VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 48721

Last change on this file since 48721 was 48721, checked in by vboxsync, 11 years ago

Storage/ATA,AHCI: Fix newer Linux kernels not detecting a disk as SSD. The ATA major version must be at least 7

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 290.1 KB
Line 
1/* $Id: DevATA.cpp 48721 2013-09-26 19:37:59Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2013 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "ATAPIPassthrough.h"
63#include "VBoxDD.h"
64
65/*******************************************************************************
66* Defined Constants And Macros *
67*******************************************************************************/
68/**
69 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
70 * Set to 1 to disable multi-sector read support. According to the ATA
71 * specification this must be a power of 2 and it must fit in an 8 bit
72 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
73 */
74#define ATA_MAX_MULT_SECTORS 128
75
76/**
77 * Fastest PIO mode supported by the drive.
78 */
79#define ATA_PIO_MODE_MAX 4
80/**
81 * Fastest MDMA mode supported by the drive.
82 */
83#define ATA_MDMA_MODE_MAX 2
84/**
85 * Fastest UDMA mode supported by the drive.
86 */
87#define ATA_UDMA_MODE_MAX 6
88
89/** ATAPI sense info size. */
90#define ATAPI_SENSE_SIZE 64
91
92/** The maximum number of release log entries per device. */
93#define MAX_LOG_REL_ERRORS 1024
94
95/* MediaEventStatus */
96#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
97#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
98#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
99#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
100#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
101
102/* Media track type */
103#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
104#define ATA_MEDIA_NO_DISC 0x70 /**< Door closed, no medium */
105
106/*******************************************************************************
107* Structures and Typedefs *
108*******************************************************************************/
109/**
110 * The state of an ATA device.
111 *
112 * @implements PDMIBASE
113 * @implements PDMIBLOCKPORT
114 * @implements PDMIMOUNTNOTIFY
115 */
116typedef struct ATADevState
117{
118 /** Flag indicating whether the current command uses LBA48 mode. */
119 bool fLBA48;
120 /** Flag indicating whether this drive implements the ATAPI command set. */
121 bool fATAPI;
122 /** Set if this interface has asserted the IRQ. */
123 bool fIrqPending;
124 /** Currently configured number of sectors in a multi-sector transfer. */
125 uint8_t cMultSectors;
126 /** PCHS disk geometry. */
127 PDMMEDIAGEOMETRY PCHSGeometry;
128 /** Total number of sectors on this disk. */
129 uint64_t cTotalSectors;
130 /** Sector size of the medium. */
131 uint32_t cbSector;
132 /** Number of sectors to transfer per IRQ. */
133 uint32_t cSectorsPerIRQ;
134
135 /** ATA/ATAPI register 1: feature (write-only). */
136 uint8_t uATARegFeature;
137 /** ATA/ATAPI register 1: feature, high order byte. */
138 uint8_t uATARegFeatureHOB;
139 /** ATA/ATAPI register 1: error (read-only). */
140 uint8_t uATARegError;
141 /** ATA/ATAPI register 2: sector count (read/write). */
142 uint8_t uATARegNSector;
143 /** ATA/ATAPI register 2: sector count, high order byte. */
144 uint8_t uATARegNSectorHOB;
145 /** ATA/ATAPI register 3: sector (read/write). */
146 uint8_t uATARegSector;
147 /** ATA/ATAPI register 3: sector, high order byte. */
148 uint8_t uATARegSectorHOB;
149 /** ATA/ATAPI register 4: cylinder low (read/write). */
150 uint8_t uATARegLCyl;
151 /** ATA/ATAPI register 4: cylinder low, high order byte. */
152 uint8_t uATARegLCylHOB;
153 /** ATA/ATAPI register 5: cylinder high (read/write). */
154 uint8_t uATARegHCyl;
155 /** ATA/ATAPI register 5: cylinder high, high order byte. */
156 uint8_t uATARegHCylHOB;
157 /** ATA/ATAPI register 6: select drive/head (read/write). */
158 uint8_t uATARegSelect;
159 /** ATA/ATAPI register 7: status (read-only). */
160 uint8_t uATARegStatus;
161 /** ATA/ATAPI register 7: command (write-only). */
162 uint8_t uATARegCommand;
163 /** ATA/ATAPI drive control register (write-only). */
164 uint8_t uATARegDevCtl;
165
166 /** Currently active transfer mode (MDMA/UDMA) and speed. */
167 uint8_t uATATransferMode;
168 /** Current transfer direction. */
169 uint8_t uTxDir;
170 /** Index of callback for begin transfer. */
171 uint8_t iBeginTransfer;
172 /** Index of callback for source/sink of data. */
173 uint8_t iSourceSink;
174 /** Flag indicating whether the current command transfers data in DMA mode. */
175 bool fDMA;
176 /** Set to indicate that ATAPI transfer semantics must be used. */
177 bool fATAPITransfer;
178
179 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
180 uint32_t cbTotalTransfer;
181 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
182 uint32_t cbElementaryTransfer;
183 /** Maximum ATAPI elementary transfer size, PIO only. */
184 uint32_t cbPIOTransferLimit;
185 /** Current read/write buffer position, shared PIO/DMA. */
186 uint32_t iIOBufferCur;
187 /** First element beyond end of valid buffer content, shared PIO/DMA. */
188 uint32_t iIOBufferEnd;
189
190 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
191 uint32_t iIOBufferPIODataStart;
192 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
193 uint32_t iIOBufferPIODataEnd;
194
195 /** ATAPI current LBA position. */
196 uint32_t iATAPILBA;
197 /** ATAPI current sector size. */
198 uint32_t cbATAPISector;
199 /** ATAPI current command. */
200 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
201 /** ATAPI sense data. */
202 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
203 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
204 uint8_t cNotifiedMediaChange;
205 /** The same for GET_EVENT_STATUS for mechanism */
206 volatile uint32_t MediaEventStatus;
207
208 /** Media type if known. */
209 volatile uint32_t MediaTrackType;
210
211 /** The status LED state for this drive. */
212 PDMLED Led;
213
214 /** Size of I/O buffer. */
215 uint32_t cbIOBuffer;
216 /** Pointer to the I/O buffer. */
217 R3PTRTYPE(uint8_t *) pbIOBufferR3;
218 /** Pointer to the I/O buffer. */
219 R0PTRTYPE(uint8_t *) pbIOBufferR0;
220 /** Pointer to the I/O buffer. */
221 RCPTRTYPE(uint8_t *) pbIOBufferRC;
222
223 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
224
225 /*
226 * No data that is part of the saved state after this point!!!!!
227 */
228
229 /* Release statistics: number of ATA DMA commands. */
230 STAMCOUNTER StatATADMA;
231 /* Release statistics: number of ATA PIO commands. */
232 STAMCOUNTER StatATAPIO;
233 /* Release statistics: number of ATAPI PIO commands. */
234 STAMCOUNTER StatATAPIDMA;
235 /* Release statistics: number of ATAPI PIO commands. */
236 STAMCOUNTER StatATAPIPIO;
237#ifdef VBOX_INSTRUMENT_DMA_WRITES
238 /* Release statistics: number of DMA sector writes and the time spent. */
239 STAMPROFILEADV StatInstrVDWrites;
240#endif
241
242 /** Statistics: number of read operations and the time spent reading. */
243 STAMPROFILEADV StatReads;
244 /** Statistics: number of bytes read. */
245 STAMCOUNTER StatBytesRead;
246 /** Statistics: number of write operations and the time spent writing. */
247 STAMPROFILEADV StatWrites;
248 /** Statistics: number of bytes written. */
249 STAMCOUNTER StatBytesWritten;
250 /** Statistics: number of flush operations and the time spend flushing. */
251 STAMPROFILE StatFlushes;
252
253 /** Mark the drive as having a non-rotational medium (i.e. as a SSD). */
254 bool fNonRotational;
255 /** Enable passing through commands directly to the ATAPI drive. */
256 bool fATAPIPassthrough;
257 /** Flag whether to overwrite inquiry data in passthrough mode. */
258 bool fOverwriteInquiry;
259 /** Number of errors we've reported to the release log.
260 * This is to prevent flooding caused by something going horribly wrong.
261 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
262 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
263 uint32_t cErrors;
264 /** Timestamp of last started command. 0 if no command pending. */
265 uint64_t u64CmdTS;
266
267 /** Pointer to the attached driver's base interface. */
268 R3PTRTYPE(PPDMIBASE) pDrvBase;
269 /** Pointer to the attached driver's block interface. */
270 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
271 /** Pointer to the attached driver's block bios interface. */
272 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
273 /** Pointer to the attached driver's mount interface.
274 * This is NULL if the driver isn't a removable unit. */
275 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
276 /** The base interface. */
277 PDMIBASE IBase;
278 /** The block port interface. */
279 PDMIBLOCKPORT IPort;
280 /** The mount notify interface. */
281 PDMIMOUNTNOTIFY IMountNotify;
282 /** The LUN #. */
283 RTUINT iLUN;
284 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
285 /** Pointer to device instance. */
286 PPDMDEVINSR3 pDevInsR3;
287 /** Pointer to controller instance. */
288 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
289 /** Pointer to device instance. */
290 PPDMDEVINSR0 pDevInsR0;
291 /** Pointer to controller instance. */
292 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
293 /** Pointer to device instance. */
294 PPDMDEVINSRC pDevInsRC;
295 /** Pointer to controller instance. */
296 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
297
298 /** The serial number to use for IDENTIFY DEVICE commands. */
299 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
300 /** The firmware revision to use for IDENTIFY DEVICE commands. */
301 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
302 /** The model number to use for IDENTIFY DEVICE commands. */
303 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
304 /** The vendor identification string for SCSI INQUIRY commands. */
305 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
306 /** The product identification string for SCSI INQUIRY commands. */
307 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
308 /** The revision string for SCSI INQUIRY commands. */
309 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
310 /** The current tracklist of the loaded medium if passthrough is used. */
311 R3PTRTYPE(PTRACKLIST) pTrackList;
312
313 uint8_t abAlignment4[HC_ARCH_BITS == 64 ? 7 : 3];
314} ATADevState;
315AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
316AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
317AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
318AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
319AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
320AssertCompileSizeAlignment(ATADevState, 8);
321
322
323typedef struct ATATransferRequest
324{
325 uint8_t iIf;
326 uint8_t iBeginTransfer;
327 uint8_t iSourceSink;
328 uint32_t cbTotalTransfer;
329 uint8_t uTxDir;
330} ATATransferRequest;
331
332
333typedef struct ATAAbortRequest
334{
335 uint8_t iIf;
336 bool fResetDrive;
337} ATAAbortRequest;
338
339
340typedef enum
341{
342 /** Begin a new transfer. */
343 ATA_AIO_NEW = 0,
344 /** Continue a DMA transfer. */
345 ATA_AIO_DMA,
346 /** Continue a PIO transfer. */
347 ATA_AIO_PIO,
348 /** Reset the drives on current controller, stop all transfer activity. */
349 ATA_AIO_RESET_ASSERTED,
350 /** Reset the drives on current controller, resume operation. */
351 ATA_AIO_RESET_CLEARED,
352 /** Abort the current transfer of a particular drive. */
353 ATA_AIO_ABORT
354} ATAAIO;
355
356
357typedef struct ATARequest
358{
359 ATAAIO ReqType;
360 union
361 {
362 ATATransferRequest t;
363 ATAAbortRequest a;
364 } u;
365} ATARequest;
366
367
368typedef struct ATACONTROLLER
369{
370 /** The base of the first I/O Port range. */
371 RTIOPORT IOPortBase1;
372 /** The base of the second I/O Port range. (0 if none) */
373 RTIOPORT IOPortBase2;
374 /** The assigned IRQ. */
375 RTUINT irq;
376 /** Access critical section */
377 PDMCRITSECT lock;
378
379 /** Selected drive. */
380 uint8_t iSelectedIf;
381 /** The interface on which to handle async I/O. */
382 uint8_t iAIOIf;
383 /** The state of the async I/O thread. */
384 uint8_t uAsyncIOState;
385 /** Flag indicating whether the next transfer is part of the current command. */
386 bool fChainedTransfer;
387 /** Set when the reset processing is currently active on this controller. */
388 bool fReset;
389 /** Flag whether the current transfer needs to be redone. */
390 bool fRedo;
391 /** Flag whether the redo suspend has been finished. */
392 bool fRedoIdle;
393 /** Flag whether the DMA operation to be redone is the final transfer. */
394 bool fRedoDMALastDesc;
395 /** The BusMaster DMA state. */
396 BMDMAState BmDma;
397 /** Pointer to first DMA descriptor. */
398 RTGCPHYS32 pFirstDMADesc;
399 /** Pointer to last DMA descriptor. */
400 RTGCPHYS32 pLastDMADesc;
401 /** Pointer to current DMA buffer (for redo operations). */
402 RTGCPHYS32 pRedoDMABuffer;
403 /** Size of current DMA buffer (for redo operations). */
404 uint32_t cbRedoDMABuffer;
405
406 /** The ATA/ATAPI interfaces of this controller. */
407 ATADevState aIfs[2];
408
409 /** Pointer to device instance. */
410 PPDMDEVINSR3 pDevInsR3;
411 /** Pointer to device instance. */
412 PPDMDEVINSR0 pDevInsR0;
413 /** Pointer to device instance. */
414 PPDMDEVINSRC pDevInsRC;
415
416 /** Set when the destroying the device instance and the thread must exit. */
417 uint32_t volatile fShutdown;
418 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
419 RTTHREAD AsyncIOThread;
420 /** The event semaphore the thread is waiting on for requests. */
421 RTSEMEVENT AsyncIOSem;
422 /** The request queue for the AIO thread. One element is always unused. */
423 ATARequest aAsyncIORequests[4];
424 /** The position at which to insert a new request for the AIO thread. */
425 volatile uint8_t AsyncIOReqHead;
426 /** The position at which to get a new request for the AIO thread. */
427 volatile uint8_t AsyncIOReqTail;
428 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
429 bool volatile fSignalIdle;
430 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
431 /** Magic delay before triggering interrupts in DMA mode. */
432 uint32_t DelayIRQMillies;
433 /** The mutex protecting the request queue. */
434 RTSEMMUTEX AsyncIORequestMutex;
435 /** The event semaphore the thread is waiting on during suspended I/O. */
436 RTSEMEVENT SuspendIOSem;
437#if 0 /*HC_ARCH_BITS == 32*/
438 uint32_t Alignment0;
439#endif
440
441 /** Timestamp we started the reset. */
442 uint64_t u64ResetTime;
443
444 /* Statistics */
445 STAMCOUNTER StatAsyncOps;
446 uint64_t StatAsyncMinWait;
447 uint64_t StatAsyncMaxWait;
448 STAMCOUNTER StatAsyncTimeUS;
449 STAMPROFILEADV StatAsyncTime;
450 STAMPROFILE StatLockWait;
451} ATACONTROLLER, *PATACONTROLLER;
452AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
453AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
456
457typedef enum CHIPSET
458{
459 /** PIIX3 chipset, must be 0 for saved state compatibility */
460 CHIPSET_PIIX3 = 0,
461 /** PIIX4 chipset, must be 1 for saved state compatibility */
462 CHIPSET_PIIX4 = 1,
463 /** ICH6 chipset */
464 CHIPSET_ICH6 = 2
465} CHIPSET;
466
467/**
468 * The state of the ATA PCI device.
469 *
470 * @extends PCIDEVICE
471 * @implements PDMILEDPORTS
472 */
473typedef struct PCIATAState
474{
475 PCIDEVICE dev;
476 /** The controllers. */
477 ATACONTROLLER aCts[2];
478 /** Pointer to device instance. */
479 PPDMDEVINSR3 pDevIns;
480 /** Status LUN: Base interface. */
481 PDMIBASE IBase;
482 /** Status LUN: Leds interface. */
483 PDMILEDPORTS ILeds;
484 /** Status LUN: Partner of ILeds. */
485 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
486 /** Status LUN: Media Notify. */
487 R3PTRTYPE(PPDMIMEDIANOTIFY) pMediaNotify;
488 /** Flag whether GC is enabled. */
489 bool fGCEnabled;
490 /** Flag whether R0 is enabled. */
491 bool fR0Enabled;
492 /** Flag indicating chipset being emulated. */
493 uint8_t u8Type;
494 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
495} PCIATAState;
496
497#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
498#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
499#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
500#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
501#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
502#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
503
504#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
505
506#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
507#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
508#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
509#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
510#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
511
512#ifndef VBOX_DEVICE_STRUCT_TESTCASE
513/*******************************************************************************
514 * Internal Functions *
515 ******************************************************************************/
516RT_C_DECLS_BEGIN
517PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
518PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
521PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
522PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
523PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
524PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
525RT_C_DECLS_END
526
527
528
529DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
530{
531 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
532
533 /* Freeze status register contents while processing RESET. */
534 if (!pCtl->fReset)
535 {
536 s->uATARegStatus = stat;
537 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
538 }
539}
540
541
542DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
543{
544 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
545
546 /* Freeze status register contents while processing RESET. */
547 if (!pCtl->fReset)
548 {
549 s->uATARegStatus |= stat;
550 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
551 }
552}
553
554
555DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
556{
557 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
558
559 /* Freeze status register contents while processing RESET. */
560 if (!pCtl->fReset)
561 {
562 s->uATARegStatus &= ~stat;
563 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
564 }
565}
566
567#ifdef IN_RING3
568
569typedef void (*PBeginTransferFunc)(ATADevState *);
570typedef bool (*PSourceSinkFunc)(ATADevState *);
571
572static void ataReadWriteSectorsBT(ATADevState *);
573static void ataPacketBT(ATADevState *);
574static void atapiCmdBT(ATADevState *);
575static void atapiPassthroughCmdBT(ATADevState *);
576
577static bool ataIdentifySS(ATADevState *);
578static bool ataFlushSS(ATADevState *);
579static bool ataReadSectorsSS(ATADevState *);
580static bool ataWriteSectorsSS(ATADevState *);
581static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
582static bool ataTrimSS(ATADevState *);
583static bool ataPacketSS(ATADevState *);
584static bool atapiGetConfigurationSS(ATADevState *);
585static bool atapiGetEventStatusNotificationSS(ATADevState *);
586static bool atapiIdentifySS(ATADevState *);
587static bool atapiInquirySS(ATADevState *);
588static bool atapiMechanismStatusSS(ATADevState *);
589static bool atapiModeSenseErrorRecoverySS(ATADevState *);
590static bool atapiModeSenseCDStatusSS(ATADevState *);
591static bool atapiReadSS(ATADevState *);
592static bool atapiReadCapacitySS(ATADevState *);
593static bool atapiReadDiscInformationSS(ATADevState *);
594static bool atapiReadTOCNormalSS(ATADevState *);
595static bool atapiReadTOCMultiSS(ATADevState *);
596static bool atapiReadTOCRawSS(ATADevState *);
597static bool atapiReadTrackInformationSS(ATADevState *);
598static bool atapiRequestSenseSS(ATADevState *);
599static bool atapiPassthroughSS(ATADevState *);
600static bool atapiReadDVDStructureSS(ATADevState *);
601
602/**
603 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
604 */
605typedef enum ATAFNBT
606{
607 ATAFN_BT_NULL = 0,
608 ATAFN_BT_READ_WRITE_SECTORS,
609 ATAFN_BT_PACKET,
610 ATAFN_BT_ATAPI_CMD,
611 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
612 ATAFN_BT_MAX
613} ATAFNBT;
614
615/**
616 * Array of end transfer functions, the index is ATAFNET.
617 * Make sure ATAFNET and this array match!
618 */
619static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
620{
621 NULL,
622 ataReadWriteSectorsBT,
623 ataPacketBT,
624 atapiCmdBT,
625 atapiPassthroughCmdBT,
626};
627
628/**
629 * Source/sink function indexes for g_apfnSourceSinkFuncs.
630 */
631typedef enum ATAFNSS
632{
633 ATAFN_SS_NULL = 0,
634 ATAFN_SS_IDENTIFY,
635 ATAFN_SS_FLUSH,
636 ATAFN_SS_READ_SECTORS,
637 ATAFN_SS_WRITE_SECTORS,
638 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
639 ATAFN_SS_TRIM,
640 ATAFN_SS_PACKET,
641 ATAFN_SS_ATAPI_GET_CONFIGURATION,
642 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
643 ATAFN_SS_ATAPI_IDENTIFY,
644 ATAFN_SS_ATAPI_INQUIRY,
645 ATAFN_SS_ATAPI_MECHANISM_STATUS,
646 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
647 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
648 ATAFN_SS_ATAPI_READ,
649 ATAFN_SS_ATAPI_READ_CAPACITY,
650 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
651 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
652 ATAFN_SS_ATAPI_READ_TOC_MULTI,
653 ATAFN_SS_ATAPI_READ_TOC_RAW,
654 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
655 ATAFN_SS_ATAPI_REQUEST_SENSE,
656 ATAFN_SS_ATAPI_PASSTHROUGH,
657 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
658 ATAFN_SS_MAX
659} ATAFNSS;
660
661/**
662 * Array of source/sink functions, the index is ATAFNSS.
663 * Make sure ATAFNSS and this array match!
664 */
665static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
666{
667 NULL,
668 ataIdentifySS,
669 ataFlushSS,
670 ataReadSectorsSS,
671 ataWriteSectorsSS,
672 ataExecuteDeviceDiagnosticSS,
673 ataTrimSS,
674 ataPacketSS,
675 atapiGetConfigurationSS,
676 atapiGetEventStatusNotificationSS,
677 atapiIdentifySS,
678 atapiInquirySS,
679 atapiMechanismStatusSS,
680 atapiModeSenseErrorRecoverySS,
681 atapiModeSenseCDStatusSS,
682 atapiReadSS,
683 atapiReadCapacitySS,
684 atapiReadDiscInformationSS,
685 atapiReadTOCNormalSS,
686 atapiReadTOCMultiSS,
687 atapiReadTOCRawSS,
688 atapiReadTrackInformationSS,
689 atapiRequestSenseSS,
690 atapiPassthroughSS,
691 atapiReadDVDStructureSS
692};
693
694
695static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
696static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
697static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
698static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
699
700static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
701{
702 int rc;
703
704 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
705 AssertRC(rc);
706 pCtl->AsyncIOReqHead = 0;
707 pCtl->AsyncIOReqTail = 0;
708 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
709 AssertRC(rc);
710}
711
712
713static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
714{
715 int rc;
716
717 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
718 AssertRC(rc);
719 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
720 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
721 pCtl->AsyncIOReqHead++;
722 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
723 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
724 AssertRC(rc);
725 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
726 if (RT_FAILURE(rc))
727 {
728 rc = RTSemEventSignal(pCtl->AsyncIOSem);
729 AssertRC(rc);
730 }
731}
732
733
734static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
735{
736 int rc;
737 const ATARequest *pReq;
738
739 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
740 AssertRC(rc);
741 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
742 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
743 else
744 pReq = NULL;
745 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
746 AssertRC(rc);
747 return pReq;
748}
749
750
751/**
752 * Remove the request with the given type, as it's finished. The request
753 * is not removed blindly, as this could mean a RESET request that is not
754 * yet processed (but has cleared the request queue) is lost.
755 *
756 * @param pCtl Controller for which to remove the request.
757 * @param ReqType Type of the request to remove.
758 */
759static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
760{
761 int rc;
762
763 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
764 AssertRC(rc);
765 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
766 {
767 pCtl->AsyncIOReqTail++;
768 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
769 }
770 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
771 AssertRC(rc);
772}
773
774
775/**
776 * Dump the request queue for a particular controller. First dump the queue
777 * contents, then the already processed entries, as long as they haven't been
778 * overwritten.
779 *
780 * @param pCtl Controller for which to dump the queue.
781 */
782static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
783{
784 int rc;
785 uint8_t curr;
786
787 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
788 AssertRC(rc);
789 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
790 curr = pCtl->AsyncIOReqTail;
791 do
792 {
793 if (curr == pCtl->AsyncIOReqHead)
794 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
795 switch (pCtl->aAsyncIORequests[curr].ReqType)
796 {
797 case ATA_AIO_NEW:
798 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
799 break;
800 case ATA_AIO_DMA:
801 LogRel(("dma transfer continuation\n"));
802 break;
803 case ATA_AIO_PIO:
804 LogRel(("pio transfer continuation\n"));
805 break;
806 case ATA_AIO_RESET_ASSERTED:
807 LogRel(("reset asserted request\n"));
808 break;
809 case ATA_AIO_RESET_CLEARED:
810 LogRel(("reset cleared request\n"));
811 break;
812 case ATA_AIO_ABORT:
813 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
814 break;
815 default:
816 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
817 }
818 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
819 } while (curr != pCtl->AsyncIOReqTail);
820 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
821 AssertRC(rc);
822}
823
824
825/**
826 * Checks whether the request queue for a particular controller is empty
827 * or whether a particular controller is idle.
828 *
829 * @param pCtl Controller for which to check the queue.
830 * @param fStrict If set then the controller is checked to be idle.
831 */
832static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
833{
834 int rc;
835 bool fIdle;
836
837 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
838 AssertRC(rc);
839 fIdle = pCtl->fRedoIdle;
840 if (!fIdle)
841 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
842 if (fStrict)
843 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
844 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
845 AssertRC(rc);
846 return fIdle;
847}
848
849
850/**
851 * Send a transfer request to the async I/O thread.
852 *
853 * @param s Pointer to the ATA device state data.
854 * @param cbTotalTransfer Data transfer size.
855 * @param uTxDir Data transfer direction.
856 * @param iBeginTransfer Index of BeginTransfer callback.
857 * @param iSourceSink Index of SourceSink callback.
858 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
859 */
860static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
861{
862 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
863 ATARequest Req;
864
865 Assert(PDMCritSectIsOwner(&pCtl->lock));
866
867 /* Do not issue new requests while the RESET line is asserted. */
868 if (pCtl->fReset)
869 {
870 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
871 return;
872 }
873
874 /* If the controller is already doing something else right now, ignore
875 * the command that is being submitted. Some broken guests issue commands
876 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
877 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
878 {
879 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
880 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
881 return;
882 }
883
884 Req.ReqType = ATA_AIO_NEW;
885 if (fChainedTransfer)
886 Req.u.t.iIf = pCtl->iAIOIf;
887 else
888 Req.u.t.iIf = pCtl->iSelectedIf;
889 Req.u.t.cbTotalTransfer = cbTotalTransfer;
890 Req.u.t.uTxDir = uTxDir;
891 Req.u.t.iBeginTransfer = iBeginTransfer;
892 Req.u.t.iSourceSink = iSourceSink;
893 ataSetStatusValue(s, ATA_STAT_BUSY);
894 pCtl->fChainedTransfer = fChainedTransfer;
895
896 /*
897 * Kick the worker thread into action.
898 */
899 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
900 ataAsyncIOPutRequest(pCtl, &Req);
901}
902
903
904/**
905 * Send an abort command request to the async I/O thread.
906 *
907 * @param s Pointer to the ATA device state data.
908 * @param fResetDrive Whether to reset the drive or just abort a command.
909 */
910static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
911{
912 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
913 ATARequest Req;
914
915 Assert(PDMCritSectIsOwner(&pCtl->lock));
916
917 /* Do not issue new requests while the RESET line is asserted. */
918 if (pCtl->fReset)
919 {
920 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
921 return;
922 }
923
924 Req.ReqType = ATA_AIO_ABORT;
925 Req.u.a.iIf = pCtl->iSelectedIf;
926 Req.u.a.fResetDrive = fResetDrive;
927 ataSetStatus(s, ATA_STAT_BUSY);
928 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
929 ataAsyncIOPutRequest(pCtl, &Req);
930}
931
932
933static void ataSetIRQ(ATADevState *s)
934{
935 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
936 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
937
938 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
939 {
940 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
941 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
942 * line is asserted. It monitors the line for a rising edge. */
943 if (!s->fIrqPending)
944 pCtl->BmDma.u8Status |= BM_STATUS_INT;
945 /* Only actually set the IRQ line if updating the currently selected drive. */
946 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
947 {
948 /** @todo experiment with adaptive IRQ delivery: for reads it is
949 * better to wait for IRQ delivery, as it reduces latency. */
950 if (pCtl->irq == 16)
951 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
952 else
953 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
954 }
955 }
956 s->fIrqPending = true;
957}
958
959#endif /* IN_RING3 */
960
961static void ataUnsetIRQ(ATADevState *s)
962{
963 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
964 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
965
966 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
967 {
968 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
969 /* Only actually unset the IRQ line if updating the currently selected drive. */
970 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
971 {
972 if (pCtl->irq == 16)
973 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
974 else
975 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
976 }
977 }
978 s->fIrqPending = false;
979}
980
981#ifdef IN_RING3
982
983static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
984{
985 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
986 s->iIOBufferPIODataStart = start;
987 s->iIOBufferPIODataEnd = start + size;
988 ataSetStatus(s, ATA_STAT_DRQ | ATA_STAT_SEEK);
989 ataUnsetStatus(s, ATA_STAT_BUSY);
990}
991
992
993static void ataPIOTransferStop(ATADevState *s)
994{
995 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
996 if (s->fATAPITransfer)
997 {
998 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
999 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1000 ataSetIRQ(s);
1001 s->fATAPITransfer = false;
1002 }
1003 s->cbTotalTransfer = 0;
1004 s->cbElementaryTransfer = 0;
1005 s->iIOBufferPIODataStart = 0;
1006 s->iIOBufferPIODataEnd = 0;
1007 s->iBeginTransfer = ATAFN_BT_NULL;
1008 s->iSourceSink = ATAFN_SS_NULL;
1009}
1010
1011
1012static void ataPIOTransferLimitATAPI(ATADevState *s)
1013{
1014 uint32_t cbLimit, cbTransfer;
1015
1016 cbLimit = s->cbPIOTransferLimit;
1017 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1018 if (cbLimit == 0)
1019 cbLimit = 0xfffe;
1020 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1021 if (cbLimit == 0xffff)
1022 cbLimit--;
1023 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1024 if (cbTransfer > cbLimit)
1025 {
1026 /* Byte count limit for clipping must be even in this case */
1027 if (cbLimit & 1)
1028 cbLimit--;
1029 cbTransfer = cbLimit;
1030 }
1031 s->uATARegLCyl = cbTransfer;
1032 s->uATARegHCyl = cbTransfer >> 8;
1033 s->cbElementaryTransfer = cbTransfer;
1034}
1035
1036
1037static uint32_t ataGetNSectors(ATADevState *s)
1038{
1039 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1040 if (s->fLBA48)
1041 {
1042 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1043 return 65536;
1044 else
1045 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1046 }
1047 else
1048 {
1049 if (!s->uATARegNSector)
1050 return 256;
1051 else
1052 return s->uATARegNSector;
1053 }
1054}
1055
1056
1057static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1058{
1059 for (uint32_t i = 0; i < cbSize; i++)
1060 {
1061 if (*pbSrc)
1062 pbDst[i ^ 1] = *pbSrc++;
1063 else
1064 pbDst[i ^ 1] = ' ';
1065 }
1066}
1067
1068
1069static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1070{
1071 for (uint32_t i = 0; i < cbSize; i++)
1072 {
1073 if (*pbSrc)
1074 pbDst[i] = *pbSrc++;
1075 else
1076 pbDst[i] = ' ';
1077 }
1078}
1079
1080
1081DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1082{
1083 pbBuf[0] = val >> 8;
1084 pbBuf[1] = val;
1085}
1086
1087
1088DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1089{
1090 pbBuf[0] = val >> 16;
1091 pbBuf[1] = val >> 8;
1092 pbBuf[2] = val;
1093}
1094
1095
1096DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1097{
1098 pbBuf[0] = val >> 24;
1099 pbBuf[1] = val >> 16;
1100 pbBuf[2] = val >> 8;
1101 pbBuf[3] = val;
1102}
1103
1104
1105DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 8) | pbBuf[1];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1114}
1115
1116
1117DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1118{
1119 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1120}
1121
1122
1123DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1124{
1125 iATAPILBA += 150;
1126 pbBuf[0] = (iATAPILBA / 75) / 60;
1127 pbBuf[1] = (iATAPILBA / 75) % 60;
1128 pbBuf[2] = iATAPILBA % 75;
1129}
1130
1131
1132DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1133{
1134 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1135}
1136
1137/**
1138 * Compares two MSF values.
1139 *
1140 * @returns 1 if the first value is greater than the second value.
1141 * 0 if both are equal
1142 * -1 if the first value is smaller than the second value.
1143 */
1144DECLINLINE(int) atapiCmpMSF(const uint8_t *pbMSF1, const uint8_t *pbMSF2)
1145{
1146 int iRes = 0;
1147
1148 for (unsigned i = 0; i < 3; i++)
1149 {
1150 if (pbMSF1[i] < pbMSF2[i])
1151 {
1152 iRes = -1;
1153 break;
1154 }
1155 else if (pbMSF1[i] > pbMSF2[i])
1156 {
1157 iRes = 1;
1158 break;
1159 }
1160 }
1161
1162 return iRes;
1163}
1164
1165static void ataCmdOK(ATADevState *s, uint8_t status)
1166{
1167 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1168 ataSetStatusValue(s, ATA_STAT_READY | status);
1169}
1170
1171
1172static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1173{
1174 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1175 Assert(uErrorCode);
1176 s->uATARegError = uErrorCode;
1177 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1178 s->cbTotalTransfer = 0;
1179 s->cbElementaryTransfer = 0;
1180 s->iIOBufferCur = 0;
1181 s->iIOBufferEnd = 0;
1182 s->uTxDir = PDMBLOCKTXDIR_NONE;
1183 s->iBeginTransfer = ATAFN_BT_NULL;
1184 s->iSourceSink = ATAFN_SS_NULL;
1185}
1186
1187static uint32_t ataChecksum(void* ptr, size_t count)
1188{
1189 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1190 size_t i;
1191
1192 for (i = 0; i < count; i++)
1193 {
1194 u8Sum += *p++;
1195 }
1196
1197 return (uint8_t)-(int32_t)u8Sum;
1198}
1199
1200static bool ataIdentifySS(ATADevState *s)
1201{
1202 uint16_t *p;
1203
1204 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1205 Assert(s->cbElementaryTransfer == 512);
1206
1207 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1208 memset(p, 0, 512);
1209 p[0] = RT_H2LE_U16(0x0040);
1210 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1211 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1212 /* Block size; obsolete, but required for the BIOS. */
1213 p[5] = RT_H2LE_U16(512);
1214 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1215 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1216 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1217 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1218 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1219 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1220 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1221#if ATA_MAX_MULT_SECTORS > 1
1222 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1223#endif
1224 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1225 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1226 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1227 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1228 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1229 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1230 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1231 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1232 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1233 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1234 * s->PCHSGeometry.cHeads
1235 * s->PCHSGeometry.cSectors);
1236 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1237 * s->PCHSGeometry.cHeads
1238 * s->PCHSGeometry.cSectors >> 16);
1239 if (s->cMultSectors)
1240 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1241 if (s->cTotalSectors <= (1 << 28) - 1)
1242 {
1243 p[60] = RT_H2LE_U16(s->cTotalSectors);
1244 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1245 }
1246 else
1247 {
1248 /* Report maximum number of sectors possible with LBA28 */
1249 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1250 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1251 }
1252 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1253 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1254 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1255 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1256 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1257 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1258 if ( s->pDrvBlock->pfnDiscard
1259 || s->cbSector != 512
1260 || s->fNonRotational)
1261 {
1262 p[80] = RT_H2LE_U16(0x1f0); /* support everything up to ATA/ATAPI-8 ACS */
1263 p[81] = RT_H2LE_U16(0x28); /* conforms to ATA/ATAPI-8 ACS */
1264 }
1265 else
1266 {
1267 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1268 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1269 }
1270 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1271 if (s->cTotalSectors <= (1 << 28) - 1)
1272 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1273 else
1274 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1275 p[84] = RT_H2LE_U16(1 << 14);
1276 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1277 if (s->cTotalSectors <= (1 << 28) - 1)
1278 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1279 else
1280 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1281 p[87] = RT_H2LE_U16(1 << 14);
1282 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1283 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1284 if (s->cTotalSectors > (1 << 28) - 1)
1285 {
1286 p[100] = RT_H2LE_U16(s->cTotalSectors);
1287 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1288 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1289 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1290 }
1291
1292 if (s->cbSector != 512)
1293 {
1294 /* Enable reporting of logical sector size. */
1295 p[106] |= RT_H2LE_U16(RT_BIT(12));
1296 p[117] = RT_H2LE_U16(s->cbSector);
1297 p[118] = RT_H2LE_U16(s->cbSector >> 16);
1298 }
1299
1300 if (s->pDrvBlock->pfnDiscard) /** @todo: Set bit 14 in word 69 too? (Deterministic read after TRIM). */
1301 p[169] = RT_H2LE_U16(1); /* DATA SET MANAGEMENT command supported. */
1302 if (s->fNonRotational)
1303 p[217] = RT_H2LE_U16(1); /* Non-rotational medium */
1304 uint32_t uCsum = ataChecksum(p, 510);
1305 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1306 s->iSourceSink = ATAFN_SS_NULL;
1307 ataCmdOK(s, ATA_STAT_SEEK);
1308 return false;
1309}
1310
1311
1312static bool ataFlushSS(ATADevState *s)
1313{
1314 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1315 int rc;
1316
1317 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1318 Assert(!s->cbElementaryTransfer);
1319
1320 PDMCritSectLeave(&pCtl->lock);
1321
1322 STAM_PROFILE_START(&s->StatFlushes, f);
1323 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1324 AssertRC(rc);
1325 STAM_PROFILE_STOP(&s->StatFlushes, f);
1326
1327 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1328 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1329 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1330 ataCmdOK(s, 0);
1331 return false;
1332}
1333
1334static bool atapiIdentifySS(ATADevState *s)
1335{
1336 uint16_t *p;
1337
1338 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1339 Assert(s->cbElementaryTransfer == 512);
1340
1341 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1342 memset(p, 0, 512);
1343 /* Removable CDROM, 3ms response, 12 byte packets */
1344 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 0 << 5 | 0 << 0);
1345 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1346 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1347 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1348 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1349 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1350 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1351 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1352 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1353 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1354 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1355 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1356 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1357 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1358 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1359 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1360 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1361 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1362 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1363 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1364 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1365 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1366 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1367 p[83] = RT_H2LE_U16(1 << 14);
1368 p[84] = RT_H2LE_U16(1 << 14);
1369 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1370 p[86] = RT_H2LE_U16(0);
1371 p[87] = RT_H2LE_U16(1 << 14);
1372 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1373 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1374 /* According to ATAPI-5 spec:
1375 *
1376 * The use of this word is optional.
1377 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1378 * contain the data
1379 * structure checksum.
1380 * The data structure checksum is the twos complement of the sum of
1381 * all bytes in words 0 through 254 and the byte consisting of
1382 * bits 7:0 in word 255.
1383 * Each byte shall be added with unsigned arithmetic,
1384 * and overflow shall be ignored.
1385 * The sum of all 512 bytes is zero when the checksum is correct.
1386 */
1387 uint32_t uCsum = ataChecksum(p, 510);
1388 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1389
1390 s->iSourceSink = ATAFN_SS_NULL;
1391 ataCmdOK(s, ATA_STAT_SEEK);
1392 return false;
1393}
1394
1395
1396static void ataSetSignature(ATADevState *s)
1397{
1398 s->uATARegSelect &= 0xf0; /* clear head */
1399 /* put signature */
1400 s->uATARegNSector = 1;
1401 s->uATARegSector = 1;
1402 if (s->fATAPI)
1403 {
1404 s->uATARegLCyl = 0x14;
1405 s->uATARegHCyl = 0xeb;
1406 }
1407 else if (s->pDrvBlock)
1408 {
1409 s->uATARegLCyl = 0;
1410 s->uATARegHCyl = 0;
1411 }
1412 else
1413 {
1414 s->uATARegLCyl = 0xff;
1415 s->uATARegHCyl = 0xff;
1416 }
1417}
1418
1419
1420static uint64_t ataGetSector(ATADevState *s)
1421{
1422 uint64_t iLBA;
1423 if (s->uATARegSelect & 0x40)
1424 {
1425 /* any LBA variant */
1426 if (s->fLBA48)
1427 {
1428 /* LBA48 */
1429 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1430 ((uint64_t)s->uATARegLCylHOB << 32) |
1431 ((uint64_t)s->uATARegSectorHOB << 24) |
1432 ((uint64_t)s->uATARegHCyl << 16) |
1433 ((uint64_t)s->uATARegLCyl << 8) |
1434 s->uATARegSector;
1435 }
1436 else
1437 {
1438 /* LBA */
1439 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1440 (s->uATARegLCyl << 8) | s->uATARegSector;
1441 }
1442 }
1443 else
1444 {
1445 /* CHS */
1446 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1447 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1448 (s->uATARegSector - 1);
1449 }
1450 return iLBA;
1451}
1452
1453static void ataSetSector(ATADevState *s, uint64_t iLBA)
1454{
1455 uint32_t cyl, r;
1456 if (s->uATARegSelect & 0x40)
1457 {
1458 /* any LBA variant */
1459 if (s->fLBA48)
1460 {
1461 /* LBA48 */
1462 s->uATARegHCylHOB = iLBA >> 40;
1463 s->uATARegLCylHOB = iLBA >> 32;
1464 s->uATARegSectorHOB = iLBA >> 24;
1465 s->uATARegHCyl = iLBA >> 16;
1466 s->uATARegLCyl = iLBA >> 8;
1467 s->uATARegSector = iLBA;
1468 }
1469 else
1470 {
1471 /* LBA */
1472 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1473 s->uATARegHCyl = (iLBA >> 16);
1474 s->uATARegLCyl = (iLBA >> 8);
1475 s->uATARegSector = (iLBA);
1476 }
1477 }
1478 else
1479 {
1480 /* CHS */
1481 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1482 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1483 s->uATARegHCyl = cyl >> 8;
1484 s->uATARegLCyl = cyl;
1485 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1486 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1487 }
1488}
1489
1490
1491static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1492{
1493 int rc;
1494 LogRel(("PIIX3 ATA: Host disk full\n"));
1495 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1496 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1497 AssertRC(rc);
1498}
1499
1500static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1501{
1502 int rc;
1503 LogRel(("PIIX3 ATA: File too big\n"));
1504 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1505 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1506 AssertRC(rc);
1507}
1508
1509static void ataWarningISCSI(PPDMDEVINS pDevIns)
1510{
1511 int rc;
1512 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1513 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1514 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1515 AssertRC(rc);
1516}
1517
1518static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1519{
1520 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1521 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1522 if (rc == VERR_DISK_FULL)
1523 {
1524 pCtl->fRedoIdle = true;
1525 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1526 return true;
1527 }
1528 if (rc == VERR_FILE_TOO_BIG)
1529 {
1530 pCtl->fRedoIdle = true;
1531 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1532 return true;
1533 }
1534 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1535 {
1536 pCtl->fRedoIdle = true;
1537 /* iSCSI connection abort (first error) or failure to reestablish
1538 * connection (second error). Pause VM. On resume we'll retry. */
1539 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1540 return true;
1541 }
1542 return false;
1543}
1544
1545
1546static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1547 uint32_t cSectors, bool *pfRedo)
1548{
1549 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1550 int rc;
1551
1552 PDMCritSectLeave(&pCtl->lock);
1553
1554 STAM_PROFILE_ADV_START(&s->StatReads, r);
1555 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1556 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1557 s->Led.Actual.s.fReading = 0;
1558 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1559 Log4(("ataReadSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1560 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1561
1562 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * s->cbSector);
1563
1564 if (RT_SUCCESS(rc))
1565 *pfRedo = false;
1566 else
1567 *pfRedo = ataIsRedoSetWarning(s, rc);
1568
1569 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1570 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1571 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1572 return rc;
1573}
1574
1575
1576static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1577 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1578{
1579 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1580 int rc;
1581
1582 PDMCritSectLeave(&pCtl->lock);
1583
1584 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1585 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1586#ifdef VBOX_INSTRUMENT_DMA_WRITES
1587 if (s->fDMA)
1588 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1589#endif
1590 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * s->cbSector, pvBuf, cSectors * s->cbSector);
1591#ifdef VBOX_INSTRUMENT_DMA_WRITES
1592 if (s->fDMA)
1593 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1594#endif
1595 s->Led.Actual.s.fWriting = 0;
1596 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1597 Log4(("ataWriteSectors: rc=%Rrc cSectors=%#x u64Sector=%llu\n%.*Rhxd\n",
1598 rc, cSectors, u64Sector, cSectors * s->cbSector, pvBuf));
1599
1600 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * s->cbSector);
1601
1602 if (RT_SUCCESS(rc))
1603 *pfRedo = false;
1604 else
1605 *pfRedo = ataIsRedoSetWarning(s, rc);
1606
1607 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1608 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1609 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1610 return rc;
1611}
1612
1613
1614static void ataReadWriteSectorsBT(ATADevState *s)
1615{
1616 uint32_t cSectors;
1617
1618 cSectors = s->cbTotalTransfer / s->cbSector;
1619 if (cSectors > s->cSectorsPerIRQ)
1620 s->cbElementaryTransfer = s->cSectorsPerIRQ * s->cbSector;
1621 else
1622 s->cbElementaryTransfer = cSectors * s->cbSector;
1623 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1624 ataCmdOK(s, 0);
1625}
1626
1627
1628static bool ataReadSectorsSS(ATADevState *s)
1629{
1630 int rc;
1631 uint32_t cSectors;
1632 uint64_t iLBA;
1633 bool fRedo;
1634
1635 cSectors = s->cbElementaryTransfer / 512;
1636 Assert(cSectors);
1637 iLBA = ataGetSector(s);
1638 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1639 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1640 if (RT_SUCCESS(rc))
1641 {
1642 ataSetSector(s, iLBA + cSectors);
1643 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1644 s->iSourceSink = ATAFN_SS_NULL;
1645 ataCmdOK(s, ATA_STAT_SEEK);
1646 }
1647 else
1648 {
1649 if (fRedo)
1650 return fRedo;
1651 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1652 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1653 s->iLUN, rc, iLBA, cSectors));
1654
1655 /*
1656 * Check if we got interrupted. We don't need to set status variables
1657 * because the request was aborted.
1658 */
1659 if (rc != VERR_INTERRUPTED)
1660 ataCmdError(s, ID_ERR);
1661 }
1662 return false;
1663}
1664
1665
1666static bool ataWriteSectorsSS(ATADevState *s)
1667{
1668 int rc;
1669 uint32_t cSectors;
1670 uint64_t iLBA;
1671 bool fRedo;
1672
1673 cSectors = s->cbElementaryTransfer / 512;
1674 Assert(cSectors);
1675 iLBA = ataGetSector(s);
1676 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1677 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1678 if (RT_SUCCESS(rc))
1679 {
1680 ataSetSector(s, iLBA + cSectors);
1681 if (!s->cbTotalTransfer)
1682 s->iSourceSink = ATAFN_SS_NULL;
1683 ataCmdOK(s, ATA_STAT_SEEK);
1684 }
1685 else
1686 {
1687 if (fRedo)
1688 return fRedo;
1689 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1690 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1691 s->iLUN, rc, iLBA, cSectors));
1692
1693 /*
1694 * Check if we got interrupted. We don't need to set status variables
1695 * because the request was aborted.
1696 */
1697 if (rc != VERR_INTERRUPTED)
1698 ataCmdError(s, ID_ERR);
1699 }
1700 return false;
1701}
1702
1703
1704static void atapiCmdOK(ATADevState *s)
1705{
1706 s->uATARegError = 0;
1707 ataSetStatusValue(s, ATA_STAT_READY);
1708 s->uATARegNSector = (s->uATARegNSector & ~7)
1709 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1710 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1711 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1712
1713 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1714 s->abATAPISense[0] = 0x70 | (1 << 7);
1715 s->abATAPISense[7] = 10;
1716}
1717
1718
1719static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1720{
1721 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1722 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1723 s->uATARegError = pabATAPISense[2] << 4;
1724 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1725 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1726 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1727 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1728 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1729 s->cbTotalTransfer = 0;
1730 s->cbElementaryTransfer = 0;
1731 s->iIOBufferCur = 0;
1732 s->iIOBufferEnd = 0;
1733 s->uTxDir = PDMBLOCKTXDIR_NONE;
1734 s->iBeginTransfer = ATAFN_BT_NULL;
1735 s->iSourceSink = ATAFN_SS_NULL;
1736}
1737
1738
1739/** @todo deprecated function - doesn't provide enough info. Replace by direct
1740 * calls to atapiCmdError() with full data. */
1741static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1742{
1743 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1744 memset(abATAPISense, '\0', sizeof(abATAPISense));
1745 abATAPISense[0] = 0x70 | (1 << 7);
1746 abATAPISense[2] = uATAPISenseKey & 0x0f;
1747 abATAPISense[7] = 10;
1748 abATAPISense[12] = uATAPIASC;
1749 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1750}
1751
1752
1753static void atapiCmdBT(ATADevState *s)
1754{
1755 s->fATAPITransfer = true;
1756 s->cbElementaryTransfer = s->cbTotalTransfer;
1757 s->cbPIOTransferLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1758 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1759 atapiCmdOK(s);
1760}
1761
1762
1763static void atapiPassthroughCmdBT(ATADevState *s)
1764{
1765 /* @todo implement an algorithm for correctly determining the read and
1766 * write sector size without sending additional commands to the drive.
1767 * This should be doable by saving processing the configuration requests
1768 * and replies. */
1769#if 0
1770 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1771 {
1772 uint8_t cmd = s->aATAPICmd[0];
1773 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1774 {
1775 uint8_t aModeSenseCmd[10];
1776 uint8_t aModeSenseResult[16];
1777 uint8_t uDummySense;
1778 uint32_t cbTransfer;
1779 int rc;
1780
1781 cbTransfer = sizeof(aModeSenseResult);
1782 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1783 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1784 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1785 aModeSenseCmd[3] = 0; /* subpage code */
1786 aModeSenseCmd[4] = 0; /* reserved */
1787 aModeSenseCmd[5] = 0; /* reserved */
1788 aModeSenseCmd[6] = 0; /* reserved */
1789 aModeSenseCmd[7] = cbTransfer >> 8;
1790 aModeSenseCmd[8] = cbTransfer & 0xff;
1791 aModeSenseCmd[9] = 0; /* control */
1792 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1793 if (RT_FAILURE(rc))
1794 {
1795 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1796 return;
1797 }
1798 /* Select sector size based on the current data block type. */
1799 switch (aModeSenseResult[12] & 0x0f)
1800 {
1801 case 0:
1802 s->cbATAPISector = 2352;
1803 break;
1804 case 1:
1805 s->cbATAPISector = 2368;
1806 break;
1807 case 2:
1808 case 3:
1809 s->cbATAPISector = 2448;
1810 break;
1811 case 8:
1812 case 10:
1813 s->cbATAPISector = 2048;
1814 break;
1815 case 9:
1816 s->cbATAPISector = 2336;
1817 break;
1818 case 11:
1819 s->cbATAPISector = 2056;
1820 break;
1821 case 12:
1822 s->cbATAPISector = 2324;
1823 break;
1824 case 13:
1825 s->cbATAPISector = 2332;
1826 break;
1827 default:
1828 s->cbATAPISector = 0;
1829 }
1830 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1831 s->cbTotalTransfer *= s->cbATAPISector;
1832 if (s->cbTotalTransfer == 0)
1833 s->uTxDir = PDMBLOCKTXDIR_NONE;
1834 }
1835 }
1836#endif
1837 atapiCmdBT(s);
1838}
1839
1840
1841static bool atapiReadSS(ATADevState *s)
1842{
1843 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1844 int rc = VINF_SUCCESS;
1845 uint32_t cbTransfer, cSectors;
1846
1847 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1848 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1849 cSectors = cbTransfer / s->cbATAPISector;
1850 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1851 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1852
1853 PDMCritSectLeave(&pCtl->lock);
1854
1855 STAM_PROFILE_ADV_START(&s->StatReads, r);
1856 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1857 switch (s->cbATAPISector)
1858 {
1859 case 2048:
1860 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1861 break;
1862 case 2352:
1863 {
1864 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1865
1866 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1867 {
1868 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1869 *pbBuf++ = 0x00;
1870 memset(pbBuf, 0xff, 10);
1871 pbBuf += 10;
1872 *pbBuf++ = 0x00;
1873 /* MSF */
1874 ataLBA2MSF(pbBuf, i);
1875 pbBuf += 3;
1876 *pbBuf++ = 0x01; /* mode 1 data */
1877 /* data */
1878 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1879 if (RT_FAILURE(rc))
1880 break;
1881 pbBuf += 2048;
1882 /**
1883 * @todo: maybe compute ECC and parity, layout is:
1884 * 2072 4 EDC
1885 * 2076 172 P parity symbols
1886 * 2248 104 Q parity symbols
1887 */
1888 memset(pbBuf, 0, 280);
1889 pbBuf += 280;
1890 }
1891 }
1892 break;
1893 default:
1894 break;
1895 }
1896 s->Led.Actual.s.fReading = 0;
1897 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1898
1899 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1900 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1901 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1902
1903 if (RT_SUCCESS(rc))
1904 {
1905 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1906
1907 /* The initial buffer end value has been set up based on the total
1908 * transfer size. But the I/O buffer size limits what can actually be
1909 * done in one transfer, so set the actual value of the buffer end. */
1910 s->cbElementaryTransfer = cbTransfer;
1911 if (cbTransfer >= s->cbTotalTransfer)
1912 s->iSourceSink = ATAFN_SS_NULL;
1913 atapiCmdOK(s);
1914 s->iATAPILBA += cSectors;
1915 }
1916 else
1917 {
1918 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1919 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1920
1921 /*
1922 * Check if we got interrupted. We don't need to set status variables
1923 * because the request was aborted.
1924 */
1925 if (rc != VERR_INTERRUPTED)
1926 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1927 }
1928 return false;
1929}
1930
1931/**
1932 * Sets the given media track type.
1933 */
1934static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1935{
1936 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1937}
1938
1939static bool atapiPassthroughSS(ATADevState *s)
1940{
1941 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1942 int rc = VINF_SUCCESS;
1943 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1944 uint32_t cbTransfer;
1945 PSTAMPROFILEADV pProf = NULL;
1946
1947 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1948
1949 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1950 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1951
1952 /* Simple heuristics: if there is at least one sector of data
1953 * to transfer, it's worth updating the LEDs. */
1954 if (cbTransfer >= 2048)
1955 {
1956 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1957 {
1958 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1959 pProf = &s->StatReads;
1960 }
1961 else
1962 {
1963 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1964 pProf = &s->StatWrites;
1965 }
1966 }
1967
1968 PDMCritSectLeave(&pCtl->lock);
1969
1970#if defined(LOG_ENABLED)
1971 char szBuf[1024];
1972
1973 memset(szBuf, 0, sizeof(szBuf));
1974
1975 switch (s->aATAPICmd[0])
1976 {
1977 case SCSI_MODE_SELECT_10:
1978 {
1979 size_t cbBlkDescLength = ataBE2H_U16(&s->CTX_SUFF(pbIOBuffer)[6]);
1980
1981 SCSILogModePage(szBuf, sizeof(szBuf) - 1,
1982 s->CTX_SUFF(pbIOBuffer) + 8 + cbBlkDescLength,
1983 cbTransfer - 8 - cbBlkDescLength);
1984 break;
1985 }
1986 case SCSI_SEND_CUE_SHEET:
1987 {
1988 SCSILogCueSheet(szBuf, sizeof(szBuf) - 1,
1989 s->CTX_SUFF(pbIOBuffer), cbTransfer);
1990 break;
1991 }
1992 default:
1993 break;
1994 }
1995
1996 Log2(("%s\n", szBuf));
1997#endif
1998
1999 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
2000 if ( cbTransfer > SCSI_MAX_BUFFER_SIZE
2001 || s->cbElementaryTransfer > s->cbIOBuffer)
2002 {
2003 /* Linux accepts commands with up to 100KB of data, but expects
2004 * us to handle commands with up to 128KB of data. The usual
2005 * imbalance of powers. */
2006 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
2007 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
2008 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2009 uint32_t cSectorsMax; /**< Maximum amount of sectors to read without exceeding the I/O buffer. */
2010
2011 Assert(s->cbATAPISector);
2012 cSectorsMax = cbTransfer / s->cbATAPISector;
2013 Assert(cSectorsMax * s->cbATAPISector <= s->cbIOBuffer);
2014
2015 switch (s->aATAPICmd[0])
2016 {
2017 case SCSI_READ_10:
2018 case SCSI_WRITE_10:
2019 case SCSI_WRITE_AND_VERIFY_10:
2020 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2021 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
2022 break;
2023 case SCSI_READ_12:
2024 case SCSI_WRITE_12:
2025 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2026 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
2027 break;
2028 case SCSI_READ_CD:
2029 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
2030 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
2031 break;
2032 case SCSI_READ_CD_MSF:
2033 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
2034 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
2035 break;
2036 default:
2037 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2038 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2039 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2040 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2041 {
2042 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2043 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2044 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2045 }
2046 return false;
2047 }
2048 cSectorsMax = RT_MIN(cSectorsMax, cSectors);
2049 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
2050 cReqSectors = 0;
2051 for (uint32_t i = cSectorsMax; i > 0; i -= cReqSectors)
2052 {
2053 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
2054 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
2055 else
2056 cReqSectors = i;
2057 cbCurrTX = s->cbATAPISector * cReqSectors;
2058 switch (s->aATAPICmd[0])
2059 {
2060 case SCSI_READ_10:
2061 case SCSI_WRITE_10:
2062 case SCSI_WRITE_AND_VERIFY_10:
2063 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2064 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
2065 break;
2066 case SCSI_READ_12:
2067 case SCSI_WRITE_12:
2068 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2069 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
2070 break;
2071 case SCSI_READ_CD:
2072 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
2073 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
2074 break;
2075 case SCSI_READ_CD_MSF:
2076 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
2077 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
2078 break;
2079 }
2080 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2081 if (rc != VINF_SUCCESS)
2082 break;
2083 iATAPILBA += cReqSectors;
2084 pbBuf += s->cbATAPISector * cReqSectors;
2085 }
2086
2087 if (RT_SUCCESS(rc))
2088 {
2089 /* Adjust ATAPI command for the next call. */
2090 switch (s->aATAPICmd[0])
2091 {
2092 case SCSI_READ_10:
2093 case SCSI_WRITE_10:
2094 case SCSI_WRITE_AND_VERIFY_10:
2095 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2096 ataH2BE_U16(s->aATAPICmd + 7, cSectors - cSectorsMax);
2097 break;
2098 case SCSI_READ_12:
2099 case SCSI_WRITE_12:
2100 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2101 ataH2BE_U32(s->aATAPICmd + 6, cSectors - cSectorsMax);
2102 break;
2103 case SCSI_READ_CD:
2104 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
2105 ataH2BE_U24(s->aATAPICmd + 6, cSectors - cSectorsMax);
2106 break;
2107 case SCSI_READ_CD_MSF:
2108 ataLBA2MSF(s->aATAPICmd + 3, iATAPILBA);
2109 ataLBA2MSF(s->aATAPICmd + 6, iATAPILBA + cSectors - cSectorsMax);
2110 break;
2111 default:
2112 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
2113 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
2114 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
2115 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
2116 return false;
2117 }
2118 }
2119 }
2120 else
2121 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
2122 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2123
2124 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2125 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2126 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2127
2128 /* Update the LEDs and the read/write statistics. */
2129 if (cbTransfer >= 2048)
2130 {
2131 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2132 {
2133 s->Led.Actual.s.fReading = 0;
2134 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2135 }
2136 else
2137 {
2138 s->Led.Actual.s.fWriting = 0;
2139 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2140 }
2141 }
2142
2143 if (RT_SUCCESS(rc))
2144 {
2145 /* Do post processing for certain commands. */
2146 switch (s->aATAPICmd[0])
2147 {
2148 case SCSI_SEND_CUE_SHEET:
2149 case SCSI_READ_TOC_PMA_ATIP:
2150 {
2151 if (!s->pTrackList)
2152 rc = ATAPIPassthroughTrackListCreateEmpty(&s->pTrackList);
2153
2154 if (RT_SUCCESS(rc))
2155 rc = ATAPIPassthroughTrackListUpdate(s->pTrackList, s->aATAPICmd, s->CTX_SUFF(pbIOBuffer));
2156
2157 if ( RT_FAILURE(rc)
2158 && s->cErrors++ < MAX_LOG_REL_ERRORS)
2159 LogRel(("ATA: Error (%Rrc) while updating the tracklist during %s, burning the disc might fail\n",
2160 rc, s->aATAPICmd[0] == SCSI_SEND_CUE_SHEET ? "SEND CUE SHEET" : "READ TOC/PMA/ATIP"));
2161 break;
2162 }
2163 case SCSI_SYNCHRONIZE_CACHE:
2164 {
2165 ATAPIPassthroughTrackListClear(s->pTrackList);
2166 break;
2167 }
2168 }
2169
2170 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2171 {
2172 Assert(cbTransfer <= s->cbTotalTransfer);
2173 /*
2174 * Reply with the same amount of data as the real drive
2175 * but only if the command wasn't split.
2176 */
2177#if 0 //@todo: This destroys commands where cbTotalTransfer > cbIOBuffer
2178 if (s->cbElementaryTransfer < s->cbIOBuffer)
2179 s->cbTotalTransfer = cbTransfer;
2180#endif
2181
2182 if ( s->aATAPICmd[0] == SCSI_INQUIRY
2183 && s->fOverwriteInquiry)
2184 {
2185 /* Make sure that the real drive cannot be identified.
2186 * Motivation: changing the VM configuration should be as
2187 * invisible as possible to the guest. */
2188 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2189 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2190 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2191 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2192 }
2193
2194 if (cbTransfer)
2195 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2196 }
2197
2198 /* The initial buffer end value has been set up based on the total
2199 * transfer size. But the I/O buffer size limits what can actually be
2200 * done in one transfer, so set the actual value of the buffer end. */
2201 s->cbElementaryTransfer = cbTransfer;
2202 if (cbTransfer >= s->cbTotalTransfer)
2203 {
2204 s->iSourceSink = ATAFN_SS_NULL;
2205 atapiCmdOK(s);
2206 }
2207 }
2208 else
2209 {
2210 if (s->cErrors < MAX_LOG_REL_ERRORS)
2211 {
2212 uint8_t u8Cmd = s->aATAPICmd[0];
2213 do
2214 {
2215 /* don't log superfluous errors */
2216 if ( rc == VERR_DEV_IO_ERROR
2217 && ( u8Cmd == SCSI_TEST_UNIT_READY
2218 || u8Cmd == SCSI_READ_CAPACITY
2219 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2220 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2221 break;
2222 s->cErrors++;
2223 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2224 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2225 } while (0);
2226 }
2227 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2228 }
2229 return false;
2230}
2231
2232/** @todo: Revise ASAP. */
2233static bool atapiReadDVDStructureSS(ATADevState *s)
2234{
2235 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2236 int media = s->aATAPICmd[1];
2237 int format = s->aATAPICmd[7];
2238
2239 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2240
2241 memset(buf, 0, max_len);
2242
2243 switch (format) {
2244 case 0x00:
2245 case 0x01:
2246 case 0x02:
2247 case 0x03:
2248 case 0x04:
2249 case 0x05:
2250 case 0x06:
2251 case 0x07:
2252 case 0x08:
2253 case 0x09:
2254 case 0x0a:
2255 case 0x0b:
2256 case 0x0c:
2257 case 0x0d:
2258 case 0x0e:
2259 case 0x0f:
2260 case 0x10:
2261 case 0x11:
2262 case 0x30:
2263 case 0x31:
2264 case 0xff:
2265 if (media == 0)
2266 {
2267 int uASC = SCSI_ASC_NONE;
2268
2269 switch (format)
2270 {
2271 case 0x0: /* Physical format information */
2272 {
2273 int layer = s->aATAPICmd[6];
2274 uint64_t total_sectors;
2275
2276 if (layer != 0)
2277 {
2278 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2279 break;
2280 }
2281
2282 total_sectors = s->cTotalSectors;
2283 total_sectors >>= 2;
2284 if (total_sectors == 0)
2285 {
2286 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2287 break;
2288 }
2289
2290 buf[4] = 1; /* DVD-ROM, part version 1 */
2291 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2292 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2293 buf[7] = 0; /* default densities */
2294
2295 /* FIXME: 0x30000 per spec? */
2296 ataH2BE_U32(buf + 8, 0); /* start sector */
2297 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2298 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2299
2300 /* Size of buffer, not including 2 byte size field */
2301 ataH2BE_U32(&buf[0], 2048 + 2);
2302
2303 /* 2k data + 4 byte header */
2304 uASC = (2048 + 4);
2305 }
2306 break;
2307 case 0x01: /* DVD copyright information */
2308 buf[4] = 0; /* no copyright data */
2309 buf[5] = 0; /* no region restrictions */
2310
2311 /* Size of buffer, not including 2 byte size field */
2312 ataH2BE_U16(buf, 4 + 2);
2313
2314 /* 4 byte header + 4 byte data */
2315 uASC = (4 + 4);
2316
2317 case 0x03: /* BCA information - invalid field for no BCA info */
2318 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2319 break;
2320
2321 case 0x04: /* DVD disc manufacturing information */
2322 /* Size of buffer, not including 2 byte size field */
2323 ataH2BE_U16(buf, 2048 + 2);
2324
2325 /* 2k data + 4 byte header */
2326 uASC = (2048 + 4);
2327 break;
2328 case 0xff:
2329 /*
2330 * This lists all the command capabilities above. Add new ones
2331 * in order and update the length and buffer return values.
2332 */
2333
2334 buf[4] = 0x00; /* Physical format */
2335 buf[5] = 0x40; /* Not writable, is readable */
2336 ataH2BE_U16((buf + 6), 2048 + 4);
2337
2338 buf[8] = 0x01; /* Copyright info */
2339 buf[9] = 0x40; /* Not writable, is readable */
2340 ataH2BE_U16((buf + 10), 4 + 4);
2341
2342 buf[12] = 0x03; /* BCA info */
2343 buf[13] = 0x40; /* Not writable, is readable */
2344 ataH2BE_U16((buf + 14), 188 + 4);
2345
2346 buf[16] = 0x04; /* Manufacturing info */
2347 buf[17] = 0x40; /* Not writable, is readable */
2348 ataH2BE_U16((buf + 18), 2048 + 4);
2349
2350 /* Size of buffer, not including 2 byte size field */
2351 ataH2BE_U16(buf, 16 + 2);
2352
2353 /* data written + 4 byte header */
2354 uASC = (16 + 4);
2355 break;
2356 default: /* TODO: formats beyond DVD-ROM requires */
2357 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2358 }
2359
2360 if (uASC < 0)
2361 {
2362 s->iSourceSink = ATAFN_SS_NULL;
2363 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2364 return false;
2365 }
2366 break;
2367 }
2368 /* TODO: BD support, fall through for now */
2369
2370 /* Generic disk structures */
2371 case 0x80: /* TODO: AACS volume identifier */
2372 case 0x81: /* TODO: AACS media serial number */
2373 case 0x82: /* TODO: AACS media identifier */
2374 case 0x83: /* TODO: AACS media key block */
2375 case 0x90: /* TODO: List of recognized format layers */
2376 case 0xc0: /* TODO: Write protection status */
2377 default:
2378 s->iSourceSink = ATAFN_SS_NULL;
2379 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2380 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2381 return false;
2382 }
2383
2384 s->iSourceSink = ATAFN_SS_NULL;
2385 atapiCmdOK(s);
2386 return false;
2387}
2388
2389static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2390{
2391 Assert(cSectors > 0);
2392 s->iATAPILBA = iATAPILBA;
2393 s->cbATAPISector = cbSector;
2394 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2395 return false;
2396}
2397
2398
2399static bool atapiReadCapacitySS(ATADevState *s)
2400{
2401 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2402
2403 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2404 Assert(s->cbElementaryTransfer <= 8);
2405 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2406 ataH2BE_U32(pbBuf + 4, 2048);
2407 s->iSourceSink = ATAFN_SS_NULL;
2408 atapiCmdOK(s);
2409 return false;
2410}
2411
2412
2413static bool atapiReadDiscInformationSS(ATADevState *s)
2414{
2415 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2416
2417 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2418 Assert(s->cbElementaryTransfer <= 34);
2419 memset(pbBuf, '\0', 34);
2420 ataH2BE_U16(pbBuf, 32);
2421 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2422 pbBuf[3] = 1; /* number of first track */
2423 pbBuf[4] = 1; /* number of sessions (LSB) */
2424 pbBuf[5] = 1; /* first track number in last session (LSB) */
2425 pbBuf[6] = 1; /* last track number in last session (LSB) */
2426 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2427 pbBuf[8] = 0; /* disc type = CD-ROM */
2428 pbBuf[9] = 0; /* number of sessions (MSB) */
2429 pbBuf[10] = 0; /* number of sessions (MSB) */
2430 pbBuf[11] = 0; /* number of sessions (MSB) */
2431 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2432 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2433 s->iSourceSink = ATAFN_SS_NULL;
2434 atapiCmdOK(s);
2435 return false;
2436}
2437
2438
2439static bool atapiReadTrackInformationSS(ATADevState *s)
2440{
2441 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2442
2443 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2444 Assert(s->cbElementaryTransfer <= 36);
2445 /* Accept address/number type of 1 only, and only track 1 exists. */
2446 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2447 {
2448 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2449 return false;
2450 }
2451 memset(pbBuf, '\0', 36);
2452 ataH2BE_U16(pbBuf, 34);
2453 pbBuf[2] = 1; /* track number (LSB) */
2454 pbBuf[3] = 1; /* session number (LSB) */
2455 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2456 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2457 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2458 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2459 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2460 pbBuf[32] = 0; /* track number (MSB) */
2461 pbBuf[33] = 0; /* session number (MSB) */
2462 s->iSourceSink = ATAFN_SS_NULL;
2463 atapiCmdOK(s);
2464 return false;
2465}
2466
2467static uint32_t atapiGetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2468{
2469 if (cbBuf < 3*4)
2470 return 0;
2471
2472 ataH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2473 pbBuf[2] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2474 pbBuf[3] = 8; /* additional bytes for profiles */
2475 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2476 * before CD-ROM read capability. */
2477 ataH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2478 pbBuf[6] = (0 << 0); /* NOT current profile */
2479 ataH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2480 pbBuf[10] = (1 << 0); /* current profile */
2481
2482 return 3*4; /* Header + 2 profiles entries */
2483}
2484
2485static uint32_t atapiGetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2486{
2487 if (cbBuf < 12)
2488 return 0;
2489
2490 ataH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2491 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2492 pbBuf[3] = 8; /* Additional length */
2493 ataH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2494 pbBuf[8] = RT_BIT(0); /* DBE */
2495 /* Rest is reserved. */
2496
2497 return 12;
2498}
2499
2500static uint32_t atapiGetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2501{
2502 if (cbBuf < 8)
2503 return 0;
2504
2505 ataH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2506 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2507 pbBuf[3] = 4; /* Additional length */
2508 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2509 /* Rest is reserved. */
2510
2511 return 8;
2512}
2513
2514static uint32_t atapiGetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2515{
2516 if (cbBuf < 8)
2517 return 0;
2518
2519 ataH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2520 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2521 pbBuf[3] = 4; /* Additional length */
2522 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2523 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2524 /* Rest is reserved. */
2525
2526 return 8;
2527}
2528
2529static uint32_t atapiGetConfigurationFillFeatureRandomReadable(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2530{
2531 if (cbBuf < 12)
2532 return 0;
2533
2534 ataH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2535 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2536 pbBuf[3] = 8; /* Additional length */
2537 ataH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2538 ataH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2539 pbBuf[10] = 0; /* PP not present */
2540 /* Rest is reserved. */
2541
2542 return 12;
2543}
2544
2545static uint32_t atapiGetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2546{
2547 if (cbBuf < 8)
2548 return 0;
2549
2550 ataH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2551 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2552 pbBuf[3] = 0; /* Additional length */
2553 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2554 /* Rest is reserved. */
2555
2556 return 8;
2557}
2558
2559static uint32_t atapiGetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2560{
2561 if (cbBuf < 4)
2562 return 0;
2563
2564 ataH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2565 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2566 pbBuf[3] = 0; /* Additional length */
2567
2568 return 4;
2569}
2570
2571static uint32_t atapiGetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2572{
2573 if (cbBuf < 8)
2574 return 0;
2575
2576 ataH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2577 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2578 pbBuf[3] = 4; /* Additional length */
2579 pbBuf[4] = 0x0; /* !Group3 */
2580
2581 return 8;
2582}
2583
2584static bool atapiGetConfigurationSS(ATADevState *s)
2585{
2586 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2587 uint32_t cbBuf = s->cbIOBuffer;
2588 uint32_t cbCopied = 0;
2589 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2590
2591 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2592 Assert(s->cbElementaryTransfer <= 80);
2593 /* Accept valid request types only, and only starting feature 0. */
2594 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2595 {
2596 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2597 return false;
2598 }
2599 memset(pbBuf, '\0', cbBuf);
2600 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2601 * way to differentiate them right now is based on the image size). */
2602 if (s->cTotalSectors)
2603 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2604 else
2605 ataH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2606 cbBuf -= 8;
2607 pbBuf += 8;
2608
2609 cbCopied = atapiGetConfigurationFillFeatureListProfiles(s, pbBuf, cbBuf);
2610 cbBuf -= cbCopied;
2611 pbBuf += cbCopied;
2612
2613 cbCopied = atapiGetConfigurationFillFeatureCore(s, pbBuf, cbBuf);
2614 cbBuf -= cbCopied;
2615 pbBuf += cbCopied;
2616
2617 cbCopied = atapiGetConfigurationFillFeatureMorphing(s, pbBuf, cbBuf);
2618 cbBuf -= cbCopied;
2619 pbBuf += cbCopied;
2620
2621 cbCopied = atapiGetConfigurationFillFeatureRemovableMedium(s, pbBuf, cbBuf);
2622 cbBuf -= cbCopied;
2623 pbBuf += cbCopied;
2624
2625 cbCopied = atapiGetConfigurationFillFeatureRandomReadable(s, pbBuf, cbBuf);
2626 cbBuf -= cbCopied;
2627 pbBuf += cbCopied;
2628
2629 cbCopied = atapiGetConfigurationFillFeatureCDRead(s, pbBuf, cbBuf);
2630 cbBuf -= cbCopied;
2631 pbBuf += cbCopied;
2632
2633 cbCopied = atapiGetConfigurationFillFeaturePowerManagement(s, pbBuf, cbBuf);
2634 cbBuf -= cbCopied;
2635 pbBuf += cbCopied;
2636
2637 cbCopied = atapiGetConfigurationFillFeatureTimeout(s, pbBuf, cbBuf);
2638 cbBuf -= cbCopied;
2639 pbBuf += cbCopied;
2640
2641 /* Set data length now - the field is not included in the final length. */
2642 ataH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2643
2644 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2645 s->iSourceSink = ATAFN_SS_NULL;
2646 atapiCmdOK(s);
2647 return false;
2648}
2649
2650
2651static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2652{
2653 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2654
2655 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2656 Assert(s->cbElementaryTransfer <= 8);
2657
2658 if (!(s->aATAPICmd[1] & 1))
2659 {
2660 /* no asynchronous operation supported */
2661 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2662 return false;
2663 }
2664
2665 uint32_t OldStatus, NewStatus;
2666 do
2667 {
2668 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2669 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2670 switch (OldStatus)
2671 {
2672 case ATA_EVENT_STATUS_MEDIA_NEW:
2673 /* mount */
2674 ataH2BE_U16(pbBuf + 0, 6);
2675 pbBuf[2] = 0x04; /* media */
2676 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2677 pbBuf[4] = 0x02; /* new medium */
2678 pbBuf[5] = 0x02; /* medium present / door closed */
2679 pbBuf[6] = 0x00;
2680 pbBuf[7] = 0x00;
2681 break;
2682
2683 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2684 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2685 /* umount */
2686 ataH2BE_U16(pbBuf + 0, 6);
2687 pbBuf[2] = 0x04; /* media */
2688 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2689 pbBuf[4] = 0x03; /* media removal */
2690 pbBuf[5] = 0x00; /* medium absent / door closed */
2691 pbBuf[6] = 0x00;
2692 pbBuf[7] = 0x00;
2693 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2694 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2695 break;
2696
2697 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2698 ataH2BE_U16(pbBuf + 0, 6);
2699 pbBuf[2] = 0x04; /* media */
2700 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2701 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2702 pbBuf[5] = 0x02; /* medium present / door closed */
2703 pbBuf[6] = 0x00;
2704 pbBuf[7] = 0x00;
2705 break;
2706
2707 case ATA_EVENT_STATUS_UNCHANGED:
2708 default:
2709 ataH2BE_U16(pbBuf + 0, 6);
2710 pbBuf[2] = 0x01; /* operational change request / notification */
2711 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2712 pbBuf[4] = 0x00;
2713 pbBuf[5] = 0x00;
2714 pbBuf[6] = 0x00;
2715 pbBuf[7] = 0x00;
2716 break;
2717 }
2718 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2719
2720 s->iSourceSink = ATAFN_SS_NULL;
2721 atapiCmdOK(s);
2722 return false;
2723}
2724
2725
2726static bool atapiInquirySS(ATADevState *s)
2727{
2728 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2729
2730 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2731 Assert(s->cbElementaryTransfer <= 36);
2732 pbBuf[0] = 0x05; /* CD-ROM */
2733 pbBuf[1] = 0x80; /* removable */
2734#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2735 pbBuf[2] = 0x00; /* ISO */
2736 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2737#else
2738 pbBuf[2] = 0x00; /* ISO */
2739 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2740#endif
2741 pbBuf[4] = 31; /* additional length */
2742 pbBuf[5] = 0; /* reserved */
2743 pbBuf[6] = 0; /* reserved */
2744 pbBuf[7] = 0; /* reserved */
2745 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2746 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2747 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2748 s->iSourceSink = ATAFN_SS_NULL;
2749 atapiCmdOK(s);
2750 return false;
2751}
2752
2753
2754static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2755{
2756 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2757
2758 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2759 Assert(s->cbElementaryTransfer <= 16);
2760 ataH2BE_U16(&pbBuf[0], 16 + 6);
2761 pbBuf[2] = (uint8_t)s->MediaTrackType;
2762 pbBuf[3] = 0;
2763 pbBuf[4] = 0;
2764 pbBuf[5] = 0;
2765 pbBuf[6] = 0;
2766 pbBuf[7] = 0;
2767
2768 pbBuf[8] = 0x01;
2769 pbBuf[9] = 0x06;
2770 pbBuf[10] = 0x00; /* Maximum error recovery */
2771 pbBuf[11] = 0x05; /* 5 retries */
2772 pbBuf[12] = 0x00;
2773 pbBuf[13] = 0x00;
2774 pbBuf[14] = 0x00;
2775 pbBuf[15] = 0x00;
2776 s->iSourceSink = ATAFN_SS_NULL;
2777 atapiCmdOK(s);
2778 return false;
2779}
2780
2781
2782static bool atapiModeSenseCDStatusSS(ATADevState *s)
2783{
2784 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2785
2786 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2787 Assert(s->cbElementaryTransfer <= 40);
2788 ataH2BE_U16(&pbBuf[0], 38);
2789 pbBuf[2] = (uint8_t)s->MediaTrackType;
2790 pbBuf[3] = 0;
2791 pbBuf[4] = 0;
2792 pbBuf[5] = 0;
2793 pbBuf[6] = 0;
2794 pbBuf[7] = 0;
2795
2796 pbBuf[8] = 0x2a;
2797 pbBuf[9] = 30; /* page length */
2798 pbBuf[10] = 0x08; /* DVD-ROM read support */
2799 pbBuf[11] = 0x00; /* no write support */
2800 /* The following claims we support audio play. This is obviously false,
2801 * but the Linux generic CDROM support makes many features depend on this
2802 * capability. If it's not set, this causes many things to be disabled. */
2803 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2804 pbBuf[13] = 0x00; /* no subchannel reads supported */
2805 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2806 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2807 pbBuf[14] |= 1 << 1; /* report lock state */
2808 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2809 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2810 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2811 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2812 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2813 pbBuf[24] = 0; /* reserved */
2814 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2815 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2816 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2817 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2818 pbBuf[32] = 0; /* reserved */
2819 pbBuf[33] = 0; /* reserved */
2820 pbBuf[34] = 0; /* reserved */
2821 pbBuf[35] = 1; /* rotation control CAV */
2822 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2823 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2824 s->iSourceSink = ATAFN_SS_NULL;
2825 atapiCmdOK(s);
2826 return false;
2827}
2828
2829
2830static bool atapiRequestSenseSS(ATADevState *s)
2831{
2832 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2833
2834 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2835 memset(pbBuf, '\0', s->cbElementaryTransfer);
2836 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2837 s->iSourceSink = ATAFN_SS_NULL;
2838 atapiCmdOK(s);
2839 return false;
2840}
2841
2842
2843static bool atapiMechanismStatusSS(ATADevState *s)
2844{
2845 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2846
2847 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2848 Assert(s->cbElementaryTransfer <= 8);
2849 ataH2BE_U16(pbBuf, 0);
2850 /* no current LBA */
2851 pbBuf[2] = 0;
2852 pbBuf[3] = 0;
2853 pbBuf[4] = 0;
2854 pbBuf[5] = 1;
2855 ataH2BE_U16(pbBuf + 6, 0);
2856 s->iSourceSink = ATAFN_SS_NULL;
2857 atapiCmdOK(s);
2858 return false;
2859}
2860
2861
2862static bool atapiReadTOCNormalSS(ATADevState *s)
2863{
2864 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2865 bool fMSF;
2866 uint32_t cbSize;
2867
2868 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2869 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2870 iStartTrack = s->aATAPICmd[6];
2871 if (iStartTrack > 1 && iStartTrack != 0xaa)
2872 {
2873 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2874 return false;
2875 }
2876 q = pbBuf + 2;
2877 *q++ = 1; /* first session */
2878 *q++ = 1; /* last session */
2879 if (iStartTrack <= 1)
2880 {
2881 *q++ = 0; /* reserved */
2882 *q++ = 0x14; /* ADR, control */
2883 *q++ = 1; /* track number */
2884 *q++ = 0; /* reserved */
2885 if (fMSF)
2886 {
2887 *q++ = 0; /* reserved */
2888 ataLBA2MSF(q, 0);
2889 q += 3;
2890 }
2891 else
2892 {
2893 /* sector 0 */
2894 ataH2BE_U32(q, 0);
2895 q += 4;
2896 }
2897 }
2898 /* lead out track */
2899 *q++ = 0; /* reserved */
2900 *q++ = 0x14; /* ADR, control */
2901 *q++ = 0xaa; /* track number */
2902 *q++ = 0; /* reserved */
2903 if (fMSF)
2904 {
2905 *q++ = 0; /* reserved */
2906 ataLBA2MSF(q, s->cTotalSectors);
2907 q += 3;
2908 }
2909 else
2910 {
2911 ataH2BE_U32(q, s->cTotalSectors);
2912 q += 4;
2913 }
2914 cbSize = q - pbBuf;
2915 ataH2BE_U16(pbBuf, cbSize - 2);
2916 if (cbSize < s->cbTotalTransfer)
2917 s->cbTotalTransfer = cbSize;
2918 s->iSourceSink = ATAFN_SS_NULL;
2919 atapiCmdOK(s);
2920 return false;
2921}
2922
2923
2924static bool atapiReadTOCMultiSS(ATADevState *s)
2925{
2926 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2927 bool fMSF;
2928
2929 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2930 Assert(s->cbElementaryTransfer <= 12);
2931 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2932 /* multi session: only a single session defined */
2933/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2934 memset(pbBuf, 0, 12);
2935 pbBuf[1] = 0x0a;
2936 pbBuf[2] = 0x01;
2937 pbBuf[3] = 0x01;
2938 pbBuf[5] = 0x14; /* ADR, control */
2939 pbBuf[6] = 1; /* first track in last complete session */
2940 if (fMSF)
2941 {
2942 pbBuf[8] = 0; /* reserved */
2943 ataLBA2MSF(&pbBuf[9], 0);
2944 }
2945 else
2946 {
2947 /* sector 0 */
2948 ataH2BE_U32(pbBuf + 8, 0);
2949 }
2950 s->iSourceSink = ATAFN_SS_NULL;
2951 atapiCmdOK(s);
2952 return false;
2953}
2954
2955
2956static bool atapiReadTOCRawSS(ATADevState *s)
2957{
2958 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2959 bool fMSF;
2960 uint32_t cbSize;
2961
2962 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2963 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2964 iStartTrack = s->aATAPICmd[6];
2965
2966 q = pbBuf + 2;
2967 *q++ = 1; /* first session */
2968 *q++ = 1; /* last session */
2969
2970 *q++ = 1; /* session number */
2971 *q++ = 0x14; /* data track */
2972 *q++ = 0; /* track number */
2973 *q++ = 0xa0; /* first track in program area */
2974 *q++ = 0; /* min */
2975 *q++ = 0; /* sec */
2976 *q++ = 0; /* frame */
2977 *q++ = 0;
2978 *q++ = 1; /* first track */
2979 *q++ = 0x00; /* disk type CD-DA or CD data */
2980 *q++ = 0;
2981
2982 *q++ = 1; /* session number */
2983 *q++ = 0x14; /* data track */
2984 *q++ = 0; /* track number */
2985 *q++ = 0xa1; /* last track in program area */
2986 *q++ = 0; /* min */
2987 *q++ = 0; /* sec */
2988 *q++ = 0; /* frame */
2989 *q++ = 0;
2990 *q++ = 1; /* last track */
2991 *q++ = 0;
2992 *q++ = 0;
2993
2994 *q++ = 1; /* session number */
2995 *q++ = 0x14; /* data track */
2996 *q++ = 0; /* track number */
2997 *q++ = 0xa2; /* lead-out */
2998 *q++ = 0; /* min */
2999 *q++ = 0; /* sec */
3000 *q++ = 0; /* frame */
3001 if (fMSF)
3002 {
3003 *q++ = 0; /* reserved */
3004 ataLBA2MSF(q, s->cTotalSectors);
3005 q += 3;
3006 }
3007 else
3008 {
3009 ataH2BE_U32(q, s->cTotalSectors);
3010 q += 4;
3011 }
3012
3013 *q++ = 1; /* session number */
3014 *q++ = 0x14; /* ADR, control */
3015 *q++ = 0; /* track number */
3016 *q++ = 1; /* point */
3017 *q++ = 0; /* min */
3018 *q++ = 0; /* sec */
3019 *q++ = 0; /* frame */
3020 if (fMSF)
3021 {
3022 *q++ = 0; /* reserved */
3023 ataLBA2MSF(q, 0);
3024 q += 3;
3025 }
3026 else
3027 {
3028 /* sector 0 */
3029 ataH2BE_U32(q, 0);
3030 q += 4;
3031 }
3032
3033 cbSize = q - pbBuf;
3034 ataH2BE_U16(pbBuf, cbSize - 2);
3035 if (cbSize < s->cbTotalTransfer)
3036 s->cbTotalTransfer = cbSize;
3037 s->iSourceSink = ATAFN_SS_NULL;
3038 atapiCmdOK(s);
3039 return false;
3040}
3041
3042
3043static void atapiParseCmdVirtualATAPI(ATADevState *s)
3044{
3045 const uint8_t *pbPacket;
3046 uint8_t *pbBuf;
3047 uint32_t cbMax;
3048
3049 pbPacket = s->aATAPICmd;
3050 pbBuf = s->CTX_SUFF(pbIOBuffer);
3051 switch (pbPacket[0])
3052 {
3053 case SCSI_TEST_UNIT_READY:
3054 if (s->cNotifiedMediaChange > 0)
3055 {
3056 if (s->cNotifiedMediaChange-- > 2)
3057 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3058 else
3059 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3060 }
3061 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3062 atapiCmdOK(s);
3063 else
3064 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3065 break;
3066 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3067 cbMax = ataBE2H_U16(pbPacket + 7);
3068 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3069 break;
3070 case SCSI_MODE_SENSE_10:
3071 {
3072 uint8_t uPageControl, uPageCode;
3073 cbMax = ataBE2H_U16(pbPacket + 7);
3074 uPageControl = pbPacket[2] >> 6;
3075 uPageCode = pbPacket[2] & 0x3f;
3076 switch (uPageControl)
3077 {
3078 case SCSI_PAGECONTROL_CURRENT:
3079 switch (uPageCode)
3080 {
3081 case SCSI_MODEPAGE_ERROR_RECOVERY:
3082 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
3083 break;
3084 case SCSI_MODEPAGE_CD_STATUS:
3085 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
3086 break;
3087 default:
3088 goto error_cmd;
3089 }
3090 break;
3091 case SCSI_PAGECONTROL_CHANGEABLE:
3092 goto error_cmd;
3093 case SCSI_PAGECONTROL_DEFAULT:
3094 goto error_cmd;
3095 default:
3096 case SCSI_PAGECONTROL_SAVED:
3097 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
3098 break;
3099 }
3100 }
3101 break;
3102 case SCSI_REQUEST_SENSE:
3103 cbMax = pbPacket[4];
3104 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3105 break;
3106 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3107 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
3108 {
3109 if (pbPacket[4] & 1)
3110 s->pDrvMount->pfnLock(s->pDrvMount);
3111 else
3112 s->pDrvMount->pfnUnlock(s->pDrvMount);
3113 atapiCmdOK(s);
3114 }
3115 else
3116 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3117 break;
3118 case SCSI_READ_10:
3119 case SCSI_READ_12:
3120 {
3121 uint32_t cSectors, iATAPILBA;
3122
3123 if (s->cNotifiedMediaChange > 0)
3124 {
3125 s->cNotifiedMediaChange-- ;
3126 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3127 break;
3128 }
3129 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3130 {
3131 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3132 break;
3133 }
3134 if (pbPacket[0] == SCSI_READ_10)
3135 cSectors = ataBE2H_U16(pbPacket + 7);
3136 else
3137 cSectors = ataBE2H_U32(pbPacket + 6);
3138 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3139 if (cSectors == 0)
3140 {
3141 atapiCmdOK(s);
3142 break;
3143 }
3144 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3145 {
3146 /* Rate limited logging, one log line per second. For
3147 * guests that insist on reading from places outside the
3148 * valid area this often generates too many release log
3149 * entries otherwise. */
3150 static uint64_t uLastLogTS = 0;
3151 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3152 {
3153 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3154 uLastLogTS = RTTimeMilliTS();
3155 }
3156 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3157 break;
3158 }
3159 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3160 }
3161 break;
3162 case SCSI_READ_CD:
3163 {
3164 uint32_t cSectors, iATAPILBA;
3165
3166 if (s->cNotifiedMediaChange > 0)
3167 {
3168 s->cNotifiedMediaChange-- ;
3169 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3170 break;
3171 }
3172 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3173 {
3174 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3175 break;
3176 }
3177 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3178 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3179 if (cSectors == 0)
3180 {
3181 atapiCmdOK(s);
3182 break;
3183 }
3184 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3185 {
3186 /* Rate limited logging, one log line per second. For
3187 * guests that insist on reading from places outside the
3188 * valid area this often generates too many release log
3189 * entries otherwise. */
3190 static uint64_t uLastLogTS = 0;
3191 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3192 {
3193 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3194 uLastLogTS = RTTimeMilliTS();
3195 }
3196 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3197 break;
3198 }
3199 switch (pbPacket[9] & 0xf8)
3200 {
3201 case 0x00:
3202 /* nothing */
3203 atapiCmdOK(s);
3204 break;
3205 case 0x10:
3206 /* normal read */
3207 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3208 break;
3209 case 0xf8:
3210 /* read all data */
3211 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
3212 break;
3213 default:
3214 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3215 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3216 break;
3217 }
3218 }
3219 break;
3220 case SCSI_SEEK_10:
3221 {
3222 uint32_t iATAPILBA;
3223 if (s->cNotifiedMediaChange > 0)
3224 {
3225 s->cNotifiedMediaChange-- ;
3226 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3227 break;
3228 }
3229 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3230 {
3231 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3232 break;
3233 }
3234 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3235 if (iATAPILBA > s->cTotalSectors)
3236 {
3237 /* Rate limited logging, one log line per second. For
3238 * guests that insist on seeking to places outside the
3239 * valid area this often generates too many release log
3240 * entries otherwise. */
3241 static uint64_t uLastLogTS = 0;
3242 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3243 {
3244 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3245 uLastLogTS = RTTimeMilliTS();
3246 }
3247 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3248 break;
3249 }
3250 atapiCmdOK(s);
3251 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3252 }
3253 break;
3254 case SCSI_START_STOP_UNIT:
3255 {
3256 int rc = VINF_SUCCESS;
3257 switch (pbPacket[4] & 3)
3258 {
3259 case 0: /* 00 - Stop motor */
3260 case 1: /* 01 - Start motor */
3261 break;
3262 case 2: /* 10 - Eject media */
3263 {
3264 /* This must be done from EMT. */
3265 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3266 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3267 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
3268
3269 PDMCritSectLeave(&pCtl->lock);
3270 rc = VMR3ReqPriorityCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3271 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3272 s->pDrvMount, false /*=fForce*/, true /*=fEject*/);
3273 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED) || (rc = VERR_PDM_MEDIA_NOT_MOUNTED));
3274 if (RT_SUCCESS(rc) && pThis->pMediaNotify)
3275 {
3276 rc = VMR3ReqCallNoWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3277 (PFNRT)pThis->pMediaNotify->pfnEjected, 2,
3278 pThis->pMediaNotify, s->iLUN);
3279 AssertRC(rc);
3280 }
3281 {
3282 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3283 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3284 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3285 }
3286 break;
3287 }
3288 case 3: /* 11 - Load media */
3289 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3290 break;
3291 }
3292 if (RT_SUCCESS(rc))
3293 atapiCmdOK(s);
3294 else
3295 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3296 }
3297 break;
3298 case SCSI_MECHANISM_STATUS:
3299 {
3300 cbMax = ataBE2H_U16(pbPacket + 8);
3301 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3302 }
3303 break;
3304 case SCSI_READ_TOC_PMA_ATIP:
3305 {
3306 uint8_t format;
3307
3308 if (s->cNotifiedMediaChange > 0)
3309 {
3310 s->cNotifiedMediaChange-- ;
3311 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3312 break;
3313 }
3314 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3315 {
3316 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3317 break;
3318 }
3319 cbMax = ataBE2H_U16(pbPacket + 7);
3320 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3321 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3322 * the other field is clear... */
3323 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3324 switch (format)
3325 {
3326 case 0:
3327 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3328 break;
3329 case 1:
3330 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3331 break;
3332 case 2:
3333 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3334 break;
3335 default:
3336 error_cmd:
3337 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3338 break;
3339 }
3340 }
3341 break;
3342 case SCSI_READ_CAPACITY:
3343 if (s->cNotifiedMediaChange > 0)
3344 {
3345 s->cNotifiedMediaChange-- ;
3346 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3347 break;
3348 }
3349 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3350 {
3351 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3352 break;
3353 }
3354 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3355 break;
3356 case SCSI_READ_DISC_INFORMATION:
3357 if (s->cNotifiedMediaChange > 0)
3358 {
3359 s->cNotifiedMediaChange-- ;
3360 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3361 break;
3362 }
3363 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3364 {
3365 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3366 break;
3367 }
3368 cbMax = ataBE2H_U16(pbPacket + 7);
3369 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3370 break;
3371 case SCSI_READ_TRACK_INFORMATION:
3372 if (s->cNotifiedMediaChange > 0)
3373 {
3374 s->cNotifiedMediaChange-- ;
3375 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3376 break;
3377 }
3378 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3379 {
3380 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3381 break;
3382 }
3383 cbMax = ataBE2H_U16(pbPacket + 7);
3384 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3385 break;
3386 case SCSI_GET_CONFIGURATION:
3387 /* No media change stuff here, it can confuse Linux guests. */
3388 cbMax = ataBE2H_U16(pbPacket + 7);
3389 ataStartTransfer(s, RT_MIN(cbMax, 80), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3390 break;
3391 case SCSI_INQUIRY:
3392 cbMax = ataBE2H_U16(pbPacket + 3);
3393 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3394 break;
3395 case SCSI_READ_DVD_STRUCTURE:
3396 {
3397 cbMax = ataBE2H_U16(pbPacket + 8);
3398 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3399 break;
3400 }
3401 default:
3402 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3403 break;
3404 }
3405}
3406
3407
3408/*
3409 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3410 */
3411static void atapiParseCmdPassthrough(ATADevState *s)
3412{
3413 const uint8_t *pbPacket;
3414 uint8_t *pbBuf;
3415 uint32_t cSectors, iATAPILBA;
3416 uint32_t cbTransfer = 0;
3417 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3418
3419 pbPacket = s->aATAPICmd;
3420 pbBuf = s->CTX_SUFF(pbIOBuffer);
3421 switch (pbPacket[0])
3422 {
3423 case SCSI_BLANK:
3424 goto sendcmd;
3425 case SCSI_CLOSE_TRACK_SESSION:
3426 goto sendcmd;
3427 case SCSI_ERASE_10:
3428 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3429 cbTransfer = ataBE2H_U16(pbPacket + 7);
3430 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3431 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3432 goto sendcmd;
3433 case SCSI_FORMAT_UNIT:
3434 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3435 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3436 goto sendcmd;
3437 case SCSI_GET_CONFIGURATION:
3438 cbTransfer = ataBE2H_U16(pbPacket + 7);
3439 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3440 goto sendcmd;
3441 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3442 cbTransfer = ataBE2H_U16(pbPacket + 7);
3443 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3444 {
3445 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3446 break;
3447 }
3448 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3449 goto sendcmd;
3450 case SCSI_GET_PERFORMANCE:
3451 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3452 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3453 goto sendcmd;
3454 case SCSI_INQUIRY:
3455 cbTransfer = ataBE2H_U16(pbPacket + 3);
3456 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3457 goto sendcmd;
3458 case SCSI_LOAD_UNLOAD_MEDIUM:
3459 goto sendcmd;
3460 case SCSI_MECHANISM_STATUS:
3461 cbTransfer = ataBE2H_U16(pbPacket + 8);
3462 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3463 goto sendcmd;
3464 case SCSI_MODE_SELECT_10:
3465 cbTransfer = ataBE2H_U16(pbPacket + 7);
3466 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3467 goto sendcmd;
3468 case SCSI_MODE_SENSE_10:
3469 cbTransfer = ataBE2H_U16(pbPacket + 7);
3470 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3471 goto sendcmd;
3472 case SCSI_PAUSE_RESUME:
3473 goto sendcmd;
3474 case SCSI_PLAY_AUDIO_10:
3475 goto sendcmd;
3476 case SCSI_PLAY_AUDIO_12:
3477 goto sendcmd;
3478 case SCSI_PLAY_AUDIO_MSF:
3479 goto sendcmd;
3480 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3481 /** @todo do not forget to unlock when a VM is shut down */
3482 goto sendcmd;
3483 case SCSI_READ_10:
3484 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3485 cSectors = ataBE2H_U16(pbPacket + 7);
3486 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3487 s->cbATAPISector = 2048;
3488 cbTransfer = cSectors * s->cbATAPISector;
3489 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3490 goto sendcmd;
3491 case SCSI_READ_12:
3492 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3493 cSectors = ataBE2H_U32(pbPacket + 6);
3494 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3495 s->cbATAPISector = 2048;
3496 cbTransfer = cSectors * s->cbATAPISector;
3497 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3498 goto sendcmd;
3499 case SCSI_READ_BUFFER:
3500 cbTransfer = ataBE2H_U24(pbPacket + 6);
3501 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3502 goto sendcmd;
3503 case SCSI_READ_BUFFER_CAPACITY:
3504 cbTransfer = ataBE2H_U16(pbPacket + 7);
3505 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3506 goto sendcmd;
3507 case SCSI_READ_CAPACITY:
3508 cbTransfer = 8;
3509 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3510 goto sendcmd;
3511 case SCSI_READ_CD:
3512 case SCSI_READ_CD_MSF:
3513 {
3514 /* Get sector size based on the expected sector type field. */
3515 switch ((pbPacket[1] >> 2) & 0x7)
3516 {
3517 case 0x0: /* All types. */
3518 {
3519 uint32_t iLbaStart;
3520
3521 if (pbPacket[0] == SCSI_READ_CD)
3522 iLbaStart = ataBE2H_U32(&pbPacket[2]);
3523 else
3524 iLbaStart = ataMSF2LBA(&pbPacket[3]);
3525
3526 if (s->pTrackList)
3527 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iLbaStart);
3528 else
3529 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3530 break;
3531 }
3532 case 0x1: /* CD-DA */
3533 s->cbATAPISector = 2352;
3534 break;
3535 case 0x2: /* Mode 1 */
3536 s->cbATAPISector = 2048;
3537 break;
3538 case 0x3: /* Mode 2 formless */
3539 s->cbATAPISector = 2336;
3540 break;
3541 case 0x4: /* Mode 2 form 1 */
3542 s->cbATAPISector = 2048;
3543 break;
3544 case 0x5: /* Mode 2 form 2 */
3545 s->cbATAPISector = 2324;
3546 break;
3547 default: /* Reserved */
3548 AssertMsgFailed(("Unknown sector type\n"));
3549 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3550 }
3551
3552 if (pbPacket[0] == SCSI_READ_CD)
3553 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3554 else /* SCSI_READ_MSF */
3555 {
3556 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3557 if (cSectors > 32)
3558 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3559 cbTransfer = cSectors * s->cbATAPISector;
3560 }
3561 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3562 goto sendcmd;
3563 }
3564 case SCSI_READ_DISC_INFORMATION:
3565 cbTransfer = ataBE2H_U16(pbPacket + 7);
3566 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3567 goto sendcmd;
3568 case SCSI_READ_DVD_STRUCTURE:
3569 cbTransfer = ataBE2H_U16(pbPacket + 8);
3570 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3571 goto sendcmd;
3572 case SCSI_READ_FORMAT_CAPACITIES:
3573 cbTransfer = ataBE2H_U16(pbPacket + 7);
3574 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3575 goto sendcmd;
3576 case SCSI_READ_SUBCHANNEL:
3577 cbTransfer = ataBE2H_U16(pbPacket + 7);
3578 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3579 goto sendcmd;
3580 case SCSI_READ_TOC_PMA_ATIP:
3581 cbTransfer = ataBE2H_U16(pbPacket + 7);
3582 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3583 goto sendcmd;
3584 case SCSI_READ_TRACK_INFORMATION:
3585 cbTransfer = ataBE2H_U16(pbPacket + 7);
3586 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3587 goto sendcmd;
3588 case SCSI_REPAIR_TRACK:
3589 goto sendcmd;
3590 case SCSI_REPORT_KEY:
3591 cbTransfer = ataBE2H_U16(pbPacket + 8);
3592 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3593 goto sendcmd;
3594 case SCSI_REQUEST_SENSE:
3595 cbTransfer = pbPacket[4];
3596 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3597 {
3598 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3599 break;
3600 }
3601 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3602 goto sendcmd;
3603 case SCSI_RESERVE_TRACK:
3604 goto sendcmd;
3605 case SCSI_SCAN:
3606 goto sendcmd;
3607 case SCSI_SEEK_10:
3608 goto sendcmd;
3609 case SCSI_SEND_CUE_SHEET:
3610 cbTransfer = ataBE2H_U24(pbPacket + 6);
3611 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3612 goto sendcmd;
3613 case SCSI_SEND_DVD_STRUCTURE:
3614 cbTransfer = ataBE2H_U16(pbPacket + 8);
3615 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3616 goto sendcmd;
3617 case SCSI_SEND_EVENT:
3618 cbTransfer = ataBE2H_U16(pbPacket + 8);
3619 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3620 goto sendcmd;
3621 case SCSI_SEND_KEY:
3622 cbTransfer = ataBE2H_U16(pbPacket + 8);
3623 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3624 goto sendcmd;
3625 case SCSI_SEND_OPC_INFORMATION:
3626 cbTransfer = ataBE2H_U16(pbPacket + 7);
3627 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3628 goto sendcmd;
3629 case SCSI_SET_CD_SPEED:
3630 goto sendcmd;
3631 case SCSI_SET_READ_AHEAD:
3632 goto sendcmd;
3633 case SCSI_SET_STREAMING:
3634 cbTransfer = ataBE2H_U16(pbPacket + 9);
3635 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3636 goto sendcmd;
3637 case SCSI_START_STOP_UNIT:
3638 goto sendcmd;
3639 case SCSI_STOP_PLAY_SCAN:
3640 goto sendcmd;
3641 case SCSI_SYNCHRONIZE_CACHE:
3642 goto sendcmd;
3643 case SCSI_TEST_UNIT_READY:
3644 goto sendcmd;
3645 case SCSI_VERIFY_10:
3646 goto sendcmd;
3647 case SCSI_WRITE_10:
3648 case SCSI_WRITE_AND_VERIFY_10:
3649 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3650 cSectors = ataBE2H_U16(pbPacket + 7);
3651 if (s->pTrackList)
3652 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iATAPILBA);
3653 else
3654 s->cbATAPISector = 2048;
3655 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3656 cbTransfer = cSectors * s->cbATAPISector;
3657 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3658 goto sendcmd;
3659 case SCSI_WRITE_12:
3660 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3661 cSectors = ataBE2H_U32(pbPacket + 6);
3662 if (s->pTrackList)
3663 s->cbATAPISector = ATAPIPassthroughTrackListGetSectorSizeFromLba(s->pTrackList, iATAPILBA);
3664 else
3665 s->cbATAPISector = 2048;
3666 Log2(("ATAPI PT: lba %d sectors %d sector size %d\n", iATAPILBA, cSectors, s->cbATAPISector));
3667 cbTransfer = cSectors * s->cbATAPISector;
3668 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3669 goto sendcmd;
3670 case SCSI_WRITE_BUFFER:
3671 switch (pbPacket[1] & 0x1f)
3672 {
3673 case 0x04: /* download microcode */
3674 case 0x05: /* download microcode and save */
3675 case 0x06: /* download microcode with offsets */
3676 case 0x07: /* download microcode with offsets and save */
3677 case 0x0e: /* download microcode with offsets and defer activation */
3678 case 0x0f: /* activate deferred microcode */
3679 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3680 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3681 break;
3682 default:
3683 cbTransfer = ataBE2H_U16(pbPacket + 6);
3684 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3685 goto sendcmd;
3686 }
3687 break;
3688 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3689 cbTransfer = ataBE2H_U32(pbPacket + 6);
3690 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3691 goto sendcmd;
3692 case SCSI_REZERO_UNIT:
3693 /* Obsolete command used by cdrecord. What else would one expect?
3694 * This command is not sent to the drive, it is handled internally,
3695 * as the Linux kernel doesn't like it (message "scsi: unknown
3696 * opcode 0x01" in syslog) and replies with a sense code of 0,
3697 * which sends cdrecord to an endless loop. */
3698 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3699 break;
3700 default:
3701 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3702 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3703 break;
3704 sendcmd:
3705 /*
3706 * Send a command to the drive, passing data in/out as required.
3707 * Commands which exceed the I/O buffer size are split below
3708 * or aborted if splitting is not implemented.
3709 */
3710 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3711 if (cbTransfer == 0)
3712 uTxDir = PDMBLOCKTXDIR_NONE;
3713 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3714 }
3715}
3716
3717
3718static void atapiParseCmd(ATADevState *s)
3719{
3720 const uint8_t *pbPacket;
3721
3722 pbPacket = s->aATAPICmd;
3723#ifdef DEBUG
3724 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3725#else /* !DEBUG */
3726 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3727#endif /* !DEBUG */
3728 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3729
3730 if (s->fATAPIPassthrough)
3731 atapiParseCmdPassthrough(s);
3732 else
3733 atapiParseCmdVirtualATAPI(s);
3734}
3735
3736
3737static bool ataPacketSS(ATADevState *s)
3738{
3739 s->fDMA = !!(s->uATARegFeature & 1);
3740 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3741 s->uTxDir = PDMBLOCKTXDIR_NONE;
3742 s->cbTotalTransfer = 0;
3743 s->cbElementaryTransfer = 0;
3744 atapiParseCmd(s);
3745 return false;
3746}
3747
3748
3749/**
3750 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3751 * from now on, regardless if there was a medium inserted or not.
3752 */
3753static void ataMediumRemoved(ATADevState *s)
3754{
3755 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3756}
3757
3758
3759/**
3760 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3761 * there was already a medium inserted, don't forget to send the "medium
3762 * removed" event first.
3763 */
3764static void ataMediumInserted(ATADevState *s)
3765{
3766 uint32_t OldStatus, NewStatus;
3767 do
3768 {
3769 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3770 switch (OldStatus)
3771 {
3772 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3773 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3774 /* no change, we will send "medium removed" + "medium inserted" */
3775 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3776 break;
3777 default:
3778 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3779 break;
3780 }
3781 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3782}
3783
3784/**
3785 * Called when a media is mounted.
3786 *
3787 * @param pInterface Pointer to the interface structure containing the called function pointer.
3788 */
3789static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3790{
3791 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3792 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3793
3794 /* Ignore the call if we're called while being attached. */
3795 if (!pIf->pDrvBlock)
3796 return;
3797
3798 if (pIf->fATAPI)
3799 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3800 else
3801 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3802
3803 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3804
3805 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3806 if (pIf->cNotifiedMediaChange < 2)
3807 pIf->cNotifiedMediaChange = 1;
3808 ataMediumInserted(pIf);
3809 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3810}
3811
3812/**
3813 * Called when a media is unmounted
3814 * @param pInterface Pointer to the interface structure containing the called function pointer.
3815 */
3816static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3817{
3818 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3819 Log(("%s:\n", __FUNCTION__));
3820 pIf->cTotalSectors = 0;
3821
3822 /*
3823 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3824 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3825 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3826 * present and 2 in which it is changed.
3827 */
3828 pIf->cNotifiedMediaChange = 1;
3829 ataMediumRemoved(pIf);
3830 ataMediumTypeSet(pIf, ATA_MEDIA_NO_DISC);
3831}
3832
3833static void ataPacketBT(ATADevState *s)
3834{
3835 s->cbElementaryTransfer = s->cbTotalTransfer;
3836 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3837 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3838 ataSetStatusValue(s, ATA_STAT_READY);
3839}
3840
3841
3842static void ataResetDevice(ATADevState *s)
3843{
3844 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3845 s->cNotifiedMediaChange = 0;
3846 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3847 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3848 ataUnsetIRQ(s);
3849
3850 s->uATARegSelect = 0x20;
3851 ataSetStatusValue(s, ATA_STAT_READY);
3852 ataSetSignature(s);
3853 s->cbTotalTransfer = 0;
3854 s->cbElementaryTransfer = 0;
3855 s->iIOBufferPIODataStart = 0;
3856 s->iIOBufferPIODataEnd = 0;
3857 s->iBeginTransfer = ATAFN_BT_NULL;
3858 s->iSourceSink = ATAFN_SS_NULL;
3859 s->fDMA = false;
3860 s->fATAPITransfer = false;
3861 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3862
3863 s->uATARegFeature = 0;
3864}
3865
3866
3867static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3868{
3869 ataSetSignature(s);
3870 if (s->fATAPI)
3871 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3872 else
3873 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_SEEK);
3874 s->uATARegError = 0x01;
3875 return false;
3876}
3877
3878
3879static int ataTrimSectors(ATADevState *s, uint64_t u64Sector, uint32_t cSectors,
3880 bool *pfRedo)
3881{
3882 RTRANGE TrimRange;
3883 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3884 int rc;
3885
3886 PDMCritSectLeave(&pCtl->lock);
3887
3888 TrimRange.offStart = u64Sector * s->cbSector;
3889 TrimRange.cbRange = cSectors * s->cbSector;
3890
3891 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
3892 rc = s->pDrvBlock->pfnDiscard(s->pDrvBlock, &TrimRange, 1);
3893 s->Led.Actual.s.fWriting = 0;
3894
3895 if (RT_SUCCESS(rc))
3896 *pfRedo = false;
3897 else
3898 *pfRedo = ataIsRedoSetWarning(s, rc);
3899
3900 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3901 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3902 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3903 return rc;
3904}
3905
3906
3907static bool ataTrimSS(ATADevState *s)
3908{
3909 int rc = VERR_GENERAL_FAILURE;
3910 uint32_t cRangesMax;
3911 uint64_t *pu64Range = (uint64_t *)s->CTX_SUFF(pbIOBuffer);
3912 bool fRedo = false;
3913
3914 cRangesMax = s->cbElementaryTransfer / sizeof(uint64_t);
3915 Assert(cRangesMax);
3916
3917 while (cRangesMax-- > 0)
3918 {
3919 if (ATA_RANGE_LENGTH_GET(*pu64Range) == 0)
3920 break;
3921
3922 rc = ataTrimSectors(s, *pu64Range & ATA_RANGE_LBA_MASK,
3923 ATA_RANGE_LENGTH_GET(*pu64Range), &fRedo);
3924 if (RT_FAILURE(rc))
3925 break;
3926
3927 pu64Range++;
3928 }
3929
3930 if (RT_SUCCESS(rc))
3931 {
3932 s->iSourceSink = ATAFN_SS_NULL;
3933 ataCmdOK(s, ATA_STAT_SEEK);
3934 }
3935 else
3936 {
3937 if (fRedo)
3938 return fRedo;
3939 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
3940 LogRel(("PIIX3 ATA: LUN#%d: disk trim error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
3941 s->iLUN, rc, *pu64Range & ATA_RANGE_LBA_MASK, ATA_RANGE_LENGTH_GET(*pu64Range)));
3942
3943 /*
3944 * Check if we got interrupted. We don't need to set status variables
3945 * because the request was aborted.
3946 */
3947 if (rc != VERR_INTERRUPTED)
3948 ataCmdError(s, ID_ERR);
3949 }
3950
3951 return false;
3952}
3953
3954
3955static void ataParseCmd(ATADevState *s, uint8_t cmd)
3956{
3957#ifdef DEBUG
3958 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3959#else /* !DEBUG */
3960 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3961#endif /* !DEBUG */
3962 s->fLBA48 = false;
3963 s->fDMA = false;
3964 if (cmd == ATA_IDLE_IMMEDIATE)
3965 {
3966 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3967 * would overwrite the failing command unfortunately), then RESET. */
3968 int32_t uCmdWait = -1;
3969 uint64_t uNow = RTTimeNanoTS();
3970 if (s->u64CmdTS)
3971 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3972 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3973 s->iLUN, s->uATARegCommand, uCmdWait));
3974 }
3975 s->uATARegCommand = cmd;
3976 switch (cmd)
3977 {
3978 case ATA_IDENTIFY_DEVICE:
3979 if (s->pDrvBlock && !s->fATAPI)
3980 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3981 else
3982 {
3983 if (s->fATAPI)
3984 ataSetSignature(s);
3985 ataCmdError(s, ABRT_ERR);
3986 ataUnsetStatus(s, ATA_STAT_READY);
3987 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3988 }
3989 break;
3990 case ATA_RECALIBRATE:
3991 if (s->fATAPI)
3992 goto abort_cmd;
3993 /* fall through */
3994 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3995 ataCmdOK(s, ATA_STAT_SEEK);
3996 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3997 break;
3998 case ATA_SET_MULTIPLE_MODE:
3999 if ( s->uATARegNSector != 0
4000 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
4001 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
4002 {
4003 ataCmdError(s, ABRT_ERR);
4004 }
4005 else
4006 {
4007 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
4008 s->cMultSectors = s->uATARegNSector;
4009 ataCmdOK(s, 0);
4010 }
4011 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4012 break;
4013 case ATA_READ_VERIFY_SECTORS_EXT:
4014 s->fLBA48 = true;
4015 case ATA_READ_VERIFY_SECTORS:
4016 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
4017 /* do sector number check ? */
4018 ataCmdOK(s, ATA_STAT_SEEK);
4019 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4020 break;
4021 case ATA_READ_SECTORS_EXT:
4022 s->fLBA48 = true;
4023 case ATA_READ_SECTORS:
4024 case ATA_READ_SECTORS_WITHOUT_RETRIES:
4025 if (!s->pDrvBlock || s->fATAPI)
4026 goto abort_cmd;
4027 s->cSectorsPerIRQ = 1;
4028 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4029 break;
4030 case ATA_WRITE_SECTORS_EXT:
4031 s->fLBA48 = true;
4032 case ATA_WRITE_SECTORS:
4033 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
4034 if (!s->pDrvBlock || s->fATAPI)
4035 goto abort_cmd;
4036 s->cSectorsPerIRQ = 1;
4037 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4038 break;
4039 case ATA_READ_MULTIPLE_EXT:
4040 s->fLBA48 = true;
4041 case ATA_READ_MULTIPLE:
4042 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4043 goto abort_cmd;
4044 s->cSectorsPerIRQ = s->cMultSectors;
4045 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4046 break;
4047 case ATA_WRITE_MULTIPLE_EXT:
4048 s->fLBA48 = true;
4049 case ATA_WRITE_MULTIPLE:
4050 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
4051 goto abort_cmd;
4052 s->cSectorsPerIRQ = s->cMultSectors;
4053 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4054 break;
4055 case ATA_READ_DMA_EXT:
4056 s->fLBA48 = true;
4057 case ATA_READ_DMA:
4058 case ATA_READ_DMA_WITHOUT_RETRIES:
4059 if (!s->pDrvBlock || s->fATAPI)
4060 goto abort_cmd;
4061 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4062 s->fDMA = true;
4063 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
4064 break;
4065 case ATA_WRITE_DMA_EXT:
4066 s->fLBA48 = true;
4067 case ATA_WRITE_DMA:
4068 case ATA_WRITE_DMA_WITHOUT_RETRIES:
4069 if (!s->pDrvBlock || s->fATAPI)
4070 goto abort_cmd;
4071 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
4072 s->fDMA = true;
4073 ataStartTransfer(s, ataGetNSectors(s) * s->cbSector, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
4074 break;
4075 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
4076 s->fLBA48 = true;
4077 ataSetSector(s, s->cTotalSectors - 1);
4078 ataCmdOK(s, 0);
4079 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4080 break;
4081 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
4082 ataCmdOK(s, 0);
4083 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4084 break;
4085 case ATA_READ_NATIVE_MAX_ADDRESS:
4086 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
4087 ataCmdOK(s, 0);
4088 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4089 break;
4090 case ATA_CHECK_POWER_MODE:
4091 s->uATARegNSector = 0xff; /* drive active or idle */
4092 ataCmdOK(s, 0);
4093 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4094 break;
4095 case ATA_SET_FEATURES:
4096 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
4097 if (!s->pDrvBlock)
4098 goto abort_cmd;
4099 switch (s->uATARegFeature)
4100 {
4101 case 0x02: /* write cache enable */
4102 Log2(("%s: write cache enable\n", __FUNCTION__));
4103 ataCmdOK(s, ATA_STAT_SEEK);
4104 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4105 break;
4106 case 0xaa: /* read look-ahead enable */
4107 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
4108 ataCmdOK(s, ATA_STAT_SEEK);
4109 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4110 break;
4111 case 0x55: /* read look-ahead disable */
4112 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
4113 ataCmdOK(s, ATA_STAT_SEEK);
4114 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4115 break;
4116 case 0xcc: /* reverting to power-on defaults enable */
4117 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
4118 ataCmdOK(s, ATA_STAT_SEEK);
4119 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4120 break;
4121 case 0x66: /* reverting to power-on defaults disable */
4122 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
4123 ataCmdOK(s, ATA_STAT_SEEK);
4124 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4125 break;
4126 case 0x82: /* write cache disable */
4127 Log2(("%s: write cache disable\n", __FUNCTION__));
4128 /* As per the ATA/ATAPI-6 specs, a write cache disable
4129 * command MUST flush the write buffers to disc. */
4130 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4131 break;
4132 case 0x03: { /* set transfer mode */
4133 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
4134 switch (s->uATARegNSector & 0xf8)
4135 {
4136 case 0x00: /* PIO default */
4137 case 0x08: /* PIO mode */
4138 break;
4139 case ATA_MODE_MDMA: /* MDMA mode */
4140 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
4141 break;
4142 case ATA_MODE_UDMA: /* UDMA mode */
4143 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
4144 break;
4145 default:
4146 goto abort_cmd;
4147 }
4148 ataCmdOK(s, ATA_STAT_SEEK);
4149 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4150 break;
4151 }
4152 default:
4153 goto abort_cmd;
4154 }
4155 /*
4156 * OS/2 workarond:
4157 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
4158 * reset here. According to the specification, this is a driver bug as the register
4159 * contents are undefined after the call. This means we can just as well reset it.
4160 */
4161 s->uATARegFeature = 0;
4162 break;
4163 case ATA_FLUSH_CACHE_EXT:
4164 case ATA_FLUSH_CACHE:
4165 if (!s->pDrvBlock || s->fATAPI)
4166 goto abort_cmd;
4167 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
4168 break;
4169 case ATA_STANDBY_IMMEDIATE:
4170 ataCmdOK(s, 0);
4171 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4172 break;
4173 case ATA_IDLE_IMMEDIATE:
4174 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
4175 ataAbortCurrentCommand(s, false);
4176 break;
4177 case ATA_SLEEP:
4178 ataCmdOK(s, 0);
4179 ataSetIRQ(s);
4180 break;
4181 /* ATAPI commands */
4182 case ATA_IDENTIFY_PACKET_DEVICE:
4183 if (s->fATAPI)
4184 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
4185 else
4186 {
4187 ataCmdError(s, ABRT_ERR);
4188 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4189 }
4190 break;
4191 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
4192 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
4193 break;
4194 case ATA_DEVICE_RESET:
4195 if (!s->fATAPI)
4196 goto abort_cmd;
4197 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
4198 ataAbortCurrentCommand(s, true);
4199 break;
4200 case ATA_PACKET:
4201 if (!s->fATAPI)
4202 goto abort_cmd;
4203 /* overlapping commands not supported */
4204 if (s->uATARegFeature & 0x02)
4205 goto abort_cmd;
4206 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
4207 break;
4208 case ATA_DATA_SET_MANAGEMENT:
4209 if (!s->pDrvBlock || !s->pDrvBlock->pfnDiscard)
4210 goto abort_cmd;
4211 if ( !(s->uATARegFeature & UINT8_C(0x01))
4212 || (s->uATARegFeature & ~UINT8_C(0x01)))
4213 goto abort_cmd;
4214 s->fDMA = true;
4215 ataStartTransfer(s, (s->uATARegNSectorHOB << 8 | s->uATARegNSector) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_NULL, ATAFN_SS_TRIM, false);
4216 break;
4217 default:
4218 abort_cmd:
4219 ataCmdError(s, ABRT_ERR);
4220 if (s->fATAPI)
4221 ataUnsetStatus(s, ATA_STAT_READY);
4222 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
4223 break;
4224 }
4225}
4226
4227#endif /* IN_RING3 */
4228
4229/*
4230 * Note: There are four distinct cases of port I/O handling depending on
4231 * which devices (if any) are attached to an IDE channel:
4232 *
4233 * 1) No device attached. No response to writes or reads (i.e. reads return
4234 * all bits set).
4235 *
4236 * 2) Both devices attached. Reads and writes are processed normally.
4237 *
4238 * 3) Device 0 only. If device 0 is selected, normal behavior applies. But
4239 * if Device 1 is selected, writes are still directed to Device 0 (except
4240 * commands are not executed), reads from control/command registers are
4241 * directed to Device 0, but status/alt status reads return 0. If Device 1
4242 * is a PACKET device, all reads return 0. See ATAPI-6 clause 9.16.1 and
4243 * Table 18 in clause 7.1.
4244 *
4245 * 4) Device 1 only - non-standard(!). Device 1 can't tell if Device 0 is
4246 * present or not and behaves the same. That means if Device 0 is selected,
4247 * Device 1 responds to writes (except commands are not executed) but does
4248 * not respond to reads. If Device 1 selected, normal behavior applies.
4249 * See ATAPI-6 clause 9.16.2 and Table 15 in clause 7.1.
4250 */
4251
4252static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4253{
4254 Log2(("%s: LUN#%d write addr=%#x val=%#04x\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN, addr, val));
4255 addr &= 7;
4256 switch (addr)
4257 {
4258 case 0:
4259 break;
4260 case 1: /* feature register */
4261 /* NOTE: data is written to the two drives */
4262 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4263 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4264 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4265 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4266 pCtl->aIfs[0].uATARegFeature = val;
4267 pCtl->aIfs[1].uATARegFeature = val;
4268 break;
4269 case 2: /* sector count */
4270 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4271 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4272 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4273 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4274 pCtl->aIfs[0].uATARegNSector = val;
4275 pCtl->aIfs[1].uATARegNSector = val;
4276 break;
4277 case 3: /* sector number */
4278 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4279 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4280 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4281 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4282 pCtl->aIfs[0].uATARegSector = val;
4283 pCtl->aIfs[1].uATARegSector = val;
4284 break;
4285 case 4: /* cylinder low */
4286 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4287 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4288 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4289 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4290 pCtl->aIfs[0].uATARegLCyl = val;
4291 pCtl->aIfs[1].uATARegLCyl = val;
4292 break;
4293 case 5: /* cylinder high */
4294 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4295 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4296 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4297 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4298 pCtl->aIfs[0].uATARegHCyl = val;
4299 pCtl->aIfs[1].uATARegHCyl = val;
4300 break;
4301 case 6: /* drive/head */
4302 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4303 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4304 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4305 {
4306 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4307
4308 /* select another drive */
4309 pCtl->iSelectedIf = (val >> 4) & 1;
4310 /* The IRQ line is multiplexed between the two drives, so
4311 * update the state when switching to another drive. Only need
4312 * to update interrupt line if it is enabled and there is a
4313 * state change. */
4314 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4315 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4316 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4317 {
4318 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4319 {
4320 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4321 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4322 * the interrupt line is asserted. It monitors the line
4323 * for a rising edge. */
4324 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4325 if (pCtl->irq == 16)
4326 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4327 else
4328 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4329 }
4330 else
4331 {
4332 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4333 if (pCtl->irq == 16)
4334 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4335 else
4336 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4337 }
4338 }
4339 }
4340 break;
4341 default:
4342 case 7: /* command */
4343 /* ignore commands to non-existent device */
4344 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
4345 break;
4346#ifndef IN_RING3
4347 /* Don't do anything complicated in GC */
4348 return VINF_IOM_R3_IOPORT_WRITE;
4349#else /* IN_RING3 */
4350 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4351#endif /* !IN_RING3 */
4352 }
4353 return VINF_SUCCESS;
4354}
4355
4356
4357static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4358{
4359 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4360 uint32_t val;
4361 bool fHOB;
4362
4363 /* Check if the guest is reading from a non-existent device. */
4364 if (!s->pDrvBlock)
4365 {
4366 if (pCtl->iSelectedIf) /* Device 1 selected, Device 0 responding for it. */
4367 {
4368 if (!pCtl->aIfs[0].pDrvBlock) /* @todo: this case should never get here! */
4369 {
4370 Log2(("%s: addr=%#x: no device on channel\n", __FUNCTION__, addr));
4371 return VERR_IOM_IOPORT_UNUSED;
4372 }
4373 if (((addr & 7) != 1) && pCtl->aIfs[0].fATAPI) {
4374 Log2(("%s: addr=%#x, val=0: LUN#%d not attached/LUN#%d ATAPI\n", __FUNCTION__, addr,
4375 s->iLUN, pCtl->aIfs[0].iLUN));
4376 *pu32 = 0;
4377 return VINF_SUCCESS;
4378 }
4379 /* Else handle normally. */
4380 }
4381 else /* Device 0 selected (but not present). */
4382 {
4383 Log2(("%s: addr=%#x: LUN#%d not attached\n", __FUNCTION__, addr, s->iLUN));
4384 return VERR_IOM_IOPORT_UNUSED;
4385 }
4386 }
4387 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4388 switch (addr & 7)
4389 {
4390 case 0: /* data register */
4391 val = 0xff;
4392 break;
4393 case 1: /* error register */
4394 /* The ATA specification is very terse when it comes to specifying
4395 * the precise effects of reading back the error/feature register.
4396 * The error register (read-only) shares the register number with
4397 * the feature register (write-only), so it seems that it's not
4398 * necessary to support the usual HOB readback here. */
4399 if (!s->pDrvBlock)
4400 val = 0;
4401 else
4402 val = s->uATARegError;
4403 break;
4404 case 2: /* sector count */
4405 if (fHOB)
4406 val = s->uATARegNSectorHOB;
4407 else
4408 val = s->uATARegNSector;
4409 break;
4410 case 3: /* sector number */
4411 if (fHOB)
4412 val = s->uATARegSectorHOB;
4413 else
4414 val = s->uATARegSector;
4415 break;
4416 case 4: /* cylinder low */
4417 if (fHOB)
4418 val = s->uATARegLCylHOB;
4419 else
4420 val = s->uATARegLCyl;
4421 break;
4422 case 5: /* cylinder high */
4423 if (fHOB)
4424 val = s->uATARegHCylHOB;
4425 else
4426 val = s->uATARegHCyl;
4427 break;
4428 case 6: /* drive/head */
4429 /* This register must always work as long as there is at least
4430 * one drive attached to the controller. It is common between
4431 * both drives anyway (completely identical content). */
4432 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4433 val = 0;
4434 else
4435 val = s->uATARegSelect;
4436 break;
4437 default:
4438 case 7: /* primary status */
4439 {
4440 /* Counter for number of busy status seen in GC in a row. */
4441 static unsigned cBusy = 0;
4442
4443 if (!s->pDrvBlock)
4444 val = 0;
4445 else
4446 val = s->uATARegStatus;
4447
4448 /* Give the async I/O thread an opportunity to make progress,
4449 * don't let it starve by guests polling frequently. EMT has a
4450 * lower priority than the async I/O thread, but sometimes the
4451 * host OS doesn't care. With some guests we are only allowed to
4452 * be busy for about 5 milliseconds in some situations. Note that
4453 * this is no guarantee for any other VBox thread getting
4454 * scheduled, so this just lowers the CPU load a bit when drives
4455 * are busy. It cannot help with timing problems. */
4456 if (val & ATA_STAT_BUSY)
4457 {
4458#ifdef IN_RING3
4459 cBusy = 0;
4460 PDMCritSectLeave(&pCtl->lock);
4461
4462#ifndef RT_OS_WINDOWS
4463 /*
4464 * The thread might be stuck in an I/O operation
4465 * due to a high I/O load on the host. (see @bugref{3301})
4466 * To perform the reset successfully
4467 * we interrupt the operation by sending a signal to the thread
4468 * if the thread didn't responded in 10ms.
4469 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4470 * does the same but it was introduced with Vista) but so far
4471 * this hang was only observed on Linux and Mac OS X.
4472 *
4473 * This is a workaround and needs to be solved properly.
4474 */
4475 if (pCtl->fReset)
4476 {
4477 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4478
4479 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4480 {
4481 LogRel(("PIIX3 ATA LUN#%d: Async I/O thread probably stuck in operation, interrupting\n", s->iLUN));
4482 pCtl->u64ResetTime = u64ResetTimeStop;
4483 RTThreadPoke(pCtl->AsyncIOThread);
4484 }
4485 }
4486#endif
4487
4488 RTThreadYield();
4489
4490 {
4491 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4492 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4493 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4494 }
4495
4496 val = s->uATARegStatus;
4497#else /* !IN_RING3 */
4498 /* Cannot yield CPU in guest context. And switching to host
4499 * context for each and every busy status is too costly,
4500 * especially on SMP systems where we don't gain much by
4501 * yielding the CPU to someone else. */
4502 if (++cBusy >= 20)
4503 {
4504 cBusy = 0;
4505 return VINF_IOM_R3_IOPORT_READ;
4506 }
4507#endif /* !IN_RING3 */
4508 }
4509 else
4510 cBusy = 0;
4511 ataUnsetIRQ(s);
4512 break;
4513 }
4514 }
4515 Log2(("%s: LUN#%d addr=%#x val=%#04x\n", __FUNCTION__, s->iLUN, addr, val));
4516 *pu32 = val;
4517 return VINF_SUCCESS;
4518}
4519
4520
4521static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4522{
4523 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4524 uint32_t val;
4525
4526 //@todo: The handler should not be even registered if there
4527 // is no device on an IDE channel.
4528 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4529 val = 0xff;
4530 else if (pCtl->iSelectedIf == 1 && !s->pDrvBlock)
4531 val = 0; /* Device 1 selected, Device 0 responding for it. */
4532 else
4533 val = s->uATARegStatus;
4534 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4535 return val;
4536}
4537
4538static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4539{
4540#ifndef IN_RING3
4541 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4542 return VINF_IOM_R3_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4543#endif /* !IN_RING3 */
4544
4545 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4546 /* RESET is common for both drives attached to a controller. */
4547 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4548 (val & ATA_DEVCTL_RESET))
4549 {
4550#ifdef IN_RING3
4551 /* Software RESET low to high */
4552 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4553 uint64_t uNow = RTTimeNanoTS();
4554 if (pCtl->aIfs[0].u64CmdTS)
4555 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4556 if (pCtl->aIfs[1].u64CmdTS)
4557 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4558 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4559 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4560 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4561 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4562 pCtl->fReset = true;
4563 /* Everything must be done after the reset flag is set, otherwise
4564 * there are unavoidable races with the currently executing request
4565 * (which might just finish in the mean time). */
4566 pCtl->fChainedTransfer = false;
4567 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4568 {
4569 ataResetDevice(&pCtl->aIfs[i]);
4570 /* The following cannot be done using ataSetStatusValue() since the
4571 * reset flag is already set, which suppresses all status changes. */
4572 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4573 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4574 pCtl->aIfs[i].uATARegError = 0x01;
4575 }
4576 ataAsyncIOClearRequests(pCtl);
4577 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4578 if (val & ATA_DEVCTL_HOB)
4579 {
4580 val &= ~ATA_DEVCTL_HOB;
4581 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4582 }
4583
4584 /* Save the timestamp we started the reset. */
4585 pCtl->u64ResetTime = RTTimeMilliTS();
4586
4587 /* Issue the reset request now. */
4588 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4589#else /* !IN_RING3 */
4590 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4591#endif /* IN_RING3 */
4592 }
4593 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4594 !(val & ATA_DEVCTL_RESET))
4595 {
4596#ifdef IN_RING3
4597 /* Software RESET high to low */
4598 Log(("%s: deasserting RESET\n", __FUNCTION__));
4599 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4600 if (val & ATA_DEVCTL_HOB)
4601 {
4602 val &= ~ATA_DEVCTL_HOB;
4603 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4604 }
4605 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4606#else /* !IN_RING3 */
4607 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4608#endif /* IN_RING3 */
4609 }
4610
4611 /* Change of interrupt disable flag. Update interrupt line if interrupt
4612 * is pending on the current interface. */
4613 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4614 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4615 {
4616 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4617 {
4618 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4619 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4620 * interrupt line is asserted. It monitors the line for a rising
4621 * edge. */
4622 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4623 if (pCtl->irq == 16)
4624 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4625 else
4626 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4627 }
4628 else
4629 {
4630 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4631 if (pCtl->irq == 16)
4632 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4633 else
4634 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4635 }
4636 }
4637
4638 if (val & ATA_DEVCTL_HOB)
4639 Log2(("%s: set HOB\n", __FUNCTION__));
4640
4641 pCtl->aIfs[0].uATARegDevCtl = val;
4642 pCtl->aIfs[1].uATARegDevCtl = val;
4643
4644 return VINF_SUCCESS;
4645}
4646
4647#ifdef IN_RING3
4648
4649static void ataPIOTransfer(PATACONTROLLER pCtl)
4650{
4651 ATADevState *s;
4652
4653 s = &pCtl->aIfs[pCtl->iAIOIf];
4654 Log3(("%s: if=%p\n", __FUNCTION__, s));
4655
4656 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4657 {
4658 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4659 /* Any guest OS that triggers this case has a pathetic ATA driver.
4660 * In a real system it would block the CPU via IORDY, here we do it
4661 * very similarly by not continuing with the current instruction
4662 * until the transfer to/from the storage medium is completed. */
4663 if (s->iSourceSink != ATAFN_SS_NULL)
4664 {
4665 bool fRedo;
4666 uint8_t status = s->uATARegStatus;
4667 ataSetStatusValue(s, ATA_STAT_BUSY);
4668 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4669 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4670 pCtl->fRedo = fRedo;
4671 if (RT_UNLIKELY(fRedo))
4672 return;
4673 ataSetStatusValue(s, status);
4674 s->iIOBufferCur = 0;
4675 s->iIOBufferEnd = s->cbElementaryTransfer;
4676 }
4677 }
4678 if (s->cbTotalTransfer)
4679 {
4680 if (s->fATAPITransfer)
4681 ataPIOTransferLimitATAPI(s);
4682
4683 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4684 s->cbElementaryTransfer = s->cbTotalTransfer;
4685
4686 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4687 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4688 s->cbTotalTransfer, s->cbElementaryTransfer,
4689 s->iIOBufferCur, s->iIOBufferEnd));
4690 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4691 s->cbTotalTransfer -= s->cbElementaryTransfer;
4692 s->iIOBufferCur += s->cbElementaryTransfer;
4693
4694 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4695 s->cbElementaryTransfer = s->cbTotalTransfer;
4696 }
4697 else
4698 ataPIOTransferStop(s);
4699}
4700
4701
4702DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4703{
4704 /* Do not interfere with RESET processing if the PIO transfer finishes
4705 * while the RESET line is asserted. */
4706 if (pCtl->fReset)
4707 {
4708 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4709 return;
4710 }
4711
4712 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4713 || ( s->iSourceSink != ATAFN_SS_NULL
4714 && s->iIOBufferCur >= s->iIOBufferEnd))
4715 {
4716 /* Need to continue the transfer in the async I/O thread. This is
4717 * the case for write operations or generally for not yet finished
4718 * transfers (some data might need to be read). */
4719 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4720 ataSetStatus(s, ATA_STAT_BUSY);
4721
4722 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4723 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4724 }
4725 else
4726 {
4727 /* Either everything finished (though some data might still be pending)
4728 * or some data is pending before the next read is due. */
4729
4730 /* Continue a previously started transfer. */
4731 ataUnsetStatus(s, ATA_STAT_DRQ);
4732 ataSetStatus(s, ATA_STAT_READY);
4733
4734 if (s->cbTotalTransfer)
4735 {
4736 /* There is more to transfer, happens usually for large ATAPI
4737 * reads - the protocol limits the chunk size to 65534 bytes. */
4738 ataPIOTransfer(pCtl);
4739 ataSetIRQ(s);
4740 }
4741 else
4742 {
4743 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4744 /* Finish PIO transfer. */
4745 ataPIOTransfer(pCtl);
4746 Assert(!pCtl->fRedo);
4747 }
4748 }
4749}
4750
4751#endif /* IN_RING3 */
4752
4753static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4754{
4755 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4756 uint8_t *p;
4757
4758 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4759 {
4760 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4761 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4762#ifndef IN_RING3
4763 /* All but the last transfer unit is simple enough for GC, but
4764 * sending a request to the async IO thread is too complicated. */
4765 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4766 {
4767 memcpy(p, pbBuf, cbSize);
4768 s->iIOBufferPIODataStart += cbSize;
4769 }
4770 else
4771 return VINF_IOM_R3_IOPORT_WRITE;
4772#else /* IN_RING3 */
4773 memcpy(p, pbBuf, cbSize);
4774 s->iIOBufferPIODataStart += cbSize;
4775 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4776 ataPIOTransferFinish(pCtl, s);
4777#endif /* !IN_RING3 */
4778 }
4779 else
4780 Log2(("%s: DUMMY data\n", __FUNCTION__));
4781 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4782 return VINF_SUCCESS;
4783}
4784
4785static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4786{
4787 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4788 uint8_t *p;
4789
4790 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4791 {
4792 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4793 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4794#ifndef IN_RING3
4795 /* All but the last transfer unit is simple enough for GC, but
4796 * sending a request to the async IO thread is too complicated. */
4797 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4798 {
4799 memcpy(pbBuf, p, cbSize);
4800 s->iIOBufferPIODataStart += cbSize;
4801 }
4802 else
4803 return VINF_IOM_R3_IOPORT_READ;
4804#else /* IN_RING3 */
4805 memcpy(pbBuf, p, cbSize);
4806 s->iIOBufferPIODataStart += cbSize;
4807 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4808 ataPIOTransferFinish(pCtl, s);
4809#endif /* !IN_RING3 */
4810 }
4811 else
4812 {
4813 Log2(("%s: DUMMY data\n", __FUNCTION__));
4814 memset(pbBuf, '\xff', cbSize);
4815 }
4816 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4817 return VINF_SUCCESS;
4818}
4819
4820#ifdef IN_RING3
4821
4822static void ataDMATransferStop(ATADevState *s)
4823{
4824 s->cbTotalTransfer = 0;
4825 s->cbElementaryTransfer = 0;
4826 s->iBeginTransfer = ATAFN_BT_NULL;
4827 s->iSourceSink = ATAFN_SS_NULL;
4828}
4829
4830
4831/**
4832 * Perform the entire DMA transfer in one go (unless a source/sink operation
4833 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4834 * this function cannot handle empty transfers.
4835 *
4836 * @param pCtl Controller for which to perform the transfer.
4837 */
4838static void ataDMATransfer(PATACONTROLLER pCtl)
4839{
4840 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4841 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4842 bool fRedo;
4843 RTGCPHYS32 pDesc;
4844 uint32_t cbTotalTransfer, cbElementaryTransfer;
4845 uint32_t iIOBufferCur, iIOBufferEnd;
4846 uint32_t dmalen;
4847 PDMBLOCKTXDIR uTxDir;
4848 bool fLastDesc = false;
4849
4850 Assert(sizeof(BMDMADesc) == 8);
4851
4852 fRedo = pCtl->fRedo;
4853 if (RT_LIKELY(!fRedo))
4854 Assert(s->cbTotalTransfer);
4855 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4856 cbTotalTransfer = s->cbTotalTransfer;
4857 cbElementaryTransfer = s->cbElementaryTransfer;
4858 iIOBufferCur = s->iIOBufferCur;
4859 iIOBufferEnd = s->iIOBufferEnd;
4860
4861 /* The DMA loop is designed to hold the lock only when absolutely
4862 * necessary. This avoids long freezes should the guest access the
4863 * ATA registers etc. for some reason. */
4864 PDMCritSectLeave(&pCtl->lock);
4865
4866 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4867 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4868 cbTotalTransfer, cbElementaryTransfer,
4869 iIOBufferCur, iIOBufferEnd));
4870 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4871 {
4872 BMDMADesc DMADesc;
4873 RTGCPHYS32 pBuffer;
4874 uint32_t cbBuffer;
4875
4876 if (RT_UNLIKELY(fRedo))
4877 {
4878 pBuffer = pCtl->pRedoDMABuffer;
4879 cbBuffer = pCtl->cbRedoDMABuffer;
4880 fLastDesc = pCtl->fRedoDMALastDesc;
4881 }
4882 else
4883 {
4884 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4885 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4886 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4887 fLastDesc = !!(cbBuffer & 0x80000000);
4888 cbBuffer &= 0xfffe;
4889 if (cbBuffer == 0)
4890 cbBuffer = 0x10000;
4891 if (cbBuffer > cbTotalTransfer)
4892 cbBuffer = cbTotalTransfer;
4893 }
4894
4895 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4896 {
4897 if (RT_LIKELY(!fRedo))
4898 {
4899 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4900 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x orig_size=%#010x\n", __FUNCTION__,
4901 (int)pDesc, pBuffer, cbBuffer, RT_LE2H_U32(DMADesc.cbBuffer) & 0xfffe));
4902
4903 PCIATAState *pATAState = PDMINS_2_DATA(pDevIns, PCIATAState *);
4904 AssertPtr(pATAState);
4905 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4906 PDMDevHlpPCIPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4907 else
4908 PDMDevHlpPCIPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4909
4910 iIOBufferCur += dmalen;
4911 cbTotalTransfer -= dmalen;
4912 cbBuffer -= dmalen;
4913 pBuffer += dmalen;
4914 }
4915 if ( iIOBufferCur == iIOBufferEnd
4916 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4917 {
4918 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4919 cbElementaryTransfer = cbTotalTransfer;
4920
4921 {
4922 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4923 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4924 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4925 }
4926
4927 /* The RESET handler could have cleared the DMA transfer
4928 * state (since we didn't hold the lock until just now
4929 * the guest can continue in parallel). If so, the state
4930 * is already set up so the loop is exited immediately. */
4931 if (s->iSourceSink != ATAFN_SS_NULL)
4932 {
4933 s->iIOBufferCur = iIOBufferCur;
4934 s->iIOBufferEnd = iIOBufferEnd;
4935 s->cbElementaryTransfer = cbElementaryTransfer;
4936 s->cbTotalTransfer = cbTotalTransfer;
4937 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4938 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4939 if (RT_UNLIKELY(fRedo))
4940 {
4941 pCtl->pFirstDMADesc = pDesc;
4942 pCtl->pRedoDMABuffer = pBuffer;
4943 pCtl->cbRedoDMABuffer = cbBuffer;
4944 pCtl->fRedoDMALastDesc = fLastDesc;
4945 }
4946 else
4947 {
4948 cbTotalTransfer = s->cbTotalTransfer;
4949 cbElementaryTransfer = s->cbElementaryTransfer;
4950
4951 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4952 cbElementaryTransfer = cbTotalTransfer;
4953 iIOBufferCur = 0;
4954 iIOBufferEnd = cbElementaryTransfer;
4955 }
4956 pCtl->fRedo = fRedo;
4957 }
4958 else
4959 {
4960 /* This forces the loop to exit immediately. */
4961 pDesc = pCtl->pLastDMADesc + 1;
4962 }
4963
4964 PDMCritSectLeave(&pCtl->lock);
4965 if (RT_UNLIKELY(fRedo))
4966 break;
4967 }
4968 }
4969
4970 if (RT_UNLIKELY(fRedo))
4971 break;
4972
4973 /* end of transfer */
4974 if (!cbTotalTransfer || fLastDesc)
4975 break;
4976
4977 {
4978 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4979 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4980 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4981 }
4982
4983 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4984 {
4985 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4986 if (!pCtl->fReset)
4987 ataDMATransferStop(s);
4988 /* This forces the loop to exit immediately. */
4989 pDesc = pCtl->pLastDMADesc + 1;
4990 }
4991
4992 PDMCritSectLeave(&pCtl->lock);
4993 }
4994
4995 {
4996 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4997 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4998 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4999 }
5000
5001 if (RT_UNLIKELY(fRedo))
5002 return;
5003
5004 if (fLastDesc)
5005 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5006 s->cbTotalTransfer = cbTotalTransfer;
5007 s->cbElementaryTransfer = cbElementaryTransfer;
5008 s->iIOBufferCur = iIOBufferCur;
5009 s->iIOBufferEnd = iIOBufferEnd;
5010}
5011
5012/**
5013 * Signal PDM that we're idle (if we actually are).
5014 *
5015 * @param pCtl The controller.
5016 */
5017static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
5018{
5019 /*
5020 * Take the mutex here and recheck the idle indicator to avoid
5021 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
5022 */
5023 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
5024
5025 if ( pCtl->fSignalIdle
5026 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
5027 {
5028 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5029 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
5030 }
5031
5032 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
5033}
5034
5035/** Async I/O thread for an interface. Once upon a time this was readable
5036 * code with several loops and a different semaphore for each purpose. But
5037 * then came the "how can one save the state in the middle of a PIO transfer"
5038 * question. The solution was to use an ASM, which is what's there now. */
5039static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
5040{
5041 const ATARequest *pReq;
5042 uint64_t u64TS = 0; /* shut up gcc */
5043 uint64_t uWait;
5044 int rc = VINF_SUCCESS;
5045 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
5046 ATADevState *s;
5047
5048 pReq = NULL;
5049 pCtl->fChainedTransfer = false;
5050 while (!pCtl->fShutdown)
5051 {
5052 /* Keep this thread from doing anything as long as EMT is suspended. */
5053 while (pCtl->fRedoIdle)
5054 {
5055 if (pCtl->fSignalIdle)
5056 ataR3AsyncSignalIdle(pCtl);
5057 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
5058 /* Continue if we got a signal by RTThreadPoke().
5059 * We will get notified if there is a request to process.
5060 */
5061 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5062 continue;
5063 if (RT_FAILURE(rc) || pCtl->fShutdown)
5064 break;
5065
5066 pCtl->fRedoIdle = false;
5067 }
5068
5069 /* Wait for work. */
5070 while (pReq == NULL)
5071 {
5072 if (pCtl->fSignalIdle)
5073 ataR3AsyncSignalIdle(pCtl);
5074 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
5075 /* Continue if we got a signal by RTThreadPoke().
5076 * We will get notified if there is a request to process.
5077 */
5078 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
5079 continue;
5080 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
5081 break;
5082
5083 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5084 }
5085
5086 if (RT_FAILURE(rc) || pCtl->fShutdown)
5087 break;
5088
5089 if (pReq == NULL)
5090 continue;
5091
5092 ATAAIO ReqType = pReq->ReqType;
5093
5094 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
5095 if (pCtl->uAsyncIOState != ReqType)
5096 {
5097 /* The new state is not the state that was expected by the normal
5098 * state changes. This is either a RESET/ABORT or there's something
5099 * really strange going on. */
5100 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
5101 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
5102 {
5103 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
5104 ataAsyncIODumpRequests(pCtl);
5105 }
5106 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
5107 }
5108
5109 /* Do our work. */
5110 {
5111 STAM_PROFILE_START(&pCtl->StatLockWait, a);
5112 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5113 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
5114 }
5115
5116 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5117 {
5118 u64TS = RTTimeNanoTS();
5119#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5120 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
5121#endif /* DEBUG || VBOX_WITH_STATISTICS */
5122 }
5123
5124 switch (ReqType)
5125 {
5126 case ATA_AIO_NEW:
5127
5128 pCtl->iAIOIf = pReq->u.t.iIf;
5129 s = &pCtl->aIfs[pCtl->iAIOIf];
5130 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
5131 s->uTxDir = pReq->u.t.uTxDir;
5132 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
5133 s->iSourceSink = pReq->u.t.iSourceSink;
5134 s->iIOBufferEnd = 0;
5135 s->u64CmdTS = u64TS;
5136
5137 if (s->fATAPI)
5138 {
5139 if (pCtl->fChainedTransfer)
5140 {
5141 /* Only count the actual transfers, not the PIO
5142 * transfer of the ATAPI command bytes. */
5143 if (s->fDMA)
5144 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
5145 else
5146 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
5147 }
5148 }
5149 else
5150 {
5151 if (s->fDMA)
5152 STAM_REL_COUNTER_INC(&s->StatATADMA);
5153 else
5154 STAM_REL_COUNTER_INC(&s->StatATAPIO);
5155 }
5156
5157 pCtl->fChainedTransfer = false;
5158
5159 if (s->iBeginTransfer != ATAFN_BT_NULL)
5160 {
5161 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5162 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
5163 s->iBeginTransfer = ATAFN_BT_NULL;
5164 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5165 s->iIOBufferEnd = s->cbElementaryTransfer;
5166 }
5167 else
5168 {
5169 s->cbElementaryTransfer = s->cbTotalTransfer;
5170 s->iIOBufferEnd = s->cbTotalTransfer;
5171 }
5172 s->iIOBufferCur = 0;
5173
5174 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5175 {
5176 if (s->iSourceSink != ATAFN_SS_NULL)
5177 {
5178 bool fRedo;
5179 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5180 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5181 pCtl->fRedo = fRedo;
5182 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5183 {
5184 /* Operation failed at the initial transfer, restart
5185 * everything from scratch by resending the current
5186 * request. Occurs very rarely, not worth optimizing. */
5187 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5188 ataAsyncIOPutRequest(pCtl, pReq);
5189 break;
5190 }
5191 }
5192 else
5193 ataCmdOK(s, 0);
5194 s->iIOBufferEnd = s->cbElementaryTransfer;
5195
5196 }
5197
5198 /* Do not go into the transfer phase if RESET is asserted.
5199 * The CritSect is released while waiting for the host OS
5200 * to finish the I/O, thus RESET is possible here. Most
5201 * important: do not change uAsyncIOState. */
5202 if (pCtl->fReset)
5203 break;
5204
5205 if (s->fDMA)
5206 {
5207 if (s->cbTotalTransfer)
5208 {
5209 ataSetStatus(s, ATA_STAT_DRQ);
5210
5211 pCtl->uAsyncIOState = ATA_AIO_DMA;
5212 /* If BMDMA is already started, do the transfer now. */
5213 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
5214 {
5215 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5216 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5217 }
5218 }
5219 else
5220 {
5221 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5222 /* Finish DMA transfer. */
5223 ataDMATransferStop(s);
5224 ataSetIRQ(s);
5225 pCtl->uAsyncIOState = ATA_AIO_NEW;
5226 }
5227 }
5228 else
5229 {
5230 if (s->cbTotalTransfer)
5231 {
5232 ataPIOTransfer(pCtl);
5233 Assert(!pCtl->fRedo);
5234 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
5235 ataSetIRQ(s);
5236
5237 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5238 {
5239 /* Write operations and not yet finished transfers
5240 * must be completed in the async I/O thread. */
5241 pCtl->uAsyncIOState = ATA_AIO_PIO;
5242 }
5243 else
5244 {
5245 /* Finished read operation can be handled inline
5246 * in the end of PIO transfer handling code. Linux
5247 * depends on this, as it waits only briefly for
5248 * devices to become ready after incoming data
5249 * transfer. Cannot find anything in the ATA spec
5250 * that backs this assumption, but as all kernels
5251 * are affected (though most of the time it does
5252 * not cause any harm) this must work. */
5253 pCtl->uAsyncIOState = ATA_AIO_NEW;
5254 }
5255 }
5256 else
5257 {
5258 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
5259 /* Finish PIO transfer. */
5260 ataPIOTransfer(pCtl);
5261 Assert(!pCtl->fRedo);
5262 if (!s->fATAPITransfer)
5263 ataSetIRQ(s);
5264 pCtl->uAsyncIOState = ATA_AIO_NEW;
5265 }
5266 }
5267 break;
5268
5269 case ATA_AIO_DMA:
5270 {
5271 BMDMAState *bm = &pCtl->BmDma;
5272 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5273 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
5274
5275 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
5276 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
5277 else
5278 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5279
5280 if (RT_LIKELY(!pCtl->fRedo))
5281 {
5282 /* The specs say that the descriptor table must not cross a
5283 * 4K boundary. */
5284 pCtl->pFirstDMADesc = bm->pvAddr;
5285 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
5286 }
5287 ataDMATransfer(pCtl);
5288
5289 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5290 {
5291 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5292 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5293 break;
5294 }
5295
5296 /* The infamous delay IRQ hack. */
5297 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5298 && s->cbTotalTransfer == 0
5299 && pCtl->DelayIRQMillies)
5300 {
5301 /* Delay IRQ for writing. Required to get the Win2K
5302 * installation work reliably (otherwise it crashes,
5303 * usually during component install). So far no better
5304 * solution has been found. */
5305 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5306 PDMCritSectLeave(&pCtl->lock);
5307 RTThreadSleep(pCtl->DelayIRQMillies);
5308 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5309 }
5310
5311 ataUnsetStatus(s, ATA_STAT_DRQ);
5312 Assert(!pCtl->fChainedTransfer);
5313 Assert(s->iSourceSink == ATAFN_SS_NULL);
5314 if (s->fATAPITransfer)
5315 {
5316 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5317 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5318 s->fATAPITransfer = false;
5319 }
5320 ataSetIRQ(s);
5321 pCtl->uAsyncIOState = ATA_AIO_NEW;
5322 break;
5323 }
5324
5325 case ATA_AIO_PIO:
5326 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5327
5328 if (s->iSourceSink != ATAFN_SS_NULL)
5329 {
5330 bool fRedo;
5331 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5332 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5333 pCtl->fRedo = fRedo;
5334 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5335 {
5336 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5337 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5338 break;
5339 }
5340 s->iIOBufferCur = 0;
5341 s->iIOBufferEnd = s->cbElementaryTransfer;
5342 }
5343 else
5344 {
5345 /* Continue a previously started transfer. */
5346 ataUnsetStatus(s, ATA_STAT_BUSY);
5347 ataSetStatus(s, ATA_STAT_READY);
5348 }
5349
5350 /* It is possible that the drives on this controller get RESET
5351 * during the above call to the source/sink function. If that's
5352 * the case, don't restart the transfer and don't finish it the
5353 * usual way. RESET handling took care of all that already.
5354 * Most important: do not change uAsyncIOState. */
5355 if (pCtl->fReset)
5356 break;
5357
5358 if (s->cbTotalTransfer)
5359 {
5360 ataPIOTransfer(pCtl);
5361 ataSetIRQ(s);
5362
5363 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5364 {
5365 /* Write operations and not yet finished transfers
5366 * must be completed in the async I/O thread. */
5367 pCtl->uAsyncIOState = ATA_AIO_PIO;
5368 }
5369 else
5370 {
5371 /* Finished read operation can be handled inline
5372 * in the end of PIO transfer handling code. Linux
5373 * depends on this, as it waits only briefly for
5374 * devices to become ready after incoming data
5375 * transfer. Cannot find anything in the ATA spec
5376 * that backs this assumption, but as all kernels
5377 * are affected (though most of the time it does
5378 * not cause any harm) this must work. */
5379 pCtl->uAsyncIOState = ATA_AIO_NEW;
5380 }
5381 }
5382 else
5383 {
5384 /* Finish PIO transfer. */
5385 ataPIOTransfer(pCtl);
5386 if ( !pCtl->fChainedTransfer
5387 && !s->fATAPITransfer
5388 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5389 {
5390 ataSetIRQ(s);
5391 }
5392 pCtl->uAsyncIOState = ATA_AIO_NEW;
5393 }
5394 break;
5395
5396 case ATA_AIO_RESET_ASSERTED:
5397 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5398 ataPIOTransferStop(&pCtl->aIfs[0]);
5399 ataPIOTransferStop(&pCtl->aIfs[1]);
5400 /* Do not change the DMA registers, they are not affected by the
5401 * ATA controller reset logic. It should be sufficient to issue a
5402 * new command, which is now possible as the state is cleared. */
5403 break;
5404
5405 case ATA_AIO_RESET_CLEARED:
5406 pCtl->uAsyncIOState = ATA_AIO_NEW;
5407 pCtl->fReset = false;
5408 /* Ensure that half-completed transfers are not redone. A reset
5409 * cancels the entire transfer, so continuing is wrong. */
5410 pCtl->fRedo = false;
5411 pCtl->fRedoDMALastDesc = false;
5412 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5413 ATACONTROLLER_IDX(pCtl)));
5414 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5415 {
5416 if (pCtl->aIfs[i].fATAPI)
5417 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5418 else
5419 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5420 ataSetSignature(&pCtl->aIfs[i]);
5421 }
5422 break;
5423
5424 case ATA_AIO_ABORT:
5425 /* Abort the current command no matter what. There cannot be
5426 * any command activity on the other drive otherwise using
5427 * one thread per controller wouldn't work at all. */
5428 s = &pCtl->aIfs[pReq->u.a.iIf];
5429
5430 pCtl->uAsyncIOState = ATA_AIO_NEW;
5431 /* Do not change the DMA registers, they are not affected by the
5432 * ATA controller reset logic. It should be sufficient to issue a
5433 * new command, which is now possible as the state is cleared. */
5434 if (pReq->u.a.fResetDrive)
5435 {
5436 ataResetDevice(s);
5437 ataExecuteDeviceDiagnosticSS(s);
5438 }
5439 else
5440 {
5441 /* Stop any pending DMA transfer. */
5442 s->fDMA = false;
5443 ataPIOTransferStop(s);
5444 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5445 ataSetStatus(s, ATA_STAT_READY);
5446 ataSetIRQ(s);
5447 }
5448 break;
5449
5450 default:
5451 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5452 }
5453
5454 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5455 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5456
5457 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5458 {
5459#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5460 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5461#endif /* DEBUG || VBOX_WITH_STATISTICS */
5462
5463 u64TS = RTTimeNanoTS() - u64TS;
5464 uWait = u64TS / 1000;
5465 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5466 /* Mark command as finished. */
5467 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5468
5469 /*
5470 * Release logging of command execution times depends on the
5471 * command type. ATAPI commands often take longer (due to CD/DVD
5472 * spin up time etc.) so the threshold is different.
5473 */
5474 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5475 {
5476 if (uWait > 8 * 1000 * 1000)
5477 {
5478 /*
5479 * Command took longer than 8 seconds. This is close
5480 * enough or over the guest's command timeout, so place
5481 * an entry in the release log to allow tracking such
5482 * timing errors (which are often caused by the host).
5483 */
5484 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5485 }
5486 }
5487 else
5488 {
5489 if (uWait > 20 * 1000 * 1000)
5490 {
5491 /*
5492 * Command took longer than 20 seconds. This is close
5493 * enough or over the guest's command timeout, so place
5494 * an entry in the release log to allow tracking such
5495 * timing errors (which are often caused by the host).
5496 */
5497 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5498 }
5499 }
5500
5501#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5502 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5503 pCtl->StatAsyncMinWait = uWait;
5504 if (uWait > pCtl->StatAsyncMaxWait)
5505 pCtl->StatAsyncMaxWait = uWait;
5506
5507 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5508 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5509#endif /* DEBUG || VBOX_WITH_STATISTICS */
5510 }
5511
5512 PDMCritSectLeave(&pCtl->lock);
5513 }
5514
5515 /* Signal the ultimate idleness. */
5516 RTThreadUserSignal(pCtl->AsyncIOThread);
5517 if (pCtl->fSignalIdle)
5518 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5519
5520 /* Cleanup the state. */
5521 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5522 pCtl->fShutdown = false;
5523
5524 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5525 return rc;
5526}
5527
5528#endif /* IN_RING3 */
5529
5530static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5531{
5532 uint32_t val = pCtl->BmDma.u8Cmd;
5533 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5534 return val;
5535}
5536
5537
5538static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5539{
5540 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5541 if (!(val & BM_CMD_START))
5542 {
5543 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5544 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5545 }
5546 else
5547 {
5548#ifdef IN_RING3
5549 /* Check whether the guest OS wants to change DMA direction in
5550 * mid-flight. Not allowed, according to the PIIX3 specs. */
5551 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5552 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5553 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5554 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5555
5556 /* Do not continue DMA transfers while the RESET line is asserted. */
5557 if (pCtl->fReset)
5558 {
5559 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5560 return;
5561 }
5562
5563 /* Do not start DMA transfers if there's a PIO transfer going on,
5564 * or if there is already a transfer started on this controller. */
5565 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5566 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5567 return;
5568
5569 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5570 {
5571 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5572 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5573 }
5574#else /* !IN_RING3 */
5575 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5576#endif /* IN_RING3 */
5577 }
5578}
5579
5580static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5581{
5582 uint32_t val = pCtl->BmDma.u8Status;
5583 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5584 return val;
5585}
5586
5587static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5588{
5589 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5590 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5591 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5592 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5593}
5594
5595static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5596{
5597 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5598 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5599 return val;
5600}
5601
5602static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5603{
5604 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5605 pCtl->BmDma.pvAddr = val & ~3;
5606}
5607
5608static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5609{
5610 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5611 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5612
5613}
5614
5615static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5616{
5617 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5618 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5619}
5620
5621#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5622
5623/**
5624 * Port I/O Handler for bus master DMA IN operations.
5625 * @see FNIOMIOPORTIN for details.
5626 */
5627PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5628{
5629 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5630 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5631 PATACONTROLLER pCtl = &pThis->aCts[i];
5632
5633 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5634 if (rc != VINF_SUCCESS)
5635 return rc;
5636 switch (VAL(Port, cb))
5637 {
5638 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5639 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5640 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5641 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5642 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5643 case VAL(0, 4):
5644 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5645 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5646 break;
5647 default:
5648 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5649 PDMCritSectLeave(&pCtl->lock);
5650 return VERR_IOM_IOPORT_UNUSED;
5651 }
5652 PDMCritSectLeave(&pCtl->lock);
5653 return rc;
5654}
5655
5656/**
5657 * Port I/O Handler for bus master DMA OUT operations.
5658 * @see FNIOMIOPORTOUT for details.
5659 */
5660PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5661{
5662 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5663 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5664 PATACONTROLLER pCtl = &pThis->aCts[i];
5665
5666 int rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5667 if (rc != VINF_SUCCESS)
5668 return rc;
5669 switch (VAL(Port, cb))
5670 {
5671 case VAL(0, 1):
5672#ifndef IN_RING3
5673 if (u32 & BM_CMD_START)
5674 {
5675 rc = VINF_IOM_R3_IOPORT_WRITE;
5676 break;
5677 }
5678#endif /* !IN_RING3 */
5679 ataBMDMACmdWriteB(pCtl, Port, u32);
5680 break;
5681 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5682 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5683 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5684 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5685 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5686 }
5687 PDMCritSectLeave(&pCtl->lock);
5688 return rc;
5689}
5690
5691#undef VAL
5692
5693#ifdef IN_RING3
5694
5695/**
5696 * Callback function for mapping an PCI I/O region.
5697 *
5698 * @return VBox status code.
5699 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5700 * @param iRegion The region number.
5701 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5702 * I/O port, else it's a physical address.
5703 * This address is *NOT* relative to pci_mem_base like earlier!
5704 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5705 */
5706static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5707{
5708 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5709 int rc = VINF_SUCCESS;
5710 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5711 Assert(iRegion == 4);
5712 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5713
5714 /* Register the port range. */
5715 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5716 {
5717 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5718 (RTHCPTR)(uintptr_t)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5719 AssertRC(rc2);
5720 if (rc2 < rc)
5721 rc = rc2;
5722
5723 if (pThis->fGCEnabled)
5724 {
5725 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5726 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5727 AssertRC(rc2);
5728 if (rc2 < rc)
5729 rc = rc2;
5730 }
5731 if (pThis->fR0Enabled)
5732 {
5733 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5734 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5735 AssertRC(rc2);
5736 if (rc2 < rc)
5737 rc = rc2;
5738 }
5739 }
5740 return rc;
5741}
5742
5743
5744/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5745
5746/**
5747 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5748 */
5749static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5750{
5751 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5752 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5753 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5754 return NULL;
5755}
5756
5757
5758/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5759
5760/**
5761 * Gets the pointer to the status LED of a unit.
5762 *
5763 * @returns VBox status code.
5764 * @param pInterface Pointer to the interface structure containing the called function pointer.
5765 * @param iLUN The unit which status LED we desire.
5766 * @param ppLed Where to store the LED pointer.
5767 */
5768static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5769{
5770 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5771 if (iLUN < 4)
5772 {
5773 switch (iLUN)
5774 {
5775 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5776 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5777 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5778 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5779 }
5780 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5781 return VINF_SUCCESS;
5782 }
5783 return VERR_PDM_LUN_NOT_FOUND;
5784}
5785
5786
5787/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5788
5789/**
5790 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5791 */
5792static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5793{
5794 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5795 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5796 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5797 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5798 return NULL;
5799}
5800
5801
5802/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5803
5804/**
5805 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5806 */
5807static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5808 uint32_t *piInstance, uint32_t *piLUN)
5809{
5810 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5811 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5812
5813 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5814 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5815 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5816
5817 *ppcszController = pDevIns->pReg->szName;
5818 *piInstance = pDevIns->iInstance;
5819 *piLUN = pIf->iLUN;
5820
5821 return VINF_SUCCESS;
5822}
5823#endif /* IN_RING3 */
5824
5825
5826/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5827
5828/**
5829 * Port I/O Handler for primary port range OUT operations.
5830 * @see FNIOMIOPORTOUT for details.
5831 */
5832PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5833{
5834 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5835 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5836 PATACONTROLLER pCtl = &pThis->aCts[i];
5837 int rc = VINF_SUCCESS;
5838
5839 Assert(i < 2);
5840
5841 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5842 if (rc != VINF_SUCCESS)
5843 return rc;
5844 if (Port == pCtl->IOPortBase1)
5845 {
5846 /* Writes to the data port may be 16-bit or 32-bit. */
5847 Assert(cb == 2 || cb == 4);
5848 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5849 }
5850 else
5851 {
5852 /* Writes to the other command block ports should be 8-bit only. If they
5853 * are not, the high bits are simply discarded. Undocumented, but observed
5854 * on a real PIIX4 system.
5855 */
5856 if (cb > 1)
5857 Log(("ataIOPortWrite1: suspect write to port %x val=%x size=%d\n", Port, u32, cb));
5858
5859 rc = ataIOPortWriteU8(pCtl, Port, u32);
5860 }
5861 PDMCritSectLeave(&pCtl->lock);
5862 return rc;
5863}
5864
5865
5866/**
5867 * Port I/O Handler for primary port range IN operations.
5868 * @see FNIOMIOPORTIN for details.
5869 */
5870PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5871{
5872 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5873 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5874 PATACONTROLLER pCtl = &pThis->aCts[i];
5875 int rc = VINF_SUCCESS;
5876
5877 Assert(i < 2);
5878
5879 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5880 if (rc != VINF_SUCCESS)
5881 return rc;
5882 if (Port == pCtl->IOPortBase1)
5883 {
5884 /* Reads from the data register may be 16-bit or 32-bit. */
5885 Assert(cb == 2 || cb == 4);
5886 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5887 if (cb == 2)
5888 *pu32 &= 0xffff;
5889 }
5890 else
5891 {
5892 /* Reads from the other command block registers should be 8-bit only.
5893 * If they are not, the low byte is propagated to the high bits.
5894 * Undocumented, but observed on a real PIIX4 system.
5895 */
5896 rc = ataIOPortReadU8(pCtl, Port, pu32);
5897 if (cb > 1)
5898 {
5899 uint32_t pad;
5900
5901 /* Replicate the 8-bit result into the upper three bytes. */
5902 pad = *pu32 & 0xff;
5903 pad = pad | (pad << 8);
5904 pad = pad | (pad << 16);
5905 *pu32 = pad;
5906 Log(("ataIOPortRead1: suspect read from port %x size=%d\n", Port, cb));
5907 }
5908 }
5909 PDMCritSectLeave(&pCtl->lock);
5910 return rc;
5911}
5912
5913#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5914/**
5915 * Port I/O Handler for primary port range IN string operations.
5916 * @see FNIOMIOPORTINSTRING for details.
5917 */
5918PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5919{
5920 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5921 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5922 PATACONTROLLER pCtl = &pThis->aCts[i];
5923 int rc = VINF_SUCCESS;
5924
5925 Assert(i < 2);
5926
5927 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
5928 if (rc != VINF_SUCCESS)
5929 return rc;
5930 if (Port == pCtl->IOPortBase1)
5931 {
5932 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5933 RTGCPTR GCDst = *pGCPtrDst;
5934 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5935 Assert(cb == 2 || cb == 4);
5936
5937 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5938#ifndef IN_RING3
5939 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5940 if (!cTransAvailable)
5941 {
5942 PDMCritSectLeave(&pCtl->lock);
5943 return VINF_IOM_R3_IOPORT_READ;
5944 }
5945 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5946 cTransAvailable--;
5947#endif /* !IN_RING3 */
5948 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5949 * They are not performance-critical and generally shouldn't occur at all. */
5950 if (cTransAvailable > cTransfer)
5951 cTransAvailable = cTransfer;
5952 cbTransfer = cTransAvailable * cb;
5953
5954 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5955#ifndef IN_RING3
5956 /* Paranoia. */
5957 if (RT_FAILURE(rc))
5958 {
5959 PDMCritSectLeave(&pCtl->lock);
5960 AssertFailed();
5961 return VINF_IOM_R3_IOPORT_READ;
5962 }
5963#else
5964 Assert(rc == VINF_SUCCESS);
5965#endif
5966
5967 if (cbTransfer)
5968 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5969 s->iIOBufferPIODataStart += cbTransfer;
5970 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5971 *pcTransfer = cTransfer - cTransAvailable;
5972#ifdef IN_RING3
5973 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5974 ataPIOTransferFinish(pCtl, s);
5975#endif /* IN_RING3 */
5976 }
5977 PDMCritSectLeave(&pCtl->lock);
5978 return rc;
5979}
5980
5981
5982/**
5983 * Port I/O Handler for primary port range OUT string operations.
5984 * @see FNIOMIOPORTOUTSTRING for details.
5985 */
5986PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5987{
5988 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5989 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5990 PATACONTROLLER pCtl = &pThis->aCts[i];
5991 int rc;
5992
5993 Assert(i < 2);
5994
5995 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
5996 if (rc != VINF_SUCCESS)
5997 return rc;
5998 if (Port == pCtl->IOPortBase1)
5999 {
6000 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
6001 RTGCPTR GCSrc = *pGCPtrSrc;
6002 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
6003 Assert(cb == 2 || cb == 4);
6004
6005 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
6006#ifndef IN_RING3
6007 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
6008 if (!cTransAvailable)
6009 {
6010 PDMCritSectLeave(&pCtl->lock);
6011 return VINF_IOM_R3_IOPORT_WRITE;
6012 }
6013 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
6014 cTransAvailable--;
6015#endif /* !IN_RING3 */
6016 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
6017 * They are not performance-critical and generally shouldn't occur at all. */
6018 if (cTransAvailable > cTransfer)
6019 cTransAvailable = cTransfer;
6020 cbTransfer = cTransAvailable * cb;
6021
6022 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
6023#ifndef IN_RING3
6024 /* Paranoia. */
6025 if (RT_FAILURE(rc))
6026 {
6027 PDMCritSectLeave(&pCtl->lock);
6028 AssertFailed();
6029 return VINF_IOM_R3_IOPORT_WRITE;
6030 }
6031#else
6032 Assert(rc == VINF_SUCCESS);
6033#endif
6034
6035 if (cbTransfer)
6036 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
6037 s->iIOBufferPIODataStart += cbTransfer;
6038 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
6039 *pcTransfer = cTransfer - cTransAvailable;
6040#ifdef IN_RING3
6041 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
6042 ataPIOTransferFinish(pCtl, s);
6043#endif /* IN_RING3 */
6044 }
6045 PDMCritSectLeave(&pCtl->lock);
6046 return rc;
6047}
6048#endif /* !IN_RING0 */
6049
6050/**
6051 * Port I/O Handler for secondary port range OUT operations.
6052 * @see FNIOMIOPORTOUT for details.
6053 */
6054PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
6055{
6056 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6057 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6058 PATACONTROLLER pCtl = &pThis->aCts[i];
6059 int rc;
6060
6061 Assert(i < 2);
6062
6063 if (cb != 1)
6064 return VINF_SUCCESS;
6065 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_WRITE);
6066 if (rc != VINF_SUCCESS)
6067 return rc;
6068 rc = ataControlWrite(pCtl, Port, u32);
6069 PDMCritSectLeave(&pCtl->lock);
6070 return rc;
6071}
6072
6073
6074/**
6075 * Port I/O Handler for secondary port range IN operations.
6076 * @see FNIOMIOPORTIN for details.
6077 */
6078PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
6079{
6080 uint32_t i = (uint32_t)(uintptr_t)pvUser;
6081 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6082 PATACONTROLLER pCtl = &pThis->aCts[i];
6083 int rc;
6084
6085 Assert(i < 2);
6086
6087 if (cb != 1)
6088 return VERR_IOM_IOPORT_UNUSED;
6089
6090 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_R3_IOPORT_READ);
6091 if (rc != VINF_SUCCESS)
6092 return rc;
6093 *pu32 = ataStatusRead(pCtl, Port);
6094 PDMCritSectLeave(&pCtl->lock);
6095 return VINF_SUCCESS;
6096}
6097
6098#ifdef IN_RING3
6099
6100
6101DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
6102{
6103 if (s->pbIOBufferR3)
6104 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
6105}
6106
6107
6108/**
6109 * Detach notification.
6110 *
6111 * The DVD drive has been unplugged.
6112 *
6113 * @param pDevIns The device instance.
6114 * @param iLUN The logical unit which is being detached.
6115 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6116 */
6117static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6118{
6119 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6120 PATACONTROLLER pCtl;
6121 ATADevState *pIf;
6122 unsigned iController;
6123 unsigned iInterface;
6124
6125 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6126 ("PIIX3IDE: Device does not support hotplugging\n"));
6127
6128 /*
6129 * Locate the controller and stuff.
6130 */
6131 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6132 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6133 pCtl = &pThis->aCts[iController];
6134
6135 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6136 pIf = &pCtl->aIfs[iInterface];
6137
6138 /*
6139 * Zero some important members.
6140 */
6141 pIf->pDrvBase = NULL;
6142 pIf->pDrvBlock = NULL;
6143 pIf->pDrvBlockBios = NULL;
6144 pIf->pDrvMount = NULL;
6145
6146 /*
6147 * In case there was a medium inserted.
6148 */
6149 ataMediumRemoved(pIf);
6150}
6151
6152
6153/**
6154 * Configure a LUN.
6155 *
6156 * @returns VBox status code.
6157 * @param pDevIns The device instance.
6158 * @param pIf The ATA unit state.
6159 */
6160static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
6161{
6162 int rc = VINF_SUCCESS;
6163 PDMBLOCKTYPE enmType;
6164
6165 /*
6166 * Query Block, Bios and Mount interfaces.
6167 */
6168 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
6169 if (!pIf->pDrvBlock)
6170 {
6171 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
6172 return VERR_PDM_MISSING_INTERFACE;
6173 }
6174
6175 /** @todo implement the BIOS invisible code path. */
6176 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
6177 if (!pIf->pDrvBlockBios)
6178 {
6179 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
6180 return VERR_PDM_MISSING_INTERFACE;
6181 }
6182 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
6183
6184 /*
6185 * Validate type.
6186 */
6187 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
6188 if ( enmType != PDMBLOCKTYPE_CDROM
6189 && enmType != PDMBLOCKTYPE_DVD
6190 && enmType != PDMBLOCKTYPE_HARD_DISK)
6191 {
6192 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6193 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6194 }
6195 if ( ( enmType == PDMBLOCKTYPE_DVD
6196 || enmType == PDMBLOCKTYPE_CDROM)
6197 && !pIf->pDrvMount)
6198 {
6199 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6200 return VERR_INTERNAL_ERROR;
6201 }
6202 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
6203 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
6204
6205 /*
6206 * Allocate I/O buffer.
6207 */
6208 if (pIf->fATAPI)
6209 pIf->cbSector = 2048;
6210 else
6211 pIf->cbSector = pIf->pDrvBlock->pfnGetSectorSize(pIf->pDrvBlock);
6212
6213 PVM pVM = PDMDevHlpGetVM(pDevIns);
6214 if (pIf->cbIOBuffer)
6215 {
6216 /* Buffer is (probably) already allocated. Validate the fields,
6217 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6218 if (pIf->fATAPI)
6219 AssertRelease(pIf->cbIOBuffer == _128K);
6220 else
6221 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * pIf->cbSector);
6222 Assert(pIf->pbIOBufferR3);
6223 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6224 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6225 }
6226 else
6227 {
6228 if (pIf->fATAPI)
6229 pIf->cbIOBuffer = _128K;
6230 else
6231 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * pIf->cbSector;
6232 Assert(!pIf->pbIOBufferR3);
6233 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6234 if (RT_FAILURE(rc))
6235 return VERR_NO_MEMORY;
6236 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6237 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6238 }
6239
6240 /*
6241 * Init geometry (only for non-CD/DVD media).
6242 */
6243 if (pIf->fATAPI)
6244 {
6245 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / pIf->cbSector;
6246 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6247 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6248 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6249 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6250 }
6251 else
6252 {
6253 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / pIf->cbSector;
6254 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
6255 &pIf->PCHSGeometry);
6256 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6257 {
6258 pIf->PCHSGeometry.cCylinders = 0;
6259 pIf->PCHSGeometry.cHeads = 16; /*??*/
6260 pIf->PCHSGeometry.cSectors = 63; /*??*/
6261 }
6262 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6263 {
6264 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6265 rc = VINF_SUCCESS;
6266 }
6267 AssertRC(rc);
6268
6269 if ( pIf->PCHSGeometry.cCylinders == 0
6270 || pIf->PCHSGeometry.cHeads == 0
6271 || pIf->PCHSGeometry.cSectors == 0
6272 )
6273 {
6274 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6275 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6276 pIf->PCHSGeometry.cHeads = 16;
6277 pIf->PCHSGeometry.cSectors = 63;
6278 /* Set the disk geometry information. Ignore errors. */
6279 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
6280 &pIf->PCHSGeometry);
6281 rc = VINF_SUCCESS;
6282 }
6283 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
6284
6285 if (pIf->pDrvBlock->pfnDiscard)
6286 LogRel(("PIIX3 ATA: LUN#%d: TRIM enabled\n", pIf->iLUN));
6287 }
6288 return rc;
6289}
6290
6291
6292/**
6293 * Attach command.
6294 *
6295 * This is called when we change block driver for the DVD drive.
6296 *
6297 * @returns VBox status code.
6298 * @param pDevIns The device instance.
6299 * @param iLUN The logical unit which is being detached.
6300 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6301 */
6302static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6303{
6304 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6305 PATACONTROLLER pCtl;
6306 ATADevState *pIf;
6307 int rc;
6308 unsigned iController;
6309 unsigned iInterface;
6310
6311 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6312 ("PIIX3IDE: Device does not support hotplugging\n"),
6313 VERR_INVALID_PARAMETER);
6314
6315 /*
6316 * Locate the controller and stuff.
6317 */
6318 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6319 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6320 pCtl = &pThis->aCts[iController];
6321
6322 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6323 pIf = &pCtl->aIfs[iInterface];
6324
6325 /* the usual paranoia */
6326 AssertRelease(!pIf->pDrvBase);
6327 AssertRelease(!pIf->pDrvBlock);
6328 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6329 Assert(pIf->iLUN == iLUN);
6330
6331 /*
6332 * Try attach the block device and get the interfaces,
6333 * required as well as optional.
6334 */
6335 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6336 if (RT_SUCCESS(rc))
6337 {
6338 rc = ataConfigLun(pDevIns, pIf);
6339 /*
6340 * In case there is a medium inserted.
6341 */
6342 ataMediumInserted(pIf);
6343 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
6344 }
6345 else
6346 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6347
6348 if (RT_FAILURE(rc))
6349 {
6350 pIf->pDrvBase = NULL;
6351 pIf->pDrvBlock = NULL;
6352 }
6353 return rc;
6354}
6355
6356
6357/**
6358 * Resume notification.
6359 *
6360 * @returns VBox status.
6361 * @param pDevIns The device instance data.
6362 */
6363static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6364{
6365 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6366 int rc;
6367
6368 Log(("%s:\n", __FUNCTION__));
6369 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6370 {
6371 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6372 {
6373 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6374 AssertRC(rc);
6375 }
6376 }
6377 return;
6378}
6379
6380
6381/**
6382 * Checks if all (both) the async I/O threads have quiesced.
6383 *
6384 * @returns true on success.
6385 * @returns false when one or more threads is still processing.
6386 * @param pThis Pointer to the instance data.
6387 */
6388static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6389{
6390 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6391
6392 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6393 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6394 {
6395 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6396 if (!fRc)
6397 {
6398 /* Make it signal PDM & itself when its done */
6399 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6400 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6401 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6402 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6403 if (!fRc)
6404 {
6405#if 0 /** @todo Need to do some time tracking here... */
6406 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6407 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6408 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6409#endif
6410 return false;
6411 }
6412 }
6413 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6414 }
6415 return true;
6416}
6417
6418/**
6419 * Prepare state save and load operation.
6420 *
6421 * @returns VBox status code.
6422 * @param pDevIns Device instance of the device which registered the data unit.
6423 * @param pSSM SSM operation handle.
6424 */
6425static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6426{
6427 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6428
6429 /* sanity - the suspend notification will wait on the async stuff. */
6430 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6431 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6432 ("i=%u\n", i),
6433 VERR_SSM_IDE_ASYNC_TIMEOUT);
6434 return VINF_SUCCESS;
6435}
6436
6437/**
6438 * @copydoc FNSSMDEVLIVEEXEC
6439 */
6440static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6441{
6442 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6443
6444 SSMR3PutU8(pSSM, pThis->u8Type);
6445 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6446 {
6447 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6448 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6449 {
6450 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6451 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6452 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6453 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6454 }
6455 }
6456
6457 return VINF_SSM_DONT_CALL_AGAIN;
6458}
6459
6460/**
6461 * @copydoc FNSSMDEVSAVEEXEC
6462 */
6463static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6464{
6465 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6466
6467 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6468
6469 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6470 {
6471 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6472 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6473 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6474 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6475 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6476 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6477 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6478 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6479 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6480 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6481 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6482 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6483 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6484
6485 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6486 {
6487 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6488 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6489 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6490 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6491 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6492 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6493 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6494 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6495 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6496 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6497 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6498 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6499 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6500 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6501 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6502 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6503 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6504 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6505 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6506 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6507 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6508 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6509 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6510 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6511 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6512 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6513 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6514 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6515 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6516 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6517 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6518 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6519 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6520 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6521 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6522 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6523 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6524 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6525 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6526 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6527 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6528 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6529 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6530 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6531 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6532 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6533 else
6534 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6535 }
6536 }
6537
6538 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6539}
6540
6541/**
6542 * Converts the LUN number into a message string.
6543 */
6544static const char *ataStringifyLun(unsigned iLun)
6545{
6546 switch (iLun)
6547 {
6548 case 0: return "primary master";
6549 case 1: return "primary slave";
6550 case 2: return "secondary master";
6551 case 3: return "secondary slave";
6552 default: AssertFailedReturn("unknown lun");
6553 }
6554}
6555
6556/**
6557 * FNSSMDEVLOADEXEC
6558 */
6559static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6560{
6561 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6562 int rc;
6563 uint32_t u32;
6564
6565 if ( uVersion != ATA_SAVED_STATE_VERSION
6566 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6567 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6568 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6569 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6570 {
6571 AssertMsgFailed(("uVersion=%d\n", uVersion));
6572 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6573 }
6574
6575 /*
6576 * Verify the configuration.
6577 */
6578 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6579 {
6580 uint8_t u8Type;
6581 rc = SSMR3GetU8(pSSM, &u8Type);
6582 AssertRCReturn(rc, rc);
6583 if (u8Type != pThis->u8Type)
6584 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6585
6586 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6587 {
6588 bool fEnabled;
6589 rc = SSMR3GetBool(pSSM, &fEnabled);
6590 AssertRCReturn(rc, rc);
6591 if (!fEnabled)
6592 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6593
6594 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6595 {
6596 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6597
6598 bool fInUse;
6599 rc = SSMR3GetBool(pSSM, &fInUse);
6600 AssertRCReturn(rc, rc);
6601 if (fInUse != (pIf->pDrvBase != NULL))
6602 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6603 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6604 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6605
6606 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6607 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6608 AssertRCReturn(rc, rc);
6609 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6610 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6611 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6612
6613 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6614 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6615 AssertRCReturn(rc, rc);
6616 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6617 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6618 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6619
6620 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6621 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6622 AssertRCReturn(rc, rc);
6623 if (strcmp(szModelNumber, pIf->szModelNumber))
6624 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6625 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6626 }
6627 }
6628 }
6629 if (uPass != SSM_PASS_FINAL)
6630 return VINF_SUCCESS;
6631
6632 /*
6633 * Restore valid parts of the PCIATAState structure
6634 */
6635 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6636 {
6637 /* integrity check */
6638 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6639 {
6640 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6641 return VERR_INTERNAL_ERROR_4;
6642 }
6643
6644 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6645 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6646 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6647 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6648 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6649 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6650 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6651 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6652 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6653 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6654 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6655 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6656 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6657
6658 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6659 {
6660 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6661 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6662 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6663 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6664 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6665 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6666 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6667 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6668 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6669 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6670 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6671 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6672 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6673 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6674 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6675 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6676 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6677 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6678 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6679 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6680 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6681 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6682 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6683 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6684 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6685 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6686 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6687 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6688 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6689 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6690 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6691 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6692 /* NB: cbPIOTransferLimit could be saved/restored but it's sufficient
6693 * to re-calculate it here, with a tiny risk that it could be
6694 * unnecessarily low for the current transfer only. Could be changed
6695 * when changing the saved state in the future.
6696 */
6697 pThis->aCts[i].aIfs[j].cbPIOTransferLimit = (pThis->aCts[i].aIfs[j].uATARegHCyl << 8) | pThis->aCts[i].aIfs[j].uATARegLCyl;
6698 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6699 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6700 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6701 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6702 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6703 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6704 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6705 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6706 {
6707 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6708 }
6709 else
6710 {
6711 uint8_t uATAPISenseKey, uATAPIASC;
6712 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6713 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6714 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6715 SSMR3GetU8(pSSM, &uATAPISenseKey);
6716 SSMR3GetU8(pSSM, &uATAPIASC);
6717 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6718 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6719 }
6720 /** @todo triple-check this hack after passthrough is working */
6721 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6722 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6723 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6724 else
6725 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6726 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6727 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6728 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6729 {
6730 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6731 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6732 else
6733 {
6734 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6735 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6736 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6737
6738 /* skip the buffer if we're loading for the debugger / animator. */
6739 uint8_t u8Ignored;
6740 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6741 while (cbLeft-- > 0)
6742 SSMR3GetU8(pSSM, &u8Ignored);
6743 }
6744 }
6745 else
6746 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6747 }
6748 }
6749 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6750 SSMR3GetU8(pSSM, &pThis->u8Type);
6751
6752 rc = SSMR3GetU32(pSSM, &u32);
6753 if (RT_FAILURE(rc))
6754 return rc;
6755 if (u32 != ~0U)
6756 {
6757 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6758 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6759 return rc;
6760 }
6761
6762 return VINF_SUCCESS;
6763}
6764
6765
6766/**
6767 * Callback employed by ataSuspend and ataR3PowerOff.
6768 *
6769 * @returns true if we've quiesced, false if we're still working.
6770 * @param pDevIns The device instance.
6771 */
6772static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6773{
6774 return ataR3AllAsyncIOIsIdle(pDevIns);
6775}
6776
6777
6778/**
6779 * Common worker for ataSuspend and ataR3PowerOff.
6780 */
6781static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6782{
6783 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6784 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6785}
6786
6787
6788/**
6789 * Power Off notification.
6790 *
6791 * @returns VBox status.
6792 * @param pDevIns The device instance data.
6793 */
6794static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6795{
6796 Log(("%s:\n", __FUNCTION__));
6797 ataR3SuspendOrPowerOff(pDevIns);
6798}
6799
6800
6801/**
6802 * Suspend notification.
6803 *
6804 * @returns VBox status.
6805 * @param pDevIns The device instance data.
6806 */
6807static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6808{
6809 Log(("%s:\n", __FUNCTION__));
6810 ataR3SuspendOrPowerOff(pDevIns);
6811}
6812
6813
6814/**
6815 * Callback employed by ataR3Reset.
6816 *
6817 * @returns true if we've quiesced, false if we're still working.
6818 * @param pDevIns The device instance.
6819 */
6820static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6821{
6822 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6823
6824 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6825 return false;
6826
6827 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6828 {
6829 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6830 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6831 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6832 PDMCritSectLeave(&pThis->aCts[i].lock);
6833 }
6834 return true;
6835}
6836
6837
6838/**
6839 * Common reset worker for ataR3Reset and ataR3Construct.
6840 *
6841 * @returns VBox status.
6842 * @param pDevIns The device instance data.
6843 * @param fConstruct Indicates who is calling.
6844 */
6845static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6846{
6847 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6848
6849 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6850 {
6851 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6852
6853 pThis->aCts[i].iSelectedIf = 0;
6854 pThis->aCts[i].iAIOIf = 0;
6855 pThis->aCts[i].BmDma.u8Cmd = 0;
6856 /* Report that both drives present on the bus are in DMA mode. This
6857 * pretends that there is a BIOS that has set it up. Normal reset
6858 * default is 0x00. */
6859 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6860 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6861 pThis->aCts[i].BmDma.pvAddr = 0;
6862
6863 pThis->aCts[i].fReset = true;
6864 pThis->aCts[i].fRedo = false;
6865 pThis->aCts[i].fRedoIdle = false;
6866 ataAsyncIOClearRequests(&pThis->aCts[i]);
6867 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6868 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6869 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6870
6871 PDMCritSectLeave(&pThis->aCts[i].lock);
6872 }
6873
6874 int rcRet = VINF_SUCCESS;
6875 if (!fConstruct)
6876 {
6877 /*
6878 * Setup asynchronous notification completion if the requests haven't
6879 * completed yet.
6880 */
6881 if (!ataR3IsAsyncResetDone(pDevIns))
6882 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6883 }
6884 else
6885 {
6886 /*
6887 * Wait for the requests for complete.
6888 *
6889 * Would be real nice if we could do it all from EMT(0) and not
6890 * involve the worker threads, then we could dispense with all the
6891 * waiting and semaphore ping-pong here...
6892 */
6893 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6894 {
6895 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6896 {
6897 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6898 AssertRC(rc);
6899
6900 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6901 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6902 AssertRC(rc);
6903
6904 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6905 AssertRC(rc);
6906
6907 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6908 {
6909 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6910 if (RT_FAILURE(rc))
6911 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6912 if (RT_FAILURE(rc))
6913 {
6914 AssertRC(rc);
6915 rcRet = rc;
6916 }
6917 }
6918 }
6919 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6920 }
6921 if (RT_SUCCESS(rcRet))
6922 {
6923 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6924 AssertRC(rcRet);
6925 }
6926 }
6927 return rcRet;
6928}
6929
6930/**
6931 * Reset notification.
6932 *
6933 * @param pDevIns The device instance data.
6934 */
6935static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6936{
6937 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6938}
6939
6940/**
6941 * @copydoc FNPDMDEVRELOCATE
6942 */
6943static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
6944{
6945 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6946
6947 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6948 {
6949 pThis->aCts[i].pDevInsRC += offDelta;
6950 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
6951 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
6952 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
6953 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
6954 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
6955 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
6956 }
6957}
6958
6959/**
6960 * Destroy a driver instance.
6961 *
6962 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
6963 * resources can be freed correctly.
6964 *
6965 * @param pDevIns The device instance data.
6966 */
6967static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
6968{
6969 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6970 int rc;
6971
6972 Log(("ataR3Destruct\n"));
6973 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
6974
6975 /*
6976 * Tell the async I/O threads to terminate.
6977 */
6978 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6979 {
6980 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6981 {
6982 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
6983 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
6984 AssertRC(rc);
6985 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6986 AssertRC(rc);
6987 }
6988 }
6989
6990 /*
6991 * Wait for the threads to terminate before destroying their resources.
6992 */
6993 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6994 {
6995 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6996 {
6997 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
6998 if (RT_SUCCESS(rc))
6999 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7000 else
7001 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
7002 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
7003 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
7004 }
7005 }
7006
7007 /*
7008 * Free resources.
7009 */
7010 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7011 {
7012 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
7013 {
7014 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
7015 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
7016 }
7017 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
7018 {
7019 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
7020 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
7021 }
7022 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
7023 {
7024 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
7025 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7026 }
7027
7028 /* try one final time */
7029 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
7030 {
7031 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
7032 if (RT_SUCCESS(rc))
7033 {
7034 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7035 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
7036 }
7037 }
7038
7039 for (uint32_t iIf = 0; iIf < RT_ELEMENTS(pThis->aCts[i].aIfs); iIf++)
7040 {
7041 if (pThis->aCts[i].aIfs[iIf].pTrackList)
7042 {
7043 ATAPIPassthroughTrackListDestroy(pThis->aCts[i].aIfs[iIf].pTrackList);
7044 pThis->aCts[i].aIfs[iIf].pTrackList = NULL;
7045 }
7046 }
7047 }
7048
7049 return VINF_SUCCESS;
7050}
7051
7052/**
7053 * Convert config value to DEVPCBIOSBOOT.
7054 *
7055 * @returns VBox status code.
7056 * @param pDevIns The device instance data.
7057 * @param pCfg Configuration handle.
7058 * @param penmChipset Where to store the chipset type.
7059 */
7060static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
7061{
7062 char szType[20];
7063
7064 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
7065 if (RT_FAILURE(rc))
7066 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7067 N_("Configuration error: Querying \"Type\" as a string failed"));
7068 if (!strcmp(szType, "PIIX3"))
7069 *penmChipset = CHIPSET_PIIX3;
7070 else if (!strcmp(szType, "PIIX4"))
7071 *penmChipset = CHIPSET_PIIX4;
7072 else if (!strcmp(szType, "ICH6"))
7073 *penmChipset = CHIPSET_ICH6;
7074 else
7075 {
7076 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7077 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
7078 szType);
7079 rc = VERR_INTERNAL_ERROR;
7080 }
7081 return rc;
7082}
7083
7084/**
7085 * @interface_method_impl{PDMDEVREG,pfnConstruct}
7086 */
7087static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
7088{
7089 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
7090 PPDMIBASE pBase;
7091 int rc;
7092 bool fGCEnabled;
7093 bool fR0Enabled;
7094 uint32_t DelayIRQMillies;
7095
7096 Assert(iInstance == 0);
7097 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
7098
7099 /*
7100 * Initialize NIL handle values (for the destructor).
7101 */
7102 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7103 {
7104 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
7105 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
7106 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
7107 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
7108 }
7109
7110 /*
7111 * Validate and read configuration.
7112 */
7113 if (!CFGMR3AreValuesValid(pCfg,
7114 "GCEnabled\0"
7115 "R0Enabled\0"
7116 "IRQDelay\0"
7117 "Type\0")
7118 /** @todo || invalid keys */)
7119 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
7120 N_("PIIX3 configuration error: unknown option specified"));
7121
7122 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
7123 if (RT_FAILURE(rc))
7124 return PDMDEV_SET_ERROR(pDevIns, rc,
7125 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
7126 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
7127
7128 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
7129 if (RT_FAILURE(rc))
7130 return PDMDEV_SET_ERROR(pDevIns, rc,
7131 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
7132 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
7133
7134 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
7135 if (RT_FAILURE(rc))
7136 return PDMDEV_SET_ERROR(pDevIns, rc,
7137 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
7138 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
7139 Assert(DelayIRQMillies < 50);
7140
7141 CHIPSET enmChipset = CHIPSET_PIIX3;
7142 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
7143 if (RT_FAILURE(rc))
7144 return rc;
7145 pThis->u8Type = (uint8_t)enmChipset;
7146
7147 /*
7148 * Initialize data (most of it anyway).
7149 */
7150 /* Status LUN. */
7151 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
7152 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
7153
7154 /* PCI configuration space. */
7155 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
7156
7157 /*
7158 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
7159 * as it explicitly checks for PCI id for IDE controllers.
7160 */
7161 switch (pThis->u8Type)
7162 {
7163 case CHIPSET_ICH6:
7164 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
7165 /** @todo: do we need it? Do we need anything else? */
7166 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7167 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7168 pThis->dev.config[0x4B] = 0x00;
7169 {
7170 /*
7171 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
7172 * Report
7173 * WR_Ping-Pong_EN: must be set
7174 * PCR0, PCR1: 80-pin primary cable reporting for both disks
7175 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
7176 */
7177 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
7178 pThis->dev.config[0x54] = u16Config & 0xff;
7179 pThis->dev.config[0x55] = u16Config >> 8;
7180 }
7181 break;
7182 case CHIPSET_PIIX4:
7183 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
7184 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
7185 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
7186 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
7187 pThis->dev.config[0x4B] = 0x00;
7188 break;
7189 case CHIPSET_PIIX3:
7190 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
7191 break;
7192 default:
7193 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
7194 }
7195
7196 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
7197 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
7198 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
7199 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
7200 PCIDevSetHeaderType(&pThis->dev, 0x00);
7201
7202 pThis->pDevIns = pDevIns;
7203 pThis->fGCEnabled = fGCEnabled;
7204 pThis->fR0Enabled = fR0Enabled;
7205 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7206 {
7207 pThis->aCts[i].pDevInsR3 = pDevIns;
7208 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7209 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7210 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
7211 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7212 {
7213 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7214
7215 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
7216 pIf->pDevInsR3 = pDevIns;
7217 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
7218 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
7219 pIf->pControllerR3 = &pThis->aCts[i];
7220 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7221 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
7222 pIf->IBase.pfnQueryInterface = ataQueryInterface;
7223 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
7224 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
7225 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
7226 pIf->Led.u32Magic = PDMLED_MAGIC;
7227 }
7228 }
7229
7230 Assert(RT_ELEMENTS(pThis->aCts) == 2);
7231 pThis->aCts[0].irq = 14;
7232 pThis->aCts[0].IOPortBase1 = 0x1f0;
7233 pThis->aCts[0].IOPortBase2 = 0x3f6;
7234 pThis->aCts[1].irq = 15;
7235 pThis->aCts[1].IOPortBase1 = 0x170;
7236 pThis->aCts[1].IOPortBase2 = 0x376;
7237
7238 /*
7239 * Set the default critical section to NOP as we lock on controller level.
7240 */
7241 rc = PDMDevHlpSetDeviceCritSect(pDevIns, PDMDevHlpCritSectGetNop(pDevIns));
7242 AssertRCReturn(rc, rc);
7243
7244 /*
7245 * Register the PCI device.
7246 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
7247 * device the slot next to itself.
7248 */
7249 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
7250 if (RT_FAILURE(rc))
7251 return PDMDEV_SET_ERROR(pDevIns, rc,
7252 N_("PIIX3 cannot register PCI device"));
7253 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
7254 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
7255 if (RT_FAILURE(rc))
7256 return PDMDEV_SET_ERROR(pDevIns, rc,
7257 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
7258
7259 /*
7260 * Register the I/O ports.
7261 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
7262 */
7263 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7264 {
7265 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)(uintptr_t)i,
7266 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
7267 if (RT_FAILURE(rc))
7268 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
7269
7270 if (fGCEnabled)
7271 {
7272 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
7273 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7274 if (RT_FAILURE(rc))
7275 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
7276 }
7277
7278 if (fR0Enabled)
7279 {
7280#if 1
7281 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7282 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
7283#else
7284 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
7285 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
7286#endif
7287 if (RT_FAILURE(rc))
7288 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
7289 }
7290
7291 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)(uintptr_t)i,
7292 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
7293 if (RT_FAILURE(rc))
7294 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
7295
7296 if (fGCEnabled)
7297 {
7298 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
7299 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7300 if (RT_FAILURE(rc))
7301 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
7302 }
7303 if (fR0Enabled)
7304 {
7305 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
7306 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
7307 if (RT_FAILURE(rc))
7308 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
7309 }
7310
7311 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
7312 {
7313 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
7314 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7315 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
7316 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7317 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
7318 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7319 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7320 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7321 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7322#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7323 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7324 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7325#endif
7326 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7327 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7328#ifdef VBOX_INSTRUMENT_DMA_WRITES
7329 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7330 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7331#endif
7332#ifdef VBOX_WITH_STATISTICS
7333 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7334 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7335#endif
7336 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7337 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7338#ifdef VBOX_WITH_STATISTICS
7339 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7340 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7341#endif
7342 }
7343#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7344 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7345 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7346 /** @todo STAMUNIT_MICROSECS */
7347 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7348 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7349 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7350 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7351 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7352 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7353 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7354 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7355 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7356 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7357#endif /* VBOX_WITH_STATISTICS */
7358
7359 /* Initialize per-controller critical section */
7360 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA#%u", i);
7361 if (RT_FAILURE(rc))
7362 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
7363 }
7364
7365 /*
7366 * Attach status driver (optional).
7367 */
7368 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7369 if (RT_SUCCESS(rc))
7370 {
7371 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7372 pThis->pMediaNotify = PDMIBASE_QUERY_INTERFACE(pBase, PDMIMEDIANOTIFY);
7373 }
7374 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7375 {
7376 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7377 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7378 }
7379
7380 /*
7381 * Attach the units.
7382 */
7383 uint32_t cbTotalBuffer = 0;
7384 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7385 {
7386 PATACONTROLLER pCtl = &pThis->aCts[i];
7387
7388 /*
7389 * Start the worker thread.
7390 */
7391 pCtl->uAsyncIOState = ATA_AIO_NEW;
7392 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
7393 AssertLogRelRCReturn(rc, rc);
7394 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7395 AssertLogRelRCReturn(rc, rc);
7396 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
7397 AssertLogRelRCReturn(rc, rc);
7398 ataAsyncIOClearRequests(pCtl);
7399 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
7400 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7401 AssertLogRelRCReturn(rc, rc);
7402 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
7403 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
7404
7405 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7406 {
7407 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7408 {
7409 { "Primary Master", "Primary Slave" },
7410 { "Secondary Master", "Secondary Slave" }
7411 };
7412
7413 /*
7414 * Try attach the block device and get the interfaces,
7415 * required as well as optional.
7416 */
7417 ATADevState *pIf = &pCtl->aIfs[j];
7418
7419 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7420 if (RT_SUCCESS(rc))
7421 {
7422 rc = ataConfigLun(pDevIns, pIf);
7423 if (RT_SUCCESS(rc))
7424 {
7425 /*
7426 * Init vendor product data.
7427 */
7428 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7429 {
7430 { "PrimaryMaster", "PrimarySlave" },
7431 { "SecondaryMaster", "SecondarySlave" }
7432 };
7433
7434 /* Generate a default serial number. */
7435 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7436 RTUUID Uuid;
7437 if (pIf->pDrvBlock)
7438 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
7439 else
7440 RTUuidClear(&Uuid);
7441
7442 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7443 {
7444 /* Generate a predictable serial for drives which don't have a UUID. */
7445 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7446 pIf->iLUN + pDevIns->iInstance * 32,
7447 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7448 }
7449 else
7450 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7451
7452 /* Get user config if present using defaults otherwise. */
7453 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7454 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7455 szSerial);
7456 if (RT_FAILURE(rc))
7457 {
7458 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7459 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7460 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7461 return PDMDEV_SET_ERROR(pDevIns, rc,
7462 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7463 }
7464
7465 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7466 "1.0");
7467 if (RT_FAILURE(rc))
7468 {
7469 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7470 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7471 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7472 return PDMDEV_SET_ERROR(pDevIns, rc,
7473 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7474 }
7475
7476 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7477 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7478 if (RT_FAILURE(rc))
7479 {
7480 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7481 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7482 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7483 return PDMDEV_SET_ERROR(pDevIns, rc,
7484 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7485 }
7486
7487 rc = CFGMR3QueryBoolDef(pCfgNode, "NonRotationalMedium", &pIf->fNonRotational, false);
7488 if (RT_FAILURE(rc))
7489 return PDMDEV_SET_ERROR(pDevIns, rc,
7490 N_("PIIX3 configuration error: failed to read \"NonRotationalMedium\" as boolean"));
7491
7492 /* There are three other identification strings for CD drives used for INQUIRY */
7493 if (pIf->fATAPI)
7494 {
7495 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7496 "VBOX");
7497 if (RT_FAILURE(rc))
7498 {
7499 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7500 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7501 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7502 return PDMDEV_SET_ERROR(pDevIns, rc,
7503 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7504 }
7505
7506 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7507 "CD-ROM");
7508 if (RT_FAILURE(rc))
7509 {
7510 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7511 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7512 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7513 return PDMDEV_SET_ERROR(pDevIns, rc,
7514 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7515 }
7516
7517 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7518 "1.0");
7519 if (RT_FAILURE(rc))
7520 {
7521 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7522 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7523 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7524 return PDMDEV_SET_ERROR(pDevIns, rc,
7525 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7526 }
7527
7528 rc = CFGMR3QueryBoolDef(pCfgNode, "OverwriteInquiry", &pIf->fOverwriteInquiry, true);
7529 if (RT_FAILURE(rc))
7530 return PDMDEV_SET_ERROR(pDevIns, rc,
7531 N_("PIIX3 configuration error: failed to read \"OverwriteInquiry\" as boolean"));
7532 }
7533 }
7534
7535 }
7536 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7537 {
7538 pIf->pDrvBase = NULL;
7539 pIf->pDrvBlock = NULL;
7540 pIf->cbIOBuffer = 0;
7541 pIf->pbIOBufferR3 = NULL;
7542 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7543 pIf->pbIOBufferRC = NIL_RTGCPTR;
7544 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7545 }
7546 else
7547 {
7548 switch (rc)
7549 {
7550 case VERR_ACCESS_DENIED:
7551 /* Error already cached by DrvHostBase */
7552 return rc;
7553 default:
7554 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7555 N_("PIIX3 cannot attach drive to the %s"),
7556 s_apszDescs[i][j]);
7557 }
7558 }
7559 cbTotalBuffer += pIf->cbIOBuffer;
7560 }
7561 }
7562
7563 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7564 NULL, ataLiveExec, NULL,
7565 ataSaveLoadPrep, ataSaveExec, NULL,
7566 ataSaveLoadPrep, ataLoadExec, NULL);
7567 if (RT_FAILURE(rc))
7568 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7569
7570 /*
7571 * Initialize the device state.
7572 */
7573 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7574}
7575
7576
7577/**
7578 * The device registration structure.
7579 */
7580const PDMDEVREG g_DevicePIIX3IDE =
7581{
7582 /* u32Version */
7583 PDM_DEVREG_VERSION,
7584 /* szName */
7585 "piix3ide",
7586 /* szRCMod */
7587 "VBoxDDGC.gc",
7588 /* szR0Mod */
7589 "VBoxDDR0.r0",
7590 /* pszDescription */
7591 "Intel PIIX3 ATA controller.\n"
7592 " LUN #0 is primary master.\n"
7593 " LUN #1 is primary slave.\n"
7594 " LUN #2 is secondary master.\n"
7595 " LUN #3 is secondary slave.\n"
7596 " LUN #999 is the LED/Status connector.",
7597 /* fFlags */
7598 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7599 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION |
7600 PDM_DEVREG_FLAGS_FIRST_RESET_NOTIFICATION,
7601 /* fClass */
7602 PDM_DEVREG_CLASS_STORAGE,
7603 /* cMaxInstances */
7604 1,
7605 /* cbInstance */
7606 sizeof(PCIATAState),
7607 /* pfnConstruct */
7608 ataR3Construct,
7609 /* pfnDestruct */
7610 ataR3Destruct,
7611 /* pfnRelocate */
7612 ataR3Relocate,
7613 /* pfnMemSetup */
7614 NULL,
7615 /* pfnPowerOn */
7616 NULL,
7617 /* pfnReset */
7618 ataR3Reset,
7619 /* pfnSuspend */
7620 ataR3Suspend,
7621 /* pfnResume */
7622 ataR3Resume,
7623 /* pfnAttach */
7624 ataR3Attach,
7625 /* pfnDetach */
7626 ataR3Detach,
7627 /* pfnQueryInterface. */
7628 NULL,
7629 /* pfnInitComplete */
7630 NULL,
7631 /* pfnPowerOff */
7632 ataR3PowerOff,
7633 /* pfnSoftReset */
7634 NULL,
7635 /* u32VersionEnd */
7636 PDM_DEVREG_VERSION
7637};
7638#endif /* IN_RING3 */
7639#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette