]> git.proxmox.com Git - qemu.git/blame - hw/scsi/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi: reset cdrom tray statuses on scsi_disk_reset
[qemu.git] / hw / scsi / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
87ecb68b 31#include "qemu-common.h"
1de7afc9 32#include "qemu/error-report.h"
0d09e41a
PB		 33#include "hw/scsi/scsi.h"
34#include "block/scsi.h"
9c17d615
PB		 35#include "sysemu/sysemu.h"
36#include "sysemu/blockdev.h"
0d09e41a 37#include "hw/block/block.h"
9c17d615 38#include "sysemu/dma.h"
22864256 39
336a6915
PB		 40#ifdef __linux
41#include <scsi/sg.h>
42#endif
43
215e47b9
PB		 44#define SCSI_DMA_BUF_SIZE 131072
45#define SCSI_MAX_INQUIRY_LEN 256
46#define SCSI_MAX_MODE_LEN 256
47
48#define DEFAULT_DISCARD_GRANULARITY 4096
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
a0e66a69 58 bool started;
c87c0672
AL		 59 struct iovec iov;
60 QEMUIOVector qiov;
a597e79c 61 BlockAcctCookie acct;
4c41d2ef 62} SCSIDiskReq;
a917d384 63
bfe3d7ac 64#define SCSI_DISK_F_REMOVABLE 0
da8365db 65#define SCSI_DISK_F_DPOFUA 1
bfe3d7ac 66
d52affa7 67struct SCSIDiskState
a917d384 68{
d52affa7 69 SCSIDevice qdev;
bfe3d7ac 70 uint32_t features;
8a9c16f6 71 bool media_changed;
3c2f7c12 72 bool media_event;
4480de19 73 bool eject_request;
27395add 74 uint64_t wwn;
213189ab 75 QEMUBH *bh;
383b4d9b 76 char *version;
a0fef654 77 char *serial;
353815aa
DF		 78 char *vendor;
79 char *product;
ece0d5e9 80 bool tray_open;
81b1008d 81 bool tray_locked;
2e5d83bb
PB		 82};
83
71544d30 84static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 85
ad2d30f7 86static void scsi_free_request(SCSIRequest *req)
4d611c9a 87{
ad2d30f7
PB		 88 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
89
db4c34c3 90 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 91}
92
b45ef674
PB		 93/* Helper function for command completion with sense. */
94static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 95{
02fa69b6
BS		 96 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
97 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 98 scsi_req_build_sense(&r->req, sense);
99 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 100}
101
102/* Cancel a pending data transfer. */
5c6c0e51 103static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 104{
5c6c0e51
HR		 105 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
106
107 DPRINTF("Cancel tag=0x%x\n", req->tag);
108 if (r->req.aiocb) {
109 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 110
111 /* This reference was left in by scsi_*_data. We take ownership of
112 * it the moment scsi_req_cancel is called, independent of whether
113 * bdrv_aio_cancel completes the request or not. */
114 scsi_req_unref(&r->req);
a917d384 115 }
5c6c0e51 116 r->req.aiocb = NULL;
a917d384
PB		 117}
118
43b978b9 119static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 120{
7285477a
PB		 121 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
122
123 if (!r->iov.iov_base) {
43b978b9 124 r->buflen = size;
44740c38 125 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 126 }
127 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 128 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
129 return r->qiov.size / 512;
130}
131
43b978b9
PB		 132static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
133{
134 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
135
136 qemu_put_be64s(f, &r->sector);
137 qemu_put_be32s(f, &r->sector_count);
138 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 139 if (r->buflen) {
140 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
141 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
142 } else if (!req->retry) {
143 uint32_t len = r->iov.iov_len;
144 qemu_put_be32s(f, &len);
145 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
146 }
43b978b9
PB		 147 }
148}
149
150static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
151{
152 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
153
154 qemu_get_be64s(f, &r->sector);
155 qemu_get_be32s(f, &r->sector_count);
156 qemu_get_be32s(f, &r->buflen);
157 if (r->buflen) {
158 scsi_init_iovec(r, r->buflen);
159 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
160 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 161 } else if (!r->req.retry) {
162 uint32_t len;
163 qemu_get_be32s(f, &len);
164 r->iov.iov_len = len;
165 assert(r->iov.iov_len <= r->buflen);
166 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 167 }
168 }
169
170 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
171}
172
c1b35247 173static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 174{
175 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
177
46e3f30e
PB		 178 assert(r->req.aiocb != NULL);
179 r->req.aiocb = NULL;
5d0d2467 180 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0c92e0e6
PB		 181 if (r->req.io_canceled) {
182 goto done;
183 }
5d0d2467 184
80624c93 185 if (ret < 0) {
5d0d2467
PB		 186 if (scsi_handle_rw_error(r, -ret)) {
187 goto done;
188 }
189 }
190
5d0d2467
PB		 191 scsi_req_complete(&r->req, GOOD);
192
193done:
b8aba8d7
PB		 194 if (!r->req.io_canceled) {
195 scsi_req_unref(&r->req);
196 }
5d0d2467
PB		 197}
198
7e8c49c5
PB		 199static bool scsi_is_cmd_fua(SCSICommand *cmd)
200{
201 switch (cmd->buf[0]) {
202 case READ_10:
203 case READ_12:
204 case READ_16:
205 case WRITE_10:
206 case WRITE_12:
207 case WRITE_16:
208 return (cmd->buf[1] & 8) != 0;
209
7f64f8e2
PB		 210 case VERIFY_10:
211 case VERIFY_12:
212 case VERIFY_16:
7e8c49c5
PB		 213 case WRITE_VERIFY_10:
214 case WRITE_VERIFY_12:
215 case WRITE_VERIFY_16:
216 return true;
217
218 case READ_6:
219 case WRITE_6:
220 default:
221 return false;
222 }
223}
224
225static void scsi_write_do_fua(SCSIDiskReq *r)
226{
227 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
228
0c92e0e6
PB		 229 if (r->req.io_canceled) {
230 goto done;
231 }
232
7e8c49c5
PB		 233 if (scsi_is_cmd_fua(&r->req.cmd)) {
234 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
c1b35247 235 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
7e8c49c5
PB		 236 return;
237 }
238
239 scsi_req_complete(&r->req, GOOD);
0c92e0e6
PB		 240
241done:
7e8c49c5
PB		 242 if (!r->req.io_canceled) {
243 scsi_req_unref(&r->req);
244 }
245}
246
ef8489d4 247static void scsi_dma_complete_noio(void *opaque, int ret)
a917d384 248{
4c41d2ef 249 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 250 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 251
ef8489d4
PB		 252 if (r->req.aiocb != NULL) {
253 r->req.aiocb = NULL;
254 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
255 }
0c92e0e6
PB		 256 if (r->req.io_canceled) {
257 goto done;
258 }
a597e79c 259
80624c93 260 if (ret < 0) {
71544d30 261 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 262 goto done;
5dba48a8 263 }
4d611c9a 264 }
5dba48a8 265
b77912a7
PB		 266 r->sector += r->sector_count;
267 r->sector_count = 0;
7e8c49c5
PB		 268 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
269 scsi_write_do_fua(r);
270 return;
271 } else {
272 scsi_req_complete(&r->req, GOOD);
273 }
c7bae6a7
PB		 274
275done:
276 if (!r->req.io_canceled) {
277 scsi_req_unref(&r->req);
278 }
4d611c9a
PB		 279}
280
ef8489d4
PB		 281static void scsi_dma_complete(void *opaque, int ret)
282{
283 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
284
285 assert(r->req.aiocb != NULL);
286 scsi_dma_complete_noio(opaque, ret);
287}
288
b77912a7 289static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 290{
291 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
292 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 293 int n;
0a4ac106 294
46e3f30e
PB		 295 assert(r->req.aiocb != NULL);
296 r->req.aiocb = NULL;
297 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0c92e0e6
PB		 298 if (r->req.io_canceled) {
299 goto done;
300 }
0a4ac106
PB		 301
302 if (ret < 0) {
71544d30 303 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 304 goto done;
0a4ac106
PB		 305 }
306 }
307
b77912a7
PB		 308 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
309
310 n = r->qiov.size / 512;
311 r->sector += n;
312 r->sector_count -= n;
313 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 314
315done:
316 if (!r->req.io_canceled) {
317 scsi_req_unref(&r->req);
318 }
0a4ac106 319}
5dba48a8 320
ac668426
PB		 321/* Actually issue a read to the block device. */
322static void scsi_do_read(void *opaque, int ret)
323{
324 SCSIDiskReq *r = opaque;
325 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
326 uint32_t n;
327
328 if (r->req.aiocb != NULL) {
329 r->req.aiocb = NULL;
330 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
331 }
0c92e0e6
PB		 332 if (r->req.io_canceled) {
333 goto done;
334 }
ac668426
PB		 335
336 if (ret < 0) {
337 if (scsi_handle_rw_error(r, -ret)) {
338 goto done;
339 }
340 }
341
31e8fd86
PB		 342 /* The request is used as the AIO opaque value, so add a ref. */
343 scsi_req_ref(&r->req);
344
ac668426
PB		 345 if (r->req.sg) {
346 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
347 r->req.resid -= r->req.sg->size;
348 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
349 scsi_dma_complete, r);
350 } else {
351 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
352 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
353 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
354 scsi_read_complete, r);
355 }
356
357done:
358 if (!r->req.io_canceled) {
359 scsi_req_unref(&r->req);
360 }
361}
362
5c6c0e51
HR		 363/* Read more data from scsi device into buffer. */
364static void scsi_read_data(SCSIRequest *req)
2e5d83bb 365{
5c6c0e51 366 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 367 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 368 bool first;
2e5d83bb 369
a917d384
PB		 370 DPRINTF("Read sector_count=%d\n", r->sector_count);
371 if (r->sector_count == 0) {
b45ef674
PB		 372 /* This also clears the sense buffer for REQUEST SENSE. */
373 scsi_req_complete(&r->req, GOOD);
a917d384 374 return;
2e5d83bb
PB		 375 }
376
6fa2c95f
SH		 377 /* No data transfer may already be in progress */
378 assert(r->req.aiocb == NULL);
379
c7bae6a7
PB		 380 /* The request is used as the AIO opaque value, so add a ref. */
381 scsi_req_ref(&r->req);
efb9ee02
HR		 382 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
383 DPRINTF("Data transfer direction invalid\n");
384 scsi_read_complete(r, -EINVAL);
385 return;
386 }
387
a1aff5bf
MA		 388 if (s->tray_open) {
389 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 390 return;
a1aff5bf 391 }
c7bae6a7 392
ac668426 393 first = !r->started;
a0e66a69 394 r->started = true;
ac668426
PB		 395 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
396 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
397 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
5d0d2467 398 } else {
ac668426 399 scsi_do_read(r, 0);
5d0d2467 400 }
2e5d83bb
PB		 401}
402
c7bae6a7
PB		 403/*
404 * scsi_handle_rw_error has two return values. 0 means that the error
405 * must be ignored, 1 means that the error has been processed and the
406 * caller should not do anything else for this request. Note that
407 * scsi_handle_rw_error always manages its reference counts, independent
408 * of the return value.
409 */
71544d30 410static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 411{
1ceee0d5 412 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 413 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3e1caa5f 414 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
ea8a5d7f 415
3e1caa5f 416 if (action == BDRV_ACTION_REPORT) {
efb9ee02 417 switch (error) {
7e218df5
PB		 418 case ENOMEDIUM:
419 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
420 break;
efb9ee02 421 case ENOMEM:
b45ef674 422 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 423 break;
424 case EINVAL:
b45ef674 425 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 426 break;
427 default:
b45ef674 428 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 429 break;
a1f0cce2 430 }
ea8a5d7f 431 }
3e1caa5f
PB		 432 bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
433 if (action == BDRV_ACTION_STOP) {
434 scsi_req_retry(&r->req);
435 }
436 return action != BDRV_ACTION_IGNORE;
ea8a5d7f
AL		 437}
438
4d611c9a
PB		 439static void scsi_write_complete(void * opaque, int ret)
440{
4c41d2ef 441 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 442 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 443 uint32_t n;
444
8e321cc6
PB		 445 if (r->req.aiocb != NULL) {
446 r->req.aiocb = NULL;
44740c38 447 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 448 }
0c92e0e6
PB		 449 if (r->req.io_canceled) {
450 goto done;
451 }
a597e79c 452
80624c93 453 if (ret < 0) {
71544d30 454 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 455 goto done;
5dba48a8 456 }
4d611c9a
PB		 457 }
458
103b40f5 459 n = r->qiov.size / 512;
ea8a5d7f
AL		 460 r->sector += n;
461 r->sector_count -= n;
a917d384 462 if (r->sector_count == 0) {
7e8c49c5
PB		 463 scsi_write_do_fua(r);
464 return;
a917d384 465 } else {
43b978b9 466 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
79fb50bb 467 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
103b40f5 468 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 469 }
c7bae6a7
PB		 470
471done:
472 if (!r->req.io_canceled) {
473 scsi_req_unref(&r->req);
474 }
4d611c9a
PB		 475}
476
42741212 477static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 478{
5c6c0e51 479 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 480 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 481 uint32_t n;
482
6fa2c95f
SH		 483 /* No data transfer may already be in progress */
484 assert(r->req.aiocb == NULL);
485
c7bae6a7
PB		 486 /* The request is used as the AIO opaque value, so add a ref. */
487 scsi_req_ref(&r->req);
efb9ee02
HR		 488 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
489 DPRINTF("Data transfer direction invalid\n");
490 scsi_write_complete(r, -EINVAL);
42741212 491 return;
efb9ee02
HR		 492 }
493
5d0d2467
PB		 494 if (!r->req.sg && !r->qiov.size) {
495 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 496 r->started = true;
5d0d2467
PB		 497 scsi_write_complete(r, 0);
498 return;
499 }
500 if (s->tray_open) {
501 scsi_write_complete(r, -ENOMEDIUM);
502 return;
503 }
504
7f64f8e2
PB		 505 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
506 r->req.cmd.buf[0] == VERIFY_16) {
507 if (r->req.sg) {
ef8489d4 508 scsi_dma_complete_noio(r, 0);
7f64f8e2
PB		 509 } else {
510 scsi_write_complete(r, 0);
511 }
512 return;
513 }
514
5d0d2467
PB		 515 if (r->req.sg) {
516 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
517 r->req.resid -= r->req.sg->size;
518 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
519 scsi_dma_complete, r);
520 } else {
521 n = r->qiov.size / 512;
44740c38
PB		 522 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
523 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 524 scsi_write_complete, r);
ea8a5d7f 525 }
a917d384 526}
2e5d83bb 527
a917d384 528/* Return a pointer to the data buffer. */
5c6c0e51 529static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 530{
5c6c0e51 531 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 532
3f4cb3d3 533 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 534}
535
0b06c059
GH		 536static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
537{
383b4d9b 538 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059 539 int buflen = 0;
82579390 540 int start;
0b06c059 541
0b06c059
GH		 542 if (req->cmd.buf[1] & 0x1) {
543 /* Vital product data */
544 uint8_t page_code = req->cmd.buf[2];
0b06c059 545
e39be482 546 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 547 outbuf[buflen++] = page_code ; // this page
548 outbuf[buflen++] = 0x00;
82579390
PB		 549 outbuf[buflen++] = 0x00;
550 start = buflen;
0b06c059
GH		 551
552 switch (page_code) {
553 case 0x00: /* Supported page codes, mandatory */
39d98982 554 {
0b06c059
GH		 555 DPRINTF("Inquiry EVPD[Supported pages] "
556 "buffer size %zd\n", req->cmd.xfer);
0b06c059 557 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 558 if (s->serial) {
3e1c0c9a 559 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 560 }
0b06c059 561 outbuf[buflen++] = 0x83; // device identification
f37bd73b 562 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 563 outbuf[buflen++] = 0xb0; // block limits
564 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982 565 }
0b06c059 566 break;
39d98982 567 }
0b06c059
GH		 568 case 0x80: /* Device serial number, optional */
569 {
3e1c0c9a 570 int l;
0b06c059 571
3e1c0c9a
HR		 572 if (!s->serial) {
573 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
574 return -1;
575 }
576
577 l = strlen(s->serial);
f01b5931 578 if (l > 20) {
0b06c059 579 l = 20;
f01b5931 580 }
0b06c059
GH		 581
582 DPRINTF("Inquiry EVPD[Serial number] "
583 "buffer size %zd\n", req->cmd.xfer);
a0fef654 584 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 585 buflen += l;
586 break;
587 }
588
589 case 0x83: /* Device identification page, mandatory */
590 {
fd930791
PB		 591 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
592 int max_len = s->serial ? 20 : 255 - 8;
593 int id_len = strlen(str);
0b06c059 594
f01b5931 595 if (id_len > max_len) {
0b06c059 596 id_len = max_len;
f01b5931 597 }
0b06c059
GH		 598 DPRINTF("Inquiry EVPD[Device identification] "
599 "buffer size %zd\n", req->cmd.xfer);
600
0b06c059
GH		 601 outbuf[buflen++] = 0x2; // ASCII
602 outbuf[buflen++] = 0; // not officially assigned
603 outbuf[buflen++] = 0; // reserved
604 outbuf[buflen++] = id_len; // length of data following
fd930791 605 memcpy(outbuf+buflen, str, id_len);
0b06c059 606 buflen += id_len;
27395add
PB		 607
608 if (s->wwn) {
609 outbuf[buflen++] = 0x1; // Binary
610 outbuf[buflen++] = 0x3; // NAA
611 outbuf[buflen++] = 0; // reserved
612 outbuf[buflen++] = 8;
613 stq_be_p(&outbuf[buflen], s->wwn);
614 buflen += 8;
615 }
0b06c059
GH		 616 break;
617 }
ea3bd56f 618 case 0xb0: /* block limits */
ee3659e3 619 {
ea3bd56f
CH		 620 unsigned int unmap_sectors =
621 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 622 unsigned int min_io_size =
623 s->qdev.conf.min_io_size / s->qdev.blocksize;
624 unsigned int opt_io_size =
625 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 626
f37bd73b 627 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 628 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
629 page_code);
630 return -1;
631 }
ee3659e3 632 /* required VPD size with unmap support */
82579390 633 buflen = 0x40;
ee3659e3
CH		 634 memset(outbuf + 4, 0, buflen - 4);
635
636 /* optimal transfer length granularity */
637 outbuf[6] = (min_io_size >> 8) & 0xff;
638 outbuf[7] = min_io_size & 0xff;
639
640 /* optimal transfer length */
641 outbuf[12] = (opt_io_size >> 24) & 0xff;
642 outbuf[13] = (opt_io_size >> 16) & 0xff;
643 outbuf[14] = (opt_io_size >> 8) & 0xff;
644 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 645
646 /* optimal unmap granularity */
647 outbuf[28] = (unmap_sectors >> 24) & 0xff;
648 outbuf[29] = (unmap_sectors >> 16) & 0xff;
649 outbuf[30] = (unmap_sectors >> 8) & 0xff;
650 outbuf[31] = unmap_sectors & 0xff;
651 break;
652 }
653 case 0xb2: /* thin provisioning */
654 {
82579390 655 buflen = 8;
ea3bd56f 656 outbuf[4] = 0;
5222aaf2 657 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
f644a290 658 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
ea3bd56f 659 outbuf[7] = 0;
ee3659e3
CH		 660 break;
661 }
0b06c059 662 default:
0b06c059
GH		 663 return -1;
664 }
665 /* done with EVPD */
82579390
PB		 666 assert(buflen - start <= 255);
667 outbuf[start - 1] = buflen - start;
0b06c059
GH		 668 return buflen;
669 }
670
671 /* Standard INQUIRY data */
672 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 673 return -1;
674 }
675
676 /* PAGE CODE == 0 */
0b06c059 677 buflen = req->cmd.xfer;
f01b5931 678 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 679 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 680 }
0b06c059 681
f37bd73b 682 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 683 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 684
685 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
686 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
687
314b1811 688 memset(&outbuf[32], 0, 4);
552fee93 689 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 690 /*
691 * We claim conformance to SPC-3, which is required for guests
692 * to ask for modern features like READ CAPACITY(16) or the
693 * block characteristics VPD page by default. Not all of SPC-3
694 * is actually implemented, but we're good enough.
695 */
ee3659e3 696 outbuf[2] = 5;
1109c894 697 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 698
699 if (buflen > 36) {
700 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
701 } else {
702 /* If the allocation length of CDB is too small,
703 the additional length is not adjusted */
704 outbuf[4] = 36 - 5;
705 }
706
0b06c059 707 /* Sync data transfer and TCQ. */
afd4030c 708 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 709 return buflen;
710}
711
430ee2f2
PB		 712static inline bool media_is_dvd(SCSIDiskState *s)
713{
714 uint64_t nb_sectors;
715 if (s->qdev.type != TYPE_ROM) {
716 return false;
717 }
44740c38 718 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 719 return false;
720 }
44740c38 721 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 722 return nb_sectors > CD_MAX_SECTORS;
723}
724
ceb792ef
PB		 725static inline bool media_is_cd(SCSIDiskState *s)
726{
727 uint64_t nb_sectors;
728 if (s->qdev.type != TYPE_ROM) {
729 return false;
730 }
44740c38 731 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 732 return false;
733 }
44740c38 734 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 735 return nb_sectors <= CD_MAX_SECTORS;
736}
737
1a4f0c3a
PB		 738static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
739 uint8_t *outbuf)
740{
741 uint8_t type = r->req.cmd.buf[1] & 7;
742
743 if (s->qdev.type != TYPE_ROM) {
744 return -1;
745 }
746
747 /* Types 1/2 are only defined for Blu-Ray. */
748 if (type != 0) {
749 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
750 return -1;
751 }
752
753 memset(outbuf, 0, 34);
754 outbuf[1] = 32;
755 outbuf[2] = 0xe; /* last session complete, disc finalized */
756 outbuf[3] = 1; /* first track on disc */
757 outbuf[4] = 1; /* # of sessions */
758 outbuf[5] = 1; /* first track of last session */
759 outbuf[6] = 1; /* last track of last session */
760 outbuf[7] = 0x20; /* unrestricted use */
761 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
762 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
763 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
764 /* 24-31: disc bar code */
765 /* 32: disc application code */
766 /* 33: number of OPC tables */
767
768 return 34;
769}
770
b6c251ab
PB		 771static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
772 uint8_t *outbuf)
773{
ceb792ef
PB		 774 static const int rds_caps_size[5] = {
775 [0] = 2048 + 4,
776 [1] = 4 + 4,
777 [3] = 188 + 4,
778 [4] = 2048 + 4,
779 };
780
781 uint8_t media = r->req.cmd.buf[1];
782 uint8_t layer = r->req.cmd.buf[6];
783 uint8_t format = r->req.cmd.buf[7];
784 int size = -1;
785
786 if (s->qdev.type != TYPE_ROM) {
787 return -1;
788 }
789 if (media != 0) {
790 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
791 return -1;
792 }
793
794 if (format != 0xff) {
44740c38 795 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 796 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
797 return -1;
798 }
799 if (media_is_cd(s)) {
800 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
801 return -1;
802 }
803 if (format >= ARRAY_SIZE(rds_caps_size)) {
804 return -1;
805 }
806 size = rds_caps_size[format];
807 memset(outbuf, 0, size);
808 }
809
810 switch (format) {
811 case 0x00: {
812 /* Physical format information */
813 uint64_t nb_sectors;
814 if (layer != 0) {
815 goto fail;
816 }
44740c38 817 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 818
819 outbuf[4] = 1; /* DVD-ROM, part version 1 */
820 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
821 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
822 outbuf[7] = 0; /* default densities */
823
824 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
825 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
826 break;
827 }
828
829 case 0x01: /* DVD copyright information, all zeros */
830 break;
831
832 case 0x03: /* BCA information - invalid field for no BCA info */
833 return -1;
834
835 case 0x04: /* DVD disc manufacturing information, all zeros */
836 break;
837
838 case 0xff: { /* List capabilities */
839 int i;
840 size = 4;
841 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
842 if (!rds_caps_size[i]) {
843 continue;
844 }
845 outbuf[size] = i;
846 outbuf[size + 1] = 0x40; /* Not writable, readable */
847 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
848 size += 4;
849 }
850 break;
851 }
852
853 default:
854 return -1;
855 }
856
857 /* Size of buffer, not including 2 byte size field */
858 stw_be_p(outbuf, size - 2);
859 return size;
860
861fail:
b6c251ab
PB		 862 return -1;
863}
864
3c2f7c12 865static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 866{
3c2f7c12
PB		 867 uint8_t event_code, media_status;
868
869 media_status = 0;
870 if (s->tray_open) {
871 media_status = MS_TRAY_OPEN;
44740c38 872 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 873 media_status = MS_MEDIA_PRESENT;
874 }
875
876 /* Event notification descriptor */
877 event_code = MEC_NO_CHANGE;
4480de19
PB		 878 if (media_status != MS_TRAY_OPEN) {
879 if (s->media_event) {
880 event_code = MEC_NEW_MEDIA;
881 s->media_event = false;
882 } else if (s->eject_request) {
883 event_code = MEC_EJECT_REQUESTED;
884 s->eject_request = false;
885 }
3c2f7c12
PB		 886 }
887
888 outbuf[0] = event_code;
889 outbuf[1] = media_status;
890
891 /* These fields are reserved, just clear them. */
892 outbuf[2] = 0;
893 outbuf[3] = 0;
894 return 4;
895}
896
897static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
898 uint8_t *outbuf)
899{
900 int size;
901 uint8_t *buf = r->req.cmd.buf;
902 uint8_t notification_class_request = buf[4];
903 if (s->qdev.type != TYPE_ROM) {
904 return -1;
905 }
906 if ((buf[1] & 1) == 0) {
907 /* asynchronous */
908 return -1;
909 }
910
911 size = 4;
912 outbuf[0] = outbuf[1] = 0;
913 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
914 if (notification_class_request & (1 << GESN_MEDIA)) {
915 outbuf[2] = GESN_MEDIA;
916 size += scsi_event_status_media(s, &outbuf[size]);
917 } else {
918 outbuf[2] = 0x80;
919 }
920 stw_be_p(outbuf, size - 4);
921 return size;
b6c251ab
PB		 922}
923
430ee2f2 924static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 925{
430ee2f2
PB		 926 int current;
927
b6c251ab
PB		 928 if (s->qdev.type != TYPE_ROM) {
929 return -1;
930 }
430ee2f2
PB		 931 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
932 memset(outbuf, 0, 40);
933 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
934 stw_be_p(&outbuf[6], current);
935 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
936 outbuf[10] = 0x03; /* persistent, current */
937 outbuf[11] = 8; /* two profiles */
938 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
939 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
940 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
941 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
942 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
943 stw_be_p(&outbuf[20], 1);
944 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
945 outbuf[23] = 8;
946 stl_be_p(&outbuf[24], 1); /* SCSI */
947 outbuf[28] = 1; /* DBE = 1, mandatory */
948 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
949 stw_be_p(&outbuf[32], 3);
950 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
951 outbuf[35] = 4;
952 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
953 /* TODO: Random readable, CD read, DVD read, drive serial number,
954 power management */
955 return 40;
b6c251ab
PB		 956}
957
958static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
959{
960 if (s->qdev.type != TYPE_ROM) {
961 return -1;
962 }
963 memset(outbuf, 0, 8);
964 outbuf[5] = 1; /* CD-ROM */
965 return 8;
966}
967
cfc606da 968static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 969 int page_control)
ebddfcbe 970{
a8f4bbe2
PB		 971 static const int mode_sense_valid[0x3f] = {
972 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
973 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
974 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 975 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
976 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 977 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
978 };
ef405611
PB		 979
980 uint8_t *p = *p_outbuf + 2;
981 int length;
ebddfcbe 982
a8f4bbe2
PB		 983 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
984 return -1;
985 }
986
282ab04e
BK		 987 /*
988 * If Changeable Values are requested, a mask denoting those mode parameters
989 * that are changeable shall be returned. As we currently don't support
990 * parameter changes via MODE_SELECT all bits are returned set to zero.
991 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 992 *
993 * The offsets here are off by two compared to the descriptions in the
994 * SCSI specs, because those include a 2-byte header. This is unfortunate,
995 * but it is done so that offsets are consistent within our implementation
996 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
997 * 2-byte and 4-byte headers.
282ab04e 998 */
ebddfcbe 999 switch (page) {
67cc61e4 1000 case MODE_PAGE_HD_GEOMETRY:
ef405611 1001 length = 0x16;
282ab04e 1002 if (page_control == 1) { /* Changeable Values */
cfc606da 1003 break;
282ab04e 1004 }
ebddfcbe 1005 /* if a geometry hint is available, use it */
ef405611
PB		 1006 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1007 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1008 p[2] = s->qdev.conf.cyls & 0xff;
1009 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1010 /* Write precomp start cylinder, disabled */
ef405611
PB		 1011 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1012 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1013 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1014 /* Reduced current start cylinder, disabled */
ef405611
PB		 1015 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1016 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1017 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1018 /* Device step rate [ns], 200ns */
ef405611
PB		 1019 p[10] = 0;
1020 p[11] = 200;
ebddfcbe 1021 /* Landing zone cylinder */
ef405611
PB		 1022 p[12] = 0xff;
1023 p[13] = 0xff;
ebddfcbe 1024 p[14] = 0xff;
ebddfcbe 1025 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1026 p[18] = (5400 >> 8) & 0xff;
1027 p[19] = 5400 & 0xff;
cfc606da 1028 break;
ebddfcbe 1029
67cc61e4 1030 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1031 length = 0x1e;
282ab04e 1032 if (page_control == 1) { /* Changeable Values */
cfc606da 1033 break;
282ab04e 1034 }
ebddfcbe 1035 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1036 p[0] = 5000 >> 8;
1037 p[1] = 5000 & 0xff;
ebddfcbe 1038 /* if a geometry hint is available, use it */
ef405611
PB		 1039 p[2] = s->qdev.conf.heads & 0xff;
1040 p[3] = s->qdev.conf.secs & 0xff;
1041 p[4] = s->qdev.blocksize >> 8;
1042 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1043 p[7] = s->qdev.conf.cyls & 0xff;
1044 /* Write precomp start cylinder, disabled */
d252df48
MA		 1045 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1046 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1047 /* Reduced current start cylinder, disabled */
d252df48
MA		 1048 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1049 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1050 /* Device step rate [100us], 100us */
ef405611
PB		 1051 p[12] = 0;
1052 p[13] = 1;
ebddfcbe 1053 /* Device step pulse width [us], 1us */
ef405611 1054 p[14] = 1;
ebddfcbe 1055 /* Device head settle delay [100us], 100us */
ef405611
PB		 1056 p[15] = 0;
1057 p[16] = 1;
ebddfcbe 1058 /* Motor on delay [0.1s], 0.1s */
ef405611 1059 p[17] = 1;
ebddfcbe 1060 /* Motor off delay [0.1s], 0.1s */
ef405611 1061 p[18] = 1;
ebddfcbe 1062 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1063 p[26] = (5400 >> 8) & 0xff;
1064 p[27] = 5400 & 0xff;
cfc606da 1065 break;
ebddfcbe 1066
67cc61e4 1067 case MODE_PAGE_CACHING:
ef405611 1068 length = 0x12;
96c91bbf
PB		 1069 if (page_control == 1 || /* Changeable Values */
1070 bdrv_enable_write_cache(s->qdev.conf.bs)) {
ef405611 1071 p[0] = 4; /* WCE */
ebddfcbe 1072 }
cfc606da 1073 break;
ebddfcbe 1074
a07c7dcd 1075 case MODE_PAGE_R_W_ERROR:
ef405611 1076 length = 10;
4f588b15
PB		 1077 if (page_control == 1) { /* Changeable Values */
1078 break;
1079 }
ef405611 1080 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1081 if (s->qdev.type == TYPE_ROM) {
ef405611 1082 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1083 }
1084 break;
1085
1086 case MODE_PAGE_AUDIO_CTL:
ef405611 1087 length = 14;
a07c7dcd
PB		 1088 break;
1089
67cc61e4 1090 case MODE_PAGE_CAPABILITIES:
ef405611 1091 length = 0x14;
282ab04e 1092 if (page_control == 1) { /* Changeable Values */
cfc606da 1093 break;
282ab04e 1094 }
a07c7dcd 1095
ef405611
PB		 1096 p[0] = 0x3b; /* CD-R & CD-RW read */
1097 p[1] = 0; /* Writing not supported */
1098 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1099 mode 2 form 1&2, multi session */
ef405611 1100 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1101 RW corrected, C2 errors, ISRC,
1102 UPC, Bar code */
ef405611 1103 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1104 /* Locking supported, jumper present, eject, tray */
ef405611 1105 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1106 changer */
ef405611
PB		 1107 p[6] = (50 * 176) >> 8; /* 50x read speed */
1108 p[7] = (50 * 176) & 0xff;
1109 p[8] = 2 >> 8; /* Two volume levels */
1110 p[9] = 2 & 0xff;
1111 p[10] = 2048 >> 8; /* 2M buffer */
1112 p[11] = 2048 & 0xff;
1113 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1114 p[13] = (16 * 176) & 0xff;
1115 p[16] = (16 * 176) >> 8; /* 16x write speed */
1116 p[17] = (16 * 176) & 0xff;
1117 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1118 p[19] = (16 * 176) & 0xff;
cfc606da 1119 break;
ebddfcbe
GH		 1120
1121 default:
cfc606da 1122 return -1;
ebddfcbe 1123 }
cfc606da 1124
ef405611
PB		 1125 assert(length < 256);
1126 (*p_outbuf)[0] = page;
1127 (*p_outbuf)[1] = length;
1128 *p_outbuf += length + 2;
1129 return length + 2;
ebddfcbe
GH		 1130}
1131
cfc606da 1132static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1133{
cfc606da 1134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1135 uint64_t nb_sectors;
e590ecbe
PB		 1136 bool dbd;
1137 int page, buflen, ret, page_control;
ebddfcbe 1138 uint8_t *p;
ce512ee1 1139 uint8_t dev_specific_param;
ebddfcbe 1140
e590ecbe 1141 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1142 page = r->req.cmd.buf[2] & 0x3f;
1143 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1144 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1145 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1146 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1147 p = outbuf;
1148
e590ecbe 1149 if (s->qdev.type == TYPE_DISK) {
da8365db 1150 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
e590ecbe
PB		 1151 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1152 dev_specific_param |= 0x80; /* Readonly. */
1153 }
ce512ee1 1154 } else {
e590ecbe
PB		 1155 /* MMC prescribes that CD/DVD drives have no block descriptors,
1156 * and defines no device-specific parameter. */
6a2de0f2 1157 dev_specific_param = 0x00;
e590ecbe 1158 dbd = true;
ce512ee1
BK		 1159 }
1160
cfc606da 1161 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1162 p[1] = 0; /* Default media type. */
1163 p[2] = dev_specific_param;
1164 p[3] = 0; /* Block descriptor length. */
1165 p += 4;
1166 } else { /* MODE_SENSE_10 */
1167 p[2] = 0; /* Default media type. */
1168 p[3] = dev_specific_param;
1169 p[6] = p[7] = 0; /* Block descriptor length. */
1170 p += 8;
ebddfcbe 1171 }
ebddfcbe 1172
44740c38 1173 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
e590ecbe 1174 if (!dbd && nb_sectors) {
cfc606da 1175 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1176 outbuf[3] = 8; /* Block descriptor length */
1177 } else { /* MODE_SENSE_10 */
1178 outbuf[7] = 8; /* Block descriptor length */
1179 }
69377307 1180 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1181 if (nb_sectors > 0xffffff) {
2488b740 1182 nb_sectors = 0;
f01b5931 1183 }
ebddfcbe
GH		 1184 p[0] = 0; /* media density code */
1185 p[1] = (nb_sectors >> 16) & 0xff;
1186 p[2] = (nb_sectors >> 8) & 0xff;
1187 p[3] = nb_sectors & 0xff;
1188 p[4] = 0; /* reserved */
1189 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1190 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1191 p[7] = 0;
1192 p += 8;
1193 }
1194
cfc606da
PB		 1195 if (page_control == 3) {
1196 /* Saved Values */
1197 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1198 return -1;
282ab04e
BK		 1199 }
1200
cfc606da
PB		 1201 if (page == 0x3f) {
1202 for (page = 0; page <= 0x3e; page++) {
1203 mode_sense_page(s, page, &p, page_control);
1204 }
1205 } else {
1206 ret = mode_sense_page(s, page, &p, page_control);
1207 if (ret == -1) {
1208 return -1;
1209 }
ebddfcbe
GH		 1210 }
1211
1212 buflen = p - outbuf;
ce512ee1
BK		 1213 /*
1214 * The mode data length field specifies the length in bytes of the
1215 * following data that is available to be transferred. The mode data
1216 * length does not include itself.
1217 */
cfc606da 1218 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1219 outbuf[0] = buflen - 1;
1220 } else { /* MODE_SENSE_10 */
1221 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1222 outbuf[1] = (buflen - 2) & 0xff;
1223 }
ebddfcbe
GH		 1224 return buflen;
1225}
1226
02880f43
GH		 1227static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1228{
1229 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1230 int start_track, format, msf, toclen;
1231 uint64_t nb_sectors;
1232
1233 msf = req->cmd.buf[1] & 2;
1234 format = req->cmd.buf[2] & 0xf;
1235 start_track = req->cmd.buf[6];
44740c38 1236 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1237 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1238 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1239 switch (format) {
1240 case 0:
1241 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1242 break;
1243 case 1:
1244 /* multi session : only a single session defined */
1245 toclen = 12;
1246 memset(outbuf, 0, 12);
1247 outbuf[1] = 0x0a;
1248 outbuf[2] = 0x01;
1249 outbuf[3] = 0x01;
1250 break;
1251 case 2:
1252 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1253 break;
1254 default:
1255 return -1;
1256 }
02880f43
GH		 1257 return toclen;
1258}
1259
68bb01f3 1260static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1261{
1262 SCSIRequest *req = &r->req;
1263 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1264 bool start = req->cmd.buf[4] & 1;
1265 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1266 int pwrcnd = req->cmd.buf[4] & 0xf0;
1267
1268 if (pwrcnd) {
1269 /* eject/load only happens for power condition == 0 */
1270 return 0;
1271 }
bfd52647 1272
b456a71c 1273 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1274 if (!start && !s->tray_open && s->tray_locked) {
1275 scsi_check_condition(r,
44740c38 1276 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1277 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1278 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1279 return -1;
fdec4404 1280 }
d88b1819
LC		 1281
1282 if (s->tray_open != !start) {
1283 bdrv_eject(s->qdev.conf.bs, !start);
1284 s->tray_open = !start;
1285 }
bfd52647 1286 }
68bb01f3 1287 return 0;
bfd52647
MA		 1288}
1289
314a3299
PB		 1290static void scsi_disk_emulate_read_data(SCSIRequest *req)
1291{
1292 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1293 int buflen = r->iov.iov_len;
1294
1295 if (buflen) {
79fb50bb 1296 DPRINTF("Read buf_len=%d\n", buflen);
314a3299
PB		 1297 r->iov.iov_len = 0;
1298 r->started = true;
1299 scsi_req_data(&r->req, buflen);
1300 return;
1301 }
1302
1303 /* This also clears the sense buffer for REQUEST SENSE. */
1304 scsi_req_complete(&r->req, GOOD);
1305}
1306
380feaff
PB		 1307static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1308 uint8_t *inbuf, int inlen)
1309{
1310 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1311 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1312 uint8_t *p;
1313 int len, expected_len, changeable_len, i;
1314
1315 /* The input buffer does not include the page header, so it is
1316 * off by 2 bytes.
1317 */
1318 expected_len = inlen + 2;
1319 if (expected_len > SCSI_MAX_MODE_LEN) {
1320 return -1;
1321 }
1322
1323 p = mode_current;
1324 memset(mode_current, 0, inlen + 2);
1325 len = mode_sense_page(s, page, &p, 0);
1326 if (len < 0 || len != expected_len) {
1327 return -1;
1328 }
1329
1330 p = mode_changeable;
1331 memset(mode_changeable, 0, inlen + 2);
1332 changeable_len = mode_sense_page(s, page, &p, 1);
1333 assert(changeable_len == len);
1334
1335 /* Check that unchangeable bits are the same as what MODE SENSE
1336 * would return.
1337 */
1338 for (i = 2; i < len; i++) {
1339 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1340 return -1;
1341 }
1342 }
1343 return 0;
1344}
1345
1346static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1347{
96c91bbf
PB		 1348 switch (page) {
1349 case MODE_PAGE_CACHING:
1350 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
1351 break;
1352
1353 default:
1354 break;
1355 }
380feaff
PB		 1356}
1357
1358static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1359{
1360 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1361
1362 while (len > 0) {
1363 int page, subpage, page_len;
1364
1365 /* Parse both possible formats for the mode page headers. */
1366 page = p[0] & 0x3f;
1367 if (p[0] & 0x40) {
1368 if (len < 4) {
1369 goto invalid_param_len;
1370 }
1371 subpage = p[1];
1372 page_len = lduw_be_p(&p[2]);
1373 p += 4;
1374 len -= 4;
1375 } else {
1376 if (len < 2) {
1377 goto invalid_param_len;
1378 }
1379 subpage = 0;
1380 page_len = p[1];
1381 p += 2;
1382 len -= 2;
1383 }
1384
1385 if (subpage) {
1386 goto invalid_param;
1387 }
1388 if (page_len > len) {
1389 goto invalid_param_len;
1390 }
1391
1392 if (!change) {
1393 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1394 goto invalid_param;
1395 }
1396 } else {
1397 scsi_disk_apply_mode_select(s, page, p);
1398 }
1399
1400 p += page_len;
1401 len -= page_len;
1402 }
1403 return 0;
1404
1405invalid_param:
1406 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1407 return -1;
1408
1409invalid_param_len:
1410 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1411 return -1;
1412}
1413
1414static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1415{
accfeb2d 1416 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1417 uint8_t *p = inbuf;
1418 int cmd = r->req.cmd.buf[0];
1419 int len = r->req.cmd.xfer;
1420 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1421 int bd_len;
1422 int pass;
1423
1424 /* We only support PF=1, SP=0. */
1425 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1426 goto invalid_field;
1427 }
1428
1429 if (len < hdr_len) {
1430 goto invalid_param_len;
1431 }
1432
1433 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1434 len -= hdr_len;
1435 p += hdr_len;
1436 if (len < bd_len) {
1437 goto invalid_param_len;
1438 }
1439 if (bd_len != 0 && bd_len != 8) {
1440 goto invalid_param;
1441 }
1442
1443 len -= bd_len;
1444 p += bd_len;
1445
1446 /* Ensure no change is made if there is an error! */
1447 for (pass = 0; pass < 2; pass++) {
1448 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1449 assert(pass == 0);
1450 return;
1451 }
1452 }
accfeb2d
PB		 1453 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
1454 /* The request is used as the AIO opaque value, so add a ref. */
1455 scsi_req_ref(&r->req);
1456 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1457 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1458 return;
1459 }
1460
380feaff
PB		 1461 scsi_req_complete(&r->req, GOOD);
1462 return;
1463
1464invalid_param:
1465 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1466 return;
1467
1468invalid_param_len:
1469 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1470 return;
1471
1472invalid_field:
1473 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1474}
1475
444bc908
PB		 1476static inline bool check_lba_range(SCSIDiskState *s,
1477 uint64_t sector_num, uint32_t nb_sectors)
1478{
1479 /*
1480 * The first line tests that no overflow happens when computing the last
1481 * sector. The second line tests that the last accessed sector is in
1482 * range.
12ca76fc
PB		 1483 *
1484 * Careful, the computations should not underflow for nb_sectors == 0,
1485 * and a 0-block read to the first LBA beyond the end of device is
1486 * valid.
444bc908
PB		 1487 */
1488 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1489 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1490}
1491
5222aaf2
PB		 1492typedef struct UnmapCBData {
1493 SCSIDiskReq *r;
1494 uint8_t *inbuf;
1495 int count;
1496} UnmapCBData;
1497
1498static void scsi_unmap_complete(void *opaque, int ret)
1499{
1500 UnmapCBData *data = opaque;
1501 SCSIDiskReq *r = data->r;
1502 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1503 uint64_t sector_num;
5bb0b62e 1504 uint32_t nb_sectors;
5222aaf2
PB		 1505
1506 r->req.aiocb = NULL;
d0242ead
PB		 1507 if (r->req.io_canceled) {
1508 goto done;
1509 }
1510
5222aaf2
PB		 1511 if (ret < 0) {
1512 if (scsi_handle_rw_error(r, -ret)) {
1513 goto done;
1514 }
1515 }
1516
d0242ead 1517 if (data->count > 0) {
5222aaf2
PB		 1518 sector_num = ldq_be_p(&data->inbuf[0]);
1519 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
444bc908 1520 if (!check_lba_range(s, sector_num, nb_sectors)) {
5222aaf2
PB		 1521 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1522 goto done;
1523 }
1524
1525 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1526 sector_num * (s->qdev.blocksize / 512),
1527 nb_sectors * (s->qdev.blocksize / 512),
1528 scsi_unmap_complete, data);
1529 data->count--;
1530 data->inbuf += 16;
1531 return;
1532 }
1533
d0242ead
PB		 1534 scsi_req_complete(&r->req, GOOD);
1535
5222aaf2 1536done:
5222aaf2
PB		 1537 if (!r->req.io_canceled) {
1538 scsi_req_unref(&r->req);
1539 }
1540 g_free(data);
1541}
1542
1543static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1544{
1545 uint8_t *p = inbuf;
1546 int len = r->req.cmd.xfer;
1547 UnmapCBData *data;
1548
1549 if (len < 8) {
1550 goto invalid_param_len;
1551 }
1552 if (len < lduw_be_p(&p[0]) + 2) {
1553 goto invalid_param_len;
1554 }
1555 if (len < lduw_be_p(&p[2]) + 8) {
1556 goto invalid_param_len;
1557 }
1558 if (lduw_be_p(&p[2]) & 15) {
1559 goto invalid_param_len;
1560 }
1561
1562 data = g_new0(UnmapCBData, 1);
1563 data->r = r;
1564 data->inbuf = &p[8];
1565 data->count = lduw_be_p(&p[2]) >> 4;
1566
1567 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1568 scsi_req_ref(&r->req);
1569 scsi_unmap_complete(data, 0);
1570 return;
1571
1572invalid_param_len:
1573 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
5222aaf2
PB		 1574}
1575
314a3299
PB		 1576static void scsi_disk_emulate_write_data(SCSIRequest *req)
1577{
af6d510d
PB		 1578 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1579
1580 if (r->iov.iov_len) {
1581 int buflen = r->iov.iov_len;
79fb50bb 1582 DPRINTF("Write buf_len=%d\n", buflen);
af6d510d
PB		 1583 r->iov.iov_len = 0;
1584 scsi_req_data(&r->req, buflen);
1585 return;
1586 }
1587
1588 switch (req->cmd.buf[0]) {
1589 case MODE_SELECT:
1590 case MODE_SELECT_10:
1591 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1592 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1593 break;
1594
5222aaf2
PB		 1595 case UNMAP:
1596 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1597 break;
1598
af6d510d
PB		 1599 default:
1600 abort();
1601 }
314a3299
PB		 1602}
1603
b08d0ea0 1604static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1605{
b08d0ea0 1606 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1607 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1608 uint64_t nb_sectors;
7285477a 1609 uint8_t *outbuf;
af6d510d 1610 int buflen;
aa5dbdc1 1611
b08d0ea0
PB		 1612 switch (req->cmd.buf[0]) {
1613 case INQUIRY:
1614 case MODE_SENSE:
1615 case MODE_SENSE_10:
1616 case RESERVE:
1617 case RESERVE_10:
1618 case RELEASE:
1619 case RELEASE_10:
1620 case START_STOP:
1621 case ALLOW_MEDIUM_REMOVAL:
1622 case GET_CONFIGURATION:
1623 case GET_EVENT_STATUS_NOTIFICATION:
1624 case MECHANISM_STATUS:
1625 case REQUEST_SENSE:
1626 break;
1627
1628 default:
1629 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1630 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1631 return 0;
1632 }
1633 break;
1634 }
1635
c8dcb531
PB		 1636 /*
1637 * FIXME: we shouldn't return anything bigger than 4k, but the code
1638 * requires the buffer to be as big as req->cmd.xfer in several
1639 * places. So, do not allow CDBs with a very large ALLOCATION
1640 * LENGTH. The real fix would be to modify scsi_read_data and
1641 * dma_buf_read, so that they return data beyond the buflen
1642 * as all zeros.
1643 */
1644 if (req->cmd.xfer > 65536) {
1645 goto illegal_request;
1646 }
1647 r->buflen = MAX(4096, req->cmd.xfer);
1648
7285477a 1649 if (!r->iov.iov_base) {
44740c38 1650 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1651 }
1652
af6d510d 1653 buflen = req->cmd.xfer;
7285477a 1654 outbuf = r->iov.iov_base;
c8dcb531 1655 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1656 switch (req->cmd.buf[0]) {
1657 case TEST_UNIT_READY:
9bcaf4fe 1658 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1659 break;
0b06c059
GH		 1660 case INQUIRY:
1661 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1662 if (buflen < 0) {
0b06c059 1663 goto illegal_request;
f01b5931 1664 }
5f71d32f 1665 break;
ebddfcbe
GH		 1666 case MODE_SENSE:
1667 case MODE_SENSE_10:
cfc606da 1668 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1669 if (buflen < 0) {
ebddfcbe 1670 goto illegal_request;
f01b5931 1671 }
ebddfcbe 1672 break;
02880f43
GH		 1673 case READ_TOC:
1674 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1675 if (buflen < 0) {
02880f43 1676 goto illegal_request;
f01b5931 1677 }
02880f43 1678 break;
3d53ba18 1679 case RESERVE:
f01b5931 1680 if (req->cmd.buf[1] & 1) {
3d53ba18 1681 goto illegal_request;
f01b5931 1682 }
3d53ba18
GH		 1683 break;
1684 case RESERVE_10:
f01b5931 1685 if (req->cmd.buf[1] & 3) {
3d53ba18 1686 goto illegal_request;
f01b5931 1687 }
3d53ba18
GH		 1688 break;
1689 case RELEASE:
f01b5931 1690 if (req->cmd.buf[1] & 1) {
3d53ba18 1691 goto illegal_request;
f01b5931 1692 }
3d53ba18
GH		 1693 break;
1694 case RELEASE_10:
f01b5931 1695 if (req->cmd.buf[1] & 3) {
3d53ba18 1696 goto illegal_request;
f01b5931 1697 }
3d53ba18 1698 break;
8d3628ff 1699 case START_STOP:
68bb01f3 1700 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1701 return 0;
68bb01f3 1702 }
5f71d32f 1703 break;
c68b9f34 1704 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1705 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1706 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1707 break;
5e30a07d 1708 case READ_CAPACITY_10:
e7e25e32 1709 /* The normal LEN field for this command is zero. */
5f71d32f 1710 memset(outbuf, 0, 8);
44740c38 1711 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1712 if (!nb_sectors) {
9bcaf4fe 1713 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1714 return 0;
f01b5931 1715 }
7cec78b6
PB		 1716 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1717 goto illegal_request;
1718 }
69377307 1719 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1720 /* Returned value is the address of the last sector. */
1721 nb_sectors--;
1722 /* Remember the new size for read/write sanity checking. */
7877903a 1723 s->qdev.max_lba = nb_sectors;
e7e25e32 1724 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1725 if (nb_sectors > UINT32_MAX) {
e7e25e32 1726 nb_sectors = UINT32_MAX;
f01b5931 1727 }
e7e25e32
GH		 1728 outbuf[0] = (nb_sectors >> 24) & 0xff;
1729 outbuf[1] = (nb_sectors >> 16) & 0xff;
1730 outbuf[2] = (nb_sectors >> 8) & 0xff;
1731 outbuf[3] = nb_sectors & 0xff;
1732 outbuf[4] = 0;
1733 outbuf[5] = 0;
69377307 1734 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 1735 outbuf[7] = 0;
5f71d32f 1736 break;
f3b338ef
PB		 1737 case REQUEST_SENSE:
1738 /* Just return "NO SENSE". */
1739 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1740 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 1741 if (buflen < 0) {
1742 goto illegal_request;
1743 }
f3b338ef 1744 break;
b6c251ab
PB		 1745 case MECHANISM_STATUS:
1746 buflen = scsi_emulate_mechanism_status(s, outbuf);
1747 if (buflen < 0) {
1748 goto illegal_request;
1749 }
1750 break;
38215553 1751 case GET_CONFIGURATION:
430ee2f2 1752 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1753 if (buflen < 0) {
1754 goto illegal_request;
1755 }
1756 break;
1757 case GET_EVENT_STATUS_NOTIFICATION:
1758 buflen = scsi_get_event_status_notification(s, r, outbuf);
1759 if (buflen < 0) {
1760 goto illegal_request;
1761 }
1762 break;
1a4f0c3a
PB		 1763 case READ_DISC_INFORMATION:
1764 buflen = scsi_read_disc_information(s, r, outbuf);
1765 if (buflen < 0) {
1766 goto illegal_request;
1767 }
1768 break;
b6c251ab
PB		 1769 case READ_DVD_STRUCTURE:
1770 buflen = scsi_read_dvd_structure(s, r, outbuf);
1771 if (buflen < 0) {
1772 goto illegal_request;
1773 }
38215553 1774 break;
f6515262 1775 case SERVICE_ACTION_IN_16:
5dd90e2a 1776 /* Service Action In subcommands. */
f6515262 1777 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1778 DPRINTF("SAI READ CAPACITY(16)\n");
1779 memset(outbuf, 0, req->cmd.xfer);
44740c38 1780 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1781 if (!nb_sectors) {
9bcaf4fe 1782 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1783 return 0;
f01b5931 1784 }
7cec78b6
PB		 1785 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1786 goto illegal_request;
1787 }
69377307 1788 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1789 /* Returned value is the address of the last sector. */
1790 nb_sectors--;
1791 /* Remember the new size for read/write sanity checking. */
7877903a 1792 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1793 outbuf[0] = (nb_sectors >> 56) & 0xff;
1794 outbuf[1] = (nb_sectors >> 48) & 0xff;
1795 outbuf[2] = (nb_sectors >> 40) & 0xff;
1796 outbuf[3] = (nb_sectors >> 32) & 0xff;
1797 outbuf[4] = (nb_sectors >> 24) & 0xff;
1798 outbuf[5] = (nb_sectors >> 16) & 0xff;
1799 outbuf[6] = (nb_sectors >> 8) & 0xff;
1800 outbuf[7] = nb_sectors & 0xff;
1801 outbuf[8] = 0;
1802 outbuf[9] = 0;
69377307 1803 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1804 outbuf[11] = 0;
ee3659e3
CH		 1805 outbuf[12] = 0;
1806 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1807
1808 /* set TPE bit if the format supports discard */
1809 if (s->qdev.conf.discard_granularity) {
1810 outbuf[14] = 0x80;
1811 }
1812
5dd90e2a 1813 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 1814 break;
1815 }
1816 DPRINTF("Unsupported Service Action In\n");
1817 goto illegal_request;
101aa85f
PB		 1818 case SYNCHRONIZE_CACHE:
1819 /* The request is used as the AIO opaque value, so add a ref. */
1820 scsi_req_ref(&r->req);
1821 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1822 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1823 return 0;
1824 case SEEK_10:
1825 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1826 if (r->req.cmd.lba > s->qdev.max_lba) {
1827 goto illegal_lba;
1828 }
1829 break;
101aa85f
PB		 1830 case MODE_SELECT:
1831 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
101aa85f
PB		 1832 break;
1833 case MODE_SELECT_10:
1834 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
101aa85f 1835 break;
5222aaf2
PB		 1836 case UNMAP:
1837 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
1838 break;
101aa85f 1839 case WRITE_SAME_10:
101aa85f 1840 case WRITE_SAME_16:
e93176d5 1841 nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
6a8a685c
RS		 1842 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1843 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1844 return 0;
1845 }
444bc908 1846 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
101aa85f
PB		 1847 goto illegal_lba;
1848 }
1849
1850 /*
1851 * We only support WRITE SAME with the unmap bit set for now.
1852 */
1853 if (!(req->cmd.buf[1] & 0x8)) {
1854 goto illegal_request;
1855 }
1856
1857 /* The request is used as the AIO opaque value, so add a ref. */
1858 scsi_req_ref(&r->req);
1859 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1860 r->req.cmd.lba * (s->qdev.blocksize / 512),
1861 nb_sectors * (s->qdev.blocksize / 512),
1862 scsi_aio_complete, r);
1863 return 0;
aa5dbdc1 1864 default:
b08d0ea0 1865 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1866 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 1867 return 0;
aa5dbdc1 1868 }
314a3299 1869 assert(!r->req.aiocb);
c8dcb531 1870 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 1871 if (r->iov.iov_len == 0) {
1872 scsi_req_complete(&r->req, GOOD);
1873 }
af6d510d
PB		 1874 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1875 assert(r->iov.iov_len == req->cmd.xfer);
1876 return -r->iov.iov_len;
1877 } else {
1878 return r->iov.iov_len;
1879 }
aa5dbdc1 1880
aa5dbdc1 1881illegal_request:
cfc606da
PB		 1882 if (r->req.status == -1) {
1883 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1884 }
b08d0ea0 1885 return 0;
101aa85f
PB		 1886
1887illegal_lba:
1888 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1889 return 0;
aa5dbdc1
GH		 1890}
1891
2e5d83bb
PB		 1892/* Execute a scsi command. Returns the length of the data expected by the
1893 command. This will be Positive for data transfers from the device
1894 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1895 and zero if the command does not transfer any data. */
1896
b08d0ea0 1897static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1898{
5c6c0e51
HR		 1899 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1900 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e93176d5 1901 uint32_t len;
a917d384 1902 uint8_t command;
a917d384
PB		 1903
1904 command = buf[0];
aa5dbdc1 1905
b08d0ea0
PB		 1906 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1907 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1908 return 0;
9bcaf4fe
PB		 1909 }
1910
e93176d5 1911 len = scsi_data_cdb_length(r->req.cmd.buf);
a917d384 1912 switch (command) {
ebf46023
GH		 1913 case READ_6:
1914 case READ_10:
bd536cf3
GH		 1915 case READ_12:
1916 case READ_16:
e93176d5 1917 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
96bdbbab
RS		 1918 if (r->req.cmd.buf[1] & 0xe0) {
1919 goto illegal_request;
1920 }
444bc908 1921 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 1922 goto illegal_lba;
f01b5931 1923 }
69377307
PB		 1924 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1925 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1926 break;
ebf46023
GH		 1927 case WRITE_6:
1928 case WRITE_10:
bd536cf3
GH		 1929 case WRITE_12:
1930 case WRITE_16:
5e30a07d 1931 case WRITE_VERIFY_10:
ebef0bbb
BK		 1932 case WRITE_VERIFY_12:
1933 case WRITE_VERIFY_16:
6a8a685c
RS		 1934 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1935 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1936 return 0;
1937 }
1938 /* fallthrough */
1939 case VERIFY_10:
1940 case VERIFY_12:
1941 case VERIFY_16:
e93176d5 1942 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2dd791b6
HR		 1943 (command & 0xe) == 0xe ? "And Verify " : "",
1944 r->req.cmd.lba, len);
96bdbbab
RS		 1945 if (r->req.cmd.buf[1] & 0xe0) {
1946 goto illegal_request;
1947 }
444bc908 1948 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 1949 goto illegal_lba;
f01b5931 1950 }
69377307
PB		 1951 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1952 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1953 break;
101aa85f 1954 default:
b08d0ea0 1955 abort();
96bdbbab
RS		 1956 illegal_request:
1957 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1958 return 0;
274fb0e1 1959 illegal_lba:
b45ef674 1960 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1961 return 0;
2e5d83bb 1962 }
b08d0ea0 1963 if (r->sector_count == 0) {
b45ef674 1964 scsi_req_complete(&r->req, GOOD);
a917d384 1965 }
b08d0ea0 1966 assert(r->iov.iov_len == 0);
efb9ee02 1967 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
b08d0ea0 1968 return -r->sector_count * 512;
a917d384 1969 } else {
b08d0ea0 1970 return r->sector_count * 512;
2e5d83bb 1971 }
2e5d83bb
PB		 1972}
1973
e9447f35
JK		 1974static void scsi_disk_reset(DeviceState *dev)
1975{
1976 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1977 uint64_t nb_sectors;
1978
c7b48872 1979 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1980
44740c38 1981 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1982 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1983 if (nb_sectors) {
1984 nb_sectors--;
1985 }
7877903a 1986 s->qdev.max_lba = nb_sectors;
3abd71cd
PH		 1987 /* reset tray statuses */
1988 s->tray_locked = 0;
1989 s->tray_open = 0;
e9447f35
JK		 1990}
1991
1992static void scsi_destroy(SCSIDevice *dev)
1993{
1994 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1995
c7b48872 1996 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1997 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1998}
1999
aaebacef
PB		 2000static void scsi_disk_resize_cb(void *opaque)
2001{
2002 SCSIDiskState *s = opaque;
2003
2004 /* SPC lists this sense code as available only for
2005 * direct-access devices.
2006 */
2007 if (s->qdev.type == TYPE_DISK) {
53200fad 2008 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 2009 }
2010}
2011
7d4b4ba5 2012static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 2013{
8a9c16f6
PB		 2014 SCSIDiskState *s = opaque;
2015
2016 /*
2017 * When a CD gets changed, we have to report an ejected state and
2018 * then a loaded state to guests so that they detect tray
2019 * open/close and media change events. Guests that do not use
2020 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2021 * states rely on this behavior.
2022 *
2023 * media_changed governs the state machine used for unit attention
2024 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2025 */
2026 s->media_changed = load;
2027 s->tray_open = !load;
e48e84ea 2028 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2029 s->media_event = true;
4480de19
PB		 2030 s->eject_request = false;
2031}
2032
2033static void scsi_cd_eject_request_cb(void *opaque, bool force)
2034{
2035 SCSIDiskState *s = opaque;
2036
2037 s->eject_request = true;
2038 if (force) {
2039 s->tray_locked = false;
2040 }
2c6942fa
MA		 2041}
2042
e4def80b
MA		 2043static bool scsi_cd_is_tray_open(void *opaque)
2044{
2045 return ((SCSIDiskState *)opaque)->tray_open;
2046}
2047
f107639a
MA		 2048static bool scsi_cd_is_medium_locked(void *opaque)
2049{
2050 return ((SCSIDiskState *)opaque)->tray_locked;
2051}
2052
aaebacef 2053static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2054 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2055 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2056 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2057 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2058
2059 .resize_cb = scsi_disk_resize_cb,
2060};
2061
2062static const BlockDevOps scsi_disk_block_ops = {
2063 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2064};
2065
8a9c16f6
PB		 2066static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2067{
2068 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2069 if (s->media_changed) {
2070 s->media_changed = false;
e48e84ea 2071 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2072 }
2073}
2074
e39be482 2075static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 2076{
d52affa7 2077 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2e5d83bb 2078
f8b6cc00 2079 if (!s->qdev.conf.bs) {
6a84cb1f 2080 error_report("drive property not set");
d52affa7
GH		 2081 return -1;
2082 }
2083
bfe3d7ac
PB		 2084 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2085 !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 2086 error_report("Device needs media, but drive is empty");
2087 return -1;
2088 }
2089
911525db 2090 blkconf_serial(&s->qdev.conf, &s->serial);
b2df4314
MA		 2091 if (dev->type == TYPE_DISK
2092 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
b7eb0c9f
MA		 2093 return -1;
2094 }
a0fef654 2095
215e47b9
PB		 2096 if (s->qdev.conf.discard_granularity == -1) {
2097 s->qdev.conf.discard_granularity =
2098 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2099 }
2100
552fee93 2101 if (!s->version) {
93bfef4c 2102 s->version = g_strdup(qemu_get_version());
552fee93 2103 }
353815aa
DF		 2104 if (!s->vendor) {
2105 s->vendor = g_strdup("QEMU");
2106 }
552fee93 2107
44740c38 2108 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 2109 error_report("unwanted /dev/sg*");
32bb404a
MA		 2110 return -1;
2111 }
2112
bfe3d7ac 2113 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
aaebacef
PB		 2114 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
2115 } else {
2116 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
2e5d83bb 2117 }
44740c38 2118 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 2119
44740c38 2120 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 2121 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 2122 return 0;
2123}
2124
b443ae67
MA		 2125static int scsi_hd_initfn(SCSIDevice *dev)
2126{
e39be482
PB		 2127 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2128 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2129 s->qdev.type = TYPE_DISK;
353815aa
DF		 2130 if (!s->product) {
2131 s->product = g_strdup("QEMU HARDDISK");
2132 }
e39be482 2133 return scsi_initfn(&s->qdev);
b443ae67
MA		 2134}
2135
2136static int scsi_cd_initfn(SCSIDevice *dev)
2137{
e39be482
PB		 2138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2139 s->qdev.blocksize = 2048;
2140 s->qdev.type = TYPE_ROM;
bfe3d7ac 2141 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2142 if (!s->product) {
2143 s->product = g_strdup("QEMU CD-ROM");
2144 }
e39be482 2145 return scsi_initfn(&s->qdev);
b443ae67
MA		 2146}
2147
2148static int scsi_disk_initfn(SCSIDevice *dev)
2149{
95b5edcd 2150 DriveInfo *dinfo;
b443ae67
MA		 2151
2152 if (!dev->conf.bs) {
e39be482 2153 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 2154 }
2155
e39be482
PB		 2156 dinfo = drive_get_by_blockdev(dev->conf.bs);
2157 if (dinfo->media_cd) {
2158 return scsi_cd_initfn(dev);
2159 } else {
2160 return scsi_hd_initfn(dev);
2161 }
b443ae67
MA		 2162}
2163
b08d0ea0 2164static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2165 .size = sizeof(SCSIDiskReq),
12010e7b 2166 .free_req = scsi_free_request,
b08d0ea0 2167 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2168 .read_data = scsi_disk_emulate_read_data,
2169 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2170 .get_buf = scsi_get_buf,
2171};
2172
2173static const SCSIReqOps scsi_disk_dma_reqops = {
2174 .size = sizeof(SCSIDiskReq),
2175 .free_req = scsi_free_request,
2176 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2177 .read_data = scsi_read_data,
2178 .write_data = scsi_write_data,
2179 .cancel_io = scsi_cancel_io,
2180 .get_buf = scsi_get_buf,
43b978b9
PB		 2181 .load_request = scsi_disk_load_request,
2182 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2183};
2184
b08d0ea0
PB		 2185static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2186 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2187 [INQUIRY] = &scsi_disk_emulate_reqops,
2188 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2189 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2190 [START_STOP] = &scsi_disk_emulate_reqops,
2191 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2192 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2193 [READ_TOC] = &scsi_disk_emulate_reqops,
2194 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2195 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2196 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2197 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2198 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2199 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2200 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2201 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2202 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2203 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2204 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2205 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2206 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2207 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2208
2209 [READ_6] = &scsi_disk_dma_reqops,
2210 [READ_10] = &scsi_disk_dma_reqops,
2211 [READ_12] = &scsi_disk_dma_reqops,
2212 [READ_16] = &scsi_disk_dma_reqops,
2213 [VERIFY_10] = &scsi_disk_dma_reqops,
2214 [VERIFY_12] = &scsi_disk_dma_reqops,
2215 [VERIFY_16] = &scsi_disk_dma_reqops,
2216 [WRITE_6] = &scsi_disk_dma_reqops,
2217 [WRITE_10] = &scsi_disk_dma_reqops,
2218 [WRITE_12] = &scsi_disk_dma_reqops,
2219 [WRITE_16] = &scsi_disk_dma_reqops,
2220 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2221 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2222 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2223};
2224
63db0f0e
PB		 2225static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2226 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2227{
2228 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2229 SCSIRequest *req;
b08d0ea0
PB		 2230 const SCSIReqOps *ops;
2231 uint8_t command;
8dbd4574 2232
79fb50bb
PB		 2233 command = buf[0];
2234 ops = scsi_disk_reqops_dispatch[command];
2235 if (!ops) {
2236 ops = &scsi_disk_emulate_reqops;
2237 }
2238 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2239
b08d0ea0 2240#ifdef DEBUG_SCSI
79fb50bb 2241 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
b08d0ea0
PB		 2242 {
2243 int i;
79fb50bb 2244 for (i = 1; i < req->cmd.len; i++) {
b08d0ea0
PB		 2245 printf(" 0x%02x", buf[i]);
2246 }
2247 printf("\n");
2248 }
2249#endif
2250
8dbd4574
PB		 2251 return req;
2252}
2253
336a6915
PB		 2254#ifdef __linux__
2255static int get_device_type(SCSIDiskState *s)
2256{
2257 BlockDriverState *bdrv = s->qdev.conf.bs;
2258 uint8_t cmd[16];
2259 uint8_t buf[36];
2260 uint8_t sensebuf[8];
2261 sg_io_hdr_t io_header;
2262 int ret;
2263
2264 memset(cmd, 0, sizeof(cmd));
2265 memset(buf, 0, sizeof(buf));
2266 cmd[0] = INQUIRY;
2267 cmd[4] = sizeof(buf);
2268
2269 memset(&io_header, 0, sizeof(io_header));
2270 io_header.interface_id = 'S';
2271 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2272 io_header.dxfer_len = sizeof(buf);
2273 io_header.dxferp = buf;
2274 io_header.cmdp = cmd;
2275 io_header.cmd_len = sizeof(cmd);
2276 io_header.mx_sb_len = sizeof(sensebuf);
2277 io_header.sbp = sensebuf;
2278 io_header.timeout = 6000; /* XXX */
2279
2280 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
2281 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2282 return -1;
2283 }
2284 s->qdev.type = buf[0];
bfe3d7ac
PB		 2285 if (buf[1] & 0x80) {
2286 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2287 }
336a6915
PB		 2288 return 0;
2289}
2290
2291static int scsi_block_initfn(SCSIDevice *dev)
2292{
2293 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2294 int sg_version;
2295 int rc;
2296
2297 if (!s->qdev.conf.bs) {
2298 error_report("scsi-block: drive property not set");
2299 return -1;
2300 }
2301
2302 /* check we are using a driver managing SG_IO (version 3 and after) */
2303 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
2304 sg_version < 30000) {
2305 error_report("scsi-block: scsi generic interface too old");
2306 return -1;
2307 }
2308
2309 /* get device type from INQUIRY data */
2310 rc = get_device_type(s);
2311 if (rc < 0) {
2312 error_report("scsi-block: INQUIRY failed");
2313 return -1;
2314 }
2315
2316 /* Make a guess for the block size, we'll fix it when the guest sends.
2317 * READ CAPACITY. If they don't, they likely would assume these sizes
2318 * anyway. (TODO: check in /sys).
2319 */
2320 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2321 s->qdev.blocksize = 2048;
2322 } else {
2323 s->qdev.blocksize = 512;
2324 }
2325 return scsi_initfn(&s->qdev);
2326}
2327
2328static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2329 uint32_t lun, uint8_t *buf,
2330 void *hba_private)
2331{
2332 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2333
2334 switch (buf[0]) {
2335 case READ_6:
2336 case READ_10:
2337 case READ_12:
2338 case READ_16:
7f64f8e2
PB		 2339 case VERIFY_10:
2340 case VERIFY_12:
2341 case VERIFY_16:
336a6915
PB		 2342 case WRITE_6:
2343 case WRITE_10:
2344 case WRITE_12:
2345 case WRITE_16:
2346 case WRITE_VERIFY_10:
2347 case WRITE_VERIFY_12:
2348 case WRITE_VERIFY_16:
eaccf49e
PB		 2349 /* If we are not using O_DIRECT, we might read stale data from the
2350 * host cache if writes were made using other commands than these
2351 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2352 * O_DIRECT everything must go through SG_IO.
2353 */
137745c5 2354 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
eaccf49e
PB		 2355 break;
2356 }
2357
33ebad12
PB		 2358 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2359 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2360 * And once you do these writes, reading from the block device is
2361 * unreliable, too. It is even possible that reads deliver random data
2362 * from the host page cache (this is probably a Linux bug).
2363 *
b08d0ea0 2364 * We might use scsi_disk_dma_reqops as long as no writing commands are
33ebad12
PB		 2365 * seen, but performance usually isn't paramount on optical media. So,
2366 * just make scsi-block operate the same as scsi-generic for them.
2367 */
b08d0ea0
PB		 2368 if (s->qdev.type != TYPE_ROM) {
2369 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2370 hba_private);
2371 }
336a6915
PB		 2372 }
2373
2374 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2375 hba_private);
2376}
2377#endif
2378
353815aa
DF		 2379#define DEFINE_SCSI_DISK_PROPERTIES() \
2380 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2381 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2382 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2383 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2384 DEFINE_PROP_STRING("product", SCSIDiskState, product)
b443ae67 2385
39bffca2
AL		 2386static Property scsi_hd_properties[] = {
2387 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2388 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2389 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2390 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2391 SCSI_DISK_F_DPOFUA, false),
27395add 2392 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
d252df48 2393 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 2394 DEFINE_PROP_END_OF_LIST(),
2395};
2396
43b978b9
PB		 2397static const VMStateDescription vmstate_scsi_disk_state = {
2398 .name = "scsi-disk",
2399 .version_id = 1,
2400 .minimum_version_id = 1,
2401 .minimum_version_id_old = 1,
2402 .fields = (VMStateField[]) {
2403 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2404 VMSTATE_BOOL(media_changed, SCSIDiskState),
2405 VMSTATE_BOOL(media_event, SCSIDiskState),
2406 VMSTATE_BOOL(eject_request, SCSIDiskState),
2407 VMSTATE_BOOL(tray_open, SCSIDiskState),
2408 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2409 VMSTATE_END_OF_LIST()
2410 }
2411};
2412
b9eea3e6
AL		 2413static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2414{
39bffca2 2415 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2416 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2417
2418 sc->init = scsi_hd_initfn;
2419 sc->destroy = scsi_destroy;
2420 sc->alloc_req = scsi_new_request;
2421 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2422 dc->fw_name = "disk";
2423 dc->desc = "virtual SCSI disk";
2424 dc->reset = scsi_disk_reset;
2425 dc->props = scsi_hd_properties;
43b978b9 2426 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2427}
2428
8c43a6f0 2429static const TypeInfo scsi_hd_info = {
39bffca2
AL		 2430 .name = "scsi-hd",
2431 .parent = TYPE_SCSI_DEVICE,
2432 .instance_size = sizeof(SCSIDiskState),
2433 .class_init = scsi_hd_class_initfn,
2434};
2435
2436static Property scsi_cd_properties[] = {
2437 DEFINE_SCSI_DISK_PROPERTIES(),
27395add 2438 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
39bffca2 2439 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 2440};
2441
2442static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2443{
39bffca2 2444 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2445 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2446
2447 sc->init = scsi_cd_initfn;
2448 sc->destroy = scsi_destroy;
2449 sc->alloc_req = scsi_new_request;
2450 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2451 dc->fw_name = "disk";
2452 dc->desc = "virtual SCSI CD-ROM";
2453 dc->reset = scsi_disk_reset;
2454 dc->props = scsi_cd_properties;
43b978b9 2455 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2456}
2457
8c43a6f0 2458static const TypeInfo scsi_cd_info = {
39bffca2
AL		 2459 .name = "scsi-cd",
2460 .parent = TYPE_SCSI_DEVICE,
2461 .instance_size = sizeof(SCSIDiskState),
2462 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 2463};
2464
336a6915 2465#ifdef __linux__
39bffca2 2466static Property scsi_block_properties[] = {
03847837 2467 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
0f1da449 2468 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
39bffca2
AL		 2469 DEFINE_PROP_END_OF_LIST(),
2470};
2471
b9eea3e6
AL		 2472static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2473{
39bffca2 2474 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2475 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2476
2477 sc->init = scsi_block_initfn;
2478 sc->destroy = scsi_destroy;
2479 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 2480 dc->fw_name = "disk";
2481 dc->desc = "SCSI block device passthrough";
2482 dc->reset = scsi_disk_reset;
2483 dc->props = scsi_block_properties;
43b978b9 2484 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2485}
2486
8c43a6f0 2487static const TypeInfo scsi_block_info = {
39bffca2
AL		 2488 .name = "scsi-block",
2489 .parent = TYPE_SCSI_DEVICE,
2490 .instance_size = sizeof(SCSIDiskState),
2491 .class_init = scsi_block_class_initfn,
b9eea3e6 2492};
336a6915 2493#endif
b9eea3e6 2494
39bffca2
AL		 2495static Property scsi_disk_properties[] = {
2496 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2497 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2498 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2499 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2500 SCSI_DISK_F_DPOFUA, false),
27395add 2501 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
39bffca2
AL		 2502 DEFINE_PROP_END_OF_LIST(),
2503};
2504
b9eea3e6
AL		 2505static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2506{
39bffca2 2507 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2508 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2509
2510 sc->init = scsi_disk_initfn;
2511 sc->destroy = scsi_destroy;
2512 sc->alloc_req = scsi_new_request;
2513 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2514 dc->fw_name = "disk";
2515 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2516 dc->reset = scsi_disk_reset;
2517 dc->props = scsi_disk_properties;
43b978b9 2518 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2519}
2520
8c43a6f0 2521static const TypeInfo scsi_disk_info = {
39bffca2
AL		 2522 .name = "scsi-disk",
2523 .parent = TYPE_SCSI_DEVICE,
2524 .instance_size = sizeof(SCSIDiskState),
2525 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 2526};
2527
83f7d43a 2528static void scsi_disk_register_types(void)
d52affa7 2529{
39bffca2
AL		 2530 type_register_static(&scsi_hd_info);
2531 type_register_static(&scsi_cd_info);
b9eea3e6 2532#ifdef __linux__
39bffca2 2533 type_register_static(&scsi_block_info);
b9eea3e6 2534#endif
39bffca2 2535 type_register_static(&scsi_disk_info);
8ccc2ace 2536}
83f7d43a
AF		 2537
2538type_init(scsi_disk_register_types)
Qemu copy for testing