VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/DevATA.cpp@ 36705

最後變更 在這個檔案從36705是 36705,由 vboxsync 提交於 14 年 前

fdc: Improved floppy emulation.
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 277.3 KB
 
1/* $Id: DevATA.cpp 36705 2011-04-18 11:44:22Z vboxsync $ */
2/** @file
3 * VBox storage devices: ATA/ATAPI controller device (disk and cdrom).
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.alldomusa.eu.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Defined Constants And Macros *
20*******************************************************************************/
21/** Temporary instrumentation for tracking down potential virtual disk
22 * write performance issues. */
23#undef VBOX_INSTRUMENT_DMA_WRITES
24
25/** @name The SSM saved state versions.
26 * @{
27 */
28/** The current saved state version. */
29#define ATA_SAVED_STATE_VERSION 20
30/** The saved state version used by VirtualBox 3.0.
31 * This lacks the config part and has the type at the and. */
32#define ATA_SAVED_STATE_VERSION_VBOX_30 19
33#define ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE 18
34#define ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE 16
35#define ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS 17
36/** @} */
37
38/*******************************************************************************
39* Header Files *
40*******************************************************************************/
41#define LOG_GROUP LOG_GROUP_DEV_IDE
42#include <VBox/vmm/pdmdev.h>
43#include <iprt/assert.h>
44#include <iprt/string.h>
45#ifdef IN_RING3
46# include <iprt/uuid.h>
47# include <iprt/semaphore.h>
48# include <iprt/thread.h>
49# include <iprt/time.h>
50# include <iprt/alloc.h>
51#endif /* IN_RING3 */
52#include <iprt/critsect.h>
53#include <iprt/asm.h>
54#include <VBox/vmm/stam.h>
55#include <VBox/vmm/mm.h>
56#include <VBox/vmm/pgm.h>
57
58#include <VBox/scsi.h>
59
60#include "PIIX3ATABmDma.h"
61#include "ide.h"
62#include "VBoxDD.h"
63
64/*******************************************************************************
65* Defined Constants And Macros *
66*******************************************************************************/
67/**
68 * Maximum number of sectors to transfer in a READ/WRITE MULTIPLE request.
69 * Set to 1 to disable multi-sector read support. According to the ATA
70 * specification this must be a power of 2 and it must fit in an 8 bit
71 * value. Thus the only valid values are 1, 2, 4, 8, 16, 32, 64 and 128.
72 */
73#define ATA_MAX_MULT_SECTORS 128
74
75/**
76 * Fastest PIO mode supported by the drive.
77 */
78#define ATA_PIO_MODE_MAX 4
79/**
80 * Fastest MDMA mode supported by the drive.
81 */
82#define ATA_MDMA_MODE_MAX 2
83/**
84 * Fastest UDMA mode supported by the drive.
85 */
86#define ATA_UDMA_MODE_MAX 6
87
88/** ATAPI sense info size. */
89#define ATAPI_SENSE_SIZE 64
90
91/** The maximum number of release log entries per device. */
92#define MAX_LOG_REL_ERRORS 1024
93
94/* MediaEventStatus */
95#define ATA_EVENT_STATUS_UNCHANGED 0 /**< medium event status not changed */
96#define ATA_EVENT_STATUS_MEDIA_NEW 1 /**< new medium inserted */
97#define ATA_EVENT_STATUS_MEDIA_REMOVED 2 /**< medium removed */
98#define ATA_EVENT_STATUS_MEDIA_CHANGED 3 /**< medium was removed + new medium was inserted */
99#define ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED 4 /**< medium eject requested (eject button pressed) */
100
101/* Media track type */
102#define ATA_MEDIA_TYPE_UNKNOWN 0 /**< unknown CD type */
103#define ATA_MEDIA_TYPE_DATA 1 /**< Data CD */
104#define ATA_MEDIA_TYPE_CDDA 2 /**< CD-DA (audio) CD type */
105
106/**
107 * Length of the configurable VPD data (without termination)
108 */
109#define ATA_SERIAL_NUMBER_LENGTH 20
110#define ATA_FIRMWARE_REVISION_LENGTH 8
111#define ATA_MODEL_NUMBER_LENGTH 40
112#define ATAPI_INQUIRY_VENDOR_ID_LENGTH 8
113#define ATAPI_INQUIRY_PRODUCT_ID_LENGTH 16
114#define ATAPI_INQUIRY_REVISION_LENGTH 4
115
116/*******************************************************************************
117* Structures and Typedefs *
118*******************************************************************************/
119/**
120 * The state of an ATA device.
121 *
122 * @implements PDMIBASE
123 * @implements PDMIBLOCKPORT
124 * @implements PDMIMOUNTNOTIFY
125 */
126typedef struct ATADevState
127{
128 /** Flag indicating whether the current command uses LBA48 mode. */
129 bool fLBA48;
130 /** Flag indicating whether this drive implements the ATAPI command set. */
131 bool fATAPI;
132 /** Set if this interface has asserted the IRQ. */
133 bool fIrqPending;
134 /** Currently configured number of sectors in a multi-sector transfer. */
135 uint8_t cMultSectors;
136 /** PCHS disk geometry. */
137 PDMMEDIAGEOMETRY PCHSGeometry;
138 /** Total number of sectors on this disk. */
139 uint64_t cTotalSectors;
140 /** Number of sectors to transfer per IRQ. */
141 uint32_t cSectorsPerIRQ;
142
143 /** ATA/ATAPI register 1: feature (write-only). */
144 uint8_t uATARegFeature;
145 /** ATA/ATAPI register 1: feature, high order byte. */
146 uint8_t uATARegFeatureHOB;
147 /** ATA/ATAPI register 1: error (read-only). */
148 uint8_t uATARegError;
149 /** ATA/ATAPI register 2: sector count (read/write). */
150 uint8_t uATARegNSector;
151 /** ATA/ATAPI register 2: sector count, high order byte. */
152 uint8_t uATARegNSectorHOB;
153 /** ATA/ATAPI register 3: sector (read/write). */
154 uint8_t uATARegSector;
155 /** ATA/ATAPI register 3: sector, high order byte. */
156 uint8_t uATARegSectorHOB;
157 /** ATA/ATAPI register 4: cylinder low (read/write). */
158 uint8_t uATARegLCyl;
159 /** ATA/ATAPI register 4: cylinder low, high order byte. */
160 uint8_t uATARegLCylHOB;
161 /** ATA/ATAPI register 5: cylinder high (read/write). */
162 uint8_t uATARegHCyl;
163 /** ATA/ATAPI register 5: cylinder high, high order byte. */
164 uint8_t uATARegHCylHOB;
165 /** ATA/ATAPI register 6: select drive/head (read/write). */
166 uint8_t uATARegSelect;
167 /** ATA/ATAPI register 7: status (read-only). */
168 uint8_t uATARegStatus;
169 /** ATA/ATAPI register 7: command (write-only). */
170 uint8_t uATARegCommand;
171 /** ATA/ATAPI drive control register (write-only). */
172 uint8_t uATARegDevCtl;
173
174 /** Currently active transfer mode (MDMA/UDMA) and speed. */
175 uint8_t uATATransferMode;
176 /** Current transfer direction. */
177 uint8_t uTxDir;
178 /** Index of callback for begin transfer. */
179 uint8_t iBeginTransfer;
180 /** Index of callback for source/sink of data. */
181 uint8_t iSourceSink;
182 /** Flag indicating whether the current command transfers data in DMA mode. */
183 bool fDMA;
184 /** Set to indicate that ATAPI transfer semantics must be used. */
185 bool fATAPITransfer;
186
187 /** Total ATA/ATAPI transfer size, shared PIO/DMA. */
188 uint32_t cbTotalTransfer;
189 /** Elementary ATA/ATAPI transfer size, shared PIO/DMA. */
190 uint32_t cbElementaryTransfer;
191 /** Current read/write buffer position, shared PIO/DMA. */
192 uint32_t iIOBufferCur;
193 /** First element beyond end of valid buffer content, shared PIO/DMA. */
194 uint32_t iIOBufferEnd;
195
196 /** ATA/ATAPI current PIO read/write transfer position. Not shared with DMA for safety reasons. */
197 uint32_t iIOBufferPIODataStart;
198 /** ATA/ATAPI current PIO read/write transfer end. Not shared with DMA for safety reasons. */
199 uint32_t iIOBufferPIODataEnd;
200
201 /** ATAPI current LBA position. */
202 uint32_t iATAPILBA;
203 /** ATAPI current sector size. */
204 uint32_t cbATAPISector;
205 /** ATAPI current command. */
206 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
207 /** ATAPI sense data. */
208 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
209 /** HACK: Countdown till we report a newly unmounted drive as mounted. */
210 uint8_t cNotifiedMediaChange;
211 /** The same for GET_EVENT_STATUS for mechanism */
212 volatile uint32_t MediaEventStatus;
213
214 /** Media type if known. */
215 volatile uint32_t MediaTrackType;
216
217 /** The status LED state for this drive. */
218 PDMLED Led;
219
220 /** Size of I/O buffer. */
221 uint32_t cbIOBuffer;
222 /** Pointer to the I/O buffer. */
223 R3PTRTYPE(uint8_t *) pbIOBufferR3;
224 /** Pointer to the I/O buffer. */
225 R0PTRTYPE(uint8_t *) pbIOBufferR0;
226 /** Pointer to the I/O buffer. */
227 RCPTRTYPE(uint8_t *) pbIOBufferRC;
228
229 RTRCPTR Aligmnent1; /**< Align the statistics at an 8-byte boundary. */
230
231 /*
232 * No data that is part of the saved state after this point!!!!!
233 */
234
235 /* Release statistics: number of ATA DMA commands. */
236 STAMCOUNTER StatATADMA;
237 /* Release statistics: number of ATA PIO commands. */
238 STAMCOUNTER StatATAPIO;
239 /* Release statistics: number of ATAPI PIO commands. */
240 STAMCOUNTER StatATAPIDMA;
241 /* Release statistics: number of ATAPI PIO commands. */
242 STAMCOUNTER StatATAPIPIO;
243#ifdef VBOX_INSTRUMENT_DMA_WRITES
244 /* Release statistics: number of DMA sector writes and the time spent. */
245 STAMPROFILEADV StatInstrVDWrites;
246#endif
247
248 /** Statistics: number of read operations and the time spent reading. */
249 STAMPROFILEADV StatReads;
250 /** Statistics: number of bytes read. */
251 STAMCOUNTER StatBytesRead;
252 /** Statistics: number of write operations and the time spent writing. */
253 STAMPROFILEADV StatWrites;
254 /** Statistics: number of bytes written. */
255 STAMCOUNTER StatBytesWritten;
256 /** Statistics: number of flush operations and the time spend flushing. */
257 STAMPROFILE StatFlushes;
258
259 /** Enable passing through commands directly to the ATAPI drive. */
260 bool fATAPIPassthrough;
261 /** Number of errors we've reported to the release log.
262 * This is to prevent flooding caused by something going horribly wrong.
263 * this value against MAX_LOG_REL_ERRORS in places likely to cause floods
264 * like the ones we currently seeing on the linux smoke tests (2006-11-10). */
265 uint32_t cErrors;
266 /** Timestamp of last started command. 0 if no command pending. */
267 uint64_t u64CmdTS;
268
269 /** Pointer to the attached driver's base interface. */
270 R3PTRTYPE(PPDMIBASE) pDrvBase;
271 /** Pointer to the attached driver's block interface. */
272 R3PTRTYPE(PPDMIBLOCK) pDrvBlock;
273 /** Pointer to the attached driver's block bios interface. */
274 R3PTRTYPE(PPDMIBLOCKBIOS) pDrvBlockBios;
275 /** Pointer to the attached driver's mount interface.
276 * This is NULL if the driver isn't a removable unit. */
277 R3PTRTYPE(PPDMIMOUNT) pDrvMount;
278 /** The base interface. */
279 PDMIBASE IBase;
280 /** The block port interface. */
281 PDMIBLOCKPORT IPort;
282 /** The mount notify interface. */
283 PDMIMOUNTNOTIFY IMountNotify;
284 /** The LUN #. */
285 RTUINT iLUN;
286 RTUINT Alignment2; /**< Align pDevInsR3 correctly. */
287 /** Pointer to device instance. */
288 PPDMDEVINSR3 pDevInsR3;
289 /** Pointer to controller instance. */
290 R3PTRTYPE(struct ATACONTROLLER *) pControllerR3;
291 /** Pointer to device instance. */
292 PPDMDEVINSR0 pDevInsR0;
293 /** Pointer to controller instance. */
294 R0PTRTYPE(struct ATACONTROLLER *) pControllerR0;
295 /** Pointer to device instance. */
296 PPDMDEVINSRC pDevInsRC;
297 /** Pointer to controller instance. */
298 RCPTRTYPE(struct ATACONTROLLER *) pControllerRC;
299
300 /** The serial number to use for IDENTIFY DEVICE commands. */
301 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
302 /** The firmware revision to use for IDENTIFY DEVICE commands. */
303 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
304 /** The model number to use for IDENTIFY DEVICE commands. */
305 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
306 /** The vendor identification string for SCSI INQUIRY commands. */
307 char szInquiryVendorId[ATAPI_INQUIRY_VENDOR_ID_LENGTH+1];
308 /** The product identification string for SCSI INQUIRY commands. */
309 char szInquiryProductId[ATAPI_INQUIRY_PRODUCT_ID_LENGTH+1];
310 /** The revision string for SCSI INQUIRY commands. */
311 char szInquiryRevision[ATAPI_INQUIRY_REVISION_LENGTH+1];
312
313 uint8_t abAlignment3[7];
314} ATADevState;
315AssertCompileMemberAlignment(ATADevState, cTotalSectors, 8);
316AssertCompileMemberAlignment(ATADevState, StatATADMA, 8);
317AssertCompileMemberAlignment(ATADevState, u64CmdTS, 8);
318AssertCompileMemberAlignment(ATADevState, pDevInsR3, 8);
319AssertCompileMemberAlignment(ATADevState, szSerialNumber, 8);
320AssertCompileSizeAlignment(ATADevState, 8);
321
322
323typedef struct ATATransferRequest
324{
325 uint8_t iIf;
326 uint8_t iBeginTransfer;
327 uint8_t iSourceSink;
328 uint32_t cbTotalTransfer;
329 uint8_t uTxDir;
330} ATATransferRequest;
331
332
333typedef struct ATAAbortRequest
334{
335 uint8_t iIf;
336 bool fResetDrive;
337} ATAAbortRequest;
338
339
340typedef enum
341{
342 /** Begin a new transfer. */
343 ATA_AIO_NEW = 0,
344 /** Continue a DMA transfer. */
345 ATA_AIO_DMA,
346 /** Continue a PIO transfer. */
347 ATA_AIO_PIO,
348 /** Reset the drives on current controller, stop all transfer activity. */
349 ATA_AIO_RESET_ASSERTED,
350 /** Reset the drives on current controller, resume operation. */
351 ATA_AIO_RESET_CLEARED,
352 /** Abort the current transfer of a particular drive. */
353 ATA_AIO_ABORT
354} ATAAIO;
355
356
357typedef struct ATARequest
358{
359 ATAAIO ReqType;
360 union
361 {
362 ATATransferRequest t;
363 ATAAbortRequest a;
364 } u;
365} ATARequest;
366
367
368typedef struct ATACONTROLLER
369{
370 /** The base of the first I/O Port range. */
371 RTIOPORT IOPortBase1;
372 /** The base of the second I/O Port range. (0 if none) */
373 RTIOPORT IOPortBase2;
374 /** The assigned IRQ. */
375 RTUINT irq;
376 /** Access critical section */
377 PDMCRITSECT lock;
378
379 /** Selected drive. */
380 uint8_t iSelectedIf;
381 /** The interface on which to handle async I/O. */
382 uint8_t iAIOIf;
383 /** The state of the async I/O thread. */
384 uint8_t uAsyncIOState;
385 /** Flag indicating whether the next transfer is part of the current command. */
386 bool fChainedTransfer;
387 /** Set when the reset processing is currently active on this controller. */
388 bool fReset;
389 /** Flag whether the current transfer needs to be redone. */
390 bool fRedo;
391 /** Flag whether the redo suspend has been finished. */
392 bool fRedoIdle;
393 /** Flag whether the DMA operation to be redone is the final transfer. */
394 bool fRedoDMALastDesc;
395 /** The BusMaster DMA state. */
396 BMDMAState BmDma;
397 /** Pointer to first DMA descriptor. */
398 RTGCPHYS32 pFirstDMADesc;
399 /** Pointer to last DMA descriptor. */
400 RTGCPHYS32 pLastDMADesc;
401 /** Pointer to current DMA buffer (for redo operations). */
402 RTGCPHYS32 pRedoDMABuffer;
403 /** Size of current DMA buffer (for redo operations). */
404 uint32_t cbRedoDMABuffer;
405
406 /** The ATA/ATAPI interfaces of this controller. */
407 ATADevState aIfs[2];
408
409 /** Pointer to device instance. */
410 PPDMDEVINSR3 pDevInsR3;
411 /** Pointer to device instance. */
412 PPDMDEVINSR0 pDevInsR0;
413 /** Pointer to device instance. */
414 PPDMDEVINSRC pDevInsRC;
415
416 /** Set when the destroying the device instance and the thread must exit. */
417 uint32_t volatile fShutdown;
418 /** The async I/O thread handle. NIL_RTTHREAD if no thread. */
419 RTTHREAD AsyncIOThread;
420 /** The event semaphore the thread is waiting on for requests. */
421 RTSEMEVENT AsyncIOSem;
422 /** The request queue for the AIO thread. One element is always unused. */
423 ATARequest aAsyncIORequests[4];
424 /** The position at which to insert a new request for the AIO thread. */
425 volatile uint8_t AsyncIOReqHead;
426 /** The position at which to get a new request for the AIO thread. */
427 volatile uint8_t AsyncIOReqTail;
428 /** Whether to call PDMDevHlpAsyncNotificationCompleted when idle. */
429 bool volatile fSignalIdle;
430 uint8_t Alignment3[1]; /**< Explicit padding of the 1 byte gap. */
431 /** Magic delay before triggering interrupts in DMA mode. */
432 uint32_t DelayIRQMillies;
433 /** The mutex protecting the request queue. */
434 RTSEMMUTEX AsyncIORequestMutex;
435 /** The event semaphore the thread is waiting on during suspended I/O. */
436 RTSEMEVENT SuspendIOSem;
437#if 0 /*HC_ARCH_BITS == 32*/
438 uint32_t Alignment0;
439#endif
440
441 /** Timestamp we started the reset. */
442 uint64_t u64ResetTime;
443
444 /* Statistics */
445 STAMCOUNTER StatAsyncOps;
446 uint64_t StatAsyncMinWait;
447 uint64_t StatAsyncMaxWait;
448 STAMCOUNTER StatAsyncTimeUS;
449 STAMPROFILEADV StatAsyncTime;
450 STAMPROFILE StatLockWait;
451} ATACONTROLLER, *PATACONTROLLER;
452AssertCompileMemberAlignment(ATACONTROLLER, lock, 8);
453AssertCompileMemberAlignment(ATACONTROLLER, aIfs, 8);
454AssertCompileMemberAlignment(ATACONTROLLER, u64ResetTime, 8);
455AssertCompileMemberAlignment(ATACONTROLLER, StatAsyncOps, 8);
456
457typedef enum CHIPSET
458{
459 /** PIIX3 chipset, must be 0 for saved state compatibility */
460 CHIPSET_PIIX3 = 0,
461 /** PIIX4 chipset, must be 1 for saved state compatibility */
462 CHIPSET_PIIX4 = 1,
463 /** ICH6 chipset */
464 CHIPSET_ICH6 = 2
465} CHIPSET;
466
467/**
468 * The state of the ATA PCI device.
469 *
470 * @extends PCIDEVICE
471 * @implements PDMILEDPORTS
472 */
473typedef struct PCIATAState
474{
475 PCIDEVICE dev;
476 /** The controllers. */
477 ATACONTROLLER aCts[2];
478 /** Pointer to device instance. */
479 PPDMDEVINSR3 pDevIns;
480 /** Status LUN: Base interface. */
481 PDMIBASE IBase;
482 /** Status LUN: Leds interface. */
483 PDMILEDPORTS ILeds;
484 /** Status LUN: Partner of ILeds. */
485 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
486 /** Flag whether GC is enabled. */
487 bool fGCEnabled;
488 /** Flag whether R0 is enabled. */
489 bool fR0Enabled;
490 /** Flag indicating chipset being emulated. */
491 uint8_t u8Type;
492 bool Alignment0[HC_ARCH_BITS == 64 ? 5 : 1 ]; /**< Align the struct size. */
493} PCIATAState;
494
495#define PDMIBASE_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, IBase)) )
496#define PDMILEDPORTS_2_PCIATASTATE(pInterface) ( (PCIATAState *)((uintptr_t)(pInterface) - RT_OFFSETOF(PCIATAState, ILeds)) )
497#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
498#define PDMIMOUNT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMount)) )
499#define PDMIMOUNTNOTIFY_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IMountNotify)) )
500#define PCIDEV_2_PCIATASTATE(pPciDev) ( (PCIATAState *)(pPciDev) )
501
502#define ATACONTROLLER_IDX(pController) ( (pController) - PDMINS_2_DATA(CONTROLLER_2_DEVINS(pController), PCIATAState *)->aCts )
503
504#define ATADEVSTATE_2_CONTROLLER(pIf) ( (pIf)->CTX_SUFF(pController) )
505#define ATADEVSTATE_2_DEVINS(pIf) ( (pIf)->CTX_SUFF(pDevIns) )
506#define CONTROLLER_2_DEVINS(pController) ( (pController)->CTX_SUFF(pDevIns) )
507#define PDMIBASE_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IBase)) )
508#define PDMIBLOCKPORT_2_ATASTATE(pInterface) ( (ATADevState *)((uintptr_t)(pInterface) - RT_OFFSETOF(ATADevState, IPort)) )
509
510#ifndef VBOX_DEVICE_STRUCT_TESTCASE
511/*******************************************************************************
512 * Internal Functions *
513 ******************************************************************************/
514RT_C_DECLS_BEGIN
515PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
516PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
517PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb);
518PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb);
519PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
520PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *u32, unsigned cb);
521PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb);
522PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb);
523RT_C_DECLS_END
524
525
526
527DECLINLINE(void) ataSetStatusValue(ATADevState *s, uint8_t stat)
528{
529 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
530
531 /* Freeze status register contents while processing RESET. */
532 if (!pCtl->fReset)
533 {
534 s->uATARegStatus = stat;
535 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
536 }
537}
538
539
540DECLINLINE(void) ataSetStatus(ATADevState *s, uint8_t stat)
541{
542 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
543
544 /* Freeze status register contents while processing RESET. */
545 if (!pCtl->fReset)
546 {
547 s->uATARegStatus |= stat;
548 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
549 }
550}
551
552
553DECLINLINE(void) ataUnsetStatus(ATADevState *s, uint8_t stat)
554{
555 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
556
557 /* Freeze status register contents while processing RESET. */
558 if (!pCtl->fReset)
559 {
560 s->uATARegStatus &= ~stat;
561 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, s->iLUN, s->uATARegStatus));
562 }
563}
564
565#ifdef IN_RING3
566
567typedef void (*PBeginTransferFunc)(ATADevState *);
568typedef bool (*PSourceSinkFunc)(ATADevState *);
569
570static void ataReadWriteSectorsBT(ATADevState *);
571static void ataPacketBT(ATADevState *);
572static void atapiCmdBT(ATADevState *);
573static void atapiPassthroughCmdBT(ATADevState *);
574
575static bool ataIdentifySS(ATADevState *);
576static bool ataFlushSS(ATADevState *);
577static bool ataReadSectorsSS(ATADevState *);
578static bool ataWriteSectorsSS(ATADevState *);
579static bool ataExecuteDeviceDiagnosticSS(ATADevState *);
580static bool ataPacketSS(ATADevState *);
581static bool atapiGetConfigurationSS(ATADevState *);
582static bool atapiGetEventStatusNotificationSS(ATADevState *);
583static bool atapiIdentifySS(ATADevState *);
584static bool atapiInquirySS(ATADevState *);
585static bool atapiMechanismStatusSS(ATADevState *);
586static bool atapiModeSenseErrorRecoverySS(ATADevState *);
587static bool atapiModeSenseCDStatusSS(ATADevState *);
588static bool atapiReadSS(ATADevState *);
589static bool atapiReadCapacitySS(ATADevState *);
590static bool atapiReadDiscInformationSS(ATADevState *);
591static bool atapiReadTOCNormalSS(ATADevState *);
592static bool atapiReadTOCMultiSS(ATADevState *);
593static bool atapiReadTOCRawSS(ATADevState *);
594static bool atapiReadTrackInformationSS(ATADevState *);
595static bool atapiRequestSenseSS(ATADevState *);
596static bool atapiPassthroughSS(ATADevState *);
597static bool atapiReadDVDStructureSS(ATADevState *);
598
599/**
600 * Begin of transfer function indexes for g_apfnBeginTransFuncs.
601 */
602typedef enum ATAFNBT
603{
604 ATAFN_BT_NULL = 0,
605 ATAFN_BT_READ_WRITE_SECTORS,
606 ATAFN_BT_PACKET,
607 ATAFN_BT_ATAPI_CMD,
608 ATAFN_BT_ATAPI_PASSTHROUGH_CMD,
609 ATAFN_BT_MAX
610} ATAFNBT;
611
612/**
613 * Array of end transfer functions, the index is ATAFNET.
614 * Make sure ATAFNET and this array match!
615 */
616static const PBeginTransferFunc g_apfnBeginTransFuncs[ATAFN_BT_MAX] =
617{
618 NULL,
619 ataReadWriteSectorsBT,
620 ataPacketBT,
621 atapiCmdBT,
622 atapiPassthroughCmdBT,
623};
624
625/**
626 * Source/sink function indexes for g_apfnSourceSinkFuncs.
627 */
628typedef enum ATAFNSS
629{
630 ATAFN_SS_NULL = 0,
631 ATAFN_SS_IDENTIFY,
632 ATAFN_SS_FLUSH,
633 ATAFN_SS_READ_SECTORS,
634 ATAFN_SS_WRITE_SECTORS,
635 ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC,
636 ATAFN_SS_PACKET,
637 ATAFN_SS_ATAPI_GET_CONFIGURATION,
638 ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION,
639 ATAFN_SS_ATAPI_IDENTIFY,
640 ATAFN_SS_ATAPI_INQUIRY,
641 ATAFN_SS_ATAPI_MECHANISM_STATUS,
642 ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY,
643 ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS,
644 ATAFN_SS_ATAPI_READ,
645 ATAFN_SS_ATAPI_READ_CAPACITY,
646 ATAFN_SS_ATAPI_READ_DISC_INFORMATION,
647 ATAFN_SS_ATAPI_READ_TOC_NORMAL,
648 ATAFN_SS_ATAPI_READ_TOC_MULTI,
649 ATAFN_SS_ATAPI_READ_TOC_RAW,
650 ATAFN_SS_ATAPI_READ_TRACK_INFORMATION,
651 ATAFN_SS_ATAPI_REQUEST_SENSE,
652 ATAFN_SS_ATAPI_PASSTHROUGH,
653 ATAFN_SS_ATAPI_READ_DVD_STRUCTURE,
654 ATAFN_SS_MAX
655} ATAFNSS;
656
657/**
658 * Array of source/sink functions, the index is ATAFNSS.
659 * Make sure ATAFNSS and this array match!
660 */
661static const PSourceSinkFunc g_apfnSourceSinkFuncs[ATAFN_SS_MAX] =
662{
663 NULL,
664 ataIdentifySS,
665 ataFlushSS,
666 ataReadSectorsSS,
667 ataWriteSectorsSS,
668 ataExecuteDeviceDiagnosticSS,
669 ataPacketSS,
670 atapiGetConfigurationSS,
671 atapiGetEventStatusNotificationSS,
672 atapiIdentifySS,
673 atapiInquirySS,
674 atapiMechanismStatusSS,
675 atapiModeSenseErrorRecoverySS,
676 atapiModeSenseCDStatusSS,
677 atapiReadSS,
678 atapiReadCapacitySS,
679 atapiReadDiscInformationSS,
680 atapiReadTOCNormalSS,
681 atapiReadTOCMultiSS,
682 atapiReadTOCRawSS,
683 atapiReadTrackInformationSS,
684 atapiRequestSenseSS,
685 atapiPassthroughSS,
686 atapiReadDVDStructureSS
687};
688
689
690static const ATARequest g_ataDMARequest = { ATA_AIO_DMA, { { 0, 0, 0, 0, 0 } } };
691static const ATARequest g_ataPIORequest = { ATA_AIO_PIO, { { 0, 0, 0, 0, 0 } } };
692static const ATARequest g_ataResetARequest = { ATA_AIO_RESET_ASSERTED, { { 0, 0, 0, 0, 0 } } };
693static const ATARequest g_ataResetCRequest = { ATA_AIO_RESET_CLEARED, { { 0, 0, 0, 0, 0 } } };
694
695static void ataAsyncIOClearRequests(PATACONTROLLER pCtl)
696{
697 int rc;
698
699 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
700 AssertRC(rc);
701 pCtl->AsyncIOReqHead = 0;
702 pCtl->AsyncIOReqTail = 0;
703 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
704 AssertRC(rc);
705}
706
707
708static void ataAsyncIOPutRequest(PATACONTROLLER pCtl, const ATARequest *pReq)
709{
710 int rc;
711
712 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
713 AssertRC(rc);
714 Assert((pCtl->AsyncIOReqHead + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests) != pCtl->AsyncIOReqTail);
715 memcpy(&pCtl->aAsyncIORequests[pCtl->AsyncIOReqHead], pReq, sizeof(*pReq));
716 pCtl->AsyncIOReqHead++;
717 pCtl->AsyncIOReqHead %= RT_ELEMENTS(pCtl->aAsyncIORequests);
718 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
719 AssertRC(rc);
720 rc = PDMR3CritSectScheduleExitEvent(&pCtl->lock, pCtl->AsyncIOSem);
721 if (RT_FAILURE(rc))
722 {
723 rc = RTSemEventSignal(pCtl->AsyncIOSem);
724 AssertRC(rc);
725 }
726}
727
728
729static const ATARequest *ataAsyncIOGetCurrentRequest(PATACONTROLLER pCtl)
730{
731 int rc;
732 const ATARequest *pReq;
733
734 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
735 AssertRC(rc);
736 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail)
737 pReq = &pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail];
738 else
739 pReq = NULL;
740 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
741 AssertRC(rc);
742 return pReq;
743}
744
745
746/**
747 * Remove the request with the given type, as it's finished. The request
748 * is not removed blindly, as this could mean a RESET request that is not
749 * yet processed (but has cleared the request queue) is lost.
750 *
751 * @param pCtl Controller for which to remove the request.
752 * @param ReqType Type of the request to remove.
753 */
754static void ataAsyncIORemoveCurrentRequest(PATACONTROLLER pCtl, ATAAIO ReqType)
755{
756 int rc;
757
758 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
759 AssertRC(rc);
760 if (pCtl->AsyncIOReqHead != pCtl->AsyncIOReqTail && pCtl->aAsyncIORequests[pCtl->AsyncIOReqTail].ReqType == ReqType)
761 {
762 pCtl->AsyncIOReqTail++;
763 pCtl->AsyncIOReqTail %= RT_ELEMENTS(pCtl->aAsyncIORequests);
764 }
765 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
766 AssertRC(rc);
767}
768
769
770/**
771 * Dump the request queue for a particular controller. First dump the queue
772 * contents, then the already processed entries, as long as they haven't been
773 * overwritten.
774 *
775 * @param pCtl Controller for which to dump the queue.
776 */
777static void ataAsyncIODumpRequests(PATACONTROLLER pCtl)
778{
779 int rc;
780 uint8_t curr;
781
782 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
783 AssertRC(rc);
784 LogRel(("PIIX3 ATA: Ctl#%d: request queue dump (topmost is current):\n", ATACONTROLLER_IDX(pCtl)));
785 curr = pCtl->AsyncIOReqTail;
786 do
787 {
788 if (curr == pCtl->AsyncIOReqHead)
789 LogRel(("PIIX3 ATA: Ctl#%d: processed requests (topmost is oldest):\n", ATACONTROLLER_IDX(pCtl)));
790 switch (pCtl->aAsyncIORequests[curr].ReqType)
791 {
792 case ATA_AIO_NEW:
793 LogRel(("new transfer request, iIf=%d iBeginTransfer=%d iSourceSink=%d cbTotalTransfer=%d uTxDir=%d\n", pCtl->aAsyncIORequests[curr].u.t.iIf, pCtl->aAsyncIORequests[curr].u.t.iBeginTransfer, pCtl->aAsyncIORequests[curr].u.t.iSourceSink, pCtl->aAsyncIORequests[curr].u.t.cbTotalTransfer, pCtl->aAsyncIORequests[curr].u.t.uTxDir));
794 break;
795 case ATA_AIO_DMA:
796 LogRel(("dma transfer continuation\n"));
797 break;
798 case ATA_AIO_PIO:
799 LogRel(("pio transfer continuation\n"));
800 break;
801 case ATA_AIO_RESET_ASSERTED:
802 LogRel(("reset asserted request\n"));
803 break;
804 case ATA_AIO_RESET_CLEARED:
805 LogRel(("reset cleared request\n"));
806 break;
807 case ATA_AIO_ABORT:
808 LogRel(("abort request, iIf=%d fResetDrive=%d\n", pCtl->aAsyncIORequests[curr].u.a.iIf, pCtl->aAsyncIORequests[curr].u.a.fResetDrive));
809 break;
810 default:
811 LogRel(("unknown request %d\n", pCtl->aAsyncIORequests[curr].ReqType));
812 }
813 curr = (curr + 1) % RT_ELEMENTS(pCtl->aAsyncIORequests);
814 } while (curr != pCtl->AsyncIOReqTail);
815 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
816 AssertRC(rc);
817}
818
819
820/**
821 * Checks whether the request queue for a particular controller is empty
822 * or whether a particular controller is idle.
823 *
824 * @param pCtl Controller for which to check the queue.
825 * @param fStrict If set then the controller is checked to be idle.
826 */
827static bool ataAsyncIOIsIdle(PATACONTROLLER pCtl, bool fStrict)
828{
829 int rc;
830 bool fIdle;
831
832 rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT);
833 AssertRC(rc);
834 fIdle = pCtl->fRedoIdle;
835 if (!fIdle)
836 fIdle = (pCtl->AsyncIOReqHead == pCtl->AsyncIOReqTail);
837 if (fStrict)
838 fIdle &= (pCtl->uAsyncIOState == ATA_AIO_NEW);
839 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex);
840 AssertRC(rc);
841 return fIdle;
842}
843
844
845/**
846 * Send a transfer request to the async I/O thread.
847 *
848 * @param s Pointer to the ATA device state data.
849 * @param cbTotalTransfer Data transfer size.
850 * @param uTxDir Data transfer direction.
851 * @param iBeginTransfer Index of BeginTransfer callback.
852 * @param iSourceSink Index of SourceSink callback.
853 * @param fChainedTransfer Whether this is a transfer that is part of the previous command/transfer.
854 */
855static void ataStartTransfer(ATADevState *s, uint32_t cbTotalTransfer, uint8_t uTxDir, ATAFNBT iBeginTransfer, ATAFNSS iSourceSink, bool fChainedTransfer)
856{
857 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
858 ATARequest Req;
859
860 Assert(PDMCritSectIsOwner(&pCtl->lock));
861
862 /* Do not issue new requests while the RESET line is asserted. */
863 if (pCtl->fReset)
864 {
865 Log2(("%s: Ctl#%d: suppressed new request as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
866 return;
867 }
868
869 /* If the controller is already doing something else right now, ignore
870 * the command that is being submitted. Some broken guests issue commands
871 * twice (e.g. the Linux kernel that comes with Acronis True Image 8). */
872 if (!fChainedTransfer && !ataAsyncIOIsIdle(pCtl, true /*fStrict*/))
873 {
874 Log(("%s: Ctl#%d: ignored command %#04x, controller state %d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegCommand, pCtl->uAsyncIOState));
875 LogRel(("PIIX3 IDE: guest issued command %#04x while controller busy\n", s->uATARegCommand));
876 return;
877 }
878
879 Req.ReqType = ATA_AIO_NEW;
880 if (fChainedTransfer)
881 Req.u.t.iIf = pCtl->iAIOIf;
882 else
883 Req.u.t.iIf = pCtl->iSelectedIf;
884 Req.u.t.cbTotalTransfer = cbTotalTransfer;
885 Req.u.t.uTxDir = uTxDir;
886 Req.u.t.iBeginTransfer = iBeginTransfer;
887 Req.u.t.iSourceSink = iSourceSink;
888 ataSetStatusValue(s, ATA_STAT_BUSY);
889 pCtl->fChainedTransfer = fChainedTransfer;
890
891 /*
892 * Kick the worker thread into action.
893 */
894 Log2(("%s: Ctl#%d: message to async I/O thread, new request\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
895 ataAsyncIOPutRequest(pCtl, &Req);
896}
897
898
899/**
900 * Send an abort command request to the async I/O thread.
901 *
902 * @param s Pointer to the ATA device state data.
903 * @param fResetDrive Whether to reset the drive or just abort a command.
904 */
905static void ataAbortCurrentCommand(ATADevState *s, bool fResetDrive)
906{
907 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
908 ATARequest Req;
909
910 Assert(PDMCritSectIsOwner(&pCtl->lock));
911
912 /* Do not issue new requests while the RESET line is asserted. */
913 if (pCtl->fReset)
914 {
915 Log2(("%s: Ctl#%d: suppressed aborting command as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
916 return;
917 }
918
919 Req.ReqType = ATA_AIO_ABORT;
920 Req.u.a.iIf = pCtl->iSelectedIf;
921 Req.u.a.fResetDrive = fResetDrive;
922 ataSetStatus(s, ATA_STAT_BUSY);
923 Log2(("%s: Ctl#%d: message to async I/O thread, abort command on LUN#%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->iLUN));
924 ataAsyncIOPutRequest(pCtl, &Req);
925}
926
927
928static void ataSetIRQ(ATADevState *s)
929{
930 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
931 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
932
933 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
934 {
935 Log2(("%s: LUN#%d asserting IRQ\n", __FUNCTION__, s->iLUN));
936 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the interrupt
937 * line is asserted. It monitors the line for a rising edge. */
938 if (!s->fIrqPending)
939 pCtl->BmDma.u8Status |= BM_STATUS_INT;
940 /* Only actually set the IRQ line if updating the currently selected drive. */
941 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
942 {
943 /** @todo experiment with adaptive IRQ delivery: for reads it is
944 * better to wait for IRQ delivery, as it reduces latency. */
945 if (pCtl->irq == 16)
946 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
947 else
948 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
949 }
950 }
951 s->fIrqPending = true;
952}
953
954#endif /* IN_RING3 */
955
956static void ataUnsetIRQ(ATADevState *s)
957{
958 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
959 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
960
961 if (!(s->uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ))
962 {
963 Log2(("%s: LUN#%d deasserting IRQ\n", __FUNCTION__, s->iLUN));
964 /* Only actually unset the IRQ line if updating the currently selected drive. */
965 if (s == &pCtl->aIfs[pCtl->iSelectedIf])
966 {
967 if (pCtl->irq == 16)
968 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
969 else
970 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
971 }
972 }
973 s->fIrqPending = false;
974}
975
976#ifdef IN_RING3
977
978static void ataPIOTransferStart(ATADevState *s, uint32_t start, uint32_t size)
979{
980 Log2(("%s: LUN#%d start %d size %d\n", __FUNCTION__, s->iLUN, start, size));
981 s->iIOBufferPIODataStart = start;
982 s->iIOBufferPIODataEnd = start + size;
983 ataSetStatus(s, ATA_STAT_DRQ);
984}
985
986
987static void ataPIOTransferStop(ATADevState *s)
988{
989 Log2(("%s: LUN#%d\n", __FUNCTION__, s->iLUN));
990 if (s->fATAPITransfer)
991 {
992 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
993 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
994 ataSetIRQ(s);
995 s->fATAPITransfer = false;
996 }
997 s->cbTotalTransfer = 0;
998 s->cbElementaryTransfer = 0;
999 s->iIOBufferPIODataStart = 0;
1000 s->iIOBufferPIODataEnd = 0;
1001 s->iBeginTransfer = ATAFN_BT_NULL;
1002 s->iSourceSink = ATAFN_SS_NULL;
1003}
1004
1005
1006static void ataPIOTransferLimitATAPI(ATADevState *s)
1007{
1008 uint32_t cbLimit, cbTransfer;
1009
1010 cbLimit = s->uATARegLCyl | (s->uATARegHCyl << 8);
1011 /* Use maximum transfer size if the guest requested 0. Avoids a hang. */
1012 if (cbLimit == 0)
1013 cbLimit = 0xfffe;
1014 Log2(("%s: byte count limit=%d\n", __FUNCTION__, cbLimit));
1015 if (cbLimit == 0xffff)
1016 cbLimit--;
1017 cbTransfer = RT_MIN(s->cbTotalTransfer, s->iIOBufferEnd - s->iIOBufferCur);
1018 if (cbTransfer > cbLimit)
1019 {
1020 /* Byte count limit for clipping must be even in this case */
1021 if (cbLimit & 1)
1022 cbLimit--;
1023 cbTransfer = cbLimit;
1024 }
1025 s->uATARegLCyl = cbTransfer;
1026 s->uATARegHCyl = cbTransfer >> 8;
1027 s->cbElementaryTransfer = cbTransfer;
1028}
1029
1030
1031static uint32_t ataGetNSectors(ATADevState *s)
1032{
1033 /* 0 means either 256 (LBA28) or 65536 (LBA48) sectors. */
1034 if (s->fLBA48)
1035 {
1036 if (!s->uATARegNSector && !s->uATARegNSectorHOB)
1037 return 65536;
1038 else
1039 return s->uATARegNSectorHOB << 8 | s->uATARegNSector;
1040 }
1041 else
1042 {
1043 if (!s->uATARegNSector)
1044 return 256;
1045 else
1046 return s->uATARegNSector;
1047 }
1048}
1049
1050
1051static void ataPadString(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1052{
1053 for (uint32_t i = 0; i < cbSize; i++)
1054 {
1055 if (*pbSrc)
1056 pbDst[i ^ 1] = *pbSrc++;
1057 else
1058 pbDst[i ^ 1] = ' ';
1059 }
1060}
1061
1062
1063static void ataSCSIPadStr(uint8_t *pbDst, const char *pbSrc, uint32_t cbSize)
1064{
1065 for (uint32_t i = 0; i < cbSize; i++)
1066 {
1067 if (*pbSrc)
1068 pbDst[i] = *pbSrc++;
1069 else
1070 pbDst[i] = ' ';
1071 }
1072}
1073
1074
1075DECLINLINE(void) ataH2BE_U16(uint8_t *pbBuf, uint16_t val)
1076{
1077 pbBuf[0] = val >> 8;
1078 pbBuf[1] = val;
1079}
1080
1081
1082DECLINLINE(void) ataH2BE_U24(uint8_t *pbBuf, uint32_t val)
1083{
1084 pbBuf[0] = val >> 16;
1085 pbBuf[1] = val >> 8;
1086 pbBuf[2] = val;
1087}
1088
1089
1090DECLINLINE(void) ataH2BE_U32(uint8_t *pbBuf, uint32_t val)
1091{
1092 pbBuf[0] = val >> 24;
1093 pbBuf[1] = val >> 16;
1094 pbBuf[2] = val >> 8;
1095 pbBuf[3] = val;
1096}
1097
1098
1099DECLINLINE(uint16_t) ataBE2H_U16(const uint8_t *pbBuf)
1100{
1101 return (pbBuf[0] << 8) | pbBuf[1];
1102}
1103
1104
1105DECLINLINE(uint32_t) ataBE2H_U24(const uint8_t *pbBuf)
1106{
1107 return (pbBuf[0] << 16) | (pbBuf[1] << 8) | pbBuf[2];
1108}
1109
1110
1111DECLINLINE(uint32_t) ataBE2H_U32(const uint8_t *pbBuf)
1112{
1113 return (pbBuf[0] << 24) | (pbBuf[1] << 16) | (pbBuf[2] << 8) | pbBuf[3];
1114}
1115
1116
1117DECLINLINE(void) ataLBA2MSF(uint8_t *pbBuf, uint32_t iATAPILBA)
1118{
1119 iATAPILBA += 150;
1120 pbBuf[0] = (iATAPILBA / 75) / 60;
1121 pbBuf[1] = (iATAPILBA / 75) % 60;
1122 pbBuf[2] = iATAPILBA % 75;
1123}
1124
1125
1126DECLINLINE(uint32_t) ataMSF2LBA(const uint8_t *pbBuf)
1127{
1128 return (pbBuf[0] * 60 + pbBuf[1]) * 75 + pbBuf[2];
1129}
1130
1131
1132static void ataCmdOK(ATADevState *s, uint8_t status)
1133{
1134 s->uATARegError = 0; /* Not needed by ATA spec, but cannot hurt. */
1135 ataSetStatusValue(s, ATA_STAT_READY | status);
1136}
1137
1138
1139static void ataCmdError(ATADevState *s, uint8_t uErrorCode)
1140{
1141 Log(("%s: code=%#x\n", __FUNCTION__, uErrorCode));
1142 Assert(uErrorCode);
1143 s->uATARegError = uErrorCode;
1144 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1145 s->cbTotalTransfer = 0;
1146 s->cbElementaryTransfer = 0;
1147 s->iIOBufferCur = 0;
1148 s->iIOBufferEnd = 0;
1149 s->uTxDir = PDMBLOCKTXDIR_NONE;
1150 s->iBeginTransfer = ATAFN_BT_NULL;
1151 s->iSourceSink = ATAFN_SS_NULL;
1152}
1153
1154static uint32_t ataChecksum(void* ptr, size_t count)
1155{
1156 uint8_t u8Sum = 0xa5, *p = (uint8_t*)ptr;
1157 size_t i;
1158
1159 for (i = 0; i < count; i++)
1160 {
1161 u8Sum += *p++;
1162 }
1163
1164 return (uint8_t)-(int32_t)u8Sum;
1165}
1166
1167static bool ataIdentifySS(ATADevState *s)
1168{
1169 uint16_t *p;
1170
1171 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1172 Assert(s->cbElementaryTransfer == 512);
1173
1174 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1175 memset(p, 0, 512);
1176 p[0] = RT_H2LE_U16(0x0040);
1177 p[1] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1178 p[3] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1179 /* Block size; obsolete, but required for the BIOS. */
1180 p[5] = RT_H2LE_U16(512);
1181 p[6] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1182 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1183 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1184 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1185 p[22] = RT_H2LE_U16(0); /* ECC bytes per sector */
1186 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1187 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1188#if ATA_MAX_MULT_SECTORS > 1
1189 p[47] = RT_H2LE_U16(0x8000 | ATA_MAX_MULT_SECTORS);
1190#endif
1191 p[48] = RT_H2LE_U16(1); /* dword I/O, used by the BIOS */
1192 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1193 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1194 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1195 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1196 p[53] = RT_H2LE_U16(1 | 1 << 1 | 1 << 2); /* words 54-58,64-70,88 valid */
1197 p[54] = RT_H2LE_U16(RT_MIN(s->PCHSGeometry.cCylinders, 16383));
1198 p[55] = RT_H2LE_U16(s->PCHSGeometry.cHeads);
1199 p[56] = RT_H2LE_U16(s->PCHSGeometry.cSectors);
1200 p[57] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1201 * s->PCHSGeometry.cHeads
1202 * s->PCHSGeometry.cSectors);
1203 p[58] = RT_H2LE_U16( RT_MIN(s->PCHSGeometry.cCylinders, 16383)
1204 * s->PCHSGeometry.cHeads
1205 * s->PCHSGeometry.cSectors >> 16);
1206 if (s->cMultSectors)
1207 p[59] = RT_H2LE_U16(0x100 | s->cMultSectors);
1208 if (s->cTotalSectors <= (1 << 28) - 1)
1209 {
1210 p[60] = RT_H2LE_U16(s->cTotalSectors);
1211 p[61] = RT_H2LE_U16(s->cTotalSectors >> 16);
1212 }
1213 else
1214 {
1215 /* Report maximum number of sectors possible with LBA28 */
1216 p[60] = RT_H2LE_U16(((1 << 28) - 1) & 0xffff);
1217 p[61] = RT_H2LE_U16(((1 << 28) - 1) >> 16);
1218 }
1219 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1220 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1221 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1222 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1223 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1224 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1225 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1226 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1227 p[82] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* supports power management, write cache and look-ahead */
1228 if (s->cTotalSectors <= (1 << 28) - 1)
1229 p[83] = RT_H2LE_U16(1 << 14 | 1 << 12); /* supports FLUSH CACHE */
1230 else
1231 p[83] = RT_H2LE_U16(1 << 14 | 1 << 10 | 1 << 12 | 1 << 13); /* supports LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1232 p[84] = RT_H2LE_U16(1 << 14);
1233 p[85] = RT_H2LE_U16(1 << 3 | 1 << 5 | 1 << 6); /* enabled power management, write cache and look-ahead */
1234 if (s->cTotalSectors <= (1 << 28) - 1)
1235 p[86] = RT_H2LE_U16(1 << 12); /* enabled FLUSH CACHE */
1236 else
1237 p[86] = RT_H2LE_U16(1 << 10 | 1 << 12 | 1 << 13); /* enabled LBA48, FLUSH CACHE and FLUSH CACHE EXT */
1238 p[87] = RT_H2LE_U16(1 << 14);
1239 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1240 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1241 if (s->cTotalSectors > (1 << 28) - 1)
1242 {
1243 p[100] = RT_H2LE_U16(s->cTotalSectors);
1244 p[101] = RT_H2LE_U16(s->cTotalSectors >> 16);
1245 p[102] = RT_H2LE_U16(s->cTotalSectors >> 32);
1246 p[103] = RT_H2LE_U16(s->cTotalSectors >> 48);
1247 }
1248 uint32_t uCsum = ataChecksum(p, 510);
1249 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1250 s->iSourceSink = ATAFN_SS_NULL;
1251 ataCmdOK(s, ATA_STAT_SEEK);
1252 return false;
1253}
1254
1255
1256static bool ataFlushSS(ATADevState *s)
1257{
1258 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1259 int rc;
1260
1261 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE);
1262 Assert(!s->cbElementaryTransfer);
1263
1264 PDMCritSectLeave(&pCtl->lock);
1265
1266 STAM_PROFILE_START(&s->StatFlushes, f);
1267 rc = s->pDrvBlock->pfnFlush(s->pDrvBlock);
1268 AssertRC(rc);
1269 STAM_PROFILE_STOP(&s->StatFlushes, f);
1270
1271 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1272 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1273 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1274 ataCmdOK(s, 0);
1275 return false;
1276}
1277
1278static bool atapiIdentifySS(ATADevState *s)
1279{
1280 uint16_t *p;
1281
1282 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1283 Assert(s->cbElementaryTransfer == 512);
1284
1285 p = (uint16_t *)s->CTX_SUFF(pbIOBuffer);
1286 memset(p, 0, 512);
1287 /* Removable CDROM, 50us response, 12 byte packets */
1288 p[0] = RT_H2LE_U16(2 << 14 | 5 << 8 | 1 << 7 | 2 << 5 | 0 << 0);
1289 ataPadString((uint8_t *)(p + 10), s->szSerialNumber, ATA_SERIAL_NUMBER_LENGTH); /* serial number */
1290 p[20] = RT_H2LE_U16(3); /* XXX: retired, cache type */
1291 p[21] = RT_H2LE_U16(512); /* XXX: retired, cache size in sectors */
1292 ataPadString((uint8_t *)(p + 23), s->szFirmwareRevision, ATA_FIRMWARE_REVISION_LENGTH); /* firmware version */
1293 ataPadString((uint8_t *)(p + 27), s->szModelNumber, ATA_MODEL_NUMBER_LENGTH); /* model */
1294 p[49] = RT_H2LE_U16(1 << 11 | 1 << 9 | 1 << 8); /* DMA and LBA supported */
1295 p[50] = RT_H2LE_U16(1 << 14); /* No drive specific standby timer minimum */
1296 p[51] = RT_H2LE_U16(240); /* PIO transfer cycle */
1297 p[52] = RT_H2LE_U16(240); /* DMA transfer cycle */
1298 p[53] = RT_H2LE_U16(1 << 1 | 1 << 2); /* words 64-70,88 are valid */
1299 p[63] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_MDMA, ATA_MDMA_MODE_MAX, s->uATATransferMode)); /* MDMA modes supported / mode enabled */
1300 p[64] = RT_H2LE_U16(ATA_PIO_MODE_MAX > 2 ? (1 << (ATA_PIO_MODE_MAX - 2)) - 1 : 0); /* PIO modes beyond PIO2 supported */
1301 p[65] = RT_H2LE_U16(120); /* minimum DMA multiword tx cycle time */
1302 p[66] = RT_H2LE_U16(120); /* recommended DMA multiword tx cycle time */
1303 p[67] = RT_H2LE_U16(120); /* minimum PIO cycle time without flow control */
1304 p[68] = RT_H2LE_U16(120); /* minimum PIO cycle time with IORDY flow control */
1305 p[73] = RT_H2LE_U16(0x003e); /* ATAPI CDROM major */
1306 p[74] = RT_H2LE_U16(9); /* ATAPI CDROM minor */
1307 p[75] = RT_H2LE_U16(1); /* queue depth 1 */
1308 p[80] = RT_H2LE_U16(0x7e); /* support everything up to ATA/ATAPI-6 */
1309 p[81] = RT_H2LE_U16(0x22); /* conforms to ATA/ATAPI-6 */
1310 p[82] = RT_H2LE_U16(1 << 4 | 1 << 9); /* supports packet command set and DEVICE RESET */
1311 p[83] = RT_H2LE_U16(1 << 14);
1312 p[84] = RT_H2LE_U16(1 << 14);
1313 p[85] = RT_H2LE_U16(1 << 4 | 1 << 9); /* enabled packet command set and DEVICE RESET */
1314 p[86] = RT_H2LE_U16(0);
1315 p[87] = RT_H2LE_U16(1 << 14);
1316 p[88] = RT_H2LE_U16(ATA_TRANSFER_ID(ATA_MODE_UDMA, ATA_UDMA_MODE_MAX, s->uATATransferMode)); /* UDMA modes supported / mode enabled */
1317 p[93] = RT_H2LE_U16((1 | 1 << 1) << ((s->iLUN & 1) == 0 ? 0 : 8) | 1 << 13 | 1 << 14);
1318 /* According to ATAPI-5 spec:
1319 *
1320 * The use of this word is optional.
1321 * If bits 7:0 of this word contain the signature A5h, bits 15:8
1322 * contain the data
1323 * structure checksum.
1324 * The data structure checksum is the twos complement of the sum of
1325 * all bytes in words 0 through 254 and the byte consisting of
1326 * bits 7:0 in word 255.
1327 * Each byte shall be added with unsigned arithmetic,
1328 * and overflow shall be ignored.
1329 * The sum of all 512 bytes is zero when the checksum is correct.
1330 */
1331 uint32_t uCsum = ataChecksum(p, 510);
1332 p[255] = RT_H2LE_U16(0xa5 | (uCsum << 8)); /* Integrity word */
1333
1334 s->iSourceSink = ATAFN_SS_NULL;
1335 ataCmdOK(s, ATA_STAT_SEEK);
1336 return false;
1337}
1338
1339
1340static void ataSetSignature(ATADevState *s)
1341{
1342 s->uATARegSelect &= 0xf0; /* clear head */
1343 /* put signature */
1344 s->uATARegNSector = 1;
1345 s->uATARegSector = 1;
1346 if (s->fATAPI)
1347 {
1348 s->uATARegLCyl = 0x14;
1349 s->uATARegHCyl = 0xeb;
1350 }
1351 else if (s->pDrvBlock)
1352 {
1353 s->uATARegLCyl = 0;
1354 s->uATARegHCyl = 0;
1355 }
1356 else
1357 {
1358 s->uATARegLCyl = 0xff;
1359 s->uATARegHCyl = 0xff;
1360 }
1361}
1362
1363
1364static uint64_t ataGetSector(ATADevState *s)
1365{
1366 uint64_t iLBA;
1367 if (s->uATARegSelect & 0x40)
1368 {
1369 /* any LBA variant */
1370 if (s->fLBA48)
1371 {
1372 /* LBA48 */
1373 iLBA = ((uint64_t)s->uATARegHCylHOB << 40) |
1374 ((uint64_t)s->uATARegLCylHOB << 32) |
1375 ((uint64_t)s->uATARegSectorHOB << 24) |
1376 ((uint64_t)s->uATARegHCyl << 16) |
1377 ((uint64_t)s->uATARegLCyl << 8) |
1378 s->uATARegSector;
1379 }
1380 else
1381 {
1382 /* LBA */
1383 iLBA = ((s->uATARegSelect & 0x0f) << 24) | (s->uATARegHCyl << 16) |
1384 (s->uATARegLCyl << 8) | s->uATARegSector;
1385 }
1386 }
1387 else
1388 {
1389 /* CHS */
1390 iLBA = ((s->uATARegHCyl << 8) | s->uATARegLCyl) * s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors +
1391 (s->uATARegSelect & 0x0f) * s->PCHSGeometry.cSectors +
1392 (s->uATARegSector - 1);
1393 }
1394 return iLBA;
1395}
1396
1397static void ataSetSector(ATADevState *s, uint64_t iLBA)
1398{
1399 uint32_t cyl, r;
1400 if (s->uATARegSelect & 0x40)
1401 {
1402 /* any LBA variant */
1403 if (s->fLBA48)
1404 {
1405 /* LBA48 */
1406 s->uATARegHCylHOB = iLBA >> 40;
1407 s->uATARegLCylHOB = iLBA >> 32;
1408 s->uATARegSectorHOB = iLBA >> 24;
1409 s->uATARegHCyl = iLBA >> 16;
1410 s->uATARegLCyl = iLBA >> 8;
1411 s->uATARegSector = iLBA;
1412 }
1413 else
1414 {
1415 /* LBA */
1416 s->uATARegSelect = (s->uATARegSelect & 0xf0) | (iLBA >> 24);
1417 s->uATARegHCyl = (iLBA >> 16);
1418 s->uATARegLCyl = (iLBA >> 8);
1419 s->uATARegSector = (iLBA);
1420 }
1421 }
1422 else
1423 {
1424 /* CHS */
1425 cyl = iLBA / (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1426 r = iLBA % (s->PCHSGeometry.cHeads * s->PCHSGeometry.cSectors);
1427 s->uATARegHCyl = cyl >> 8;
1428 s->uATARegLCyl = cyl;
1429 s->uATARegSelect = (s->uATARegSelect & 0xf0) | ((r / s->PCHSGeometry.cSectors) & 0x0f);
1430 s->uATARegSector = (r % s->PCHSGeometry.cSectors) + 1;
1431 }
1432}
1433
1434
1435static void ataWarningDiskFull(PPDMDEVINS pDevIns)
1436{
1437 int rc;
1438 LogRel(("PIIX3 ATA: Host disk full\n"));
1439 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_DISKFULL",
1440 N_("Host system reported disk full. VM execution is suspended. You can resume after freeing some space"));
1441 AssertRC(rc);
1442}
1443
1444static void ataWarningFileTooBig(PPDMDEVINS pDevIns)
1445{
1446 int rc;
1447 LogRel(("PIIX3 ATA: File too big\n"));
1448 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_FILETOOBIG",
1449 N_("Host system reported that the file size limit of the host file system has been exceeded. VM execution is suspended. You need to move your virtual hard disk to a filesystem which allows bigger files"));
1450 AssertRC(rc);
1451}
1452
1453static void ataWarningISCSI(PPDMDEVINS pDevIns)
1454{
1455 int rc;
1456 LogRel(("PIIX3 ATA: iSCSI target unavailable\n"));
1457 rc = PDMDevHlpVMSetRuntimeError(pDevIns, VMSETRTERR_FLAGS_SUSPEND | VMSETRTERR_FLAGS_NO_WAIT, "DevATA_ISCSIDOWN",
1458 N_("The iSCSI target has stopped responding. VM execution is suspended. You can resume when it is available again"));
1459 AssertRC(rc);
1460}
1461
1462static bool ataIsRedoSetWarning(ATADevState *s, int rc)
1463{
1464 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1465 Assert(!PDMCritSectIsOwner(&pCtl->lock));
1466 if (rc == VERR_DISK_FULL)
1467 {
1468 pCtl->fRedoIdle = true;
1469 ataWarningDiskFull(ATADEVSTATE_2_DEVINS(s));
1470 return true;
1471 }
1472 if (rc == VERR_FILE_TOO_BIG)
1473 {
1474 pCtl->fRedoIdle = true;
1475 ataWarningFileTooBig(ATADEVSTATE_2_DEVINS(s));
1476 return true;
1477 }
1478 if (rc == VERR_BROKEN_PIPE || rc == VERR_NET_CONNECTION_REFUSED)
1479 {
1480 pCtl->fRedoIdle = true;
1481 /* iSCSI connection abort (first error) or failure to reestablish
1482 * connection (second error). Pause VM. On resume we'll retry. */
1483 ataWarningISCSI(ATADEVSTATE_2_DEVINS(s));
1484 return true;
1485 }
1486 return false;
1487}
1488
1489
1490static int ataReadSectors(ATADevState *s, uint64_t u64Sector, void *pvBuf,
1491 uint32_t cSectors, bool *pfRedo)
1492{
1493 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1494 int rc;
1495
1496 PDMCritSectLeave(&pCtl->lock);
1497
1498 STAM_PROFILE_ADV_START(&s->StatReads, r);
1499 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1500 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1501 s->Led.Actual.s.fReading = 0;
1502 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1503
1504 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cSectors * 512);
1505
1506 if (RT_SUCCESS(rc))
1507 *pfRedo = false;
1508 else
1509 *pfRedo = ataIsRedoSetWarning(s, rc);
1510
1511 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1512 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1513 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1514 return rc;
1515}
1516
1517
1518static int ataWriteSectors(ATADevState *s, uint64_t u64Sector,
1519 const void *pvBuf, uint32_t cSectors, bool *pfRedo)
1520{
1521 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1522 int rc;
1523
1524 PDMCritSectLeave(&pCtl->lock);
1525
1526 STAM_PROFILE_ADV_START(&s->StatWrites, w);
1527 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1528#ifdef VBOX_INSTRUMENT_DMA_WRITES
1529 if (s->fDMA)
1530 STAM_PROFILE_ADV_START(&s->StatInstrVDWrites, vw);
1531#endif
1532 rc = s->pDrvBlock->pfnWrite(s->pDrvBlock, u64Sector * 512, pvBuf, cSectors * 512);
1533#ifdef VBOX_INSTRUMENT_DMA_WRITES
1534 if (s->fDMA)
1535 STAM_PROFILE_ADV_STOP(&s->StatInstrVDWrites, vw);
1536#endif
1537 s->Led.Actual.s.fWriting = 0;
1538 STAM_PROFILE_ADV_STOP(&s->StatWrites, w);
1539
1540 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cSectors * 512);
1541
1542 if (RT_SUCCESS(rc))
1543 *pfRedo = false;
1544 else
1545 *pfRedo = ataIsRedoSetWarning(s, rc);
1546
1547 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1548 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1549 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1550 return rc;
1551}
1552
1553
1554static void ataReadWriteSectorsBT(ATADevState *s)
1555{
1556 uint32_t cSectors;
1557
1558 cSectors = s->cbTotalTransfer / 512;
1559 if (cSectors > s->cSectorsPerIRQ)
1560 s->cbElementaryTransfer = s->cSectorsPerIRQ * 512;
1561 else
1562 s->cbElementaryTransfer = cSectors * 512;
1563 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1564 ataCmdOK(s, 0);
1565}
1566
1567
1568static bool ataReadSectorsSS(ATADevState *s)
1569{
1570 int rc;
1571 uint32_t cSectors;
1572 uint64_t iLBA;
1573 bool fRedo;
1574
1575 cSectors = s->cbElementaryTransfer / 512;
1576 Assert(cSectors);
1577 iLBA = ataGetSector(s);
1578 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1579 rc = ataReadSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1580 if (RT_SUCCESS(rc))
1581 {
1582 ataSetSector(s, iLBA + cSectors);
1583 if (s->cbElementaryTransfer == s->cbTotalTransfer)
1584 s->iSourceSink = ATAFN_SS_NULL;
1585 ataCmdOK(s, ATA_STAT_SEEK);
1586 }
1587 else
1588 {
1589 if (fRedo)
1590 return fRedo;
1591 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1592 LogRel(("PIIX3 ATA: LUN#%d: disk read error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1593 s->iLUN, rc, iLBA, cSectors));
1594
1595 /*
1596 * Check if we got interrupted. We don't need to set status variables
1597 * because the request was aborted.
1598 */
1599 if (rc != VERR_INTERRUPTED)
1600 ataCmdError(s, ID_ERR);
1601 }
1602 return false;
1603}
1604
1605
1606static bool ataWriteSectorsSS(ATADevState *s)
1607{
1608 int rc;
1609 uint32_t cSectors;
1610 uint64_t iLBA;
1611 bool fRedo;
1612
1613 cSectors = s->cbElementaryTransfer / 512;
1614 Assert(cSectors);
1615 iLBA = ataGetSector(s);
1616 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, iLBA));
1617 rc = ataWriteSectors(s, iLBA, s->CTX_SUFF(pbIOBuffer), cSectors, &fRedo);
1618 if (RT_SUCCESS(rc))
1619 {
1620 ataSetSector(s, iLBA + cSectors);
1621 if (!s->cbTotalTransfer)
1622 s->iSourceSink = ATAFN_SS_NULL;
1623 ataCmdOK(s, ATA_STAT_SEEK);
1624 }
1625 else
1626 {
1627 if (fRedo)
1628 return fRedo;
1629 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1630 LogRel(("PIIX3 ATA: LUN#%d: disk write error (rc=%Rrc iSector=%#RX64 cSectors=%#RX32)\n",
1631 s->iLUN, rc, iLBA, cSectors));
1632
1633 /*
1634 * Check if we got interrupted. We don't need to set status variables
1635 * because the request was aborted.
1636 */
1637 if (rc != VERR_INTERRUPTED)
1638 ataCmdError(s, ID_ERR);
1639 }
1640 return false;
1641}
1642
1643
1644static void atapiCmdOK(ATADevState *s)
1645{
1646 s->uATARegError = 0;
1647 ataSetStatusValue(s, ATA_STAT_READY);
1648 s->uATARegNSector = (s->uATARegNSector & ~7)
1649 | ((s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE) ? ATAPI_INT_REASON_IO : 0)
1650 | (!s->cbTotalTransfer ? ATAPI_INT_REASON_CD : 0);
1651 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1652
1653 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1654 s->abATAPISense[0] = 0x70 | (1 << 7);
1655 s->abATAPISense[7] = 10;
1656}
1657
1658
1659static void atapiCmdError(ATADevState *s, const uint8_t *pabATAPISense, size_t cbATAPISense)
1660{
1661 Log(("%s: sense=%#x (%s) asc=%#x ascq=%#x (%s)\n", __FUNCTION__, pabATAPISense[2] & 0x0f, SCSISenseText(pabATAPISense[2] & 0x0f),
1662 pabATAPISense[12], pabATAPISense[13], SCSISenseExtText(pabATAPISense[12], pabATAPISense[13])));
1663 s->uATARegError = pabATAPISense[2] << 4;
1664 ataSetStatusValue(s, ATA_STAT_READY | ATA_STAT_ERR);
1665 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
1666 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
1667 memset(s->abATAPISense, '\0', sizeof(s->abATAPISense));
1668 memcpy(s->abATAPISense, pabATAPISense, RT_MIN(cbATAPISense, sizeof(s->abATAPISense)));
1669 s->cbTotalTransfer = 0;
1670 s->cbElementaryTransfer = 0;
1671 s->iIOBufferCur = 0;
1672 s->iIOBufferEnd = 0;
1673 s->uTxDir = PDMBLOCKTXDIR_NONE;
1674 s->iBeginTransfer = ATAFN_BT_NULL;
1675 s->iSourceSink = ATAFN_SS_NULL;
1676}
1677
1678
1679/** @todo deprecated function - doesn't provide enough info. Replace by direct
1680 * calls to atapiCmdError() with full data. */
1681static void atapiCmdErrorSimple(ATADevState *s, uint8_t uATAPISenseKey, uint8_t uATAPIASC)
1682{
1683 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1684 memset(abATAPISense, '\0', sizeof(abATAPISense));
1685 abATAPISense[0] = 0x70 | (1 << 7);
1686 abATAPISense[2] = uATAPISenseKey & 0x0f;
1687 abATAPISense[7] = 10;
1688 abATAPISense[12] = uATAPIASC;
1689 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
1690}
1691
1692
1693static void atapiCmdBT(ATADevState *s)
1694{
1695 s->fATAPITransfer = true;
1696 s->cbElementaryTransfer = s->cbTotalTransfer;
1697 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1698 atapiCmdOK(s);
1699}
1700
1701
1702static void atapiPassthroughCmdBT(ATADevState *s)
1703{
1704 /* @todo implement an algorithm for correctly determining the read and
1705 * write sector size without sending additional commands to the drive.
1706 * This should be doable by saving processing the configuration requests
1707 * and replies. */
1708#if 0
1709 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1710 {
1711 uint8_t cmd = s->aATAPICmd[0];
1712 if (cmd == SCSI_WRITE_10 || cmd == SCSI_WRITE_12 || cmd == SCSI_WRITE_AND_VERIFY_10)
1713 {
1714 uint8_t aModeSenseCmd[10];
1715 uint8_t aModeSenseResult[16];
1716 uint8_t uDummySense;
1717 uint32_t cbTransfer;
1718 int rc;
1719
1720 cbTransfer = sizeof(aModeSenseResult);
1721 aModeSenseCmd[0] = SCSI_MODE_SENSE_10;
1722 aModeSenseCmd[1] = 0x08; /* disable block descriptor = 1 */
1723 aModeSenseCmd[2] = (SCSI_PAGECONTROL_CURRENT << 6) | SCSI_MODEPAGE_WRITE_PARAMETER;
1724 aModeSenseCmd[3] = 0; /* subpage code */
1725 aModeSenseCmd[4] = 0; /* reserved */
1726 aModeSenseCmd[5] = 0; /* reserved */
1727 aModeSenseCmd[6] = 0; /* reserved */
1728 aModeSenseCmd[7] = cbTransfer >> 8;
1729 aModeSenseCmd[8] = cbTransfer & 0xff;
1730 aModeSenseCmd[9] = 0; /* control */
1731 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aModeSenseCmd, PDMBLOCKTXDIR_FROM_DEVICE, aModeSenseResult, &cbTransfer, &uDummySense, 500);
1732 if (RT_FAILURE(rc))
1733 {
1734 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_NONE);
1735 return;
1736 }
1737 /* Select sector size based on the current data block type. */
1738 switch (aModeSenseResult[12] & 0x0f)
1739 {
1740 case 0:
1741 s->cbATAPISector = 2352;
1742 break;
1743 case 1:
1744 s->cbATAPISector = 2368;
1745 break;
1746 case 2:
1747 case 3:
1748 s->cbATAPISector = 2448;
1749 break;
1750 case 8:
1751 case 10:
1752 s->cbATAPISector = 2048;
1753 break;
1754 case 9:
1755 s->cbATAPISector = 2336;
1756 break;
1757 case 11:
1758 s->cbATAPISector = 2056;
1759 break;
1760 case 12:
1761 s->cbATAPISector = 2324;
1762 break;
1763 case 13:
1764 s->cbATAPISector = 2332;
1765 break;
1766 default:
1767 s->cbATAPISector = 0;
1768 }
1769 Log2(("%s: sector size %d\n", __FUNCTION__, s->cbATAPISector));
1770 s->cbTotalTransfer *= s->cbATAPISector;
1771 if (s->cbTotalTransfer == 0)
1772 s->uTxDir = PDMBLOCKTXDIR_NONE;
1773 }
1774 }
1775#endif
1776 atapiCmdBT(s);
1777}
1778
1779
1780static bool atapiReadSS(ATADevState *s)
1781{
1782 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1783 int rc = VINF_SUCCESS;
1784 uint32_t cbTransfer, cSectors;
1785
1786 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
1787 cbTransfer = RT_MIN(s->cbTotalTransfer, s->cbIOBuffer);
1788 cSectors = cbTransfer / s->cbATAPISector;
1789 Assert(cSectors * s->cbATAPISector <= cbTransfer);
1790 Log(("%s: %d sectors at LBA %d\n", __FUNCTION__, cSectors, s->iATAPILBA));
1791
1792 PDMCritSectLeave(&pCtl->lock);
1793
1794 STAM_PROFILE_ADV_START(&s->StatReads, r);
1795 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1796 switch (s->cbATAPISector)
1797 {
1798 case 2048:
1799 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)s->iATAPILBA * s->cbATAPISector, s->CTX_SUFF(pbIOBuffer), s->cbATAPISector * cSectors);
1800 break;
1801 case 2352:
1802 {
1803 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1804
1805 for (uint32_t i = s->iATAPILBA; i < s->iATAPILBA + cSectors; i++)
1806 {
1807 /* Sync bytes, see 4.2.3.8 CD Main Channel Block Formats */
1808 *pbBuf++ = 0x00;
1809 memset(pbBuf, 0xff, 10);
1810 pbBuf += 10;
1811 *pbBuf++ = 0x00;
1812 /* MSF */
1813 ataLBA2MSF(pbBuf, i);
1814 pbBuf += 3;
1815 *pbBuf++ = 0x01; /* mode 1 data */
1816 /* data */
1817 rc = s->pDrvBlock->pfnRead(s->pDrvBlock, (uint64_t)i * 2048, pbBuf, 2048);
1818 if (RT_FAILURE(rc))
1819 break;
1820 pbBuf += 2048;
1821 /**
1822 * @todo: maybe compute ECC and parity, layout is:
1823 * 2072 4 EDC
1824 * 2076 172 P parity symbols
1825 * 2248 104 Q parity symbols
1826 */
1827 memset(pbBuf, 0, 280);
1828 pbBuf += 280;
1829 }
1830 }
1831 break;
1832 default:
1833 break;
1834 }
1835 s->Led.Actual.s.fReading = 0;
1836 STAM_PROFILE_ADV_STOP(&s->StatReads, r);
1837
1838 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1839 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1840 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1841
1842 if (RT_SUCCESS(rc))
1843 {
1844 STAM_REL_COUNTER_ADD(&s->StatBytesRead, s->cbATAPISector * cSectors);
1845
1846 /* The initial buffer end value has been set up based on the total
1847 * transfer size. But the I/O buffer size limits what can actually be
1848 * done in one transfer, so set the actual value of the buffer end. */
1849 s->cbElementaryTransfer = cbTransfer;
1850 if (cbTransfer >= s->cbTotalTransfer)
1851 s->iSourceSink = ATAFN_SS_NULL;
1852 atapiCmdOK(s);
1853 s->iATAPILBA += cSectors;
1854 }
1855 else
1856 {
1857 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1858 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM read error, %d sectors at LBA %d\n", s->iLUN, cSectors, s->iATAPILBA));
1859
1860 /*
1861 * Check if we got interrupted. We don't need to set status variables
1862 * because the request was aborted.
1863 */
1864 if (rc != VERR_INTERRUPTED)
1865 atapiCmdErrorSimple(s, SCSI_SENSE_MEDIUM_ERROR, SCSI_ASC_READ_ERROR);
1866 }
1867 return false;
1868}
1869
1870/**
1871 * Sets the given media track type.
1872 */
1873static uint32_t ataMediumTypeSet(ATADevState *s, uint32_t MediaTrackType)
1874{
1875 return ASMAtomicXchgU32(&s->MediaTrackType, MediaTrackType);
1876}
1877
1878static bool atapiPassthroughSS(ATADevState *s)
1879{
1880 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
1881 int rc = VINF_SUCCESS;
1882 uint8_t abATAPISense[ATAPI_SENSE_SIZE];
1883 uint32_t cbTransfer;
1884 PSTAMPROFILEADV pProf = NULL;
1885
1886 cbTransfer = s->cbElementaryTransfer;
1887
1888 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE)
1889 Log3(("ATAPI PT data write (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
1890
1891 /* Simple heuristics: if there is at least one sector of data
1892 * to transfer, it's worth updating the LEDs. */
1893 if (cbTransfer >= 2048)
1894 {
1895 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
1896 {
1897 s->Led.Asserted.s.fReading = s->Led.Actual.s.fReading = 1;
1898 pProf = &s->StatReads;
1899 }
1900 else
1901 {
1902 s->Led.Asserted.s.fWriting = s->Led.Actual.s.fWriting = 1;
1903 pProf = &s->StatWrites;
1904 }
1905 }
1906
1907 PDMCritSectLeave(&pCtl->lock);
1908
1909 if (pProf) { STAM_PROFILE_ADV_START(pProf, b); }
1910 if (cbTransfer > SCSI_MAX_BUFFER_SIZE)
1911 {
1912 /* Linux accepts commands with up to 100KB of data, but expects
1913 * us to handle commands with up to 128KB of data. The usual
1914 * imbalance of powers. */
1915 uint8_t aATAPICmd[ATAPI_PACKET_SIZE];
1916 uint32_t iATAPILBA, cSectors, cReqSectors, cbCurrTX;
1917 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
1918
1919 switch (s->aATAPICmd[0])
1920 {
1921 case SCSI_READ_10:
1922 case SCSI_WRITE_10:
1923 case SCSI_WRITE_AND_VERIFY_10:
1924 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1925 cSectors = ataBE2H_U16(s->aATAPICmd + 7);
1926 break;
1927 case SCSI_READ_12:
1928 case SCSI_WRITE_12:
1929 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1930 cSectors = ataBE2H_U32(s->aATAPICmd + 6);
1931 break;
1932 case SCSI_READ_CD:
1933 iATAPILBA = ataBE2H_U32(s->aATAPICmd + 2);
1934 cSectors = ataBE2H_U24(s->aATAPICmd + 6);
1935 break;
1936 case SCSI_READ_CD_MSF:
1937 iATAPILBA = ataMSF2LBA(s->aATAPICmd + 3);
1938 cSectors = ataMSF2LBA(s->aATAPICmd + 6) - iATAPILBA;
1939 break;
1940 default:
1941 AssertMsgFailed(("Don't know how to split command %#04x\n", s->aATAPICmd[0]));
1942 if (s->cErrors++ < MAX_LOG_REL_ERRORS)
1943 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough split error\n", s->iLUN));
1944 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
1945 {
1946 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1947 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1948 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1949 }
1950 return false;
1951 }
1952 memcpy(aATAPICmd, s->aATAPICmd, ATAPI_PACKET_SIZE);
1953 cReqSectors = 0;
1954 for (uint32_t i = cSectors; i > 0; i -= cReqSectors)
1955 {
1956 if (i * s->cbATAPISector > SCSI_MAX_BUFFER_SIZE)
1957 cReqSectors = SCSI_MAX_BUFFER_SIZE / s->cbATAPISector;
1958 else
1959 cReqSectors = i;
1960 cbCurrTX = s->cbATAPISector * cReqSectors;
1961 switch (s->aATAPICmd[0])
1962 {
1963 case SCSI_READ_10:
1964 case SCSI_WRITE_10:
1965 case SCSI_WRITE_AND_VERIFY_10:
1966 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1967 ataH2BE_U16(aATAPICmd + 7, cReqSectors);
1968 break;
1969 case SCSI_READ_12:
1970 case SCSI_WRITE_12:
1971 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1972 ataH2BE_U32(aATAPICmd + 6, cReqSectors);
1973 break;
1974 case SCSI_READ_CD:
1975 ataH2BE_U32(aATAPICmd + 2, iATAPILBA);
1976 ataH2BE_U24(aATAPICmd + 6, cReqSectors);
1977 break;
1978 case SCSI_READ_CD_MSF:
1979 ataLBA2MSF(aATAPICmd + 3, iATAPILBA);
1980 ataLBA2MSF(aATAPICmd + 6, iATAPILBA + cReqSectors);
1981 break;
1982 }
1983 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1984 if (rc != VINF_SUCCESS)
1985 break;
1986 iATAPILBA += cReqSectors;
1987 pbBuf += s->cbATAPISector * cReqSectors;
1988 }
1989 }
1990 else
1991 rc = s->pDrvBlock->pfnSendCmd(s->pDrvBlock, s->aATAPICmd, (PDMBLOCKTXDIR)s->uTxDir, s->CTX_SUFF(pbIOBuffer), &cbTransfer, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);
1992 if (pProf) { STAM_PROFILE_ADV_STOP(pProf, b); }
1993
1994 STAM_PROFILE_START(&pCtl->StatLockWait, a);
1995 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
1996 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
1997
1998 /* Update the LEDs and the read/write statistics. */
1999 if (cbTransfer >= 2048)
2000 {
2001 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
2002 {
2003 s->Led.Actual.s.fReading = 0;
2004 STAM_REL_COUNTER_ADD(&s->StatBytesRead, cbTransfer);
2005 }
2006 else
2007 {
2008 s->Led.Actual.s.fWriting = 0;
2009 STAM_REL_COUNTER_ADD(&s->StatBytesWritten, cbTransfer);
2010 }
2011 }
2012
2013 if (RT_SUCCESS(rc))
2014 {
2015 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
2016 {
2017 Assert(cbTransfer <= s->cbTotalTransfer);
2018 /* Reply with the same amount of data as the real drive. */
2019 s->cbTotalTransfer = cbTransfer;
2020 /* The initial buffer end value has been set up based on the total
2021 * transfer size. But the I/O buffer size limits what can actually be
2022 * done in one transfer, so set the actual value of the buffer end. */
2023 s->cbElementaryTransfer = cbTransfer;
2024 if (s->aATAPICmd[0] == SCSI_INQUIRY)
2025 {
2026 /* Make sure that the real drive cannot be identified.
2027 * Motivation: changing the VM configuration should be as
2028 * invisible as possible to the guest. */
2029 Log3(("ATAPI PT inquiry data before (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2030 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 8, "VBOX", 8);
2031 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 16, "CD-ROM", 16);
2032 ataSCSIPadStr(s->CTX_SUFF(pbIOBuffer) + 32, "1.0", 4);
2033 }
2034 else if (s->aATAPICmd[0] == SCSI_READ_TOC_PMA_ATIP)
2035 {
2036 /* Set the media type if we can detect it. */
2037 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2038
2039 /** @todo: Implemented only for formatted TOC now. */
2040 if ( (s->aATAPICmd[1] & 0xf) == 0
2041 && cbTransfer >= 6)
2042 {
2043 uint32_t NewMediaType;
2044 uint32_t OldMediaType;
2045
2046 if (pbBuf[5] & 0x4)
2047 NewMediaType = ATA_MEDIA_TYPE_DATA;
2048 else
2049 NewMediaType = ATA_MEDIA_TYPE_CDDA;
2050
2051 OldMediaType = ataMediumTypeSet(s, NewMediaType);
2052
2053 if (OldMediaType != NewMediaType)
2054 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough, detected %s CD\n",
2055 s->iLUN,
2056 NewMediaType == ATA_MEDIA_TYPE_DATA
2057 ? "data"
2058 : "audio"));
2059 }
2060 else /* Play safe and set to unknown. */
2061 ataMediumTypeSet(s, ATA_MEDIA_TYPE_UNKNOWN);
2062 }
2063 if (cbTransfer)
2064 Log3(("ATAPI PT data read (%d): %.*Rhxs\n", cbTransfer, cbTransfer, s->CTX_SUFF(pbIOBuffer)));
2065 }
2066 s->iSourceSink = ATAFN_SS_NULL;
2067 atapiCmdOK(s);
2068 }
2069 else
2070 {
2071 if (s->cErrors < MAX_LOG_REL_ERRORS)
2072 {
2073 uint8_t u8Cmd = s->aATAPICmd[0];
2074 do
2075 {
2076 /* don't log superfluous errors */
2077 if ( rc == VERR_DEV_IO_ERROR
2078 && ( u8Cmd == SCSI_TEST_UNIT_READY
2079 || u8Cmd == SCSI_READ_CAPACITY
2080 || u8Cmd == SCSI_READ_DVD_STRUCTURE
2081 || u8Cmd == SCSI_READ_TOC_PMA_ATIP))
2082 break;
2083 s->cErrors++;
2084 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough cmd=%#04x sense=%d ASC=%#02x ASCQ=%#02x %Rrc\n",
2085 s->iLUN, u8Cmd, abATAPISense[2] & 0x0f, abATAPISense[12], abATAPISense[13], rc));
2086 } while (0);
2087 }
2088 atapiCmdError(s, abATAPISense, sizeof(abATAPISense));
2089 }
2090 return false;
2091}
2092
2093/** @todo: Revise ASAP. */
2094static bool atapiReadDVDStructureSS(ATADevState *s)
2095{
2096 uint8_t *buf = s->CTX_SUFF(pbIOBuffer);
2097 int media = s->aATAPICmd[1];
2098 int format = s->aATAPICmd[7];
2099
2100 uint16_t max_len = ataBE2H_U16(&s->aATAPICmd[8]);
2101
2102 memset(buf, 0, max_len);
2103
2104 switch (format) {
2105 case 0x00:
2106 case 0x01:
2107 case 0x02:
2108 case 0x03:
2109 case 0x04:
2110 case 0x05:
2111 case 0x06:
2112 case 0x07:
2113 case 0x08:
2114 case 0x09:
2115 case 0x0a:
2116 case 0x0b:
2117 case 0x0c:
2118 case 0x0d:
2119 case 0x0e:
2120 case 0x0f:
2121 case 0x10:
2122 case 0x11:
2123 case 0x30:
2124 case 0x31:
2125 case 0xff:
2126 if (media == 0)
2127 {
2128 int uASC = SCSI_ASC_NONE;
2129
2130 switch (format)
2131 {
2132 case 0x0: /* Physical format information */
2133 {
2134 int layer = s->aATAPICmd[6];
2135 uint64_t total_sectors;
2136
2137 if (layer != 0)
2138 {
2139 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2140 break;
2141 }
2142
2143 total_sectors = s->cTotalSectors;
2144 total_sectors >>= 2;
2145 if (total_sectors == 0)
2146 {
2147 uASC = -SCSI_ASC_MEDIUM_NOT_PRESENT;
2148 break;
2149 }
2150
2151 buf[4] = 1; /* DVD-ROM, part version 1 */
2152 buf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
2153 buf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
2154 buf[7] = 0; /* default densities */
2155
2156 /* FIXME: 0x30000 per spec? */
2157 ataH2BE_U32(buf + 8, 0); /* start sector */
2158 ataH2BE_U32(buf + 12, total_sectors - 1); /* end sector */
2159 ataH2BE_U32(buf + 16, total_sectors - 1); /* l0 end sector */
2160
2161 /* Size of buffer, not including 2 byte size field */
2162 ataH2BE_U32(&buf[0], 2048 + 2);
2163
2164 /* 2k data + 4 byte header */
2165 uASC = (2048 + 4);
2166 }
2167 break;
2168 case 0x01: /* DVD copyright information */
2169 buf[4] = 0; /* no copyright data */
2170 buf[5] = 0; /* no region restrictions */
2171
2172 /* Size of buffer, not including 2 byte size field */
2173 ataH2BE_U16(buf, 4 + 2);
2174
2175 /* 4 byte header + 4 byte data */
2176 uASC = (4 + 4);
2177
2178 case 0x03: /* BCA information - invalid field for no BCA info */
2179 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2180 break;
2181
2182 case 0x04: /* DVD disc manufacturing information */
2183 /* Size of buffer, not including 2 byte size field */
2184 ataH2BE_U16(buf, 2048 + 2);
2185
2186 /* 2k data + 4 byte header */
2187 uASC = (2048 + 4);
2188 break;
2189 case 0xff:
2190 /*
2191 * This lists all the command capabilities above. Add new ones
2192 * in order and update the length and buffer return values.
2193 */
2194
2195 buf[4] = 0x00; /* Physical format */
2196 buf[5] = 0x40; /* Not writable, is readable */
2197 ataH2BE_U16((buf + 6), 2048 + 4);
2198
2199 buf[8] = 0x01; /* Copyright info */
2200 buf[9] = 0x40; /* Not writable, is readable */
2201 ataH2BE_U16((buf + 10), 4 + 4);
2202
2203 buf[12] = 0x03; /* BCA info */
2204 buf[13] = 0x40; /* Not writable, is readable */
2205 ataH2BE_U16((buf + 14), 188 + 4);
2206
2207 buf[16] = 0x04; /* Manufacturing info */
2208 buf[17] = 0x40; /* Not writable, is readable */
2209 ataH2BE_U16((buf + 18), 2048 + 4);
2210
2211 /* Size of buffer, not including 2 byte size field */
2212 ataH2BE_U16(buf, 16 + 2);
2213
2214 /* data written + 4 byte header */
2215 uASC = (16 + 4);
2216 break;
2217 default: /* TODO: formats beyond DVD-ROM requires */
2218 uASC = -SCSI_ASC_INV_FIELD_IN_CMD_PACKET;
2219 }
2220
2221 if (uASC < 0)
2222 {
2223 s->iSourceSink = ATAFN_SS_NULL;
2224 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, -uASC);
2225 return false;
2226 }
2227 break;
2228 }
2229 /* TODO: BD support, fall through for now */
2230
2231 /* Generic disk structures */
2232 case 0x80: /* TODO: AACS volume identifier */
2233 case 0x81: /* TODO: AACS media serial number */
2234 case 0x82: /* TODO: AACS media identifier */
2235 case 0x83: /* TODO: AACS media key block */
2236 case 0x90: /* TODO: List of recognized format layers */
2237 case 0xc0: /* TODO: Write protection status */
2238 default:
2239 s->iSourceSink = ATAFN_SS_NULL;
2240 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST,
2241 SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2242 return false;
2243 }
2244
2245 s->iSourceSink = ATAFN_SS_NULL;
2246 atapiCmdOK(s);
2247 return false;
2248}
2249
2250static bool atapiReadSectors(ATADevState *s, uint32_t iATAPILBA, uint32_t cSectors, uint32_t cbSector)
2251{
2252 Assert(cSectors > 0);
2253 s->iATAPILBA = iATAPILBA;
2254 s->cbATAPISector = cbSector;
2255 ataStartTransfer(s, cSectors * cbSector, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ, true);
2256 return false;
2257}
2258
2259
2260static bool atapiReadCapacitySS(ATADevState *s)
2261{
2262 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2263
2264 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2265 Assert(s->cbElementaryTransfer <= 8);
2266 ataH2BE_U32(pbBuf, s->cTotalSectors - 1);
2267 ataH2BE_U32(pbBuf + 4, 2048);
2268 s->iSourceSink = ATAFN_SS_NULL;
2269 atapiCmdOK(s);
2270 return false;
2271}
2272
2273
2274static bool atapiReadDiscInformationSS(ATADevState *s)
2275{
2276 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2277
2278 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2279 Assert(s->cbElementaryTransfer <= 34);
2280 memset(pbBuf, '\0', 34);
2281 ataH2BE_U16(pbBuf, 32);
2282 pbBuf[2] = (0 << 4) | (3 << 2) | (2 << 0); /* not erasable, complete session, complete disc */
2283 pbBuf[3] = 1; /* number of first track */
2284 pbBuf[4] = 1; /* number of sessions (LSB) */
2285 pbBuf[5] = 1; /* first track number in last session (LSB) */
2286 pbBuf[6] = 1; /* last track number in last session (LSB) */
2287 pbBuf[7] = (0 << 7) | (0 << 6) | (1 << 5) | (0 << 2) | (0 << 0); /* disc id not valid, disc bar code not valid, unrestricted use, not dirty, not RW medium */
2288 pbBuf[8] = 0; /* disc type = CD-ROM */
2289 pbBuf[9] = 0; /* number of sessions (MSB) */
2290 pbBuf[10] = 0; /* number of sessions (MSB) */
2291 pbBuf[11] = 0; /* number of sessions (MSB) */
2292 ataH2BE_U32(pbBuf + 16, 0x00ffffff); /* last session lead-in start time is not available */
2293 ataH2BE_U32(pbBuf + 20, 0x00ffffff); /* last possible start time for lead-out is not available */
2294 s->iSourceSink = ATAFN_SS_NULL;
2295 atapiCmdOK(s);
2296 return false;
2297}
2298
2299
2300static bool atapiReadTrackInformationSS(ATADevState *s)
2301{
2302 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2303
2304 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2305 Assert(s->cbElementaryTransfer <= 36);
2306 /* Accept address/number type of 1 only, and only track 1 exists. */
2307 if ((s->aATAPICmd[1] & 0x03) != 1 || ataBE2H_U32(&s->aATAPICmd[2]) != 1)
2308 {
2309 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2310 return false;
2311 }
2312 memset(pbBuf, '\0', 36);
2313 ataH2BE_U16(pbBuf, 34);
2314 pbBuf[2] = 1; /* track number (LSB) */
2315 pbBuf[3] = 1; /* session number (LSB) */
2316 pbBuf[5] = (0 << 5) | (0 << 4) | (4 << 0); /* not damaged, primary copy, data track */
2317 pbBuf[6] = (0 << 7) | (0 << 6) | (0 << 5) | (0 << 6) | (1 << 0); /* not reserved track, not blank, not packet writing, not fixed packet, data mode 1 */
2318 pbBuf[7] = (0 << 1) | (0 << 0); /* last recorded address not valid, next recordable address not valid */
2319 ataH2BE_U32(pbBuf + 8, 0); /* track start address is 0 */
2320 ataH2BE_U32(pbBuf + 24, s->cTotalSectors); /* track size */
2321 pbBuf[32] = 0; /* track number (MSB) */
2322 pbBuf[33] = 0; /* session number (MSB) */
2323 s->iSourceSink = ATAFN_SS_NULL;
2324 atapiCmdOK(s);
2325 return false;
2326}
2327
2328static size_t atapiGetConfigurationFillFeatureListProfiles(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2329{
2330 if (cbBuf < 3*4)
2331 return 0;
2332
2333 ataH2BE_U16(pbBuf, 0x0); /* feature 0: list of profiles supported */
2334 pbBuf[2] = (0 << 2) | (1 << 1) | (1 || 0); /* version 0, persistent, current */
2335 pbBuf[3] = 8; /* additional bytes for profiles */
2336 /* The MMC-3 spec says that DVD-ROM read capability should be reported
2337 * before CD-ROM read capability. */
2338 ataH2BE_U16(pbBuf + 4, 0x10); /* profile: read-only DVD */
2339 pbBuf[6] = (0 << 0); /* NOT current profile */
2340 ataH2BE_U16(pbBuf + 8, 0x08); /* profile: read only CD */
2341 pbBuf[10] = (1 << 0); /* current profile */
2342
2343 return 3*4; /* Header + 2 profiles entries */
2344}
2345
2346static size_t atapiGetConfigurationFillFeatureCore(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2347{
2348 if (cbBuf < 12)
2349 return 0;
2350
2351 ataH2BE_U16(pbBuf, 0x1); /* feature 0001h: Core Feature */
2352 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2353 pbBuf[3] = 8; /* Additional length */
2354 ataH2BE_U16(pbBuf + 4, 0x00000002); /* Physical interface ATAPI. */
2355 pbBuf[8] = RT_BIT(0); /* DBE */
2356 /* Rest is reserved. */
2357
2358 return 12;
2359}
2360
2361static size_t atapiGetConfigurationFillFeatureMorphing(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2362{
2363 if (cbBuf < 8)
2364 return 0;
2365
2366 ataH2BE_U16(pbBuf, 0x2); /* feature 0002h: Morphing Feature */
2367 pbBuf[2] = (0x1 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2368 pbBuf[3] = 4; /* Additional length */
2369 pbBuf[4] = RT_BIT(1) | 0x0; /* OCEvent | !ASYNC */
2370 /* Rest is reserved. */
2371
2372 return 8;
2373}
2374
2375static size_t atapiGetConfigurationFillFeatureRemovableMedium(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2376{
2377 if (cbBuf < 8)
2378 return 0;
2379
2380 ataH2BE_U16(pbBuf, 0x3); /* feature 0003h: Removable Medium Feature */
2381 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2382 pbBuf[3] = 4; /* Additional length */
2383 /* Tray type loading | Load | Eject | !Pvnt Jmpr | !DBML | Lock */
2384 pbBuf[4] = (0x2 << 5) | RT_BIT(4) | RT_BIT(3) | (0x0 << 2) | (0x0 << 1) | RT_BIT(0);
2385 /* Rest is reserved. */
2386
2387 return 8;
2388}
2389
2390static size_t atapiGetConfigurationFillFeatureRandomReadable(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2391{
2392 if (cbBuf < 12)
2393 return 0;
2394
2395 ataH2BE_U16(pbBuf, 0x10); /* feature 0010h: Random Readable Feature */
2396 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2397 pbBuf[3] = 8; /* Additional length */
2398 ataH2BE_U32(pbBuf + 4, 2048); /* Logical block size. */
2399 ataH2BE_U16(pbBuf + 8, 0x10); /* Blocking (0x10 for DVD, CD is not defined). */
2400 pbBuf[10] = 0; /* PP not present */
2401 /* Rest is reserved. */
2402
2403 return 12;
2404}
2405
2406static size_t atapiGetConfigurationFillFeatureCDRead(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2407{
2408 if (cbBuf < 8)
2409 return 0;
2410
2411 ataH2BE_U16(pbBuf, 0x1e); /* feature 001Eh: CD Read Feature */
2412 pbBuf[2] = (0x2 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2413 pbBuf[3] = 0; /* Additional length */
2414 pbBuf[4] = (0x0 << 7) | (0x0 << 1) | 0x0; /* !DAP | !C2-Flags | !CD-Text. */
2415 /* Rest is reserved. */
2416
2417 return 8;
2418}
2419
2420static size_t atapiGetConfigurationFillFeaturePowerManagement(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2421{
2422 if (cbBuf < 4)
2423 return 0;
2424
2425 ataH2BE_U16(pbBuf, 0x100); /* feature 0100h: Power Management Feature */
2426 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2427 pbBuf[3] = 0; /* Additional length */
2428
2429 return 4;
2430}
2431
2432static size_t atapiGetConfigurationFillFeatureTimeout(ATADevState *s, uint8_t *pbBuf, size_t cbBuf)
2433{
2434 if (cbBuf < 8)
2435 return 0;
2436
2437 ataH2BE_U16(pbBuf, 0x105); /* feature 0105h: Timeout Feature */
2438 pbBuf[2] = (0x0 << 2) | RT_BIT(1) | RT_BIT(0); /* Version | Persistent | Current */
2439 pbBuf[3] = 4; /* Additional length */
2440 pbBuf[4] = 0x0; /* !Group3 */
2441
2442 return 8;
2443}
2444
2445static bool atapiGetConfigurationSS(ATADevState *s)
2446{
2447 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2448 size_t cbBuf = s->cbIOBuffer;
2449 size_t cbCopied = 0;
2450 uint16_t u16Sfn = ataBE2H_U16(&s->aATAPICmd[2]);
2451
2452 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2453 Assert(s->cbElementaryTransfer <= 80);
2454 /* Accept valid request types only, and only starting feature 0. */
2455 if ((s->aATAPICmd[1] & 0x03) == 3 || u16Sfn != 0)
2456 {
2457 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2458 return false;
2459 }
2460 memset(pbBuf, '\0', cbBuf);
2461 /** @todo implement switching between CD-ROM and DVD-ROM profile (the only
2462 * way to differentiate them right now is based on the image size). */
2463 if (s->cTotalSectors)
2464 ataH2BE_U16(pbBuf + 6, 0x08); /* current profile: read-only CD */
2465 else
2466 ataH2BE_U16(pbBuf + 6, 0x00); /* current profile: none -> no media */
2467 cbBuf -= 8;
2468 pbBuf += 8;
2469
2470 cbCopied = atapiGetConfigurationFillFeatureListProfiles(s, pbBuf, cbBuf);
2471 cbBuf -= cbCopied;
2472 pbBuf += cbCopied;
2473
2474 cbCopied = atapiGetConfigurationFillFeatureCore(s, pbBuf, cbBuf);
2475 cbBuf -= cbCopied;
2476 pbBuf += cbCopied;
2477
2478 cbCopied = atapiGetConfigurationFillFeatureMorphing(s, pbBuf, cbBuf);
2479 cbBuf -= cbCopied;
2480 pbBuf += cbCopied;
2481
2482 cbCopied = atapiGetConfigurationFillFeatureRemovableMedium(s, pbBuf, cbBuf);
2483 cbBuf -= cbCopied;
2484 pbBuf += cbCopied;
2485
2486 cbCopied = atapiGetConfigurationFillFeatureRandomReadable(s, pbBuf, cbBuf);
2487 cbBuf -= cbCopied;
2488 pbBuf += cbCopied;
2489
2490 cbCopied = atapiGetConfigurationFillFeatureCDRead(s, pbBuf, cbBuf);
2491 cbBuf -= cbCopied;
2492 pbBuf += cbCopied;
2493
2494 cbCopied = atapiGetConfigurationFillFeaturePowerManagement(s, pbBuf, cbBuf);
2495 cbBuf -= cbCopied;
2496 pbBuf += cbCopied;
2497
2498 cbCopied = atapiGetConfigurationFillFeatureTimeout(s, pbBuf, cbBuf);
2499 cbBuf -= cbCopied;
2500 pbBuf += cbCopied;
2501
2502 /* Set data length now - the field is not included in the final length. */
2503 ataH2BE_U32(s->CTX_SUFF(pbIOBuffer), s->cbIOBuffer - cbBuf - 4);
2504
2505 /* Other profiles we might want to add in the future: 0x40 (BD-ROM) and 0x50 (HDDVD-ROM) */
2506 s->iSourceSink = ATAFN_SS_NULL;
2507 atapiCmdOK(s);
2508 return false;
2509}
2510
2511
2512static bool atapiGetEventStatusNotificationSS(ATADevState *s)
2513{
2514 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2515
2516 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2517 Assert(s->cbElementaryTransfer <= 8);
2518
2519 if (!(s->aATAPICmd[1] & 1))
2520 {
2521 /* no asynchronous operation supported */
2522 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2523 return false;
2524 }
2525
2526 uint32_t OldStatus, NewStatus;
2527 do
2528 {
2529 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
2530 NewStatus = ATA_EVENT_STATUS_UNCHANGED;
2531 switch (OldStatus)
2532 {
2533 case ATA_EVENT_STATUS_MEDIA_NEW:
2534 /* mount */
2535 ataH2BE_U16(pbBuf + 0, 6);
2536 pbBuf[2] = 0x04; /* media */
2537 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2538 pbBuf[4] = 0x02; /* new medium */
2539 pbBuf[5] = 0x02; /* medium present / door closed */
2540 pbBuf[6] = 0x00;
2541 pbBuf[7] = 0x00;
2542 break;
2543
2544 case ATA_EVENT_STATUS_MEDIA_CHANGED:
2545 case ATA_EVENT_STATUS_MEDIA_REMOVED:
2546 /* umount */
2547 ataH2BE_U16(pbBuf + 0, 6);
2548 pbBuf[2] = 0x04; /* media */
2549 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2550 pbBuf[4] = 0x03; /* media removal */
2551 pbBuf[5] = 0x00; /* medium absent / door closed */
2552 pbBuf[6] = 0x00;
2553 pbBuf[7] = 0x00;
2554 if (OldStatus == ATA_EVENT_STATUS_MEDIA_CHANGED)
2555 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
2556 break;
2557
2558 case ATA_EVENT_STATUS_MEDIA_EJECT_REQUESTED: /* currently unused */
2559 ataH2BE_U16(pbBuf + 0, 6);
2560 pbBuf[2] = 0x04; /* media */
2561 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2562 pbBuf[4] = 0x01; /* eject requested (eject button pressed) */
2563 pbBuf[5] = 0x02; /* medium present / door closed */
2564 pbBuf[6] = 0x00;
2565 pbBuf[7] = 0x00;
2566 break;
2567
2568 case ATA_EVENT_STATUS_UNCHANGED:
2569 default:
2570 ataH2BE_U16(pbBuf + 0, 6);
2571 pbBuf[2] = 0x01; /* operational change request / notification */
2572 pbBuf[3] = 0x5e; /* supported = busy|media|external|power|operational */
2573 pbBuf[4] = 0x00;
2574 pbBuf[5] = 0x00;
2575 pbBuf[6] = 0x00;
2576 pbBuf[7] = 0x00;
2577 break;
2578 }
2579 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
2580
2581 s->iSourceSink = ATAFN_SS_NULL;
2582 atapiCmdOK(s);
2583 return false;
2584}
2585
2586
2587static bool atapiInquirySS(ATADevState *s)
2588{
2589 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2590
2591 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2592 Assert(s->cbElementaryTransfer <= 36);
2593 pbBuf[0] = 0x05; /* CD-ROM */
2594 pbBuf[1] = 0x80; /* removable */
2595#if 1/*ndef VBOX*/ /** @todo implement MESN + AENC. (async notification on removal and stuff.) */
2596 pbBuf[2] = 0x00; /* ISO */
2597 pbBuf[3] = 0x21; /* ATAPI-2 (XXX: put ATAPI-4 ?) */
2598#else
2599 pbBuf[2] = 0x00; /* ISO */
2600 pbBuf[3] = 0x91; /* format 1, MESN=1, AENC=9 ??? */
2601#endif
2602 pbBuf[4] = 31; /* additional length */
2603 pbBuf[5] = 0; /* reserved */
2604 pbBuf[6] = 0; /* reserved */
2605 pbBuf[7] = 0; /* reserved */
2606 ataSCSIPadStr(pbBuf + 8, s->szInquiryVendorId, 8);
2607 ataSCSIPadStr(pbBuf + 16, s->szInquiryProductId, 16);
2608 ataSCSIPadStr(pbBuf + 32, s->szInquiryRevision, 4);
2609 s->iSourceSink = ATAFN_SS_NULL;
2610 atapiCmdOK(s);
2611 return false;
2612}
2613
2614
2615static bool atapiModeSenseErrorRecoverySS(ATADevState *s)
2616{
2617 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2618
2619 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2620 Assert(s->cbElementaryTransfer <= 16);
2621 ataH2BE_U16(&pbBuf[0], 16 + 6);
2622 pbBuf[2] = 0x70;
2623 pbBuf[3] = 0;
2624 pbBuf[4] = 0;
2625 pbBuf[5] = 0;
2626 pbBuf[6] = 0;
2627 pbBuf[7] = 0;
2628
2629 pbBuf[8] = 0x01;
2630 pbBuf[9] = 0x06;
2631 pbBuf[10] = 0x00;
2632 pbBuf[11] = 0x05;
2633 pbBuf[12] = 0x00;
2634 pbBuf[13] = 0x00;
2635 pbBuf[14] = 0x00;
2636 pbBuf[15] = 0x00;
2637 s->iSourceSink = ATAFN_SS_NULL;
2638 atapiCmdOK(s);
2639 return false;
2640}
2641
2642
2643static bool atapiModeSenseCDStatusSS(ATADevState *s)
2644{
2645 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2646
2647 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2648 Assert(s->cbElementaryTransfer <= 40);
2649 ataH2BE_U16(&pbBuf[0], 38);
2650 pbBuf[2] = 0x70;
2651 pbBuf[3] = 0;
2652 pbBuf[4] = 0;
2653 pbBuf[5] = 0;
2654 pbBuf[6] = 0;
2655 pbBuf[7] = 0;
2656
2657 pbBuf[8] = 0x2a;
2658 pbBuf[9] = 30; /* page length */
2659 pbBuf[10] = 0x08; /* DVD-ROM read support */
2660 pbBuf[11] = 0x00; /* no write support */
2661 /* The following claims we support audio play. This is obviously false,
2662 * but the Linux generic CDROM support makes many features depend on this
2663 * capability. If it's not set, this causes many things to be disabled. */
2664 pbBuf[12] = 0x71; /* multisession support, mode 2 form 1/2 support, audio play */
2665 pbBuf[13] = 0x00; /* no subchannel reads supported */
2666 pbBuf[14] = (1 << 0) | (1 << 3) | (1 << 5); /* lock supported, eject supported, tray type loading mechanism */
2667 if (s->pDrvMount->pfnIsLocked(s->pDrvMount))
2668 pbBuf[14] |= 1 << 1; /* report lock state */
2669 pbBuf[15] = 0; /* no subchannel reads supported, no separate audio volume control, no changer etc. */
2670 ataH2BE_U16(&pbBuf[16], 5632); /* (obsolete) claim 32x speed support */
2671 ataH2BE_U16(&pbBuf[18], 2); /* number of audio volume levels */
2672 ataH2BE_U16(&pbBuf[20], s->cbIOBuffer / _1K); /* buffer size supported in Kbyte */
2673 ataH2BE_U16(&pbBuf[22], 5632); /* (obsolete) current read speed 32x */
2674 pbBuf[24] = 0; /* reserved */
2675 pbBuf[25] = 0; /* reserved for digital audio (see idx 15) */
2676 ataH2BE_U16(&pbBuf[26], 0); /* (obsolete) maximum write speed */
2677 ataH2BE_U16(&pbBuf[28], 0); /* (obsolete) current write speed */
2678 ataH2BE_U16(&pbBuf[30], 0); /* copy management revision supported 0=no CSS */
2679 pbBuf[32] = 0; /* reserved */
2680 pbBuf[33] = 0; /* reserved */
2681 pbBuf[34] = 0; /* reserved */
2682 pbBuf[35] = 1; /* rotation control CAV */
2683 ataH2BE_U16(&pbBuf[36], 0); /* current write speed */
2684 ataH2BE_U16(&pbBuf[38], 0); /* number of write speed performance descriptors */
2685 s->iSourceSink = ATAFN_SS_NULL;
2686 atapiCmdOK(s);
2687 return false;
2688}
2689
2690
2691static bool atapiRequestSenseSS(ATADevState *s)
2692{
2693 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2694
2695 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2696 memset(pbBuf, '\0', s->cbElementaryTransfer);
2697 memcpy(pbBuf, s->abATAPISense, RT_MIN(s->cbElementaryTransfer, sizeof(s->abATAPISense)));
2698 s->iSourceSink = ATAFN_SS_NULL;
2699 atapiCmdOK(s);
2700 return false;
2701}
2702
2703
2704static bool atapiMechanismStatusSS(ATADevState *s)
2705{
2706 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2707
2708 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2709 Assert(s->cbElementaryTransfer <= 8);
2710 ataH2BE_U16(pbBuf, 0);
2711 /* no current LBA */
2712 pbBuf[2] = 0;
2713 pbBuf[3] = 0;
2714 pbBuf[4] = 0;
2715 pbBuf[5] = 1;
2716 ataH2BE_U16(pbBuf + 6, 0);
2717 s->iSourceSink = ATAFN_SS_NULL;
2718 atapiCmdOK(s);
2719 return false;
2720}
2721
2722
2723static bool atapiReadTOCNormalSS(ATADevState *s)
2724{
2725 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2726 bool fMSF;
2727 uint32_t cbSize;
2728
2729 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2730 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2731 iStartTrack = s->aATAPICmd[6];
2732 if (iStartTrack > 1 && iStartTrack != 0xaa)
2733 {
2734 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
2735 return false;
2736 }
2737 q = pbBuf + 2;
2738 *q++ = 1; /* first session */
2739 *q++ = 1; /* last session */
2740 if (iStartTrack <= 1)
2741 {
2742 *q++ = 0; /* reserved */
2743 *q++ = 0x14; /* ADR, control */
2744 *q++ = 1; /* track number */
2745 *q++ = 0; /* reserved */
2746 if (fMSF)
2747 {
2748 *q++ = 0; /* reserved */
2749 ataLBA2MSF(q, 0);
2750 q += 3;
2751 }
2752 else
2753 {
2754 /* sector 0 */
2755 ataH2BE_U32(q, 0);
2756 q += 4;
2757 }
2758 }
2759 /* lead out track */
2760 *q++ = 0; /* reserved */
2761 *q++ = 0x14; /* ADR, control */
2762 *q++ = 0xaa; /* track number */
2763 *q++ = 0; /* reserved */
2764 if (fMSF)
2765 {
2766 *q++ = 0; /* reserved */
2767 ataLBA2MSF(q, s->cTotalSectors);
2768 q += 3;
2769 }
2770 else
2771 {
2772 ataH2BE_U32(q, s->cTotalSectors);
2773 q += 4;
2774 }
2775 cbSize = q - pbBuf;
2776 ataH2BE_U16(pbBuf, cbSize - 2);
2777 if (cbSize < s->cbTotalTransfer)
2778 s->cbTotalTransfer = cbSize;
2779 s->iSourceSink = ATAFN_SS_NULL;
2780 atapiCmdOK(s);
2781 return false;
2782}
2783
2784
2785static bool atapiReadTOCMultiSS(ATADevState *s)
2786{
2787 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer);
2788 bool fMSF;
2789
2790 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2791 Assert(s->cbElementaryTransfer <= 12);
2792 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2793 /* multi session: only a single session defined */
2794/** @todo double-check this stuff against what a real drive says for a CD-ROM (not a CD-R) with only a single data session. Maybe solve the problem with "cdrdao read-toc" not being able to figure out whether numbers are in BCD or hex. */
2795 memset(pbBuf, 0, 12);
2796 pbBuf[1] = 0x0a;
2797 pbBuf[2] = 0x01;
2798 pbBuf[3] = 0x01;
2799 pbBuf[5] = 0x14; /* ADR, control */
2800 pbBuf[6] = 1; /* first track in last complete session */
2801 if (fMSF)
2802 {
2803 pbBuf[8] = 0; /* reserved */
2804 ataLBA2MSF(&pbBuf[9], 0);
2805 }
2806 else
2807 {
2808 /* sector 0 */
2809 ataH2BE_U32(pbBuf + 8, 0);
2810 }
2811 s->iSourceSink = ATAFN_SS_NULL;
2812 atapiCmdOK(s);
2813 return false;
2814}
2815
2816
2817static bool atapiReadTOCRawSS(ATADevState *s)
2818{
2819 uint8_t *pbBuf = s->CTX_SUFF(pbIOBuffer), *q, iStartTrack;
2820 bool fMSF;
2821 uint32_t cbSize;
2822
2823 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
2824 fMSF = (s->aATAPICmd[1] >> 1) & 1;
2825 iStartTrack = s->aATAPICmd[6];
2826
2827 q = pbBuf + 2;
2828 *q++ = 1; /* first session */
2829 *q++ = 1; /* last session */
2830
2831 *q++ = 1; /* session number */
2832 *q++ = 0x14; /* data track */
2833 *q++ = 0; /* track number */
2834 *q++ = 0xa0; /* first track in program area */
2835 *q++ = 0; /* min */
2836 *q++ = 0; /* sec */
2837 *q++ = 0; /* frame */
2838 *q++ = 0;
2839 *q++ = 1; /* first track */
2840 *q++ = 0x00; /* disk type CD-DA or CD data */
2841 *q++ = 0;
2842
2843 *q++ = 1; /* session number */
2844 *q++ = 0x14; /* data track */
2845 *q++ = 0; /* track number */
2846 *q++ = 0xa1; /* last track in program area */
2847 *q++ = 0; /* min */
2848 *q++ = 0; /* sec */
2849 *q++ = 0; /* frame */
2850 *q++ = 0;
2851 *q++ = 1; /* last track */
2852 *q++ = 0;
2853 *q++ = 0;
2854
2855 *q++ = 1; /* session number */
2856 *q++ = 0x14; /* data track */
2857 *q++ = 0; /* track number */
2858 *q++ = 0xa2; /* lead-out */
2859 *q++ = 0; /* min */
2860 *q++ = 0; /* sec */
2861 *q++ = 0; /* frame */
2862 if (fMSF)
2863 {
2864 *q++ = 0; /* reserved */
2865 ataLBA2MSF(q, s->cTotalSectors);
2866 q += 3;
2867 }
2868 else
2869 {
2870 ataH2BE_U32(q, s->cTotalSectors);
2871 q += 4;
2872 }
2873
2874 *q++ = 1; /* session number */
2875 *q++ = 0x14; /* ADR, control */
2876 *q++ = 0; /* track number */
2877 *q++ = 1; /* point */
2878 *q++ = 0; /* min */
2879 *q++ = 0; /* sec */
2880 *q++ = 0; /* frame */
2881 if (fMSF)
2882 {
2883 *q++ = 0; /* reserved */
2884 ataLBA2MSF(q, 0);
2885 q += 3;
2886 }
2887 else
2888 {
2889 /* sector 0 */
2890 ataH2BE_U32(q, 0);
2891 q += 4;
2892 }
2893
2894 cbSize = q - pbBuf;
2895 ataH2BE_U16(pbBuf, cbSize - 2);
2896 if (cbSize < s->cbTotalTransfer)
2897 s->cbTotalTransfer = cbSize;
2898 s->iSourceSink = ATAFN_SS_NULL;
2899 atapiCmdOK(s);
2900 return false;
2901}
2902
2903
2904static void atapiParseCmdVirtualATAPI(ATADevState *s)
2905{
2906 const uint8_t *pbPacket;
2907 uint8_t *pbBuf;
2908 uint32_t cbMax;
2909
2910 pbPacket = s->aATAPICmd;
2911 pbBuf = s->CTX_SUFF(pbIOBuffer);
2912 switch (pbPacket[0])
2913 {
2914 case SCSI_TEST_UNIT_READY:
2915 if (s->cNotifiedMediaChange > 0)
2916 {
2917 if (s->cNotifiedMediaChange-- > 2)
2918 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2919 else
2920 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2921 }
2922 else if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2923 atapiCmdOK(s);
2924 else
2925 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2926 break;
2927 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
2928 cbMax = ataBE2H_U16(pbPacket + 7);
2929 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
2930 break;
2931 case SCSI_MODE_SENSE_10:
2932 {
2933 uint8_t uPageControl, uPageCode;
2934 cbMax = ataBE2H_U16(pbPacket + 7);
2935 uPageControl = pbPacket[2] >> 6;
2936 uPageCode = pbPacket[2] & 0x3f;
2937 switch (uPageControl)
2938 {
2939 case SCSI_PAGECONTROL_CURRENT:
2940 switch (uPageCode)
2941 {
2942 case SCSI_MODEPAGE_ERROR_RECOVERY:
2943 ataStartTransfer(s, RT_MIN(cbMax, 16), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_ERROR_RECOVERY, true);
2944 break;
2945 case SCSI_MODEPAGE_CD_STATUS:
2946 ataStartTransfer(s, RT_MIN(cbMax, 40), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MODE_SENSE_CD_STATUS, true);
2947 break;
2948 default:
2949 goto error_cmd;
2950 }
2951 break;
2952 case SCSI_PAGECONTROL_CHANGEABLE:
2953 goto error_cmd;
2954 case SCSI_PAGECONTROL_DEFAULT:
2955 goto error_cmd;
2956 default:
2957 case SCSI_PAGECONTROL_SAVED:
2958 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_SAVING_PARAMETERS_NOT_SUPPORTED);
2959 break;
2960 }
2961 }
2962 break;
2963 case SCSI_REQUEST_SENSE:
2964 cbMax = pbPacket[4];
2965 ataStartTransfer(s, RT_MIN(cbMax, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
2966 break;
2967 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
2968 if (s->pDrvMount->pfnIsMounted(s->pDrvMount))
2969 {
2970 if (pbPacket[4] & 1)
2971 s->pDrvMount->pfnLock(s->pDrvMount);
2972 else
2973 s->pDrvMount->pfnUnlock(s->pDrvMount);
2974 atapiCmdOK(s);
2975 }
2976 else
2977 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2978 break;
2979 case SCSI_READ_10:
2980 case SCSI_READ_12:
2981 {
2982 uint32_t cSectors, iATAPILBA;
2983
2984 if (s->cNotifiedMediaChange > 0)
2985 {
2986 s->cNotifiedMediaChange-- ;
2987 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
2988 break;
2989 }
2990 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
2991 {
2992 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
2993 break;
2994 }
2995 if (pbPacket[0] == SCSI_READ_10)
2996 cSectors = ataBE2H_U16(pbPacket + 7);
2997 else
2998 cSectors = ataBE2H_U32(pbPacket + 6);
2999 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3000 if (cSectors == 0)
3001 {
3002 atapiCmdOK(s);
3003 break;
3004 }
3005 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3006 {
3007 /* Rate limited logging, one log line per second. For
3008 * guests that insist on reading from places outside the
3009 * valid area this often generates too many release log
3010 * entries otherwise. */
3011 static uint64_t uLastLogTS = 0;
3012 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3013 {
3014 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3015 uLastLogTS = RTTimeMilliTS();
3016 }
3017 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3018 break;
3019 }
3020 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3021 }
3022 break;
3023 case SCSI_READ_CD:
3024 {
3025 uint32_t cSectors, iATAPILBA;
3026
3027 if (s->cNotifiedMediaChange > 0)
3028 {
3029 s->cNotifiedMediaChange-- ;
3030 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3031 break;
3032 }
3033 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3034 {
3035 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3036 break;
3037 }
3038 cSectors = (pbPacket[6] << 16) | (pbPacket[7] << 8) | pbPacket[8];
3039 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3040 if (cSectors == 0)
3041 {
3042 atapiCmdOK(s);
3043 break;
3044 }
3045 if ((uint64_t)iATAPILBA + cSectors > s->cTotalSectors)
3046 {
3047 /* Rate limited logging, one log line per second. For
3048 * guests that insist on reading from places outside the
3049 * valid area this often generates too many release log
3050 * entries otherwise. */
3051 static uint64_t uLastLogTS = 0;
3052 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3053 {
3054 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (READ CD)\n", s->iLUN, (uint64_t)iATAPILBA + cSectors));
3055 uLastLogTS = RTTimeMilliTS();
3056 }
3057 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3058 break;
3059 }
3060 switch (pbPacket[9] & 0xf8)
3061 {
3062 case 0x00:
3063 /* nothing */
3064 atapiCmdOK(s);
3065 break;
3066 case 0x10:
3067 /* normal read */
3068 atapiReadSectors(s, iATAPILBA, cSectors, 2048);
3069 break;
3070 case 0xf8:
3071 /* read all data */
3072 atapiReadSectors(s, iATAPILBA, cSectors, 2352);
3073 break;
3074 default:
3075 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM sector format not supported (%#x)\n", s->iLUN, pbPacket[9] & 0xf8));
3076 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3077 break;
3078 }
3079 }
3080 break;
3081 case SCSI_SEEK_10:
3082 {
3083 uint32_t iATAPILBA;
3084 if (s->cNotifiedMediaChange > 0)
3085 {
3086 s->cNotifiedMediaChange-- ;
3087 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3088 break;
3089 }
3090 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3091 {
3092 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3093 break;
3094 }
3095 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3096 if (iATAPILBA > s->cTotalSectors)
3097 {
3098 /* Rate limited logging, one log line per second. For
3099 * guests that insist on seeking to places outside the
3100 * valid area this often generates too many release log
3101 * entries otherwise. */
3102 static uint64_t uLastLogTS = 0;
3103 if (RTTimeMilliTS() >= uLastLogTS + 1000)
3104 {
3105 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM block number %Ld invalid (SEEK)\n", s->iLUN, (uint64_t)iATAPILBA));
3106 uLastLogTS = RTTimeMilliTS();
3107 }
3108 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_LOGICAL_BLOCK_OOR);
3109 break;
3110 }
3111 atapiCmdOK(s);
3112 ataSetStatus(s, ATA_STAT_SEEK); /* Linux expects this. */
3113 }
3114 break;
3115 case SCSI_START_STOP_UNIT:
3116 {
3117 int rc = VINF_SUCCESS;
3118 switch (pbPacket[4] & 3)
3119 {
3120 case 0: /* 00 - Stop motor */
3121 case 1: /* 01 - Start motor */
3122 break;
3123 case 2: /* 10 - Eject media */
3124 /* This must be done from EMT. */
3125 {
3126 PATACONTROLLER pCtl = ATADEVSTATE_2_CONTROLLER(s);
3127 PPDMDEVINS pDevIns = ATADEVSTATE_2_DEVINS(s);
3128
3129 PDMCritSectLeave(&pCtl->lock);
3130 rc = VMR3ReqCallWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
3131 (PFNRT)s->pDrvMount->pfnUnmount, 3,
3132 s->pDrvMount /*=fForce*/, true /*=fEject*/);
3133 Assert(RT_SUCCESS(rc) || (rc == VERR_PDM_MEDIA_LOCKED) || (rc = VERR_PDM_MEDIA_NOT_MOUNTED));
3134 {
3135 STAM_PROFILE_START(&pCtl->StatLockWait, a);
3136 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
3137 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
3138 }
3139 }
3140 break;
3141 case 3: /* 11 - Load media */
3142 /** @todo rc = s->pDrvMount->pfnLoadMedia(s->pDrvMount) */
3143 break;
3144 }
3145 if (RT_SUCCESS(rc))
3146 atapiCmdOK(s);
3147 else
3148 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIA_LOAD_OR_EJECT_FAILED);
3149 }
3150 break;
3151 case SCSI_MECHANISM_STATUS:
3152 {
3153 cbMax = ataBE2H_U16(pbPacket + 8);
3154 ataStartTransfer(s, RT_MIN(cbMax, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_MECHANISM_STATUS, true);
3155 }
3156 break;
3157 case SCSI_READ_TOC_PMA_ATIP:
3158 {
3159 uint8_t format;
3160
3161 if (s->cNotifiedMediaChange > 0)
3162 {
3163 s->cNotifiedMediaChange-- ;
3164 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3165 break;
3166 }
3167 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3168 {
3169 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3170 break;
3171 }
3172 cbMax = ataBE2H_U16(pbPacket + 7);
3173 /* SCSI MMC-3 spec says format is at offset 2 (lower 4 bits),
3174 * but Linux kernel uses offset 9 (topmost 2 bits). Hope that
3175 * the other field is clear... */
3176 format = (pbPacket[2] & 0xf) | (pbPacket[9] >> 6);
3177 switch (format)
3178 {
3179 case 0:
3180 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_NORMAL, true);
3181 break;
3182 case 1:
3183 ataStartTransfer(s, RT_MIN(cbMax, 12), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_MULTI, true);
3184 break;
3185 case 2:
3186 ataStartTransfer(s, cbMax, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TOC_RAW, true);
3187 break;
3188 default:
3189 error_cmd:
3190 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3191 break;
3192 }
3193 }
3194 break;
3195 case SCSI_READ_CAPACITY:
3196 if (s->cNotifiedMediaChange > 0)
3197 {
3198 s->cNotifiedMediaChange-- ;
3199 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3200 break;
3201 }
3202 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3203 {
3204 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3205 break;
3206 }
3207 ataStartTransfer(s, 8, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_CAPACITY, true);
3208 break;
3209 case SCSI_READ_DISC_INFORMATION:
3210 if (s->cNotifiedMediaChange > 0)
3211 {
3212 s->cNotifiedMediaChange-- ;
3213 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3214 break;
3215 }
3216 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3217 {
3218 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3219 break;
3220 }
3221 cbMax = ataBE2H_U16(pbPacket + 7);
3222 ataStartTransfer(s, RT_MIN(cbMax, 34), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DISC_INFORMATION, true);
3223 break;
3224 case SCSI_READ_TRACK_INFORMATION:
3225 if (s->cNotifiedMediaChange > 0)
3226 {
3227 s->cNotifiedMediaChange-- ;
3228 atapiCmdErrorSimple(s, SCSI_SENSE_UNIT_ATTENTION, SCSI_ASC_MEDIUM_MAY_HAVE_CHANGED); /* media changed */
3229 break;
3230 }
3231 else if (!s->pDrvMount->pfnIsMounted(s->pDrvMount))
3232 {
3233 atapiCmdErrorSimple(s, SCSI_SENSE_NOT_READY, SCSI_ASC_MEDIUM_NOT_PRESENT);
3234 break;
3235 }
3236 cbMax = ataBE2H_U16(pbPacket + 7);
3237 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_TRACK_INFORMATION, true);
3238 break;
3239 case SCSI_GET_CONFIGURATION:
3240 /* No media change stuff here, it can confuse Linux guests. */
3241 cbMax = ataBE2H_U16(pbPacket + 7);
3242 ataStartTransfer(s, RT_MIN(cbMax, 80), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_CONFIGURATION, true);
3243 break;
3244 case SCSI_INQUIRY:
3245 cbMax = ataBE2H_U16(pbPacket + 3);
3246 ataStartTransfer(s, RT_MIN(cbMax, 36), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_INQUIRY, true);
3247 break;
3248 case SCSI_READ_DVD_STRUCTURE:
3249 {
3250 cbMax = ataBE2H_U16(pbPacket + 8);
3251 ataStartTransfer(s, RT_MIN(cbMax, 4), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_READ_DVD_STRUCTURE, true);
3252 break;
3253 }
3254 default:
3255 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3256 break;
3257 }
3258}
3259
3260
3261/*
3262 * Parse ATAPI commands, passing them directly to the CD/DVD drive.
3263 */
3264static void atapiParseCmdPassthrough(ATADevState *s)
3265{
3266 const uint8_t *pbPacket;
3267 uint8_t *pbBuf;
3268 uint32_t cSectors, iATAPILBA;
3269 uint32_t cbTransfer = 0;
3270 PDMBLOCKTXDIR uTxDir = PDMBLOCKTXDIR_NONE;
3271
3272 pbPacket = s->aATAPICmd;
3273 pbBuf = s->CTX_SUFF(pbIOBuffer);
3274 switch (pbPacket[0])
3275 {
3276 case SCSI_BLANK:
3277 goto sendcmd;
3278 case SCSI_CLOSE_TRACK_SESSION:
3279 goto sendcmd;
3280 case SCSI_ERASE_10:
3281 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3282 cbTransfer = ataBE2H_U16(pbPacket + 7);
3283 Log2(("ATAPI PT: lba %d\n", iATAPILBA));
3284 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3285 goto sendcmd;
3286 case SCSI_FORMAT_UNIT:
3287 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3288 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3289 goto sendcmd;
3290 case SCSI_GET_CONFIGURATION:
3291 cbTransfer = ataBE2H_U16(pbPacket + 7);
3292 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3293 goto sendcmd;
3294 case SCSI_GET_EVENT_STATUS_NOTIFICATION:
3295 cbTransfer = ataBE2H_U16(pbPacket + 7);
3296 if (ASMAtomicReadU32(&s->MediaEventStatus) != ATA_EVENT_STATUS_UNCHANGED)
3297 {
3298 ataStartTransfer(s, RT_MIN(cbTransfer, 8), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_GET_EVENT_STATUS_NOTIFICATION, true);
3299 break;
3300 }
3301 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3302 goto sendcmd;
3303 case SCSI_GET_PERFORMANCE:
3304 cbTransfer = s->uATARegLCyl | (s->uATARegHCyl << 8); /* use ATAPI transfer length */
3305 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3306 goto sendcmd;
3307 case SCSI_INQUIRY:
3308 cbTransfer = ataBE2H_U16(pbPacket + 3);
3309 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3310 goto sendcmd;
3311 case SCSI_LOAD_UNLOAD_MEDIUM:
3312 goto sendcmd;
3313 case SCSI_MECHANISM_STATUS:
3314 cbTransfer = ataBE2H_U16(pbPacket + 8);
3315 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3316 goto sendcmd;
3317 case SCSI_MODE_SELECT_10:
3318 cbTransfer = ataBE2H_U16(pbPacket + 7);
3319 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3320 goto sendcmd;
3321 case SCSI_MODE_SENSE_10:
3322 cbTransfer = ataBE2H_U16(pbPacket + 7);
3323 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3324 goto sendcmd;
3325 case SCSI_PAUSE_RESUME:
3326 goto sendcmd;
3327 case SCSI_PLAY_AUDIO_10:
3328 goto sendcmd;
3329 case SCSI_PLAY_AUDIO_12:
3330 goto sendcmd;
3331 case SCSI_PLAY_AUDIO_MSF:
3332 goto sendcmd;
3333 case SCSI_PREVENT_ALLOW_MEDIUM_REMOVAL:
3334 /** @todo do not forget to unlock when a VM is shut down */
3335 goto sendcmd;
3336 case SCSI_READ_10:
3337 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3338 cSectors = ataBE2H_U16(pbPacket + 7);
3339 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3340 s->cbATAPISector = 2048;
3341 cbTransfer = cSectors * s->cbATAPISector;
3342 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3343 goto sendcmd;
3344 case SCSI_READ_12:
3345 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3346 cSectors = ataBE2H_U32(pbPacket + 6);
3347 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3348 s->cbATAPISector = 2048;
3349 cbTransfer = cSectors * s->cbATAPISector;
3350 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3351 goto sendcmd;
3352 case SCSI_READ_BUFFER:
3353 cbTransfer = ataBE2H_U24(pbPacket + 6);
3354 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3355 goto sendcmd;
3356 case SCSI_READ_BUFFER_CAPACITY:
3357 cbTransfer = ataBE2H_U16(pbPacket + 7);
3358 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3359 goto sendcmd;
3360 case SCSI_READ_CAPACITY:
3361 cbTransfer = 8;
3362 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3363 goto sendcmd;
3364 case SCSI_READ_CD:
3365 case SCSI_READ_CD_MSF:
3366 {
3367 /* Get sector size based on the expected sector type field. */
3368 switch ((pbPacket[1] >> 2) & 0x7)
3369 {
3370 case 0x0: /* All types. */
3371 if (ASMAtomicReadU32(&s->MediaTrackType) == ATA_MEDIA_TYPE_CDDA)
3372 s->cbATAPISector = 2352;
3373 else
3374 s->cbATAPISector = 2048; /* Might be incorrect if we couldn't determine the type. */
3375 break;
3376 case 0x1: /* CD-DA */
3377 s->cbATAPISector = 2352;
3378 break;
3379 case 0x2: /* Mode 1 */
3380 s->cbATAPISector = 2048;
3381 break;
3382 case 0x3: /* Mode 2 formless */
3383 s->cbATAPISector = 2336;
3384 break;
3385 case 0x4: /* Mode 2 form 1 */
3386 s->cbATAPISector = 2048;
3387 break;
3388 case 0x5: /* Mode 2 form 2 */
3389 s->cbATAPISector = 2324;
3390 break;
3391 default: /* Reserved */
3392 AssertMsgFailed(("Unknown sector type\n"));
3393 s->cbATAPISector = 0; /** @todo we should probably fail the command here already. */
3394 }
3395
3396 if (pbPacket[0] == SCSI_READ_CD)
3397 cbTransfer = ataBE2H_U24(pbPacket + 6) * s->cbATAPISector;
3398 else /* SCSI_READ_MSF */
3399 {
3400 cSectors = ataMSF2LBA(pbPacket + 6) - ataMSF2LBA(pbPacket + 3);
3401 if (cSectors > 32)
3402 cSectors = 32; /* Limit transfer size to 64~74K. Safety first. In any case this can only harm software doing CDDA extraction. */
3403 cbTransfer = cSectors * s->cbATAPISector;
3404 }
3405 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3406 goto sendcmd;
3407 }
3408 case SCSI_READ_DISC_INFORMATION:
3409 cbTransfer = ataBE2H_U16(pbPacket + 7);
3410 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3411 goto sendcmd;
3412 case SCSI_READ_DVD_STRUCTURE:
3413 cbTransfer = ataBE2H_U16(pbPacket + 8);
3414 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3415 goto sendcmd;
3416 case SCSI_READ_FORMAT_CAPACITIES:
3417 cbTransfer = ataBE2H_U16(pbPacket + 7);
3418 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3419 goto sendcmd;
3420 case SCSI_READ_SUBCHANNEL:
3421 cbTransfer = ataBE2H_U16(pbPacket + 7);
3422 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3423 goto sendcmd;
3424 case SCSI_READ_TOC_PMA_ATIP:
3425 cbTransfer = ataBE2H_U16(pbPacket + 7);
3426 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3427 goto sendcmd;
3428 case SCSI_READ_TRACK_INFORMATION:
3429 cbTransfer = ataBE2H_U16(pbPacket + 7);
3430 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3431 goto sendcmd;
3432 case SCSI_REPAIR_TRACK:
3433 goto sendcmd;
3434 case SCSI_REPORT_KEY:
3435 cbTransfer = ataBE2H_U16(pbPacket + 8);
3436 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3437 goto sendcmd;
3438 case SCSI_REQUEST_SENSE:
3439 cbTransfer = pbPacket[4];
3440 if ((s->abATAPISense[2] & 0x0f) != SCSI_SENSE_NONE)
3441 {
3442 ataStartTransfer(s, RT_MIN(cbTransfer, 18), PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_ATAPI_CMD, ATAFN_SS_ATAPI_REQUEST_SENSE, true);
3443 break;
3444 }
3445 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3446 goto sendcmd;
3447 case SCSI_RESERVE_TRACK:
3448 goto sendcmd;
3449 case SCSI_SCAN:
3450 goto sendcmd;
3451 case SCSI_SEEK_10:
3452 goto sendcmd;
3453 case SCSI_SEND_CUE_SHEET:
3454 cbTransfer = ataBE2H_U24(pbPacket + 6);
3455 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3456 goto sendcmd;
3457 case SCSI_SEND_DVD_STRUCTURE:
3458 cbTransfer = ataBE2H_U16(pbPacket + 8);
3459 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3460 goto sendcmd;
3461 case SCSI_SEND_EVENT:
3462 cbTransfer = ataBE2H_U16(pbPacket + 8);
3463 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3464 goto sendcmd;
3465 case SCSI_SEND_KEY:
3466 cbTransfer = ataBE2H_U16(pbPacket + 8);
3467 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3468 goto sendcmd;
3469 case SCSI_SEND_OPC_INFORMATION:
3470 cbTransfer = ataBE2H_U16(pbPacket + 7);
3471 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3472 goto sendcmd;
3473 case SCSI_SET_CD_SPEED:
3474 goto sendcmd;
3475 case SCSI_SET_READ_AHEAD:
3476 goto sendcmd;
3477 case SCSI_SET_STREAMING:
3478 cbTransfer = ataBE2H_U16(pbPacket + 9);
3479 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3480 goto sendcmd;
3481 case SCSI_START_STOP_UNIT:
3482 goto sendcmd;
3483 case SCSI_STOP_PLAY_SCAN:
3484 goto sendcmd;
3485 case SCSI_SYNCHRONIZE_CACHE:
3486 goto sendcmd;
3487 case SCSI_TEST_UNIT_READY:
3488 goto sendcmd;
3489 case SCSI_VERIFY_10:
3490 goto sendcmd;
3491 case SCSI_WRITE_10:
3492 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3493 cSectors = ataBE2H_U16(pbPacket + 7);
3494 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3495#if 0
3496 /* The sector size is determined by the async I/O thread. */
3497 s->cbATAPISector = 0;
3498 /* Preliminary, will be corrected once the sector size is known. */
3499 cbTransfer = cSectors;
3500#else
3501 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3502 cbTransfer = cSectors * s->cbATAPISector;
3503#endif
3504 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3505 goto sendcmd;
3506 case SCSI_WRITE_12:
3507 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3508 cSectors = ataBE2H_U32(pbPacket + 6);
3509 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3510#if 0
3511 /* The sector size is determined by the async I/O thread. */
3512 s->cbATAPISector = 0;
3513 /* Preliminary, will be corrected once the sector size is known. */
3514 cbTransfer = cSectors;
3515#else
3516 s->cbATAPISector = 2048; /**< @todo this size is not always correct */
3517 cbTransfer = cSectors * s->cbATAPISector;
3518#endif
3519 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3520 goto sendcmd;
3521 case SCSI_WRITE_AND_VERIFY_10:
3522 iATAPILBA = ataBE2H_U32(pbPacket + 2);
3523 cSectors = ataBE2H_U16(pbPacket + 7);
3524 Log2(("ATAPI PT: lba %d sectors %d\n", iATAPILBA, cSectors));
3525 /* The sector size is determined by the async I/O thread. */
3526 s->cbATAPISector = 0;
3527 /* Preliminary, will be corrected once the sector size is known. */
3528 cbTransfer = cSectors;
3529 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3530 goto sendcmd;
3531 case SCSI_WRITE_BUFFER:
3532 switch (pbPacket[1] & 0x1f)
3533 {
3534 case 0x04: /* download microcode */
3535 case 0x05: /* download microcode and save */
3536 case 0x06: /* download microcode with offsets */
3537 case 0x07: /* download microcode with offsets and save */
3538 case 0x0e: /* download microcode with offsets and defer activation */
3539 case 0x0f: /* activate deferred microcode */
3540 LogRel(("PIIX3 ATA: LUN#%d: CD-ROM passthrough command attempted to update firmware, blocked\n", s->iLUN));
3541 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_INV_FIELD_IN_CMD_PACKET);
3542 break;
3543 default:
3544 cbTransfer = ataBE2H_U16(pbPacket + 6);
3545 uTxDir = PDMBLOCKTXDIR_TO_DEVICE;
3546 goto sendcmd;
3547 }
3548 break;
3549 case SCSI_REPORT_LUNS: /* Not part of MMC-3, but used by Windows. */
3550 cbTransfer = ataBE2H_U32(pbPacket + 6);
3551 uTxDir = PDMBLOCKTXDIR_FROM_DEVICE;
3552 goto sendcmd;
3553 case SCSI_REZERO_UNIT:
3554 /* Obsolete command used by cdrecord. What else would one expect?
3555 * This command is not sent to the drive, it is handled internally,
3556 * as the Linux kernel doesn't like it (message "scsi: unknown
3557 * opcode 0x01" in syslog) and replies with a sense code of 0,
3558 * which sends cdrecord to an endless loop. */
3559 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3560 break;
3561 default:
3562 LogRel(("PIIX3 ATA: LUN#%d: passthrough unimplemented for command %#x\n", s->iLUN, pbPacket[0]));
3563 atapiCmdErrorSimple(s, SCSI_SENSE_ILLEGAL_REQUEST, SCSI_ASC_ILLEGAL_OPCODE);
3564 break;
3565 sendcmd:
3566 /* Send a command to the drive, passing data in/out as required. */
3567 Log2(("ATAPI PT: max size %d\n", cbTransfer));
3568 Assert(cbTransfer <= s->cbIOBuffer);
3569 if (cbTransfer == 0)
3570 uTxDir = PDMBLOCKTXDIR_NONE;
3571 ataStartTransfer(s, cbTransfer, uTxDir, ATAFN_BT_ATAPI_PASSTHROUGH_CMD, ATAFN_SS_ATAPI_PASSTHROUGH, true);
3572 }
3573}
3574
3575
3576static void atapiParseCmd(ATADevState *s)
3577{
3578 const uint8_t *pbPacket;
3579
3580 pbPacket = s->aATAPICmd;
3581#ifdef DEBUG
3582 Log(("%s: LUN#%d DMA=%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0], SCSICmdText(pbPacket[0])));
3583#else /* !DEBUG */
3584 Log(("%s: LUN#%d DMA=%d CMD=%#04x\n", __FUNCTION__, s->iLUN, s->fDMA, pbPacket[0]));
3585#endif /* !DEBUG */
3586 Log2(("%s: limit=%#x packet: %.*Rhxs\n", __FUNCTION__, s->uATARegLCyl | (s->uATARegHCyl << 8), ATAPI_PACKET_SIZE, pbPacket));
3587
3588 if (s->fATAPIPassthrough)
3589 atapiParseCmdPassthrough(s);
3590 else
3591 atapiParseCmdVirtualATAPI(s);
3592}
3593
3594
3595static bool ataPacketSS(ATADevState *s)
3596{
3597 s->fDMA = !!(s->uATARegFeature & 1);
3598 memcpy(s->aATAPICmd, s->CTX_SUFF(pbIOBuffer), ATAPI_PACKET_SIZE);
3599 s->uTxDir = PDMBLOCKTXDIR_NONE;
3600 s->cbTotalTransfer = 0;
3601 s->cbElementaryTransfer = 0;
3602 atapiParseCmd(s);
3603 return false;
3604}
3605
3606
3607/**
3608 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium removed" event
3609 * from now on, regardless if there was a medium inserted or not.
3610 */
3611static void ataMediumRemoved(ATADevState *s)
3612{
3613 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_MEDIA_REMOVED);
3614}
3615
3616
3617/**
3618 * SCSI_GET_EVENT_STATUS_NOTIFICATION should return "medium inserted". If
3619 * there was already a medium inserted, don't forget to send the "medium
3620 * removed" event first.
3621 */
3622static void ataMediumInserted(ATADevState *s)
3623{
3624 uint32_t OldStatus, NewStatus;
3625 do
3626 {
3627 OldStatus = ASMAtomicReadU32(&s->MediaEventStatus);
3628 switch (OldStatus)
3629 {
3630 case ATA_EVENT_STATUS_MEDIA_CHANGED:
3631 case ATA_EVENT_STATUS_MEDIA_REMOVED:
3632 /* no change, we will send "medium removed" + "medium inserted" */
3633 NewStatus = ATA_EVENT_STATUS_MEDIA_CHANGED;
3634 break;
3635 default:
3636 NewStatus = ATA_EVENT_STATUS_MEDIA_NEW;
3637 break;
3638 }
3639 } while (!ASMAtomicCmpXchgU32(&s->MediaEventStatus, NewStatus, OldStatus));
3640}
3641
3642/**
3643 * Called when a media is mounted.
3644 *
3645 * @param pInterface Pointer to the interface structure containing the called function pointer.
3646 */
3647static DECLCALLBACK(void) ataMountNotify(PPDMIMOUNTNOTIFY pInterface)
3648{
3649 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3650 Log(("%s: changing LUN#%d\n", __FUNCTION__, pIf->iLUN));
3651
3652 /* Ignore the call if we're called while being attached. */
3653 if (!pIf->pDrvBlock)
3654 return;
3655
3656 if (pIf->fATAPI)
3657 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
3658 else
3659 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
3660
3661 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough unchanged\n", pIf->iLUN, pIf->cTotalSectors));
3662
3663 /* Report media changed in TEST UNIT and other (probably incorrect) places. */
3664 if (pIf->cNotifiedMediaChange < 2)
3665 pIf->cNotifiedMediaChange = 2;
3666 ataMediumInserted(pIf);
3667 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3668}
3669
3670/**
3671 * Called when a media is unmounted
3672 * @param pInterface Pointer to the interface structure containing the called function pointer.
3673 */
3674static DECLCALLBACK(void) ataUnmountNotify(PPDMIMOUNTNOTIFY pInterface)
3675{
3676 ATADevState *pIf = PDMIMOUNTNOTIFY_2_ATASTATE(pInterface);
3677 Log(("%s:\n", __FUNCTION__));
3678 pIf->cTotalSectors = 0;
3679
3680 /*
3681 * Whatever I do, XP will not use the GET MEDIA STATUS nor the EVENT stuff.
3682 * However, it will respond to TEST UNIT with a 0x6 0x28 (media changed) sense code.
3683 * So, we'll give it 4 TEST UNIT command to catch up, two which the media is not
3684 * present and 2 in which it is changed.
3685 */
3686 pIf->cNotifiedMediaChange = 4;
3687 ataMediumRemoved(pIf);
3688 ataMediumTypeSet(pIf, ATA_MEDIA_TYPE_UNKNOWN);
3689}
3690
3691static void ataPacketBT(ATADevState *s)
3692{
3693 s->cbElementaryTransfer = s->cbTotalTransfer;
3694 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_CD;
3695 Log2(("%s: interrupt reason %#04x\n", __FUNCTION__, s->uATARegNSector));
3696 ataSetStatusValue(s, ATA_STAT_READY);
3697}
3698
3699
3700static void ataResetDevice(ATADevState *s)
3701{
3702 s->cMultSectors = ATA_MAX_MULT_SECTORS;
3703 s->cNotifiedMediaChange = 0;
3704 ASMAtomicWriteU32(&s->MediaEventStatus, ATA_EVENT_STATUS_UNCHANGED);
3705 ASMAtomicWriteU32(&s->MediaTrackType, ATA_MEDIA_TYPE_UNKNOWN);
3706 ataUnsetIRQ(s);
3707
3708 s->uATARegSelect = 0x20;
3709 ataSetStatusValue(s, ATA_STAT_READY);
3710 ataSetSignature(s);
3711 s->cbTotalTransfer = 0;
3712 s->cbElementaryTransfer = 0;
3713 s->iIOBufferPIODataStart = 0;
3714 s->iIOBufferPIODataEnd = 0;
3715 s->iBeginTransfer = ATAFN_BT_NULL;
3716 s->iSourceSink = ATAFN_SS_NULL;
3717 s->fDMA = false;
3718 s->fATAPITransfer = false;
3719 s->uATATransferMode = ATA_MODE_UDMA | 2; /* PIIX3 supports only up to UDMA2 */
3720
3721 s->uATARegFeature = 0;
3722}
3723
3724
3725static bool ataExecuteDeviceDiagnosticSS(ATADevState *s)
3726{
3727 ataSetSignature(s);
3728 if (s->fATAPI)
3729 ataSetStatusValue(s, 0); /* NOTE: READY is _not_ set */
3730 else
3731 ataSetStatusValue(s, ATA_STAT_READY);
3732 s->uATARegError = 0x01;
3733 return false;
3734}
3735
3736
3737static void ataParseCmd(ATADevState *s, uint8_t cmd)
3738{
3739#ifdef DEBUG
3740 Log(("%s: LUN#%d CMD=%#04x \"%s\"\n", __FUNCTION__, s->iLUN, cmd, ATACmdText(cmd)));
3741#else /* !DEBUG */
3742 Log(("%s: LUN#%d CMD=%#04x\n", __FUNCTION__, s->iLUN, cmd));
3743#endif /* !DEBUG */
3744 s->fLBA48 = false;
3745 s->fDMA = false;
3746 if (cmd == ATA_IDLE_IMMEDIATE)
3747 {
3748 /* Detect Linux timeout recovery, first tries IDLE IMMEDIATE (which
3749 * would overwrite the failing command unfortunately), then RESET. */
3750 int32_t uCmdWait = -1;
3751 uint64_t uNow = RTTimeNanoTS();
3752 if (s->u64CmdTS)
3753 uCmdWait = (uNow - s->u64CmdTS) / 1000;
3754 LogRel(("PIIX3 ATA: LUN#%d: IDLE IMMEDIATE, CmdIf=%#04x (%d usec ago)\n",
3755 s->iLUN, s->uATARegCommand, uCmdWait));
3756 }
3757 s->uATARegCommand = cmd;
3758 switch (cmd)
3759 {
3760 case ATA_IDENTIFY_DEVICE:
3761 if (s->pDrvBlock && !s->fATAPI)
3762 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_IDENTIFY, false);
3763 else
3764 {
3765 if (s->fATAPI)
3766 ataSetSignature(s);
3767 ataCmdError(s, ABRT_ERR);
3768 ataUnsetStatus(s, ATA_STAT_READY);
3769 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3770 }
3771 break;
3772 case ATA_RECALIBRATE:
3773 if (s->fATAPI)
3774 goto abort_cmd;
3775 case ATA_INITIALIZE_DEVICE_PARAMETERS:
3776 ataCmdOK(s, ATA_STAT_SEEK);
3777 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3778 break;
3779 case ATA_SET_MULTIPLE_MODE:
3780 if ( s->uATARegNSector != 0
3781 && ( s->uATARegNSector > ATA_MAX_MULT_SECTORS
3782 || (s->uATARegNSector & (s->uATARegNSector - 1)) != 0))
3783 {
3784 ataCmdError(s, ABRT_ERR);
3785 }
3786 else
3787 {
3788 Log2(("%s: set multi sector count to %d\n", __FUNCTION__, s->uATARegNSector));
3789 s->cMultSectors = s->uATARegNSector;
3790 ataCmdOK(s, 0);
3791 }
3792 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3793 break;
3794 case ATA_READ_VERIFY_SECTORS_EXT:
3795 s->fLBA48 = true;
3796 case ATA_READ_VERIFY_SECTORS:
3797 case ATA_READ_VERIFY_SECTORS_WITHOUT_RETRIES:
3798 /* do sector number check ? */
3799 ataCmdOK(s, 0);
3800 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3801 break;
3802 case ATA_READ_SECTORS_EXT:
3803 s->fLBA48 = true;
3804 case ATA_READ_SECTORS:
3805 case ATA_READ_SECTORS_WITHOUT_RETRIES:
3806 if (!s->pDrvBlock || s->fATAPI)
3807 goto abort_cmd;
3808 s->cSectorsPerIRQ = 1;
3809 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3810 break;
3811 case ATA_WRITE_SECTORS_EXT:
3812 s->fLBA48 = true;
3813 case ATA_WRITE_SECTORS:
3814 case ATA_WRITE_SECTORS_WITHOUT_RETRIES:
3815 if (!s->pDrvBlock || s->fATAPI)
3816 goto abort_cmd;
3817 s->cSectorsPerIRQ = 1;
3818 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3819 break;
3820 case ATA_READ_MULTIPLE_EXT:
3821 s->fLBA48 = true;
3822 case ATA_READ_MULTIPLE:
3823 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
3824 goto abort_cmd;
3825 s->cSectorsPerIRQ = s->cMultSectors;
3826 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3827 break;
3828 case ATA_WRITE_MULTIPLE_EXT:
3829 s->fLBA48 = true;
3830 case ATA_WRITE_MULTIPLE:
3831 if (!s->pDrvBlock || !s->cMultSectors || s->fATAPI)
3832 goto abort_cmd;
3833 s->cSectorsPerIRQ = s->cMultSectors;
3834 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3835 break;
3836 case ATA_READ_DMA_EXT:
3837 s->fLBA48 = true;
3838 case ATA_READ_DMA:
3839 case ATA_READ_DMA_WITHOUT_RETRIES:
3840 if (!s->pDrvBlock || s->fATAPI)
3841 goto abort_cmd;
3842 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3843 s->fDMA = true;
3844 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_READ_SECTORS, false);
3845 break;
3846 case ATA_WRITE_DMA_EXT:
3847 s->fLBA48 = true;
3848 case ATA_WRITE_DMA:
3849 case ATA_WRITE_DMA_WITHOUT_RETRIES:
3850 if (!s->pDrvBlock || s->fATAPI)
3851 goto abort_cmd;
3852 s->cSectorsPerIRQ = ATA_MAX_MULT_SECTORS;
3853 s->fDMA = true;
3854 ataStartTransfer(s, ataGetNSectors(s) * 512, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_READ_WRITE_SECTORS, ATAFN_SS_WRITE_SECTORS, false);
3855 break;
3856 case ATA_READ_NATIVE_MAX_ADDRESS_EXT:
3857 s->fLBA48 = true;
3858 ataSetSector(s, s->cTotalSectors - 1);
3859 ataCmdOK(s, 0);
3860 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3861 break;
3862 case ATA_SEEK: /* Used by the SCO OpenServer. Command is marked as obsolete */
3863 ataCmdOK(s, 0);
3864 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3865 break;
3866 case ATA_READ_NATIVE_MAX_ADDRESS:
3867 ataSetSector(s, RT_MIN(s->cTotalSectors, 1 << 28) - 1);
3868 ataCmdOK(s, 0);
3869 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3870 break;
3871 case ATA_CHECK_POWER_MODE:
3872 s->uATARegNSector = 0xff; /* drive active or idle */
3873 ataCmdOK(s, 0);
3874 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3875 break;
3876 case ATA_SET_FEATURES:
3877 Log2(("%s: feature=%#x\n", __FUNCTION__, s->uATARegFeature));
3878 if (!s->pDrvBlock)
3879 goto abort_cmd;
3880 switch (s->uATARegFeature)
3881 {
3882 case 0x02: /* write cache enable */
3883 Log2(("%s: write cache enable\n", __FUNCTION__));
3884 ataCmdOK(s, ATA_STAT_SEEK);
3885 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3886 break;
3887 case 0xaa: /* read look-ahead enable */
3888 Log2(("%s: read look-ahead enable\n", __FUNCTION__));
3889 ataCmdOK(s, ATA_STAT_SEEK);
3890 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3891 break;
3892 case 0x55: /* read look-ahead disable */
3893 Log2(("%s: read look-ahead disable\n", __FUNCTION__));
3894 ataCmdOK(s, ATA_STAT_SEEK);
3895 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3896 break;
3897 case 0xcc: /* reverting to power-on defaults enable */
3898 Log2(("%s: revert to power-on defaults enable\n", __FUNCTION__));
3899 ataCmdOK(s, ATA_STAT_SEEK);
3900 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3901 break;
3902 case 0x66: /* reverting to power-on defaults disable */
3903 Log2(("%s: revert to power-on defaults disable\n", __FUNCTION__));
3904 ataCmdOK(s, ATA_STAT_SEEK);
3905 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3906 break;
3907 case 0x82: /* write cache disable */
3908 Log2(("%s: write cache disable\n", __FUNCTION__));
3909 /* As per the ATA/ATAPI-6 specs, a write cache disable
3910 * command MUST flush the write buffers to disc. */
3911 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3912 break;
3913 case 0x03: { /* set transfer mode */
3914 Log2(("%s: transfer mode %#04x\n", __FUNCTION__, s->uATARegNSector));
3915 switch (s->uATARegNSector & 0xf8)
3916 {
3917 case 0x00: /* PIO default */
3918 case 0x08: /* PIO mode */
3919 break;
3920 case ATA_MODE_MDMA: /* MDMA mode */
3921 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_MDMA_MODE_MAX);
3922 break;
3923 case ATA_MODE_UDMA: /* UDMA mode */
3924 s->uATATransferMode = (s->uATARegNSector & 0xf8) | RT_MIN(s->uATARegNSector & 0x07, ATA_UDMA_MODE_MAX);
3925 break;
3926 default:
3927 goto abort_cmd;
3928 }
3929 ataCmdOK(s, ATA_STAT_SEEK);
3930 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3931 break;
3932 }
3933 default:
3934 goto abort_cmd;
3935 }
3936 /*
3937 * OS/2 workarond:
3938 * The OS/2 IDE driver from MCP2 appears to rely on the feature register being
3939 * reset here. According to the specification, this is a driver bug as the register
3940 * contents are undefined after the call. This means we can just as well reset it.
3941 */
3942 s->uATARegFeature = 0;
3943 break;
3944 case ATA_FLUSH_CACHE_EXT:
3945 case ATA_FLUSH_CACHE:
3946 if (!s->pDrvBlock || s->fATAPI)
3947 goto abort_cmd;
3948 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_FLUSH, false);
3949 break;
3950 case ATA_STANDBY_IMMEDIATE:
3951 ataCmdOK(s, 0);
3952 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3953 break;
3954 case ATA_IDLE_IMMEDIATE:
3955 LogRel(("PIIX3 ATA: LUN#%d: aborting current command\n", s->iLUN));
3956 ataAbortCurrentCommand(s, false);
3957 break;
3958 case ATA_SLEEP:
3959 ataCmdOK(s, 0);
3960 ataSetIRQ(s);
3961 break;
3962 /* ATAPI commands */
3963 case ATA_IDENTIFY_PACKET_DEVICE:
3964 if (s->fATAPI)
3965 ataStartTransfer(s, 512, PDMBLOCKTXDIR_FROM_DEVICE, ATAFN_BT_NULL, ATAFN_SS_ATAPI_IDENTIFY, false);
3966 else
3967 {
3968 ataCmdError(s, ABRT_ERR);
3969 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3970 }
3971 break;
3972 case ATA_EXECUTE_DEVICE_DIAGNOSTIC:
3973 ataStartTransfer(s, 0, PDMBLOCKTXDIR_NONE, ATAFN_BT_NULL, ATAFN_SS_EXECUTE_DEVICE_DIAGNOSTIC, false);
3974 break;
3975 case ATA_DEVICE_RESET:
3976 if (!s->fATAPI)
3977 goto abort_cmd;
3978 LogRel(("PIIX3 ATA: LUN#%d: performing device RESET\n", s->iLUN));
3979 ataAbortCurrentCommand(s, true);
3980 break;
3981 case ATA_PACKET:
3982 if (!s->fATAPI)
3983 goto abort_cmd;
3984 /* overlapping commands not supported */
3985 if (s->uATARegFeature & 0x02)
3986 goto abort_cmd;
3987 ataStartTransfer(s, ATAPI_PACKET_SIZE, PDMBLOCKTXDIR_TO_DEVICE, ATAFN_BT_PACKET, ATAFN_SS_PACKET, false);
3988 break;
3989 default:
3990 abort_cmd:
3991 ataCmdError(s, ABRT_ERR);
3992 if (s->fATAPI)
3993 ataUnsetStatus(s, ATA_STAT_READY);
3994 ataSetIRQ(s); /* Shortcut, do not use AIO thread. */
3995 break;
3996 }
3997}
3998
3999#endif /* IN_RING3 */
4000
4001static int ataIOPortWriteU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4002{
4003 Log2(("%s: write addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4004 addr &= 7;
4005 switch (addr)
4006 {
4007 case 0:
4008 break;
4009 case 1: /* feature register */
4010 /* NOTE: data is written to the two drives */
4011 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4012 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4013 pCtl->aIfs[0].uATARegFeatureHOB = pCtl->aIfs[0].uATARegFeature;
4014 pCtl->aIfs[1].uATARegFeatureHOB = pCtl->aIfs[1].uATARegFeature;
4015 pCtl->aIfs[0].uATARegFeature = val;
4016 pCtl->aIfs[1].uATARegFeature = val;
4017 break;
4018 case 2: /* sector count */
4019 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4020 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4021 pCtl->aIfs[0].uATARegNSectorHOB = pCtl->aIfs[0].uATARegNSector;
4022 pCtl->aIfs[1].uATARegNSectorHOB = pCtl->aIfs[1].uATARegNSector;
4023 pCtl->aIfs[0].uATARegNSector = val;
4024 pCtl->aIfs[1].uATARegNSector = val;
4025 break;
4026 case 3: /* sector number */
4027 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4028 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4029 pCtl->aIfs[0].uATARegSectorHOB = pCtl->aIfs[0].uATARegSector;
4030 pCtl->aIfs[1].uATARegSectorHOB = pCtl->aIfs[1].uATARegSector;
4031 pCtl->aIfs[0].uATARegSector = val;
4032 pCtl->aIfs[1].uATARegSector = val;
4033 break;
4034 case 4: /* cylinder low */
4035 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4036 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4037 pCtl->aIfs[0].uATARegLCylHOB = pCtl->aIfs[0].uATARegLCyl;
4038 pCtl->aIfs[1].uATARegLCylHOB = pCtl->aIfs[1].uATARegLCyl;
4039 pCtl->aIfs[0].uATARegLCyl = val;
4040 pCtl->aIfs[1].uATARegLCyl = val;
4041 break;
4042 case 5: /* cylinder high */
4043 pCtl->aIfs[0].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4044 pCtl->aIfs[1].uATARegDevCtl &= ~ATA_DEVCTL_HOB;
4045 pCtl->aIfs[0].uATARegHCylHOB = pCtl->aIfs[0].uATARegHCyl;
4046 pCtl->aIfs[1].uATARegHCylHOB = pCtl->aIfs[1].uATARegHCyl;
4047 pCtl->aIfs[0].uATARegHCyl = val;
4048 pCtl->aIfs[1].uATARegHCyl = val;
4049 break;
4050 case 6: /* drive/head */
4051 pCtl->aIfs[0].uATARegSelect = (val & ~0x10) | 0xa0;
4052 pCtl->aIfs[1].uATARegSelect = (val | 0x10) | 0xa0;
4053 if (((val >> 4) & 1) != pCtl->iSelectedIf)
4054 {
4055 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4056
4057 /* select another drive */
4058 pCtl->iSelectedIf = (val >> 4) & 1;
4059 /* The IRQ line is multiplexed between the two drives, so
4060 * update the state when switching to another drive. Only need
4061 * to update interrupt line if it is enabled and there is a
4062 * state change. */
4063 if ( !(pCtl->aIfs[pCtl->iSelectedIf].uATARegDevCtl & ATA_DEVCTL_DISABLE_IRQ)
4064 && ( pCtl->aIfs[pCtl->iSelectedIf].fIrqPending
4065 != pCtl->aIfs[pCtl->iSelectedIf ^ 1].fIrqPending))
4066 {
4067 if (pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4068 {
4069 Log2(("%s: LUN#%d asserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4070 /* The BMDMA unit unconditionally sets BM_STATUS_INT if
4071 * the interrupt line is asserted. It monitors the line
4072 * for a rising edge. */
4073 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4074 if (pCtl->irq == 16)
4075 PDMDevHlpPCISetIrq(pDevIns, 0, 1);
4076 else
4077 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 1);
4078 }
4079 else
4080 {
4081 Log2(("%s: LUN#%d deasserting IRQ (drive select change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4082 if (pCtl->irq == 16)
4083 PDMDevHlpPCISetIrq(pDevIns, 0, 0);
4084 else
4085 PDMDevHlpISASetIrq(pDevIns, pCtl->irq, 0);
4086 }
4087 }
4088 }
4089 break;
4090 default:
4091 case 7: /* command */
4092 /* ignore commands to non existant slave */
4093 if (pCtl->iSelectedIf && !pCtl->aIfs[pCtl->iSelectedIf].pDrvBlock)
4094 break;
4095#ifndef IN_RING3
4096 /* Don't do anything complicated in GC */
4097 return VINF_IOM_HC_IOPORT_WRITE;
4098#else /* IN_RING3 */
4099 ataParseCmd(&pCtl->aIfs[pCtl->iSelectedIf], val);
4100#endif /* !IN_RING3 */
4101 }
4102 return VINF_SUCCESS;
4103}
4104
4105
4106static int ataIOPortReadU8(PATACONTROLLER pCtl, uint32_t addr, uint32_t *pu32)
4107{
4108 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4109 uint32_t val;
4110 bool fHOB;
4111
4112 fHOB = !!(s->uATARegDevCtl & (1 << 7));
4113 switch (addr & 7)
4114 {
4115 case 0: /* data register */
4116 val = 0xff;
4117 break;
4118 case 1: /* error register */
4119 /* The ATA specification is very terse when it comes to specifying
4120 * the precise effects of reading back the error/feature register.
4121 * The error register (read-only) shares the register number with
4122 * the feature register (write-only), so it seems that it's not
4123 * necessary to support the usual HOB readback here. */
4124 if (!s->pDrvBlock)
4125 val = 0;
4126 else
4127 val = s->uATARegError;
4128 break;
4129 case 2: /* sector count */
4130 if (!s->pDrvBlock)
4131 val = 0;
4132 else if (fHOB)
4133 val = s->uATARegNSectorHOB;
4134 else
4135 val = s->uATARegNSector;
4136 break;
4137 case 3: /* sector number */
4138 if (!s->pDrvBlock)
4139 val = 0;
4140 else if (fHOB)
4141 val = s->uATARegSectorHOB;
4142 else
4143 val = s->uATARegSector;
4144 break;
4145 case 4: /* cylinder low */
4146 if (!s->pDrvBlock)
4147 val = 0;
4148 else if (fHOB)
4149 val = s->uATARegLCylHOB;
4150 else
4151 val = s->uATARegLCyl;
4152 break;
4153 case 5: /* cylinder high */
4154 if (!s->pDrvBlock)
4155 val = 0;
4156 else if (fHOB)
4157 val = s->uATARegHCylHOB;
4158 else
4159 val = s->uATARegHCyl;
4160 break;
4161 case 6: /* drive/head */
4162 /* This register must always work as long as there is at least
4163 * one drive attached to the controller. It is common between
4164 * both drives anyway (completely identical content). */
4165 if (!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock)
4166 val = 0;
4167 else
4168 val = s->uATARegSelect;
4169 break;
4170 default:
4171 case 7: /* primary status */
4172 {
4173 /* Counter for number of busy status seen in GC in a row. */
4174 static unsigned cBusy = 0;
4175
4176 if (!s->pDrvBlock)
4177 val = 0;
4178 else
4179 val = s->uATARegStatus;
4180
4181 /* Give the async I/O thread an opportunity to make progress,
4182 * don't let it starve by guests polling frequently. EMT has a
4183 * lower priority than the async I/O thread, but sometimes the
4184 * host OS doesn't care. With some guests we are only allowed to
4185 * be busy for about 5 milliseconds in some situations. Note that
4186 * this is no guarantee for any other VBox thread getting
4187 * scheduled, so this just lowers the CPU load a bit when drives
4188 * are busy. It cannot help with timing problems. */
4189 if (val & ATA_STAT_BUSY)
4190 {
4191#ifdef IN_RING3
4192 cBusy = 0;
4193 PDMCritSectLeave(&pCtl->lock);
4194
4195#ifndef RT_OS_WINDOWS
4196 /*
4197 * The thread might be stuck in an I/O operation
4198 * due to a high I/O load on the host. (see @bugref{3301})
4199 * To perform the reset successfully
4200 * we interrupt the operation by sending a signal to the thread
4201 * if the thread didn't responded in 10ms.
4202 * This works only on POSIX hosts (Windows has a CancelSynchronousIo function which
4203 * does the same but it was introduced with Vista) but so far
4204 * this hang was only observed on Linux and Mac OS X.
4205 *
4206 * This is a workaround and needs to be solved properly.
4207 */
4208 if (pCtl->fReset)
4209 {
4210 uint64_t u64ResetTimeStop = RTTimeMilliTS();
4211
4212 if ((u64ResetTimeStop - pCtl->u64ResetTime) >= 10)
4213 {
4214 LogRel(("PIIX3 ATA: Async I/O thread probably stuck in operation, interrupting\n"));
4215 pCtl->u64ResetTime = u64ResetTimeStop;
4216 RTThreadPoke(pCtl->AsyncIOThread);
4217 }
4218 }
4219#endif
4220
4221 RTThreadYield();
4222
4223 {
4224 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4225 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4226 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4227 }
4228
4229 val = s->uATARegStatus;
4230#else /* !IN_RING3 */
4231 /* Cannot yield CPU in guest context. And switching to host
4232 * context for each and every busy status is too costly,
4233 * especially on SMP systems where we don't gain much by
4234 * yielding the CPU to someone else. */
4235 if (++cBusy >= 20)
4236 {
4237 cBusy = 0;
4238 return VINF_IOM_HC_IOPORT_READ;
4239 }
4240#endif /* !IN_RING3 */
4241 }
4242 else
4243 cBusy = 0;
4244 ataUnsetIRQ(s);
4245 break;
4246 }
4247 }
4248 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4249 *pu32 = val;
4250 return VINF_SUCCESS;
4251}
4252
4253
4254static uint32_t ataStatusRead(PATACONTROLLER pCtl, uint32_t addr)
4255{
4256 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4257 uint32_t val;
4258
4259 if ((!pCtl->aIfs[0].pDrvBlock && !pCtl->aIfs[1].pDrvBlock) ||
4260 (pCtl->iSelectedIf == 1 && !s->pDrvBlock))
4261 val = 0;
4262 else
4263 val = s->uATARegStatus;
4264 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4265 return val;
4266}
4267
4268static int ataControlWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
4269{
4270#ifndef IN_RING3
4271 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_RESET)
4272 return VINF_IOM_HC_IOPORT_WRITE; /* The RESET stuff is too complicated for GC. */
4273#endif /* !IN_RING3 */
4274
4275 Log2(("%s: addr=%#x val=%#04x\n", __FUNCTION__, addr, val));
4276 /* RESET is common for both drives attached to a controller. */
4277 if (!(pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4278 (val & ATA_DEVCTL_RESET))
4279 {
4280#ifdef IN_RING3
4281 /* Software RESET low to high */
4282 int32_t uCmdWait0 = -1, uCmdWait1 = -1;
4283 uint64_t uNow = RTTimeNanoTS();
4284 if (pCtl->aIfs[0].u64CmdTS)
4285 uCmdWait0 = (uNow - pCtl->aIfs[0].u64CmdTS) / 1000;
4286 if (pCtl->aIfs[1].u64CmdTS)
4287 uCmdWait1 = (uNow - pCtl->aIfs[1].u64CmdTS) / 1000;
4288 LogRel(("PIIX3 ATA: Ctl#%d: RESET, DevSel=%d AIOIf=%d CmdIf0=%#04x (%d usec ago) CmdIf1=%#04x (%d usec ago)\n",
4289 ATACONTROLLER_IDX(pCtl), pCtl->iSelectedIf, pCtl->iAIOIf,
4290 pCtl->aIfs[0].uATARegCommand, uCmdWait0,
4291 pCtl->aIfs[1].uATARegCommand, uCmdWait1));
4292 pCtl->fReset = true;
4293 /* Everything must be done after the reset flag is set, otherwise
4294 * there are unavoidable races with the currently executing request
4295 * (which might just finish in the mean time). */
4296 pCtl->fChainedTransfer = false;
4297 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
4298 {
4299 ataResetDevice(&pCtl->aIfs[i]);
4300 /* The following cannot be done using ataSetStatusValue() since the
4301 * reset flag is already set, which suppresses all status changes. */
4302 pCtl->aIfs[i].uATARegStatus = ATA_STAT_BUSY | ATA_STAT_SEEK;
4303 Log2(("%s: LUN#%d status %#04x\n", __FUNCTION__, pCtl->aIfs[i].iLUN, pCtl->aIfs[i].uATARegStatus));
4304 pCtl->aIfs[i].uATARegError = 0x01;
4305 }
4306 ataAsyncIOClearRequests(pCtl);
4307 Log2(("%s: Ctl#%d: message to async I/O thread, resetA\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4308 if (val & ATA_DEVCTL_HOB)
4309 {
4310 val &= ~ATA_DEVCTL_HOB;
4311 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4312 }
4313
4314 /* Save the timestamp we started the reset. */
4315 pCtl->u64ResetTime = RTTimeMilliTS();
4316
4317 /* Issue the reset request now. */
4318 ataAsyncIOPutRequest(pCtl, &g_ataResetARequest);
4319#else /* !IN_RING3 */
4320 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4321#endif /* IN_RING3 */
4322 }
4323 else if ((pCtl->aIfs[0].uATARegDevCtl & ATA_DEVCTL_RESET) &&
4324 !(val & ATA_DEVCTL_RESET))
4325 {
4326#ifdef IN_RING3
4327 /* Software RESET high to low */
4328 Log(("%s: deasserting RESET\n", __FUNCTION__));
4329 Log2(("%s: Ctl#%d: message to async I/O thread, resetC\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4330 if (val & ATA_DEVCTL_HOB)
4331 {
4332 val &= ~ATA_DEVCTL_HOB;
4333 Log2(("%s: ignored setting HOB\n", __FUNCTION__));
4334 }
4335 ataAsyncIOPutRequest(pCtl, &g_ataResetCRequest);
4336#else /* !IN_RING3 */
4337 AssertMsgFailed(("RESET handling is too complicated for GC\n"));
4338#endif /* IN_RING3 */
4339 }
4340
4341 /* Change of interrupt disable flag. Update interrupt line if interrupt
4342 * is pending on the current interface. */
4343 if ((val ^ pCtl->aIfs[0].uATARegDevCtl) & ATA_DEVCTL_DISABLE_IRQ
4344 && pCtl->aIfs[pCtl->iSelectedIf].fIrqPending)
4345 {
4346 if (!(val & ATA_DEVCTL_DISABLE_IRQ))
4347 {
4348 Log2(("%s: LUN#%d asserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4349 /* The BMDMA unit unconditionally sets BM_STATUS_INT if the
4350 * interrupt line is asserted. It monitors the line for a rising
4351 * edge. */
4352 pCtl->BmDma.u8Status |= BM_STATUS_INT;
4353 if (pCtl->irq == 16)
4354 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 1);
4355 else
4356 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 1);
4357 }
4358 else
4359 {
4360 Log2(("%s: LUN#%d deasserting IRQ (interrupt disable change)\n", __FUNCTION__, pCtl->aIfs[pCtl->iSelectedIf].iLUN));
4361 if (pCtl->irq == 16)
4362 PDMDevHlpPCISetIrq(CONTROLLER_2_DEVINS(pCtl), 0, 0);
4363 else
4364 PDMDevHlpISASetIrq(CONTROLLER_2_DEVINS(pCtl), pCtl->irq, 0);
4365 }
4366 }
4367
4368 if (val & ATA_DEVCTL_HOB)
4369 Log2(("%s: set HOB\n", __FUNCTION__));
4370
4371 pCtl->aIfs[0].uATARegDevCtl = val;
4372 pCtl->aIfs[1].uATARegDevCtl = val;
4373
4374 return VINF_SUCCESS;
4375}
4376
4377#ifdef IN_RING3
4378
4379static void ataPIOTransfer(PATACONTROLLER pCtl)
4380{
4381 ATADevState *s;
4382
4383 s = &pCtl->aIfs[pCtl->iAIOIf];
4384 Log3(("%s: if=%p\n", __FUNCTION__, s));
4385
4386 if (s->cbTotalTransfer && s->iIOBufferCur > s->iIOBufferEnd)
4387 {
4388 LogRel(("PIIX3 ATA: LUN#%d: %s data in the middle of a PIO transfer - VERY SLOW\n", s->iLUN, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "loading" : "storing"));
4389 /* Any guest OS that triggers this case has a pathetic ATA driver.
4390 * In a real system it would block the CPU via IORDY, here we do it
4391 * very similarly by not continuing with the current instruction
4392 * until the transfer to/from the storage medium is completed. */
4393 if (s->iSourceSink != ATAFN_SS_NULL)
4394 {
4395 bool fRedo;
4396 uint8_t status = s->uATARegStatus;
4397 ataSetStatusValue(s, ATA_STAT_BUSY);
4398 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4399 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4400 pCtl->fRedo = fRedo;
4401 if (RT_UNLIKELY(fRedo))
4402 return;
4403 ataSetStatusValue(s, status);
4404 s->iIOBufferCur = 0;
4405 s->iIOBufferEnd = s->cbElementaryTransfer;
4406 }
4407 }
4408 if (s->cbTotalTransfer)
4409 {
4410 if (s->fATAPITransfer)
4411 ataPIOTransferLimitATAPI(s);
4412
4413 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4414 s->cbElementaryTransfer = s->cbTotalTransfer;
4415
4416 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4417 __FUNCTION__, s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4418 s->cbTotalTransfer, s->cbElementaryTransfer,
4419 s->iIOBufferCur, s->iIOBufferEnd));
4420 ataPIOTransferStart(s, s->iIOBufferCur, s->cbElementaryTransfer);
4421 s->cbTotalTransfer -= s->cbElementaryTransfer;
4422 s->iIOBufferCur += s->cbElementaryTransfer;
4423
4424 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && s->cbElementaryTransfer > s->cbTotalTransfer)
4425 s->cbElementaryTransfer = s->cbTotalTransfer;
4426 }
4427 else
4428 ataPIOTransferStop(s);
4429}
4430
4431
4432DECLINLINE(void) ataPIOTransferFinish(PATACONTROLLER pCtl, ATADevState *s)
4433{
4434 /* Do not interfere with RESET processing if the PIO transfer finishes
4435 * while the RESET line is asserted. */
4436 if (pCtl->fReset)
4437 {
4438 Log2(("%s: Ctl#%d: suppressed continuing PIO transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4439 return;
4440 }
4441
4442 if ( s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE
4443 || ( s->iSourceSink != ATAFN_SS_NULL
4444 && s->iIOBufferCur >= s->iIOBufferEnd))
4445 {
4446 /* Need to continue the transfer in the async I/O thread. This is
4447 * the case for write operations or generally for not yet finished
4448 * transfers (some data might need to be read). */
4449 ataUnsetStatus(s, ATA_STAT_READY | ATA_STAT_DRQ);
4450 ataSetStatus(s, ATA_STAT_BUSY);
4451
4452 Log2(("%s: Ctl#%d: message to async I/O thread, continuing PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4453 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
4454 }
4455 else
4456 {
4457 /* Either everything finished (though some data might still be pending)
4458 * or some data is pending before the next read is due. */
4459
4460 /* Continue a previously started transfer. */
4461 ataUnsetStatus(s, ATA_STAT_DRQ);
4462 ataSetStatus(s, ATA_STAT_READY);
4463
4464 if (s->cbTotalTransfer)
4465 {
4466 /* There is more to transfer, happens usually for large ATAPI
4467 * reads - the protocol limits the chunk size to 65534 bytes. */
4468 ataPIOTransfer(pCtl);
4469 ataSetIRQ(s);
4470 }
4471 else
4472 {
4473 Log2(("%s: Ctl#%d: skipping message to async I/O thread, ending PIO transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4474 /* Finish PIO transfer. */
4475 ataPIOTransfer(pCtl);
4476 Assert(!pCtl->fRedo);
4477 }
4478 }
4479}
4480
4481#endif /* IN_RING3 */
4482
4483static int ataDataWrite(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, const uint8_t *pbBuf)
4484{
4485 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4486 uint8_t *p;
4487
4488 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4489 {
4490 Assert(s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE);
4491 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4492#ifndef IN_RING3
4493 /* All but the last transfer unit is simple enough for GC, but
4494 * sending a request to the async IO thread is too complicated. */
4495 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4496 {
4497 memcpy(p, pbBuf, cbSize);
4498 s->iIOBufferPIODataStart += cbSize;
4499 }
4500 else
4501 return VINF_IOM_HC_IOPORT_WRITE;
4502#else /* IN_RING3 */
4503 memcpy(p, pbBuf, cbSize);
4504 s->iIOBufferPIODataStart += cbSize;
4505 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4506 ataPIOTransferFinish(pCtl, s);
4507#endif /* !IN_RING3 */
4508 }
4509 else
4510 Log2(("%s: DUMMY data\n", __FUNCTION__));
4511 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4512 return VINF_SUCCESS;
4513}
4514
4515static int ataDataRead(PATACONTROLLER pCtl, uint32_t addr, uint32_t cbSize, uint8_t *pbBuf)
4516{
4517 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
4518 uint8_t *p;
4519
4520 if (s->iIOBufferPIODataStart < s->iIOBufferPIODataEnd)
4521 {
4522 Assert(s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE);
4523 p = s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart;
4524#ifndef IN_RING3
4525 /* All but the last transfer unit is simple enough for GC, but
4526 * sending a request to the async IO thread is too complicated. */
4527 if (s->iIOBufferPIODataStart + cbSize < s->iIOBufferPIODataEnd)
4528 {
4529 memcpy(pbBuf, p, cbSize);
4530 s->iIOBufferPIODataStart += cbSize;
4531 }
4532 else
4533 return VINF_IOM_HC_IOPORT_READ;
4534#else /* IN_RING3 */
4535 memcpy(pbBuf, p, cbSize);
4536 s->iIOBufferPIODataStart += cbSize;
4537 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
4538 ataPIOTransferFinish(pCtl, s);
4539#endif /* !IN_RING3 */
4540 }
4541 else
4542 {
4543 Log2(("%s: DUMMY data\n", __FUNCTION__));
4544 memset(pbBuf, '\xff', cbSize);
4545 }
4546 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, addr, cbSize, pbBuf));
4547 return VINF_SUCCESS;
4548}
4549
4550#ifdef IN_RING3
4551
4552static void ataDMATransferStop(ATADevState *s)
4553{
4554 s->cbTotalTransfer = 0;
4555 s->cbElementaryTransfer = 0;
4556 s->iBeginTransfer = ATAFN_BT_NULL;
4557 s->iSourceSink = ATAFN_SS_NULL;
4558}
4559
4560
4561/**
4562 * Perform the entire DMA transfer in one go (unless a source/sink operation
4563 * has to be redone or a RESET comes in between). Unlike the PIO counterpart
4564 * this function cannot handle empty transfers.
4565 *
4566 * @param pCtl Controller for which to perform the transfer.
4567 */
4568static void ataDMATransfer(PATACONTROLLER pCtl)
4569{
4570 PPDMDEVINS pDevIns = CONTROLLER_2_DEVINS(pCtl);
4571 ATADevState *s = &pCtl->aIfs[pCtl->iAIOIf];
4572 bool fRedo;
4573 RTGCPHYS32 pDesc;
4574 uint32_t cbTotalTransfer, cbElementaryTransfer;
4575 uint32_t iIOBufferCur, iIOBufferEnd;
4576 uint32_t dmalen;
4577 PDMBLOCKTXDIR uTxDir;
4578 bool fLastDesc = false;
4579
4580 Assert(sizeof(BMDMADesc) == 8);
4581
4582 fRedo = pCtl->fRedo;
4583 if (RT_LIKELY(!fRedo))
4584 Assert(s->cbTotalTransfer);
4585 uTxDir = (PDMBLOCKTXDIR)s->uTxDir;
4586 cbTotalTransfer = s->cbTotalTransfer;
4587 cbElementaryTransfer = s->cbElementaryTransfer;
4588 iIOBufferCur = s->iIOBufferCur;
4589 iIOBufferEnd = s->iIOBufferEnd;
4590
4591 /* The DMA loop is designed to hold the lock only when absolutely
4592 * necessary. This avoids long freezes should the guest access the
4593 * ATA registers etc. for some reason. */
4594 PDMCritSectLeave(&pCtl->lock);
4595
4596 Log2(("%s: %s tx_size=%d elem_tx_size=%d index=%d end=%d\n",
4597 __FUNCTION__, uTxDir == PDMBLOCKTXDIR_FROM_DEVICE ? "T2I" : "I2T",
4598 cbTotalTransfer, cbElementaryTransfer,
4599 iIOBufferCur, iIOBufferEnd));
4600 for (pDesc = pCtl->pFirstDMADesc; pDesc <= pCtl->pLastDMADesc; pDesc += sizeof(BMDMADesc))
4601 {
4602 BMDMADesc DMADesc;
4603 RTGCPHYS32 pBuffer;
4604 uint32_t cbBuffer;
4605
4606 if (RT_UNLIKELY(fRedo))
4607 {
4608 pBuffer = pCtl->pRedoDMABuffer;
4609 cbBuffer = pCtl->cbRedoDMABuffer;
4610 fLastDesc = pCtl->fRedoDMALastDesc;
4611 }
4612 else
4613 {
4614 PDMDevHlpPhysRead(pDevIns, pDesc, &DMADesc, sizeof(BMDMADesc));
4615 pBuffer = RT_LE2H_U32(DMADesc.pBuffer);
4616 cbBuffer = RT_LE2H_U32(DMADesc.cbBuffer);
4617 fLastDesc = !!(cbBuffer & 0x80000000);
4618 cbBuffer &= 0xfffe;
4619 if (cbBuffer == 0)
4620 cbBuffer = 0x10000;
4621 if (cbBuffer > cbTotalTransfer)
4622 cbBuffer = cbTotalTransfer;
4623 }
4624
4625 while (RT_UNLIKELY(fRedo) || (cbBuffer && cbTotalTransfer))
4626 {
4627 if (RT_LIKELY(!fRedo))
4628 {
4629 dmalen = RT_MIN(cbBuffer, iIOBufferEnd - iIOBufferCur);
4630 Log2(("%s: DMA desc %#010x: addr=%#010x size=%#010x\n", __FUNCTION__,
4631 (int)pDesc, pBuffer, cbBuffer));
4632 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
4633 PDMDevHlpPhysWrite(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4634 else
4635 PDMDevHlpPhysRead(pDevIns, pBuffer, s->CTX_SUFF(pbIOBuffer) + iIOBufferCur, dmalen);
4636 iIOBufferCur += dmalen;
4637 cbTotalTransfer -= dmalen;
4638 cbBuffer -= dmalen;
4639 pBuffer += dmalen;
4640 }
4641 if ( iIOBufferCur == iIOBufferEnd
4642 && (uTxDir == PDMBLOCKTXDIR_TO_DEVICE || cbTotalTransfer))
4643 {
4644 if (uTxDir == PDMBLOCKTXDIR_FROM_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4645 cbElementaryTransfer = cbTotalTransfer;
4646
4647 {
4648 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4649 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4650 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4651 }
4652
4653 /* The RESET handler could have cleared the DMA transfer
4654 * state (since we didn't hold the lock until just now
4655 * the guest can continue in parallel). If so, the state
4656 * is already set up so the loop is exited immediately. */
4657 if (s->iSourceSink != ATAFN_SS_NULL)
4658 {
4659 s->iIOBufferCur = iIOBufferCur;
4660 s->iIOBufferEnd = iIOBufferEnd;
4661 s->cbElementaryTransfer = cbElementaryTransfer;
4662 s->cbTotalTransfer = cbTotalTransfer;
4663 Log2(("%s: calling source/sink function\n", __FUNCTION__));
4664 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4665 if (RT_UNLIKELY(fRedo))
4666 {
4667 pCtl->pFirstDMADesc = pDesc;
4668 pCtl->pRedoDMABuffer = pBuffer;
4669 pCtl->cbRedoDMABuffer = cbBuffer;
4670 pCtl->fRedoDMALastDesc = fLastDesc;
4671 }
4672 else
4673 {
4674 cbTotalTransfer = s->cbTotalTransfer;
4675 cbElementaryTransfer = s->cbElementaryTransfer;
4676
4677 if (uTxDir == PDMBLOCKTXDIR_TO_DEVICE && cbElementaryTransfer > cbTotalTransfer)
4678 cbElementaryTransfer = cbTotalTransfer;
4679 iIOBufferCur = 0;
4680 iIOBufferEnd = cbElementaryTransfer;
4681 }
4682 pCtl->fRedo = fRedo;
4683 }
4684 else
4685 {
4686 /* This forces the loop to exit immediately. */
4687 pDesc = pCtl->pLastDMADesc + 1;
4688 }
4689
4690 PDMCritSectLeave(&pCtl->lock);
4691 if (RT_UNLIKELY(fRedo))
4692 break;
4693 }
4694 }
4695
4696 if (RT_UNLIKELY(fRedo))
4697 break;
4698
4699 /* end of transfer */
4700 if (!cbTotalTransfer || fLastDesc)
4701 break;
4702
4703 {
4704 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4705 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4706 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4707 }
4708
4709 if (!(pCtl->BmDma.u8Cmd & BM_CMD_START) || pCtl->fReset)
4710 {
4711 LogRel(("PIIX3 ATA: Ctl#%d: ABORT DMA%s\n", ATACONTROLLER_IDX(pCtl), pCtl->fReset ? " due to RESET" : ""));
4712 if (!pCtl->fReset)
4713 ataDMATransferStop(s);
4714 /* This forces the loop to exit immediately. */
4715 pDesc = pCtl->pLastDMADesc + 1;
4716 }
4717
4718 PDMCritSectLeave(&pCtl->lock);
4719 }
4720
4721 {
4722 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4723 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4724 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4725 }
4726
4727 if (RT_UNLIKELY(fRedo))
4728 return;
4729
4730 if (fLastDesc)
4731 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
4732 s->cbTotalTransfer = cbTotalTransfer;
4733 s->cbElementaryTransfer = cbElementaryTransfer;
4734 s->iIOBufferCur = iIOBufferCur;
4735 s->iIOBufferEnd = iIOBufferEnd;
4736}
4737
4738/**
4739 * Signal PDM that we're idle (if we actually are).
4740 *
4741 * @param pCtl The controller.
4742 */
4743static void ataR3AsyncSignalIdle(PATACONTROLLER pCtl)
4744{
4745 /*
4746 * Take the mutex here and recheck the idle indicator to avoid
4747 * unnecessary work and racing ataR3WaitForAsyncIOIsIdle.
4748 */
4749 int rc = RTSemMutexRequest(pCtl->AsyncIORequestMutex, RT_INDEFINITE_WAIT); AssertRC(rc);
4750
4751 if ( pCtl->fSignalIdle
4752 && ataAsyncIOIsIdle(pCtl, false /*fStrict*/))
4753 {
4754 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
4755 RTThreadUserSignal(pCtl->AsyncIOThread); /* for ataR3Construct/ataR3ResetCommon. */
4756 }
4757
4758 rc = RTSemMutexRelease(pCtl->AsyncIORequestMutex); AssertRC(rc);
4759}
4760
4761/** Async I/O thread for an interface. Once upon a time this was readable
4762 * code with several loops and a different semaphore for each purpose. But
4763 * then came the "how can one save the state in the middle of a PIO transfer"
4764 * question. The solution was to use an ASM, which is what's there now. */
4765static DECLCALLBACK(int) ataAsyncIOLoop(RTTHREAD ThreadSelf, void *pvUser)
4766{
4767 const ATARequest *pReq;
4768 uint64_t u64TS = 0; /* shut up gcc */
4769 uint64_t uWait;
4770 int rc = VINF_SUCCESS;
4771 PATACONTROLLER pCtl = (PATACONTROLLER)pvUser;
4772 ATADevState *s;
4773
4774 pReq = NULL;
4775 pCtl->fChainedTransfer = false;
4776 while (!pCtl->fShutdown)
4777 {
4778 /* Keep this thread from doing anything as long as EMT is suspended. */
4779 while (pCtl->fRedoIdle)
4780 {
4781 if (pCtl->fSignalIdle)
4782 ataR3AsyncSignalIdle(pCtl);
4783 rc = RTSemEventWait(pCtl->SuspendIOSem, RT_INDEFINITE_WAIT);
4784 /* Continue if we got a signal by RTThreadPoke().
4785 * We will get notified if there is a request to process.
4786 */
4787 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4788 continue;
4789 if (RT_FAILURE(rc) || pCtl->fShutdown)
4790 break;
4791
4792 pCtl->fRedoIdle = false;
4793 }
4794
4795 /* Wait for work. */
4796 while (pReq == NULL)
4797 {
4798 if (pCtl->fSignalIdle)
4799 ataR3AsyncSignalIdle(pCtl);
4800 rc = RTSemEventWait(pCtl->AsyncIOSem, RT_INDEFINITE_WAIT);
4801 /* Continue if we got a signal by RTThreadPoke().
4802 * We will get notified if there is a request to process.
4803 */
4804 if (RT_UNLIKELY(rc == VERR_INTERRUPTED))
4805 continue;
4806 if (RT_FAILURE(rc) || RT_UNLIKELY(pCtl->fShutdown))
4807 break;
4808
4809 pReq = ataAsyncIOGetCurrentRequest(pCtl);
4810 }
4811
4812 if (RT_FAILURE(rc) || pCtl->fShutdown)
4813 break;
4814
4815 if (pReq == NULL)
4816 continue;
4817
4818 ATAAIO ReqType = pReq->ReqType;
4819
4820 Log2(("%s: Ctl#%d: state=%d, req=%d\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->uAsyncIOState, ReqType));
4821 if (pCtl->uAsyncIOState != ReqType)
4822 {
4823 /* The new state is not the state that was expected by the normal
4824 * state changes. This is either a RESET/ABORT or there's something
4825 * really strange going on. */
4826 if ( (pCtl->uAsyncIOState == ATA_AIO_PIO || pCtl->uAsyncIOState == ATA_AIO_DMA)
4827 && (ReqType == ATA_AIO_PIO || ReqType == ATA_AIO_DMA))
4828 {
4829 /* Incorrect sequence of PIO/DMA states. Dump request queue. */
4830 ataAsyncIODumpRequests(pCtl);
4831 }
4832 AssertReleaseMsg(ReqType == ATA_AIO_RESET_ASSERTED || ReqType == ATA_AIO_RESET_CLEARED || ReqType == ATA_AIO_ABORT || pCtl->uAsyncIOState == ReqType, ("I/O state inconsistent: state=%d request=%d\n", pCtl->uAsyncIOState, ReqType));
4833 }
4834
4835 /* Do our work. */
4836 {
4837 STAM_PROFILE_START(&pCtl->StatLockWait, a);
4838 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
4839 STAM_PROFILE_STOP(&pCtl->StatLockWait, a);
4840 }
4841
4842 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
4843 {
4844 u64TS = RTTimeNanoTS();
4845#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
4846 STAM_PROFILE_ADV_START(&pCtl->StatAsyncTime, a);
4847#endif /* DEBUG || VBOX_WITH_STATISTICS */
4848 }
4849
4850 switch (ReqType)
4851 {
4852 case ATA_AIO_NEW:
4853
4854 pCtl->iAIOIf = pReq->u.t.iIf;
4855 s = &pCtl->aIfs[pCtl->iAIOIf];
4856 s->cbTotalTransfer = pReq->u.t.cbTotalTransfer;
4857 s->uTxDir = pReq->u.t.uTxDir;
4858 s->iBeginTransfer = pReq->u.t.iBeginTransfer;
4859 s->iSourceSink = pReq->u.t.iSourceSink;
4860 s->iIOBufferEnd = 0;
4861 s->u64CmdTS = u64TS;
4862
4863 if (s->fATAPI)
4864 {
4865 if (pCtl->fChainedTransfer)
4866 {
4867 /* Only count the actual transfers, not the PIO
4868 * transfer of the ATAPI command bytes. */
4869 if (s->fDMA)
4870 STAM_REL_COUNTER_INC(&s->StatATAPIDMA);
4871 else
4872 STAM_REL_COUNTER_INC(&s->StatATAPIPIO);
4873 }
4874 }
4875 else
4876 {
4877 if (s->fDMA)
4878 STAM_REL_COUNTER_INC(&s->StatATADMA);
4879 else
4880 STAM_REL_COUNTER_INC(&s->StatATAPIO);
4881 }
4882
4883 pCtl->fChainedTransfer = false;
4884
4885 if (s->iBeginTransfer != ATAFN_BT_NULL)
4886 {
4887 Log2(("%s: Ctl#%d: calling begin transfer function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4888 g_apfnBeginTransFuncs[s->iBeginTransfer](s);
4889 s->iBeginTransfer = ATAFN_BT_NULL;
4890 if (s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
4891 s->iIOBufferEnd = s->cbElementaryTransfer;
4892 }
4893 else
4894 {
4895 s->cbElementaryTransfer = s->cbTotalTransfer;
4896 s->iIOBufferEnd = s->cbTotalTransfer;
4897 }
4898 s->iIOBufferCur = 0;
4899
4900 if (s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4901 {
4902 if (s->iSourceSink != ATAFN_SS_NULL)
4903 {
4904 bool fRedo;
4905 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4906 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
4907 pCtl->fRedo = fRedo;
4908 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
4909 {
4910 /* Operation failed at the initial transfer, restart
4911 * everything from scratch by resending the current
4912 * request. Occurs very rarely, not worth optimizing. */
4913 LogRel(("%s: Ctl#%d: redo entire operation\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4914 ataAsyncIOPutRequest(pCtl, pReq);
4915 break;
4916 }
4917 }
4918 else
4919 ataCmdOK(s, 0);
4920 s->iIOBufferEnd = s->cbElementaryTransfer;
4921
4922 }
4923
4924 /* Do not go into the transfer phase if RESET is asserted.
4925 * The CritSect is released while waiting for the host OS
4926 * to finish the I/O, thus RESET is possible here. Most
4927 * important: do not change uAsyncIOState. */
4928 if (pCtl->fReset)
4929 break;
4930
4931 if (s->fDMA)
4932 {
4933 if (s->cbTotalTransfer)
4934 {
4935 ataSetStatus(s, ATA_STAT_DRQ);
4936
4937 pCtl->uAsyncIOState = ATA_AIO_DMA;
4938 /* If BMDMA is already started, do the transfer now. */
4939 if (pCtl->BmDma.u8Cmd & BM_CMD_START)
4940 {
4941 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer immediately\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
4942 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
4943 }
4944 }
4945 else
4946 {
4947 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4948 /* Finish DMA transfer. */
4949 ataDMATransferStop(s);
4950 ataSetIRQ(s);
4951 pCtl->uAsyncIOState = ATA_AIO_NEW;
4952 }
4953 }
4954 else
4955 {
4956 if (s->cbTotalTransfer)
4957 {
4958 ataPIOTransfer(pCtl);
4959 Assert(!pCtl->fRedo);
4960 if (s->fATAPITransfer || s->uTxDir != PDMBLOCKTXDIR_TO_DEVICE)
4961 ataSetIRQ(s);
4962
4963 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
4964 {
4965 /* Write operations and not yet finished transfers
4966 * must be completed in the async I/O thread. */
4967 pCtl->uAsyncIOState = ATA_AIO_PIO;
4968 }
4969 else
4970 {
4971 /* Finished read operation can be handled inline
4972 * in the end of PIO transfer handling code. Linux
4973 * depends on this, as it waits only briefly for
4974 * devices to become ready after incoming data
4975 * transfer. Cannot find anything in the ATA spec
4976 * that backs this assumption, but as all kernels
4977 * are affected (though most of the time it does
4978 * not cause any harm) this must work. */
4979 pCtl->uAsyncIOState = ATA_AIO_NEW;
4980 }
4981 }
4982 else
4983 {
4984 Assert(s->uTxDir == PDMBLOCKTXDIR_NONE); /* Any transfer which has an initial transfer size of 0 must be marked as such. */
4985 /* Finish PIO transfer. */
4986 ataPIOTransfer(pCtl);
4987 Assert(!pCtl->fRedo);
4988 if (!s->fATAPITransfer)
4989 ataSetIRQ(s);
4990 pCtl->uAsyncIOState = ATA_AIO_NEW;
4991 }
4992 }
4993 break;
4994
4995 case ATA_AIO_DMA:
4996 {
4997 BMDMAState *bm = &pCtl->BmDma;
4998 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
4999 ATAFNSS iOriginalSourceSink = (ATAFNSS)s->iSourceSink; /* Used by the hack below, but gets reset by then. */
5000
5001 if (s->uTxDir == PDMBLOCKTXDIR_FROM_DEVICE)
5002 AssertRelease(bm->u8Cmd & BM_CMD_WRITE);
5003 else
5004 AssertRelease(!(bm->u8Cmd & BM_CMD_WRITE));
5005
5006 if (RT_LIKELY(!pCtl->fRedo))
5007 {
5008 /* The specs say that the descriptor table must not cross a
5009 * 4K boundary. */
5010 pCtl->pFirstDMADesc = bm->pvAddr;
5011 pCtl->pLastDMADesc = RT_ALIGN_32(bm->pvAddr + 1, _4K) - sizeof(BMDMADesc);
5012 }
5013 ataDMATransfer(pCtl);
5014
5015 if (RT_UNLIKELY(pCtl->fRedo && !pCtl->fReset))
5016 {
5017 LogRel(("PIIX3 ATA: Ctl#%d: redo DMA operation\n", ATACONTROLLER_IDX(pCtl)));
5018 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5019 break;
5020 }
5021
5022 /* The infamous delay IRQ hack. */
5023 if ( iOriginalSourceSink == ATAFN_SS_WRITE_SECTORS
5024 && s->cbTotalTransfer == 0
5025 && pCtl->DelayIRQMillies)
5026 {
5027 /* Delay IRQ for writing. Required to get the Win2K
5028 * installation work reliably (otherwise it crashes,
5029 * usually during component install). So far no better
5030 * solution has been found. */
5031 Log(("%s: delay IRQ hack\n", __FUNCTION__));
5032 PDMCritSectLeave(&pCtl->lock);
5033 RTThreadSleep(pCtl->DelayIRQMillies);
5034 PDMCritSectEnter(&pCtl->lock, VINF_SUCCESS);
5035 }
5036
5037 ataUnsetStatus(s, ATA_STAT_DRQ);
5038 Assert(!pCtl->fChainedTransfer);
5039 Assert(s->iSourceSink == ATAFN_SS_NULL);
5040 if (s->fATAPITransfer)
5041 {
5042 s->uATARegNSector = (s->uATARegNSector & ~7) | ATAPI_INT_REASON_IO | ATAPI_INT_REASON_CD;
5043 Log2(("%s: Ctl#%d: interrupt reason %#04x\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), s->uATARegNSector));
5044 s->fATAPITransfer = false;
5045 }
5046 ataSetIRQ(s);
5047 pCtl->uAsyncIOState = ATA_AIO_NEW;
5048 break;
5049 }
5050
5051 case ATA_AIO_PIO:
5052 s = &pCtl->aIfs[pCtl->iAIOIf]; /* Do not remove or there's an instant crash after loading the saved state */
5053
5054 if (s->iSourceSink != ATAFN_SS_NULL)
5055 {
5056 bool fRedo;
5057 Log2(("%s: Ctl#%d: calling source/sink function\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5058 fRedo = g_apfnSourceSinkFuncs[s->iSourceSink](s);
5059 pCtl->fRedo = fRedo;
5060 if (RT_UNLIKELY(fRedo && !pCtl->fReset))
5061 {
5062 LogRel(("PIIX3 ATA: Ctl#%d: redo PIO operation\n", ATACONTROLLER_IDX(pCtl)));
5063 ataAsyncIOPutRequest(pCtl, &g_ataPIORequest);
5064 break;
5065 }
5066 s->iIOBufferCur = 0;
5067 s->iIOBufferEnd = s->cbElementaryTransfer;
5068 }
5069 else
5070 {
5071 /* Continue a previously started transfer. */
5072 ataUnsetStatus(s, ATA_STAT_BUSY);
5073 ataSetStatus(s, ATA_STAT_READY);
5074 }
5075
5076 /* It is possible that the drives on this controller get RESET
5077 * during the above call to the source/sink function. If that's
5078 * the case, don't restart the transfer and don't finish it the
5079 * usual way. RESET handling took care of all that already.
5080 * Most important: do not change uAsyncIOState. */
5081 if (pCtl->fReset)
5082 break;
5083
5084 if (s->cbTotalTransfer)
5085 {
5086 ataPIOTransfer(pCtl);
5087 ataSetIRQ(s);
5088
5089 if (s->uTxDir == PDMBLOCKTXDIR_TO_DEVICE || s->iSourceSink != ATAFN_SS_NULL)
5090 {
5091 /* Write operations and not yet finished transfers
5092 * must be completed in the async I/O thread. */
5093 pCtl->uAsyncIOState = ATA_AIO_PIO;
5094 }
5095 else
5096 {
5097 /* Finished read operation can be handled inline
5098 * in the end of PIO transfer handling code. Linux
5099 * depends on this, as it waits only briefly for
5100 * devices to become ready after incoming data
5101 * transfer. Cannot find anything in the ATA spec
5102 * that backs this assumption, but as all kernels
5103 * are affected (though most of the time it does
5104 * not cause any harm) this must work. */
5105 pCtl->uAsyncIOState = ATA_AIO_NEW;
5106 }
5107 }
5108 else
5109 {
5110 /* Finish PIO transfer. */
5111 ataPIOTransfer(pCtl);
5112 if ( !pCtl->fChainedTransfer
5113 && !s->fATAPITransfer
5114 && s->uTxDir != PDMBLOCKTXDIR_FROM_DEVICE)
5115 {
5116 ataSetIRQ(s);
5117 }
5118 pCtl->uAsyncIOState = ATA_AIO_NEW;
5119 }
5120 break;
5121
5122 case ATA_AIO_RESET_ASSERTED:
5123 pCtl->uAsyncIOState = ATA_AIO_RESET_CLEARED;
5124 ataPIOTransferStop(&pCtl->aIfs[0]);
5125 ataPIOTransferStop(&pCtl->aIfs[1]);
5126 /* Do not change the DMA registers, they are not affected by the
5127 * ATA controller reset logic. It should be sufficient to issue a
5128 * new command, which is now possible as the state is cleared. */
5129 break;
5130
5131 case ATA_AIO_RESET_CLEARED:
5132 pCtl->uAsyncIOState = ATA_AIO_NEW;
5133 pCtl->fReset = false;
5134 /* Ensure that half-completed transfers are not redone. A reset
5135 * cancels the entire transfer, so continuing is wrong. */
5136 pCtl->fRedo = false;
5137 pCtl->fRedoDMALastDesc = false;
5138 LogRel(("PIIX3 ATA: Ctl#%d: finished processing RESET\n",
5139 ATACONTROLLER_IDX(pCtl)));
5140 for (uint32_t i = 0; i < RT_ELEMENTS(pCtl->aIfs); i++)
5141 {
5142 if (pCtl->aIfs[i].fATAPI)
5143 ataSetStatusValue(&pCtl->aIfs[i], 0); /* NOTE: READY is _not_ set */
5144 else
5145 ataSetStatusValue(&pCtl->aIfs[i], ATA_STAT_READY | ATA_STAT_SEEK);
5146 ataSetSignature(&pCtl->aIfs[i]);
5147 }
5148 break;
5149
5150 case ATA_AIO_ABORT:
5151 /* Abort the current command no matter what. There cannot be
5152 * any command activity on the other drive otherwise using
5153 * one thread per controller wouldn't work at all. */
5154 s = &pCtl->aIfs[pReq->u.a.iIf];
5155
5156 pCtl->uAsyncIOState = ATA_AIO_NEW;
5157 /* Do not change the DMA registers, they are not affected by the
5158 * ATA controller reset logic. It should be sufficient to issue a
5159 * new command, which is now possible as the state is cleared. */
5160 if (pReq->u.a.fResetDrive)
5161 {
5162 ataResetDevice(s);
5163 ataExecuteDeviceDiagnosticSS(s);
5164 }
5165 else
5166 {
5167 /* Stop any pending DMA transfer. */
5168 s->fDMA = false;
5169 ataPIOTransferStop(s);
5170 ataUnsetStatus(s, ATA_STAT_BUSY | ATA_STAT_DRQ | ATA_STAT_SEEK | ATA_STAT_ERR);
5171 ataSetStatus(s, ATA_STAT_READY);
5172 ataSetIRQ(s);
5173 }
5174 break;
5175
5176 default:
5177 AssertMsgFailed(("Undefined async I/O state %d\n", pCtl->uAsyncIOState));
5178 }
5179
5180 ataAsyncIORemoveCurrentRequest(pCtl, ReqType);
5181 pReq = ataAsyncIOGetCurrentRequest(pCtl);
5182
5183 if (pCtl->uAsyncIOState == ATA_AIO_NEW && !pCtl->fChainedTransfer)
5184 {
5185#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5186 STAM_PROFILE_ADV_STOP(&pCtl->StatAsyncTime, a);
5187#endif /* DEBUG || VBOX_WITH_STATISTICS */
5188
5189 u64TS = RTTimeNanoTS() - u64TS;
5190 uWait = u64TS / 1000;
5191 Log(("%s: Ctl#%d: LUN#%d finished I/O transaction in %d microseconds\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), pCtl->aIfs[pCtl->iAIOIf].iLUN, (uint32_t)(uWait)));
5192 /* Mark command as finished. */
5193 pCtl->aIfs[pCtl->iAIOIf].u64CmdTS = 0;
5194
5195 /*
5196 * Release logging of command execution times depends on the
5197 * command type. ATAPI commands often take longer (due to CD/DVD
5198 * spin up time etc.) so the threshold is different.
5199 */
5200 if (pCtl->aIfs[pCtl->iAIOIf].uATARegCommand != ATA_PACKET)
5201 {
5202 if (uWait > 8 * 1000 * 1000)
5203 {
5204 /*
5205 * Command took longer than 8 seconds. This is close
5206 * enough or over the guest's command timeout, so place
5207 * an entry in the release log to allow tracking such
5208 * timing errors (which are often caused by the host).
5209 */
5210 LogRel(("PIIX3 ATA: execution time for ATA command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].uATARegCommand, uWait / (1000 * 1000)));
5211 }
5212 }
5213 else
5214 {
5215 if (uWait > 20 * 1000 * 1000)
5216 {
5217 /*
5218 * Command took longer than 20 seconds. This is close
5219 * enough or over the guest's command timeout, so place
5220 * an entry in the release log to allow tracking such
5221 * timing errors (which are often caused by the host).
5222 */
5223 LogRel(("PIIX3 ATA: execution time for ATAPI command %#04x was %d seconds\n", pCtl->aIfs[pCtl->iAIOIf].aATAPICmd[0], uWait / (1000 * 1000)));
5224 }
5225 }
5226
5227#if defined(DEBUG) || defined(VBOX_WITH_STATISTICS)
5228 if (uWait < pCtl->StatAsyncMinWait || !pCtl->StatAsyncMinWait)
5229 pCtl->StatAsyncMinWait = uWait;
5230 if (uWait > pCtl->StatAsyncMaxWait)
5231 pCtl->StatAsyncMaxWait = uWait;
5232
5233 STAM_COUNTER_ADD(&pCtl->StatAsyncTimeUS, uWait);
5234 STAM_COUNTER_INC(&pCtl->StatAsyncOps);
5235#endif /* DEBUG || VBOX_WITH_STATISTICS */
5236 }
5237
5238 PDMCritSectLeave(&pCtl->lock);
5239 }
5240
5241 /* Signal the ultimate idleness. */
5242 RTThreadUserSignal(pCtl->AsyncIOThread);
5243 if (pCtl->fSignalIdle)
5244 PDMDevHlpAsyncNotificationCompleted(pCtl->pDevInsR3);
5245
5246 /* Cleanup the state. */
5247 /* Do not destroy request mutex yet, still needed for proper shutdown. */
5248 pCtl->fShutdown = false;
5249
5250 Log2(("%s: Ctl#%d: return %Rrc\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl), rc));
5251 return rc;
5252}
5253
5254#endif /* IN_RING3 */
5255
5256static uint32_t ataBMDMACmdReadB(PATACONTROLLER pCtl, uint32_t addr)
5257{
5258 uint32_t val = pCtl->BmDma.u8Cmd;
5259 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5260 return val;
5261}
5262
5263
5264static void ataBMDMACmdWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5265{
5266 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5267 if (!(val & BM_CMD_START))
5268 {
5269 pCtl->BmDma.u8Status &= ~BM_STATUS_DMAING;
5270 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5271 }
5272 else
5273 {
5274#ifdef IN_RING3
5275 /* Check whether the guest OS wants to change DMA direction in
5276 * mid-flight. Not allowed, according to the PIIX3 specs. */
5277 Assert(!(pCtl->BmDma.u8Status & BM_STATUS_DMAING) || !((val ^ pCtl->BmDma.u8Cmd) & 0x04));
5278 uint8_t uOldBmDmaStatus = pCtl->BmDma.u8Status;
5279 pCtl->BmDma.u8Status |= BM_STATUS_DMAING;
5280 pCtl->BmDma.u8Cmd = val & (BM_CMD_START | BM_CMD_WRITE);
5281
5282 /* Do not continue DMA transfers while the RESET line is asserted. */
5283 if (pCtl->fReset)
5284 {
5285 Log2(("%s: Ctl#%d: suppressed continuing DMA transfer as RESET is active\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5286 return;
5287 }
5288
5289 /* Do not start DMA transfers if there's a PIO transfer going on,
5290 * or if there is already a transfer started on this controller. */
5291 if ( !pCtl->aIfs[pCtl->iSelectedIf].fDMA
5292 || (uOldBmDmaStatus & BM_STATUS_DMAING))
5293 return;
5294
5295 if (pCtl->aIfs[pCtl->iAIOIf].uATARegStatus & ATA_STAT_DRQ)
5296 {
5297 Log2(("%s: Ctl#%d: message to async I/O thread, continuing DMA transfer\n", __FUNCTION__, ATACONTROLLER_IDX(pCtl)));
5298 ataAsyncIOPutRequest(pCtl, &g_ataDMARequest);
5299 }
5300#else /* !IN_RING3 */
5301 AssertMsgFailed(("DMA START handling is too complicated for GC\n"));
5302#endif /* IN_RING3 */
5303 }
5304}
5305
5306static uint32_t ataBMDMAStatusReadB(PATACONTROLLER pCtl, uint32_t addr)
5307{
5308 uint32_t val = pCtl->BmDma.u8Status;
5309 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5310 return val;
5311}
5312
5313static void ataBMDMAStatusWriteB(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5314{
5315 Log2(("%s: addr=%#06x val=%#04x\n", __FUNCTION__, addr, val));
5316 pCtl->BmDma.u8Status = (val & (BM_STATUS_D0DMA | BM_STATUS_D1DMA))
5317 | (pCtl->BmDma.u8Status & BM_STATUS_DMAING)
5318 | (pCtl->BmDma.u8Status & ~val & (BM_STATUS_ERROR | BM_STATUS_INT));
5319}
5320
5321static uint32_t ataBMDMAAddrReadL(PATACONTROLLER pCtl, uint32_t addr)
5322{
5323 uint32_t val = (uint32_t)pCtl->BmDma.pvAddr;
5324 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5325 return val;
5326}
5327
5328static void ataBMDMAAddrWriteL(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5329{
5330 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5331 pCtl->BmDma.pvAddr = val & ~3;
5332}
5333
5334static void ataBMDMAAddrWriteLowWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5335{
5336 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5337 pCtl->BmDma.pvAddr = (pCtl->BmDma.pvAddr & 0xFFFF0000) | RT_LOWORD(val & ~3);
5338
5339}
5340
5341static void ataBMDMAAddrWriteHighWord(PATACONTROLLER pCtl, uint32_t addr, uint32_t val)
5342{
5343 Log2(("%s: addr=%#06x val=%#010x\n", __FUNCTION__, addr, val));
5344 pCtl->BmDma.pvAddr = (RT_LOWORD(val) << 16) | RT_LOWORD(pCtl->BmDma.pvAddr);
5345}
5346
5347#define VAL(port, size) ( ((port) & 7) | ((size) << 3) )
5348
5349/**
5350 * Port I/O Handler for bus master DMA IN operations.
5351 * @see FNIOMIOPORTIN for details.
5352 */
5353PDMBOTHCBDECL(int) ataBMDMAIOPortRead(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5354{
5355 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5356 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5357 PATACONTROLLER pCtl = &pThis->aCts[i];
5358 int rc;
5359
5360 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5361 if (rc != VINF_SUCCESS)
5362 return rc;
5363 switch (VAL(Port, cb))
5364 {
5365 case VAL(0, 1): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5366 case VAL(0, 2): *pu32 = ataBMDMACmdReadB(pCtl, Port); break;
5367 case VAL(2, 1): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5368 case VAL(2, 2): *pu32 = ataBMDMAStatusReadB(pCtl, Port); break;
5369 case VAL(4, 4): *pu32 = ataBMDMAAddrReadL(pCtl, Port); break;
5370 case VAL(0, 4):
5371 /* The SCO OpenServer tries to read 4 bytes starting from offset 0. */
5372 *pu32 = ataBMDMACmdReadB(pCtl, Port) | (ataBMDMAStatusReadB(pCtl, Port) << 16);
5373 break;
5374 default:
5375 AssertMsgFailed(("%s: Unsupported read from port %x size=%d\n", __FUNCTION__, Port, cb));
5376 PDMCritSectLeave(&pCtl->lock);
5377 return VERR_IOM_IOPORT_UNUSED;
5378 }
5379 PDMCritSectLeave(&pCtl->lock);
5380 return rc;
5381}
5382
5383/**
5384 * Port I/O Handler for bus master DMA OUT operations.
5385 * @see FNIOMIOPORTOUT for details.
5386 */
5387PDMBOTHCBDECL(int) ataBMDMAIOPortWrite(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5388{
5389 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5390 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5391 PATACONTROLLER pCtl = &pThis->aCts[i];
5392 int rc;
5393
5394 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5395 if (rc != VINF_SUCCESS)
5396 return rc;
5397 switch (VAL(Port, cb))
5398 {
5399 case VAL(0, 1):
5400#ifndef IN_RING3
5401 if (u32 & BM_CMD_START)
5402 {
5403 rc = VINF_IOM_HC_IOPORT_WRITE;
5404 break;
5405 }
5406#endif /* !IN_RING3 */
5407 ataBMDMACmdWriteB(pCtl, Port, u32);
5408 break;
5409 case VAL(2, 1): ataBMDMAStatusWriteB(pCtl, Port, u32); break;
5410 case VAL(4, 4): ataBMDMAAddrWriteL(pCtl, Port, u32); break;
5411 case VAL(4, 2): ataBMDMAAddrWriteLowWord(pCtl, Port, u32); break;
5412 case VAL(6, 2): ataBMDMAAddrWriteHighWord(pCtl, Port, u32); break;
5413 default: AssertMsgFailed(("%s: Unsupported write to port %x size=%d val=%x\n", __FUNCTION__, Port, cb, u32)); break;
5414 }
5415 PDMCritSectLeave(&pCtl->lock);
5416 return rc;
5417}
5418
5419#undef VAL
5420
5421#ifdef IN_RING3
5422
5423/**
5424 * Callback function for mapping an PCI I/O region.
5425 *
5426 * @return VBox status code.
5427 * @param pPciDev Pointer to PCI device. Use pPciDev->pDevIns to get the device instance.
5428 * @param iRegion The region number.
5429 * @param GCPhysAddress Physical address of the region. If iType is PCI_ADDRESS_SPACE_IO, this is an
5430 * I/O port, else it's a physical address.
5431 * This address is *NOT* relative to pci_mem_base like earlier!
5432 * @param enmType One of the PCI_ADDRESS_SPACE_* values.
5433 */
5434static DECLCALLBACK(int) ataBMDMAIORangeMap(PPCIDEVICE pPciDev, /*unsigned*/ int iRegion, RTGCPHYS GCPhysAddress, uint32_t cb, PCIADDRESSSPACE enmType)
5435{
5436 PCIATAState *pThis = PCIDEV_2_PCIATASTATE(pPciDev);
5437 int rc = VINF_SUCCESS;
5438 Assert(enmType == PCI_ADDRESS_SPACE_IO);
5439 Assert(iRegion == 4);
5440 AssertMsg(RT_ALIGN(GCPhysAddress, 8) == GCPhysAddress, ("Expected 8 byte alignment. GCPhysAddress=%#x\n", GCPhysAddress));
5441
5442 /* Register the port range. */
5443 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5444 {
5445 int rc2 = PDMDevHlpIOPortRegister(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5446 (RTHCPTR)i, ataBMDMAIOPortWrite, ataBMDMAIOPortRead, NULL, NULL, "ATA Bus Master DMA");
5447 AssertRC(rc2);
5448 if (rc2 < rc)
5449 rc = rc2;
5450
5451 if (pThis->fGCEnabled)
5452 {
5453 rc2 = PDMDevHlpIOPortRegisterRC(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5454 (RTGCPTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5455 AssertRC(rc2);
5456 if (rc2 < rc)
5457 rc = rc2;
5458 }
5459 if (pThis->fR0Enabled)
5460 {
5461 rc2 = PDMDevHlpIOPortRegisterR0(pPciDev->pDevIns, (RTIOPORT)GCPhysAddress + i * 8, 8,
5462 (RTR0PTR)i, "ataBMDMAIOPortWrite", "ataBMDMAIOPortRead", NULL, NULL, "ATA Bus Master DMA");
5463 AssertRC(rc2);
5464 if (rc2 < rc)
5465 rc = rc2;
5466 }
5467 }
5468 return rc;
5469}
5470
5471
5472/* -=-=-=-=-=- PCIATAState::IBase -=-=-=-=-=- */
5473
5474/**
5475 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5476 */
5477static DECLCALLBACK(void *) ataStatus_QueryInterface(PPDMIBASE pInterface, const char *pszIID)
5478{
5479 PCIATAState *pThis = PDMIBASE_2_PCIATASTATE(pInterface);
5480 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThis->IBase);
5481 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThis->ILeds);
5482 return NULL;
5483}
5484
5485
5486/* -=-=-=-=-=- PCIATAState::ILeds -=-=-=-=-=- */
5487
5488/**
5489 * Gets the pointer to the status LED of a unit.
5490 *
5491 * @returns VBox status code.
5492 * @param pInterface Pointer to the interface structure containing the called function pointer.
5493 * @param iLUN The unit which status LED we desire.
5494 * @param ppLed Where to store the LED pointer.
5495 */
5496static DECLCALLBACK(int) ataStatus_QueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
5497{
5498 PCIATAState *pThis = PDMILEDPORTS_2_PCIATASTATE(pInterface);
5499 if (iLUN < 4)
5500 {
5501 switch (iLUN)
5502 {
5503 case 0: *ppLed = &pThis->aCts[0].aIfs[0].Led; break;
5504 case 1: *ppLed = &pThis->aCts[0].aIfs[1].Led; break;
5505 case 2: *ppLed = &pThis->aCts[1].aIfs[0].Led; break;
5506 case 3: *ppLed = &pThis->aCts[1].aIfs[1].Led; break;
5507 }
5508 Assert((*ppLed)->u32Magic == PDMLED_MAGIC);
5509 return VINF_SUCCESS;
5510 }
5511 return VERR_PDM_LUN_NOT_FOUND;
5512}
5513
5514
5515/* -=-=-=-=-=- ATADevState::IBase -=-=-=-=-=- */
5516
5517/**
5518 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
5519 */
5520static DECLCALLBACK(void *) ataQueryInterface(PPDMIBASE pInterface, const char *pszIID)
5521{
5522 ATADevState *pIf = PDMIBASE_2_ATASTATE(pInterface);
5523 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pIf->IBase);
5524 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBLOCKPORT, &pIf->IPort);
5525 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIMOUNTNOTIFY, &pIf->IMountNotify);
5526 return NULL;
5527}
5528
5529
5530/* -=-=-=-=-=- ATADevState::IPort -=-=-=-=-=- */
5531
5532/**
5533 * @interface_method_impl{PDMIBLOCKPORT,pfnQueryDeviceLocation}
5534 */
5535static DECLCALLBACK(int) ataR3QueryDeviceLocation(PPDMIBLOCKPORT pInterface, const char **ppcszController,
5536 uint32_t *piInstance, uint32_t *piLUN)
5537{
5538 ATADevState *pIf = PDMIBLOCKPORT_2_ATASTATE(pInterface);
5539 PPDMDEVINS pDevIns = pIf->CTX_SUFF(pDevIns);
5540
5541 AssertPtrReturn(ppcszController, VERR_INVALID_POINTER);
5542 AssertPtrReturn(piInstance, VERR_INVALID_POINTER);
5543 AssertPtrReturn(piLUN, VERR_INVALID_POINTER);
5544
5545 *ppcszController = pDevIns->pReg->szName;
5546 *piInstance = pDevIns->iInstance;
5547 *piLUN = pIf->iLUN;
5548
5549 return VINF_SUCCESS;
5550}
5551#endif /* IN_RING3 */
5552
5553
5554/* -=-=-=-=-=- Wrappers -=-=-=-=-=- */
5555
5556/**
5557 * Port I/O Handler for primary port range OUT operations.
5558 * @see FNIOMIOPORTOUT for details.
5559 */
5560PDMBOTHCBDECL(int) ataIOPortWrite1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5561{
5562 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5563 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5564 PATACONTROLLER pCtl = &pThis->aCts[i];
5565 int rc = VINF_SUCCESS;
5566
5567 Assert(i < 2);
5568
5569 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5570 if (rc != VINF_SUCCESS)
5571 return rc;
5572 if (cb == 1)
5573 rc = ataIOPortWriteU8(pCtl, Port, u32);
5574 else if (Port == pCtl->IOPortBase1)
5575 {
5576 Assert(cb == 2 || cb == 4);
5577 rc = ataDataWrite(pCtl, Port, cb, (const uint8_t *)&u32);
5578 }
5579 else
5580 AssertMsgFailed(("ataIOPortWrite1: unsupported write to port %x val=%x size=%d\n", Port, u32, cb));
5581 PDMCritSectLeave(&pCtl->lock);
5582 return rc;
5583}
5584
5585
5586/**
5587 * Port I/O Handler for primary port range IN operations.
5588 * @see FNIOMIOPORTIN for details.
5589 */
5590PDMBOTHCBDECL(int) ataIOPortRead1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5591{
5592 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5593 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5594 PATACONTROLLER pCtl = &pThis->aCts[i];
5595 int rc = VINF_SUCCESS;
5596
5597 Assert(i < 2);
5598
5599 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5600 if (rc != VINF_SUCCESS)
5601 return rc;
5602 if (cb == 1)
5603 {
5604 rc = ataIOPortReadU8(pCtl, Port, pu32);
5605 }
5606 else if (Port == pCtl->IOPortBase1)
5607 {
5608 Assert(cb == 2 || cb == 4);
5609 rc = ataDataRead(pCtl, Port, cb, (uint8_t *)pu32);
5610 if (cb == 2)
5611 *pu32 &= 0xffff;
5612 }
5613 else
5614 {
5615 AssertMsgFailed(("ataIOPortRead1: unsupported read from port %x size=%d\n", Port, cb));
5616 rc = VERR_IOM_IOPORT_UNUSED;
5617 }
5618 PDMCritSectLeave(&pCtl->lock);
5619 return rc;
5620}
5621
5622#ifndef IN_RING0 /** @todo do this in ring-0 as well. */
5623/**
5624 * Port I/O Handler for primary port range IN string operations.
5625 * @see FNIOMIOPORTINSTRING for details.
5626 */
5627PDMBOTHCBDECL(int) ataIOPortReadStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrDst, PRTGCUINTREG pcTransfer, unsigned cb)
5628{
5629 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5630 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5631 PATACONTROLLER pCtl = &pThis->aCts[i];
5632 int rc = VINF_SUCCESS;
5633
5634 Assert(i < 2);
5635
5636 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5637 if (rc != VINF_SUCCESS)
5638 return rc;
5639 if (Port == pCtl->IOPortBase1)
5640 {
5641 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5642 RTGCPTR GCDst = *pGCPtrDst;
5643 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5644 Assert(cb == 2 || cb == 4);
5645
5646 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5647#ifndef IN_RING3
5648 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5649 if (!cTransAvailable)
5650 {
5651 PDMCritSectLeave(&pCtl->lock);
5652 return VINF_IOM_HC_IOPORT_READ;
5653 }
5654 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5655 cTransAvailable--;
5656#endif /* !IN_RING3 */
5657 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5658 * They are not performance-critical and generally shouldn't occur at all. */
5659 if (cTransAvailable > cTransfer)
5660 cTransAvailable = cTransfer;
5661 cbTransfer = cTransAvailable * cb;
5662
5663 rc = PGMPhysSimpleDirtyWriteGCPtr(PDMDevHlpGetVMCPU(pDevIns), GCDst, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, cbTransfer);
5664#ifndef IN_RING3
5665 /* Paranoia. */
5666 if (RT_FAILURE(rc))
5667 {
5668 PDMCritSectLeave(&pCtl->lock);
5669 AssertFailed();
5670 return VINF_IOM_HC_IOPORT_READ;
5671 }
5672#else
5673 Assert(rc == VINF_SUCCESS);
5674#endif
5675
5676 if (cbTransfer)
5677 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5678 s->iIOBufferPIODataStart += cbTransfer;
5679 *pGCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCDst + cbTransfer);
5680 *pcTransfer = cTransfer - cTransAvailable;
5681#ifdef IN_RING3
5682 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5683 ataPIOTransferFinish(pCtl, s);
5684#endif /* IN_RING3 */
5685 }
5686 PDMCritSectLeave(&pCtl->lock);
5687 return rc;
5688}
5689
5690
5691/**
5692 * Port I/O Handler for primary port range OUT string operations.
5693 * @see FNIOMIOPORTOUTSTRING for details.
5694 */
5695PDMBOTHCBDECL(int) ataIOPortWriteStr1(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, RTGCPTR *pGCPtrSrc, PRTGCUINTREG pcTransfer, unsigned cb)
5696{
5697 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5698 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5699 PATACONTROLLER pCtl = &pThis->aCts[i];
5700 int rc;
5701
5702 Assert(i < 2);
5703
5704 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5705 if (rc != VINF_SUCCESS)
5706 return rc;
5707 if (Port == pCtl->IOPortBase1)
5708 {
5709 uint32_t cTransAvailable, cTransfer = *pcTransfer, cbTransfer;
5710 RTGCPTR GCSrc = *pGCPtrSrc;
5711 ATADevState *s = &pCtl->aIfs[pCtl->iSelectedIf];
5712 Assert(cb == 2 || cb == 4);
5713
5714 cTransAvailable = (s->iIOBufferPIODataEnd - s->iIOBufferPIODataStart) / cb;
5715#ifndef IN_RING3
5716 /* Deal with the unlikely case where no data (or not enough for the read length operation) is available; go back to ring 3. */
5717 if (!cTransAvailable)
5718 {
5719 PDMCritSectLeave(&pCtl->lock);
5720 return VINF_IOM_HC_IOPORT_WRITE;
5721 }
5722 /* The last transfer unit cannot be handled in GC, as it involves thread communication. */
5723 cTransAvailable--;
5724#endif /* !IN_RING3 */
5725 /* Do not handle the dummy transfer stuff here, leave it to the single-word transfers.
5726 * They are not performance-critical and generally shouldn't occur at all. */
5727 if (cTransAvailable > cTransfer)
5728 cTransAvailable = cTransfer;
5729 cbTransfer = cTransAvailable * cb;
5730
5731 rc = PGMPhysSimpleReadGCPtr(PDMDevHlpGetVMCPU(pDevIns), s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart, GCSrc, cbTransfer);
5732#ifndef IN_RING3
5733 /* Paranoia. */
5734 if (RT_FAILURE(rc))
5735 {
5736 PDMCritSectLeave(&pCtl->lock);
5737 AssertFailed();
5738 return VINF_IOM_HC_IOPORT_WRITE;
5739 }
5740#else
5741 Assert(rc == VINF_SUCCESS);
5742#endif
5743
5744 if (cbTransfer)
5745 Log3(("%s: addr=%#x val=%.*Rhxs\n", __FUNCTION__, Port, cbTransfer, s->CTX_SUFF(pbIOBuffer) + s->iIOBufferPIODataStart));
5746 s->iIOBufferPIODataStart += cbTransfer;
5747 *pGCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCSrc + cbTransfer);
5748 *pcTransfer = cTransfer - cTransAvailable;
5749#ifdef IN_RING3
5750 if (s->iIOBufferPIODataStart >= s->iIOBufferPIODataEnd)
5751 ataPIOTransferFinish(pCtl, s);
5752#endif /* IN_RING3 */
5753 }
5754 PDMCritSectLeave(&pCtl->lock);
5755 return rc;
5756}
5757#endif /* !IN_RING0 */
5758
5759/**
5760 * Port I/O Handler for secondary port range OUT operations.
5761 * @see FNIOMIOPORTOUT for details.
5762 */
5763PDMBOTHCBDECL(int) ataIOPortWrite2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t u32, unsigned cb)
5764{
5765 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5766 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5767 PATACONTROLLER pCtl = &pThis->aCts[i];
5768 int rc;
5769
5770 Assert(i < 2);
5771
5772 if (cb != 1)
5773 return VINF_SUCCESS;
5774 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_WRITE);
5775 if (rc != VINF_SUCCESS)
5776 return rc;
5777 rc = ataControlWrite(pCtl, Port, u32);
5778 PDMCritSectLeave(&pCtl->lock);
5779 return rc;
5780}
5781
5782
5783/**
5784 * Port I/O Handler for secondary port range IN operations.
5785 * @see FNIOMIOPORTIN for details.
5786 */
5787PDMBOTHCBDECL(int) ataIOPortRead2(PPDMDEVINS pDevIns, void *pvUser, RTIOPORT Port, uint32_t *pu32, unsigned cb)
5788{
5789 uint32_t i = (uint32_t)(uintptr_t)pvUser;
5790 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5791 PATACONTROLLER pCtl = &pThis->aCts[i];
5792 int rc;
5793
5794 Assert(i < 2);
5795
5796 if (cb != 1)
5797 return VERR_IOM_IOPORT_UNUSED;
5798
5799 rc = PDMCritSectEnter(&pCtl->lock, VINF_IOM_HC_IOPORT_READ);
5800 if (rc != VINF_SUCCESS)
5801 return rc;
5802 *pu32 = ataStatusRead(pCtl, Port);
5803 PDMCritSectLeave(&pCtl->lock);
5804 return VINF_SUCCESS;
5805}
5806
5807#ifdef IN_RING3
5808
5809
5810DECLINLINE(void) ataRelocBuffer(PPDMDEVINS pDevIns, ATADevState *s)
5811{
5812 if (s->pbIOBufferR3)
5813 s->pbIOBufferRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), s->pbIOBufferR3);
5814}
5815
5816
5817/**
5818 * @copydoc FNPDMDEVRELOCATE
5819 */
5820static DECLCALLBACK(void) ataR3Relocate(PPDMDEVINS pDevIns, RTGCINTPTR offDelta)
5821{
5822 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5823
5824 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5825 {
5826 pThis->aCts[i].pDevInsRC += offDelta;
5827 pThis->aCts[i].aIfs[0].pDevInsRC += offDelta;
5828 pThis->aCts[i].aIfs[0].pControllerRC += offDelta;
5829 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[0]);
5830 pThis->aCts[i].aIfs[1].pDevInsRC += offDelta;
5831 pThis->aCts[i].aIfs[1].pControllerRC += offDelta;
5832 ataRelocBuffer(pDevIns, &pThis->aCts[i].aIfs[1]);
5833 }
5834}
5835
5836
5837/**
5838 * Destroy a driver instance.
5839 *
5840 * Most VM resources are freed by the VM. This callback is provided so that any non-VM
5841 * resources can be freed correctly.
5842 *
5843 * @param pDevIns The device instance data.
5844 */
5845static DECLCALLBACK(int) ataR3Destruct(PPDMDEVINS pDevIns)
5846{
5847 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5848 int rc;
5849
5850 Log(("ataR3Destruct\n"));
5851 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
5852
5853 /*
5854 * Tell the async I/O threads to terminate.
5855 */
5856 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5857 {
5858 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5859 {
5860 ASMAtomicWriteU32(&pThis->aCts[i].fShutdown, true);
5861 rc = RTSemEventSignal(pThis->aCts[i].AsyncIOSem);
5862 AssertRC(rc);
5863 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
5864 AssertRC(rc);
5865 }
5866 }
5867
5868 /*
5869 * Wait for the threads to terminate before destroying their resources.
5870 */
5871 for (unsigned i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5872 {
5873 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5874 {
5875 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 30000 /* 30 s*/, NULL);
5876 if (RT_SUCCESS(rc))
5877 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5878 else
5879 LogRel(("PIIX3 ATA Dtor: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x rc=%Rrc\n",
5880 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
5881 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand, rc));
5882 }
5883 }
5884
5885 /*
5886 * Free resources.
5887 */
5888 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
5889 {
5890 if (pThis->aCts[i].AsyncIORequestMutex != NIL_RTSEMMUTEX)
5891 {
5892 RTSemMutexDestroy(pThis->aCts[i].AsyncIORequestMutex);
5893 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
5894 }
5895 if (pThis->aCts[i].AsyncIOSem != NIL_RTSEMEVENT)
5896 {
5897 RTSemEventDestroy(pThis->aCts[i].AsyncIOSem);
5898 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
5899 }
5900 if (pThis->aCts[i].SuspendIOSem != NIL_RTSEMEVENT)
5901 {
5902 RTSemEventDestroy(pThis->aCts[i].SuspendIOSem);
5903 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
5904 }
5905
5906 /* try one final time */
5907 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
5908 {
5909 rc = RTThreadWait(pThis->aCts[i].AsyncIOThread, 1 /*ms*/, NULL);
5910 if (RT_SUCCESS(rc))
5911 {
5912 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
5913 LogRel(("PIIX3 ATA Dtor: Ctl#%u actually completed.\n", i));
5914 }
5915 }
5916 }
5917
5918 return VINF_SUCCESS;
5919}
5920
5921
5922/**
5923 * Detach notification.
5924 *
5925 * The DVD drive has been unplugged.
5926 *
5927 * @param pDevIns The device instance.
5928 * @param iLUN The logical unit which is being detached.
5929 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
5930 */
5931static DECLCALLBACK(void) ataR3Detach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
5932{
5933 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
5934 PATACONTROLLER pCtl;
5935 ATADevState *pIf;
5936 unsigned iController;
5937 unsigned iInterface;
5938
5939 AssertMsg(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
5940 ("PIIX3IDE: Device does not support hotplugging\n"));
5941
5942 /*
5943 * Locate the controller and stuff.
5944 */
5945 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
5946 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
5947 pCtl = &pThis->aCts[iController];
5948
5949 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
5950 pIf = &pCtl->aIfs[iInterface];
5951
5952 /*
5953 * Zero some important members.
5954 */
5955 pIf->pDrvBase = NULL;
5956 pIf->pDrvBlock = NULL;
5957 pIf->pDrvBlockBios = NULL;
5958 pIf->pDrvMount = NULL;
5959
5960 /*
5961 * In case there was a medium inserted.
5962 */
5963 ataMediumRemoved(pIf);
5964}
5965
5966
5967/**
5968 * Configure a LUN.
5969 *
5970 * @returns VBox status code.
5971 * @param pDevIns The device instance.
5972 * @param pIf The ATA unit state.
5973 */
5974static int ataConfigLun(PPDMDEVINS pDevIns, ATADevState *pIf)
5975{
5976 int rc = VINF_SUCCESS;
5977 PDMBLOCKTYPE enmType;
5978
5979 /*
5980 * Query Block, Bios and Mount interfaces.
5981 */
5982 pIf->pDrvBlock = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCK);
5983 if (!pIf->pDrvBlock)
5984 {
5985 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block interface!\n", pIf->iLUN));
5986 return VERR_PDM_MISSING_INTERFACE;
5987 }
5988
5989 /** @todo implement the BIOS invisible code path. */
5990 pIf->pDrvBlockBios = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIBLOCKBIOS);
5991 if (!pIf->pDrvBlockBios)
5992 {
5993 AssertMsgFailed(("Configuration error: LUN#%d hasn't a block BIOS interface!\n", pIf->iLUN));
5994 return VERR_PDM_MISSING_INTERFACE;
5995 }
5996 pIf->pDrvMount = PDMIBASE_QUERY_INTERFACE(pIf->pDrvBase, PDMIMOUNT);
5997
5998 /*
5999 * Validate type.
6000 */
6001 enmType = pIf->pDrvBlock->pfnGetType(pIf->pDrvBlock);
6002 if ( enmType != PDMBLOCKTYPE_CDROM
6003 && enmType != PDMBLOCKTYPE_DVD
6004 && enmType != PDMBLOCKTYPE_HARD_DISK)
6005 {
6006 AssertMsgFailed(("Configuration error: LUN#%d isn't a disk or cd/dvd-rom. enmType=%d\n", pIf->iLUN, enmType));
6007 return VERR_PDM_UNSUPPORTED_BLOCK_TYPE;
6008 }
6009 if ( ( enmType == PDMBLOCKTYPE_DVD
6010 || enmType == PDMBLOCKTYPE_CDROM)
6011 && !pIf->pDrvMount)
6012 {
6013 AssertMsgFailed(("Internal error: cdrom without a mountable interface, WTF???!\n"));
6014 return VERR_INTERNAL_ERROR;
6015 }
6016 pIf->fATAPI = enmType == PDMBLOCKTYPE_DVD || enmType == PDMBLOCKTYPE_CDROM;
6017 pIf->fATAPIPassthrough = pIf->fATAPI ? (pIf->pDrvBlock->pfnSendCmd != NULL) : false;
6018
6019 /*
6020 * Allocate I/O buffer.
6021 */
6022 PVM pVM = PDMDevHlpGetVM(pDevIns);
6023 if (pIf->cbIOBuffer)
6024 {
6025 /* Buffer is (probably) already allocated. Validate the fields,
6026 * because memory corruption can also overwrite pIf->cbIOBuffer. */
6027 if (pIf->fATAPI)
6028 AssertRelease(pIf->cbIOBuffer == _128K);
6029 else
6030 AssertRelease(pIf->cbIOBuffer == ATA_MAX_MULT_SECTORS * 512);
6031 Assert(pIf->pbIOBufferR3);
6032 Assert(pIf->pbIOBufferR0 == MMHyperR3ToR0(pVM, pIf->pbIOBufferR3));
6033 Assert(pIf->pbIOBufferRC == MMHyperR3ToRC(pVM, pIf->pbIOBufferR3));
6034 }
6035 else
6036 {
6037 if (pIf->fATAPI)
6038 pIf->cbIOBuffer = _128K;
6039 else
6040 pIf->cbIOBuffer = ATA_MAX_MULT_SECTORS * 512;
6041 Assert(!pIf->pbIOBufferR3);
6042 rc = MMR3HyperAllocOnceNoRel(pVM, pIf->cbIOBuffer, 0, MM_TAG_PDM_DEVICE_USER, (void **)&pIf->pbIOBufferR3);
6043 if (RT_FAILURE(rc))
6044 return VERR_NO_MEMORY;
6045 pIf->pbIOBufferR0 = MMHyperR3ToR0(pVM, pIf->pbIOBufferR3);
6046 pIf->pbIOBufferRC = MMHyperR3ToRC(pVM, pIf->pbIOBufferR3);
6047 }
6048
6049 /*
6050 * Init geometry (only for non-CD/DVD media).
6051 */
6052 if (pIf->fATAPI)
6053 {
6054 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 2048;
6055 pIf->PCHSGeometry.cCylinders = 0; /* dummy */
6056 pIf->PCHSGeometry.cHeads = 0; /* dummy */
6057 pIf->PCHSGeometry.cSectors = 0; /* dummy */
6058 LogRel(("PIIX3 ATA: LUN#%d: CD/DVD, total number of sectors %Ld, passthrough %s\n", pIf->iLUN, pIf->cTotalSectors, (pIf->fATAPIPassthrough ? "enabled" : "disabled")));
6059 }
6060 else
6061 {
6062 pIf->cTotalSectors = pIf->pDrvBlock->pfnGetSize(pIf->pDrvBlock) / 512;
6063 rc = pIf->pDrvBlockBios->pfnGetPCHSGeometry(pIf->pDrvBlockBios,
6064 &pIf->PCHSGeometry);
6065 if (rc == VERR_PDM_MEDIA_NOT_MOUNTED)
6066 {
6067 pIf->PCHSGeometry.cCylinders = 0;
6068 pIf->PCHSGeometry.cHeads = 16; /*??*/
6069 pIf->PCHSGeometry.cSectors = 63; /*??*/
6070 }
6071 else if (rc == VERR_PDM_GEOMETRY_NOT_SET)
6072 {
6073 pIf->PCHSGeometry.cCylinders = 0; /* autodetect marker */
6074 rc = VINF_SUCCESS;
6075 }
6076 AssertRC(rc);
6077
6078 if ( pIf->PCHSGeometry.cCylinders == 0
6079 || pIf->PCHSGeometry.cHeads == 0
6080 || pIf->PCHSGeometry.cSectors == 0
6081 )
6082 {
6083 uint64_t cCylinders = pIf->cTotalSectors / (16 * 63);
6084 pIf->PCHSGeometry.cCylinders = RT_MAX(RT_MIN(cCylinders, 16383), 1);
6085 pIf->PCHSGeometry.cHeads = 16;
6086 pIf->PCHSGeometry.cSectors = 63;
6087 /* Set the disk geometry information. Ignore errors. */
6088 pIf->pDrvBlockBios->pfnSetPCHSGeometry(pIf->pDrvBlockBios,
6089 &pIf->PCHSGeometry);
6090 rc = VINF_SUCCESS;
6091 }
6092 LogRel(("PIIX3 ATA: LUN#%d: disk, PCHS=%u/%u/%u, total number of sectors %Ld\n", pIf->iLUN, pIf->PCHSGeometry.cCylinders, pIf->PCHSGeometry.cHeads, pIf->PCHSGeometry.cSectors, pIf->cTotalSectors));
6093 }
6094 return rc;
6095}
6096
6097
6098/**
6099 * Attach command.
6100 *
6101 * This is called when we change block driver for the DVD drive.
6102 *
6103 * @returns VBox status code.
6104 * @param pDevIns The device instance.
6105 * @param iLUN The logical unit which is being detached.
6106 * @param fFlags Flags, combination of the PDMDEVATT_FLAGS_* \#defines.
6107 */
6108static DECLCALLBACK(int) ataR3Attach(PPDMDEVINS pDevIns, unsigned iLUN, uint32_t fFlags)
6109{
6110 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6111 PATACONTROLLER pCtl;
6112 ATADevState *pIf;
6113 int rc;
6114 unsigned iController;
6115 unsigned iInterface;
6116
6117 AssertMsgReturn(fFlags & PDM_TACH_FLAGS_NOT_HOT_PLUG,
6118 ("PIIX3IDE: Device does not support hotplugging\n"),
6119 VERR_INVALID_PARAMETER);
6120
6121 /*
6122 * Locate the controller and stuff.
6123 */
6124 iController = iLUN / RT_ELEMENTS(pThis->aCts[0].aIfs);
6125 AssertReleaseMsg(iController < RT_ELEMENTS(pThis->aCts), ("iController=%d iLUN=%d\n", iController, iLUN));
6126 pCtl = &pThis->aCts[iController];
6127
6128 iInterface = iLUN % RT_ELEMENTS(pThis->aCts[0].aIfs);
6129 pIf = &pCtl->aIfs[iInterface];
6130
6131 /* the usual paranoia */
6132 AssertRelease(!pIf->pDrvBase);
6133 AssertRelease(!pIf->pDrvBlock);
6134 Assert(ATADEVSTATE_2_CONTROLLER(pIf) == pCtl);
6135 Assert(pIf->iLUN == iLUN);
6136
6137 /*
6138 * Try attach the block device and get the interfaces,
6139 * required as well as optional.
6140 */
6141 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, NULL);
6142 if (RT_SUCCESS(rc))
6143 {
6144 rc = ataConfigLun(pDevIns, pIf);
6145 /*
6146 * In case there is a medium inserted.
6147 */
6148 ataMediumInserted(pIf);
6149 }
6150 else
6151 AssertMsgFailed(("Failed to attach LUN#%d. rc=%Rrc\n", pIf->iLUN, rc));
6152
6153 if (RT_FAILURE(rc))
6154 {
6155 pIf->pDrvBase = NULL;
6156 pIf->pDrvBlock = NULL;
6157 }
6158 return rc;
6159}
6160
6161
6162/**
6163 * Resume notification.
6164 *
6165 * @returns VBox status.
6166 * @param pDevIns The device instance data.
6167 */
6168static DECLCALLBACK(void) ataR3Resume(PPDMDEVINS pDevIns)
6169{
6170 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6171 int rc;
6172
6173 Log(("%s:\n", __FUNCTION__));
6174 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6175 {
6176 if (pThis->aCts[i].fRedo && pThis->aCts[i].fRedoIdle)
6177 {
6178 rc = RTSemEventSignal(pThis->aCts[i].SuspendIOSem);
6179 AssertRC(rc);
6180 }
6181 }
6182 return;
6183}
6184
6185
6186/**
6187 * Checks if all (both) the async I/O threads have quiesced.
6188 *
6189 * @returns true on success.
6190 * @returns false when one or more threads is still processing.
6191 * @param pThis Pointer to the instance data.
6192 */
6193static bool ataR3AllAsyncIOIsIdle(PPDMDEVINS pDevIns)
6194{
6195 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6196
6197 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6198 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6199 {
6200 bool fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6201 if (!fRc)
6202 {
6203 /* Make it signal PDM & itself when its done */
6204 RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6205 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6206 RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6207 fRc = ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/);
6208 if (!fRc)
6209 {
6210#if 0 /** @todo Need to do some time tracking here... */
6211 LogRel(("PIIX3 ATA: Ctl#%u is still executing, DevSel=%d AIOIf=%d CmdIf0=%#04x CmdIf1=%#04x\n",
6212 i, pThis->aCts[i].iSelectedIf, pThis->aCts[i].iAIOIf,
6213 pThis->aCts[i].aIfs[0].uATARegCommand, pThis->aCts[i].aIfs[1].uATARegCommand));
6214#endif
6215 return false;
6216 }
6217 }
6218 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6219 }
6220 return true;
6221}
6222
6223
6224/**
6225 * Callback employed by ataSuspend and ataR3PowerOff.
6226 *
6227 * @returns true if we've quiesced, false if we're still working.
6228 * @param pDevIns The device instance.
6229 */
6230static DECLCALLBACK(bool) ataR3IsAsyncSuspendOrPowerOffDone(PPDMDEVINS pDevIns)
6231{
6232 return ataR3AllAsyncIOIsIdle(pDevIns);
6233}
6234
6235
6236/**
6237 * Common worker for ataSuspend and ataR3PowerOff.
6238 */
6239static void ataR3SuspendOrPowerOff(PPDMDEVINS pDevIns)
6240{
6241 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6242 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncSuspendOrPowerOffDone);
6243}
6244
6245
6246/**
6247 * Power Off notification.
6248 *
6249 * @returns VBox status.
6250 * @param pDevIns The device instance data.
6251 */
6252static DECLCALLBACK(void) ataR3PowerOff(PPDMDEVINS pDevIns)
6253{
6254 Log(("%s:\n", __FUNCTION__));
6255 ataR3SuspendOrPowerOff(pDevIns);
6256}
6257
6258
6259/**
6260 * Suspend notification.
6261 *
6262 * @returns VBox status.
6263 * @param pDevIns The device instance data.
6264 */
6265static DECLCALLBACK(void) ataR3Suspend(PPDMDEVINS pDevIns)
6266{
6267 Log(("%s:\n", __FUNCTION__));
6268 ataR3SuspendOrPowerOff(pDevIns);
6269}
6270
6271
6272/**
6273 * Callback employed by ataR3Reset.
6274 *
6275 * @returns true if we've quiesced, false if we're still working.
6276 * @param pDevIns The device instance.
6277 */
6278static DECLCALLBACK(bool) ataR3IsAsyncResetDone(PPDMDEVINS pDevIns)
6279{
6280 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6281
6282 if (!ataR3AllAsyncIOIsIdle(pDevIns))
6283 return false;
6284
6285 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6286 {
6287 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6288 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6289 ataResetDevice(&pThis->aCts[i].aIfs[j]);
6290 PDMCritSectLeave(&pThis->aCts[i].lock);
6291 }
6292 return true;
6293}
6294
6295
6296/**
6297 * Common reset worker for ataR3Reset and ataR3Construct.
6298 *
6299 * @returns VBox status.
6300 * @param pDevIns The device instance data.
6301 * @param fConstruct Indicates who is calling.
6302 */
6303static int ataR3ResetCommon(PPDMDEVINS pDevIns, bool fConstruct)
6304{
6305 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6306
6307 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6308 {
6309 PDMCritSectEnter(&pThis->aCts[i].lock, VERR_INTERNAL_ERROR);
6310
6311 pThis->aCts[i].iSelectedIf = 0;
6312 pThis->aCts[i].iAIOIf = 0;
6313 pThis->aCts[i].BmDma.u8Cmd = 0;
6314 /* Report that both drives present on the bus are in DMA mode. This
6315 * pretends that there is a BIOS that has set it up. Normal reset
6316 * default is 0x00. */
6317 pThis->aCts[i].BmDma.u8Status = (pThis->aCts[i].aIfs[0].pDrvBase != NULL ? BM_STATUS_D0DMA : 0)
6318 | (pThis->aCts[i].aIfs[1].pDrvBase != NULL ? BM_STATUS_D1DMA : 0);
6319 pThis->aCts[i].BmDma.pvAddr = 0;
6320
6321 pThis->aCts[i].fReset = true;
6322 pThis->aCts[i].fRedo = false;
6323 pThis->aCts[i].fRedoIdle = false;
6324 ataAsyncIOClearRequests(&pThis->aCts[i]);
6325 Log2(("%s: Ctl#%d: message to async I/O thread, reset controller\n", __FUNCTION__, i));
6326 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetARequest);
6327 ataAsyncIOPutRequest(&pThis->aCts[i], &g_ataResetCRequest);
6328
6329 PDMCritSectLeave(&pThis->aCts[i].lock);
6330 }
6331
6332 int rcRet = VINF_SUCCESS;
6333 if (!fConstruct)
6334 {
6335 /*
6336 * Setup asynchronous notification completion if the requests haven't
6337 * completed yet.
6338 */
6339 if (!ataR3IsAsyncResetDone(pDevIns))
6340 PDMDevHlpSetAsyncNotification(pDevIns, ataR3IsAsyncResetDone);
6341 }
6342 else
6343 {
6344 /*
6345 * Wait for the requests for complete.
6346 *
6347 * Would be real nice if we could do it all from EMT(0) and not
6348 * involve the worker threads, then we could dispense with all the
6349 * waiting and semaphore ping-pong here...
6350 */
6351 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6352 {
6353 if (pThis->aCts[i].AsyncIOThread != NIL_RTTHREAD)
6354 {
6355 int rc = RTSemMutexRequest(pThis->aCts[i].AsyncIORequestMutex, RT_INDEFINITE_WAIT);
6356 AssertRC(rc);
6357
6358 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, true);
6359 rc = RTThreadUserReset(pThis->aCts[i].AsyncIOThread);
6360 AssertRC(rc);
6361
6362 rc = RTSemMutexRelease(pThis->aCts[i].AsyncIORequestMutex);
6363 AssertRC(rc);
6364
6365 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/))
6366 {
6367 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 30*1000 /*ms*/);
6368 if (RT_FAILURE(rc))
6369 rc = RTThreadUserWait(pThis->aCts[i].AsyncIOThread, 1000 /*ms*/);
6370 if (RT_FAILURE(rc))
6371 {
6372 AssertRC(rc);
6373 rcRet = rc;
6374 }
6375 }
6376 }
6377 ASMAtomicWriteBool(&pThis->aCts[i].fSignalIdle, false);
6378 }
6379 if (RT_SUCCESS(rcRet))
6380 {
6381 rcRet = ataR3IsAsyncResetDone(pDevIns) ? VINF_SUCCESS : VERR_INTERNAL_ERROR;
6382 AssertRC(rcRet);
6383 }
6384 }
6385 return rcRet;
6386}
6387
6388
6389/**
6390 * Reset notification.
6391 *
6392 * @param pDevIns The device instance data.
6393 */
6394static DECLCALLBACK(void) ataR3Reset(PPDMDEVINS pDevIns)
6395{
6396 ataR3ResetCommon(pDevIns, false /*fConstruct*/);
6397}
6398
6399
6400/**
6401 * Prepare state save and load operation.
6402 *
6403 * @returns VBox status code.
6404 * @param pDevIns Device instance of the device which registered the data unit.
6405 * @param pSSM SSM operation handle.
6406 */
6407static DECLCALLBACK(int) ataSaveLoadPrep(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6408{
6409 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6410
6411 /* sanity - the suspend notification will wait on the async stuff. */
6412 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6413 AssertLogRelMsgReturn(ataAsyncIOIsIdle(&pThis->aCts[i], false /*fStrict*/),
6414 ("i=%u\n", i),
6415 VERR_SSM_IDE_ASYNC_TIMEOUT);
6416 return VINF_SUCCESS;
6417}
6418
6419/**
6420 * @copydoc FNSSMDEVLIVEEXEC
6421 */
6422static DECLCALLBACK(int) ataLiveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uPass)
6423{
6424 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6425
6426 SSMR3PutU8(pSSM, pThis->u8Type);
6427 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6428 {
6429 SSMR3PutBool(pSSM, true); /* For controller enabled / disabled. */
6430 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6431 {
6432 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].pDrvBase != NULL);
6433 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szSerialNumber);
6434 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szFirmwareRevision);
6435 SSMR3PutStrZ(pSSM, pThis->aCts[i].aIfs[j].szModelNumber);
6436 }
6437 }
6438
6439 return VINF_SSM_DONT_CALL_AGAIN;
6440}
6441
6442
6443/**
6444 * @copydoc FNSSMDEVSAVEEXEC
6445 */
6446static DECLCALLBACK(int) ataSaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
6447{
6448 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6449
6450 ataLiveExec(pDevIns, pSSM, SSM_PASS_FINAL);
6451
6452 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6453 {
6454 SSMR3PutU8(pSSM, pThis->aCts[i].iSelectedIf);
6455 SSMR3PutU8(pSSM, pThis->aCts[i].iAIOIf);
6456 SSMR3PutU8(pSSM, pThis->aCts[i].uAsyncIOState);
6457 SSMR3PutBool(pSSM, pThis->aCts[i].fChainedTransfer);
6458 SSMR3PutBool(pSSM, pThis->aCts[i].fReset);
6459 SSMR3PutBool(pSSM, pThis->aCts[i].fRedo);
6460 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoIdle);
6461 SSMR3PutBool(pSSM, pThis->aCts[i].fRedoDMALastDesc);
6462 SSMR3PutMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6463 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pFirstDMADesc);
6464 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pLastDMADesc);
6465 SSMR3PutGCPhys32(pSSM, pThis->aCts[i].pRedoDMABuffer);
6466 SSMR3PutU32(pSSM, pThis->aCts[i].cbRedoDMABuffer);
6467
6468 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6469 {
6470 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fLBA48);
6471 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPI);
6472 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fIrqPending);
6473 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cMultSectors);
6474 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6475 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6476 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6477 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6478 SSMR3PutU64(pSSM, pThis->aCts[i].aIfs[j].cTotalSectors);
6479 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeature);
6480 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6481 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegError);
6482 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSector);
6483 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6484 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSector);
6485 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6486 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCyl);
6487 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6488 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCyl);
6489 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6490 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegSelect);
6491 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegStatus);
6492 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegCommand);
6493 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATARegDevCtl);
6494 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uATATransferMode);
6495 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].uTxDir);
6496 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iBeginTransfer);
6497 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].iSourceSink);
6498 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fDMA);
6499 SSMR3PutBool(pSSM, pThis->aCts[i].aIfs[j].fATAPITransfer);
6500 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbTotalTransfer);
6501 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6502 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferCur);
6503 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferEnd);
6504 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6505 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6506 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].iATAPILBA);
6507 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbATAPISector);
6508 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6509 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6510 SSMR3PutU8(pSSM, pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6511 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].MediaEventStatus);
6512 SSMR3PutMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6513 SSMR3PutU32(pSSM, pThis->aCts[i].aIfs[j].cbIOBuffer);
6514 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6515 SSMR3PutMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6516 else
6517 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6518 }
6519 }
6520
6521 return SSMR3PutU32(pSSM, ~0); /* sanity/terminator */
6522}
6523
6524/**
6525 * Converts the LUN number into a message string.
6526 */
6527static const char *ataStringifyLun(unsigned iLun)
6528{
6529 switch (iLun)
6530 {
6531 case 0: return "primary master";
6532 case 1: return "primary slave";
6533 case 2: return "secondary master";
6534 case 3: return "secondary slave";
6535 default: AssertFailedReturn("unknown lun");
6536 }
6537}
6538
6539/**
6540 * FNSSMDEVLOADEXEC
6541 */
6542static DECLCALLBACK(int) ataLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
6543{
6544 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6545 int rc;
6546 uint32_t u32;
6547
6548 if ( uVersion != ATA_SAVED_STATE_VERSION
6549 && uVersion != ATA_SAVED_STATE_VERSION_VBOX_30
6550 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE
6551 && uVersion != ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS
6552 && uVersion != ATA_SAVED_STATE_VERSION_WITH_BOOL_TYPE)
6553 {
6554 AssertMsgFailed(("uVersion=%d\n", uVersion));
6555 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
6556 }
6557
6558 /*
6559 * Verify the configuration.
6560 */
6561 if (uVersion > ATA_SAVED_STATE_VERSION_VBOX_30)
6562 {
6563 uint8_t u8Type;
6564 rc = SSMR3GetU8(pSSM, &u8Type);
6565 AssertRCReturn(rc, rc);
6566 if (u8Type != pThis->u8Type)
6567 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Config mismatch: u8Type - saved=%u config=%u"), u8Type, pThis->u8Type);
6568
6569 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6570 {
6571 bool fEnabled;
6572 rc = SSMR3GetBool(pSSM, &fEnabled);
6573 AssertRCReturn(rc, rc);
6574 if (!fEnabled)
6575 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Ctr#%u onfig mismatch: fEnabled != true"), i);
6576
6577 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6578 {
6579 ATADevState const *pIf = &pThis->aCts[i].aIfs[j];
6580
6581 bool fInUse;
6582 rc = SSMR3GetBool(pSSM, &fInUse);
6583 AssertRCReturn(rc, rc);
6584 if (fInUse != (pIf->pDrvBase != NULL))
6585 return SSMR3SetCfgError(pSSM, RT_SRC_POS,
6586 N_("The %s VM is missing a %s device. Please make sure the source and target VMs have compatible storage configurations"),
6587 fInUse ? "target" : "source", ataStringifyLun(pIf->iLUN) );
6588
6589 char szSerialNumber[ATA_SERIAL_NUMBER_LENGTH+1];
6590 rc = SSMR3GetStrZ(pSSM, szSerialNumber, sizeof(szSerialNumber));
6591 AssertRCReturn(rc, rc);
6592 if (strcmp(szSerialNumber, pIf->szSerialNumber))
6593 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Serial number - saved='%s' config='%s'\n",
6594 pIf->iLUN, szSerialNumber, pIf->szSerialNumber));
6595
6596 char szFirmwareRevision[ATA_FIRMWARE_REVISION_LENGTH+1];
6597 rc = SSMR3GetStrZ(pSSM, szFirmwareRevision, sizeof(szFirmwareRevision));
6598 AssertRCReturn(rc, rc);
6599 if (strcmp(szFirmwareRevision, pIf->szFirmwareRevision))
6600 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Firmware revision - saved='%s' config='%s'\n",
6601 pIf->iLUN, szFirmwareRevision, pIf->szFirmwareRevision));
6602
6603 char szModelNumber[ATA_MODEL_NUMBER_LENGTH+1];
6604 rc = SSMR3GetStrZ(pSSM, szModelNumber, sizeof(szModelNumber));
6605 AssertRCReturn(rc, rc);
6606 if (strcmp(szModelNumber, pIf->szModelNumber))
6607 LogRel(("PIIX3 ATA: LUN#%u config mismatch: Model number - saved='%s' config='%s'\n",
6608 pIf->iLUN, szModelNumber, pIf->szModelNumber));
6609 }
6610 }
6611 }
6612 if (uPass != SSM_PASS_FINAL)
6613 return VINF_SUCCESS;
6614
6615 /*
6616 * Restore valid parts of the PCIATAState structure
6617 */
6618 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6619 {
6620 /* integrity check */
6621 if (!ataAsyncIOIsIdle(&pThis->aCts[i], false))
6622 {
6623 AssertMsgFailed(("Async I/O for controller %d is active\n", i));
6624 return VERR_INTERNAL_ERROR_4;
6625 }
6626
6627 SSMR3GetU8(pSSM, &pThis->aCts[i].iSelectedIf);
6628 SSMR3GetU8(pSSM, &pThis->aCts[i].iAIOIf);
6629 SSMR3GetU8(pSSM, &pThis->aCts[i].uAsyncIOState);
6630 SSMR3GetBool(pSSM, &pThis->aCts[i].fChainedTransfer);
6631 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fReset);
6632 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedo);
6633 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoIdle);
6634 SSMR3GetBool(pSSM, (bool *)&pThis->aCts[i].fRedoDMALastDesc);
6635 SSMR3GetMem(pSSM, &pThis->aCts[i].BmDma, sizeof(pThis->aCts[i].BmDma));
6636 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pFirstDMADesc);
6637 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pLastDMADesc);
6638 SSMR3GetGCPhys32(pSSM, &pThis->aCts[i].pRedoDMABuffer);
6639 SSMR3GetU32(pSSM, &pThis->aCts[i].cbRedoDMABuffer);
6640
6641 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6642 {
6643 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fLBA48);
6644 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPI);
6645 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fIrqPending);
6646 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cMultSectors);
6647 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cCylinders);
6648 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cHeads);
6649 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].PCHSGeometry.cSectors);
6650 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cSectorsPerIRQ);
6651 SSMR3GetU64(pSSM, &pThis->aCts[i].aIfs[j].cTotalSectors);
6652 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeature);
6653 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegFeatureHOB);
6654 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegError);
6655 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSector);
6656 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegNSectorHOB);
6657 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSector);
6658 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSectorHOB);
6659 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCyl);
6660 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegLCylHOB);
6661 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCyl);
6662 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegHCylHOB);
6663 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegSelect);
6664 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegStatus);
6665 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegCommand);
6666 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATARegDevCtl);
6667 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uATATransferMode);
6668 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].uTxDir);
6669 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iBeginTransfer);
6670 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].iSourceSink);
6671 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fDMA);
6672 SSMR3GetBool(pSSM, &pThis->aCts[i].aIfs[j].fATAPITransfer);
6673 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbTotalTransfer);
6674 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbElementaryTransfer);
6675 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferCur);
6676 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferEnd);
6677 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataStart);
6678 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iIOBufferPIODataEnd);
6679 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].iATAPILBA);
6680 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbATAPISector);
6681 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].aATAPICmd, sizeof(pThis->aCts[i].aIfs[j].aATAPICmd));
6682 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_FULL_SENSE)
6683 {
6684 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].abATAPISense, sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6685 }
6686 else
6687 {
6688 uint8_t uATAPISenseKey, uATAPIASC;
6689 memset(pThis->aCts[i].aIfs[j].abATAPISense, '\0', sizeof(pThis->aCts[i].aIfs[j].abATAPISense));
6690 pThis->aCts[i].aIfs[j].abATAPISense[0] = 0x70 | (1 << 7);
6691 pThis->aCts[i].aIfs[j].abATAPISense[7] = 10;
6692 SSMR3GetU8(pSSM, &uATAPISenseKey);
6693 SSMR3GetU8(pSSM, &uATAPIASC);
6694 pThis->aCts[i].aIfs[j].abATAPISense[2] = uATAPISenseKey & 0x0f;
6695 pThis->aCts[i].aIfs[j].abATAPISense[12] = uATAPIASC;
6696 }
6697 /** @todo triple-check this hack after passthrough is working */
6698 SSMR3GetU8(pSSM, &pThis->aCts[i].aIfs[j].cNotifiedMediaChange);
6699 if (uVersion > ATA_SAVED_STATE_VERSION_WITHOUT_EVENT_STATUS)
6700 SSMR3GetU32(pSSM, (uint32_t*)&pThis->aCts[i].aIfs[j].MediaEventStatus);
6701 else
6702 pThis->aCts[i].aIfs[j].MediaEventStatus = ATA_EVENT_STATUS_UNCHANGED;
6703 SSMR3GetMem(pSSM, &pThis->aCts[i].aIfs[j].Led, sizeof(pThis->aCts[i].aIfs[j].Led));
6704 SSMR3GetU32(pSSM, &pThis->aCts[i].aIfs[j].cbIOBuffer);
6705 if (pThis->aCts[i].aIfs[j].cbIOBuffer)
6706 {
6707 if (pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer))
6708 SSMR3GetMem(pSSM, pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer), pThis->aCts[i].aIfs[j].cbIOBuffer);
6709 else
6710 {
6711 LogRel(("ATA: No buffer for %d/%d\n", i, j));
6712 if (SSMR3HandleGetAfter(pSSM) != SSMAFTER_DEBUG_IT)
6713 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("No buffer for %d/%d"), i, j);
6714
6715 /* skip the buffer if we're loading for the debugger / animator. */
6716 uint8_t u8Ignored;
6717 size_t cbLeft = pThis->aCts[i].aIfs[j].cbIOBuffer;
6718 while (cbLeft-- > 0)
6719 SSMR3GetU8(pSSM, &u8Ignored);
6720 }
6721 }
6722 else
6723 Assert(pThis->aCts[i].aIfs[j].CTX_SUFF(pbIOBuffer) == NULL);
6724 }
6725 }
6726 if (uVersion <= ATA_SAVED_STATE_VERSION_VBOX_30)
6727 SSMR3GetU8(pSSM, &pThis->u8Type);
6728
6729 rc = SSMR3GetU32(pSSM, &u32);
6730 if (RT_FAILURE(rc))
6731 return rc;
6732 if (u32 != ~0U)
6733 {
6734 AssertMsgFailed(("u32=%#x expected ~0\n", u32));
6735 rc = VERR_SSM_DATA_UNIT_FORMAT_CHANGED;
6736 return rc;
6737 }
6738
6739 return VINF_SUCCESS;
6740}
6741
6742/**
6743 * Convert config value to DEVPCBIOSBOOT.
6744 *
6745 * @returns VBox status code.
6746 * @param pDevIns The device instance data.
6747 * @param pCfg Configuration handle.
6748 * @param penmChipset Where to store the chipset type.
6749 */
6750static int ataControllerFromCfg(PPDMDEVINS pDevIns, PCFGMNODE pCfg, CHIPSET *penmChipset)
6751{
6752 char szType[20];
6753
6754 int rc = CFGMR3QueryStringDef(pCfg, "Type", &szType[0], sizeof(szType), "PIIX4");
6755 if (RT_FAILURE(rc))
6756 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6757 N_("Configuration error: Querying \"Type\" as a string failed"));
6758 if (!strcmp(szType, "PIIX3"))
6759 *penmChipset = CHIPSET_PIIX3;
6760 else if (!strcmp(szType, "PIIX4"))
6761 *penmChipset = CHIPSET_PIIX4;
6762 else if (!strcmp(szType, "ICH6"))
6763 *penmChipset = CHIPSET_ICH6;
6764 else
6765 {
6766 PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
6767 N_("Configuration error: The \"Type\" value \"%s\" is unknown"),
6768 szType);
6769 rc = VERR_INTERNAL_ERROR;
6770 }
6771 return rc;
6772}
6773
6774
6775/**
6776 * @interface_method_impl{PDMDEVREG,pfnConstruct}
6777 */
6778static DECLCALLBACK(int) ataR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
6779{
6780 PCIATAState *pThis = PDMINS_2_DATA(pDevIns, PCIATAState *);
6781 PPDMIBASE pBase;
6782 int rc;
6783 bool fGCEnabled;
6784 bool fR0Enabled;
6785 uint32_t DelayIRQMillies;
6786
6787 Assert(iInstance == 0);
6788 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
6789
6790 /*
6791 * Initialize NIL handle values (for the destructor).
6792 */
6793 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6794 {
6795 pThis->aCts[i].AsyncIOSem = NIL_RTSEMEVENT;
6796 pThis->aCts[i].SuspendIOSem = NIL_RTSEMEVENT;
6797 pThis->aCts[i].AsyncIORequestMutex = NIL_RTSEMMUTEX;
6798 pThis->aCts[i].AsyncIOThread = NIL_RTTHREAD;
6799 }
6800
6801 /*
6802 * Validate and read configuration.
6803 */
6804 if (!CFGMR3AreValuesValid(pCfg,
6805 "GCEnabled\0"
6806 "R0Enabled\0"
6807 "IRQDelay\0"
6808 "Type\0")
6809 /** @todo || invalid keys */)
6810 return PDMDEV_SET_ERROR(pDevIns, VERR_PDM_DEVINS_UNKNOWN_CFG_VALUES,
6811 N_("PIIX3 configuration error: unknown option specified"));
6812
6813 rc = CFGMR3QueryBoolDef(pCfg, "GCEnabled", &fGCEnabled, true);
6814 if (RT_FAILURE(rc))
6815 return PDMDEV_SET_ERROR(pDevIns, rc,
6816 N_("PIIX3 configuration error: failed to read GCEnabled as boolean"));
6817 Log(("%s: fGCEnabled=%d\n", __FUNCTION__, fGCEnabled));
6818
6819 rc = CFGMR3QueryBoolDef(pCfg, "R0Enabled", &fR0Enabled, true);
6820 if (RT_FAILURE(rc))
6821 return PDMDEV_SET_ERROR(pDevIns, rc,
6822 N_("PIIX3 configuration error: failed to read R0Enabled as boolean"));
6823 Log(("%s: fR0Enabled=%d\n", __FUNCTION__, fR0Enabled));
6824
6825 rc = CFGMR3QueryU32Def(pCfg, "IRQDelay", &DelayIRQMillies, 0);
6826 if (RT_FAILURE(rc))
6827 return PDMDEV_SET_ERROR(pDevIns, rc,
6828 N_("PIIX3 configuration error: failed to read IRQDelay as integer"));
6829 Log(("%s: DelayIRQMillies=%d\n", __FUNCTION__, DelayIRQMillies));
6830 Assert(DelayIRQMillies < 50);
6831
6832 CHIPSET enmChipset = CHIPSET_PIIX3;
6833 rc = ataControllerFromCfg(pDevIns, pCfg, &enmChipset);
6834 if (RT_FAILURE(rc))
6835 return rc;
6836 pThis->u8Type = (uint8_t)enmChipset;
6837
6838 /*
6839 * Initialize data (most of it anyway).
6840 */
6841 /* Status LUN. */
6842 pThis->IBase.pfnQueryInterface = ataStatus_QueryInterface;
6843 pThis->ILeds.pfnQueryStatusLed = ataStatus_QueryStatusLed;
6844
6845 /* PCI configuration space. */
6846 PCIDevSetVendorId(&pThis->dev, 0x8086); /* Intel */
6847
6848 /*
6849 * When adding more IDE chipsets, don't forget to update pci_bios_init_device()
6850 * as it explicitly checks for PCI id for IDE controllers.
6851 */
6852 switch (pThis->u8Type)
6853 {
6854 case CHIPSET_ICH6:
6855 PCIDevSetDeviceId(&pThis->dev, 0x269e); /* ICH6 IDE */
6856 /** @todo: do we need it? Do we need anything else? */
6857 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6858 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6859 pThis->dev.config[0x4B] = 0x00;
6860 {
6861 /*
6862 * See www.intel.com/Assets/PDF/manual/298600.pdf p. 30
6863 * Report
6864 * WR_Ping-Pong_EN: must be set
6865 * PCR0, PCR1: 80-pin primary cable reporting for both disks
6866 * SCR0, SCR1: 80-pin secondary cable reporting for both disks
6867 */
6868 uint16_t u16Config = (1<<10) | (1<<7) | (1<<6) | (1<<5) | (1<<4) ;
6869 pThis->dev.config[0x54] = u16Config & 0xff;
6870 pThis->dev.config[0x55] = u16Config >> 8;
6871 }
6872 break;
6873 case CHIPSET_PIIX4:
6874 PCIDevSetDeviceId(&pThis->dev, 0x7111); /* PIIX4 IDE */
6875 PCIDevSetRevisionId(&pThis->dev, 0x01); /* PIIX4E */
6876 pThis->dev.config[0x48] = 0x00; /* UDMACTL */
6877 pThis->dev.config[0x4A] = 0x00; /* UDMATIM */
6878 pThis->dev.config[0x4B] = 0x00;
6879 break;
6880 case CHIPSET_PIIX3:
6881 PCIDevSetDeviceId(&pThis->dev, 0x7010); /* PIIX3 IDE */
6882 break;
6883 default:
6884 AssertMsgFailed(("Unsupported IDE chipset type: %d\n", pThis->u8Type));
6885 }
6886
6887 PCIDevSetCommand( &pThis->dev, PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS | PCI_COMMAND_BUSMASTER);
6888 PCIDevSetClassProg( &pThis->dev, 0x8a); /* programming interface = PCI_IDE bus master is supported */
6889 PCIDevSetClassSub( &pThis->dev, 0x01); /* class_sub = PCI_IDE */
6890 PCIDevSetClassBase( &pThis->dev, 0x01); /* class_base = PCI_mass_storage */
6891 PCIDevSetHeaderType(&pThis->dev, 0x00);
6892
6893 pThis->pDevIns = pDevIns;
6894 pThis->fGCEnabled = fGCEnabled;
6895 pThis->fR0Enabled = fR0Enabled;
6896 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6897 {
6898 pThis->aCts[i].pDevInsR3 = pDevIns;
6899 pThis->aCts[i].pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6900 pThis->aCts[i].pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6901 pThis->aCts[i].DelayIRQMillies = (uint32_t)DelayIRQMillies;
6902 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6903 {
6904 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6905
6906 pIf->iLUN = i * RT_ELEMENTS(pThis->aCts) + j;
6907 pIf->pDevInsR3 = pDevIns;
6908 pIf->pDevInsR0 = PDMDEVINS_2_R0PTR(pDevIns);
6909 pIf->pDevInsRC = PDMDEVINS_2_RCPTR(pDevIns);
6910 pIf->pControllerR3 = &pThis->aCts[i];
6911 pIf->pControllerR0 = MMHyperR3ToR0(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6912 pIf->pControllerRC = MMHyperR3ToRC(PDMDevHlpGetVM(pDevIns), &pThis->aCts[i]);
6913 pIf->IBase.pfnQueryInterface = ataQueryInterface;
6914 pIf->IMountNotify.pfnMountNotify = ataMountNotify;
6915 pIf->IMountNotify.pfnUnmountNotify = ataUnmountNotify;
6916 pIf->IPort.pfnQueryDeviceLocation = ataR3QueryDeviceLocation;
6917 pIf->Led.u32Magic = PDMLED_MAGIC;
6918 }
6919 }
6920
6921 Assert(RT_ELEMENTS(pThis->aCts) == 2);
6922 pThis->aCts[0].irq = 14;
6923 pThis->aCts[0].IOPortBase1 = 0x1f0;
6924 pThis->aCts[0].IOPortBase2 = 0x3f6;
6925 pThis->aCts[1].irq = 15;
6926 pThis->aCts[1].IOPortBase1 = 0x170;
6927 pThis->aCts[1].IOPortBase2 = 0x376;
6928
6929 /*
6930 * Register the PCI device.
6931 * N.B. There's a hack in the PIIX3 PCI bridge device to assign this
6932 * device the slot next to itself.
6933 */
6934 rc = PDMDevHlpPCIRegister(pDevIns, &pThis->dev);
6935 if (RT_FAILURE(rc))
6936 return PDMDEV_SET_ERROR(pDevIns, rc,
6937 N_("PIIX3 cannot register PCI device"));
6938 //AssertMsg(pThis->dev.devfn == 9 || iInstance != 0, ("pThis->dev.devfn=%d\n", pThis->dev.devfn));
6939 rc = PDMDevHlpPCIIORegionRegister(pDevIns, 4, 0x10, PCI_ADDRESS_SPACE_IO, ataBMDMAIORangeMap);
6940 if (RT_FAILURE(rc))
6941 return PDMDEV_SET_ERROR(pDevIns, rc,
6942 N_("PIIX3 cannot register PCI I/O region for BMDMA"));
6943
6944 /*
6945 * Register the I/O ports.
6946 * The ports are all hardcoded and enforced by the PIIX3 host bridge controller.
6947 */
6948 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
6949 {
6950 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTHCPTR)i,
6951 ataIOPortWrite1, ataIOPortRead1, ataIOPortWriteStr1, ataIOPortReadStr1, "ATA I/O Base 1");
6952 if (RT_FAILURE(rc))
6953 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers"));
6954
6955 if (fGCEnabled)
6956 {
6957 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTGCPTR)i,
6958 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6959 if (RT_FAILURE(rc))
6960 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register I/O handlers (GC)"));
6961 }
6962
6963 if (fR0Enabled)
6964 {
6965#if 1
6966 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6967 "ataIOPortWrite1", "ataIOPortRead1", NULL, NULL, "ATA I/O Base 1");
6968#else
6969 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase1, 8, (RTR0PTR)i,
6970 "ataIOPortWrite1", "ataIOPortRead1", "ataIOPortWriteStr1", "ataIOPortReadStr1", "ATA I/O Base 1");
6971#endif
6972 if (RT_FAILURE(rc))
6973 return PDMDEV_SET_ERROR(pDevIns, rc, "PIIX3 cannot register I/O handlers (R0).");
6974 }
6975
6976 rc = PDMDevHlpIOPortRegister(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTHCPTR)i,
6977 ataIOPortWrite2, ataIOPortRead2, NULL, NULL, "ATA I/O Base 2");
6978 if (RT_FAILURE(rc))
6979 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers"));
6980
6981 if (fGCEnabled)
6982 {
6983 rc = PDMDevHlpIOPortRegisterRC(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTGCPTR)i,
6984 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6985 if (RT_FAILURE(rc))
6986 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (GC)"));
6987 }
6988 if (fR0Enabled)
6989 {
6990 rc = PDMDevHlpIOPortRegisterR0(pDevIns, pThis->aCts[i].IOPortBase2, 1, (RTR0PTR)i,
6991 "ataIOPortWrite2", "ataIOPortRead2", NULL, NULL, "ATA I/O Base 2");
6992 if (RT_FAILURE(rc))
6993 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register base2 I/O handlers (R0)"));
6994 }
6995
6996 for (uint32_t j = 0; j < RT_ELEMENTS(pThis->aCts[i].aIfs); j++)
6997 {
6998 ATADevState *pIf = &pThis->aCts[i].aIfs[j];
6999 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATADMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7000 "Number of ATA DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/DMA", iInstance, i, j);
7001 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7002 "Number of ATA PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/PIO", iInstance, i, j);
7003 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIDMA, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7004 "Number of ATAPI DMA transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiDMA", iInstance, i, j);
7005 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatATAPIPIO, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7006 "Number of ATAPI PIO transfers.", "/Devices/IDE%d/ATA%d/Unit%d/AtapiPIO", iInstance, i, j);
7007#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7008 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatReads, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7009 "Profiling of the read operations.", "/Devices/IDE%d/ATA%d/Unit%d/Reads", iInstance, i, j);
7010#endif
7011 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesRead, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7012 "Amount of data read.", "/Devices/IDE%d/ATA%d/Unit%d/ReadBytes", iInstance, i, j);
7013#ifdef VBOX_INSTRUMENT_DMA_WRITES
7014 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatInstrVDWrites,STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7015 "Profiling of the VD DMA write operations.", "/Devices/IDE%d/ATA%d/Unit%d/InstrVDWrites", iInstance, i, j);
7016#endif
7017#ifdef VBOX_WITH_STATISTICS
7018 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatWrites, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7019 "Profiling of the write operations.", "/Devices/IDE%d/ATA%d/Unit%d/Writes", iInstance, i, j);
7020#endif
7021 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatBytesWritten, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
7022 "Amount of data written.", "/Devices/IDE%d/ATA%d/Unit%d/WrittenBytes", iInstance, i, j);
7023#ifdef VBOX_WITH_STATISTICS
7024 PDMDevHlpSTAMRegisterF(pDevIns, &pIf->StatFlushes, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7025 "Profiling of the flush operations.", "/Devices/IDE%d/ATA%d/Unit%d/Flushes", iInstance, i, j);
7026#endif
7027 }
7028#ifdef VBOX_WITH_STATISTICS /** @todo release too. */
7029 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncOps, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
7030 "The number of async operations.", "/Devices/IDE%d/ATA%d/Async/Operations", iInstance, i);
7031 /** @todo STAMUNIT_MICROSECS */
7032 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMinWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7033 "Minimum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MinWait", iInstance, i);
7034 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncMaxWait, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7035 "Maximum wait in microseconds.", "/Devices/IDE%d/ATA%d/Async/MaxWait", iInstance, i);
7036 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTimeUS, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
7037 "Total time spent in microseconds.", "/Devices/IDE%d/ATA%d/Async/TotalTimeUS", iInstance, i);
7038 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatAsyncTime, STAMTYPE_PROFILE_ADV, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7039 "Profiling of async operations.", "/Devices/IDE%d/ATA%d/Async/Time", iInstance, i);
7040 PDMDevHlpSTAMRegisterF(pDevIns, &pThis->aCts[i].StatLockWait, STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
7041 "Profiling of locks.", "/Devices/IDE%d/ATA%d/Async/LockWait", iInstance, i);
7042#endif /* VBOX_WITH_STATISTICS */
7043
7044 /* Initialize per-controller critical section */
7045 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->aCts[i].lock, RT_SRC_POS, "ATA%u", i);
7046 if (RT_FAILURE(rc))
7047 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot initialize critical section"));
7048 }
7049
7050 /*
7051 * Attach status driver (optional).
7052 */
7053 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThis->IBase, &pBase, "Status Port");
7054 if (RT_SUCCESS(rc))
7055 pThis->pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
7056 else if (rc != VERR_PDM_NO_ATTACHED_DRIVER)
7057 {
7058 AssertMsgFailed(("Failed to attach to status driver. rc=%Rrc\n", rc));
7059 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot attach to status driver"));
7060 }
7061
7062 /*
7063 * Attach the units.
7064 */
7065 uint32_t cbTotalBuffer = 0;
7066 for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aCts); i++)
7067 {
7068 PATACONTROLLER pCtl = &pThis->aCts[i];
7069
7070 /*
7071 * Start the worker thread.
7072 */
7073 pCtl->uAsyncIOState = ATA_AIO_NEW;
7074 rc = RTSemEventCreate(&pCtl->AsyncIOSem);
7075 AssertLogRelRCReturn(rc, rc);
7076 rc = RTSemEventCreate(&pCtl->SuspendIOSem);
7077 AssertLogRelRCReturn(rc, rc);
7078 rc = RTSemMutexCreate(&pCtl->AsyncIORequestMutex);
7079 AssertLogRelRCReturn(rc, rc);
7080 ataAsyncIOClearRequests(pCtl);
7081 rc = RTThreadCreateF(&pCtl->AsyncIOThread, ataAsyncIOLoop, (void *)pCtl, 128*1024 /*cbStack*/,
7082 RTTHREADTYPE_IO, RTTHREADFLAGS_WAITABLE, "ATA-%u", i);
7083 AssertLogRelRCReturn(rc, rc);
7084 Assert(pCtl->AsyncIOThread != NIL_RTTHREAD && pCtl->AsyncIOSem != NIL_RTSEMEVENT && pCtl->SuspendIOSem != NIL_RTSEMEVENT && pCtl->AsyncIORequestMutex != NIL_RTSEMMUTEX);
7085 Log(("%s: controller %d AIO thread id %#x; sem %p susp_sem %p mutex %p\n", __FUNCTION__, i, pCtl->AsyncIOThread, pCtl->AsyncIOSem, pCtl->SuspendIOSem, pCtl->AsyncIORequestMutex));
7086
7087 for (uint32_t j = 0; j < RT_ELEMENTS(pCtl->aIfs); j++)
7088 {
7089 static const char *s_apszDescs[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7090 {
7091 { "Primary Master", "Primary Slave" },
7092 { "Secondary Master", "Secondary Slave" }
7093 };
7094
7095 /*
7096 * Try attach the block device and get the interfaces,
7097 * required as well as optional.
7098 */
7099 ATADevState *pIf = &pCtl->aIfs[j];
7100
7101 rc = PDMDevHlpDriverAttach(pDevIns, pIf->iLUN, &pIf->IBase, &pIf->pDrvBase, s_apszDescs[i][j]);
7102 if (RT_SUCCESS(rc))
7103 {
7104 rc = ataConfigLun(pDevIns, pIf);
7105 if (RT_SUCCESS(rc))
7106 {
7107 /*
7108 * Init vendor product data.
7109 */
7110 static const char *s_apszCFGMKeys[RT_ELEMENTS(pThis->aCts)][RT_ELEMENTS(pCtl->aIfs)] =
7111 {
7112 { "PrimaryMaster", "PrimarySlave" },
7113 { "SecondaryMaster", "SecondarySlave" }
7114 };
7115
7116 /* Generate a default serial number. */
7117 char szSerial[ATA_SERIAL_NUMBER_LENGTH+1];
7118 RTUUID Uuid;
7119 if (pIf->pDrvBlock)
7120 rc = pIf->pDrvBlock->pfnGetUuid(pIf->pDrvBlock, &Uuid);
7121 else
7122 RTUuidClear(&Uuid);
7123
7124 if (RT_FAILURE(rc) || RTUuidIsNull(&Uuid))
7125 {
7126 /* Generate a predictable serial for drives which don't have a UUID. */
7127 RTStrPrintf(szSerial, sizeof(szSerial), "VB%x-%04x%04x",
7128 pIf->iLUN + pDevIns->iInstance * 32,
7129 pThis->aCts[i].IOPortBase1, pThis->aCts[i].IOPortBase2);
7130 }
7131 else
7132 RTStrPrintf(szSerial, sizeof(szSerial), "VB%08x-%08x", Uuid.au32[0], Uuid.au32[3]);
7133
7134 /* Get user config if present using defaults otherwise. */
7135 PCFGMNODE pCfgNode = CFGMR3GetChild(pCfg, s_apszCFGMKeys[i][j]);
7136 rc = CFGMR3QueryStringDef(pCfgNode, "SerialNumber", pIf->szSerialNumber, sizeof(pIf->szSerialNumber),
7137 szSerial);
7138 if (RT_FAILURE(rc))
7139 {
7140 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7141 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7142 N_("PIIX3 configuration error: \"SerialNumber\" is longer than 20 bytes"));
7143 return PDMDEV_SET_ERROR(pDevIns, rc,
7144 N_("PIIX3 configuration error: failed to read \"SerialNumber\" as string"));
7145 }
7146
7147 rc = CFGMR3QueryStringDef(pCfgNode, "FirmwareRevision", pIf->szFirmwareRevision, sizeof(pIf->szFirmwareRevision),
7148 "1.0");
7149 if (RT_FAILURE(rc))
7150 {
7151 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7152 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7153 N_("PIIX3 configuration error: \"FirmwareRevision\" is longer than 8 bytes"));
7154 return PDMDEV_SET_ERROR(pDevIns, rc,
7155 N_("PIIX3 configuration error: failed to read \"FirmwareRevision\" as string"));
7156 }
7157
7158 rc = CFGMR3QueryStringDef(pCfgNode, "ModelNumber", pIf->szModelNumber, sizeof(pIf->szModelNumber),
7159 pIf->fATAPI ? "VBOX CD-ROM" : "VBOX HARDDISK");
7160 if (RT_FAILURE(rc))
7161 {
7162 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7163 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7164 N_("PIIX3 configuration error: \"ModelNumber\" is longer than 40 bytes"));
7165 return PDMDEV_SET_ERROR(pDevIns, rc,
7166 N_("PIIX3 configuration error: failed to read \"ModelNumber\" as string"));
7167 }
7168
7169 /* There are three other identification strings for CD drives used for INQUIRY */
7170 if (pIf->fATAPI)
7171 {
7172 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIVendorId", pIf->szInquiryVendorId, sizeof(pIf->szInquiryVendorId),
7173 "VBOX");
7174 if (RT_FAILURE(rc))
7175 {
7176 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7177 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7178 N_("PIIX3 configuration error: \"ATAPIVendorId\" is longer than 16 bytes"));
7179 return PDMDEV_SET_ERROR(pDevIns, rc,
7180 N_("PIIX3 configuration error: failed to read \"ATAPIVendorId\" as string"));
7181 }
7182
7183 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIProductId", pIf->szInquiryProductId, sizeof(pIf->szInquiryProductId),
7184 "CD-ROM");
7185 if (RT_FAILURE(rc))
7186 {
7187 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7188 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7189 N_("PIIX3 configuration error: \"ATAPIProductId\" is longer than 16 bytes"));
7190 return PDMDEV_SET_ERROR(pDevIns, rc,
7191 N_("PIIX3 configuration error: failed to read \"ATAPIProductId\" as string"));
7192 }
7193
7194 rc = CFGMR3QueryStringDef(pCfgNode, "ATAPIRevision", pIf->szInquiryRevision, sizeof(pIf->szInquiryRevision),
7195 "1.0");
7196 if (RT_FAILURE(rc))
7197 {
7198 if (rc == VERR_CFGM_NOT_ENOUGH_SPACE)
7199 return PDMDEV_SET_ERROR(pDevIns, VERR_INVALID_PARAMETER,
7200 N_("PIIX3 configuration error: \"ATAPIRevision\" is longer than 4 bytes"));
7201 return PDMDEV_SET_ERROR(pDevIns, rc,
7202 N_("PIIX3 configuration error: failed to read \"ATAPIRevision\" as string"));
7203 }
7204 }
7205 }
7206
7207 }
7208 else if (rc == VERR_PDM_NO_ATTACHED_DRIVER)
7209 {
7210 pIf->pDrvBase = NULL;
7211 pIf->pDrvBlock = NULL;
7212 pIf->cbIOBuffer = 0;
7213 pIf->pbIOBufferR3 = NULL;
7214 pIf->pbIOBufferR0 = NIL_RTR0PTR;
7215 pIf->pbIOBufferRC = NIL_RTGCPTR;
7216 LogRel(("PIIX3 ATA: LUN#%d: no unit\n", pIf->iLUN));
7217 }
7218 else
7219 {
7220 switch (rc)
7221 {
7222 case VERR_ACCESS_DENIED:
7223 /* Error already cached by DrvHostBase */
7224 return rc;
7225 default:
7226 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
7227 N_("PIIX3 cannot attach drive to the %s"),
7228 s_apszDescs[i][j]);
7229 }
7230 }
7231 cbTotalBuffer += pIf->cbIOBuffer;
7232 }
7233 }
7234
7235 rc = PDMDevHlpSSMRegisterEx(pDevIns, ATA_SAVED_STATE_VERSION, sizeof(*pThis) + cbTotalBuffer, NULL,
7236 NULL, ataLiveExec, NULL,
7237 ataSaveLoadPrep, ataSaveExec, NULL,
7238 ataSaveLoadPrep, ataLoadExec, NULL);
7239 if (RT_FAILURE(rc))
7240 return PDMDEV_SET_ERROR(pDevIns, rc, N_("PIIX3 cannot register save state handlers"));
7241
7242 /*
7243 * Initialize the device state.
7244 */
7245 return ataR3ResetCommon(pDevIns, true /*fConstruct*/);
7246}
7247
7248
7249/**
7250 * The device registration structure.
7251 */
7252const PDMDEVREG g_DevicePIIX3IDE =
7253{
7254 /* u32Version */
7255 PDM_DEVREG_VERSION,
7256 /* szName */
7257 "piix3ide",
7258 /* szRCMod */
7259 "VBoxDDGC.gc",
7260 /* szR0Mod */
7261 "VBoxDDR0.r0",
7262 /* pszDescription */
7263 "Intel PIIX3 ATA controller.\n"
7264 " LUN #0 is primary master.\n"
7265 " LUN #1 is primary slave.\n"
7266 " LUN #2 is secondary master.\n"
7267 " LUN #3 is secondary slave.\n"
7268 " LUN #999 is the LED/Status connector.",
7269 /* fFlags */
7270 PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RC | PDM_DEVREG_FLAGS_R0 |
7271 PDM_DEVREG_FLAGS_FIRST_SUSPEND_NOTIFICATION | PDM_DEVREG_FLAGS_FIRST_POWEROFF_NOTIFICATION,
7272 /* fClass */
7273 PDM_DEVREG_CLASS_STORAGE,
7274 /* cMaxInstances */
7275 1,
7276 /* cbInstance */
7277 sizeof(PCIATAState),
7278 /* pfnConstruct */
7279 ataR3Construct,
7280 /* pfnDestruct */
7281 ataR3Destruct,
7282 /* pfnRelocate */
7283 ataR3Relocate,
7284 /* pfnIOCtl */
7285 NULL,
7286 /* pfnPowerOn */
7287 NULL,
7288 /* pfnReset */
7289 ataR3Reset,
7290 /* pfnSuspend */
7291 ataR3Suspend,
7292 /* pfnResume */
7293 ataR3Resume,
7294 /* pfnAttach */
7295 ataR3Attach,
7296 /* pfnDetach */
7297 ataR3Detach,
7298 /* pfnQueryInterface. */
7299 NULL,
7300 /* pfnInitComplete */
7301 NULL,
7302 /* pfnPowerOff */
7303 ataR3PowerOff,
7304 /* pfnSoftReset */
7305 NULL,
7306 /* u32VersionEnd */
7307 PDM_DEVREG_VERSION
7308};
7309#endif /* IN_RING3 */
7310#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette