset;
6683
6684 /*
6685 * Initialize data (most of it anyway).
6686 */
6687 /* Status LUN. */
6688 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6689 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6690
6691 /* PCI configuration space. */
6692 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6693
6694 /*
6695 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6696 * as it explicitly checks for PCI id for IDE controllers.
6697 */
6698 switch (pThis->u8Type)
6699 {
6700 case CHIPSET_ICH6:
6701 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6702 /** @todo: do we need it? Do we need anything else? */
6703 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6704 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6705 pThis->dev.config[0x4B] = 0x00;
6706 {
6707 /*
6708 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6709 * Report
6710 * WR_Ping-Pong_EN: must be set
6711 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6712 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6713 */
6714 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6715 pThis->dev.config[0x54] = u16Config & 0xff;
6716 pThis->dev.config[0x55] = u16Config >> 8;
6717 }
6718 break;
6719 case CHIPSET_PIIX4:
6720 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6721 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6722 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6723 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6724 pThis->dev.config[0x4B] = 0x00;
6725 break;
6726 case CHIPSET_PIIX3:
6727 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6728 break;
6729 default:
6730 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6731 }
6732
6733 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6734 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6735 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6736 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6737 PCIDevSetHeaderType(&pThis->dev, 0x00);
6738
6739 pThis->pDevIns = pDevIns;
6740 pThis->fGCEnabled = fGCEnabled;
6741 pThis->fR0Enabled = fR0Enabled;
6742 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6743 {
6744 pThis->aCts[i].pDevInsR3 = pDevIns;
6745 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6746 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6747 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6748 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6749 {
6750 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6751
6752 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6753 pIf->pDevInsR3 = pDevIns;
6754 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6755 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6756 pIf->pControllerR3 = &pThis->aCts[i];
6757 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6758 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6759 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6760 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6761 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6762 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
6763 pIf->Led.u32Magic = PDMLED_MAGIC;
6764 }
6765 }
6766
6767 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6768 pThis->aCts[0].irq = 14;
6769 pThis->aCts[0].IOPortBase1 = 0x1f0;
6770 pThis->aCts[0].IOPortBase2 = 0x3f6;
6771 pThis->aCts[1].irq = 15;
6772 pThis->aCts[1].IOPortBase1 = 0x170;
6773 pThis->aCts[1].IOPortBase2 = 0x376;
6774
6775 /*
6776 * Register the PCI device.
6777 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6778 * device the slot next to itself.
6779 */
6780 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6781 if (RT_FAILURE(rc))
6782 return PDMDEV_SET_ERROR(pDevIns, rc,
6783 N_("PIIX3 cannot register PCI device"));
6784 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6785 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6786 if (RT_FAILURE(rc))
6787 return PDMDEV_SET_ERROR(pDevIns, rc,
6788 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6789
6790 /*
6791 * Register the I/O ports.
6792 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6793 */
6794 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6795 {
6796 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6797 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6798 if (RT_FAILURE(rc))
6799 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6800
6801 if (fGCEnabled)
6802 {
6803 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6804 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6805 if (RT_FAILURE(rc))
6806 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6807 }
6808
6809 if (fR0Enabled)
6810 {
6811#if 1
6812 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6813 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6814#else
6815 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6816 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6817#endif
6818 if (RT_FAILURE(rc))
6819 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6820 }
6821
6822 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6823 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6824 if (RT_FAILURE(rc))
6825 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6826
6827 if (fGCEnabled)
6828 {
6829 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6830 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6831 if (RT_FAILURE(rc))
6832 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6833 }
6834 if (fR0Enabled)
6835 {
6836 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6837 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6838 if (RT_FAILURE(rc))
6839 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6840 }
6841
6842 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6843 {
6844 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6845 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6846 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6847 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6848 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6849 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6850 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
6851 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6852 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
6853#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6854 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6855 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
6856#endif
6857 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6858 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
6859#ifdef VBOX_INSTRUMENT_DMA_WRITES
6860 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6861 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
6862#endif
6863#ifdef VBOX_WITH_STATISTICS
6864 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6865 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
6866#endif
6867 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6868 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
6869#ifdef VBOX_WITH_STATISTICS
6870 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6871 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
6872#endif
6873 }
6874#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6875 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6876 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
6877 /** @todo STAMUNIT_MICROSECS */
6878 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6879 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
6880 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6881 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
6882 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6883 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
6884 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6885 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
6886 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6887 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
6888#endif /* VBOX_WITH_STATISTICS */
6889
6890 /* Initialize per-controller critical section */
6891 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
6892 if (RT_FAILURE(rc))
6893 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6894 }
6895
6896 /*
6897 * Attach status driver (optional).
6898 */
6899 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6900 if (RT_SUCCESS(rc))
6901 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
6902 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6903 {
6904 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6905 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6906 }
6907
6908 /*
6909 * Attach the units.
6910 */
6911 uint32_t cbTotalBuffer = 0;
6912 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6913 {
6914 PATACONTROLLER pCtl = &pThis->aCts[i];
6915
6916 /*
6917 * Start the worker thread.
6918 */
6919 pCtl->uAsyncIOState = ATA_AIO_NEW;
6920 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6921 AssertLogRelRCReturn(rc, rc);
6922 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6923 AssertLogRelRCReturn(rc, rc);
6924 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6925 AssertLogRelRCReturn(rc, rc);
6926 ataAsyncIOClearRequests(pCtl);
6927 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
6928 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6929 AssertLogRelRCReturn(rc, rc);
6930 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6931 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6932
6933 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6934 {
6935 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6936 {
6937 { "Primary Master", "Primary Slave" },
6938 { "Secondary Master", "Secondary Slave" }
6939 };
6940
6941 /*
6942 * Try attach the block device and get the interfaces,
6943 * required as well as optional.
6944 */
6945 ATADevState *pIf = &pCtl->aIfs[j];
6946
6947 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6948 if (RT_SUCCESS(rc))
6949 {
6950 rc = ataConfigLun(pDevIns, pIf);
6951 if (RT_SUCCESS(rc))
6952 {
6953 /*
6954 * Init vendor product data.
6955 */
6956 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6957 {
6958 { "PrimaryMaster", "PrimarySlave" },
6959 { "SecondaryMaster", "SecondarySlave" }
6960 };
6961
6962 /* Generate a default serial number. */
6963 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6964 RTUUID Uuid;
6965 if (pIf->pDrvBlock)
6966 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6967 else
6968 RTUuidClear(&Uuid);
6969
6970 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6971 {
6972 /* Generate a predictable serial for drives which don't have a UUID. */
6973 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6974 pIf->iLUN + pDevIns->iInstance * 32,
6975 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6976 }
6977 else
6978 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6979
6980 /* Get user config if present using defaults otherwise. */
6981 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
6982 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6983 szSerial);
6984 if (RT_FAILURE(rc))
6985 {
6986 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6987 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6988 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6989 return PDMDEV_SET_ERROR(pDevIns, rc,
6990 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6991 }
6992
6993 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6994 "1.0");
6995 if (RT_FAILURE(rc))
6996 {
6997 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6998 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6999 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7000 return PDMDEV_SET_ERROR(pDevIns, rc,
7001 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7002 }
7003
7004 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7005 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7006 if (RT_FAILURE(rc))
7007 {
7008 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7009 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7010 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7011 return PDMDEV_SET_ERROR(pDevIns, rc,
7012 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7013 }
7014
7015 /* There are three other identification strings for CD drives used for INQUIRY */
7016 if (pIf->fATAPI)
7017 {
7018 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7019 "VBOX");
7020 if (RT_FAILURE(rc))
7021 {
7022 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7023 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7024 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7025 return PDMDEV_SET_ERROR(pDevIns, rc,
7026 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7027 }
7028
7029 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7030 "CD-ROM");
7031 if (RT_FAILURE(rc))
7032 {
7033 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7034 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7035 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7036 return PDMDEV_SET_ERROR(pDevIns, rc,
7037 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7038 }
7039
7040 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7041 "1.0");
7042 if (RT_FAILURE(rc))
7043 {
7044 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7045 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7046 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7047 return PDMDEV_SET_ERROR(pDevIns, rc,
7048 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7049 }
7050 }
7051 }
7052
7053 }
7054 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7055 {
7056 pIf->pDrvBase = NULL;
7057 pIf->pDrvBlock = NULL;
7058 pIf->cbIOBuffer = 0;
7059 pIf->pbIOBufferR3 = NULL;
7060 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7061 pIf->pbIOBufferRC = NIL_RTGCPTR;
7062 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7063 }
7064 else
7065 {
7066 switch (rc)
7067 {
7068 case VERR_ACCESS_DENIED:
7069 /* Error already cached by DrvHostBase */
7070 return rc;
7071 default:
7072 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7073 N_("PIIX3 cannot attach drive to the %s"),
7074 s_apszDescs[i][j]);
7075 }
7076 }
7077 cbTotalBuffer += pIf->cbIOBuffer;
7078 }
7079 }
7080
7081 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7082 NULL, ataLiveExec, NULL,
7083 ataSaveLoadPrep, ataSaveExec, NULL,
7084 ataSaveLoadPrep, ataLoadExec, NULL);
7085 if (RT_FAILURE(rc))
7086 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7087
7088 /*
7089 * Initialize the device state.
7090 */
7091 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7092}
7093
7094
7095/**
7096 * The device registration structure.
7097 */
7098const PDMDEVREG g_DevicePIIX3IDE =
7099{
7100 /* u32Version */
7101 PDM_DEVREG_VERSION,
7102 /* szName */
7103 "piix3ide",
7104 /* szRCMod */
7105 "VBoxDDGC.gc",
7106 /* szR0Mod */
7107 "VBoxDDR0.r0",
7108 /* pszDescription */
7109 "Intel PIIX3 ATA controller.\n"
7110 " LUN #0 is primary master.\n"
7111 " LUN #1 is primary slave.\n"
7112 " LUN #2 is secondary master.\n"
7113 " LUN #3 is secondary slave.\n"
7114 " LUN #999 is the LED/Status connector.",
7115 /* fFlags */
7116 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7117 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7118 /* fClass */
7119 PDM_DEVREG_CLASS_STORAGE,
7120 /* cMaxInstances */
7121 1,
7122 /* cbInstance */
7123 sizeof(PCIATAState),
7124 /* pfnConstruct */
7125 ataR3Construct,
7126 /* pfnDestruct */
7127 ataR3Destruct,
7128 /* pfnRelocate */
7129 ataR3Relocate,
7130 /* pfnIOCtl */
7131 NULL,
7132 /* pfnPowerOn */
7133 NULL,
7134 /* pfnReset */
7135 ataR3Reset,
7136 /* pfnSuspend */
7137 ataR3Suspend,
7138 /* pfnResume */
7139 ataR3Resume,
7140 /* pfnAttach */
7141 ataR3Attach,
7142 /* pfnDetach */
7143 ataR3Detach,
7144 /* pfnQueryInterface. */
7145 NULL,
7146 /* pfnInitComplete */
7147 NULL,
7148 /* pfnPowerOff */
7149 ataR3PowerOff,
7150 /* pfnSoftReset */
7151 NULL,
7152 /* u32VersionEnd */
7153 PDM_DEVREG_VERSION
7154};
7155#endif /* IN_RING3 */
7156#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette