VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 25989

Last change on this file since 25989 was 25989, checked in by vboxsync, 15 years ago

ATA: implement integrity word
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 268.5 KB
Line 
1/* $Id: DevATA.cpp 25989 2010-01-24 21:36:21Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2008 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.215389.xyz. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Defined Constants And Macros *
24*******************************************************************************/
25/** Temporary instrumentation for tracking down potential virtual disk
26 * write performance issues. */
27#undef VBOX_INSTRUMENT_DMA_WRITES
28
29/** @name The SSM saved state versions.
30 * @{
31 */
32/** The current saved state version. */
33#define ATA_SAVED_STATE_VERSION 20
34/** The saved state version used by VirtualBox 3.0.
35 * This lacks the config part and has the type at the and. */
36#define ATA_SAVED_STATE_VERSION_VBOX_30 19
37#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
38#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
39#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
40/** @} */
41
42/*******************************************************************************
43* Header Files *
44*******************************************************************************/
45#define LOG_GROUP LOG_GROUP_DEV_IDE
46#include <VBox/pdmdev.h>
47#include <iprt/assert.h>
48#include <iprt/string.h>
49#ifdef IN_RING3
50# include <iprt/uuid.h>
51# include <iprt/semaphore.h>
52# include <iprt/thread.h>
53# include <iprt/time.h>
54# include <iprt/alloc.h>
55#endif /* IN_RING3 */
56#include <iprt/critsect.h>
57#include <iprt/asm.h>
58#include <VBox/stam.h>
59#include <VBox/mm.h>
60#include <VBox/pgm.h>
61
62#include <VBox/scsi.h>
63
64#include "PIIX3ATABmDma.h"
65#include "ide.h"
66#include "../Builtins.h"
67
68/*******************************************************************************
69* Defined Constants And Macros *
70*******************************************************************************/
71/**
72 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
73 * Set to 1 to disable multi-sector read support. According to the ATA
74 * specification this must be a power of 2 and it must fit in an 8 bit
75 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
76 */
77#define ATA_MAX_MULT_SECTORS 128
78
79/**
80 * Fastest PIO mode supported by the drive.
81 */
82#define ATA_PIO_MODE_MAX 4
83/**
84 * Fastest MDMA mode supported by the drive.
85 */
86#define ATA_MDMA_MODE_MAX 2
87/**
88 * Fastest UDMA mode supported by the drive.
89 */
90#define ATA_UDMA_MODE_MAX 6
91
92/** ATAPI sense info size. */
93#define ATAPI_SENSE_SIZE 64
94
95/** The maximum number of release log entries per device. */
96#define MAX_LOG_REL_ERRORS 1024
97
98/* MediaEventStatus */
99#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
100#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
101#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
102#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
103
104/**
105 * Length of the configurable VPD data (without termination)
106 */
107#define ATA_SERIAL_NUMBER_LENGTH 20
108#define ATA_FIRMWARE_REVISION_LENGTH 8
109#define ATA_MODEL_NUMBER_LENGTH 40
110#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
111#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
112#define ATAPI_INQUIRY_REVISION_LENGTH 4
113
114/*******************************************************************************
115* Structures and Typedefs *
116*******************************************************************************/
117/**
118 * The state of an ATA device.
119 *
120 * @implements PDMIBASE
121 * @implements PDMIBLOCKPORT
122 * @implements PDMIMOUNTNOTIFY
123 */
124typedef struct ATADevState
125{
126 /** Flag indicating whether the current command uses LBA48 mode. */
127 bool fLBA48;
128 /** Flag indicating whether this drive implements the ATAPI command set. */
129 bool fATAPI;
130 /** Set if this interface has asserted the IRQ. */
131 bool fIrqPending;
132 /** Currently configured number of sectors in a multi-sector transfer. */
133 uint8_t cMultSectors;
134 /** PCHS disk geometry. */
135 PDMMEDIAGEOMETRY PCHSGeometry;
136 /** Total number of sectors on this disk. */
137 uint64_t cTotalSectors;
138 /** Number of sectors to transfer per IRQ. */
139 uint32_t cSectorsPerIRQ;
140
141 /** ATA/ATAPI register 1: feature (write-only). */
142 uint8_t uATARegFeature;
143 /** ATA/ATAPI register 1: feature, high order byte. */
144 uint8_t uATARegFeatureHOB;
145 /** ATA/ATAPI register 1: error (read-only). */
146 uint8_t uATARegError;
147 /** ATA/ATAPI register 2: sector count (read/write). */
148 uint8_t uATARegNSector;
149 /** ATA/ATAPI register 2: sector count, high order byte. */
150 uint8_t uATARegNSectorHOB;
151 /** ATA/ATAPI register 3: sector (read/write). */
152 uint8_t uATARegSector;
153 /** ATA/ATAPI register 3: sector, high order byte. */
154 uint8_t uATARegSectorHOB;
155 /** ATA/ATAPI register 4: cylinder low (read/write). */
156 uint8_t uATARegLCyl;
157 /** ATA/ATAPI register 4: cylinder low, high order byte. */
158 uint8_t uATARegLCylHOB;
159 /** ATA/ATAPI register 5: cylinder high (read/write). */
160 uint8_t uATARegHCyl;
161 /** ATA/ATAPI register 5: cylinder high, high order byte. */
162 uint8_t uATARegHCylHOB;
163 /** ATA/ATAPI register 6: select drive/head (read/write). */
164 uint8_t uATARegSelect;
165 /** ATA/ATAPI register 7: status (read-only). */
166 uint8_t uATARegStatus;
167 /** ATA/ATAPI register 7: command (write-only). */
168 uint8_t uATARegCommand;
169 /** ATA/ATAPI drive control register (write-only). */
170 uint8_t uATARegDevCtl;
171
172 /** Currently active transfer mode (MDMA/UDMA) and speed. */
173 uint8_t uATATransferMode;
174 /** Current transfer direction. */
175 uint8_t uTxDir;
176 /** Index of callback for begin transfer. */
177 uint8_t iBeginTransfer;
178 /** Index of callback for source/sink of data. */
179 uint8_t iSourceSink;
180 /** Flag indicating whether the current command transfers data in DMA mode. */
181 bool fDMA;
182 /** Set to indicate that ATAPI transfer semantics must be used. */
183 bool fATAPITransfer;
184
185 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
186 uint32_t cbTotalTransfer;
187 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbElementaryTransfer;
189 /** Current read/write buffer position, shared PIO/DMA. */
190 uint32_t iIOBufferCur;
191 /** First element beyond end of valid buffer content, shared PIO/DMA. */
192 uint32_t iIOBufferEnd;
193
194 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
195 uint32_t iIOBufferPIODataStart;
196 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataEnd;
198
199 /** ATAPI current LBA position. */
200 uint32_t iATAPILBA;
201 /** ATAPI current sector size. */
202 uint32_t cbATAPISector;
203 /** ATAPI current command. */
204 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
205 /** ATAPI sense data. */
206 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
207 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
208 uint8_t cNotifiedMediaChange;
209 /** The same for GET_EVENT_STATUS for mechanism */
210 volatile uint32_t MediaEventStatus;
211
212 uint32_t Alignment0;
213
214 /** The status LED state for this drive. */
215 PDMLED Led;
216
217 /** Size of I/O buffer. */
218 uint32_t cbIOBuffer;
219 /** Pointer to the I/O buffer. */
220 R3PTRTYPE(uint8_t *) pbIOBufferR3;
221 /** Pointer to the I/O buffer. */
222 R0PTRTYPE(uint8_t *) pbIOBufferR0;
223 /** Pointer to the I/O buffer. */
224 RCPTRTYPE(uint8_t *) pbIOBufferRC;
225
226 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundrary. */
227
228 /*
229 * No data that is part of the saved state after this point!!!!!
230 */
231
232 /* Release statistics: number of ATA DMA commands. */
233 STAMCOUNTER StatATADMA;
234 /* Release statistics: number of ATA PIO commands. */
235 STAMCOUNTER StatATAPIO;
236 /* Release statistics: number of ATAPI PIO commands. */
237 STAMCOUNTER StatATAPIDMA;
238 /* Release statistics: number of ATAPI PIO commands. */
239 STAMCOUNTER StatATAPIPIO;
240#ifdef VBOX_INSTRUMENT_DMA_WRITES
241 /* Release statistics: number of DMA sector writes and the time spent. */
242 STAMPROFILEADV StatInstrVDWrites;
243#endif
244
245 /** Statistics: number of read operations and the time spent reading. */
246 STAMPROFILEADV StatReads;
247 /** Statistics: number of bytes read. */
248 STAMCOUNTER StatBytesRead;
249 /** Statistics: number of write operations and the time spent writing. */
250 STAMPROFILEADV StatWrites;
251 /** Statistics: number of bytes written. */
252 STAMCOUNTER StatBytesWritten;
253 /** Statistics: number of flush operations and the time spend flushing. */
254 STAMPROFILE StatFlushes;
255
256 /** Enable passing through commands directly to the ATAPI drive. */
257 bool fATAPIPassthrough;
258 /** Number of errors we've reported to the release log.
259 * This is to prevent flooding caused by something going horribly wrong.
260 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
261 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
262 uint32_t cErrors;
263 /** Timestamp of last started command. 0 if no command pending. */
264 uint64_t u64CmdTS;
265
266 /** Pointer to the attached driver's base interface. */
267 R3PTRTYPE(PPDMIBASE) pDrvBase;
268 /** Pointer to the attached driver's block interface. */
269 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
270 /** Pointer to the attached driver's block bios interface. */
271 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
272 /** Pointer to the attached driver's mount interface.
273 * This is NULL if the driver isn't a removable unit. */
274 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
275 /** The base interface. */
276 PDMIBASE IBase;
277 /** The block port interface. */
278 PDMIBLOCKPORT IPort;
279 /** The mount notify interface. */
280 PDMIMOUNTNOTIFY IMountNotify;
281 /** The LUN #. */
282 RTUINT iLUN;
283 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
284 /** Pointer to device instance. */
285 PPDMDEVINSR3 pDevInsR3;
286 /** Pointer to controller instance. */
287 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
288 /** Pointer to device instance. */
289 PPDMDEVINSR0 pDevInsR0;
290 /** Pointer to controller instance. */
291 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
292 /** Pointer to device instance. */
293 PPDMDEVINSRC pDevInsRC;
294 /** Pointer to controller instance. */
295 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
296
297 /** The serial number to use for IDENTIFY DEVICE commands. */
298 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
299 /** The firmware revision to use for IDENTIFY DEVICE commands. */
300 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
301 /** The model number to use for IDENTIFY DEVICE commands. */
302 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
303 /** The vendor identification string for SCSI INQUIRY commands. */
304 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
305 /** The product identification string for SCSI INQUIRY commands. */
306 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
307 /** The revision string for SCSI INQUIRY commands. */
308 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
309
310 uint8_t abAlignment3[7];
311} ATADevState;
312AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
313AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
314AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
315AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
316AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
317AssertCompileSizeAlignment(ATADevState, 8);
318
319
320typedef struct ATATransferRequest
321{
322 uint8_t iIf;
323 uint8_t iBeginTransfer;
324 uint8_t iSourceSink;
325 uint32_t cbTotalTransfer;
326 uint8_t uTxDir;
327} ATATransferRequest;
328
329
330typedef struct ATAAbortRequest
331{
332 uint8_t iIf;
333 bool fResetDrive;
334} ATAAbortRequest;
335
336
337typedef enum
338{
339 /** Begin a new transfer. */
340 ATA_AIO_NEW = 0,
341 /** Continue a DMA transfer. */
342 ATA_AIO_DMA,
343 /** Continue a PIO transfer. */
344 ATA_AIO_PIO,
345 /** Reset the drives on current controller, stop all transfer activity. */
346 ATA_AIO_RESET_ASSERTED,
347 /** Reset the drives on current controller, resume operation. */
348 ATA_AIO_RESET_CLEARED,
349 /** Abort the current transfer of a particular drive. */
350 ATA_AIO_ABORT
351} ATAAIO;
352
353
354typedef struct ATARequest
355{
356 ATAAIO ReqType;
357 union
358 {
359 ATATransferRequest t;
360 ATAAbortRequest a;
361 } u;
362} ATARequest;
363
364
365typedef struct ATACONTROLLER
366{
367 /** The base of the first I/O Port range. */
368 RTIOPORT IOPortBase1;
369 /** The base of the second I/O Port range. (0 if none) */
370 RTIOPORT IOPortBase2;
371 /** The assigned IRQ. */
372 RTUINT irq;
373 /** Access critical section */
374 PDMCRITSECT lock;
375
376 /** Selected drive. */
377 uint8_t iSelectedIf;
378 /** The interface on which to handle async I/O. */
379 uint8_t iAIOIf;
380 /** The state of the async I/O thread. */
381 uint8_t uAsyncIOState;
382 /** Flag indicating whether the next transfer is part of the current command. */
383 bool fChainedTransfer;
384 /** Set when the reset processing is currently active on this controller. */
385 bool fReset;
386 /** Flag whether the current transfer needs to be redone. */
387 bool fRedo;
388 /** Flag whether the redo suspend has been finished. */
389 bool fRedoIdle;
390 /** Flag whether the DMA operation to be redone is the final transfer. */
391 bool fRedoDMALastDesc;
392 /** The BusMaster DMA state. */
393 BMDMAState BmDma;
394 /** Pointer to first DMA descriptor. */
395 RTGCPHYS32 pFirstDMADesc;
396 /** Pointer to last DMA descriptor. */
397 RTGCPHYS32 pLastDMADesc;
398 /** Pointer to current DMA buffer (for redo operations). */
399 RTGCPHYS32 pRedoDMABuffer;
400 /** Size of current DMA buffer (for redo operations). */
401 uint32_t cbRedoDMABuffer;
402
403 /** The ATA/ATAPI interfaces of this controller. */
404 ATADevState aIfs[2];
405
406 /** Pointer to device instance. */
407 PPDMDEVINSR3 pDevInsR3;
408 /** Pointer to device instance. */
409 PPDMDEVINSR0 pDevInsR0;
410 /** Pointer to device instance. */
411 PPDMDEVINSRC pDevInsRC;
412
413 /** Set when the destroying the device instance and the thread must exit. */
414 uint32_t volatile fShutdown;
415 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
416 RTTHREAD AsyncIOThread;
417 /** The event semaphore the thread is waiting on for requests. */
418 RTSEMEVENT AsyncIOSem;
419 /** The request queue for the AIO thread. One element is always unused. */
420 ATARequest aAsyncIORequests[4];
421 /** The position at which to insert a new request for the AIO thread. */
422 uint8_t AsyncIOReqHead;
423 /** The position at which to get a new request for the AIO thread. */
424 uint8_t AsyncIOReqTail;
425 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
426 bool volatile fSignalIdle;
427 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
428 /** Magic delay before triggering interrupts in DMA mode. */
429 uint32_t DelayIRQMillies;
430 /** The mutex protecting the request queue. */
431 RTSEMMUTEX AsyncIORequestMutex;
432 /** The event semaphore the thread is waiting on during suspended I/O. */
433 RTSEMEVENT SuspendIOSem;
434#if 0 /*HC_ARCH_BITS == 32*/
435 uint32_t Alignment0;
436#endif
437
438 /** Timestamp we started the reset. */
439 uint64_t u64ResetTime;
440
441 /* Statistics */
442 STAMCOUNTER StatAsyncOps;
443 uint64_t StatAsyncMinWait;
444 uint64_t StatAsyncMaxWait;
445 STAMCOUNTER StatAsyncTimeUS;
446 STAMPROFILEADV StatAsyncTime;
447 STAMPROFILE StatLockWait;
448} ATACONTROLLER, *PATACONTROLLER;
449AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
450AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
451AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
452AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
453
454typedef enum CHIPSET
455{
456 /** PIIX3 chipset, must be 0 for saved state compatibility */
457 CHIPSET_PIIX3 = 0,
458 /** PIIX4 chipset, must be 1 for saved state compatibility */
459 CHIPSET_PIIX4 = 1,
460 /** ICH6 chipset */
461 CHIPSET_ICH6 = 2
462} CHIPSET;
463
464/**
465 * The state of the ATA PCI device.
466 *
467 * @extends PCIDEVICE
468 * @implements PDMILEDPORTS
469 */
470typedef struct PCIATAState
471{
472 PCIDEVICE dev;
473 /** The controllers. */
474 ATACONTROLLER aCts[2];
475 /** Pointer to device instance. */
476 PPDMDEVINSR3 pDevIns;
477 /** Status LUN: Base interface. */
478 PDMIBASE IBase;
479 /** Status LUN: Leds interface. */
480 PDMILEDPORTS ILeds;
481 /** Status LUN: Partner of ILeds. */
482 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
483 /** Flag whether GC is enabled. */
484 bool fGCEnabled;
485 /** Flag whether R0 is enabled. */
486 bool fR0Enabled;
487 /** Flag indicating chipset being emulated. */
488 uint8_t u8Type;
489 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
490} PCIATAState;
491
492#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
493#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
494#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
495#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
496#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
497#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
498
499#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
500
501#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
502#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
503#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
504#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
505
506#ifndef VBOX_DEVICE_STRUCT_TESTCASE
507/*******************************************************************************
508 * Internal Functions *
509 ******************************************************************************/
510RT_C_DECLS_BEGIN
511PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
512PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
513PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
514PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
515PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
516PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
517PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
518PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
519RT_C_DECLS_END
520
521
522
523DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
524{
525 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
526
527 /* Freeze status register contents while processing RESET. */
528 if (!pCtl->fReset)
529 {
530 s->uATARegStatus = stat;
531 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
532 }
533}
534
535
536DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
537{
538 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
539
540 /* Freeze status register contents while processing RESET. */
541 if (!pCtl->fReset)
542 {
543 s->uATARegStatus |= stat;
544 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
545 }
546}
547
548
549DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
550{
551 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
552
553 /* Freeze status register contents while processing RESET. */
554 if (!pCtl->fReset)
555 {
556 s->uATARegStatus &= ~stat;
557 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
558 }
559}
560
561#ifdef IN_RING3
562
563typedef void (*PBeginTransferFunc)(ATADevState *);
564typedef bool (*PSourceSinkFunc)(ATADevState *);
565
566static void ataReadWriteSectorsBT(ATADevState *);
567static void ataPacketBT(ATADevState *);
568static void atapiCmdBT(ATADevState *);
569static void atapiPassthroughCmdBT(ATADevState *);
570
571static bool ataIdentifySS(ATADevState *);
572static bool ataFlushSS(ATADevState *);
573static bool ataReadSectorsSS(ATADevState *);
574static bool ataWriteSectorsSS(ATADevState *);
575static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
576static bool ataPacketSS(ATADevState *);
577static bool atapiGetConfigurationSS(ATADevState *);
578static bool atapiGetEventStatusNotificationSS(ATADevState *);
579static bool atapiIdentifySS(ATADevState *);
580static bool atapiInquirySS(ATADevState *);
581static bool atapiMechanismStatusSS(ATADevState *);
582static bool atapiModeSenseErrorRecoverySS(ATADevState *);
583static bool atapiModeSenseCDStatusSS(ATADevState *);
584static bool atapiReadSS(ATADevState *);
585static bool atapiReadCapacitySS(ATADevState *);
586static bool atapiReadDiscInformationSS(ATADevState *);
587static bool atapiReadTOCNormalSS(ATADevState *);
588static bool atapiReadTOCMultiSS(ATADevState *);
589static bool atapiReadTOCRawSS(ATADevState *);
590static bool atapiReadTrackInformationSS(ATADevState *);
591static bool atapiRequestSenseSS(ATADevState *);
592static bool atapiPassthroughSS(ATADevState *);
593static bool atapiReadDVDStructureSS(ATADevState *);
594
595/**
596 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
597 */
598typedef enum ATAFNBT
599{
600 ATAFN_BT_NULL = 0,
601 ATAFN_BT_READ_WRITE_SECTORS,
602 ATAFN_BT_PACKET,
603 ATAFN_BT_ATAPI_CMD,
604 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
605 ATAFN_BT_MAX
606} ATAFNBT;
607
608/**
609 * Array of end transfer functions, the index is ATAFNET.
610 * Make sure ATAFNET and this array match!
611 */
612static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
613{
614 NULL,
615 ataReadWriteSectorsBT,
616 ataPacketBT,
617 atapiCmdBT,
618 atapiPassthroughCmdBT,
619};
620
621/**
622 * Source/sink function indexes for g_apfnSourceSinkFuncs.
623 */
624typedef enum ATAFNSS
625{
626 ATAFN_SS_NULL = 0,
627 ATAFN_SS_IDENTIFY,
628 ATAFN_SS_FLUSH,
629 ATAFN_SS_READ_SECTORS,
630 ATAFN_SS_WRITE_SECTORS,
631 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
632 ATAFN_SS_PACKET,
633 ATAFN_SS_ATAPI_GET_CONFIGURATION,
634 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
635 ATAFN_SS_ATAPI_IDENTIFY,
636 ATAFN_SS_ATAPI_INQUIRY,
637 ATAFN_SS_ATAPI_MECHANISM_STATUS,
638 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
639 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
640 ATAFN_SS_ATAPI_READ,
641 ATAFN_SS_ATAPI_READ_CAPACITY,
642 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
643 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
644 ATAFN_SS_ATAPI_READ_TOC_MULTI,
645 ATAFN_SS_ATAPI_READ_TOC_RAW,
646 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
647 ATAFN_SS_ATAPI_REQUEST_SENSE,
648 ATAFN_SS_ATAPI_PASSTHROUGH,
649 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
650 ATAFN_SS_MAX
651} ATAFNSS;
652
653/**
654 * Array of source/sink functions, the index is ATAFNSS.
655 * Make sure ATAFNSS and this array match!
656 */
657static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
658{
659 NULL,
660 ataIdentifySS,
661 ataFlushSS,
662 ataReadSectorsSS,
663 ataWriteSectorsSS,
664 ataExecuteDeviceDiagnosticSS,
665 ataPacketSS,
666 atapiGetConfigurationSS,
667 atapiGetEventStatusNotificationSS,
668 atapiIdentifySS,
669 atapiInquirySS,
670 atapiMechanismStatusSS,
671 atapiModeSenseErrorRecoverySS,
672 atapiModeSenseCDStatusSS,
673 atapiReadSS,
674 atapiReadCapacitySS,
675 atapiReadDiscInformationSS,
676 atapiReadTOCNormalSS,
677 atapiReadTOCMultiSS,
678 atapiReadTOCRawSS,
679 atapiReadTrackInformationSS,
680 atapiRequestSenseSS,
681 atapiPassthroughSS,
682 atapiReadDVDStructureSS
683};
684
685
686static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, };
687static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, };
688static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, };
689static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, };
690
691
692static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
693{
694 int rc;
695
696 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
697 AssertRC(rc);
698 pCtl->AsyncIOReqHead = 0;
699 pCtl->AsyncIOReqTail = 0;
700 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
701 AssertRC(rc);
702}
703
704
705static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
706{
707 int rc;
708
709 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
710 AssertRC(rc);
711 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
712 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
713 pCtl->AsyncIOReqHead++;
714 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
715 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
716 AssertRC(rc);
717 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
718 if (RT_FAILURE(rc))
719 {
720 rc = RTSemEventSignal(pCtl->AsyncIOSem);
721 AssertRC(rc);
722 }
723}
724
725
726static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
727{
728 int rc;
729 const ATARequest *pReq;
730
731 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
732 AssertRC(rc);
733 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
734 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
735 else
736 pReq = NULL;
737 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
738 AssertRC(rc);
739 return pReq;
740}
741
742
743/**
744 * Remove the request with the given type, as it's finished. The request
745 * is not removed blindly, as this could mean a RESET request that is not
746 * yet processed (but has cleared the request queue) is lost.
747 *
748 * @param pCtl Controller for which to remove the request.
749 * @param ReqType Type of the request to remove.
750 */
751static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
752{
753 int rc;
754
755 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
756 AssertRC(rc);
757 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
758 {
759 pCtl->AsyncIOReqTail++;
760 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
761 }
762 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
763 AssertRC(rc);
764}
765
766
767/**
768 * Dump the request queue for a particular controller. First dump the queue
769 * contents, then the already processed entries, as long as they haven't been
770 * overwritten.
771 *
772 * @param pCtl Controller for which to dump the queue.
773 */
774static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
775{
776 int rc;
777 uint8_t curr;
778
779 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
780 AssertRC(rc);
781 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
782 curr = pCtl->AsyncIOReqTail;
783 do
784 {
785 if (curr == pCtl->AsyncIOReqHead)
786 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
787 switch (pCtl->aAsyncIORequests[curr].ReqType)
788 {
789 case ATA_AIO_NEW:
790 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
791 break;
792 case ATA_AIO_DMA:
793 LogRel(("dma transfer continuation\n"));
794 break;
795 case ATA_AIO_PIO:
796 LogRel(("pio transfer continuation\n"));
797 break;
798 case ATA_AIO_RESET_ASSERTED:
799 LogRel(("reset asserted request\n"));
800 break;
801 case ATA_AIO_RESET_CLEARED:
802 LogRel(("reset cleared request\n"));
803 break;
804 case ATA_AIO_ABORT:
805 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
806 break;
807 default:
808 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
809 }
810 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
811 } while (curr != pCtl->AsyncIOReqTail);
812 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
813 AssertRC(rc);
814}
815
816
817/**
818 * Checks whether the request queue for a particular controller is empty
819 * or whether a particular controller is idle.
820 *
821 * @param pCtl Controller for which to check the queue.
822 * @param fStrict If set then the controller is checked to be idle.
823 */
824static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
825{
826 int rc;
827 bool fIdle;
828
829 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
830 AssertRC(rc);
831 fIdle = pCtl->fRedoIdle;
832 if (!fIdle)
833 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
834 if (fStrict)
835 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
836 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
837 AssertRC(rc);
838 return fIdle;
839}
840
841
842/**
843 * Send a transfer request to the async I/O thread.
844 *
845 * @param s Pointer to the ATA device state data.
846 * @param cbTotalTransfer Data transfer size.
847 * @param uTxDir Data transfer direction.
848 * @param iBeginTransfer Index of BeginTransfer callback.
849 * @param iSourceSink Index of SourceSink callback.
850 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
851 */
852static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
853{
854 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
855 ATARequest Req;
856
857 Assert(PDMCritSectIsOwner(&pCtl->lock));
858
859 /* Do not issue new requests while the RESET line is asserted. */
860 if (pCtl->fReset)
861 {
862 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
863 return;
864 }
865
866 /* If the controller is already doing something else right now, ignore
867 * the command that is being submitted. Some broken guests issue commands
868 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
869 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
870 {
871 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
872 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
873 return;
874 }
875
876 Req.ReqType = ATA_AIO_NEW;
877 if (fChainedTransfer)
878 Req.u.t.iIf = pCtl->iAIOIf;
879 else
880 Req.u.t.iIf = pCtl->iSelectedIf;
881 Req.u.t.cbTotalTransfer = cbTotalTransfer;
882 Req.u.t.uTxDir = uTxDir;
883 Req.u.t.iBeginTransfer = iBeginTransfer;
884 Req.u.t.iSourceSink = iSourceSink;
885 ataSetStatusValue(s, ATA_STAT_BUSY);
886 pCtl->fChainedTransfer = fChainedTransfer;
887
888 /*
889 * Kick the worker thread into action.
890 */
891 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
892 ataAsyncIOPutRequest(pCtl, &Req);
893}
894
895
896/**
897 * Send an abort command request to the async I/O thread.
898 *
899 * @param s Pointer to the ATA device state data.
900 * @param fResetDrive Whether to reset the drive or just abort a command.
901 */
902static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
903{
904 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
905 ATARequest Req;
906
907 Assert(PDMCritSectIsOwner(&pCtl->lock));
908
909 /* Do not issue new requests while the RESET line is asserted. */
910 if (pCtl->fReset)
911 {
912 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
913 return;
914 }
915
916 Req.ReqType = ATA_AIO_ABORT;
917 Req.u.a.iIf = pCtl->iSelectedIf;
918 Req.u.a.fResetDrive = fResetDrive;
919 ataSetStatus(s, ATA_STAT_BUSY);
920 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
921 ataAsyncIOPutRequest(pCtl, &Req);
922}
923
924
925static void ataSetIRQ(ATADevState *s)
926{
927 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
928 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
929
930 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
931 {
932 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
933 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
934 * line is asserted. It monitors the line for a rising edge. */
935 if (!s->fIrqPending)
936 pCtl->BmDma.u8Status |= BM_STATUS_INT;
937 /* Only actually set the IRQ line if updating the currently selected drive. */
938 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
939 {
940 /** @todo experiment with adaptive IRQ delivery: for reads it is
941 * better to wait for IRQ delivery, as it reduces latency. */
942 if (pCtl->irq == 16)
943 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
944 else
945 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
946 }
947 }
948 s->fIrqPending = true;
949}
950
951#endif /* IN_RING3 */
952
953static void ataUnsetIRQ(ATADevState *s)
954{
955 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
956 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
957
958 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
959 {
960 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
961 /* Only actually unset the IRQ line if updating the currently selected drive. */
962 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
963 {
964 if (pCtl->irq == 16)
965 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
966 else
967 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
968 }
969 }
970 s->fIrqPending = false;
971}
972
973#ifdef IN_RING3
974
975static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
976{
977 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
978 s->iIOBufferPIODataStart = start;
979 s->iIOBufferPIODataEnd = start + size;
980 ataSetStatus(s, ATA_STAT_DRQ);
981}
982
983
984static void ataPIOTransferStop(ATADevState *s)
985{
986 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
987 if (s->fATAPITransfer)
988 {
989 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
990 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
991 ataSetIRQ(s);
992 s->fATAPITransfer = false;
993 }
994 s->cbTotalTransfer = 0;
995 s->cbElementaryTransfer = 0;
996 s->iIOBufferPIODataStart = 0;
997 s->iIOBufferPIODataEnd = 0;
998 s->iBeginTransfer = ATAFN_BT_NULL;
999 s->iSourceSink = ATAFN_SS_NULL;
1000}
1001
1002
1003static void ataPIOTransferLimitATAPI(ATADevState *s)
1004{
1005 uint32_t cbLimit, cbTransfer;
1006
1007 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1008 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1009 if (cbLimit == 0)
1010 cbLimit = 0xfffe;
1011 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1012 if (cbLimit == 0xffff)
1013 cbLimit--;
1014 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1015 if (cbTransfer > cbLimit)
1016 {
1017 /* Byte count limit for clipping must be even in this case */
1018 if (cbLimit & 1)
1019 cbLimit--;
1020 cbTransfer = cbLimit;
1021 }
1022 s->uATARegLCyl = cbTransfer;
1023 s->uATARegHCyl = cbTransfer >> 8;
1024 s->cbElementaryTransfer = cbTransfer;
1025}
1026
1027
1028static uint32_t ataGetNSectors(ATADevState *s)
1029{
1030 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1031 if (s->fLBA48)
1032 {
1033 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1034 return 65536;
1035 else
1036 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1037 }
1038 else
1039 {
1040 if (!s->uATARegNSector)
1041 return 256;
1042 else
1043 return s->uATARegNSector;
1044 }
1045}
1046
1047
1048static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1049{
1050 for (uint32_t i = 0; i < cbSize; i++)
1051 {
1052 if (*pbSrc)
1053 pbDst[i ^ 1] = *pbSrc++;
1054 else
1055 pbDst[i ^ 1] = ' ';
1056 }
1057}
1058
1059
1060static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1061{
1062 for (uint32_t i = 0; i < cbSize; i++)
1063 {
1064 if (*pbSrc)
1065 pbDst[i] = *pbSrc++;
1066 else
1067 pbDst[i] = ' ';
1068 }
1069}
1070
1071
1072DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1073{
1074 pbBuf[0] = val >> 8;
1075 pbBuf[1] = val;
1076}
1077
1078
1079DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1080{
1081 pbBuf[0] = val >> 16;
1082 pbBuf[1] = val >> 8;
1083 pbBuf[2] = val;
1084}
1085
1086
1087DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1088{
1089 pbBuf[0] = val >> 24;
1090 pbBuf[1] = val >> 16;
1091 pbBuf[2] = val >> 8;
1092 pbBuf[3] = val;
1093}
1094
1095
1096DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1097{
1098 return (pbBuf[0] << 8) | pbBuf[1];
1099}
1100
1101
1102DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1103{
1104 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1105}
1106
1107
1108DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1109{
1110 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1111}
1112
1113
1114DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1115{
1116 iATAPILBA += 150;
1117 pbBuf[0] = (iATAPILBA / 75) / 60;
1118 pbBuf[1] = (iATAPILBA / 75) % 60;
1119 pbBuf[2] = iATAPILBA % 75;
1120}
1121
1122
1123DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1124{
1125 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1126}
1127
1128
1129static void ataCmdOK(ATADevState *s, uint8_t status)
1130{
1131 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1132 ataSetStatusValue(s, ATA_STAT_READY | status);
1133}
1134
1135
1136static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1137{
1138 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1139 s->uATARegError = uErrorCode;
1140 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1141 s->cbTotalTransfer = 0;
1142 s->cbElementaryTransfer = 0;
1143 s->iIOBufferCur = 0;
1144 s->iIOBufferEnd = 0;
1145 s->uTxDir = PDMBLOCKTXDIR_NONE;
1146 s->iBeginTransfer = ATAFN_BT_NULL;
1147 s->iSourceSink = ATAFN_SS_NULL;
1148}
1149
1150static uint32_t ataChecksum(void* p, size_t count)
1151{
1152 uint8_t sum = 0xa5, *pp = (uint8_t*)p;
1153 size_t i;
1154
1155 for (i = 0; i < count; i++)
1156 {
1157 sum += pp[i];
1158 count--;
1159 }
1160
1161 return (uint8_t)-(int32_t)sum;
1162}
1163
1164static bool ataIdentifySS(ATADevState *s)
1165{
1166 uint16_t *p;
1167
1168 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1169 Assert(s->cbElementaryTransfer == 512);
1170
1171 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1172 memset(p, 0, 512);
1173 p[0] = RT_H2LE_U16(0x0040);
1174 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1175 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1176 /* Block size; obsolete, but required for the BIOS. */
1177 p[5] = RT_H2LE_U16(512);
1178 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1179 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1180 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1181 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1182 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1183 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1184 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1185#if ATA_MAX_MULT_SECTORS > 1
1186 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1187#endif
1188 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1189 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1190 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1191 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1192 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1193 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1194 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1195 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1196 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1197 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1198 * s->PCHSGeometry.cHeads
1199 * s->PCHSGeometry.cSectors);
1200 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1201 * s->PCHSGeometry.cHeads
1202 * s->PCHSGeometry.cSectors >> 16);
1203 if (s->cMultSectors)
1204 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1205 if (s->cTotalSectors <= (1 << 28) - 1)
1206 {
1207 p[60] = RT_H2LE_U16(s->cTotalSectors);
1208 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1209 }
1210 else
1211 {
1212 /* Report maximum number of sectors possible with LBA28 */
1213 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1214 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1215 }
1216 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1217 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1218 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1219 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1220 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1221 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1222 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1223 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1224 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1225 if (s->cTotalSectors <= (1 << 28) - 1)
1226 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1227 else
1228 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1229 p[84] = RT_H2LE_U16(1 << 14);
1230 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1231 if (s->cTotalSectors <= (1 << 28) - 1)
1232 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1233 else
1234 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1235 p[87] = RT_H2LE_U16(1 << 14);
1236 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1237 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1238 if (s->cTotalSectors > (1 << 28) - 1)
1239 {
1240 p[100] = RT_H2LE_U16(s->cTotalSectors);
1241 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1242 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1243 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1244 }
1245 uint32_t uCsum = ataChecksum(p, 510);
1246 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1247 s->iSourceSink = ATAFN_SS_NULL;
1248 ataCmdOK(s, ATA_STAT_SEEK);
1249 return false;
1250}
1251
1252
1253static bool ataFlushSS(ATADevState *s)
1254{
1255 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1256 int rc;
1257
1258 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1259 Assert(!s->cbElementaryTransfer);
1260
1261 PDMCritSectLeave(&pCtl->lock);
1262
1263 STAM_PROFILE_START(&s->StatFlushes, f);
1264 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1265 AssertRC(rc);
1266 STAM_PROFILE_STOP(&s->StatFlushes, f);
1267
1268 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1269 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1270 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1271 ataCmdOK(s, 0);
1272 return false;
1273}
1274
1275static bool atapiIdentifySS(ATADevState *s)
1276{
1277 uint16_t *p;
1278
1279 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1280 Assert(s->cbElementaryTransfer == 512);
1281
1282 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1283 memset(p, 0, 512);
1284 /* Removable CDROM, 50us response, 12 byte packets */
1285 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1286 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1287 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1288 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1289 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1290 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1291 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1292 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1293 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1294 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1295 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1296 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1297 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1298 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1299 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1300 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1301 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1302 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1303 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1304 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1305 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1306 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1307 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1308 p[83] = RT_H2LE_U16(1 << 14);
1309 p[84] = RT_H2LE_U16(1 << 14);
1310 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1311 p[86] = RT_H2LE_U16(0);
1312 p[87] = RT_H2LE_U16(1 << 14);
1313 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1314 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1315 /* According to ATAPI-5 spec:
1316 *
1317 * The use of this word is optional.
1318 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1319 * contain the data
1320 * structure checksum.
1321 * The data structure checksum is the twos complement of the sum of
1322 * all bytes in words 0 through 254 and the byte consisting of
1323 * bits 7:0 in word 255.
1324 * Each byte shall be added with unsigned arithmetic,
1325 * and overflow shall be ignored.
1326 * The sum of all 512 bytes is zero when the checksum is correct.
1327 */
1328 uint32_t uCsum = ataChecksum(p, 510);
1329 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1330
1331 s->iSourceSink = ATAFN_SS_NULL;
1332 ataCmdOK(s, ATA_STAT_SEEK);
1333 return false;
1334}
1335
1336
1337static void ataSetSignature(ATADevState *s)
1338{
1339 s->uATARegSelect &= 0xf0; /* clear head */
1340 /* put signature */
1341 s->uATARegNSector = 1;
1342 s->uATARegSector = 1;
1343 if (s->fATAPI)
1344 {
1345 s->uATARegLCyl = 0x14;
1346 s->uATARegHCyl = 0xeb;
1347 }
1348 else if (s->pDrvBlock)
1349 {
1350 s->uATARegLCyl = 0;
1351 s->uATARegHCyl = 0;
1352 }
1353 else
1354 {
1355 s->uATARegLCyl = 0xff;
1356 s->uATARegHCyl = 0xff;
1357 }
1358}
1359
1360
1361static uint64_t ataGetSector(ATADevState *s)
1362{
1363 uint64_t iLBA;
1364 if (s->uATARegSelect & 0x40)
1365 {
1366 /* any LBA variant */
1367 if (s->fLBA48)
1368 {
1369 /* LBA48 */
1370 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1371 ((uint64_t)s->uATARegLCylHOB << 32) |
1372 ((uint64_t)s->uATARegSectorHOB << 24) |
1373 ((uint64_t)s->uATARegHCyl << 16) |
1374 ((uint64_t)s->uATARegLCyl << 8) |
1375 s->uATARegSector;
1376 }
1377 else
1378 {
1379 /* LBA */
1380 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1381 (s->uATARegLCyl << 8) | s->uATARegSector;
1382 }
1383 }
1384 else
1385 {
1386 /* CHS */
1387 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1388 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1389 (s->uATARegSector - 1);
1390 }
1391 return iLBA;
1392}
1393
1394static void ataSetSector(ATADevState *s, uint64_t iLBA)
1395{
1396 uint32_t cyl, r;
1397 if (s->uATARegSelect & 0x40)
1398 {
1399 /* any LBA variant */
1400 if (s->fLBA48)
1401 {
1402 /* LBA48 */
1403 s->uATARegHCylHOB = iLBA >> 40;
1404 s->uATARegLCylHOB = iLBA >> 32;
1405 s->uATARegSectorHOB = iLBA >> 24;
1406 s->uATARegHCyl = iLBA >> 16;
1407 s->uATARegLCyl = iLBA >> 8;
1408 s->uATARegSector = iLBA;
1409 }
1410 else
1411 {
1412 /* LBA */
1413 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1414 s->uATARegHCyl = (iLBA >> 16);
1415 s->uATARegLCyl = (iLBA >> 8);
1416 s->uATARegSector = (iLBA);
1417 }
1418 }
1419 else
1420 {
1421 /* CHS */
1422 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1423 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1424 s->uATARegHCyl = cyl >> 8;
1425 s->uATARegLCyl = cyl;
1426 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1427 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1428 }
1429}
1430
1431
1432static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1433{
1434 int rc;
1435 LogRel(("PIIX3 ATA: Host disk full\n"));
1436 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_DISKFULL",
1437 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1438 AssertRC(rc);
1439}
1440
1441static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1442{
1443 int rc;
1444 LogRel(("PIIX3 ATA: File too big\n"));
1445 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_FILETOOBIG",
1446 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1447 AssertRC(rc);
1448}
1449
1450static void ataWarningISCSI(PPDMDEVINS pDevIns)
1451{
1452 int rc;
1453 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1454 rc = PDMDevHlpVMSetRuntimeError(pDevIns, 0 /*fFlags*/, "DevATA_ISCSIDOWN",
1455 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1456 AssertRC(rc);
1457}
1458
1459/**
1460 * Suspend I/O operations on a controller. Also suspends EMT, because it's
1461 * waiting for I/O to make progress. The next attempt to perform an I/O
1462 * operation will be made when EMT is resumed up again (as the resume
1463 * callback below restarts I/O).
1464 *
1465 * @param pCtl Controller for which to suspend I/O.
1466 */
1467static void ataSuspendRedo(PATACONTROLLER pCtl)
1468{
1469 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
1470 int rc;
1471
1472 pCtl->fRedoIdle = true;
1473 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
1474 (PFNRT)PDMDevHlpVMSuspend, 1, pDevIns);
1475 AssertReleaseRC(rc);
1476}
1477
1478bool ataIsRedoSetWarning(ATADevState *s, int rc)
1479{
1480 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1481 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1482 if (rc == VERR_DISK_FULL)
1483 {
1484 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1485 ataSuspendRedo(pCtl);
1486 return true;
1487 }
1488 if (rc == VERR_FILE_TOO_BIG)
1489 {
1490 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1491 ataSuspendRedo(pCtl);
1492 return true;
1493 }
1494 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1495 {
1496 /* iSCSI connection abort (first error) or failure to reestablish
1497 * connection (second error). Pause VM. On resume we'll retry. */
1498 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1499 ataSuspendRedo(pCtl);
1500 return true;
1501 }
1502 return false;
1503}
1504
1505
1506static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf, uint32_t cSectors, bool *fRedo)
1507{
1508 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1509 int rc;
1510
1511 PDMCritSectLeave(&pCtl->lock);
1512
1513 STAM_PROFILE_ADV_START(&s->StatReads, r);
1514 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1515 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1516 s->Led.Actual.s.fReading = 0;
1517 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1518
1519 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1520
1521 if (RT_SUCCESS(rc))
1522 *fRedo = false;
1523 else
1524 *fRedo = ataIsRedoSetWarning(s, rc);
1525
1526 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1527 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1528 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1529 return rc;
1530}
1531
1532
1533static int ataWriteSectors(ATADevState *s, uint64_t u64Sector, const void *pvBuf, uint32_t cSectors, bool *fRedo)
1534{
1535 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1536 int rc;
1537
1538 PDMCritSectLeave(&pCtl->lock);
1539
1540 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1541 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1542#ifdef VBOX_INSTRUMENT_DMA_WRITES
1543 if (s->fDMA)
1544 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1545#endif
1546 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1547#ifdef VBOX_INSTRUMENT_DMA_WRITES
1548 if (s->fDMA)
1549 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1550#endif
1551 s->Led.Actual.s.fWriting = 0;
1552 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1553
1554 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1555
1556 if (RT_SUCCESS(rc))
1557 *fRedo = false;
1558 else
1559 *fRedo = ataIsRedoSetWarning(s, rc);
1560
1561 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1562 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1563 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1564 return rc;
1565}
1566
1567
1568static void ataReadWriteSectorsBT(ATADevState *s)
1569{
1570 uint32_t cSectors;
1571
1572 cSectors = s->cbTotalTransfer / 512;
1573 if (cSectors > s->cSectorsPerIRQ)
1574 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1575 else
1576 s->cbElementaryTransfer = cSectors * 512;
1577 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1578 ataCmdOK(s, 0);
1579}
1580
1581
1582static bool ataReadSectorsSS(ATADevState *s)
1583{
1584 int rc;
1585 uint32_t cSectors;
1586 uint64_t iLBA;
1587 bool fRedo;
1588
1589 cSectors = s->cbElementaryTransfer / 512;
1590 Assert(cSectors);
1591 iLBA = ataGetSector(s);
1592 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1593 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1594 if (RT_SUCCESS(rc))
1595 {
1596 ataSetSector(s, iLBA + cSectors);
1597 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1598 s->iSourceSink = ATAFN_SS_NULL;
1599 ataCmdOK(s, ATA_STAT_SEEK);
1600 }
1601 else
1602 {
1603 if (fRedo)
1604 return fRedo;
1605 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1606 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1607 s->iLUN, rc, iLBA, cSectors));
1608
1609 /*
1610 * Check if we got interrupted. We don't need to set status variables
1611 * because the request was aborted.
1612 */
1613 if (rc != VERR_INTERRUPTED)
1614 ataCmdError(s, ID_ERR);
1615 }
1616 return false;
1617}
1618
1619
1620static bool ataWriteSectorsSS(ATADevState *s)
1621{
1622 int rc;
1623 uint32_t cSectors;
1624 uint64_t iLBA;
1625 bool fRedo;
1626
1627 cSectors = s->cbElementaryTransfer / 512;
1628 Assert(cSectors);
1629 iLBA = ataGetSector(s);
1630 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1631 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1632 if (RT_SUCCESS(rc))
1633 {
1634 ataSetSector(s, iLBA + cSectors);
1635 if (!s->cbTotalTransfer)
1636 s->iSourceSink = ATAFN_SS_NULL;
1637 ataCmdOK(s, ATA_STAT_SEEK);
1638 }
1639 else
1640 {
1641 if (fRedo)
1642 return fRedo;
1643 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1644 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1645 s->iLUN, rc, iLBA, cSectors));
1646
1647 /*
1648 * Check if we got interrupted. We don't need to set status variables
1649 * because the request was aborted.
1650 */
1651 if (rc != VERR_INTERRUPTED)
1652 ataCmdError(s, ID_ERR);
1653 }
1654 return false;
1655}
1656
1657
1658static void atapiCmdOK(ATADevState *s)
1659{
1660 s->uATARegError = 0;
1661 ataSetStatusValue(s, ATA_STAT_READY);
1662 s->uATARegNSector = (s->uATARegNSector & ~7)
1663 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1664 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1665 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1666
1667 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1668 s->abATAPISense[0] = 0x70 | (1 << 7);
1669 s->abATAPISense[7] = 10;
1670}
1671
1672
1673static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1674{
1675 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1676 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1677 s->uATARegError = pabATAPISense[2] << 4;
1678 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1679 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1680 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1681 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1682 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1683 s->cbTotalTransfer = 0;
1684 s->cbElementaryTransfer = 0;
1685 s->iIOBufferCur = 0;
1686 s->iIOBufferEnd = 0;
1687 s->uTxDir = PDMBLOCKTXDIR_NONE;
1688 s->iBeginTransfer = ATAFN_BT_NULL;
1689 s->iSourceSink = ATAFN_SS_NULL;
1690}
1691
1692
1693/** @todo deprecated function - doesn't provide enough info. Replace by direct
1694 * calls to atapiCmdError() with full data. */
1695static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1696{
1697 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1698 memset(abATAPISense, '\0', sizeof(abATAPISense));
1699 abATAPISense[0] = 0x70 | (1 << 7);
1700 abATAPISense[2] = uATAPISenseKey & 0x0f;
1701 abATAPISense[7] = 10;
1702 abATAPISense[12] = uATAPIASC;
1703 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1704}
1705
1706
1707static void atapiCmdBT(ATADevState *s)
1708{
1709 s->fATAPITransfer = true;
1710 s->cbElementaryTransfer = s->cbTotalTransfer;
1711 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1712 atapiCmdOK(s);
1713}
1714
1715
1716static void atapiPassthroughCmdBT(ATADevState *s)
1717{
1718 /* @todo implement an algorithm for correctly determining the read and
1719 * write sector size without sending additional commands to the drive.
1720 * This should be doable by saving processing the configuration requests
1721 * and replies. */
1722#if 0
1723 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1724 {
1725 uint8_t cmd = s->aATAPICmd[0];
1726 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1727 {
1728 uint8_t aModeSenseCmd[10];
1729 uint8_t aModeSenseResult[16];
1730 uint8_t uDummySense;
1731 uint32_t cbTransfer;
1732 int rc;
1733
1734 cbTransfer = sizeof(aModeSenseResult);
1735 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1736 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1737 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1738 aModeSenseCmd[3] = 0; /* subpage code */
1739 aModeSenseCmd[4] = 0; /* reserved */
1740 aModeSenseCmd[5] = 0; /* reserved */
1741 aModeSenseCmd[6] = 0; /* reserved */
1742 aModeSenseCmd[7] = cbTransfer >> 8;
1743 aModeSenseCmd[8] = cbTransfer & 0xff;
1744 aModeSenseCmd[9] = 0; /* control */
1745 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1746 if (RT_FAILURE(rc))
1747 {
1748 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1749 return;
1750 }
1751 /* Select sector size based on the current data block type. */
1752 switch (aModeSenseResult[12] & 0x0f)
1753 {
1754 case 0:
1755 s->cbATAPISector = 2352;
1756 break;
1757 case 1:
1758 s->cbATAPISector = 2368;
1759 break;
1760 case 2:
1761 case 3:
1762 s->cbATAPISector = 2448;
1763 break;
1764 case 8:
1765 case 10:
1766 s->cbATAPISector = 2048;
1767 break;
1768 case 9:
1769 s->cbATAPISector = 2336;
1770 break;
1771 case 11:
1772 s->cbATAPISector = 2056;
1773 break;
1774 case 12:
1775 s->cbATAPISector = 2324;
1776 break;
1777 case 13:
1778 s->cbATAPISector = 2332;
1779 break;
1780 default:
1781 s->cbATAPISector = 0;
1782 }
1783 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1784 s->cbTotalTransfer *= s->cbATAPISector;
1785 if (s->cbTotalTransfer == 0)
1786 s->uTxDir = PDMBLOCKTXDIR_NONE;
1787 }
1788 }
1789#endif
1790 atapiCmdBT(s);
1791}
1792
1793
1794static bool atapiReadSS(ATADevState *s)
1795{
1796 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1797 int rc = VINF_SUCCESS;
1798 uint32_t cbTransfer, cSectors;
1799
1800 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1801 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1802 cSectors = cbTransfer / s->cbATAPISector;
1803 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1804 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1805
1806 PDMCritSectLeave(&pCtl->lock);
1807
1808 STAM_PROFILE_ADV_START(&s->StatReads, r);
1809 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1810 switch (s->cbATAPISector)
1811 {
1812 case 2048:
1813 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1814 break;
1815 case 2352:
1816 {
1817 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1818
1819 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1820 {
1821 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1822 *pbBuf++ = 0x00;
1823 memset(pbBuf, 0xff, 10);
1824 pbBuf += 10;
1825 *pbBuf++ = 0x00;
1826 /* MSF */
1827 ataLBA2MSF(pbBuf, i);
1828 pbBuf += 3;
1829 *pbBuf++ = 0x01; /* mode 1 data */
1830 /* data */
1831 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1832 if (RT_FAILURE(rc))
1833 break;
1834 pbBuf += 2048;
1835 /**
1836 * @todo: maybe compute ECC and parity, layout is:
1837 * 2072 4 EDC
1838 * 2076 172 P parity symbols
1839 * 2248 104 Q parity symbols
1840 */
1841 memset(pbBuf, 0, 280);
1842 pbBuf += 280;
1843 }
1844 }
1845 break;
1846 default:
1847 break;
1848 }
1849 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1850
1851 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1852 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1853 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1854
1855 if (RT_SUCCESS(rc))
1856 {
1857 s->Led.Actual.s.fReading = 0;
1858 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1859
1860 /* The initial buffer end value has been set up based on the total
1861 * transfer size. But the I/O buffer size limits what can actually be
1862 * done in one transfer, so set the actual value of the buffer end. */
1863 s->cbElementaryTransfer = cbTransfer;
1864 if (cbTransfer >= s->cbTotalTransfer)
1865 s->iSourceSink = ATAFN_SS_NULL;
1866 atapiCmdOK(s);
1867 s->iATAPILBA += cSectors;
1868 }
1869 else
1870 {
1871 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1872 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1873
1874 /*
1875 * Check if we got interrupted. We don't need to set status variables
1876 * because the request was aborted.
1877 */
1878 if (rc != VERR_INTERRUPTED)
1879 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1880 }
1881 return false;
1882}
1883
1884
1885static bool atapiPassthroughSS(ATADevState *s)
1886{
1887 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1888 int rc = VINF_SUCCESS;
1889 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1890 uint32_t cbTransfer;
1891 PSTAMPROFILEADV pProf = NULL;
1892
1893 cbTransfer = s->cbElementaryTransfer;
1894
1895 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1896 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1897
1898 /* Simple heuristics: if there is at least one sector of data
1899 * to transfer, it's worth updating the LEDs. */
1900 if (cbTransfer >= 2048)
1901 {
1902 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1903 {
1904 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1905 pProf = &s->StatReads;
1906 }
1907 else
1908 {
1909 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1910 pProf = &s->StatWrites;
1911 }
1912 }
1913
1914 PDMCritSectLeave(&pCtl->lock);
1915
1916 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1917 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1918 {
1919 /* Linux accepts commands with up to 100KB of data, but expects
1920 * us to handle commands with up to 128KB of data. The usual
1921 * imbalance of powers. */
1922 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1923 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1924 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1925
1926 switch (s->aATAPICmd[0])
1927 {
1928 case SCSI_READ_10:
1929 case SCSI_WRITE_10:
1930 case SCSI_WRITE_AND_VERIFY_10:
1931 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1932 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1933 break;
1934 case SCSI_READ_12:
1935 case SCSI_WRITE_12:
1936 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1937 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1938 break;
1939 case SCSI_READ_CD:
1940 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1941 cSectors = ataBE2H_U24(s->aATAPICmd + 6) / s->cbATAPISector;
1942 break;
1943 case SCSI_READ_CD_MSF:
1944 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1945 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1946 break;
1947 default:
1948 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1949 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1950 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1951 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1952 {
1953 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1954 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1955 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1956 }
1957 return false;
1958 }
1959 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1960 cReqSectors = 0;
1961 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1962 {
1963 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1964 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1965 else
1966 cReqSectors = i;
1967 cbCurrTX = s->cbATAPISector * cReqSectors;
1968 switch (s->aATAPICmd[0])
1969 {
1970 case SCSI_READ_10:
1971 case SCSI_WRITE_10:
1972 case SCSI_WRITE_AND_VERIFY_10:
1973 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1974 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1975 break;
1976 case SCSI_READ_12:
1977 case SCSI_WRITE_12:
1978 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1979 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1980 break;
1981 case SCSI_READ_CD:
1982 ataH2BE_U32(s->aATAPICmd + 2, iATAPILBA);
1983 ataH2BE_U24(s->aATAPICmd + 6, cbCurrTX);
1984 break;
1985 case SCSI_READ_CD_MSF:
1986 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1987 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1988 break;
1989 }
1990 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1991 if (rc != VINF_SUCCESS)
1992 break;
1993 iATAPILBA += cReqSectors;
1994 pbBuf += s->cbATAPISector * cReqSectors;
1995 }
1996 }
1997 else
1998 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1999 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
2000
2001 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2002 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2003 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2004
2005 /* Update the LEDs and the read/write statistics. */
2006 if (cbTransfer >= 2048)
2007 {
2008 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2009 {
2010 s->Led.Actual.s.fReading = 0;
2011 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2012 }
2013 else
2014 {
2015 s->Led.Actual.s.fWriting = 0;
2016 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2017 }
2018 }
2019
2020 if (RT_SUCCESS(rc))
2021 {
2022 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2023 {
2024 Assert(cbTransfer <= s->cbTotalTransfer);
2025 /* Reply with the same amount of data as the real drive. */
2026 s->cbTotalTransfer = cbTransfer;
2027 /* The initial buffer end value has been set up based on the total
2028 * transfer size. But the I/O buffer size limits what can actually be
2029 * done in one transfer, so set the actual value of the buffer end. */
2030 s->cbElementaryTransfer = cbTransfer;
2031 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2032 {
2033 /* Make sure that the real drive cannot be identified.
2034 * Motivation: changing the VM configuration should be as
2035 * invisible as possible to the guest. */
2036 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2037 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2038 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2039 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2040 }
2041 if (cbTransfer)
2042 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2043 }
2044 s->iSourceSink = ATAFN_SS_NULL;
2045 atapiCmdOK(s);
2046 }
2047 else
2048 {
2049 if (s->cErrors < MAX_LOG_REL_ERRORS)
2050 {
2051 uint8_t u8Cmd = s->aATAPICmd[0];
2052 do
2053 {
2054 /* don't log superflous errors */
2055 if ( rc == VERR_DEV_IO_ERROR
2056 && ( u8Cmd == SCSI_TEST_UNIT_READY
2057 || u8Cmd == SCSI_READ_CAPACITY
2058 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2059 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2060 break;
2061 s->cErrors++;
2062 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2063 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2064 } while (0);
2065 }
2066 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2067 }
2068 return false;
2069}
2070
2071/** @todo: Revise ASAP. */
2072static bool atapiReadDVDStructureSS(ATADevState *s)
2073{
2074 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2075 int media = s->aATAPICmd[1];
2076 int format = s->aATAPICmd[7];
2077
2078 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2079
2080 memset(buf, 0, max_len);
2081
2082 switch (format) {
2083 case 0x00:
2084 case 0x01:
2085 case 0x02:
2086 case 0x03:
2087 case 0x04:
2088 case 0x05:
2089 case 0x06:
2090 case 0x07:
2091 case 0x08:
2092 case 0x09:
2093 case 0x0a:
2094 case 0x0b:
2095 case 0x0c:
2096 case 0x0d:
2097 case 0x0e:
2098 case 0x0f:
2099 case 0x10:
2100 case 0x11:
2101 case 0x30:
2102 case 0x31:
2103 case 0xff:
2104 if (media == 0)
2105 {
2106 int uASC = SCSI_ASC_NONE;
2107
2108 switch (format)
2109 {
2110 case 0x0: /* Physical format information */
2111 {
2112 int layer = s->aATAPICmd[6];
2113 uint64_t total_sectors;
2114
2115 if (layer != 0)
2116 {
2117 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2118 break;
2119 }
2120
2121 total_sectors = s->cTotalSectors;
2122 total_sectors >>= 2;
2123 if (total_sectors == 0)
2124 {
2125 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2126 break;
2127 }
2128
2129 buf[4] = 1; /* DVD-ROM, part version 1 */
2130 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2131 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2132 buf[7] = 0; /* default densities */
2133
2134 /* FIXME: 0x30000 per spec? */
2135 ataH2BE_U32(buf + 8, 0); /* start sector */
2136 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2137 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2138
2139 /* Size of buffer, not including 2 byte size field */
2140 ataH2BE_U32(&buf[0], 2048 + 2);
2141
2142 /* 2k data + 4 byte header */
2143 uASC = (2048 + 4);
2144 }
2145 break;
2146 case 0x01: /* DVD copyright information */
2147 buf[4] = 0; /* no copyright data */
2148 buf[5] = 0; /* no region restrictions */
2149
2150 /* Size of buffer, not including 2 byte size field */
2151 ataH2BE_U16(buf, 4 + 2);
2152
2153 /* 4 byte header + 4 byte data */
2154 uASC = (4 + 4);
2155
2156 case 0x03: /* BCA information - invalid field for no BCA info */
2157 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2158 break;
2159
2160 case 0x04: /* DVD disc manufacturing information */
2161 /* Size of buffer, not including 2 byte size field */
2162 ataH2BE_U16(buf, 2048 + 2);
2163
2164 /* 2k data + 4 byte header */
2165 uASC = (2048 + 4);
2166 break;
2167 case 0xff:
2168 /*
2169 * This lists all the command capabilities above. Add new ones
2170 * in order and update the length and buffer return values.
2171 */
2172
2173 buf[4] = 0x00; /* Physical format */
2174 buf[5] = 0x40; /* Not writable, is readable */
2175 ataH2BE_U16((buf + 6), 2048 + 4);
2176
2177 buf[8] = 0x01; /* Copyright info */
2178 buf[9] = 0x40; /* Not writable, is readable */
2179 ataH2BE_U16((buf + 10), 4 + 4);
2180
2181 buf[12] = 0x03; /* BCA info */
2182 buf[13] = 0x40; /* Not writable, is readable */
2183 ataH2BE_U16((buf + 14), 188 + 4);
2184
2185 buf[16] = 0x04; /* Manufacturing info */
2186 buf[17] = 0x40; /* Not writable, is readable */
2187 ataH2BE_U16((buf + 18), 2048 + 4);
2188
2189 /* Size of buffer, not including 2 byte size field */
2190 ataH2BE_U16(buf, 16 + 2);
2191
2192 /* data written + 4 byte header */
2193 uASC = (16 + 4);
2194 break;
2195 default: /* TODO: formats beyond DVD-ROM requires */
2196 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2197 }
2198
2199 if (uASC < 0)
2200 {
2201 s->iSourceSink = ATAFN_SS_NULL;
2202 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2203 return false;
2204 }
2205 break;
2206 }
2207 /* TODO: BD support, fall through for now */
2208
2209 /* Generic disk structures */
2210 case 0x80: /* TODO: AACS volume identifier */
2211 case 0x81: /* TODO: AACS media serial number */
2212 case 0x82: /* TODO: AACS media identifier */
2213 case 0x83: /* TODO: AACS media key block */
2214 case 0x90: /* TODO: List of recognized format layers */
2215 case 0xc0: /* TODO: Write protection status */
2216 default:
2217 s->iSourceSink = ATAFN_SS_NULL;
2218 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2219 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2220 return false;
2221 }
2222
2223 s->iSourceSink = ATAFN_SS_NULL;
2224 atapiCmdOK(s);
2225 return false;
2226}
2227
2228static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2229{
2230 Assert(cSectors > 0);
2231 s->iATAPILBA = iATAPILBA;
2232 s->cbATAPISector = cbSector;
2233 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2234 return false;
2235}
2236
2237
2238static bool atapiReadCapacitySS(ATADevState *s)
2239{
2240 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2241
2242 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2243 Assert(s->cbElementaryTransfer <= 8);
2244 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2245 ataH2BE_U32(pbBuf + 4, 2048);
2246 s->iSourceSink = ATAFN_SS_NULL;
2247 atapiCmdOK(s);
2248 return false;
2249}
2250
2251
2252static bool atapiReadDiscInformationSS(ATADevState *s)
2253{
2254 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2255
2256 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2257 Assert(s->cbElementaryTransfer <= 34);
2258 memset(pbBuf, '\0', 34);
2259 ataH2BE_U16(pbBuf, 32);
2260 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2261 pbBuf[3] = 1; /* number of first track */
2262 pbBuf[4] = 1; /* number of sessions (LSB) */
2263 pbBuf[5] = 1; /* first track number in last session (LSB) */
2264 pbBuf[6] = 1; /* last track number in last session (LSB) */
2265 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2266 pbBuf[8] = 0; /* disc type = CD-ROM */
2267 pbBuf[9] = 0; /* number of sessions (MSB) */
2268 pbBuf[10] = 0; /* number of sessions (MSB) */
2269 pbBuf[11] = 0; /* number of sessions (MSB) */
2270 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2271 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2272 s->iSourceSink = ATAFN_SS_NULL;
2273 atapiCmdOK(s);
2274 return false;
2275}
2276
2277
2278static bool atapiReadTrackInformationSS(ATADevState *s)
2279{
2280 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2281
2282 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2283 Assert(s->cbElementaryTransfer <= 36);
2284 /* Accept address/number type of 1 only, and only track 1 exists. */
2285 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2286 {
2287 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2288 return false;
2289 }
2290 memset(pbBuf, '\0', 36);
2291 ataH2BE_U16(pbBuf, 34);
2292 pbBuf[2] = 1; /* track number (LSB) */
2293 pbBuf[3] = 1; /* session number (LSB) */
2294 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2295 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2296 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2297 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2298 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2299 pbBuf[32] = 0; /* track number (MSB) */
2300 pbBuf[33] = 0; /* session number (MSB) */
2301 s->iSourceSink = ATAFN_SS_NULL;
2302 atapiCmdOK(s);
2303 return false;
2304}
2305
2306
2307static bool atapiGetConfigurationSS(ATADevState *s)
2308{
2309 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2310 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2311
2312 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2313 Assert(s->cbElementaryTransfer <= 32);
2314 /* Accept valid request types only, and only starting feature 0. */
2315 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2316 {
2317 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2318 return false;
2319 }
2320 memset(pbBuf, '\0', 32);
2321 ataH2BE_U32(pbBuf, 16);
2322 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2323 * way to differentiate them right now is based on the image size). Also
2324 * implement signalling "no current profile" if no medium is loaded. */
2325 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2326
2327 ataH2BE_U16(pbBuf + 8, 0); /* feature 0: list of profiles supported */
2328 pbBuf[10] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2329 pbBuf[11] = 8; /* additional bytes for profiles */
2330 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2331 * before CD-ROM read capability. */
2332 ataH2BE_U16(pbBuf + 12, 0x10); /* profile: read-only DVD */
2333 pbBuf[14] = (0 << 0); /* NOT current profile */
2334 ataH2BE_U16(pbBuf + 16, 0x08); /* profile: read only CD */
2335 pbBuf[18] = (1 << 0); /* current profile */
2336 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2337 s->iSourceSink = ATAFN_SS_NULL;
2338 atapiCmdOK(s);
2339 return false;
2340}
2341
2342
2343static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2344{
2345 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2346
2347 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2348 Assert(s->cbElementaryTransfer <= 8);
2349
2350 if (!(s->aATAPICmd[1] & 1))
2351 {
2352 /* no asynchronous operation supported */
2353 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2354 return false;
2355 }
2356
2357 uint32_t OldStatus, NewStatus;
2358 do
2359 {
2360 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2361 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2362 switch (OldStatus)
2363 {
2364 case ATA_EVENT_STATUS_MEDIA_NEW:
2365 /* mount */
2366 ataH2BE_U16(pbBuf + 0, 6);
2367 pbBuf[2] = 0x04;
2368 pbBuf[3] = 0x5e;
2369 pbBuf[4] = 0x02;
2370 pbBuf[5] = 0x02;
2371 pbBuf[6] = 0x00;
2372 pbBuf[7] = 0x00;
2373 break;
2374
2375 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2376 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2377 /* umount */
2378 ataH2BE_U16(pbBuf + 0, 6);
2379 pbBuf[2] = 0x04;
2380 pbBuf[3] = 0x5e;
2381 pbBuf[4] = 0x03;
2382 pbBuf[5] = 0x00;
2383 pbBuf[6] = 0x00;
2384 pbBuf[7] = 0x00;
2385 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2386 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2387 break;
2388
2389 case ATA_EVENT_STATUS_UNCHANGED:
2390 default:
2391 ataH2BE_U16(pbBuf + 0, 6);
2392 pbBuf[2] = 0x01;
2393 pbBuf[3] = 0x5e;
2394 pbBuf[4] = 0x00;
2395 pbBuf[5] = 0x00;
2396 pbBuf[6] = 0x00;
2397 pbBuf[7] = 0x00;
2398 break;
2399 }
2400 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2401
2402 s->iSourceSink = ATAFN_SS_NULL;
2403 atapiCmdOK(s);
2404 return false;
2405}
2406
2407
2408static bool atapiInquirySS(ATADevState *s)
2409{
2410 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2411
2412 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2413 Assert(s->cbElementaryTransfer <= 36);
2414 pbBuf[0] = 0x05; /* CD-ROM */
2415 pbBuf[1] = 0x80; /* removable */
2416#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2417 pbBuf[2] = 0x00; /* ISO */
2418 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2419#else
2420 pbBuf[2] = 0x00; /* ISO */
2421 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2422#endif
2423 pbBuf[4] = 31; /* additional length */
2424 pbBuf[5] = 0; /* reserved */
2425 pbBuf[6] = 0; /* reserved */
2426 pbBuf[7] = 0; /* reserved */
2427 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2428 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2429 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2430 s->iSourceSink = ATAFN_SS_NULL;
2431 atapiCmdOK(s);
2432 return false;
2433}
2434
2435
2436static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2437{
2438 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2439
2440 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2441 Assert(s->cbElementaryTransfer <= 16);
2442 ataH2BE_U16(&pbBuf[0], 16 + 6);
2443 pbBuf[2] = 0x70;
2444 pbBuf[3] = 0;
2445 pbBuf[4] = 0;
2446 pbBuf[5] = 0;
2447 pbBuf[6] = 0;
2448 pbBuf[7] = 0;
2449
2450 pbBuf[8] = 0x01;
2451 pbBuf[9] = 0x06;
2452 pbBuf[10] = 0x00;
2453 pbBuf[11] = 0x05;
2454 pbBuf[12] = 0x00;
2455 pbBuf[13] = 0x00;
2456 pbBuf[14] = 0x00;
2457 pbBuf[15] = 0x00;
2458 s->iSourceSink = ATAFN_SS_NULL;
2459 atapiCmdOK(s);
2460 return false;
2461}
2462
2463
2464static bool atapiModeSenseCDStatusSS(ATADevState *s)
2465{
2466 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2467
2468 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2469 Assert(s->cbElementaryTransfer <= 40);
2470 ataH2BE_U16(&pbBuf[0], 38);
2471 pbBuf[2] = 0x70;
2472 pbBuf[3] = 0;
2473 pbBuf[4] = 0;
2474 pbBuf[5] = 0;
2475 pbBuf[6] = 0;
2476 pbBuf[7] = 0;
2477
2478 pbBuf[8] = 0x2a;
2479 pbBuf[9] = 30; /* page length */
2480 pbBuf[10] = 0x08; /* DVD-ROM read support */
2481 pbBuf[11] = 0x00; /* no write support */
2482 /* The following claims we support audio play. This is obviously false,
2483 * but the Linux generic CDROM support makes many features depend on this
2484 * capability. If it's not set, this causes many things to be disabled. */
2485 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2486 pbBuf[13] = 0x00; /* no subchannel reads supported */
2487 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2488 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2489 pbBuf[14] |= 1 << 1; /* report lock state */
2490 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2491 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2492 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2493 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2494 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2495 pbBuf[24] = 0; /* reserved */
2496 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2497 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2498 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2499 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2500 pbBuf[32] = 0; /* reserved */
2501 pbBuf[33] = 0; /* reserved */
2502 pbBuf[34] = 0; /* reserved */
2503 pbBuf[35] = 1; /* rotation control CAV */
2504 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2505 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2506 s->iSourceSink = ATAFN_SS_NULL;
2507 atapiCmdOK(s);
2508 return false;
2509}
2510
2511
2512static bool atapiRequestSenseSS(ATADevState *s)
2513{
2514 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2515
2516 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2517 memset(pbBuf, '\0', s->cbElementaryTransfer);
2518 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2519 s->iSourceSink = ATAFN_SS_NULL;
2520 atapiCmdOK(s);
2521 return false;
2522}
2523
2524
2525static bool atapiMechanismStatusSS(ATADevState *s)
2526{
2527 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2528
2529 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2530 Assert(s->cbElementaryTransfer <= 8);
2531 ataH2BE_U16(pbBuf, 0);
2532 /* no current LBA */
2533 pbBuf[2] = 0;
2534 pbBuf[3] = 0;
2535 pbBuf[4] = 0;
2536 pbBuf[5] = 1;
2537 ataH2BE_U16(pbBuf + 6, 0);
2538 s->iSourceSink = ATAFN_SS_NULL;
2539 atapiCmdOK(s);
2540 return false;
2541}
2542
2543
2544static bool atapiReadTOCNormalSS(ATADevState *s)
2545{
2546 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2547 bool fMSF;
2548 uint32_t cbSize;
2549
2550 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2551 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2552 iStartTrack = s->aATAPICmd[6];
2553 if (iStartTrack > 1 && iStartTrack != 0xaa)
2554 {
2555 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2556 return false;
2557 }
2558 q = pbBuf + 2;
2559 *q++ = 1; /* first session */
2560 *q++ = 1; /* last session */
2561 if (iStartTrack <= 1)
2562 {
2563 *q++ = 0; /* reserved */
2564 *q++ = 0x14; /* ADR, control */
2565 *q++ = 1; /* track number */
2566 *q++ = 0; /* reserved */
2567 if (fMSF)
2568 {
2569 *q++ = 0; /* reserved */
2570 ataLBA2MSF(q, 0);
2571 q += 3;
2572 }
2573 else
2574 {
2575 /* sector 0 */
2576 ataH2BE_U32(q, 0);
2577 q += 4;
2578 }
2579 }
2580 /* lead out track */
2581 *q++ = 0; /* reserved */
2582 *q++ = 0x14; /* ADR, control */
2583 *q++ = 0xaa; /* track number */
2584 *q++ = 0; /* reserved */
2585 if (fMSF)
2586 {
2587 *q++ = 0; /* reserved */
2588 ataLBA2MSF(q, s->cTotalSectors);
2589 q += 3;
2590 }
2591 else
2592 {
2593 ataH2BE_U32(q, s->cTotalSectors);
2594 q += 4;
2595 }
2596 cbSize = q - pbBuf;
2597 ataH2BE_U16(pbBuf, cbSize - 2);
2598 if (cbSize < s->cbTotalTransfer)
2599 s->cbTotalTransfer = cbSize;
2600 s->iSourceSink = ATAFN_SS_NULL;
2601 atapiCmdOK(s);
2602 return false;
2603}
2604
2605
2606static bool atapiReadTOCMultiSS(ATADevState *s)
2607{
2608 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2609 bool fMSF;
2610
2611 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2612 Assert(s->cbElementaryTransfer <= 12);
2613 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2614 /* multi session: only a single session defined */
2615/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2616 memset(pbBuf, 0, 12);
2617 pbBuf[1] = 0x0a;
2618 pbBuf[2] = 0x01;
2619 pbBuf[3] = 0x01;
2620 pbBuf[5] = 0x14; /* ADR, control */
2621 pbBuf[6] = 1; /* first track in last complete session */
2622 if (fMSF)
2623 {
2624 pbBuf[8] = 0; /* reserved */
2625 ataLBA2MSF(&pbBuf[9], 0);
2626 }
2627 else
2628 {
2629 /* sector 0 */
2630 ataH2BE_U32(pbBuf + 8, 0);
2631 }
2632 s->iSourceSink = ATAFN_SS_NULL;
2633 atapiCmdOK(s);
2634 return false;
2635}
2636
2637
2638static bool atapiReadTOCRawSS(ATADevState *s)
2639{
2640 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2641 bool fMSF;
2642 uint32_t cbSize;
2643
2644 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2645 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2646 iStartTrack = s->aATAPICmd[6];
2647
2648 q = pbBuf + 2;
2649 *q++ = 1; /* first session */
2650 *q++ = 1; /* last session */
2651
2652 *q++ = 1; /* session number */
2653 *q++ = 0x14; /* data track */
2654 *q++ = 0; /* track number */
2655 *q++ = 0xa0; /* first track in program area */
2656 *q++ = 0; /* min */
2657 *q++ = 0; /* sec */
2658 *q++ = 0; /* frame */
2659 *q++ = 0;
2660 *q++ = 1; /* first track */
2661 *q++ = 0x00; /* disk type CD-DA or CD data */
2662 *q++ = 0;
2663
2664 *q++ = 1; /* session number */
2665 *q++ = 0x14; /* data track */
2666 *q++ = 0; /* track number */
2667 *q++ = 0xa1; /* last track in program area */
2668 *q++ = 0; /* min */
2669 *q++ = 0; /* sec */
2670 *q++ = 0; /* frame */
2671 *q++ = 0;
2672 *q++ = 1; /* last track */
2673 *q++ = 0;
2674 *q++ = 0;
2675
2676 *q++ = 1; /* session number */
2677 *q++ = 0x14; /* data track */
2678 *q++ = 0; /* track number */
2679 *q++ = 0xa2; /* lead-out */
2680 *q++ = 0; /* min */
2681 *q++ = 0; /* sec */
2682 *q++ = 0; /* frame */
2683 if (fMSF)
2684 {
2685 *q++ = 0; /* reserved */
2686 ataLBA2MSF(q, s->cTotalSectors);
2687 q += 3;
2688 }
2689 else
2690 {
2691 ataH2BE_U32(q, s->cTotalSectors);
2692 q += 4;
2693 }
2694
2695 *q++ = 1; /* session number */
2696 *q++ = 0x14; /* ADR, control */
2697 *q++ = 0; /* track number */
2698 *q++ = 1; /* point */
2699 *q++ = 0; /* min */
2700 *q++ = 0; /* sec */
2701 *q++ = 0; /* frame */
2702 if (fMSF)
2703 {
2704 *q++ = 0; /* reserved */
2705 ataLBA2MSF(q, 0);
2706 q += 3;
2707 }
2708 else
2709 {
2710 /* sector 0 */
2711 ataH2BE_U32(q, 0);
2712 q += 4;
2713 }
2714
2715 cbSize = q - pbBuf;
2716 ataH2BE_U16(pbBuf, cbSize - 2);
2717 if (cbSize < s->cbTotalTransfer)
2718 s->cbTotalTransfer = cbSize;
2719 s->iSourceSink = ATAFN_SS_NULL;
2720 atapiCmdOK(s);
2721 return false;
2722}
2723
2724
2725static void atapiParseCmdVirtualATAPI(ATADevState *s)
2726{
2727 const uint8_t *pbPacket;
2728 uint8_t *pbBuf;
2729 uint32_t cbMax;
2730
2731 pbPacket = s->aATAPICmd;
2732 pbBuf = s->CTX_SUFF(pbIOBuffer);
2733 switch (pbPacket[0])
2734 {
2735 case SCSI_TEST_UNIT_READY:
2736 if (s->cNotifiedMediaChange > 0)
2737 {
2738 if (s->cNotifiedMediaChange-- > 2)
2739 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2740 else
2741 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2742 }
2743 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2744 atapiCmdOK(s);
2745 else
2746 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2747 break;
2748 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2749 cbMax = ataBE2H_U16(pbPacket + 7);
2750 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2751 break;
2752 case SCSI_MODE_SENSE_10:
2753 {
2754 uint8_t uPageControl, uPageCode;
2755 cbMax = ataBE2H_U16(pbPacket + 7);
2756 uPageControl = pbPacket[2] >> 6;
2757 uPageCode = pbPacket[2] & 0x3f;
2758 switch (uPageControl)
2759 {
2760 case SCSI_PAGECONTROL_CURRENT:
2761 switch (uPageCode)
2762 {
2763 case SCSI_MODEPAGE_ERROR_RECOVERY:
2764 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2765 break;
2766 case SCSI_MODEPAGE_CD_STATUS:
2767 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2768 break;
2769 default:
2770 goto error_cmd;
2771 }
2772 break;
2773 case SCSI_PAGECONTROL_CHANGEABLE:
2774 goto error_cmd;
2775 case SCSI_PAGECONTROL_DEFAULT:
2776 goto error_cmd;
2777 default:
2778 case SCSI_PAGECONTROL_SAVED:
2779 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2780 break;
2781 }
2782 }
2783 break;
2784 case SCSI_REQUEST_SENSE:
2785 cbMax = pbPacket[4];
2786 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2787 break;
2788 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2789 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2790 {
2791 if (pbPacket[4] & 1)
2792 s->pDrvMount->pfnLock(s->pDrvMount);
2793 else
2794 s->pDrvMount->pfnUnlock(s->pDrvMount);
2795 atapiCmdOK(s);
2796 }
2797 else
2798 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2799 break;
2800 case SCSI_READ_10:
2801 case SCSI_READ_12:
2802 {
2803 uint32_t cSectors, iATAPILBA;
2804
2805 if (s->cNotifiedMediaChange > 0)
2806 {
2807 s->cNotifiedMediaChange-- ;
2808 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2809 break;
2810 }
2811 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2812 {
2813 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2814 break;
2815 }
2816 if (pbPacket[0] == SCSI_READ_10)
2817 cSectors = ataBE2H_U16(pbPacket + 7);
2818 else
2819 cSectors = ataBE2H_U32(pbPacket + 6);
2820 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2821 if (cSectors == 0)
2822 {
2823 atapiCmdOK(s);
2824 break;
2825 }
2826 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2827 {
2828 /* Rate limited logging, one log line per second. For
2829 * guests that insist on reading from places outside the
2830 * valid area this often generates too many release log
2831 * entries otherwise. */
2832 static uint64_t uLastLogTS = 0;
2833 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2834 {
2835 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2836 uLastLogTS = RTTimeMilliTS();
2837 }
2838 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2839 break;
2840 }
2841 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2842 }
2843 break;
2844 case SCSI_READ_CD:
2845 {
2846 uint32_t cSectors, iATAPILBA;
2847
2848 if (s->cNotifiedMediaChange > 0)
2849 {
2850 s->cNotifiedMediaChange-- ;
2851 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2852 break;
2853 }
2854 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2855 {
2856 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2857 break;
2858 }
2859 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
2860 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2861 if (cSectors == 0)
2862 {
2863 atapiCmdOK(s);
2864 break;
2865 }
2866 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
2867 {
2868 /* Rate limited logging, one log line per second. For
2869 * guests that insist on reading from places outside the
2870 * valid area this often generates too many release log
2871 * entries otherwise. */
2872 static uint64_t uLastLogTS = 0;
2873 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2874 {
2875 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
2876 uLastLogTS = RTTimeMilliTS();
2877 }
2878 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2879 break;
2880 }
2881 switch (pbPacket[9] & 0xf8)
2882 {
2883 case 0x00:
2884 /* nothing */
2885 atapiCmdOK(s);
2886 break;
2887 case 0x10:
2888 /* normal read */
2889 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
2890 break;
2891 case 0xf8:
2892 /* read all data */
2893 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
2894 break;
2895 default:
2896 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
2897 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2898 break;
2899 }
2900 }
2901 break;
2902 case SCSI_SEEK_10:
2903 {
2904 uint32_t iATAPILBA;
2905 if (s->cNotifiedMediaChange > 0)
2906 {
2907 s->cNotifiedMediaChange-- ;
2908 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2909 break;
2910 }
2911 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2912 {
2913 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2914 break;
2915 }
2916 iATAPILBA = ataBE2H_U32(pbPacket + 2);
2917 if (iATAPILBA > s->cTotalSectors)
2918 {
2919 /* Rate limited logging, one log line per second. For
2920 * guests that insist on seeking to places outside the
2921 * valid area this often generates too many release log
2922 * entries otherwise. */
2923 static uint64_t uLastLogTS = 0;
2924 if (RTTimeMilliTS() >= uLastLogTS + 1000)
2925 {
2926 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
2927 uLastLogTS = RTTimeMilliTS();
2928 }
2929 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
2930 break;
2931 }
2932 atapiCmdOK(s);
2933 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
2934 }
2935 break;
2936 case SCSI_START_STOP_UNIT:
2937 {
2938 int rc = VINF_SUCCESS;
2939 switch (pbPacket[4] & 3)
2940 {
2941 case 0: /* 00 - Stop motor */
2942 case 1: /* 01 - Start motor */
2943 break;
2944 case 2: /* 10 - Eject media */
2945 /* This must be done from EMT. */
2946 {
2947 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
2948 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
2949
2950 PDMCritSectLeave(&pCtl->lock);
2951 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
2952 (PFNRT)s->pDrvMount->pfnUnmount, 2, s->pDrvMount, false);
2953 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED));
2954 {
2955 STAM_PROFILE_START(&pCtl->StatLockWait, a);
2956 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
2957 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
2958 }
2959 }
2960 break;
2961 case 3: /* 11 - Load media */
2962 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
2963 break;
2964 }
2965 if (RT_SUCCESS(rc))
2966 atapiCmdOK(s);
2967 else
2968 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
2969 }
2970 break;
2971 case SCSI_MECHANISM_STATUS:
2972 {
2973 cbMax = ataBE2H_U16(pbPacket + 8);
2974 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
2975 }
2976 break;
2977 case SCSI_READ_TOC_PMA_ATIP:
2978 {
2979 uint8_t format;
2980
2981 if (s->cNotifiedMediaChange > 0)
2982 {
2983 s->cNotifiedMediaChange-- ;
2984 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2985 break;
2986 }
2987 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2988 {
2989 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2990 break;
2991 }
2992 cbMax = ataBE2H_U16(pbPacket + 7);
2993 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
2994 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
2995 * the other field is clear... */
2996 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
2997 switch (format)
2998 {
2999 case 0:
3000 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3001 break;
3002 case 1:
3003 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3004 break;
3005 case 2:
3006 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3007 break;
3008 default:
3009 error_cmd:
3010 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3011 break;
3012 }
3013 }
3014 break;
3015 case SCSI_READ_CAPACITY:
3016 if (s->cNotifiedMediaChange > 0)
3017 {
3018 s->cNotifiedMediaChange-- ;
3019 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3020 break;
3021 }
3022 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3023 {
3024 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3025 break;
3026 }
3027 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3028 break;
3029 case SCSI_READ_DISC_INFORMATION:
3030 if (s->cNotifiedMediaChange > 0)
3031 {
3032 s->cNotifiedMediaChange-- ;
3033 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3034 break;
3035 }
3036 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3037 {
3038 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3039 break;
3040 }
3041 cbMax = ataBE2H_U16(pbPacket + 7);
3042 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3043 break;
3044 case SCSI_READ_TRACK_INFORMATION:
3045 if (s->cNotifiedMediaChange > 0)
3046 {
3047 s->cNotifiedMediaChange-- ;
3048 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3049 break;
3050 }
3051 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3052 {
3053 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3054 break;
3055 }
3056 cbMax = ataBE2H_U16(pbPacket + 7);
3057 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3058 break;
3059 case SCSI_GET_CONFIGURATION:
3060 /* No media change stuff here, it can confuse Linux guests. */
3061 cbMax = ataBE2H_U16(pbPacket + 7);
3062 ataStartTransfer(s, RT_MIN(cbMax, 32), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3063 break;
3064 case SCSI_INQUIRY:
3065 cbMax = ataBE2H_U16(pbPacket + 3);
3066 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3067 break;
3068 case SCSI_READ_DVD_STRUCTURE:
3069 {
3070 /* Only available for ICH6 for now. */
3071 PCIATAState *pDevice = PDMINS_2_DATA(s->CTX_SUFF(pDevIns), PCIATAState *);
3072
3073 if ( (PCIDevGetVendorId(&pDevice->dev) == 0x8086)
3074 && (PCIDevGetDeviceId(&pDevice->dev) == 0x269e))
3075 {
3076 cbMax = ataBE2H_U16(pbPacket + 8);
3077 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3078 }
3079 else
3080 {
3081 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3082 }
3083 break;
3084 }
3085 default:
3086 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3087 break;
3088 }
3089}
3090
3091
3092/*
3093 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3094 */
3095static void atapiParseCmdPassthrough(ATADevState *s)
3096{
3097 const uint8_t *pbPacket;
3098 uint8_t *pbBuf;
3099 uint32_t cSectors, iATAPILBA;
3100 uint32_t cbTransfer = 0;
3101 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3102
3103 pbPacket = s->aATAPICmd;
3104 pbBuf = s->CTX_SUFF(pbIOBuffer);
3105 switch (pbPacket[0])
3106 {
3107 case SCSI_BLANK:
3108 goto sendcmd;
3109 case SCSI_CLOSE_TRACK_SESSION:
3110 goto sendcmd;
3111 case SCSI_ERASE_10:
3112 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3113 cbTransfer = ataBE2H_U16(pbPacket + 7);
3114 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3115 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3116 goto sendcmd;
3117 case SCSI_FORMAT_UNIT:
3118 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3119 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3120 goto sendcmd;
3121 case SCSI_GET_CONFIGURATION:
3122 cbTransfer = ataBE2H_U16(pbPacket + 7);
3123 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3124 goto sendcmd;
3125 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3126 cbTransfer = ataBE2H_U16(pbPacket + 7);
3127 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3128 {
3129 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3130 break;
3131 }
3132 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3133 goto sendcmd;
3134 case SCSI_GET_PERFORMANCE:
3135 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3136 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3137 goto sendcmd;
3138 case SCSI_INQUIRY:
3139 cbTransfer = ataBE2H_U16(pbPacket + 3);
3140 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3141 goto sendcmd;
3142 case SCSI_LOAD_UNLOAD_MEDIUM:
3143 goto sendcmd;
3144 case SCSI_MECHANISM_STATUS:
3145 cbTransfer = ataBE2H_U16(pbPacket + 8);
3146 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3147 goto sendcmd;
3148 case SCSI_MODE_SELECT_10:
3149 cbTransfer = ataBE2H_U16(pbPacket + 7);
3150 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3151 goto sendcmd;
3152 case SCSI_MODE_SENSE_10:
3153 cbTransfer = ataBE2H_U16(pbPacket + 7);
3154 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3155 goto sendcmd;
3156 case SCSI_PAUSE_RESUME:
3157 goto sendcmd;
3158 case SCSI_PLAY_AUDIO_10:
3159 goto sendcmd;
3160 case SCSI_PLAY_AUDIO_12:
3161 goto sendcmd;
3162 case SCSI_PLAY_AUDIO_MSF:
3163 goto sendcmd;
3164 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3165 /** @todo do not forget to unlock when a VM is shut down */
3166 goto sendcmd;
3167 case SCSI_READ_10:
3168 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3169 cSectors = ataBE2H_U16(pbPacket + 7);
3170 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3171 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3172 cbTransfer = cSectors * s->cbATAPISector;
3173 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3174 goto sendcmd;
3175 case SCSI_READ_12:
3176 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3177 cSectors = ataBE2H_U32(pbPacket + 6);
3178 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3179 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3180 cbTransfer = cSectors * s->cbATAPISector;
3181 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3182 goto sendcmd;
3183 case SCSI_READ_BUFFER:
3184 cbTransfer = ataBE2H_U24(pbPacket + 6);
3185 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3186 goto sendcmd;
3187 case SCSI_READ_BUFFER_CAPACITY:
3188 cbTransfer = ataBE2H_U16(pbPacket + 7);
3189 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3190 goto sendcmd;
3191 case SCSI_READ_CAPACITY:
3192 cbTransfer = 8;
3193 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3194 goto sendcmd;
3195 case SCSI_READ_CD:
3196 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3197 cbTransfer = ataBE2H_U24(pbPacket + 6) / s->cbATAPISector * s->cbATAPISector;
3198 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3199 goto sendcmd;
3200 case SCSI_READ_CD_MSF:
3201 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3202 if (cSectors > 32)
3203 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3204 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3205 cbTransfer = cSectors * s->cbATAPISector;
3206 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3207 goto sendcmd;
3208 case SCSI_READ_DISC_INFORMATION:
3209 cbTransfer = ataBE2H_U16(pbPacket + 7);
3210 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3211 goto sendcmd;
3212 case SCSI_READ_DVD_STRUCTURE:
3213 cbTransfer = ataBE2H_U16(pbPacket + 8);
3214 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3215 goto sendcmd;
3216 case SCSI_READ_FORMAT_CAPACITIES:
3217 cbTransfer = ataBE2H_U16(pbPacket + 7);
3218 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3219 goto sendcmd;
3220 case SCSI_READ_SUBCHANNEL:
3221 cbTransfer = ataBE2H_U16(pbPacket + 7);
3222 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3223 goto sendcmd;
3224 case SCSI_READ_TOC_PMA_ATIP:
3225 cbTransfer = ataBE2H_U16(pbPacket + 7);
3226 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3227 goto sendcmd;
3228 case SCSI_READ_TRACK_INFORMATION:
3229 cbTransfer = ataBE2H_U16(pbPacket + 7);
3230 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3231 goto sendcmd;
3232 case SCSI_REPAIR_TRACK:
3233 goto sendcmd;
3234 case SCSI_REPORT_KEY:
3235 cbTransfer = ataBE2H_U16(pbPacket + 8);
3236 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3237 goto sendcmd;
3238 case SCSI_REQUEST_SENSE:
3239 cbTransfer = pbPacket[4];
3240 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3241 {
3242 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3243 break;
3244 }
3245 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3246 goto sendcmd;
3247 case SCSI_RESERVE_TRACK:
3248 goto sendcmd;
3249 case SCSI_SCAN:
3250 goto sendcmd;
3251 case SCSI_SEEK_10:
3252 goto sendcmd;
3253 case SCSI_SEND_CUE_SHEET:
3254 cbTransfer = ataBE2H_U24(pbPacket + 6);
3255 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3256 goto sendcmd;
3257 case SCSI_SEND_DVD_STRUCTURE:
3258 cbTransfer = ataBE2H_U16(pbPacket + 8);
3259 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3260 goto sendcmd;
3261 case SCSI_SEND_EVENT:
3262 cbTransfer = ataBE2H_U16(pbPacket + 8);
3263 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3264 goto sendcmd;
3265 case SCSI_SEND_KEY:
3266 cbTransfer = ataBE2H_U16(pbPacket + 8);
3267 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3268 goto sendcmd;
3269 case SCSI_SEND_OPC_INFORMATION:
3270 cbTransfer = ataBE2H_U16(pbPacket + 7);
3271 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3272 goto sendcmd;
3273 case SCSI_SET_CD_SPEED:
3274 goto sendcmd;
3275 case SCSI_SET_READ_AHEAD:
3276 goto sendcmd;
3277 case SCSI_SET_STREAMING:
3278 cbTransfer = ataBE2H_U16(pbPacket + 9);
3279 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3280 goto sendcmd;
3281 case SCSI_START_STOP_UNIT:
3282 goto sendcmd;
3283 case SCSI_STOP_PLAY_SCAN:
3284 goto sendcmd;
3285 case SCSI_SYNCHRONIZE_CACHE:
3286 goto sendcmd;
3287 case SCSI_TEST_UNIT_READY:
3288 goto sendcmd;
3289 case SCSI_VERIFY_10:
3290 goto sendcmd;
3291 case SCSI_WRITE_10:
3292 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3293 cSectors = ataBE2H_U16(pbPacket + 7);
3294 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3295#if 0
3296 /* The sector size is determined by the async I/O thread. */
3297 s->cbATAPISector = 0;
3298 /* Preliminary, will be corrected once the sector size is known. */
3299 cbTransfer = cSectors;
3300#else
3301 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3302 cbTransfer = cSectors * s->cbATAPISector;
3303#endif
3304 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3305 goto sendcmd;
3306 case SCSI_WRITE_12:
3307 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3308 cSectors = ataBE2H_U32(pbPacket + 6);
3309 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3310#if 0
3311 /* The sector size is determined by the async I/O thread. */
3312 s->cbATAPISector = 0;
3313 /* Preliminary, will be corrected once the sector size is known. */
3314 cbTransfer = cSectors;
3315#else
3316 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3317 cbTransfer = cSectors * s->cbATAPISector;
3318#endif
3319 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3320 goto sendcmd;
3321 case SCSI_WRITE_AND_VERIFY_10:
3322 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3323 cSectors = ataBE2H_U16(pbPacket + 7);
3324 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3325 /* The sector size is determined by the async I/O thread. */
3326 s->cbATAPISector = 0;
3327 /* Preliminary, will be corrected once the sector size is known. */
3328 cbTransfer = cSectors;
3329 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3330 goto sendcmd;
3331 case SCSI_WRITE_BUFFER:
3332 switch (pbPacket[1] & 0x1f)
3333 {
3334 case 0x04: /* download microcode */
3335 case 0x05: /* download microcode and save */
3336 case 0x06: /* download microcode with offsets */
3337 case 0x07: /* download microcode with offsets and save */
3338 case 0x0e: /* download microcode with offsets and defer activation */
3339 case 0x0f: /* activate deferred microcode */
3340 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3341 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3342 break;
3343 default:
3344 cbTransfer = ataBE2H_U16(pbPacket + 6);
3345 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3346 goto sendcmd;
3347 }
3348 break;
3349 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3350 cbTransfer = ataBE2H_U32(pbPacket + 6);
3351 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3352 goto sendcmd;
3353 case SCSI_REZERO_UNIT:
3354 /* Obsolete command used by cdrecord. What else would one expect?
3355 * This command is not sent to the drive, it is handled internally,
3356 * as the Linux kernel doesn't like it (message "scsi: unknown
3357 * opcode 0x01" in syslog) and replies with a sense code of 0,
3358 * which sends cdrecord to an endless loop. */
3359 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3360 break;
3361 default:
3362 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3363 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3364 break;
3365 sendcmd:
3366 /* Send a command to the drive, passing data in/out as required. */
3367 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3368 Assert(cbTransfer <= s->cbIOBuffer);
3369 if (cbTransfer == 0)
3370 uTxDir = PDMBLOCKTXDIR_NONE;
3371 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3372 }
3373}
3374
3375
3376static void atapiParseCmd(ATADevState *s)
3377{
3378 const uint8_t *pbPacket;
3379
3380 pbPacket = s->aATAPICmd;
3381#ifdef DEBUG
3382 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3383#else /* !DEBUG */
3384 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3385#endif /* !DEBUG */
3386 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3387
3388 if (s->fATAPIPassthrough)
3389 atapiParseCmdPassthrough(s);
3390 else
3391 atapiParseCmdVirtualATAPI(s);
3392}
3393
3394
3395static bool ataPacketSS(ATADevState *s)
3396{
3397 s->fDMA = !!(s->uATARegFeature & 1);
3398 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3399 s->uTxDir = PDMBLOCKTXDIR_NONE;
3400 s->cbTotalTransfer = 0;
3401 s->cbElementaryTransfer = 0;
3402 atapiParseCmd(s);
3403 return false;
3404}
3405
3406
3407/**
3408 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3409 * from now on, regardless if there was a medium inserted or not.
3410 */
3411static void ataMediumRemoved(ATADevState *s)
3412{
3413 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3414}
3415
3416
3417/**
3418 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3419 * there was already a medium inserted, don't forget to send the "medium
3420 * removed" event first.
3421 */
3422static void ataMediumInserted(ATADevState *s)
3423{
3424 uint32_t OldStatus, NewStatus;
3425 do
3426 {
3427 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3428 switch (OldStatus)
3429 {
3430 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3431 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3432 /* no change, we will send "medium removed" + "medium inserted" */
3433 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3434 break;
3435 default:
3436 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3437 break;
3438 }
3439 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3440}
3441
3442
3443/**
3444 * Called when a media is mounted.
3445 *
3446 * @param pInterface Pointer to the interface structure containing the called function pointer.
3447 */
3448static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3449{
3450 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3451 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3452
3453 /* Ignore the call if we're called while being attached. */
3454 if (!pIf->pDrvBlock)
3455 return;
3456
3457 if (pIf->fATAPI)
3458 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3459 else
3460 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3461
3462 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3463
3464 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3465 if (pIf->cNotifiedMediaChange < 2)
3466 pIf->cNotifiedMediaChange = 2;
3467 ataMediumInserted(pIf);
3468}
3469
3470/**
3471 * Called when a media is unmounted
3472 * @param pInterface Pointer to the interface structure containing the called function pointer.
3473 */
3474static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3475{
3476 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3477 Log(("%s:\n", __FUNCTION__));
3478 pIf->cTotalSectors = 0;
3479
3480 /*
3481 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3482 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3483 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3484 * present and 2 in which it is changed.
3485 */
3486 pIf->cNotifiedMediaChange = 4;
3487 ataMediumRemoved(pIf);
3488}
3489
3490static void ataPacketBT(ATADevState *s)
3491{
3492 s->cbElementaryTransfer = s->cbTotalTransfer;
3493 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3494 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3495 ataSetStatusValue(s, ATA_STAT_READY);
3496}
3497
3498
3499static void ataResetDevice(ATADevState *s)
3500{
3501 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3502 s->cNotifiedMediaChange = 0;
3503 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3504 ataUnsetIRQ(s);
3505
3506 s->uATARegSelect = 0x20;
3507 ataSetStatusValue(s, ATA_STAT_READY);
3508 ataSetSignature(s);
3509 s->cbTotalTransfer = 0;
3510 s->cbElementaryTransfer = 0;
3511 s->iIOBufferPIODataStart = 0;
3512 s->iIOBufferPIODataEnd = 0;
3513 s->iBeginTransfer = ATAFN_BT_NULL;
3514 s->iSourceSink = ATAFN_SS_NULL;
3515 s->fDMA = false;
3516 s->fATAPITransfer = false;
3517 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3518
3519 s->uATARegFeature = 0;
3520}
3521
3522
3523static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3524{
3525 ataSetSignature(s);
3526 if (s->fATAPI)
3527 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3528 else
3529 ataSetStatusValue(s, ATA_STAT_READY);
3530 s->uATARegError = 0x01;
3531 return false;
3532}
3533
3534
3535static void ataParseCmd(ATADevState *s, uint8_t cmd)
3536{
3537#ifdef DEBUG
3538 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3539#else /* !DEBUG */
3540 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3541#endif /* !DEBUG */
3542 s->fLBA48 = false;
3543 s->fDMA = false;
3544 if (cmd == ATA_IDLE_IMMEDIATE)
3545 {
3546 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3547 * would overwrite the failing command unfortunately), then RESET. */
3548 int32_t uCmdWait = -1;
3549 uint64_t uNow = RTTimeNanoTS();
3550 if (s->u64CmdTS)
3551 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3552 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3553 s->iLUN, s->uATARegCommand, uCmdWait));
3554 }
3555 s->uATARegCommand = cmd;
3556 switch (cmd)
3557 {
3558 case ATA_IDENTIFY_DEVICE:
3559 if (s->pDrvBlock && !s->fATAPI)
3560 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3561 else
3562 {
3563 if (s->fATAPI)
3564 ataSetSignature(s);
3565 ataCmdError(s, ABRT_ERR);
3566 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3567 }
3568 break;
3569 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3570 case ATA_RECALIBRATE:
3571 ataCmdOK(s, ATA_STAT_SEEK);
3572 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3573 break;
3574 case ATA_SET_MULTIPLE_MODE:
3575 if ( s->uATARegNSector != 0
3576 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3577 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3578 {
3579 ataCmdError(s, ABRT_ERR);
3580 }
3581 else
3582 {
3583 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3584 s->cMultSectors = s->uATARegNSector;
3585 ataCmdOK(s, 0);
3586 }
3587 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3588 break;
3589 case ATA_READ_VERIFY_SECTORS_EXT:
3590 s->fLBA48 = true;
3591 case ATA_READ_VERIFY_SECTORS:
3592 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3593 /* do sector number check ? */
3594 ataCmdOK(s, 0);
3595 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3596 break;
3597 case ATA_READ_SECTORS_EXT:
3598 s->fLBA48 = true;
3599 case ATA_READ_SECTORS:
3600 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3601 if (!s->pDrvBlock)
3602 goto abort_cmd;
3603 s->cSectorsPerIRQ = 1;
3604 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3605 break;
3606 case ATA_WRITE_SECTORS_EXT:
3607 s->fLBA48 = true;
3608 case ATA_WRITE_SECTORS:
3609 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3610 s->cSectorsPerIRQ = 1;
3611 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3612 break;
3613 case ATA_READ_MULTIPLE_EXT:
3614 s->fLBA48 = true;
3615 case ATA_READ_MULTIPLE:
3616 if (!s->cMultSectors)
3617 goto abort_cmd;
3618 s->cSectorsPerIRQ = s->cMultSectors;
3619 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3620 break;
3621 case ATA_WRITE_MULTIPLE_EXT:
3622 s->fLBA48 = true;
3623 case ATA_WRITE_MULTIPLE:
3624 if (!s->cMultSectors)
3625 goto abort_cmd;
3626 s->cSectorsPerIRQ = s->cMultSectors;
3627 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3628 break;
3629 case ATA_READ_DMA_EXT:
3630 s->fLBA48 = true;
3631 case ATA_READ_DMA:
3632 case ATA_READ_DMA_WITHOUT_RETRIES:
3633 if (!s->pDrvBlock)
3634 goto abort_cmd;
3635 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3636 s->fDMA = true;
3637 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3638 break;
3639 case ATA_WRITE_DMA_EXT:
3640 s->fLBA48 = true;
3641 case ATA_WRITE_DMA:
3642 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3643 if (!s->pDrvBlock)
3644 goto abort_cmd;
3645 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3646 s->fDMA = true;
3647 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3648 break;
3649 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3650 s->fLBA48 = true;
3651 ataSetSector(s, s->cTotalSectors - 1);
3652 ataCmdOK(s, 0);
3653 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3654 break;
3655 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3656 ataCmdOK(s, 0);
3657 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3658 break;
3659 case ATA_READ_NATIVE_MAX_ADDRESS:
3660 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3661 ataCmdOK(s, 0);
3662 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3663 break;
3664 case ATA_CHECK_POWER_MODE:
3665 s->uATARegNSector = 0xff; /* drive active or idle */
3666 ataCmdOK(s, 0);
3667 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3668 break;
3669 case ATA_SET_FEATURES:
3670 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3671 if (!s->pDrvBlock)
3672 goto abort_cmd;
3673 switch (s->uATARegFeature)
3674 {
3675 case 0x02: /* write cache enable */
3676 Log2(("%s: write cache enable\n", __FUNCTION__));
3677 ataCmdOK(s, ATA_STAT_SEEK);
3678 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3679 break;
3680 case 0xaa: /* read look-ahead enable */
3681 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3682 ataCmdOK(s, ATA_STAT_SEEK);
3683 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3684 break;
3685 case 0x55: /* read look-ahead disable */
3686 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3687 ataCmdOK(s, ATA_STAT_SEEK);
3688 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3689 break;
3690 case 0xcc: /* reverting to power-on defaults enable */
3691 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3692 ataCmdOK(s, ATA_STAT_SEEK);
3693 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3694 break;
3695 case 0x66: /* reverting to power-on defaults disable */
3696 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3697 ataCmdOK(s, ATA_STAT_SEEK);
3698 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3699 break;
3700 case 0x82: /* write cache disable */
3701 Log2(("%s: write cache disable\n", __FUNCTION__));
3702 /* As per the ATA/ATAPI-6 specs, a write cache disable
3703 * command MUST flush the write buffers to disc. */
3704 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3705 break;
3706 case 0x03: { /* set transfer mode */
3707 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3708 switch (s->uATARegNSector & 0xf8)
3709 {
3710 case 0x00: /* PIO default */
3711 case 0x08: /* PIO mode */
3712 break;
3713 case ATA_MODE_MDMA: /* MDMA mode */
3714 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3715 break;
3716 case ATA_MODE_UDMA: /* UDMA mode */
3717 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3718 break;
3719 default:
3720 goto abort_cmd;
3721 }
3722 ataCmdOK(s, ATA_STAT_SEEK);
3723 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3724 break;
3725 }
3726 default:
3727 goto abort_cmd;
3728 }
3729 /*
3730 * OS/2 workarond:
3731 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3732 * reset here. According to the specification, this is a driver bug as the register
3733 * contents are undefined after the call. This means we can just as well reset it.
3734 */
3735 s->uATARegFeature = 0;
3736 break;
3737 case ATA_FLUSH_CACHE_EXT:
3738 case ATA_FLUSH_CACHE:
3739 if (!s->pDrvBlock || s->fATAPI)
3740 goto abort_cmd;
3741 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3742 break;
3743 case ATA_STANDBY_IMMEDIATE:
3744 ataCmdOK(s, 0);
3745 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3746 break;
3747 case ATA_IDLE_IMMEDIATE:
3748 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3749 ataAbortCurrentCommand(s, false);
3750 break;
3751 /* ATAPI commands */
3752 case ATA_IDENTIFY_PACKET_DEVICE:
3753 if (s->fATAPI)
3754 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3755 else
3756 {
3757 ataCmdError(s, ABRT_ERR);
3758 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3759 }
3760 break;
3761 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3762 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3763 break;
3764 case ATA_DEVICE_RESET:
3765 if (!s->fATAPI)
3766 goto abort_cmd;
3767 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3768 ataAbortCurrentCommand(s, true);
3769 break;
3770 case ATA_PACKET:
3771 if (!s->fATAPI)
3772 goto abort_cmd;
3773 /* overlapping commands not supported */
3774 if (s->uATARegFeature & 0x02)
3775 goto abort_cmd;
3776 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3777 break;
3778 default:
3779 abort_cmd:
3780 ataCmdError(s, ABRT_ERR);
3781 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3782 break;
3783 }
3784}
3785
3786#endif /* IN_RING3 */
3787
3788static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
3789{
3790 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
3791 addr &= 7;
3792 switch (addr)
3793 {
3794 case 0:
3795 break;
3796 case 1: /* feature register */
3797 /* NOTE: data is written to the two drives */
3798 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3799 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3800 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
3801 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
3802 pCtl->aIfs[0].uATARegFeature = val;
3803 pCtl->aIfs[1].uATARegFeature = val;
3804 break;
3805 case 2: /* sector count */
3806 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3807 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3808 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
3809 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
3810 pCtl->aIfs[0].uATARegNSector = val;
3811 pCtl->aIfs[1].uATARegNSector = val;
3812 break;
3813 case 3: /* sector number */
3814 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3815 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3816 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
3817 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
3818 pCtl->aIfs[0].uATARegSector = val;
3819 pCtl->aIfs[1].uATARegSector = val;
3820 break;
3821 case 4: /* cylinder low */
3822 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3823 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3824 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
3825 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
3826 pCtl->aIfs[0].uATARegLCyl = val;
3827 pCtl->aIfs[1].uATARegLCyl = val;
3828 break;
3829 case 5: /* cylinder high */
3830 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3831 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
3832 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
3833 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
3834 pCtl->aIfs[0].uATARegHCyl = val;
3835 pCtl->aIfs[1].uATARegHCyl = val;
3836 break;
3837 case 6: /* drive/head */
3838 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
3839 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
3840 if (((val >> 4) & 1) != pCtl->iSelectedIf)
3841 {
3842 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
3843
3844 /* select another drive */
3845 pCtl->iSelectedIf = (val >> 4) & 1;
3846 /* The IRQ line is multiplexed between the two drives, so
3847 * update the state when switching to another drive. Only need
3848 * to update interrupt line if it is enabled and there is a
3849 * state change. */
3850 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
3851 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
3852 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
3853 {
3854 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
3855 {
3856 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3857 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
3858 * the interrupt line is asserted. It monitors the line
3859 * for a rising edge. */
3860 pCtl->BmDma.u8Status |= BM_STATUS_INT;
3861 if (pCtl->irq == 16)
3862 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 1);
3863 else
3864 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 1);
3865 }
3866 else
3867 {
3868 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
3869 if (pCtl->irq == 16)
3870 PDMDevHlpPCISetIrqNoWait(pDevIns, 0, 0);
3871 else
3872 PDMDevHlpISASetIrqNoWait(pDevIns, pCtl->irq, 0);
3873 }
3874 }
3875 }
3876 break;
3877 default:
3878 case 7: /* command */
3879 /* ignore commands to non existant slave */
3880 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
3881 break;
3882#ifndef IN_RING3
3883 /* Don't do anything complicated in GC */
3884 return VINF_IOM_HC_IOPORT_WRITE;
3885#else /* IN_RING3 */
3886 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
3887#endif /* !IN_RING3 */
3888 }
3889 return VINF_SUCCESS;
3890}
3891
3892
3893static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
3894{
3895 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
3896 uint32_t val;
3897 bool fHOB;
3898
3899 fHOB = !!(s->uATARegDevCtl & (1 << 7));
3900 switch (addr & 7)
3901 {
3902 case 0: /* data register */
3903 val = 0xff;
3904 break;
3905 case 1: /* error register */
3906 /* The ATA specification is very terse when it comes to specifying
3907 * the precise effects of reading back the error/feature register.
3908 * The error register (read-only) shares the register number with
3909 * the feature register (write-only), so it seems that it's not
3910 * necessary to support the usual HOB readback here. */
3911 if (!s->pDrvBlock)
3912 val = 0;
3913 else
3914 val = s->uATARegError;
3915 break;
3916 case 2: /* sector count */
3917 if (!s->pDrvBlock)
3918 val = 0;
3919 else if (fHOB)
3920 val = s->uATARegNSectorHOB;
3921 else
3922 val = s->uATARegNSector;
3923 break;
3924 case 3: /* sector number */
3925 if (!s->pDrvBlock)
3926 val = 0;
3927 else if (fHOB)
3928 val = s->uATARegSectorHOB;
3929 else
3930 val = s->uATARegSector;
3931 break;
3932 case 4: /* cylinder low */
3933 if (!s->pDrvBlock)
3934 val = 0;
3935 else if (fHOB)
3936 val = s->uATARegLCylHOB;
3937 else
3938 val = s->uATARegLCyl;
3939 break;
3940 case 5: /* cylinder high */
3941 if (!s->pDrvBlock)
3942 val = 0;
3943 else if (fHOB)
3944 val = s->uATARegHCylHOB;
3945 else
3946 val = s->uATARegHCyl;
3947 break;
3948 case 6: /* drive/head */
3949 /* This register must always work as long as there is at least
3950 * one drive attached to the controller. It is common between
3951 * both drives anyway (completely identical content). */
3952 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
3953 val = 0;
3954 else
3955 val = s->uATARegSelect;
3956 break;
3957 default:
3958 case 7: /* primary status */
3959 {
3960 /* Counter for number of busy status seen in GC in a row. */
3961 static unsigned cBusy = 0;
3962
3963 if (!s->pDrvBlock)
3964 val = 0;
3965 else
3966 val = s->uATARegStatus;
3967
3968 /* Give the async I/O thread an opportunity to make progress,
3969 * don't let it starve by guests polling frequently. EMT has a
3970 * lower priority than the async I/O thread, but sometimes the
3971 * host OS doesn't care. With some guests we are only allowed to
3972 * be busy for about 5 milliseconds in some situations. Note that
3973 * this is no guarantee for any other VBox thread getting
3974 * scheduled, so this just lowers the CPU load a bit when drives
3975 * are busy. It cannot help with timing problems. */
3976 if (val & ATA_STAT_BUSY)
3977 {
3978#ifdef IN_RING3
3979 cBusy = 0;
3980 PDMCritSectLeave(&pCtl->lock);
3981
3982#ifndef RT_OS_WINDOWS
3983 /*
3984 * The thread might be stuck in an I/O operation
3985 * due to a high I/O load on the host. (see @bugref{3301})
3986 * To perform the reset successfully
3987 * we interrupt the operation by sending a signal to the thread
3988 * if the thread didn't responded in 10ms.
3989 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
3990 * does the same but it was introduced with Vista) but so far
3991 * this hang was only observed on Linux and Mac OS X.
3992 *
3993 * This is a workaround and needs to be solved properly.
3994 */
3995 if (pCtl->fReset)
3996 {
3997 uint64_t u64ResetTimeStop = RTTimeMilliTS();
3998
3999 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4000 {
4001 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4002 pCtl->u64ResetTime = u64ResetTimeStop;
4003 RTThreadPoke(pCtl->AsyncIOThread);
4004 }
4005 }
4006#endif
4007
4008 RTThreadYield();
4009
4010 {
4011 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4012 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4013 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4014 }
4015
4016 val = s->uATARegStatus;
4017#else /* !IN_RING3 */
4018 /* Cannot yield CPU in guest context. And switching to host
4019 * context for each and every busy status is too costly,
4020 * especially on SMP systems where we don't gain much by
4021 * yielding the CPU to someone else. */
4022 if (++cBusy >= 20)
4023 {
4024 cBusy = 0;
4025 return VINF_IOM_HC_IOPORT_READ;
4026 }
4027#endif /* !IN_RING3 */
4028 }
4029 else
4030 cBusy = 0;
4031 ataUnsetIRQ(s);
4032 break;
4033 }
4034 }
4035 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4036 *pu32 = val;
4037 return VINF_SUCCESS;
4038}
4039
4040
4041static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4042{
4043 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4044 uint32_t val;
4045
4046 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4047 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4048 val = 0;
4049 else
4050 val = s->uATARegStatus;
4051 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4052 return val;
4053}
4054
4055static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4056{
4057#ifndef IN_RING3
4058 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4059 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4060#endif /* !IN_RING3 */
4061
4062 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4063 /* RESET is common for both drives attached to a controller. */
4064 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4065 (val & ATA_DEVCTL_RESET))
4066 {
4067#ifdef IN_RING3
4068 /* Software RESET low to high */
4069 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4070 uint64_t uNow = RTTimeNanoTS();
4071 if (pCtl->aIfs[0].u64CmdTS)
4072 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4073 if (pCtl->aIfs[1].u64CmdTS)
4074 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4075 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4076 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4077 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4078 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4079 pCtl->fReset = true;
4080 /* Everything must be done after the reset flag is set, otherwise
4081 * there are unavoidable races with the currently executing request
4082 * (which might just finish in the mean time). */
4083 pCtl->fChainedTransfer = false;
4084 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4085 {
4086 ataResetDevice(&pCtl->aIfs[i]);
4087 /* The following cannot be done using ataSetStatusValue() since the
4088 * reset flag is already set, which suppresses all status changes. */
4089 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4090 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4091 pCtl->aIfs[i].uATARegError = 0x01;
4092 }
4093 ataAsyncIOClearRequests(pCtl);
4094 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4095 if (val & ATA_DEVCTL_HOB)
4096 {
4097 val &= ~ATA_DEVCTL_HOB;
4098 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4099 }
4100
4101 /* Save the timestamp we started the reset. */
4102 pCtl->u64ResetTime = RTTimeMilliTS();
4103
4104 /* Issue the reset request now. */
4105 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4106#else /* !IN_RING3 */
4107 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4108#endif /* IN_RING3 */
4109 }
4110 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4111 !(val & ATA_DEVCTL_RESET))
4112 {
4113#ifdef IN_RING3
4114 /* Software RESET high to low */
4115 Log(("%s: deasserting RESET\n", __FUNCTION__));
4116 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4117 if (val & ATA_DEVCTL_HOB)
4118 {
4119 val &= ~ATA_DEVCTL_HOB;
4120 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4121 }
4122 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4123#else /* !IN_RING3 */
4124 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4125#endif /* IN_RING3 */
4126 }
4127
4128 /* Change of interrupt disable flag. Update interrupt line if interrupt
4129 * is pending on the current interface. */
4130 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4131 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4132 {
4133 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4134 {
4135 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4136 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4137 * interrupt line is asserted. It monitors the line for a rising
4138 * edge. */
4139 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4140 if (pCtl->irq == 16)
4141 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4142 else
4143 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4144 }
4145 else
4146 {
4147 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4148 if (pCtl->irq == 16)
4149 PDMDevHlpPCISetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4150 else
4151 PDMDevHlpISASetIrqNoWait(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4152 }
4153 }
4154
4155 if (val & ATA_DEVCTL_HOB)
4156 Log2(("%s: set HOB\n", __FUNCTION__));
4157
4158 pCtl->aIfs[0].uATARegDevCtl = val;
4159 pCtl->aIfs[1].uATARegDevCtl = val;
4160
4161 return VINF_SUCCESS;
4162}
4163
4164#ifdef IN_RING3
4165
4166static void ataPIOTransfer(PATACONTROLLER pCtl)
4167{
4168 ATADevState *s;
4169
4170 s = &pCtl->aIfs[pCtl->iAIOIf];
4171 Log3(("%s: if=%p\n", __FUNCTION__, s));
4172
4173 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4174 {
4175 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4176 /* Any guest OS that triggers this case has a pathetic ATA driver.
4177 * In a real system it would block the CPU via IORDY, here we do it
4178 * very similarly by not continuing with the current instruction
4179 * until the transfer to/from the storage medium is completed. */
4180 if (s->iSourceSink != ATAFN_SS_NULL)
4181 {
4182 bool fRedo;
4183 uint8_t status = s->uATARegStatus;
4184 ataSetStatusValue(s, ATA_STAT_BUSY);
4185 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4186 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4187 pCtl->fRedo = fRedo;
4188 if (RT_UNLIKELY(fRedo))
4189 return;
4190 ataSetStatusValue(s, status);
4191 s->iIOBufferCur = 0;
4192 s->iIOBufferEnd = s->cbElementaryTransfer;
4193 }
4194 }
4195 if (s->cbTotalTransfer)
4196 {
4197 if (s->fATAPITransfer)
4198 ataPIOTransferLimitATAPI(s);
4199
4200 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4201 s->cbElementaryTransfer = s->cbTotalTransfer;
4202
4203 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4204 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4205 s->cbTotalTransfer, s->cbElementaryTransfer,
4206 s->iIOBufferCur, s->iIOBufferEnd));
4207 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4208 s->cbTotalTransfer -= s->cbElementaryTransfer;
4209 s->iIOBufferCur += s->cbElementaryTransfer;
4210
4211 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4212 s->cbElementaryTransfer = s->cbTotalTransfer;
4213 }
4214 else
4215 ataPIOTransferStop(s);
4216}
4217
4218
4219DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4220{
4221 /* Do not interfere with RESET processing if the PIO transfer finishes
4222 * while the RESET line is asserted. */
4223 if (pCtl->fReset)
4224 {
4225 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4226 return;
4227 }
4228
4229 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4230 || ( s->iSourceSink != ATAFN_SS_NULL
4231 && s->iIOBufferCur >= s->iIOBufferEnd))
4232 {
4233 /* Need to continue the transfer in the async I/O thread. This is
4234 * the case for write operations or generally for not yet finished
4235 * transfers (some data might need to be read). */
4236 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4237 ataSetStatus(s, ATA_STAT_BUSY);
4238
4239 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4240 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4241 }
4242 else
4243 {
4244 /* Either everything finished (though some data might still be pending)
4245 * or some data is pending before the next read is due. */
4246
4247 /* Continue a previously started transfer. */
4248 ataUnsetStatus(s, ATA_STAT_DRQ);
4249 ataSetStatus(s, ATA_STAT_READY);
4250
4251 if (s->cbTotalTransfer)
4252 {
4253 /* There is more to transfer, happens usually for large ATAPI
4254 * reads - the protocol limits the chunk size to 65534 bytes. */
4255 ataPIOTransfer(pCtl);
4256 ataSetIRQ(s);
4257 }
4258 else
4259 {
4260 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4261 /* Finish PIO transfer. */
4262 ataPIOTransfer(pCtl);
4263 Assert(!pCtl->fRedo);
4264 }
4265 }
4266}
4267
4268#endif /* IN_RING3 */
4269
4270static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4271{
4272 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4273 uint8_t *p;
4274
4275 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4276 {
4277 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4278 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4279#ifndef IN_RING3
4280 /* All but the last transfer unit is simple enough for GC, but
4281 * sending a request to the async IO thread is too complicated. */
4282 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4283 {
4284 memcpy(p, pbBuf, cbSize);
4285 s->iIOBufferPIODataStart += cbSize;
4286 }
4287 else
4288 return VINF_IOM_HC_IOPORT_WRITE;
4289#else /* IN_RING3 */
4290 memcpy(p, pbBuf, cbSize);
4291 s->iIOBufferPIODataStart += cbSize;
4292 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4293 ataPIOTransferFinish(pCtl, s);
4294#endif /* !IN_RING3 */
4295 }
4296 else
4297 Log2(("%s: DUMMY data\n", __FUNCTION__));
4298 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4299 return VINF_SUCCESS;
4300}
4301
4302static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4303{
4304 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4305 uint8_t *p;
4306
4307 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4308 {
4309 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4310 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4311#ifndef IN_RING3
4312 /* All but the last transfer unit is simple enough for GC, but
4313 * sending a request to the async IO thread is too complicated. */
4314 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4315 {
4316 memcpy(pbBuf, p, cbSize);
4317 s->iIOBufferPIODataStart += cbSize;
4318 }
4319 else
4320 return VINF_IOM_HC_IOPORT_READ;
4321#else /* IN_RING3 */
4322 memcpy(pbBuf, p, cbSize);
4323 s->iIOBufferPIODataStart += cbSize;
4324 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4325 ataPIOTransferFinish(pCtl, s);
4326#endif /* !IN_RING3 */
4327 }
4328 else
4329 {
4330 Log2(("%s: DUMMY data\n", __FUNCTION__));
4331 memset(pbBuf, '\xff', cbSize);
4332 }
4333 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4334 return VINF_SUCCESS;
4335}
4336
4337#ifdef IN_RING3
4338
4339static void ataDMATransferStop(ATADevState *s)
4340{
4341 s->cbTotalTransfer = 0;
4342 s->cbElementaryTransfer = 0;
4343 s->iBeginTransfer = ATAFN_BT_NULL;
4344 s->iSourceSink = ATAFN_SS_NULL;
4345}
4346
4347
4348/**
4349 * Perform the entire DMA transfer in one go (unless a source/sink operation
4350 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4351 * this function cannot handle empty transfers.
4352 *
4353 * @param pCtl Controller for which to perform the transfer.
4354 */
4355static void ataDMATransfer(PATACONTROLLER pCtl)
4356{
4357 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4358 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4359 bool fRedo;
4360 RTGCPHYS32 pDesc;
4361 uint32_t cbTotalTransfer, cbElementaryTransfer;
4362 uint32_t iIOBufferCur, iIOBufferEnd;
4363 uint32_t dmalen;
4364 PDMBLOCKTXDIR uTxDir;
4365 bool fLastDesc = false;
4366
4367 Assert(sizeof(BMDMADesc) == 8);
4368
4369 fRedo = pCtl->fRedo;
4370 if (RT_LIKELY(!fRedo))
4371 Assert(s->cbTotalTransfer);
4372 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4373 cbTotalTransfer = s->cbTotalTransfer;
4374 cbElementaryTransfer = s->cbElementaryTransfer;
4375 iIOBufferCur = s->iIOBufferCur;
4376 iIOBufferEnd = s->iIOBufferEnd;
4377
4378 /* The DMA loop is designed to hold the lock only when absolutely
4379 * necessary. This avoids long freezes should the guest access the
4380 * ATA registers etc. for some reason. */
4381 PDMCritSectLeave(&pCtl->lock);
4382
4383 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4384 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4385 cbTotalTransfer, cbElementaryTransfer,
4386 iIOBufferCur, iIOBufferEnd));
4387 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4388 {
4389 BMDMADesc DMADesc;
4390 RTGCPHYS32 pBuffer;
4391 uint32_t cbBuffer;
4392
4393 if (RT_UNLIKELY(fRedo))
4394 {
4395 pBuffer = pCtl->pRedoDMABuffer;
4396 cbBuffer = pCtl->cbRedoDMABuffer;
4397 fLastDesc = pCtl->fRedoDMALastDesc;
4398 }
4399 else
4400 {
4401 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4402 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4403 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4404 fLastDesc = !!(cbBuffer & 0x80000000);
4405 cbBuffer &= 0xfffe;
4406 if (cbBuffer == 0)
4407 cbBuffer = 0x10000;
4408 if (cbBuffer > cbTotalTransfer)
4409 cbBuffer = cbTotalTransfer;
4410 }
4411
4412 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4413 {
4414 if (RT_LIKELY(!fRedo))
4415 {
4416 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4417 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4418 (int)pDesc, pBuffer, cbBuffer));
4419 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4420 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4421 else
4422 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4423 iIOBufferCur += dmalen;
4424 cbTotalTransfer -= dmalen;
4425 cbBuffer -= dmalen;
4426 pBuffer += dmalen;
4427 }
4428 if ( iIOBufferCur == iIOBufferEnd
4429 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4430 {
4431 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4432 cbElementaryTransfer = cbTotalTransfer;
4433
4434 {
4435 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4436 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4437 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4438 }
4439
4440 /* The RESET handler could have cleared the DMA transfer
4441 * state (since we didn't hold the lock until just now
4442 * the guest can continue in parallel). If so, the state
4443 * is already set up so the loop is exited immediately. */
4444 if (s->iSourceSink != ATAFN_SS_NULL)
4445 {
4446 s->iIOBufferCur = iIOBufferCur;
4447 s->iIOBufferEnd = iIOBufferEnd;
4448 s->cbElementaryTransfer = cbElementaryTransfer;
4449 s->cbTotalTransfer = cbTotalTransfer;
4450 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4451 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4452 if (RT_UNLIKELY(fRedo))
4453 {
4454 pCtl->pFirstDMADesc = pDesc;
4455 pCtl->pRedoDMABuffer = pBuffer;
4456 pCtl->cbRedoDMABuffer = cbBuffer;
4457 pCtl->fRedoDMALastDesc = fLastDesc;
4458 }
4459 else
4460 {
4461 cbTotalTransfer = s->cbTotalTransfer;
4462 cbElementaryTransfer = s->cbElementaryTransfer;
4463
4464 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4465 cbElementaryTransfer = cbTotalTransfer;
4466 iIOBufferCur = 0;
4467 iIOBufferEnd = cbElementaryTransfer;
4468 }
4469 pCtl->fRedo = fRedo;
4470 }
4471 else
4472 {
4473 /* This forces the loop to exit immediately. */
4474 pDesc = pCtl->pLastDMADesc + 1;
4475 }
4476
4477 PDMCritSectLeave(&pCtl->lock);
4478 if (RT_UNLIKELY(fRedo))
4479 break;
4480 }
4481 }
4482
4483 if (RT_UNLIKELY(fRedo))
4484 break;
4485
4486 /* end of transfer */
4487 if (!cbTotalTransfer || fLastDesc)
4488 break;
4489
4490 {
4491 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4492 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4493 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4494 }
4495
4496 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4497 {
4498 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4499 if (!pCtl->fReset)
4500 ataDMATransferStop(s);
4501 /* This forces the loop to exit immediately. */
4502 pDesc = pCtl->pLastDMADesc + 1;
4503 }
4504
4505 PDMCritSectLeave(&pCtl->lock);
4506 }
4507
4508 {
4509 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4510 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4511 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4512 }
4513
4514 if (RT_UNLIKELY(fRedo))
4515 return;
4516
4517 if (fLastDesc)
4518 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4519 s->cbTotalTransfer = cbTotalTransfer;
4520 s->cbElementaryTransfer = cbElementaryTransfer;
4521 s->iIOBufferCur = iIOBufferCur;
4522 s->iIOBufferEnd = iIOBufferEnd;
4523}
4524
4525/**
4526 * Signal PDM that we're idle (if we actually are).
4527 *
4528 * @param pCtl The controller.
4529 */
4530static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4531{
4532 /*
4533 * Take the mutex here and recheck the idle indicator to avoid
4534 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4535 */
4536 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4537
4538 if ( pCtl->fSignalIdle
4539 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4540 {
4541 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4542 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4543 }
4544
4545 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4546}
4547
4548/** Asynch I/O thread for an interface. Once upon a time this was readable
4549 * code with several loops and a different semaphore for each purpose. But
4550 * then came the "how can one save the state in the middle of a PIO transfer"
4551 * question. The solution was to use an ASM, which is what's there now. */
4552static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4553{
4554 const ATARequest *pReq;
4555 uint64_t u64TS = 0; /* shut up gcc */
4556 uint64_t uWait;
4557 int rc = VINF_SUCCESS;
4558 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4559 ATADevState *s;
4560
4561 pReq = NULL;
4562 pCtl->fChainedTransfer = false;
4563 while (!pCtl->fShutdown)
4564 {
4565 /* Keep this thread from doing anything as long as EMT is suspended. */
4566 while (pCtl->fRedoIdle)
4567 {
4568 if (pCtl->fSignalIdle)
4569 ataR3AsyncSignalIdle(pCtl);
4570 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4571 /* Continue if we got a signal by RTThreadPoke().
4572 * We will get notified if there is a request to process.
4573 */
4574 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4575 continue;
4576 if (RT_FAILURE(rc) || pCtl->fShutdown)
4577 break;
4578
4579 pCtl->fRedoIdle = false;
4580 }
4581
4582 /* Wait for work. */
4583 while (pReq == NULL)
4584 {
4585 if (pCtl->fSignalIdle)
4586 ataR3AsyncSignalIdle(pCtl);
4587 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4588 /* Continue if we got a signal by RTThreadPoke().
4589 * We will get notified if there is a request to process.
4590 */
4591 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4592 continue;
4593 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4594 break;
4595
4596 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4597 }
4598
4599 if (RT_FAILURE(rc) || pCtl->fShutdown)
4600 break;
4601
4602 if (pReq == NULL)
4603 continue;
4604
4605 ATAAIO ReqType = pReq->ReqType;
4606
4607 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4608 if (pCtl->uAsyncIOState != ReqType)
4609 {
4610 /* The new state is not the state that was expected by the normal
4611 * state changes. This is either a RESET/ABORT or there's something
4612 * really strange going on. */
4613 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4614 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4615 {
4616 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4617 ataAsyncIODumpRequests(pCtl);
4618 }
4619 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4620 }
4621
4622 /* Do our work. */
4623 {
4624 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4625 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4626 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4627 }
4628
4629 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4630 {
4631 u64TS = RTTimeNanoTS();
4632#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4633 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4634#endif /* DEBUG || VBOX_WITH_STATISTICS */
4635 }
4636
4637 switch (ReqType)
4638 {
4639 case ATA_AIO_NEW:
4640
4641 pCtl->iAIOIf = pReq->u.t.iIf;
4642 s = &pCtl->aIfs[pCtl->iAIOIf];
4643 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4644 s->uTxDir = pReq->u.t.uTxDir;
4645 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4646 s->iSourceSink = pReq->u.t.iSourceSink;
4647 s->iIOBufferEnd = 0;
4648 s->u64CmdTS = u64TS;
4649
4650 if (s->fATAPI)
4651 {
4652 if (pCtl->fChainedTransfer)
4653 {
4654 /* Only count the actual transfers, not the PIO
4655 * transfer of the ATAPI command bytes. */
4656 if (s->fDMA)
4657 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4658 else
4659 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4660 }
4661 }
4662 else
4663 {
4664 if (s->fDMA)
4665 STAM_REL_COUNTER_INC(&s->StatATADMA);
4666 else
4667 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4668 }
4669
4670 pCtl->fChainedTransfer = false;
4671
4672 if (s->iBeginTransfer != ATAFN_BT_NULL)
4673 {
4674 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4675 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4676 s->iBeginTransfer = ATAFN_BT_NULL;
4677 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4678 s->iIOBufferEnd = s->cbElementaryTransfer;
4679 }
4680 else
4681 {
4682 s->cbElementaryTransfer = s->cbTotalTransfer;
4683 s->iIOBufferEnd = s->cbTotalTransfer;
4684 }
4685 s->iIOBufferCur = 0;
4686
4687 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4688 {
4689 if (s->iSourceSink != ATAFN_SS_NULL)
4690 {
4691 bool fRedo;
4692 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4693 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4694 pCtl->fRedo = fRedo;
4695 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4696 {
4697 /* Operation failed at the initial transfer, restart
4698 * everything from scratch by resending the current
4699 * request. Occurs very rarely, not worth optimizing. */
4700 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4701 ataAsyncIOPutRequest(pCtl, pReq);
4702 break;
4703 }
4704 }
4705 else
4706 ataCmdOK(s, 0);
4707 s->iIOBufferEnd = s->cbElementaryTransfer;
4708
4709 }
4710
4711 /* Do not go into the transfer phase if RESET is asserted.
4712 * The CritSect is released while waiting for the host OS
4713 * to finish the I/O, thus RESET is possible here. Most
4714 * important: do not change uAsyncIOState. */
4715 if (pCtl->fReset)
4716 break;
4717
4718 if (s->fDMA)
4719 {
4720 if (s->cbTotalTransfer)
4721 {
4722 ataSetStatus(s, ATA_STAT_DRQ);
4723
4724 pCtl->uAsyncIOState = ATA_AIO_DMA;
4725 /* If BMDMA is already started, do the transfer now. */
4726 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4727 {
4728 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4729 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4730 }
4731 }
4732 else
4733 {
4734 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4735 /* Finish DMA transfer. */
4736 ataDMATransferStop(s);
4737 ataSetIRQ(s);
4738 pCtl->uAsyncIOState = ATA_AIO_NEW;
4739 }
4740 }
4741 else
4742 {
4743 if (s->cbTotalTransfer)
4744 {
4745 ataPIOTransfer(pCtl);
4746 Assert(!pCtl->fRedo);
4747 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4748 ataSetIRQ(s);
4749
4750 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4751 {
4752 /* Write operations and not yet finished transfers
4753 * must be completed in the async I/O thread. */
4754 pCtl->uAsyncIOState = ATA_AIO_PIO;
4755 }
4756 else
4757 {
4758 /* Finished read operation can be handled inline
4759 * in the end of PIO transfer handling code. Linux
4760 * depends on this, as it waits only briefly for
4761 * devices to become ready after incoming data
4762 * transfer. Cannot find anything in the ATA spec
4763 * that backs this assumption, but as all kernels
4764 * are affected (though most of the time it does
4765 * not cause any harm) this must work. */
4766 pCtl->uAsyncIOState = ATA_AIO_NEW;
4767 }
4768 }
4769 else
4770 {
4771 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4772 /* Finish PIO transfer. */
4773 ataPIOTransfer(pCtl);
4774 Assert(!pCtl->fRedo);
4775 if (!s->fATAPITransfer)
4776 ataSetIRQ(s);
4777 pCtl->uAsyncIOState = ATA_AIO_NEW;
4778 }
4779 }
4780 break;
4781
4782 case ATA_AIO_DMA:
4783 {
4784 BMDMAState *bm = &pCtl->BmDma;
4785 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4786 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
4787
4788 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4789 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
4790 else
4791 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
4792
4793 if (RT_LIKELY(!pCtl->fRedo))
4794 {
4795 /* The specs say that the descriptor table must not cross a
4796 * 4K boundary. */
4797 pCtl->pFirstDMADesc = bm->pvAddr;
4798 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
4799 }
4800 ataDMATransfer(pCtl);
4801
4802 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
4803 {
4804 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
4805 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4806 break;
4807 }
4808
4809 /* The infamous delay IRQ hack. */
4810 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
4811 && s->cbTotalTransfer == 0
4812 && pCtl->DelayIRQMillies)
4813 {
4814 /* Delay IRQ for writing. Required to get the Win2K
4815 * installation work reliably (otherwise it crashes,
4816 * usually during component install). So far no better
4817 * solution has been found. */
4818 Log(("%s: delay IRQ hack\n", __FUNCTION__));
4819 PDMCritSectLeave(&pCtl->lock);
4820 RTThreadSleep(pCtl->DelayIRQMillies);
4821 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4822 }
4823
4824 ataUnsetStatus(s, ATA_STAT_DRQ);
4825 Assert(!pCtl->fChainedTransfer);
4826 Assert(s->iSourceSink == ATAFN_SS_NULL);
4827 if (s->fATAPITransfer)
4828 {
4829 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
4830 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
4831 s->fATAPITransfer = false;
4832 }
4833 ataSetIRQ(s);
4834 pCtl->uAsyncIOState = ATA_AIO_NEW;
4835 break;
4836 }
4837
4838 case ATA_AIO_PIO:
4839 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4840
4841 if (s->iSourceSink != ATAFN_SS_NULL)
4842 {
4843 bool fRedo;
4844 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4845 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4846 pCtl->fRedo = fRedo;
4847 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4848 {
4849 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
4850 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4851 ataSuspendRedo(pCtl);
4852 break;
4853 }
4854 s->iIOBufferCur = 0;
4855 s->iIOBufferEnd = s->cbElementaryTransfer;
4856 }
4857 else
4858 {
4859 /* Continue a previously started transfer. */
4860 ataUnsetStatus(s, ATA_STAT_BUSY);
4861 ataSetStatus(s, ATA_STAT_READY);
4862 }
4863
4864 /* It is possible that the drives on this controller get RESET
4865 * during the above call to the source/sink function. If that's
4866 * the case, don't restart the transfer and don't finish it the
4867 * usual way. RESET handling took care of all that already.
4868 * Most important: do not change uAsyncIOState. */
4869 if (pCtl->fReset)
4870 break;
4871
4872 if (s->cbTotalTransfer)
4873 {
4874 ataPIOTransfer(pCtl);
4875 ataSetIRQ(s);
4876
4877 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4878 {
4879 /* Write operations and not yet finished transfers
4880 * must be completed in the async I/O thread. */
4881 pCtl->uAsyncIOState = ATA_AIO_PIO;
4882 }
4883 else
4884 {
4885 /* Finished read operation can be handled inline
4886 * in the end of PIO transfer handling code. Linux
4887 * depends on this, as it waits only briefly for
4888 * devices to become ready after incoming data
4889 * transfer. Cannot find anything in the ATA spec
4890 * that backs this assumption, but as all kernels
4891 * are affected (though most of the time it does
4892 * not cause any harm) this must work. */
4893 pCtl->uAsyncIOState = ATA_AIO_NEW;
4894 }
4895 }
4896 else
4897 {
4898 /* Finish PIO transfer. */
4899 ataPIOTransfer(pCtl);
4900 if ( !pCtl->fChainedTransfer
4901 && !s->fATAPITransfer
4902 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4903 {
4904 ataSetIRQ(s);
4905 }
4906 pCtl->uAsyncIOState = ATA_AIO_NEW;
4907 }
4908 break;
4909
4910 case ATA_AIO_RESET_ASSERTED:
4911 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
4912 ataPIOTransferStop(&pCtl->aIfs[0]);
4913 ataPIOTransferStop(&pCtl->aIfs[1]);
4914 /* Do not change the DMA registers, they are not affected by the
4915 * ATA controller reset logic. It should be sufficient to issue a
4916 * new command, which is now possible as the state is cleared. */
4917 break;
4918
4919 case ATA_AIO_RESET_CLEARED:
4920 pCtl->uAsyncIOState = ATA_AIO_NEW;
4921 pCtl->fReset = false;
4922 /* Ensure that half-completed transfers are not redone. A reset
4923 * cancels the entire transfer, so continuing is wrong. */
4924 pCtl->fRedo = false;
4925 pCtl->fRedoDMALastDesc = false;
4926 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
4927 ATACONTROLLER_IDX(pCtl)));
4928 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4929 {
4930 if (pCtl->aIfs[i].fATAPI)
4931 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
4932 else
4933 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
4934 ataSetSignature(&pCtl->aIfs[i]);
4935 }
4936 break;
4937
4938 case ATA_AIO_ABORT:
4939 /* Abort the current command only if it operates on the same interface. */
4940 if (pCtl->iAIOIf == pReq->u.a.iIf)
4941 {
4942 s = &pCtl->aIfs[pCtl->iAIOIf];
4943
4944 pCtl->uAsyncIOState = ATA_AIO_NEW;
4945 /* Do not change the DMA registers, they are not affected by the
4946 * ATA controller reset logic. It should be sufficient to issue a
4947 * new command, which is now possible as the state is cleared. */
4948 if (pReq->u.a.fResetDrive)
4949 {
4950 ataResetDevice(s);
4951 ataExecuteDeviceDiagnosticSS(s);
4952 }
4953 else
4954 {
4955 /* Stop any pending DMA transfer. */
4956 s->fDMA = false;
4957 ataPIOTransferStop(s);
4958 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
4959 ataSetStatus(s, ATA_STAT_READY);
4960 ataSetIRQ(s);
4961 }
4962 }
4963 break;
4964
4965 default:
4966 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
4967 }
4968
4969 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
4970 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4971
4972 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4973 {
4974#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4975 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
4976#endif /* DEBUG || VBOX_WITH_STATISTICS */
4977
4978 u64TS = RTTimeNanoTS() - u64TS;
4979 uWait = u64TS / 1000;
4980 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
4981 /* Mark command as finished. */
4982 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
4983
4984 /*
4985 * Release logging of command execution times depends on the
4986 * command type. ATAPI commands often take longer (due to CD/DVD
4987 * spin up time etc.) so the threshold is different.
4988 */
4989 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
4990 {
4991 if (uWait > 8 * 1000 * 1000)
4992 {
4993 /*
4994 * Command took longer than 8 seconds. This is close
4995 * enough or over the guest's command timeout, so place
4996 * an entry in the release log to allow tracking such
4997 * timing errors (which are often caused by the host).
4998 */
4999 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5000 }
5001 }
5002 else
5003 {
5004 if (uWait > 20 * 1000 * 1000)
5005 {
5006 /*
5007 * Command took longer than 20 seconds. This is close
5008 * enough or over the guest's command timeout, so place
5009 * an entry in the release log to allow tracking such
5010 * timing errors (which are often caused by the host).
5011 */
5012 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5013 }
5014 }
5015
5016#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5017 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5018 pCtl->StatAsyncMinWait = uWait;
5019 if (uWait > pCtl->StatAsyncMaxWait)
5020 pCtl->StatAsyncMaxWait = uWait;
5021
5022 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5023 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5024#endif /* DEBUG || VBOX_WITH_STATISTICS */
5025 }
5026
5027 PDMCritSectLeave(&pCtl->lock);
5028 }
5029
5030 /* Signal the ultimate idleness. */
5031 RTThreadUserSignal(pCtl->AsyncIOThread);
5032 if (pCtl->fSignalIdle)
5033 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5034
5035 /* Cleanup the state. */
5036 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5037 pCtl->fShutdown = false;
5038
5039 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5040 return rc;
5041}
5042
5043#endif /* IN_RING3 */
5044
5045static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5046{
5047 uint32_t val = pCtl->BmDma.u8Cmd;
5048 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5049 return val;
5050}
5051
5052
5053static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5054{
5055 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5056 if (!(val & BM_CMD_START))
5057 {
5058 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5059 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5060 }
5061 else
5062 {
5063#ifdef IN_RING3
5064 /* Check whether the guest OS wants to change DMA direction in
5065 * mid-flight. Not allowed, according to the PIIX3 specs. */
5066 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5067 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5068 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5069
5070 /* Do not continue DMA transfers while the RESET line is asserted. */
5071 if (pCtl->fReset)
5072 {
5073 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5074 return;
5075 }
5076
5077 /* Do not start DMA transfers if there's a PIO transfer going on. */
5078 if (!pCtl->aIfs[pCtl->iSelectedIf].fDMA)
5079 return;
5080
5081 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5082 {
5083 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5084 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5085 }
5086#else /* !IN_RING3 */
5087 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5088#endif /* IN_RING3 */
5089 }
5090}
5091
5092static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5093{
5094 uint32_t val = pCtl->BmDma.u8Status;
5095 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5096 return val;
5097}
5098
5099static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5100{
5101 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5102 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5103 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5104 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5105}
5106
5107static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5108{
5109 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5110 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5111 return val;
5112}
5113
5114static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5115{
5116 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5117 pCtl->BmDma.pvAddr = val & ~3;
5118}
5119
5120static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5121{
5122 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5123 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5124
5125}
5126
5127static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5128{
5129 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5130 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5131}
5132
5133#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5134
5135/**
5136 * Port I/O Handler for bus master DMA IN operations.
5137 * @see FNIOMIOPORTIN for details.
5138 */
5139PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5140{
5141 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5142 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5143 PATACONTROLLER pCtl = &pThis->aCts[i];
5144 int rc;
5145
5146 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5147 if (rc != VINF_SUCCESS)
5148 return rc;
5149 switch (VAL(Port, cb))
5150 {
5151 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5152 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5153 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5154 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5155 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5156 case VAL(0, 4):
5157 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5158 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5159 break;
5160 default:
5161 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5162 PDMCritSectLeave(&pCtl->lock);
5163 return VERR_IOM_IOPORT_UNUSED;
5164 }
5165 PDMCritSectLeave(&pCtl->lock);
5166 return rc;
5167}
5168
5169/**
5170 * Port I/O Handler for bus master DMA OUT operations.
5171 * @see FNIOMIOPORTOUT for details.
5172 */
5173PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5174{
5175 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5176 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5177 PATACONTROLLER pCtl = &pThis->aCts[i];
5178 int rc;
5179
5180 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5181 if (rc != VINF_SUCCESS)
5182 return rc;
5183 switch (VAL(Port, cb))
5184 {
5185 case VAL(0, 1):
5186#ifndef IN_RING3
5187 if (u32 & BM_CMD_START)
5188 {
5189 rc = VINF_IOM_HC_IOPORT_WRITE;
5190 break;
5191 }
5192#endif /* !IN_RING3 */
5193 ataBMDMACmdWriteB(pCtl, Port, u32);
5194 break;
5195 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5196 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5197 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5198 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5199 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5200 }
5201 PDMCritSectLeave(&pCtl->lock);
5202 return rc;
5203}
5204
5205#undef VAL
5206
5207#ifdef IN_RING3
5208
5209/**
5210 * Callback function for mapping an PCI I/O region.
5211 *
5212 * @return VBox status code.
5213 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5214 * @param iRegion The region number.
5215 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5216 * I/O port, else it's a physical address.
5217 * This address is *NOT* relative to pci_mem_base like earlier!
5218 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5219 */
5220static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5221{
5222 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5223 int rc = VINF_SUCCESS;
5224 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5225 Assert(iRegion == 4);
5226 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5227
5228 /* Register the port range. */
5229 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5230 {
5231 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5232 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5233 AssertRC(rc2);
5234 if (rc2 < rc)
5235 rc = rc2;
5236
5237 if (pThis->fGCEnabled)
5238 {
5239 rc2 = PDMDevHlpIOPortRegisterGC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5240 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5241 AssertRC(rc2);
5242 if (rc2 < rc)
5243 rc = rc2;
5244 }
5245 if (pThis->fR0Enabled)
5246 {
5247 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5248 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5249 AssertRC(rc2);
5250 if (rc2 < rc)
5251 rc = rc2;
5252 }
5253 }
5254 return rc;
5255}
5256
5257
5258/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5259
5260/**
5261 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5262 */
5263static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5264{
5265 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5266 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5267 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5268 return NULL;
5269}
5270
5271
5272/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5273
5274/**
5275 * Gets the pointer to the status LED of a unit.
5276 *
5277 * @returns VBox status code.
5278 * @param pInterface Pointer to the interface structure containing the called function pointer.
5279 * @param iLUN The unit which status LED we desire.
5280 * @param ppLed Where to store the LED pointer.
5281 */
5282static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5283{
5284 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5285 if (iLUN < 4)
5286 {
5287 switch (iLUN)
5288 {
5289 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5290 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5291 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5292 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5293 }
5294 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5295 return VINF_SUCCESS;
5296 }
5297 return VERR_PDM_LUN_NOT_FOUND;
5298}
5299
5300
5301/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5302
5303/**
5304 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5305 */
5306static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5307{
5308 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5309 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5310 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5311 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5312 return NULL;
5313}
5314
5315#endif /* IN_RING3 */
5316
5317
5318/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5319
5320/**
5321 * Port I/O Handler for primary port range OUT operations.
5322 * @see FNIOMIOPORTOUT for details.
5323 */
5324PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5325{
5326 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5327 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5328 PATACONTROLLER pCtl = &pThis->aCts[i];
5329 int rc = VINF_SUCCESS;
5330
5331 Assert(i < 2);
5332
5333 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5334 if (rc != VINF_SUCCESS)
5335 return rc;
5336 if (cb == 1)
5337 rc = ataIOPortWriteU8(pCtl, Port, u32);
5338 else if (Port == pCtl->IOPortBase1)
5339 {
5340 Assert(cb == 2 || cb == 4);
5341 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5342 }
5343 else
5344 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5345 PDMCritSectLeave(&pCtl->lock);
5346 return rc;
5347}
5348
5349
5350/**
5351 * Port I/O Handler for primary port range IN operations.
5352 * @see FNIOMIOPORTIN for details.
5353 */
5354PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5355{
5356 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5357 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5358 PATACONTROLLER pCtl = &pThis->aCts[i];
5359 int rc = VINF_SUCCESS;
5360
5361 Assert(i < 2);
5362
5363 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5364 if (rc != VINF_SUCCESS)
5365 return rc;
5366 if (cb == 1)
5367 {
5368 rc = ataIOPortReadU8(pCtl, Port, pu32);
5369 }
5370 else if (Port == pCtl->IOPortBase1)
5371 {
5372 Assert(cb == 2 || cb == 4);
5373 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5374 if (cb == 2)
5375 *pu32 &= 0xffff;
5376 }
5377 else
5378 {
5379 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5380 rc = VERR_IOM_IOPORT_UNUSED;
5381 }
5382 PDMCritSectLeave(&pCtl->lock);
5383 return rc;
5384}
5385
5386#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5387/**
5388 * Port I/O Handler for primary port range IN string operations.
5389 * @see FNIOMIOPORTINSTRING for details.
5390 */
5391PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5392{
5393 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5394 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5395 PATACONTROLLER pCtl = &pThis->aCts[i];
5396 int rc = VINF_SUCCESS;
5397
5398 Assert(i < 2);
5399
5400 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5401 if (rc != VINF_SUCCESS)
5402 return rc;
5403 if (Port == pCtl->IOPortBase1)
5404 {
5405 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5406 RTGCPTR GCDst = *pGCPtrDst;
5407 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5408 Assert(cb == 2 || cb == 4);
5409
5410 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5411#ifndef IN_RING3
5412 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5413 if (!cTransAvailable)
5414 {
5415 PDMCritSectLeave(&pCtl->lock);
5416 return VINF_IOM_HC_IOPORT_READ;
5417 }
5418 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5419 cTransAvailable--;
5420#endif /* !IN_RING3 */
5421 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5422 * They are not performance-critical and generally shouldn't occur at all. */
5423 if (cTransAvailable > cTransfer)
5424 cTransAvailable = cTransfer;
5425 cbTransfer = cTransAvailable * cb;
5426
5427 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5428 Assert(rc == VINF_SUCCESS);
5429
5430 if (cbTransfer)
5431 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5432 s->iIOBufferPIODataStart += cbTransfer;
5433 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5434 *pcTransfer = cTransfer - cTransAvailable;
5435#ifdef IN_RING3
5436 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5437 ataPIOTransferFinish(pCtl, s);
5438#endif /* IN_RING3 */
5439 }
5440 PDMCritSectLeave(&pCtl->lock);
5441 return rc;
5442}
5443
5444
5445/**
5446 * Port I/O Handler for primary port range OUT string operations.
5447 * @see FNIOMIOPORTOUTSTRING for details.
5448 */
5449PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5450{
5451 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5452 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5453 PATACONTROLLER pCtl = &pThis->aCts[i];
5454 int rc;
5455
5456 Assert(i < 2);
5457
5458 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5459 if (rc != VINF_SUCCESS)
5460 return rc;
5461 if (Port == pCtl->IOPortBase1)
5462 {
5463 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5464 RTGCPTR GCSrc = *pGCPtrSrc;
5465 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5466 Assert(cb == 2 || cb == 4);
5467
5468 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5469#ifndef IN_RING3
5470 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5471 if (!cTransAvailable)
5472 {
5473 PDMCritSectLeave(&pCtl->lock);
5474 return VINF_IOM_HC_IOPORT_WRITE;
5475 }
5476 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5477 cTransAvailable--;
5478#endif /* !IN_RING3 */
5479 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5480 * They are not performance-critical and generally shouldn't occur at all. */
5481 if (cTransAvailable > cTransfer)
5482 cTransAvailable = cTransfer;
5483 cbTransfer = cTransAvailable * cb;
5484
5485 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5486 Assert(rc == VINF_SUCCESS);
5487
5488 if (cbTransfer)
5489 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5490 s->iIOBufferPIODataStart += cbTransfer;
5491 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5492 *pcTransfer = cTransfer - cTransAvailable;
5493#ifdef IN_RING3
5494 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5495 ataPIOTransferFinish(pCtl, s);
5496#endif /* IN_RING3 */
5497 }
5498 PDMCritSectLeave(&pCtl->lock);
5499 return rc;
5500}
5501#endif /* !IN_RING0 */
5502
5503/**
5504 * Port I/O Handler for secondary port range OUT operations.
5505 * @see FNIOMIOPORTOUT for details.
5506 */
5507PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5508{
5509 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5510 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5511 PATACONTROLLER pCtl = &pThis->aCts[i];
5512 int rc;
5513
5514 Assert(i < 2);
5515
5516 if (cb != 1)
5517 return VINF_SUCCESS;
5518 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5519 if (rc != VINF_SUCCESS)
5520 return rc;
5521 rc = ataControlWrite(pCtl, Port, u32);
5522 PDMCritSectLeave(&pCtl->lock);
5523 return rc;
5524}
5525
5526
5527/**
5528 * Port I/O Handler for secondary port range IN operations.
5529 * @see FNIOMIOPORTIN for details.
5530 */
5531PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5532{
5533 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5534 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5535 PATACONTROLLER pCtl = &pThis->aCts[i];
5536 int rc;
5537
5538 Assert(i < 2);
5539
5540 if (cb != 1)
5541 return VERR_IOM_IOPORT_UNUSED;
5542
5543 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5544 if (rc != VINF_SUCCESS)
5545 return rc;
5546 *pu32 = ataStatusRead(pCtl, Port);
5547 PDMCritSectLeave(&pCtl->lock);
5548 return VINF_SUCCESS;
5549}
5550
5551#ifdef IN_RING3
5552
5553
5554DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5555{
5556 if (s->pbIOBufferR3)
5557 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5558}
5559
5560
5561/**
5562 * @copydoc FNPDMDEVRELOCATE
5563 */
5564static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5565{
5566 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5567
5568 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5569 {
5570 pThis->aCts[i].pDevInsRC += offDelta;
5571 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5572 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5573 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5574 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5575 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5576 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5577 }
5578}
5579
5580
5581/**
5582 * Destroy a driver instance.
5583 *
5584 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5585 * resources can be freed correctly.
5586 *
5587 * @param pDevIns The device instance data.
5588 */
5589static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5590{
5591 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5592 int rc;
5593
5594 Log(("ataR3Destruct\n"));
5595
5596 /*
5597 * Tell the async I/O threads to terminate.
5598 */
5599 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5600 {
5601 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5602 {
5603 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5604 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5605 AssertRC(rc);
5606 }
5607 }
5608
5609 /*
5610 * Wait for the threads to terminate before destroying their resources.
5611 */
5612 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5613 {
5614 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5615 {
5616 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5617 if (RT_SUCCESS(rc))
5618 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5619 else
5620 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5621 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5622 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5623 }
5624 }
5625
5626 /*
5627 * Free resources.
5628 */
5629 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5630 {
5631 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5632 {
5633 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5634 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5635 }
5636 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5637 {
5638 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5639 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5640 }
5641 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5642 {
5643 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5644 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5645 }
5646
5647 /* try one final time */
5648 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5649 {
5650 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5651 if (RT_SUCCESS(rc))
5652 {
5653 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5654 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5655 }
5656 }
5657 }
5658
5659 return VINF_SUCCESS;
5660}
5661
5662
5663/**
5664 * Detach notification.
5665 *
5666 * The DVD drive has been unplugged.
5667 *
5668 * @param pDevIns The device instance.
5669 * @param iLUN The logical unit which is being detached.
5670 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5671 */
5672static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5673{
5674 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5675 PATACONTROLLER pCtl;
5676 ATADevState *pIf;
5677 unsigned iController;
5678 unsigned iInterface;
5679
5680 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5681 ("PIIX3IDE: Device does not support hotplugging\n"));
5682
5683 /*
5684 * Locate the controller and stuff.
5685 */
5686 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5687 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5688 pCtl = &pThis->aCts[iController];
5689
5690 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5691 pIf = &pCtl->aIfs[iInterface];
5692
5693 /*
5694 * Zero some important members.
5695 */
5696 pIf->pDrvBase = NULL;
5697 pIf->pDrvBlock = NULL;
5698 pIf->pDrvBlockBios = NULL;
5699 pIf->pDrvMount = NULL;
5700
5701 /*
5702 * In case there was a medium inserted.
5703 */
5704 ataMediumRemoved(pIf);
5705}
5706
5707
5708/**
5709 * Configure a LUN.
5710 *
5711 * @returns VBox status code.
5712 * @param pDevIns The device instance.
5713 * @param pIf The ATA unit state.
5714 */
5715static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5716{
5717 int rc = VINF_SUCCESS;
5718 PDMBLOCKTYPE enmType;
5719
5720 /*
5721 * Query Block, Bios and Mount interfaces.
5722 */
5723 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5724 if (!pIf->pDrvBlock)
5725 {
5726 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5727 return VERR_PDM_MISSING_INTERFACE;
5728 }
5729
5730 /** @todo implement the BIOS invisible code path. */
5731 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5732 if (!pIf->pDrvBlockBios)
5733 {
5734 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5735 return VERR_PDM_MISSING_INTERFACE;
5736 }
5737 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5738
5739 /*
5740 * Validate type.
5741 */
5742 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
5743 if ( enmType != PDMBLOCKTYPE_CDROM
5744 && enmType != PDMBLOCKTYPE_DVD
5745 && enmType != PDMBLOCKTYPE_HARD_DISK)
5746 {
5747 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
5748 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
5749 }
5750 if ( ( enmType == PDMBLOCKTYPE_DVD
5751 || enmType == PDMBLOCKTYPE_CDROM)
5752 && !pIf->pDrvMount)
5753 {
5754 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
5755 return VERR_INTERNAL_ERROR;
5756 }
5757 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
5758 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
5759
5760 /*
5761 * Allocate I/O buffer.
5762 */
5763 PVM pVM = PDMDevHlpGetVM(pDevIns);
5764 if (pIf->cbIOBuffer)
5765 {
5766 /* Buffer is (probably) already allocated. Validate the fields,
5767 * because memory corruption can also overwrite pIf->cbIOBuffer. */
5768 if (pIf->fATAPI)
5769 AssertRelease(pIf->cbIOBuffer == _128K);
5770 else
5771 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
5772 Assert(pIf->pbIOBufferR3);
5773 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
5774 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
5775 }
5776 else
5777 {
5778 if (pIf->fATAPI)
5779 pIf->cbIOBuffer = _128K;
5780 else
5781 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
5782 Assert(!pIf->pbIOBufferR3);
5783 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
5784 if (RT_FAILURE(rc))
5785 return VERR_NO_MEMORY;
5786 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
5787 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
5788 }
5789
5790 /*
5791 * Init geometry (only for non-CD/DVD media).
5792 */
5793 if (pIf->fATAPI)
5794 {
5795 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
5796 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
5797 pIf->PCHSGeometry.cHeads = 0; /* dummy */
5798 pIf->PCHSGeometry.cSectors = 0; /* dummy */
5799 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
5800 }
5801 else
5802 {
5803 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
5804 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
5805 &pIf->PCHSGeometry);
5806 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
5807 {
5808 pIf->PCHSGeometry.cCylinders = 0;
5809 pIf->PCHSGeometry.cHeads = 16; /*??*/
5810 pIf->PCHSGeometry.cSectors = 63; /*??*/
5811 }
5812 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
5813 {
5814 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
5815 rc = VINF_SUCCESS;
5816 }
5817 AssertRC(rc);
5818
5819 if ( pIf->PCHSGeometry.cCylinders == 0
5820 || pIf->PCHSGeometry.cHeads == 0
5821 || pIf->PCHSGeometry.cSectors == 0
5822 )
5823 {
5824 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
5825 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
5826 pIf->PCHSGeometry.cHeads = 16;
5827 pIf->PCHSGeometry.cSectors = 63;
5828 /* Set the disk geometry information. Ignore errors. */
5829 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
5830 &pIf->PCHSGeometry);
5831 rc = VINF_SUCCESS;
5832 }
5833 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
5834 }
5835 return rc;
5836}
5837
5838
5839/**
5840 * Attach command.
5841 *
5842 * This is called when we change block driver for the DVD drive.
5843 *
5844 * @returns VBox status code.
5845 * @param pDevIns The device instance.
5846 * @param iLUN The logical unit which is being detached.
5847 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5848 */
5849static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5850{
5851 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5852 PATACONTROLLER pCtl;
5853 ATADevState *pIf;
5854 int rc;
5855 unsigned iController;
5856 unsigned iInterface;
5857
5858 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5859 ("PIIX3IDE: Device does not support hotplugging\n"),
5860 VERR_INVALID_PARAMETER);
5861
5862 /*
5863 * Locate the controller and stuff.
5864 */
5865 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5866 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5867 pCtl = &pThis->aCts[iController];
5868
5869 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5870 pIf = &pCtl->aIfs[iInterface];
5871
5872 /* the usual paranoia */
5873 AssertRelease(!pIf->pDrvBase);
5874 AssertRelease(!pIf->pDrvBlock);
5875 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
5876 Assert(pIf->iLUN == iLUN);
5877
5878 /*
5879 * Try attach the block device and get the interfaces,
5880 * required as well as optional.
5881 */
5882 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
5883 if (RT_SUCCESS(rc))
5884 {
5885 rc = ataConfigLun(pDevIns, pIf);
5886 /*
5887 * In case there is a medium inserted.
5888 */
5889 ataMediumInserted(pIf);
5890 }
5891 else
5892 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
5893
5894 if (RT_FAILURE(rc))
5895 {
5896 pIf->pDrvBase = NULL;
5897 pIf->pDrvBlock = NULL;
5898 }
5899 return rc;
5900}
5901
5902
5903/**
5904 * Resume notification.
5905 *
5906 * @returns VBox status.
5907 * @param pDevIns The device instance data.
5908 */
5909static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
5910{
5911 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5912 int rc;
5913
5914 Log(("%s:\n", __FUNCTION__));
5915 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5916 {
5917 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
5918 {
5919 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5920 AssertRC(rc);
5921 }
5922 }
5923 return;
5924}
5925
5926
5927/**
5928 * Checks if all (both) the async I/O threads have quiesced.
5929 *
5930 * @returns true on success.
5931 * @returns false when one or more threads is still processing.
5932 * @param pThis Pointer to the instance data.
5933 */
5934static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
5935{
5936 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5937
5938 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5939 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5940 {
5941 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
5942 if (!fRc)
5943 {
5944 /* Make it signal PDM & itself when its done */
5945 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
5946 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
5947 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
5948 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
5949 if (!fRc)
5950 {
5951#if 0 /** @todo Need to do some time tracking here... */
5952 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
5953 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5954 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
5955#endif
5956 return false;
5957 }
5958 }
5959 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
5960 }
5961 return true;
5962}
5963
5964
5965/**
5966 * Callback employed by ataSuspend and ataR3PowerOff.
5967 *
5968 * @returns true if we've quiesced, false if we're still working.
5969 * @param pDevIns The device instance.
5970 */
5971static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
5972{
5973 return ataR3AllAsyncIOIsIdle(pDevIns);
5974}
5975
5976
5977/**
5978 * Common worker for ataSuspend and ataR3PowerOff.
5979 */
5980static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
5981{
5982 if (!ataR3AllAsyncIOIsIdle(pDevIns))
5983 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
5984}
5985
5986
5987/**
5988 * Power Off notification.
5989 *
5990 * @returns VBox status.
5991 * @param pDevIns The device instance data.
5992 */
5993static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
5994{
5995 Log(("%s:\n", __FUNCTION__));
5996 ataR3SuspendOrPowerOff(pDevIns);
5997}
5998
5999
6000/**
6001 * Suspend notification.
6002 *
6003 * @returns VBox status.
6004 * @param pDevIns The device instance data.
6005 */
6006static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6007{
6008 Log(("%s:\n", __FUNCTION__));
6009 ataR3SuspendOrPowerOff(pDevIns);
6010}
6011
6012
6013/**
6014 * Callback employed by ataR3Reset.
6015 *
6016 * @returns true if we've quiesced, false if we're still working.
6017 * @param pDevIns The device instance.
6018 */
6019static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6020{
6021 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6022
6023 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6024 return false;
6025
6026 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6027 {
6028 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6029 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6030 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6031 PDMCritSectLeave(&pThis->aCts[i].lock);
6032 }
6033 return true;
6034}
6035
6036
6037/**
6038 * Common reset worker for ataR3Reset and ataR3Construct.
6039 *
6040 * @returns VBox status.
6041 * @param pDevIns The device instance data.
6042 * @param fConstruct Indicates who is calling.
6043 */
6044static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6045{
6046 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6047
6048 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6049 {
6050 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6051
6052 pThis->aCts[i].iSelectedIf = 0;
6053 pThis->aCts[i].iAIOIf = 0;
6054 pThis->aCts[i].BmDma.u8Cmd = 0;
6055 /* Report that both drives present on the bus are in DMA mode. This
6056 * pretends that there is a BIOS that has set it up. Normal reset
6057 * default is 0x00. */
6058 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6059 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6060 pThis->aCts[i].BmDma.pvAddr = 0;
6061
6062 pThis->aCts[i].fReset = true;
6063 pThis->aCts[i].fRedo = false;
6064 pThis->aCts[i].fRedoIdle = false;
6065 ataAsyncIOClearRequests(&pThis->aCts[i]);
6066 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6067 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6068 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6069
6070 PDMCritSectLeave(&pThis->aCts[i].lock);
6071 }
6072
6073 int rcRet = VINF_SUCCESS;
6074 if (!fConstruct)
6075 {
6076 /*
6077 * Setup asynchronous notification compmletion if the requests haven't
6078 * completed yet.
6079 */
6080 if (!ataR3IsAsyncResetDone(pDevIns))
6081 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6082 }
6083 else
6084 {
6085 /*
6086 * Wait for the requests for complete.
6087 *
6088 * Would be real nice if we could do it all from EMT(0) and not
6089 * involve the worker threads, then we could dispense with all the
6090 * waiting and semaphore ping-pong here...
6091 */
6092 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6093 {
6094 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6095 {
6096 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6097 AssertRC(rc);
6098
6099 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6100 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6101 AssertRC(rc);
6102
6103 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6104 AssertRC(rc);
6105
6106 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6107 {
6108 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6109 if (RT_FAILURE(rc))
6110 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6111 if (RT_FAILURE(rc))
6112 {
6113 AssertRC(rc);
6114 rcRet = rc;
6115 }
6116 }
6117 }
6118 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6119 }
6120 if (RT_SUCCESS(rcRet))
6121 {
6122 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6123 AssertRC(rcRet);
6124 }
6125 }
6126 return rcRet;
6127}
6128
6129
6130/**
6131 * Reset notification.
6132 *
6133 * @param pDevIns The device instance data.
6134 */
6135static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6136{
6137 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6138}
6139
6140
6141/**
6142 * Prepare state save and load operation.
6143 *
6144 * @returns VBox status code.
6145 * @param pDevIns Device instance of the device which registered the data unit.
6146 * @param pSSM SSM operation handle.
6147 */
6148static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6149{
6150 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6151
6152 /* sanity - the suspend notification will wait on the async stuff. */
6153 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6154 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6155 ("i=%u\n", i),
6156 VERR_SSM_IDE_ASYNC_TIMEOUT);
6157 return VINF_SUCCESS;
6158}
6159
6160/**
6161 * @copydoc FNSSMDEVLIVEEXEC
6162 */
6163static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6164{
6165 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6166
6167 SSMR3PutU8(pSSM, pThis->u8Type);
6168 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6169 {
6170 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6171 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6172 {
6173 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6174 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6175 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6176 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6177 }
6178 }
6179
6180 return VINF_SSM_DONT_CALL_AGAIN;
6181}
6182
6183
6184/**
6185 * @copydoc FNSSMDEVSAVEEXEC
6186 */
6187static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6188{
6189 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6190
6191 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6192
6193 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6194 {
6195 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6196 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6197 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6198 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6199 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6200 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6201 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6202 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6203 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6204 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6205 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6206 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6207 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6208
6209 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6210 {
6211 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6212 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6213 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6214 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6215 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6216 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6217 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6218 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6219 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6220 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6221 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6222 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6223 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6224 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6225 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6226 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6227 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6228 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6229 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6230 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6231 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6232 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6233 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6234 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6235 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6236 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6237 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6238 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6239 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6240 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6241 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6242 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6243 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6244 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6245 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6246 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6247 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6248 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6249 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6250 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6251 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6252 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6253 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6254 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6255 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6256 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6257 else
6258 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6259 }
6260 }
6261
6262 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6263}
6264
6265/**
6266 * Converts the LUN number into a message string.
6267 */
6268static const char *ataStringifyLun(unsigned iLun)
6269{
6270 switch (iLun)
6271 {
6272 case 0: return "primary master";
6273 case 1: return "primary slave";
6274 case 2: return "secondary master";
6275 case 3: return "secondary slave";
6276 default: AssertFailedReturn("unknown lun");
6277 }
6278}
6279
6280/**
6281 * FNSSMDEVLOADEXEC
6282 */
6283static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6284{
6285 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6286 int rc;
6287 uint32_t u32;
6288
6289 if ( uVersion != ATA_SAVED_STATE_VERSION
6290 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6291 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6292 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6293 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6294 {
6295 AssertMsgFailed(("uVersion=%d\n", uVersion));
6296 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6297 }
6298
6299 /*
6300 * Verify the configuration.
6301 */
6302 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6303 {
6304 uint8_t u8Type;
6305 rc = SSMR3GetU8(pSSM, &u8Type);
6306 AssertRCReturn(rc, rc);
6307 if (u8Type != pThis->u8Type)
6308 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6309
6310 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6311 {
6312 bool fEnabled;
6313 rc = SSMR3GetBool(pSSM, &fEnabled);
6314 AssertRCReturn(rc, rc);
6315 if (!fEnabled)
6316 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6317
6318 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6319 {
6320 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6321
6322 bool fInUse;
6323 rc = SSMR3GetBool(pSSM, &fInUse);
6324 AssertRCReturn(rc, rc);
6325 if (fInUse != (pIf->pDrvBase != NULL))
6326 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6327 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6328 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6329
6330 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6331 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6332 AssertRCReturn(rc, rc);
6333 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6334 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6335 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6336
6337 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6338 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6339 AssertRCReturn(rc, rc);
6340 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6341 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6342 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6343
6344 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6345 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6346 AssertRCReturn(rc, rc);
6347 if (strcmp(szModelNumber, pIf->szModelNumber))
6348 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6349 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6350 }
6351 }
6352 }
6353 if (uPass != SSM_PASS_FINAL)
6354 return VINF_SUCCESS;
6355
6356 /*
6357 * Restore valid parts of the PCIATAState structure
6358 */
6359 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6360 {
6361 /* integrity check */
6362 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6363 {
6364 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6365 return VERR_INTERNAL_ERROR_4;
6366 }
6367
6368 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6369 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6370 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6371 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6372 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6373 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6374 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6375 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6376 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6377 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6378 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6379 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6380 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6381
6382 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6383 {
6384 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6385 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6386 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6387 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6388 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6389 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6390 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6391 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6392 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6393 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6394 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6395 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6396 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6397 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6398 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6399 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6400 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6401 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6402 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6403 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6404 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6405 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6406 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6407 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6408 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6409 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6410 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6411 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6412 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6413 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6414 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6415 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6416 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6417 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6418 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6419 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6420 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6421 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6422 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6423 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6424 {
6425 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6426 }
6427 else
6428 {
6429 uint8_t uATAPISenseKey, uATAPIASC;
6430 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6431 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6432 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6433 SSMR3GetU8(pSSM, &uATAPISenseKey);
6434 SSMR3GetU8(pSSM, &uATAPIASC);
6435 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6436 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6437 }
6438 /** @todo triple-check this hack after passthrough is working */
6439 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6440 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6441 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6442 else
6443 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6444 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6445 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6446 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6447 {
6448 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6449 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6450 else
6451 {
6452 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6453 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6454 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6455
6456 /* skip the buffer if we're loading for the debugger / animator. */
6457 uint8_t u8Ignored;
6458 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6459 while (cbLeft-- > 0)
6460 SSMR3GetU8(pSSM, &u8Ignored);
6461 }
6462 }
6463 else
6464 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6465 }
6466 }
6467 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6468 SSMR3GetU8(pSSM, &pThis->u8Type);
6469
6470 rc = SSMR3GetU32(pSSM, &u32);
6471 if (RT_FAILURE(rc))
6472 return rc;
6473 if (u32 != ~0U)
6474 {
6475 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6476 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6477 return rc;
6478 }
6479
6480 return VINF_SUCCESS;
6481}
6482
6483/**
6484 * Convert config value to DEVPCBIOSBOOT.
6485 *
6486 * @returns VBox status code.
6487 * @param pDevIns The device instance data.
6488 * @param pCfgHandle Configuration handle.
6489 * @param penmChipset Where to store the chipset type.
6490 */
6491static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfgHandle, CHIPSET *penmChipset)
6492{
6493 char szType[20];
6494
6495 int rc = CFGMR3QueryStringDef(pCfgHandle, "Type", &szType[0], sizeof(szType), "PIIX4");
6496 if (RT_FAILURE(rc))
6497 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6498 N_("Configuration error: Querying \"Type\" as a string failed"));
6499 if (!strcmp(szType, "PIIX3"))
6500 *penmChipset = CHIPSET_PIIX3;
6501 else if (!strcmp(szType, "PIIX4"))
6502 *penmChipset = CHIPSET_PIIX4;
6503 else if (!strcmp(szType, "ICH6"))
6504 *penmChipset = CHIPSET_ICH6;
6505 else
6506 {
6507 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6508 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6509 szType);
6510 rc = VERR_INTERNAL_ERROR;
6511 }
6512 return rc;
6513}
6514
6515
6516/**
6517 * Construct a device instance for a VM.
6518 *
6519 * @returns VBox status.
6520 * @param pDevIns The device instance data.
6521 * If the registration structure is needed, pDevIns->pDevReg points to it.
6522 * @param iInstance Instance number. Use this to figure out which registers and such to use.
6523 * The device number is also found in pDevIns->iInstance, but since it's
6524 * likely to be freqently used PDM passes it as parameter.
6525 * @param pCfgHandle Configuration node handle for the device. Use this to obtain the configuration
6526 * of the device instance. It's also found in pDevIns->pCfgHandle, but like
6527 * iInstance it's expected to be used a bit in this function.
6528 */
6529static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfgHandle)
6530{
6531 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6532 PPDMIBASE pBase;
6533 int rc;
6534 bool fGCEnabled;
6535 bool fR0Enabled;
6536 uint32_t DelayIRQMillies;
6537
6538 Assert(iInstance == 0);
6539
6540 /*
6541 * Initialize NIL handle values (for the destructor).
6542 */
6543 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6544 {
6545 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6546 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6547 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6548 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6549 }
6550
6551 /*
6552 * Validate and read configuration.
6553 */
6554 if (!CFGMR3AreValuesValid(pCfgHandle,
6555 "GCEnabled\0"
6556 "R0Enabled\0"
6557 "IRQDelay\0"
6558 "Type\0")
6559 /** @todo || invalid keys */)
6560 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6561 N_("PIIX3 configuration error: unknown option specified"));
6562
6563 rc = CFGMR3QueryBoolDef(pCfgHandle, "GCEnabled", &fGCEnabled, true);
6564 if (RT_FAILURE(rc))
6565 return PDMDEV_SET_ERROR(pDevIns, rc,
6566 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6567 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6568
6569 rc = CFGMR3QueryBoolDef(pCfgHandle, "R0Enabled", &fR0Enabled, true);
6570 if (RT_FAILURE(rc))
6571 return PDMDEV_SET_ERROR(pDevIns, rc,
6572 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6573 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6574
6575 rc = CFGMR3QueryU32Def(pCfgHandle, "IRQDelay", &DelayIRQMillies, 0);
6576 if (RT_FAILURE(rc))
6577 return PDMDEV_SET_ERROR(pDevIns, rc,
6578 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6579 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6580 Assert(DelayIRQMillies < 50);
6581
6582 CHIPSET enmChipset = CHIPSET_PIIX3;
6583 rc = ataControllerFromCfg(pDevIns, pCfgHandle, &enmChipset);
6584 if (RT_FAILURE(rc))
6585 return rc;
6586 pThis->u8Type = (uint8_t)enmChipset;
6587
6588 /*
6589 * Initialize data (most of it anyway).
6590 */
6591 /* Status LUN. */
6592 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6593 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6594
6595 /* PCI configuration space. */
6596 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6597
6598 /*
6599 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6600 * as it explicitly checks for PCI id for IDE controllers.
6601 */
6602 switch (pThis->u8Type)
6603 {
6604 case CHIPSET_ICH6:
6605 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6606 /** @todo: do we need it? Do we need anything else? */
6607 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6608 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6609 pThis->dev.config[0x4B] = 0x00;
6610 {
6611 /*
6612 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6613 * Report
6614 * WR_Ping-Pong_EN: must be set
6615 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6616 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6617 */
6618 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6619 pThis->dev.config[0x54] = u16Config & 0xff;
6620 pThis->dev.config[0x55] = u16Config >> 8;
6621 }
6622 break;
6623 case CHIPSET_PIIX4:
6624 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6625 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6626 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6627 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6628 pThis->dev.config[0x4B] = 0x00;
6629 break;
6630 case CHIPSET_PIIX3:
6631 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6632 break;
6633 default:
6634 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6635 }
6636
6637 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6638 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6639 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6640 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6641 PCIDevSetHeaderType(&pThis->dev, 0x00);
6642
6643 pThis->pDevIns = pDevIns;
6644 pThis->fGCEnabled = fGCEnabled;
6645 pThis->fR0Enabled = fR0Enabled;
6646 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6647 {
6648 pThis->aCts[i].pDevInsR3 = pDevIns;
6649 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6650 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6651 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6652 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6653 {
6654 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6655
6656 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6657 pIf->pDevInsR3 = pDevIns;
6658 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6659 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6660 pIf->pControllerR3 = &pThis->aCts[i];
6661 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6662 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6663 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6664 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6665 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6666 pIf->Led.u32Magic = PDMLED_MAGIC;
6667 }
6668 }
6669
6670 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6671 pThis->aCts[0].irq = 14;
6672 pThis->aCts[0].IOPortBase1 = 0x1f0;
6673 pThis->aCts[0].IOPortBase2 = 0x3f6;
6674 pThis->aCts[1].irq = 15;
6675 pThis->aCts[1].IOPortBase1 = 0x170;
6676 pThis->aCts[1].IOPortBase2 = 0x376;
6677
6678 /*
6679 * Register the PCI device.
6680 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6681 * device the slot next to itself.
6682 */
6683 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6684 if (RT_FAILURE(rc))
6685 return PDMDEV_SET_ERROR(pDevIns, rc,
6686 N_("PIIX3 cannot register PCI device"));
6687 AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6688 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6689 if (RT_FAILURE(rc))
6690 return PDMDEV_SET_ERROR(pDevIns, rc,
6691 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6692
6693 /*
6694 * Register the I/O ports.
6695 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6696 */
6697 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6698 {
6699 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6700 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6701 if (RT_FAILURE(rc))
6702 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6703
6704 if (fGCEnabled)
6705 {
6706 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6707 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6708 if (RT_FAILURE(rc))
6709 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6710 }
6711
6712 if (fR0Enabled)
6713 {
6714#if 1
6715 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6716 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6717#else
6718 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6719 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6720#endif
6721 if (RT_FAILURE(rc))
6722 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6723 }
6724
6725 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6726 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6727 if (RT_FAILURE(rc))
6728 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6729
6730 if (fGCEnabled)
6731 {
6732 rc = PDMDevHlpIOPortRegisterGC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6733 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6734 if (RT_FAILURE(rc))
6735 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6736 }
6737 if (fR0Enabled)
6738 {
6739 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6740 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6741 if (RT_FAILURE(rc))
6742 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6743 }
6744
6745 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6746 {
6747 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6748 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6749 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
6750 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6751 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
6752 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6753 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
6754 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6755 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
6756#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6757 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6758 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
6759#endif
6760 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6761 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
6762#ifdef VBOX_INSTRUMENT_DMA_WRITES
6763 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6764 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
6765#endif
6766#ifdef VBOX_WITH_STATISTICS
6767 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6768 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
6769#endif
6770 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
6771 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
6772#ifdef VBOX_WITH_STATISTICS
6773 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6774 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
6775#endif
6776 }
6777#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
6778 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
6779 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
6780 /** @todo STAMUNIT_MICROSECS */
6781 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6782 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
6783 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6784 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
6785 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
6786 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
6787 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6788 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
6789 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
6790 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
6791#endif /* VBOX_WITH_STATISTICS */
6792
6793 /* Initialize per-controller critical section */
6794 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
6795 if (RT_FAILURE(rc))
6796 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
6797 }
6798
6799 /*
6800 * Attach status driver (optional).
6801 */
6802 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
6803 if (RT_SUCCESS(rc))
6804 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
6805 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
6806 {
6807 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
6808 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
6809 }
6810
6811 /*
6812 * Attach the units.
6813 */
6814 uint32_t cbTotalBuffer = 0;
6815 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6816 {
6817 PATACONTROLLER pCtl = &pThis->aCts[i];
6818
6819 /*
6820 * Start the worker thread.
6821 */
6822 pCtl->uAsyncIOState = ATA_AIO_NEW;
6823 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
6824 AssertLogRelRCReturn(rc, rc);
6825 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
6826 AssertLogRelRCReturn(rc, rc);
6827 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
6828 AssertLogRelRCReturn(rc, rc);
6829 ataAsyncIOClearRequests(pCtl);
6830 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
6831 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
6832 AssertLogRelRCReturn(rc, rc);
6833 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
6834 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
6835
6836 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
6837 {
6838 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6839 {
6840 { "Primary Master", "Primary Slave" },
6841 { "Secondary Master", "Secondary Slave" }
6842 };
6843
6844 /*
6845 * Try attach the block device and get the interfaces,
6846 * required as well as optional.
6847 */
6848 ATADevState *pIf = &pCtl->aIfs[j];
6849
6850 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
6851 if (RT_SUCCESS(rc))
6852 {
6853 rc = ataConfigLun(pDevIns, pIf);
6854 if (RT_SUCCESS(rc))
6855 {
6856 /*
6857 * Init vendor product data.
6858 */
6859 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
6860 {
6861 { "PrimaryMaster", "PrimarySlave" },
6862 { "SecondaryMaster", "SecondarySlave" }
6863 };
6864
6865 /* Generate a default serial number. */
6866 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
6867 RTUUID Uuid;
6868 if (pIf->pDrvBlock)
6869 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
6870 else
6871 RTUuidClear(&Uuid);
6872
6873 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
6874 {
6875 /* Generate a predictable serial for drives which don't have a UUID. */
6876 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
6877 pIf->iLUN + pDevIns->iInstance * 32,
6878 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
6879 }
6880 else
6881 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
6882
6883 /* Get user config if present using defaults otherwise. */
6884 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfgHandle, s_apszCFGMKeys[i][j]);
6885 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
6886 szSerial);
6887 if (RT_FAILURE(rc))
6888 {
6889 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6890 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6891 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
6892 return PDMDEV_SET_ERROR(pDevIns, rc,
6893 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
6894 }
6895
6896 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
6897 "1.0");
6898 if (RT_FAILURE(rc))
6899 {
6900 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6901 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6902 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
6903 return PDMDEV_SET_ERROR(pDevIns, rc,
6904 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
6905 }
6906
6907 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
6908 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
6909 if (RT_FAILURE(rc))
6910 {
6911 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6912 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6913 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
6914 return PDMDEV_SET_ERROR(pDevIns, rc,
6915 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
6916 }
6917
6918 /* There are three other identification strings for CD drives used for INQUIRY */
6919 if (pIf->fATAPI)
6920 {
6921 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
6922 "VBOX");
6923 if (RT_FAILURE(rc))
6924 {
6925 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6926 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6927 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
6928 return PDMDEV_SET_ERROR(pDevIns, rc,
6929 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
6930 }
6931
6932 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
6933 "CD-ROM");
6934 if (RT_FAILURE(rc))
6935 {
6936 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6937 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6938 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
6939 return PDMDEV_SET_ERROR(pDevIns, rc,
6940 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
6941 }
6942
6943 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
6944 "1.0");
6945 if (RT_FAILURE(rc))
6946 {
6947 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
6948 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
6949 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
6950 return PDMDEV_SET_ERROR(pDevIns, rc,
6951 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
6952 }
6953 }
6954 }
6955
6956 }
6957 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
6958 {
6959 pIf->pDrvBase = NULL;
6960 pIf->pDrvBlock = NULL;
6961 pIf->cbIOBuffer = 0;
6962 pIf->pbIOBufferR3 = NULL;
6963 pIf->pbIOBufferR0 = NIL_RTR0PTR;
6964 pIf->pbIOBufferRC = NIL_RTGCPTR;
6965 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
6966 }
6967 else
6968 {
6969 switch (rc)
6970 {
6971 case VERR_ACCESS_DENIED:
6972 /* Error already catched by DrvHostBase */
6973 return rc;
6974 default:
6975 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6976 N_("PIIX3 cannot attach drive to the %s"),
6977 s_apszDescs[i][j]);
6978 }
6979 }
6980 cbTotalBuffer += pIf->cbIOBuffer;
6981 }
6982 }
6983
6984 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
6985 NULL, ataLiveExec, NULL,
6986 ataSaveLoadPrep, ataSaveExec, NULL,
6987 ataSaveLoadPrep, ataLoadExec, NULL);
6988 if (RT_FAILURE(rc))
6989 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
6990
6991 /*
6992 * Initialize the device state.
6993 */
6994 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
6995}
6996
6997
6998/**
6999 * The device registration structure.
7000 */
7001const PDMDEVREG g_DevicePIIX3IDE =
7002{
7003 /* u32Version */
7004 PDM_DEVREG_VERSION,
7005 /* szDeviceName */
7006 "piix3ide",
7007 /* szRCMod */
7008 "VBoxDDGC.gc",
7009 /* szR0Mod */
7010 "VBoxDDR0.r0",
7011 /* pszDescription */
7012 "Intel PIIX3 ATA controller.\n"
7013 " LUN #0 is primary master.\n"
7014 " LUN #1 is primary slave.\n"
7015 " LUN #2 is secondary master.\n"
7016 " LUN #3 is secondary slave.\n"
7017 " LUN #999 is the LED/Status connector.",
7018 /* fFlags */
7019 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7020 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7021 /* fClass */
7022 PDM_DEVREG_CLASS_STORAGE,
7023 /* cMaxInstances */
7024 1,
7025 /* cbInstance */
7026 sizeof(PCIATAState),
7027 /* pfnConstruct */
7028 ataR3Construct,
7029 /* pfnDestruct */
7030 ataR3Destruct,
7031 /* pfnRelocate */
7032 ataR3Relocate,
7033 /* pfnIOCtl */
7034 NULL,
7035 /* pfnPowerOn */
7036 NULL,
7037 /* pfnReset */
7038 ataR3Reset,
7039 /* pfnSuspend */
7040 ataR3Suspend,
7041 /* pfnResume */
7042 ataR3Resume,
7043 /* pfnAttach */
7044 ataR3Attach,
7045 /* pfnDetach */
7046 ataR3Detach,
7047 /* pfnQueryInterface. */
7048 NULL,
7049 /* pfnInitComplete */
7050 NULL,
7051 /* pfnPowerOff */
7052 ataR3PowerOff,
7053 /* pfnSoftReset */
7054 NULL,
7055 /* u32VersionEnd */
7056 PDM_DEVREG_VERSION
7057};
7058#endif /* IN_RING3 */
7059#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette