]> git.proxmox.com Git - qemu.git/blame - hw/scsi/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rng-egd: remove redundant free
[qemu.git] / hw / scsi / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
87ecb68b 31#include "qemu-common.h"
1de7afc9 32#include "qemu/error-report.h"
0d09e41a
PB		 33#include "hw/scsi/scsi.h"
34#include "block/scsi.h"
9c17d615
PB		 35#include "sysemu/sysemu.h"
36#include "sysemu/blockdev.h"
0d09e41a 37#include "hw/block/block.h"
9c17d615 38#include "sysemu/dma.h"
22864256 39
336a6915
PB		 40#ifdef __linux
41#include <scsi/sg.h>
42#endif
43
215e47b9
PB		 44#define SCSI_DMA_BUF_SIZE 131072
45#define SCSI_MAX_INQUIRY_LEN 256
46#define SCSI_MAX_MODE_LEN 256
47
48#define DEFAULT_DISCARD_GRANULARITY 4096
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
a0e66a69 58 bool started;
c87c0672
AL		 59 struct iovec iov;
60 QEMUIOVector qiov;
a597e79c 61 BlockAcctCookie acct;
4c41d2ef 62} SCSIDiskReq;
a917d384 63
18e673b8
PH		 64#define SCSI_DISK_F_REMOVABLE 0
65#define SCSI_DISK_F_DPOFUA 1
66#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
bfe3d7ac 67
d52affa7 68struct SCSIDiskState
a917d384 69{
d52affa7 70 SCSIDevice qdev;
bfe3d7ac 71 uint32_t features;
8a9c16f6 72 bool media_changed;
3c2f7c12 73 bool media_event;
4480de19 74 bool eject_request;
27395add 75 uint64_t wwn;
213189ab 76 QEMUBH *bh;
383b4d9b 77 char *version;
a0fef654 78 char *serial;
353815aa
DF		 79 char *vendor;
80 char *product;
ece0d5e9 81 bool tray_open;
81b1008d 82 bool tray_locked;
2e5d83bb
PB		 83};
84
71544d30 85static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 86
ad2d30f7 87static void scsi_free_request(SCSIRequest *req)
4d611c9a 88{
ad2d30f7
PB		 89 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
90
db4c34c3 91 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 92}
93
b45ef674
PB		 94/* Helper function for command completion with sense. */
95static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 96{
02fa69b6
BS		 97 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
98 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 99 scsi_req_build_sense(&r->req, sense);
100 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 101}
102
103/* Cancel a pending data transfer. */
5c6c0e51 104static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 105{
5c6c0e51
HR		 106 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
107
108 DPRINTF("Cancel tag=0x%x\n", req->tag);
109 if (r->req.aiocb) {
110 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 111
112 /* This reference was left in by scsi_*_data. We take ownership of
113 * it the moment scsi_req_cancel is called, independent of whether
114 * bdrv_aio_cancel completes the request or not. */
115 scsi_req_unref(&r->req);
a917d384 116 }
5c6c0e51 117 r->req.aiocb = NULL;
a917d384
PB		 118}
119
43b978b9 120static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 121{
7285477a
PB		 122 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
123
124 if (!r->iov.iov_base) {
43b978b9 125 r->buflen = size;
44740c38 126 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 127 }
128 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 129 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
130 return r->qiov.size / 512;
131}
132
43b978b9
PB		 133static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
134{
135 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
136
137 qemu_put_be64s(f, &r->sector);
138 qemu_put_be32s(f, &r->sector_count);
139 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 140 if (r->buflen) {
141 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
142 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
143 } else if (!req->retry) {
144 uint32_t len = r->iov.iov_len;
145 qemu_put_be32s(f, &len);
146 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
147 }
43b978b9
PB		 148 }
149}
150
151static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
152{
153 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
154
155 qemu_get_be64s(f, &r->sector);
156 qemu_get_be32s(f, &r->sector_count);
157 qemu_get_be32s(f, &r->buflen);
158 if (r->buflen) {
159 scsi_init_iovec(r, r->buflen);
160 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
161 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 162 } else if (!r->req.retry) {
163 uint32_t len;
164 qemu_get_be32s(f, &len);
165 r->iov.iov_len = len;
166 assert(r->iov.iov_len <= r->buflen);
167 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 168 }
169 }
170
171 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
172}
173
c1b35247 174static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 175{
176 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
177 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
178
46e3f30e
PB		 179 assert(r->req.aiocb != NULL);
180 r->req.aiocb = NULL;
5d0d2467 181 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0c92e0e6
PB		 182 if (r->req.io_canceled) {
183 goto done;
184 }
5d0d2467 185
80624c93 186 if (ret < 0) {
5d0d2467
PB		 187 if (scsi_handle_rw_error(r, -ret)) {
188 goto done;
189 }
190 }
191
5d0d2467
PB		 192 scsi_req_complete(&r->req, GOOD);
193
194done:
b8aba8d7
PB		 195 if (!r->req.io_canceled) {
196 scsi_req_unref(&r->req);
197 }
5d0d2467
PB		 198}
199
7e8c49c5
PB		 200static bool scsi_is_cmd_fua(SCSICommand *cmd)
201{
202 switch (cmd->buf[0]) {
203 case READ_10:
204 case READ_12:
205 case READ_16:
206 case WRITE_10:
207 case WRITE_12:
208 case WRITE_16:
209 return (cmd->buf[1] & 8) != 0;
210
7f64f8e2
PB		 211 case VERIFY_10:
212 case VERIFY_12:
213 case VERIFY_16:
7e8c49c5
PB		 214 case WRITE_VERIFY_10:
215 case WRITE_VERIFY_12:
216 case WRITE_VERIFY_16:
217 return true;
218
219 case READ_6:
220 case WRITE_6:
221 default:
222 return false;
223 }
224}
225
226static void scsi_write_do_fua(SCSIDiskReq *r)
227{
228 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
229
0c92e0e6
PB		 230 if (r->req.io_canceled) {
231 goto done;
232 }
233
7e8c49c5
PB		 234 if (scsi_is_cmd_fua(&r->req.cmd)) {
235 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
c1b35247 236 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
7e8c49c5
PB		 237 return;
238 }
239
240 scsi_req_complete(&r->req, GOOD);
0c92e0e6
PB		 241
242done:
7e8c49c5
PB		 243 if (!r->req.io_canceled) {
244 scsi_req_unref(&r->req);
245 }
246}
247
ef8489d4 248static void scsi_dma_complete_noio(void *opaque, int ret)
a917d384 249{
4c41d2ef 250 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 251 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 252
ef8489d4
PB		 253 if (r->req.aiocb != NULL) {
254 r->req.aiocb = NULL;
255 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
256 }
0c92e0e6
PB		 257 if (r->req.io_canceled) {
258 goto done;
259 }
a597e79c 260
80624c93 261 if (ret < 0) {
71544d30 262 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 263 goto done;
5dba48a8 264 }
4d611c9a 265 }
5dba48a8 266
b77912a7
PB		 267 r->sector += r->sector_count;
268 r->sector_count = 0;
7e8c49c5
PB		 269 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
270 scsi_write_do_fua(r);
271 return;
272 } else {
273 scsi_req_complete(&r->req, GOOD);
274 }
c7bae6a7
PB		 275
276done:
277 if (!r->req.io_canceled) {
278 scsi_req_unref(&r->req);
279 }
4d611c9a
PB		 280}
281
ef8489d4
PB		 282static void scsi_dma_complete(void *opaque, int ret)
283{
284 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
285
286 assert(r->req.aiocb != NULL);
287 scsi_dma_complete_noio(opaque, ret);
288}
289
b77912a7 290static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 291{
292 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
293 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 294 int n;
0a4ac106 295
46e3f30e
PB		 296 assert(r->req.aiocb != NULL);
297 r->req.aiocb = NULL;
298 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0c92e0e6
PB		 299 if (r->req.io_canceled) {
300 goto done;
301 }
0a4ac106
PB		 302
303 if (ret < 0) {
71544d30 304 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 305 goto done;
0a4ac106
PB		 306 }
307 }
308
b77912a7
PB		 309 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
310
311 n = r->qiov.size / 512;
312 r->sector += n;
313 r->sector_count -= n;
314 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 315
316done:
317 if (!r->req.io_canceled) {
318 scsi_req_unref(&r->req);
319 }
0a4ac106 320}
5dba48a8 321
ac668426
PB		 322/* Actually issue a read to the block device. */
323static void scsi_do_read(void *opaque, int ret)
324{
325 SCSIDiskReq *r = opaque;
326 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
327 uint32_t n;
328
329 if (r->req.aiocb != NULL) {
330 r->req.aiocb = NULL;
331 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
332 }
0c92e0e6
PB		 333 if (r->req.io_canceled) {
334 goto done;
335 }
ac668426
PB		 336
337 if (ret < 0) {
338 if (scsi_handle_rw_error(r, -ret)) {
339 goto done;
340 }
341 }
342
31e8fd86
PB		 343 /* The request is used as the AIO opaque value, so add a ref. */
344 scsi_req_ref(&r->req);
345
ac668426
PB		 346 if (r->req.sg) {
347 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
348 r->req.resid -= r->req.sg->size;
349 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
350 scsi_dma_complete, r);
351 } else {
352 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
353 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
354 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
355 scsi_read_complete, r);
356 }
357
358done:
359 if (!r->req.io_canceled) {
360 scsi_req_unref(&r->req);
361 }
362}
363
5c6c0e51
HR		 364/* Read more data from scsi device into buffer. */
365static void scsi_read_data(SCSIRequest *req)
2e5d83bb 366{
5c6c0e51 367 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 368 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 369 bool first;
2e5d83bb 370
a917d384
PB		 371 DPRINTF("Read sector_count=%d\n", r->sector_count);
372 if (r->sector_count == 0) {
b45ef674
PB		 373 /* This also clears the sense buffer for REQUEST SENSE. */
374 scsi_req_complete(&r->req, GOOD);
a917d384 375 return;
2e5d83bb
PB		 376 }
377
6fa2c95f
SH		 378 /* No data transfer may already be in progress */
379 assert(r->req.aiocb == NULL);
380
c7bae6a7
PB		 381 /* The request is used as the AIO opaque value, so add a ref. */
382 scsi_req_ref(&r->req);
efb9ee02
HR		 383 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
384 DPRINTF("Data transfer direction invalid\n");
385 scsi_read_complete(r, -EINVAL);
386 return;
387 }
388
a1aff5bf
MA		 389 if (s->tray_open) {
390 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 391 return;
a1aff5bf 392 }
c7bae6a7 393
ac668426 394 first = !r->started;
a0e66a69 395 r->started = true;
ac668426
PB		 396 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
397 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
398 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
5d0d2467 399 } else {
ac668426 400 scsi_do_read(r, 0);
5d0d2467 401 }
2e5d83bb
PB		 402}
403
c7bae6a7
PB		 404/*
405 * scsi_handle_rw_error has two return values. 0 means that the error
406 * must be ignored, 1 means that the error has been processed and the
407 * caller should not do anything else for this request. Note that
408 * scsi_handle_rw_error always manages its reference counts, independent
409 * of the return value.
410 */
71544d30 411static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 412{
1ceee0d5 413 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 414 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3e1caa5f 415 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
ea8a5d7f 416
3e1caa5f 417 if (action == BDRV_ACTION_REPORT) {
efb9ee02 418 switch (error) {
7e218df5
PB		 419 case ENOMEDIUM:
420 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
421 break;
efb9ee02 422 case ENOMEM:
b45ef674 423 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 424 break;
425 case EINVAL:
b45ef674 426 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 427 break;
428 default:
b45ef674 429 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 430 break;
a1f0cce2 431 }
ea8a5d7f 432 }
3e1caa5f
PB		 433 bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
434 if (action == BDRV_ACTION_STOP) {
435 scsi_req_retry(&r->req);
436 }
437 return action != BDRV_ACTION_IGNORE;
ea8a5d7f
AL		 438}
439
4d611c9a
PB		 440static void scsi_write_complete(void * opaque, int ret)
441{
4c41d2ef 442 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 443 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 444 uint32_t n;
445
8e321cc6
PB		 446 if (r->req.aiocb != NULL) {
447 r->req.aiocb = NULL;
44740c38 448 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 449 }
0c92e0e6
PB		 450 if (r->req.io_canceled) {
451 goto done;
452 }
a597e79c 453
80624c93 454 if (ret < 0) {
71544d30 455 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 456 goto done;
5dba48a8 457 }
4d611c9a
PB		 458 }
459
103b40f5 460 n = r->qiov.size / 512;
ea8a5d7f
AL		 461 r->sector += n;
462 r->sector_count -= n;
a917d384 463 if (r->sector_count == 0) {
7e8c49c5
PB		 464 scsi_write_do_fua(r);
465 return;
a917d384 466 } else {
43b978b9 467 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
79fb50bb 468 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
103b40f5 469 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 470 }
c7bae6a7
PB		 471
472done:
473 if (!r->req.io_canceled) {
474 scsi_req_unref(&r->req);
475 }
4d611c9a
PB		 476}
477
42741212 478static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 479{
5c6c0e51 480 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 481 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 482 uint32_t n;
483
6fa2c95f
SH		 484 /* No data transfer may already be in progress */
485 assert(r->req.aiocb == NULL);
486
c7bae6a7
PB		 487 /* The request is used as the AIO opaque value, so add a ref. */
488 scsi_req_ref(&r->req);
efb9ee02
HR		 489 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
490 DPRINTF("Data transfer direction invalid\n");
491 scsi_write_complete(r, -EINVAL);
42741212 492 return;
efb9ee02
HR		 493 }
494
5d0d2467
PB		 495 if (!r->req.sg && !r->qiov.size) {
496 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 497 r->started = true;
5d0d2467
PB		 498 scsi_write_complete(r, 0);
499 return;
500 }
501 if (s->tray_open) {
502 scsi_write_complete(r, -ENOMEDIUM);
503 return;
504 }
505
7f64f8e2
PB		 506 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
507 r->req.cmd.buf[0] == VERIFY_16) {
508 if (r->req.sg) {
ef8489d4 509 scsi_dma_complete_noio(r, 0);
7f64f8e2
PB		 510 } else {
511 scsi_write_complete(r, 0);
512 }
513 return;
514 }
515
5d0d2467
PB		 516 if (r->req.sg) {
517 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
518 r->req.resid -= r->req.sg->size;
519 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
520 scsi_dma_complete, r);
521 } else {
522 n = r->qiov.size / 512;
44740c38
PB		 523 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
524 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 525 scsi_write_complete, r);
ea8a5d7f 526 }
a917d384 527}
2e5d83bb 528
a917d384 529/* Return a pointer to the data buffer. */
5c6c0e51 530static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 531{
5c6c0e51 532 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 533
3f4cb3d3 534 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 535}
536
0b06c059
GH		 537static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
538{
383b4d9b 539 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059 540 int buflen = 0;
82579390 541 int start;
0b06c059 542
0b06c059
GH		 543 if (req->cmd.buf[1] & 0x1) {
544 /* Vital product data */
545 uint8_t page_code = req->cmd.buf[2];
0b06c059 546
e39be482 547 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 548 outbuf[buflen++] = page_code ; // this page
549 outbuf[buflen++] = 0x00;
82579390
PB		 550 outbuf[buflen++] = 0x00;
551 start = buflen;
0b06c059
GH		 552
553 switch (page_code) {
554 case 0x00: /* Supported page codes, mandatory */
39d98982 555 {
0b06c059
GH		 556 DPRINTF("Inquiry EVPD[Supported pages] "
557 "buffer size %zd\n", req->cmd.xfer);
0b06c059 558 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 559 if (s->serial) {
3e1c0c9a 560 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 561 }
0b06c059 562 outbuf[buflen++] = 0x83; // device identification
f37bd73b 563 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 564 outbuf[buflen++] = 0xb0; // block limits
565 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982 566 }
0b06c059 567 break;
39d98982 568 }
0b06c059
GH		 569 case 0x80: /* Device serial number, optional */
570 {
3e1c0c9a 571 int l;
0b06c059 572
3e1c0c9a
HR		 573 if (!s->serial) {
574 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
575 return -1;
576 }
577
578 l = strlen(s->serial);
f01b5931 579 if (l > 20) {
0b06c059 580 l = 20;
f01b5931 581 }
0b06c059
GH		 582
583 DPRINTF("Inquiry EVPD[Serial number] "
584 "buffer size %zd\n", req->cmd.xfer);
a0fef654 585 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 586 buflen += l;
587 break;
588 }
589
590 case 0x83: /* Device identification page, mandatory */
591 {
fd930791
PB		 592 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
593 int max_len = s->serial ? 20 : 255 - 8;
594 int id_len = strlen(str);
0b06c059 595
f01b5931 596 if (id_len > max_len) {
0b06c059 597 id_len = max_len;
f01b5931 598 }
0b06c059
GH		 599 DPRINTF("Inquiry EVPD[Device identification] "
600 "buffer size %zd\n", req->cmd.xfer);
601
0b06c059
GH		 602 outbuf[buflen++] = 0x2; // ASCII
603 outbuf[buflen++] = 0; // not officially assigned
604 outbuf[buflen++] = 0; // reserved
605 outbuf[buflen++] = id_len; // length of data following
fd930791 606 memcpy(outbuf+buflen, str, id_len);
0b06c059 607 buflen += id_len;
27395add
PB		 608
609 if (s->wwn) {
610 outbuf[buflen++] = 0x1; // Binary
611 outbuf[buflen++] = 0x3; // NAA
612 outbuf[buflen++] = 0; // reserved
613 outbuf[buflen++] = 8;
614 stq_be_p(&outbuf[buflen], s->wwn);
615 buflen += 8;
616 }
0b06c059
GH		 617 break;
618 }
ea3bd56f 619 case 0xb0: /* block limits */
ee3659e3 620 {
ea3bd56f
CH		 621 unsigned int unmap_sectors =
622 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 623 unsigned int min_io_size =
624 s->qdev.conf.min_io_size / s->qdev.blocksize;
625 unsigned int opt_io_size =
626 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 627
f37bd73b 628 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 629 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
630 page_code);
631 return -1;
632 }
ee3659e3 633 /* required VPD size with unmap support */
82579390 634 buflen = 0x40;
ee3659e3
CH		 635 memset(outbuf + 4, 0, buflen - 4);
636
637 /* optimal transfer length granularity */
638 outbuf[6] = (min_io_size >> 8) & 0xff;
639 outbuf[7] = min_io_size & 0xff;
640
641 /* optimal transfer length */
642 outbuf[12] = (opt_io_size >> 24) & 0xff;
643 outbuf[13] = (opt_io_size >> 16) & 0xff;
644 outbuf[14] = (opt_io_size >> 8) & 0xff;
645 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 646
647 /* optimal unmap granularity */
648 outbuf[28] = (unmap_sectors >> 24) & 0xff;
649 outbuf[29] = (unmap_sectors >> 16) & 0xff;
650 outbuf[30] = (unmap_sectors >> 8) & 0xff;
651 outbuf[31] = unmap_sectors & 0xff;
652 break;
653 }
654 case 0xb2: /* thin provisioning */
655 {
82579390 656 buflen = 8;
ea3bd56f 657 outbuf[4] = 0;
5222aaf2 658 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
f644a290 659 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
ea3bd56f 660 outbuf[7] = 0;
ee3659e3
CH		 661 break;
662 }
0b06c059 663 default:
0b06c059
GH		 664 return -1;
665 }
666 /* done with EVPD */
82579390
PB		 667 assert(buflen - start <= 255);
668 outbuf[start - 1] = buflen - start;
0b06c059
GH		 669 return buflen;
670 }
671
672 /* Standard INQUIRY data */
673 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 674 return -1;
675 }
676
677 /* PAGE CODE == 0 */
0b06c059 678 buflen = req->cmd.xfer;
f01b5931 679 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 680 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 681 }
0b06c059 682
f37bd73b 683 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 684 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 685
686 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
687 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
688
314b1811 689 memset(&outbuf[32], 0, 4);
552fee93 690 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 691 /*
692 * We claim conformance to SPC-3, which is required for guests
693 * to ask for modern features like READ CAPACITY(16) or the
694 * block characteristics VPD page by default. Not all of SPC-3
695 * is actually implemented, but we're good enough.
696 */
ee3659e3 697 outbuf[2] = 5;
1109c894 698 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 699
700 if (buflen > 36) {
701 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
702 } else {
703 /* If the allocation length of CDB is too small,
704 the additional length is not adjusted */
705 outbuf[4] = 36 - 5;
706 }
707
0b06c059 708 /* Sync data transfer and TCQ. */
afd4030c 709 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 710 return buflen;
711}
712
430ee2f2
PB		 713static inline bool media_is_dvd(SCSIDiskState *s)
714{
715 uint64_t nb_sectors;
716 if (s->qdev.type != TYPE_ROM) {
717 return false;
718 }
44740c38 719 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 720 return false;
721 }
44740c38 722 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 723 return nb_sectors > CD_MAX_SECTORS;
724}
725
ceb792ef
PB		 726static inline bool media_is_cd(SCSIDiskState *s)
727{
728 uint64_t nb_sectors;
729 if (s->qdev.type != TYPE_ROM) {
730 return false;
731 }
44740c38 732 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 733 return false;
734 }
44740c38 735 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 736 return nb_sectors <= CD_MAX_SECTORS;
737}
738
1a4f0c3a
PB		 739static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
740 uint8_t *outbuf)
741{
742 uint8_t type = r->req.cmd.buf[1] & 7;
743
744 if (s->qdev.type != TYPE_ROM) {
745 return -1;
746 }
747
748 /* Types 1/2 are only defined for Blu-Ray. */
749 if (type != 0) {
750 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
751 return -1;
752 }
753
754 memset(outbuf, 0, 34);
755 outbuf[1] = 32;
756 outbuf[2] = 0xe; /* last session complete, disc finalized */
757 outbuf[3] = 1; /* first track on disc */
758 outbuf[4] = 1; /* # of sessions */
759 outbuf[5] = 1; /* first track of last session */
760 outbuf[6] = 1; /* last track of last session */
761 outbuf[7] = 0x20; /* unrestricted use */
762 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
763 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
764 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
765 /* 24-31: disc bar code */
766 /* 32: disc application code */
767 /* 33: number of OPC tables */
768
769 return 34;
770}
771
b6c251ab
PB		 772static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
773 uint8_t *outbuf)
774{
ceb792ef
PB		 775 static const int rds_caps_size[5] = {
776 [0] = 2048 + 4,
777 [1] = 4 + 4,
778 [3] = 188 + 4,
779 [4] = 2048 + 4,
780 };
781
782 uint8_t media = r->req.cmd.buf[1];
783 uint8_t layer = r->req.cmd.buf[6];
784 uint8_t format = r->req.cmd.buf[7];
785 int size = -1;
786
787 if (s->qdev.type != TYPE_ROM) {
788 return -1;
789 }
790 if (media != 0) {
791 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
792 return -1;
793 }
794
795 if (format != 0xff) {
44740c38 796 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 797 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
798 return -1;
799 }
800 if (media_is_cd(s)) {
801 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
802 return -1;
803 }
804 if (format >= ARRAY_SIZE(rds_caps_size)) {
805 return -1;
806 }
807 size = rds_caps_size[format];
808 memset(outbuf, 0, size);
809 }
810
811 switch (format) {
812 case 0x00: {
813 /* Physical format information */
814 uint64_t nb_sectors;
815 if (layer != 0) {
816 goto fail;
817 }
44740c38 818 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 819
820 outbuf[4] = 1; /* DVD-ROM, part version 1 */
821 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
822 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
823 outbuf[7] = 0; /* default densities */
824
825 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
826 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
827 break;
828 }
829
830 case 0x01: /* DVD copyright information, all zeros */
831 break;
832
833 case 0x03: /* BCA information - invalid field for no BCA info */
834 return -1;
835
836 case 0x04: /* DVD disc manufacturing information, all zeros */
837 break;
838
839 case 0xff: { /* List capabilities */
840 int i;
841 size = 4;
842 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
843 if (!rds_caps_size[i]) {
844 continue;
845 }
846 outbuf[size] = i;
847 outbuf[size + 1] = 0x40; /* Not writable, readable */
848 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
849 size += 4;
850 }
851 break;
852 }
853
854 default:
855 return -1;
856 }
857
858 /* Size of buffer, not including 2 byte size field */
859 stw_be_p(outbuf, size - 2);
860 return size;
861
862fail:
b6c251ab
PB		 863 return -1;
864}
865
3c2f7c12 866static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 867{
3c2f7c12
PB		 868 uint8_t event_code, media_status;
869
870 media_status = 0;
871 if (s->tray_open) {
872 media_status = MS_TRAY_OPEN;
44740c38 873 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 874 media_status = MS_MEDIA_PRESENT;
875 }
876
877 /* Event notification descriptor */
878 event_code = MEC_NO_CHANGE;
4480de19
PB		 879 if (media_status != MS_TRAY_OPEN) {
880 if (s->media_event) {
881 event_code = MEC_NEW_MEDIA;
882 s->media_event = false;
883 } else if (s->eject_request) {
884 event_code = MEC_EJECT_REQUESTED;
885 s->eject_request = false;
886 }
3c2f7c12
PB		 887 }
888
889 outbuf[0] = event_code;
890 outbuf[1] = media_status;
891
892 /* These fields are reserved, just clear them. */
893 outbuf[2] = 0;
894 outbuf[3] = 0;
895 return 4;
896}
897
898static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
899 uint8_t *outbuf)
900{
901 int size;
902 uint8_t *buf = r->req.cmd.buf;
903 uint8_t notification_class_request = buf[4];
904 if (s->qdev.type != TYPE_ROM) {
905 return -1;
906 }
907 if ((buf[1] & 1) == 0) {
908 /* asynchronous */
909 return -1;
910 }
911
912 size = 4;
913 outbuf[0] = outbuf[1] = 0;
914 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
915 if (notification_class_request & (1 << GESN_MEDIA)) {
916 outbuf[2] = GESN_MEDIA;
917 size += scsi_event_status_media(s, &outbuf[size]);
918 } else {
919 outbuf[2] = 0x80;
920 }
921 stw_be_p(outbuf, size - 4);
922 return size;
b6c251ab
PB		 923}
924
430ee2f2 925static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 926{
430ee2f2
PB		 927 int current;
928
b6c251ab
PB		 929 if (s->qdev.type != TYPE_ROM) {
930 return -1;
931 }
430ee2f2
PB		 932 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
933 memset(outbuf, 0, 40);
934 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
935 stw_be_p(&outbuf[6], current);
936 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
937 outbuf[10] = 0x03; /* persistent, current */
938 outbuf[11] = 8; /* two profiles */
939 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
940 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
941 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
942 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
943 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
944 stw_be_p(&outbuf[20], 1);
945 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
946 outbuf[23] = 8;
947 stl_be_p(&outbuf[24], 1); /* SCSI */
948 outbuf[28] = 1; /* DBE = 1, mandatory */
949 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
950 stw_be_p(&outbuf[32], 3);
951 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
952 outbuf[35] = 4;
953 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
954 /* TODO: Random readable, CD read, DVD read, drive serial number,
955 power management */
956 return 40;
b6c251ab
PB		 957}
958
959static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
960{
961 if (s->qdev.type != TYPE_ROM) {
962 return -1;
963 }
964 memset(outbuf, 0, 8);
965 outbuf[5] = 1; /* CD-ROM */
966 return 8;
967}
968
cfc606da 969static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 970 int page_control)
ebddfcbe 971{
a8f4bbe2
PB		 972 static const int mode_sense_valid[0x3f] = {
973 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
974 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
975 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 976 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
977 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 978 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
979 };
ef405611
PB		 980
981 uint8_t *p = *p_outbuf + 2;
982 int length;
ebddfcbe 983
a8f4bbe2
PB		 984 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
985 return -1;
986 }
987
282ab04e
BK		 988 /*
989 * If Changeable Values are requested, a mask denoting those mode parameters
990 * that are changeable shall be returned. As we currently don't support
991 * parameter changes via MODE_SELECT all bits are returned set to zero.
992 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 993 *
994 * The offsets here are off by two compared to the descriptions in the
995 * SCSI specs, because those include a 2-byte header. This is unfortunate,
996 * but it is done so that offsets are consistent within our implementation
997 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
998 * 2-byte and 4-byte headers.
282ab04e 999 */
ebddfcbe 1000 switch (page) {
67cc61e4 1001 case MODE_PAGE_HD_GEOMETRY:
ef405611 1002 length = 0x16;
282ab04e 1003 if (page_control == 1) { /* Changeable Values */
cfc606da 1004 break;
282ab04e 1005 }
ebddfcbe 1006 /* if a geometry hint is available, use it */
ef405611
PB		 1007 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1008 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1009 p[2] = s->qdev.conf.cyls & 0xff;
1010 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1011 /* Write precomp start cylinder, disabled */
ef405611
PB		 1012 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1013 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1014 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1015 /* Reduced current start cylinder, disabled */
ef405611
PB		 1016 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1017 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1018 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1019 /* Device step rate [ns], 200ns */
ef405611
PB		 1020 p[10] = 0;
1021 p[11] = 200;
ebddfcbe 1022 /* Landing zone cylinder */
ef405611
PB		 1023 p[12] = 0xff;
1024 p[13] = 0xff;
ebddfcbe 1025 p[14] = 0xff;
ebddfcbe 1026 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1027 p[18] = (5400 >> 8) & 0xff;
1028 p[19] = 5400 & 0xff;
cfc606da 1029 break;
ebddfcbe 1030
67cc61e4 1031 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1032 length = 0x1e;
282ab04e 1033 if (page_control == 1) { /* Changeable Values */
cfc606da 1034 break;
282ab04e 1035 }
ebddfcbe 1036 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1037 p[0] = 5000 >> 8;
1038 p[1] = 5000 & 0xff;
ebddfcbe 1039 /* if a geometry hint is available, use it */
ef405611
PB		 1040 p[2] = s->qdev.conf.heads & 0xff;
1041 p[3] = s->qdev.conf.secs & 0xff;
1042 p[4] = s->qdev.blocksize >> 8;
1043 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1044 p[7] = s->qdev.conf.cyls & 0xff;
1045 /* Write precomp start cylinder, disabled */
d252df48
MA		 1046 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1047 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1048 /* Reduced current start cylinder, disabled */
d252df48
MA		 1049 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1050 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1051 /* Device step rate [100us], 100us */
ef405611
PB		 1052 p[12] = 0;
1053 p[13] = 1;
ebddfcbe 1054 /* Device step pulse width [us], 1us */
ef405611 1055 p[14] = 1;
ebddfcbe 1056 /* Device head settle delay [100us], 100us */
ef405611
PB		 1057 p[15] = 0;
1058 p[16] = 1;
ebddfcbe 1059 /* Motor on delay [0.1s], 0.1s */
ef405611 1060 p[17] = 1;
ebddfcbe 1061 /* Motor off delay [0.1s], 0.1s */
ef405611 1062 p[18] = 1;
ebddfcbe 1063 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1064 p[26] = (5400 >> 8) & 0xff;
1065 p[27] = 5400 & 0xff;
cfc606da 1066 break;
ebddfcbe 1067
67cc61e4 1068 case MODE_PAGE_CACHING:
ef405611 1069 length = 0x12;
96c91bbf
PB		 1070 if (page_control == 1 || /* Changeable Values */
1071 bdrv_enable_write_cache(s->qdev.conf.bs)) {
ef405611 1072 p[0] = 4; /* WCE */
ebddfcbe 1073 }
cfc606da 1074 break;
ebddfcbe 1075
a07c7dcd 1076 case MODE_PAGE_R_W_ERROR:
ef405611 1077 length = 10;
4f588b15
PB		 1078 if (page_control == 1) { /* Changeable Values */
1079 break;
1080 }
ef405611 1081 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1082 if (s->qdev.type == TYPE_ROM) {
ef405611 1083 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1084 }
1085 break;
1086
1087 case MODE_PAGE_AUDIO_CTL:
ef405611 1088 length = 14;
a07c7dcd
PB		 1089 break;
1090
67cc61e4 1091 case MODE_PAGE_CAPABILITIES:
ef405611 1092 length = 0x14;
282ab04e 1093 if (page_control == 1) { /* Changeable Values */
cfc606da 1094 break;
282ab04e 1095 }
a07c7dcd 1096
ef405611
PB		 1097 p[0] = 0x3b; /* CD-R & CD-RW read */
1098 p[1] = 0; /* Writing not supported */
1099 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1100 mode 2 form 1&2, multi session */
ef405611 1101 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1102 RW corrected, C2 errors, ISRC,
1103 UPC, Bar code */
ef405611 1104 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1105 /* Locking supported, jumper present, eject, tray */
ef405611 1106 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1107 changer */
ef405611
PB		 1108 p[6] = (50 * 176) >> 8; /* 50x read speed */
1109 p[7] = (50 * 176) & 0xff;
1110 p[8] = 2 >> 8; /* Two volume levels */
1111 p[9] = 2 & 0xff;
1112 p[10] = 2048 >> 8; /* 2M buffer */
1113 p[11] = 2048 & 0xff;
1114 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1115 p[13] = (16 * 176) & 0xff;
1116 p[16] = (16 * 176) >> 8; /* 16x write speed */
1117 p[17] = (16 * 176) & 0xff;
1118 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1119 p[19] = (16 * 176) & 0xff;
cfc606da 1120 break;
ebddfcbe
GH		 1121
1122 default:
cfc606da 1123 return -1;
ebddfcbe 1124 }
cfc606da 1125
ef405611
PB		 1126 assert(length < 256);
1127 (*p_outbuf)[0] = page;
1128 (*p_outbuf)[1] = length;
1129 *p_outbuf += length + 2;
1130 return length + 2;
ebddfcbe
GH		 1131}
1132
cfc606da 1133static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1134{
cfc606da 1135 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1136 uint64_t nb_sectors;
e590ecbe
PB		 1137 bool dbd;
1138 int page, buflen, ret, page_control;
ebddfcbe 1139 uint8_t *p;
ce512ee1 1140 uint8_t dev_specific_param;
ebddfcbe 1141
e590ecbe 1142 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1143 page = r->req.cmd.buf[2] & 0x3f;
1144 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1145 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1146 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1147 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1148 p = outbuf;
1149
e590ecbe 1150 if (s->qdev.type == TYPE_DISK) {
da8365db 1151 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
e590ecbe
PB		 1152 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1153 dev_specific_param |= 0x80; /* Readonly. */
1154 }
ce512ee1 1155 } else {
e590ecbe
PB		 1156 /* MMC prescribes that CD/DVD drives have no block descriptors,
1157 * and defines no device-specific parameter. */
6a2de0f2 1158 dev_specific_param = 0x00;
e590ecbe 1159 dbd = true;
ce512ee1
BK		 1160 }
1161
cfc606da 1162 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1163 p[1] = 0; /* Default media type. */
1164 p[2] = dev_specific_param;
1165 p[3] = 0; /* Block descriptor length. */
1166 p += 4;
1167 } else { /* MODE_SENSE_10 */
1168 p[2] = 0; /* Default media type. */
1169 p[3] = dev_specific_param;
1170 p[6] = p[7] = 0; /* Block descriptor length. */
1171 p += 8;
ebddfcbe 1172 }
ebddfcbe 1173
44740c38 1174 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
e590ecbe 1175 if (!dbd && nb_sectors) {
cfc606da 1176 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1177 outbuf[3] = 8; /* Block descriptor length */
1178 } else { /* MODE_SENSE_10 */
1179 outbuf[7] = 8; /* Block descriptor length */
1180 }
69377307 1181 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1182 if (nb_sectors > 0xffffff) {
2488b740 1183 nb_sectors = 0;
f01b5931 1184 }
ebddfcbe
GH		 1185 p[0] = 0; /* media density code */
1186 p[1] = (nb_sectors >> 16) & 0xff;
1187 p[2] = (nb_sectors >> 8) & 0xff;
1188 p[3] = nb_sectors & 0xff;
1189 p[4] = 0; /* reserved */
1190 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1191 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1192 p[7] = 0;
1193 p += 8;
1194 }
1195
cfc606da
PB		 1196 if (page_control == 3) {
1197 /* Saved Values */
1198 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1199 return -1;
282ab04e
BK		 1200 }
1201
cfc606da
PB		 1202 if (page == 0x3f) {
1203 for (page = 0; page <= 0x3e; page++) {
1204 mode_sense_page(s, page, &p, page_control);
1205 }
1206 } else {
1207 ret = mode_sense_page(s, page, &p, page_control);
1208 if (ret == -1) {
1209 return -1;
1210 }
ebddfcbe
GH		 1211 }
1212
1213 buflen = p - outbuf;
ce512ee1
BK		 1214 /*
1215 * The mode data length field specifies the length in bytes of the
1216 * following data that is available to be transferred. The mode data
1217 * length does not include itself.
1218 */
cfc606da 1219 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1220 outbuf[0] = buflen - 1;
1221 } else { /* MODE_SENSE_10 */
1222 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1223 outbuf[1] = (buflen - 2) & 0xff;
1224 }
ebddfcbe
GH		 1225 return buflen;
1226}
1227
02880f43
GH		 1228static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1229{
1230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1231 int start_track, format, msf, toclen;
1232 uint64_t nb_sectors;
1233
1234 msf = req->cmd.buf[1] & 2;
1235 format = req->cmd.buf[2] & 0xf;
1236 start_track = req->cmd.buf[6];
44740c38 1237 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1238 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1239 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1240 switch (format) {
1241 case 0:
1242 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1243 break;
1244 case 1:
1245 /* multi session : only a single session defined */
1246 toclen = 12;
1247 memset(outbuf, 0, 12);
1248 outbuf[1] = 0x0a;
1249 outbuf[2] = 0x01;
1250 outbuf[3] = 0x01;
1251 break;
1252 case 2:
1253 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1254 break;
1255 default:
1256 return -1;
1257 }
02880f43
GH		 1258 return toclen;
1259}
1260
68bb01f3 1261static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1262{
1263 SCSIRequest *req = &r->req;
1264 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1265 bool start = req->cmd.buf[4] & 1;
1266 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1267 int pwrcnd = req->cmd.buf[4] & 0xf0;
1268
1269 if (pwrcnd) {
1270 /* eject/load only happens for power condition == 0 */
1271 return 0;
1272 }
bfd52647 1273
b456a71c 1274 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1275 if (!start && !s->tray_open && s->tray_locked) {
1276 scsi_check_condition(r,
44740c38 1277 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1278 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1279 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1280 return -1;
fdec4404 1281 }
d88b1819
LC		 1282
1283 if (s->tray_open != !start) {
1284 bdrv_eject(s->qdev.conf.bs, !start);
1285 s->tray_open = !start;
1286 }
bfd52647 1287 }
68bb01f3 1288 return 0;
bfd52647
MA		 1289}
1290
314a3299
PB		 1291static void scsi_disk_emulate_read_data(SCSIRequest *req)
1292{
1293 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1294 int buflen = r->iov.iov_len;
1295
1296 if (buflen) {
79fb50bb 1297 DPRINTF("Read buf_len=%d\n", buflen);
314a3299
PB		 1298 r->iov.iov_len = 0;
1299 r->started = true;
1300 scsi_req_data(&r->req, buflen);
1301 return;
1302 }
1303
1304 /* This also clears the sense buffer for REQUEST SENSE. */
1305 scsi_req_complete(&r->req, GOOD);
1306}
1307
380feaff
PB		 1308static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1309 uint8_t *inbuf, int inlen)
1310{
1311 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1312 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1313 uint8_t *p;
1314 int len, expected_len, changeable_len, i;
1315
1316 /* The input buffer does not include the page header, so it is
1317 * off by 2 bytes.
1318 */
1319 expected_len = inlen + 2;
1320 if (expected_len > SCSI_MAX_MODE_LEN) {
1321 return -1;
1322 }
1323
1324 p = mode_current;
1325 memset(mode_current, 0, inlen + 2);
1326 len = mode_sense_page(s, page, &p, 0);
1327 if (len < 0 || len != expected_len) {
1328 return -1;
1329 }
1330
1331 p = mode_changeable;
1332 memset(mode_changeable, 0, inlen + 2);
1333 changeable_len = mode_sense_page(s, page, &p, 1);
1334 assert(changeable_len == len);
1335
1336 /* Check that unchangeable bits are the same as what MODE SENSE
1337 * would return.
1338 */
1339 for (i = 2; i < len; i++) {
1340 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1341 return -1;
1342 }
1343 }
1344 return 0;
1345}
1346
1347static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1348{
96c91bbf
PB		 1349 switch (page) {
1350 case MODE_PAGE_CACHING:
1351 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
1352 break;
1353
1354 default:
1355 break;
1356 }
380feaff
PB		 1357}
1358
1359static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1360{
1361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1362
1363 while (len > 0) {
1364 int page, subpage, page_len;
1365
1366 /* Parse both possible formats for the mode page headers. */
1367 page = p[0] & 0x3f;
1368 if (p[0] & 0x40) {
1369 if (len < 4) {
1370 goto invalid_param_len;
1371 }
1372 subpage = p[1];
1373 page_len = lduw_be_p(&p[2]);
1374 p += 4;
1375 len -= 4;
1376 } else {
1377 if (len < 2) {
1378 goto invalid_param_len;
1379 }
1380 subpage = 0;
1381 page_len = p[1];
1382 p += 2;
1383 len -= 2;
1384 }
1385
1386 if (subpage) {
1387 goto invalid_param;
1388 }
1389 if (page_len > len) {
1390 goto invalid_param_len;
1391 }
1392
1393 if (!change) {
1394 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1395 goto invalid_param;
1396 }
1397 } else {
1398 scsi_disk_apply_mode_select(s, page, p);
1399 }
1400
1401 p += page_len;
1402 len -= page_len;
1403 }
1404 return 0;
1405
1406invalid_param:
1407 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1408 return -1;
1409
1410invalid_param_len:
1411 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1412 return -1;
1413}
1414
1415static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1416{
accfeb2d 1417 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1418 uint8_t *p = inbuf;
1419 int cmd = r->req.cmd.buf[0];
1420 int len = r->req.cmd.xfer;
1421 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1422 int bd_len;
1423 int pass;
1424
1425 /* We only support PF=1, SP=0. */
1426 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1427 goto invalid_field;
1428 }
1429
1430 if (len < hdr_len) {
1431 goto invalid_param_len;
1432 }
1433
1434 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1435 len -= hdr_len;
1436 p += hdr_len;
1437 if (len < bd_len) {
1438 goto invalid_param_len;
1439 }
1440 if (bd_len != 0 && bd_len != 8) {
1441 goto invalid_param;
1442 }
1443
1444 len -= bd_len;
1445 p += bd_len;
1446
1447 /* Ensure no change is made if there is an error! */
1448 for (pass = 0; pass < 2; pass++) {
1449 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1450 assert(pass == 0);
1451 return;
1452 }
1453 }
accfeb2d
PB		 1454 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
1455 /* The request is used as the AIO opaque value, so add a ref. */
1456 scsi_req_ref(&r->req);
1457 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1458 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1459 return;
1460 }
1461
380feaff
PB		 1462 scsi_req_complete(&r->req, GOOD);
1463 return;
1464
1465invalid_param:
1466 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1467 return;
1468
1469invalid_param_len:
1470 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1471 return;
1472
1473invalid_field:
1474 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1475}
1476
444bc908
PB		 1477static inline bool check_lba_range(SCSIDiskState *s,
1478 uint64_t sector_num, uint32_t nb_sectors)
1479{
1480 /*
1481 * The first line tests that no overflow happens when computing the last
1482 * sector. The second line tests that the last accessed sector is in
1483 * range.
12ca76fc
PB		 1484 *
1485 * Careful, the computations should not underflow for nb_sectors == 0,
1486 * and a 0-block read to the first LBA beyond the end of device is
1487 * valid.
444bc908
PB		 1488 */
1489 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1490 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1491}
1492
5222aaf2
PB		 1493typedef struct UnmapCBData {
1494 SCSIDiskReq *r;
1495 uint8_t *inbuf;
1496 int count;
1497} UnmapCBData;
1498
1499static void scsi_unmap_complete(void *opaque, int ret)
1500{
1501 UnmapCBData *data = opaque;
1502 SCSIDiskReq *r = data->r;
1503 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1504 uint64_t sector_num;
5bb0b62e 1505 uint32_t nb_sectors;
5222aaf2
PB		 1506
1507 r->req.aiocb = NULL;
d0242ead
PB		 1508 if (r->req.io_canceled) {
1509 goto done;
1510 }
1511
5222aaf2
PB		 1512 if (ret < 0) {
1513 if (scsi_handle_rw_error(r, -ret)) {
1514 goto done;
1515 }
1516 }
1517
d0242ead 1518 if (data->count > 0) {
5222aaf2
PB		 1519 sector_num = ldq_be_p(&data->inbuf[0]);
1520 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
444bc908 1521 if (!check_lba_range(s, sector_num, nb_sectors)) {
5222aaf2
PB		 1522 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1523 goto done;
1524 }
1525
1526 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1527 sector_num * (s->qdev.blocksize / 512),
1528 nb_sectors * (s->qdev.blocksize / 512),
1529 scsi_unmap_complete, data);
1530 data->count--;
1531 data->inbuf += 16;
1532 return;
1533 }
1534
d0242ead
PB		 1535 scsi_req_complete(&r->req, GOOD);
1536
5222aaf2 1537done:
5222aaf2
PB		 1538 if (!r->req.io_canceled) {
1539 scsi_req_unref(&r->req);
1540 }
1541 g_free(data);
1542}
1543
1544static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1545{
1546 uint8_t *p = inbuf;
1547 int len = r->req.cmd.xfer;
1548 UnmapCBData *data;
1549
1550 if (len < 8) {
1551 goto invalid_param_len;
1552 }
1553 if (len < lduw_be_p(&p[0]) + 2) {
1554 goto invalid_param_len;
1555 }
1556 if (len < lduw_be_p(&p[2]) + 8) {
1557 goto invalid_param_len;
1558 }
1559 if (lduw_be_p(&p[2]) & 15) {
1560 goto invalid_param_len;
1561 }
1562
1563 data = g_new0(UnmapCBData, 1);
1564 data->r = r;
1565 data->inbuf = &p[8];
1566 data->count = lduw_be_p(&p[2]) >> 4;
1567
1568 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1569 scsi_req_ref(&r->req);
1570 scsi_unmap_complete(data, 0);
1571 return;
1572
1573invalid_param_len:
1574 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
5222aaf2
PB		 1575}
1576
314a3299
PB		 1577static void scsi_disk_emulate_write_data(SCSIRequest *req)
1578{
af6d510d
PB		 1579 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1580
1581 if (r->iov.iov_len) {
1582 int buflen = r->iov.iov_len;
79fb50bb 1583 DPRINTF("Write buf_len=%d\n", buflen);
af6d510d
PB		 1584 r->iov.iov_len = 0;
1585 scsi_req_data(&r->req, buflen);
1586 return;
1587 }
1588
1589 switch (req->cmd.buf[0]) {
1590 case MODE_SELECT:
1591 case MODE_SELECT_10:
1592 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1593 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1594 break;
1595
5222aaf2
PB		 1596 case UNMAP:
1597 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1598 break;
1599
af6d510d
PB		 1600 default:
1601 abort();
1602 }
314a3299
PB		 1603}
1604
b08d0ea0 1605static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1606{
b08d0ea0 1607 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1608 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1609 uint64_t nb_sectors;
7285477a 1610 uint8_t *outbuf;
af6d510d 1611 int buflen;
aa5dbdc1 1612
b08d0ea0
PB		 1613 switch (req->cmd.buf[0]) {
1614 case INQUIRY:
1615 case MODE_SENSE:
1616 case MODE_SENSE_10:
1617 case RESERVE:
1618 case RESERVE_10:
1619 case RELEASE:
1620 case RELEASE_10:
1621 case START_STOP:
1622 case ALLOW_MEDIUM_REMOVAL:
1623 case GET_CONFIGURATION:
1624 case GET_EVENT_STATUS_NOTIFICATION:
1625 case MECHANISM_STATUS:
1626 case REQUEST_SENSE:
1627 break;
1628
1629 default:
1630 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1631 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1632 return 0;
1633 }
1634 break;
1635 }
1636
c8dcb531
PB		 1637 /*
1638 * FIXME: we shouldn't return anything bigger than 4k, but the code
1639 * requires the buffer to be as big as req->cmd.xfer in several
1640 * places. So, do not allow CDBs with a very large ALLOCATION
1641 * LENGTH. The real fix would be to modify scsi_read_data and
1642 * dma_buf_read, so that they return data beyond the buflen
1643 * as all zeros.
1644 */
1645 if (req->cmd.xfer > 65536) {
1646 goto illegal_request;
1647 }
1648 r->buflen = MAX(4096, req->cmd.xfer);
1649
7285477a 1650 if (!r->iov.iov_base) {
44740c38 1651 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1652 }
1653
af6d510d 1654 buflen = req->cmd.xfer;
7285477a 1655 outbuf = r->iov.iov_base;
c8dcb531 1656 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1657 switch (req->cmd.buf[0]) {
1658 case TEST_UNIT_READY:
9bcaf4fe 1659 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1660 break;
0b06c059
GH		 1661 case INQUIRY:
1662 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1663 if (buflen < 0) {
0b06c059 1664 goto illegal_request;
f01b5931 1665 }
5f71d32f 1666 break;
ebddfcbe
GH		 1667 case MODE_SENSE:
1668 case MODE_SENSE_10:
cfc606da 1669 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1670 if (buflen < 0) {
ebddfcbe 1671 goto illegal_request;
f01b5931 1672 }
ebddfcbe 1673 break;
02880f43
GH		 1674 case READ_TOC:
1675 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1676 if (buflen < 0) {
02880f43 1677 goto illegal_request;
f01b5931 1678 }
02880f43 1679 break;
3d53ba18 1680 case RESERVE:
f01b5931 1681 if (req->cmd.buf[1] & 1) {
3d53ba18 1682 goto illegal_request;
f01b5931 1683 }
3d53ba18
GH		 1684 break;
1685 case RESERVE_10:
f01b5931 1686 if (req->cmd.buf[1] & 3) {
3d53ba18 1687 goto illegal_request;
f01b5931 1688 }
3d53ba18
GH		 1689 break;
1690 case RELEASE:
f01b5931 1691 if (req->cmd.buf[1] & 1) {
3d53ba18 1692 goto illegal_request;
f01b5931 1693 }
3d53ba18
GH		 1694 break;
1695 case RELEASE_10:
f01b5931 1696 if (req->cmd.buf[1] & 3) {
3d53ba18 1697 goto illegal_request;
f01b5931 1698 }
3d53ba18 1699 break;
8d3628ff 1700 case START_STOP:
68bb01f3 1701 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1702 return 0;
68bb01f3 1703 }
5f71d32f 1704 break;
c68b9f34 1705 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1706 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1707 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1708 break;
5e30a07d 1709 case READ_CAPACITY_10:
e7e25e32 1710 /* The normal LEN field for this command is zero. */
5f71d32f 1711 memset(outbuf, 0, 8);
44740c38 1712 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1713 if (!nb_sectors) {
9bcaf4fe 1714 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1715 return 0;
f01b5931 1716 }
7cec78b6
PB		 1717 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1718 goto illegal_request;
1719 }
69377307 1720 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1721 /* Returned value is the address of the last sector. */
1722 nb_sectors--;
1723 /* Remember the new size for read/write sanity checking. */
7877903a 1724 s->qdev.max_lba = nb_sectors;
e7e25e32 1725 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1726 if (nb_sectors > UINT32_MAX) {
e7e25e32 1727 nb_sectors = UINT32_MAX;
f01b5931 1728 }
e7e25e32
GH		 1729 outbuf[0] = (nb_sectors >> 24) & 0xff;
1730 outbuf[1] = (nb_sectors >> 16) & 0xff;
1731 outbuf[2] = (nb_sectors >> 8) & 0xff;
1732 outbuf[3] = nb_sectors & 0xff;
1733 outbuf[4] = 0;
1734 outbuf[5] = 0;
69377307 1735 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 1736 outbuf[7] = 0;
5f71d32f 1737 break;
f3b338ef
PB		 1738 case REQUEST_SENSE:
1739 /* Just return "NO SENSE". */
1740 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1741 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 1742 if (buflen < 0) {
1743 goto illegal_request;
1744 }
f3b338ef 1745 break;
b6c251ab
PB		 1746 case MECHANISM_STATUS:
1747 buflen = scsi_emulate_mechanism_status(s, outbuf);
1748 if (buflen < 0) {
1749 goto illegal_request;
1750 }
1751 break;
38215553 1752 case GET_CONFIGURATION:
430ee2f2 1753 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1754 if (buflen < 0) {
1755 goto illegal_request;
1756 }
1757 break;
1758 case GET_EVENT_STATUS_NOTIFICATION:
1759 buflen = scsi_get_event_status_notification(s, r, outbuf);
1760 if (buflen < 0) {
1761 goto illegal_request;
1762 }
1763 break;
1a4f0c3a
PB		 1764 case READ_DISC_INFORMATION:
1765 buflen = scsi_read_disc_information(s, r, outbuf);
1766 if (buflen < 0) {
1767 goto illegal_request;
1768 }
1769 break;
b6c251ab
PB		 1770 case READ_DVD_STRUCTURE:
1771 buflen = scsi_read_dvd_structure(s, r, outbuf);
1772 if (buflen < 0) {
1773 goto illegal_request;
1774 }
38215553 1775 break;
f6515262 1776 case SERVICE_ACTION_IN_16:
5dd90e2a 1777 /* Service Action In subcommands. */
f6515262 1778 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1779 DPRINTF("SAI READ CAPACITY(16)\n");
1780 memset(outbuf, 0, req->cmd.xfer);
44740c38 1781 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1782 if (!nb_sectors) {
9bcaf4fe 1783 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1784 return 0;
f01b5931 1785 }
7cec78b6
PB		 1786 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1787 goto illegal_request;
1788 }
69377307 1789 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1790 /* Returned value is the address of the last sector. */
1791 nb_sectors--;
1792 /* Remember the new size for read/write sanity checking. */
7877903a 1793 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1794 outbuf[0] = (nb_sectors >> 56) & 0xff;
1795 outbuf[1] = (nb_sectors >> 48) & 0xff;
1796 outbuf[2] = (nb_sectors >> 40) & 0xff;
1797 outbuf[3] = (nb_sectors >> 32) & 0xff;
1798 outbuf[4] = (nb_sectors >> 24) & 0xff;
1799 outbuf[5] = (nb_sectors >> 16) & 0xff;
1800 outbuf[6] = (nb_sectors >> 8) & 0xff;
1801 outbuf[7] = nb_sectors & 0xff;
1802 outbuf[8] = 0;
1803 outbuf[9] = 0;
69377307 1804 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1805 outbuf[11] = 0;
ee3659e3
CH		 1806 outbuf[12] = 0;
1807 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1808
1809 /* set TPE bit if the format supports discard */
1810 if (s->qdev.conf.discard_granularity) {
1811 outbuf[14] = 0x80;
1812 }
1813
5dd90e2a 1814 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 1815 break;
1816 }
1817 DPRINTF("Unsupported Service Action In\n");
1818 goto illegal_request;
101aa85f
PB		 1819 case SYNCHRONIZE_CACHE:
1820 /* The request is used as the AIO opaque value, so add a ref. */
1821 scsi_req_ref(&r->req);
1822 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1823 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1824 return 0;
1825 case SEEK_10:
1826 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1827 if (r->req.cmd.lba > s->qdev.max_lba) {
1828 goto illegal_lba;
1829 }
1830 break;
101aa85f
PB		 1831 case MODE_SELECT:
1832 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
101aa85f
PB		 1833 break;
1834 case MODE_SELECT_10:
1835 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
101aa85f 1836 break;
5222aaf2
PB		 1837 case UNMAP:
1838 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
1839 break;
101aa85f 1840 case WRITE_SAME_10:
101aa85f 1841 case WRITE_SAME_16:
e93176d5 1842 nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
6a8a685c
RS		 1843 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1844 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1845 return 0;
1846 }
444bc908 1847 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
101aa85f
PB		 1848 goto illegal_lba;
1849 }
1850
1851 /*
1852 * We only support WRITE SAME with the unmap bit set for now.
1853 */
1854 if (!(req->cmd.buf[1] & 0x8)) {
1855 goto illegal_request;
1856 }
1857
1858 /* The request is used as the AIO opaque value, so add a ref. */
1859 scsi_req_ref(&r->req);
1860 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1861 r->req.cmd.lba * (s->qdev.blocksize / 512),
1862 nb_sectors * (s->qdev.blocksize / 512),
1863 scsi_aio_complete, r);
1864 return 0;
aa5dbdc1 1865 default:
b08d0ea0 1866 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1867 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 1868 return 0;
aa5dbdc1 1869 }
314a3299 1870 assert(!r->req.aiocb);
c8dcb531 1871 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 1872 if (r->iov.iov_len == 0) {
1873 scsi_req_complete(&r->req, GOOD);
1874 }
af6d510d
PB		 1875 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1876 assert(r->iov.iov_len == req->cmd.xfer);
1877 return -r->iov.iov_len;
1878 } else {
1879 return r->iov.iov_len;
1880 }
aa5dbdc1 1881
aa5dbdc1 1882illegal_request:
cfc606da
PB		 1883 if (r->req.status == -1) {
1884 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1885 }
b08d0ea0 1886 return 0;
101aa85f
PB		 1887
1888illegal_lba:
1889 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1890 return 0;
aa5dbdc1
GH		 1891}
1892
2e5d83bb
PB		 1893/* Execute a scsi command. Returns the length of the data expected by the
1894 command. This will be Positive for data transfers from the device
1895 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1896 and zero if the command does not transfer any data. */
1897
b08d0ea0 1898static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1899{
5c6c0e51
HR		 1900 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1901 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e93176d5 1902 uint32_t len;
a917d384 1903 uint8_t command;
a917d384
PB		 1904
1905 command = buf[0];
aa5dbdc1 1906
b08d0ea0
PB		 1907 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1908 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1909 return 0;
9bcaf4fe
PB		 1910 }
1911
e93176d5 1912 len = scsi_data_cdb_length(r->req.cmd.buf);
a917d384 1913 switch (command) {
ebf46023
GH		 1914 case READ_6:
1915 case READ_10:
bd536cf3
GH		 1916 case READ_12:
1917 case READ_16:
e93176d5 1918 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
96bdbbab
RS		 1919 if (r->req.cmd.buf[1] & 0xe0) {
1920 goto illegal_request;
1921 }
444bc908 1922 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 1923 goto illegal_lba;
f01b5931 1924 }
69377307
PB		 1925 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1926 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1927 break;
ebf46023
GH		 1928 case WRITE_6:
1929 case WRITE_10:
bd536cf3
GH		 1930 case WRITE_12:
1931 case WRITE_16:
5e30a07d 1932 case WRITE_VERIFY_10:
ebef0bbb
BK		 1933 case WRITE_VERIFY_12:
1934 case WRITE_VERIFY_16:
6a8a685c
RS		 1935 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1936 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1937 return 0;
1938 }
1939 /* fallthrough */
1940 case VERIFY_10:
1941 case VERIFY_12:
1942 case VERIFY_16:
e93176d5 1943 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2dd791b6
HR		 1944 (command & 0xe) == 0xe ? "And Verify " : "",
1945 r->req.cmd.lba, len);
96bdbbab
RS		 1946 if (r->req.cmd.buf[1] & 0xe0) {
1947 goto illegal_request;
1948 }
444bc908 1949 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 1950 goto illegal_lba;
f01b5931 1951 }
69377307
PB		 1952 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1953 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1954 break;
101aa85f 1955 default:
b08d0ea0 1956 abort();
96bdbbab
RS		 1957 illegal_request:
1958 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1959 return 0;
274fb0e1 1960 illegal_lba:
b45ef674 1961 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1962 return 0;
2e5d83bb 1963 }
b08d0ea0 1964 if (r->sector_count == 0) {
b45ef674 1965 scsi_req_complete(&r->req, GOOD);
a917d384 1966 }
b08d0ea0 1967 assert(r->iov.iov_len == 0);
efb9ee02 1968 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
b08d0ea0 1969 return -r->sector_count * 512;
a917d384 1970 } else {
b08d0ea0 1971 return r->sector_count * 512;
2e5d83bb 1972 }
2e5d83bb
PB		 1973}
1974
e9447f35
JK		 1975static void scsi_disk_reset(DeviceState *dev)
1976{
1977 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1978 uint64_t nb_sectors;
1979
c7b48872 1980 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1981
44740c38 1982 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1983 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1984 if (nb_sectors) {
1985 nb_sectors--;
1986 }
7877903a 1987 s->qdev.max_lba = nb_sectors;
7721c7f7
PH		 1988 /* reset tray statuses */
1989 s->tray_locked = 0;
1990 s->tray_open = 0;
e9447f35
JK		 1991}
1992
1993static void scsi_destroy(SCSIDevice *dev)
1994{
1995 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1996
c7b48872 1997 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1998 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1999}
2000
aaebacef
PB		 2001static void scsi_disk_resize_cb(void *opaque)
2002{
2003 SCSIDiskState *s = opaque;
2004
2005 /* SPC lists this sense code as available only for
2006 * direct-access devices.
2007 */
2008 if (s->qdev.type == TYPE_DISK) {
53200fad 2009 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 2010 }
2011}
2012
7d4b4ba5 2013static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 2014{
8a9c16f6
PB		 2015 SCSIDiskState *s = opaque;
2016
2017 /*
2018 * When a CD gets changed, we have to report an ejected state and
2019 * then a loaded state to guests so that they detect tray
2020 * open/close and media change events. Guests that do not use
2021 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2022 * states rely on this behavior.
2023 *
2024 * media_changed governs the state machine used for unit attention
2025 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2026 */
2027 s->media_changed = load;
2028 s->tray_open = !load;
e48e84ea 2029 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2030 s->media_event = true;
4480de19
PB		 2031 s->eject_request = false;
2032}
2033
2034static void scsi_cd_eject_request_cb(void *opaque, bool force)
2035{
2036 SCSIDiskState *s = opaque;
2037
2038 s->eject_request = true;
2039 if (force) {
2040 s->tray_locked = false;
2041 }
2c6942fa
MA		 2042}
2043
e4def80b
MA		 2044static bool scsi_cd_is_tray_open(void *opaque)
2045{
2046 return ((SCSIDiskState *)opaque)->tray_open;
2047}
2048
f107639a
MA		 2049static bool scsi_cd_is_medium_locked(void *opaque)
2050{
2051 return ((SCSIDiskState *)opaque)->tray_locked;
2052}
2053
aaebacef 2054static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2055 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2056 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2057 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2058 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2059
2060 .resize_cb = scsi_disk_resize_cb,
2061};
2062
2063static const BlockDevOps scsi_disk_block_ops = {
2064 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2065};
2066
8a9c16f6
PB		 2067static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2068{
2069 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2070 if (s->media_changed) {
2071 s->media_changed = false;
e48e84ea 2072 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2073 }
2074}
2075
e39be482 2076static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 2077{
d52affa7 2078 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2e5d83bb 2079
f8b6cc00 2080 if (!s->qdev.conf.bs) {
6a84cb1f 2081 error_report("drive property not set");
d52affa7
GH		 2082 return -1;
2083 }
2084
bfe3d7ac
PB		 2085 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2086 !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 2087 error_report("Device needs media, but drive is empty");
2088 return -1;
2089 }
2090
911525db 2091 blkconf_serial(&s->qdev.conf, &s->serial);
b2df4314
MA		 2092 if (dev->type == TYPE_DISK
2093 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
b7eb0c9f
MA		 2094 return -1;
2095 }
a0fef654 2096
215e47b9
PB		 2097 if (s->qdev.conf.discard_granularity == -1) {
2098 s->qdev.conf.discard_granularity =
2099 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2100 }
2101
552fee93 2102 if (!s->version) {
93bfef4c 2103 s->version = g_strdup(qemu_get_version());
552fee93 2104 }
353815aa
DF		 2105 if (!s->vendor) {
2106 s->vendor = g_strdup("QEMU");
2107 }
552fee93 2108
44740c38 2109 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 2110 error_report("unwanted /dev/sg*");
32bb404a
MA		 2111 return -1;
2112 }
2113
18e673b8
PH		 2114 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2115 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
aaebacef
PB		 2116 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
2117 } else {
2118 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
2e5d83bb 2119 }
44740c38 2120 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 2121
44740c38 2122 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 2123 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 2124 return 0;
2125}
2126
b443ae67
MA		 2127static int scsi_hd_initfn(SCSIDevice *dev)
2128{
e39be482
PB		 2129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2130 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2131 s->qdev.type = TYPE_DISK;
353815aa
DF		 2132 if (!s->product) {
2133 s->product = g_strdup("QEMU HARDDISK");
2134 }
e39be482 2135 return scsi_initfn(&s->qdev);
b443ae67
MA		 2136}
2137
2138static int scsi_cd_initfn(SCSIDevice *dev)
2139{
e39be482
PB		 2140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2141 s->qdev.blocksize = 2048;
2142 s->qdev.type = TYPE_ROM;
bfe3d7ac 2143 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2144 if (!s->product) {
2145 s->product = g_strdup("QEMU CD-ROM");
2146 }
e39be482 2147 return scsi_initfn(&s->qdev);
b443ae67
MA		 2148}
2149
2150static int scsi_disk_initfn(SCSIDevice *dev)
2151{
95b5edcd 2152 DriveInfo *dinfo;
b443ae67
MA		 2153
2154 if (!dev->conf.bs) {
e39be482 2155 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 2156 }
2157
e39be482
PB		 2158 dinfo = drive_get_by_blockdev(dev->conf.bs);
2159 if (dinfo->media_cd) {
2160 return scsi_cd_initfn(dev);
2161 } else {
2162 return scsi_hd_initfn(dev);
2163 }
b443ae67
MA		 2164}
2165
b08d0ea0 2166static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2167 .size = sizeof(SCSIDiskReq),
12010e7b 2168 .free_req = scsi_free_request,
b08d0ea0 2169 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2170 .read_data = scsi_disk_emulate_read_data,
2171 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2172 .get_buf = scsi_get_buf,
2173};
2174
2175static const SCSIReqOps scsi_disk_dma_reqops = {
2176 .size = sizeof(SCSIDiskReq),
2177 .free_req = scsi_free_request,
2178 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2179 .read_data = scsi_read_data,
2180 .write_data = scsi_write_data,
2181 .cancel_io = scsi_cancel_io,
2182 .get_buf = scsi_get_buf,
43b978b9
PB		 2183 .load_request = scsi_disk_load_request,
2184 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2185};
2186
b08d0ea0
PB		 2187static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2188 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2189 [INQUIRY] = &scsi_disk_emulate_reqops,
2190 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2191 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2192 [START_STOP] = &scsi_disk_emulate_reqops,
2193 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2194 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2195 [READ_TOC] = &scsi_disk_emulate_reqops,
2196 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2197 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2198 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2199 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2200 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2201 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2202 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2203 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2204 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2205 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2206 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2207 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2208 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2209 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2210
2211 [READ_6] = &scsi_disk_dma_reqops,
2212 [READ_10] = &scsi_disk_dma_reqops,
2213 [READ_12] = &scsi_disk_dma_reqops,
2214 [READ_16] = &scsi_disk_dma_reqops,
2215 [VERIFY_10] = &scsi_disk_dma_reqops,
2216 [VERIFY_12] = &scsi_disk_dma_reqops,
2217 [VERIFY_16] = &scsi_disk_dma_reqops,
2218 [WRITE_6] = &scsi_disk_dma_reqops,
2219 [WRITE_10] = &scsi_disk_dma_reqops,
2220 [WRITE_12] = &scsi_disk_dma_reqops,
2221 [WRITE_16] = &scsi_disk_dma_reqops,
2222 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2223 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2224 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2225};
2226
63db0f0e
PB		 2227static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2228 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2229{
2230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2231 SCSIRequest *req;
b08d0ea0
PB		 2232 const SCSIReqOps *ops;
2233 uint8_t command;
8dbd4574 2234
79fb50bb
PB		 2235 command = buf[0];
2236 ops = scsi_disk_reqops_dispatch[command];
2237 if (!ops) {
2238 ops = &scsi_disk_emulate_reqops;
2239 }
2240 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2241
b08d0ea0 2242#ifdef DEBUG_SCSI
79fb50bb 2243 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
b08d0ea0
PB		 2244 {
2245 int i;
79fb50bb 2246 for (i = 1; i < req->cmd.len; i++) {
b08d0ea0
PB		 2247 printf(" 0x%02x", buf[i]);
2248 }
2249 printf("\n");
2250 }
2251#endif
2252
8dbd4574
PB		 2253 return req;
2254}
2255
336a6915
PB		 2256#ifdef __linux__
2257static int get_device_type(SCSIDiskState *s)
2258{
2259 BlockDriverState *bdrv = s->qdev.conf.bs;
2260 uint8_t cmd[16];
2261 uint8_t buf[36];
2262 uint8_t sensebuf[8];
2263 sg_io_hdr_t io_header;
2264 int ret;
2265
2266 memset(cmd, 0, sizeof(cmd));
2267 memset(buf, 0, sizeof(buf));
2268 cmd[0] = INQUIRY;
2269 cmd[4] = sizeof(buf);
2270
2271 memset(&io_header, 0, sizeof(io_header));
2272 io_header.interface_id = 'S';
2273 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2274 io_header.dxfer_len = sizeof(buf);
2275 io_header.dxferp = buf;
2276 io_header.cmdp = cmd;
2277 io_header.cmd_len = sizeof(cmd);
2278 io_header.mx_sb_len = sizeof(sensebuf);
2279 io_header.sbp = sensebuf;
2280 io_header.timeout = 6000; /* XXX */
2281
2282 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
2283 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2284 return -1;
2285 }
2286 s->qdev.type = buf[0];
bfe3d7ac
PB		 2287 if (buf[1] & 0x80) {
2288 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2289 }
336a6915
PB		 2290 return 0;
2291}
2292
2293static int scsi_block_initfn(SCSIDevice *dev)
2294{
2295 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2296 int sg_version;
2297 int rc;
2298
2299 if (!s->qdev.conf.bs) {
2300 error_report("scsi-block: drive property not set");
2301 return -1;
2302 }
2303
2304 /* check we are using a driver managing SG_IO (version 3 and after) */
2305 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
2306 sg_version < 30000) {
2307 error_report("scsi-block: scsi generic interface too old");
2308 return -1;
2309 }
2310
2311 /* get device type from INQUIRY data */
2312 rc = get_device_type(s);
2313 if (rc < 0) {
2314 error_report("scsi-block: INQUIRY failed");
2315 return -1;
2316 }
2317
2318 /* Make a guess for the block size, we'll fix it when the guest sends.
2319 * READ CAPACITY. If they don't, they likely would assume these sizes
2320 * anyway. (TODO: check in /sys).
2321 */
2322 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2323 s->qdev.blocksize = 2048;
2324 } else {
2325 s->qdev.blocksize = 512;
2326 }
18e673b8
PH		 2327
2328 /* Makes the scsi-block device not removable by using HMP and QMP eject
2329 * command.
2330 */
2331 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2332
336a6915
PB		 2333 return scsi_initfn(&s->qdev);
2334}
2335
2336static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2337 uint32_t lun, uint8_t *buf,
2338 void *hba_private)
2339{
2340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2341
2342 switch (buf[0]) {
2343 case READ_6:
2344 case READ_10:
2345 case READ_12:
2346 case READ_16:
7f64f8e2
PB		 2347 case VERIFY_10:
2348 case VERIFY_12:
2349 case VERIFY_16:
336a6915
PB		 2350 case WRITE_6:
2351 case WRITE_10:
2352 case WRITE_12:
2353 case WRITE_16:
2354 case WRITE_VERIFY_10:
2355 case WRITE_VERIFY_12:
2356 case WRITE_VERIFY_16:
eaccf49e
PB		 2357 /* If we are not using O_DIRECT, we might read stale data from the
2358 * host cache if writes were made using other commands than these
2359 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2360 * O_DIRECT everything must go through SG_IO.
2361 */
137745c5 2362 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
eaccf49e
PB		 2363 break;
2364 }
2365
33ebad12
PB		 2366 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2367 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2368 * And once you do these writes, reading from the block device is
2369 * unreliable, too. It is even possible that reads deliver random data
2370 * from the host page cache (this is probably a Linux bug).
2371 *
b08d0ea0 2372 * We might use scsi_disk_dma_reqops as long as no writing commands are
33ebad12
PB		 2373 * seen, but performance usually isn't paramount on optical media. So,
2374 * just make scsi-block operate the same as scsi-generic for them.
2375 */
b08d0ea0
PB		 2376 if (s->qdev.type != TYPE_ROM) {
2377 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2378 hba_private);
2379 }
336a6915
PB		 2380 }
2381
2382 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2383 hba_private);
2384}
2385#endif
2386
353815aa
DF		 2387#define DEFINE_SCSI_DISK_PROPERTIES() \
2388 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2389 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2390 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2391 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2392 DEFINE_PROP_STRING("product", SCSIDiskState, product)
b443ae67 2393
39bffca2
AL		 2394static Property scsi_hd_properties[] = {
2395 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2396 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2397 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2398 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2399 SCSI_DISK_F_DPOFUA, false),
27395add 2400 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
d252df48 2401 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 2402 DEFINE_PROP_END_OF_LIST(),
2403};
2404
43b978b9
PB		 2405static const VMStateDescription vmstate_scsi_disk_state = {
2406 .name = "scsi-disk",
2407 .version_id = 1,
2408 .minimum_version_id = 1,
2409 .minimum_version_id_old = 1,
2410 .fields = (VMStateField[]) {
2411 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2412 VMSTATE_BOOL(media_changed, SCSIDiskState),
2413 VMSTATE_BOOL(media_event, SCSIDiskState),
2414 VMSTATE_BOOL(eject_request, SCSIDiskState),
2415 VMSTATE_BOOL(tray_open, SCSIDiskState),
2416 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2417 VMSTATE_END_OF_LIST()
2418 }
2419};
2420
b9eea3e6
AL		 2421static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2422{
39bffca2 2423 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2424 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2425
2426 sc->init = scsi_hd_initfn;
2427 sc->destroy = scsi_destroy;
2428 sc->alloc_req = scsi_new_request;
2429 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2430 dc->fw_name = "disk";
2431 dc->desc = "virtual SCSI disk";
2432 dc->reset = scsi_disk_reset;
2433 dc->props = scsi_hd_properties;
43b978b9 2434 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2435}
2436
8c43a6f0 2437static const TypeInfo scsi_hd_info = {
39bffca2
AL		 2438 .name = "scsi-hd",
2439 .parent = TYPE_SCSI_DEVICE,
2440 .instance_size = sizeof(SCSIDiskState),
2441 .class_init = scsi_hd_class_initfn,
2442};
2443
2444static Property scsi_cd_properties[] = {
2445 DEFINE_SCSI_DISK_PROPERTIES(),
27395add 2446 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
39bffca2 2447 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 2448};
2449
2450static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2451{
39bffca2 2452 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2453 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2454
2455 sc->init = scsi_cd_initfn;
2456 sc->destroy = scsi_destroy;
2457 sc->alloc_req = scsi_new_request;
2458 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2459 dc->fw_name = "disk";
2460 dc->desc = "virtual SCSI CD-ROM";
2461 dc->reset = scsi_disk_reset;
2462 dc->props = scsi_cd_properties;
43b978b9 2463 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2464}
2465
8c43a6f0 2466static const TypeInfo scsi_cd_info = {
39bffca2
AL		 2467 .name = "scsi-cd",
2468 .parent = TYPE_SCSI_DEVICE,
2469 .instance_size = sizeof(SCSIDiskState),
2470 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 2471};
2472
336a6915 2473#ifdef __linux__
39bffca2 2474static Property scsi_block_properties[] = {
03847837 2475 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
0f1da449 2476 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
39bffca2
AL		 2477 DEFINE_PROP_END_OF_LIST(),
2478};
2479
b9eea3e6
AL		 2480static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2481{
39bffca2 2482 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2483 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2484
2485 sc->init = scsi_block_initfn;
2486 sc->destroy = scsi_destroy;
2487 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 2488 dc->fw_name = "disk";
2489 dc->desc = "SCSI block device passthrough";
2490 dc->reset = scsi_disk_reset;
2491 dc->props = scsi_block_properties;
43b978b9 2492 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2493}
2494
8c43a6f0 2495static const TypeInfo scsi_block_info = {
39bffca2
AL		 2496 .name = "scsi-block",
2497 .parent = TYPE_SCSI_DEVICE,
2498 .instance_size = sizeof(SCSIDiskState),
2499 .class_init = scsi_block_class_initfn,
b9eea3e6 2500};
336a6915 2501#endif
b9eea3e6 2502
39bffca2
AL		 2503static Property scsi_disk_properties[] = {
2504 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2505 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2506 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2507 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2508 SCSI_DISK_F_DPOFUA, false),
27395add 2509 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
39bffca2
AL		 2510 DEFINE_PROP_END_OF_LIST(),
2511};
2512
b9eea3e6
AL		 2513static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2514{
39bffca2 2515 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2516 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2517
2518 sc->init = scsi_disk_initfn;
2519 sc->destroy = scsi_destroy;
2520 sc->alloc_req = scsi_new_request;
2521 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2522 dc->fw_name = "disk";
2523 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2524 dc->reset = scsi_disk_reset;
2525 dc->props = scsi_disk_properties;
43b978b9 2526 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2527}
2528
8c43a6f0 2529static const TypeInfo scsi_disk_info = {
39bffca2
AL		 2530 .name = "scsi-disk",
2531 .parent = TYPE_SCSI_DEVICE,
2532 .instance_size = sizeof(SCSIDiskState),
2533 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 2534};
2535
83f7d43a 2536static void scsi_disk_register_types(void)
d52affa7 2537{
39bffca2
AL		 2538 type_register_static(&scsi_hd_info);
2539 type_register_static(&scsi_cd_info);
b9eea3e6 2540#ifdef __linux__
39bffca2 2541 type_register_static(&scsi_block_info);
b9eea3e6 2542#endif
39bffca2 2543 type_register_static(&scsi_disk_info);
8ccc2ace 2544}
83f7d43a
AF		 2545
2546type_init(scsi_disk_register_types)
Qemu copy for testing