]> git.proxmox.com Git - mirror_qemu.git/blame - hw/scsi/scsi-disk.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
[mirror_qemu.git] / hw / scsi / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
a4ab4792 22#include "qemu/osdep.h"
7e462605 23#include "qemu/units.h"
da34e65c 24#include "qapi/error.h"
1de7afc9 25#include "qemu/error-report.h"
db725815 26#include "qemu/main-loop.h"
0b8fa32f 27#include "qemu/module.h"
15e09912 28#include "qemu/hw-version.h"
0d09e41a 29#include "hw/scsi/scsi.h"
ca77ee28 30#include "migration/qemu-file-types.h"
d6454270 31#include "migration/vmstate.h"
3d4a8bf0 32#include "hw/scsi/emulation.h"
08e2c9f1 33#include "scsi/constants.h"
4be74634 34#include "sysemu/block-backend.h"
9c17d615 35#include "sysemu/blockdev.h"
0d09e41a 36#include "hw/block/block.h"
a27bd6c7 37#include "hw/qdev-properties.h"
ce35e229 38#include "hw/qdev-properties-system.h"
9c17d615 39#include "sysemu/dma.h"
71f571a2 40#include "sysemu/sysemu.h"
f348b6d1 41#include "qemu/cutils.h"
59ee9500 42#include "trace.h"
db1015e9 43#include "qom/object.h"
22864256 44
336a6915
PB		 45#ifdef __linux
46#include <scsi/sg.h>
47#endif
48
7e462605
PMD		 49#define SCSI_WRITE_SAME_MAX (512 * KiB)
50#define SCSI_DMA_BUF_SIZE (128 * KiB)
215e47b9
PB		 51#define SCSI_MAX_INQUIRY_LEN 256
52#define SCSI_MAX_MODE_LEN 256
53
7e462605
PMD		 54#define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
55#define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
f8e1f533 56#define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
a917d384 57
993935f3
PB		 58#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
59
a489d195 60OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
fcaafb10 61
db1015e9 62struct SCSIDiskClass {
fcaafb10
PB		 63 SCSIDeviceClass parent_class;
64 DMAIOFunc *dma_readv;
65 DMAIOFunc *dma_writev;
94f8ba11 66 bool (*need_fua_emulation)(SCSICommand *cmd);
d31347f5 67 void (*update_sense)(SCSIRequest *r);
db1015e9 68};
d52affa7 69
4c41d2ef
GH		 70typedef struct SCSIDiskReq {
71 SCSIRequest req;
3dc516bf 72 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */
e035b43d
AL		 73 uint64_t sector;
74 uint32_t sector_count;
7285477a 75 uint32_t buflen;
a0e66a69 76 bool started;
94f8ba11 77 bool need_fua_emulation;
c87c0672
AL		 78 struct iovec iov;
79 QEMUIOVector qiov;
a597e79c 80 BlockAcctCookie acct;
4c41d2ef 81} SCSIDiskReq;
a917d384 82
18e673b8
PH		 83#define SCSI_DISK_F_REMOVABLE 0
84#define SCSI_DISK_F_DPOFUA 1
85#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
bfe3d7ac 86
db1015e9 87struct SCSIDiskState {
d52affa7 88 SCSIDevice qdev;
bfe3d7ac 89 uint32_t features;
8a9c16f6 90 bool media_changed;
3c2f7c12 91 bool media_event;
4480de19 92 bool eject_request;
64cc2284 93 uint16_t port_index;
8a1bd297 94 uint64_t max_unmap_size;
f8e1f533 95 uint64_t max_io_size;
213189ab 96 QEMUBH *bh;
383b4d9b 97 char *version;
a0fef654 98 char *serial;
353815aa
DF		 99 char *vendor;
100 char *product;
7471a649 101 char *device_id;
ece0d5e9 102 bool tray_open;
81b1008d 103 bool tray_locked;
070f8009
DB		 104 /*
105 * 0x0000 - rotation rate not reported
106 * 0x0001 - non-rotating medium (SSD)
107 * 0x0002-0x0400 - reserved
108 * 0x0401-0xffe - rotations per minute
109 * 0xffff - reserved
110 */
111 uint16_t rotation_rate;
db1015e9 112};
2e5d83bb 113
ad2d30f7 114static void scsi_free_request(SCSIRequest *req)
4d611c9a 115{
ad2d30f7
PB		 116 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
117
db4c34c3 118 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 119}
120
b45ef674
PB		 121/* Helper function for command completion with sense. */
122static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 123{
59ee9500
LV		 124 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
125 sense.ascq);
b45ef674
PB		 126 scsi_req_build_sense(&r->req, sense);
127 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 128}
129
03c90063 130static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 131{
7285477a
PB		 132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
133
134 if (!r->iov.iov_base) {
43b978b9 135 r->buflen = size;
4be74634 136 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a 137 }
3dc516bf 138 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
103b40f5 139 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
103b40f5
PB		 140}
141
43b978b9
PB		 142static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
143{
144 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
145
146 qemu_put_be64s(f, &r->sector);
147 qemu_put_be32s(f, &r->sector_count);
148 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 149 if (r->buflen) {
150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
152 } else if (!req->retry) {
153 uint32_t len = r->iov.iov_len;
154 qemu_put_be32s(f, &len);
155 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
156 }
43b978b9
PB		 157 }
158}
159
160static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
161{
162 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
163
164 qemu_get_be64s(f, &r->sector);
165 qemu_get_be32s(f, &r->sector_count);
166 qemu_get_be32s(f, &r->buflen);
167 if (r->buflen) {
168 scsi_init_iovec(r, r->buflen);
169 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
170 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 171 } else if (!r->req.retry) {
172 uint32_t len;
173 qemu_get_be32s(f, &len);
174 r->iov.iov_len = len;
175 assert(r->iov.iov_len <= r->buflen);
176 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 177 }
178 }
179
180 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
181}
182
f95f61c2
PB		 183/*
184 * scsi_handle_rw_error has two return values. False means that the error
185 * must be ignored, true means that the error has been processed and the
186 * caller should not do anything else for this request. Note that
187 * scsi_handle_rw_error always manages its reference counts, independent
188 * of the return value.
189 */
f63c68bc 190static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
f95f61c2
PB		 191{
192 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
194 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
f63c68bc
PB		 195 SCSISense sense = SENSE_CODE(NO_SENSE);
196 int error = 0;
197 bool req_has_sense = false;
198 BlockErrorAction action;
199 int status;
f95f61c2 200
f63c68bc
PB		 201 if (ret < 0) {
202 status = scsi_sense_from_errno(-ret, &sense);
203 error = -ret;
204 } else {
205 /* A passthrough command has completed with nonzero status. */
206 status = ret;
207 if (status == CHECK_CONDITION) {
208 req_has_sense = true;
209 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
210 } else {
211 error = EINVAL;
212 }
213 }
214
782a78c9
PB		 215 /*
216 * Check whether the error has to be handled by the guest or should
217 * rather follow the rerror=/werror= settings. Guest-handled errors
218 * are usually retried immediately, so do not post them to QMP and
219 * do not account them as failed I/O.
220 */
221 if (req_has_sense &&
222 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
223 action = BLOCK_ERROR_ACTION_REPORT;
224 acct_failed = false;
225 } else {
226 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
227 blk_error_action(s->qdev.conf.blk, action, is_read, error);
228 }
229
230 switch (action) {
231 case BLOCK_ERROR_ACTION_REPORT:
f95f61c2
PB		 232 if (acct_failed) {
233 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
234 }
f63c68bc 235 if (req_has_sense) {
782a78c9
PB		 236 sdc->update_sense(&r->req);
237 } else if (status == CHECK_CONDITION) {
238 scsi_req_build_sense(&r->req, sense);
f95f61c2 239 }
782a78c9
PB		 240 scsi_req_complete(&r->req, status);
241 return true;
f95f61c2 242
782a78c9 243 case BLOCK_ERROR_ACTION_IGNORE:
424740de 244 return false;
f95f61c2 245
782a78c9 246 case BLOCK_ERROR_ACTION_STOP:
f95f61c2 247 scsi_req_retry(&r->req);
782a78c9
PB		 248 return true;
249
250 default:
251 g_assert_not_reached();
f95f61c2 252 }
f95f61c2
PB		 253}
254
5b956f41
PB		 255static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
256{
257 if (r->req.io_canceled) {
258 scsi_req_cancel_complete(&r->req);
259 return true;
260 }
261
f63c68bc
PB		 262 if (ret < 0) {
263 return scsi_handle_rw_error(r, ret, acct_failed);
5b956f41
PB		 264 }
265
266 return false;
267}
268
c1b35247 269static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 270{
271 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
273
46e3f30e
PB		 274 assert(r->req.aiocb != NULL);
275 r->req.aiocb = NULL;
b9e413dd 276 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5b956f41 277 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 278 goto done;
279 }
5d0d2467 280
d7628080 281 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
5d0d2467
PB		 282 scsi_req_complete(&r->req, GOOD);
283
284done:
b9e413dd 285 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
3df9caf8 286 scsi_req_unref(&r->req);
5d0d2467
PB		 287}
288
7e8c49c5
PB		 289static bool scsi_is_cmd_fua(SCSICommand *cmd)
290{
291 switch (cmd->buf[0]) {
292 case READ_10:
293 case READ_12:
294 case READ_16:
295 case WRITE_10:
296 case WRITE_12:
297 case WRITE_16:
298 return (cmd->buf[1] & 8) != 0;
299
7f64f8e2
PB		 300 case VERIFY_10:
301 case VERIFY_12:
302 case VERIFY_16:
7e8c49c5
PB		 303 case WRITE_VERIFY_10:
304 case WRITE_VERIFY_12:
305 case WRITE_VERIFY_16:
306 return true;
307
308 case READ_6:
309 case WRITE_6:
310 default:
311 return false;
312 }
313}
314
315static void scsi_write_do_fua(SCSIDiskReq *r)
316{
317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
318
5fd2b563 319 assert(r->req.aiocb == NULL);
5b956f41 320 assert(!r->req.io_canceled);
0c92e0e6 321
94f8ba11 322 if (r->need_fua_emulation) {
4be74634 323 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 324 BLOCK_ACCT_FLUSH);
4be74634 325 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
7e8c49c5
PB		 326 return;
327 }
328
329 scsi_req_complete(&r->req, GOOD);
3df9caf8 330 scsi_req_unref(&r->req);
7e8c49c5
PB		 331}
332
5fd2b563 333static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
a917d384 334{
5fd2b563 335 assert(r->req.aiocb == NULL);
5b956f41 336 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 337 goto done;
338 }
a597e79c 339
b77912a7
PB		 340 r->sector += r->sector_count;
341 r->sector_count = 0;
7e8c49c5
PB		 342 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
343 scsi_write_do_fua(r);
344 return;
345 } else {
346 scsi_req_complete(&r->req, GOOD);
347 }
c7bae6a7
PB		 348
349done:
3df9caf8 350 scsi_req_unref(&r->req);
4d611c9a
PB		 351}
352
ef8489d4
PB		 353static void scsi_dma_complete(void *opaque, int ret)
354{
355 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5fd2b563 356 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ef8489d4
PB		 357
358 assert(r->req.aiocb != NULL);
5fd2b563
PB		 359 r->req.aiocb = NULL;
360
b9e413dd 361 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 362 if (ret < 0) {
363 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
364 } else {
365 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
366 }
5fd2b563 367 scsi_dma_complete_noio(r, ret);
b9e413dd 368 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
ef8489d4
PB		 369}
370
1505421a 371static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
0a4ac106 372{
1505421a 373 uint32_t n;
0a4ac106 374
1505421a
ZL		 375 assert(r->req.aiocb == NULL);
376 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 377 goto done;
378 }
0a4ac106 379
3dc516bf 380 n = r->qiov.size / BDRV_SECTOR_SIZE;
b77912a7
PB		 381 r->sector += n;
382 r->sector_count -= n;
383 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 384
385done:
3df9caf8 386 scsi_req_unref(&r->req);
1505421a
ZL		 387}
388
389static void scsi_read_complete(void *opaque, int ret)
390{
391 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
392 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
393
394 assert(r->req.aiocb != NULL);
395 r->req.aiocb = NULL;
396
397 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
398 if (ret < 0) {
399 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
400 } else {
401 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
402 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
403 }
404 scsi_read_complete_noio(r, ret);
b9e413dd 405 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
0a4ac106 406}
5dba48a8 407
ac668426 408/* Actually issue a read to the block device. */
5fd2b563 409static void scsi_do_read(SCSIDiskReq *r, int ret)
ac668426 410{
ac668426 411 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 412 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ac668426 413
5fd2b563 414 assert (r->req.aiocb == NULL);
5b956f41 415 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 416 goto done;
417 }
ac668426 418
31e8fd86
PB		 419 /* The request is used as the AIO opaque value, so add a ref. */
420 scsi_req_ref(&r->req);
421
ac668426 422 if (r->req.sg) {
4be74634 423 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
5f412602 424 r->req.residual -= r->req.sg->size;
fcaafb10
PB		 425 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
426 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 427 BDRV_SECTOR_SIZE,
fcaafb10
PB		 428 sdc->dma_readv, r, scsi_dma_complete, r,
429 DMA_DIRECTION_FROM_DEVICE);
ac668426 430 } else {
03c90063 431 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
4be74634 432 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 433 r->qiov.size, BLOCK_ACCT_READ);
890e48d7 434 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
fcaafb10 435 scsi_read_complete, r, r);
ac668426
PB		 436 }
437
438done:
3df9caf8 439 scsi_req_unref(&r->req);
ac668426
PB		 440}
441
5fd2b563
PB		 442static void scsi_do_read_cb(void *opaque, int ret)
443{
444 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
445 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
446
447 assert (r->req.aiocb != NULL);
448 r->req.aiocb = NULL;
449
b9e413dd 450 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 451 if (ret < 0) {
452 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
453 } else {
454 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
455 }
5fd2b563 456 scsi_do_read(opaque, ret);
b9e413dd 457 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 458}
459
5c6c0e51
HR		 460/* Read more data from scsi device into buffer. */
461static void scsi_read_data(SCSIRequest *req)
2e5d83bb 462{
5c6c0e51 463 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 464 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 465 bool first;
2e5d83bb 466
59ee9500 467 trace_scsi_disk_read_data_count(r->sector_count);
a917d384 468 if (r->sector_count == 0) {
b45ef674
PB		 469 /* This also clears the sense buffer for REQUEST SENSE. */
470 scsi_req_complete(&r->req, GOOD);
a917d384 471 return;
2e5d83bb
PB		 472 }
473
6fa2c95f
SH		 474 /* No data transfer may already be in progress */
475 assert(r->req.aiocb == NULL);
476
c7bae6a7
PB		 477 /* The request is used as the AIO opaque value, so add a ref. */
478 scsi_req_ref(&r->req);
efb9ee02 479 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
59ee9500 480 trace_scsi_disk_read_data_invalid();
1505421a 481 scsi_read_complete_noio(r, -EINVAL);
efb9ee02
HR		 482 return;
483 }
484
cd723b85 485 if (!blk_is_available(req->dev->conf.blk)) {
1505421a 486 scsi_read_complete_noio(r, -ENOMEDIUM);
c7bae6a7 487 return;
a1aff5bf 488 }
c7bae6a7 489
ac668426 490 first = !r->started;
a0e66a69 491 r->started = true;
94f8ba11 492 if (first && r->need_fua_emulation) {
4be74634 493 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 494 BLOCK_ACCT_FLUSH);
5fd2b563 495 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
5d0d2467 496 } else {
ac668426 497 scsi_do_read(r, 0);
5d0d2467 498 }
2e5d83bb
PB		 499}
500
5fd2b563 501static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
4d611c9a 502{
ea8a5d7f
AL		 503 uint32_t n;
504
5fd2b563 505 assert (r->req.aiocb == NULL);
5b956f41 506 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 507 goto done;
508 }
a597e79c 509
3dc516bf 510 n = r->qiov.size / BDRV_SECTOR_SIZE;
ea8a5d7f
AL		 511 r->sector += n;
512 r->sector_count -= n;
a917d384 513 if (r->sector_count == 0) {
7e8c49c5
PB		 514 scsi_write_do_fua(r);
515 return;
a917d384 516 } else {
43b978b9 517 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
59ee9500 518 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
103b40f5 519 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 520 }
c7bae6a7
PB		 521
522done:
3df9caf8 523 scsi_req_unref(&r->req);
4d611c9a
PB		 524}
525
5fd2b563
PB		 526static void scsi_write_complete(void * opaque, int ret)
527{
528 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
529 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
530
531 assert (r->req.aiocb != NULL);
532 r->req.aiocb = NULL;
533
b9e413dd 534 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 535 if (ret < 0) {
536 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
537 } else {
538 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
539 }
5fd2b563 540 scsi_write_complete_noio(r, ret);
b9e413dd 541 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 542}
543
42741212 544static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 545{
5c6c0e51 546 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 547 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 548 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ea8a5d7f 549
6fa2c95f
SH		 550 /* No data transfer may already be in progress */
551 assert(r->req.aiocb == NULL);
552
c7bae6a7
PB		 553 /* The request is used as the AIO opaque value, so add a ref. */
554 scsi_req_ref(&r->req);
efb9ee02 555 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
59ee9500 556 trace_scsi_disk_write_data_invalid();
5fd2b563 557 scsi_write_complete_noio(r, -EINVAL);
42741212 558 return;
efb9ee02
HR		 559 }
560
5d0d2467
PB		 561 if (!r->req.sg && !r->qiov.size) {
562 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 563 r->started = true;
5fd2b563 564 scsi_write_complete_noio(r, 0);
5d0d2467
PB		 565 return;
566 }
cd723b85 567 if (!blk_is_available(req->dev->conf.blk)) {
5fd2b563 568 scsi_write_complete_noio(r, -ENOMEDIUM);
5d0d2467
PB		 569 return;
570 }
571
7f64f8e2
PB		 572 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
573 r->req.cmd.buf[0] == VERIFY_16) {
574 if (r->req.sg) {
ef8489d4 575 scsi_dma_complete_noio(r, 0);
7f64f8e2 576 } else {
5fd2b563 577 scsi_write_complete_noio(r, 0);
7f64f8e2
PB		 578 }
579 return;
580 }
581
5d0d2467 582 if (r->req.sg) {
4be74634 583 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
5f412602 584 r->req.residual -= r->req.sg->size;
fcaafb10
PB		 585 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
586 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 587 BDRV_SECTOR_SIZE,
fcaafb10
PB		 588 sdc->dma_writev, r, scsi_dma_complete, r,
589 DMA_DIRECTION_TO_DEVICE);
5d0d2467 590 } else {
4be74634 591 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 592 r->qiov.size, BLOCK_ACCT_WRITE);
fcaafb10
PB		 593 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
594 scsi_write_complete, r, r);
ea8a5d7f 595 }
a917d384 596}
2e5d83bb 597
a917d384 598/* Return a pointer to the data buffer. */
5c6c0e51 599static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 600{
5c6c0e51 601 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 602
3f4cb3d3 603 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 604}
605
3d4a8bf0 606static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
0b06c059 607{
383b4d9b 608 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0a96ca24
DHB		 609 uint8_t page_code = req->cmd.buf[2];
610 int start, buflen = 0;
0b06c059 611
0a96ca24
DHB		 612 outbuf[buflen++] = s->qdev.type & 0x1f;
613 outbuf[buflen++] = page_code;
614 outbuf[buflen++] = 0x00;
615 outbuf[buflen++] = 0x00;
616 start = buflen;
3e1c0c9a 617
0a96ca24
DHB		 618 switch (page_code) {
619 case 0x00: /* Supported page codes, mandatory */
620 {
59ee9500 621 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
0a96ca24
DHB		 622 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
623 if (s->serial) {
624 outbuf[buflen++] = 0x80; /* unit serial number */
625 }
626 outbuf[buflen++] = 0x83; /* device identification */
627 if (s->qdev.type == TYPE_DISK) {
628 outbuf[buflen++] = 0xb0; /* block limits */
629 outbuf[buflen++] = 0xb1; /* block device characteristics */
630 outbuf[buflen++] = 0xb2; /* thin provisioning */
631 }
632 break;
633 }
634 case 0x80: /* Device serial number, optional */
635 {
636 int l;
0b06c059 637
0a96ca24 638 if (!s->serial) {
59ee9500 639 trace_scsi_disk_emulate_vpd_page_80_not_supported();
0a96ca24 640 return -1;
0b06c059
GH		 641 }
642
0a96ca24
DHB		 643 l = strlen(s->serial);
644 if (l > 36) {
645 l = 36;
646 }
0b06c059 647
59ee9500 648 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
0a96ca24
DHB		 649 memcpy(outbuf + buflen, s->serial, l);
650 buflen += l;
651 break;
652 }
64cc2284 653
0a96ca24
DHB		 654 case 0x83: /* Device identification page, mandatory */
655 {
7471a649 656 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
64cc2284 657
59ee9500 658 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
0a96ca24 659
a8f58afc
KW		 660 if (id_len) {
661 outbuf[buflen++] = 0x2; /* ASCII */
662 outbuf[buflen++] = 0; /* not officially assigned */
663 outbuf[buflen++] = 0; /* reserved */
664 outbuf[buflen++] = id_len; /* length of data following */
7471a649 665 memcpy(outbuf + buflen, s->device_id, id_len);
a8f58afc
KW		 666 buflen += id_len;
667 }
0a96ca24
DHB		 668
669 if (s->qdev.wwn) {
670 outbuf[buflen++] = 0x1; /* Binary */
671 outbuf[buflen++] = 0x3; /* NAA */
672 outbuf[buflen++] = 0; /* reserved */
673 outbuf[buflen++] = 8;
674 stq_be_p(&outbuf[buflen], s->qdev.wwn);
675 buflen += 8;
ea3bd56f 676 }
0a96ca24
DHB		 677
678 if (s->qdev.port_wwn) {
679 outbuf[buflen++] = 0x61; /* SAS / Binary */
680 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
681 outbuf[buflen++] = 0; /* reserved */
682 outbuf[buflen++] = 8;
683 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
684 buflen += 8;
070f8009 685 }
0a96ca24
DHB		 686
687 if (s->port_index) {
688 outbuf[buflen++] = 0x61; /* SAS / Binary */
689
690 /* PIV/Target port/relative target port */
691 outbuf[buflen++] = 0x94;
692
693 outbuf[buflen++] = 0; /* reserved */
694 outbuf[buflen++] = 4;
695 stw_be_p(&outbuf[buflen + 2], s->port_index);
696 buflen += 4;
ee3659e3 697 }
0a96ca24
DHB		 698 break;
699 }
700 case 0xb0: /* block limits */
701 {
3d4a8bf0 702 SCSIBlockLimits bl = {};
0a96ca24
DHB		 703
704 if (s->qdev.type == TYPE_ROM) {
59ee9500 705 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
0b06c059
GH		 706 return -1;
707 }
3d4a8bf0
PB		 708 bl.wsnz = 1;
709 bl.unmap_sectors =
710 s->qdev.conf.discard_granularity / s->qdev.blocksize;
711 bl.min_io_size =
712 s->qdev.conf.min_io_size / s->qdev.blocksize;
713 bl.opt_io_size =
714 s->qdev.conf.opt_io_size / s->qdev.blocksize;
715 bl.max_unmap_sectors =
716 s->max_unmap_size / s->qdev.blocksize;
717 bl.max_io_sectors =
718 s->max_io_size / s->qdev.blocksize;
719 /* 255 descriptors fit in 4 KiB with an 8-byte header */
720 bl.max_unmap_descr = 255;
721
0a96ca24
DHB		 722 if (s->qdev.type == TYPE_DISK) {
723 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
724 int max_io_sectors_blk =
725 max_transfer_blk / s->qdev.blocksize;
726
3d4a8bf0
PB		 727 bl.max_io_sectors =
728 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
0a96ca24 729 }
3d4a8bf0 730 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
0a96ca24
DHB		 731 break;
732 }
733 case 0xb1: /* block device characteristics */
734 {
740842c9 735 buflen = 0x40;
0a96ca24
DHB		 736 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
737 outbuf[5] = s->rotation_rate & 0xff;
740842c9
DHB		 738 outbuf[6] = 0; /* PRODUCT TYPE */
739 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
740 outbuf[8] = 0; /* VBULS */
0a96ca24
DHB		 741 break;
742 }
743 case 0xb2: /* thin provisioning */
744 {
745 buflen = 8;
746 outbuf[4] = 0;
747 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
748 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
749 outbuf[7] = 0;
750 break;
751 }
752 default:
753 return -1;
754 }
755 /* done with EVPD */
756 assert(buflen - start <= 255);
757 outbuf[start - 1] = buflen - start;
758 return buflen;
759}
760
761static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
762{
763 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
764 int buflen = 0;
765
766 if (req->cmd.buf[1] & 0x1) {
767 /* Vital product data */
768 return scsi_disk_emulate_vpd_page(req, outbuf);
0b06c059
GH		 769 }
770
771 /* Standard INQUIRY data */
772 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 773 return -1;
774 }
775
776 /* PAGE CODE == 0 */
0b06c059 777 buflen = req->cmd.xfer;
f01b5931 778 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 779 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 780 }
0b06c059 781
f37bd73b 782 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 783 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 784
785 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
786 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
787
314b1811 788 memset(&outbuf[32], 0, 4);
552fee93 789 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 790 /*
791 * We claim conformance to SPC-3, which is required for guests
792 * to ask for modern features like READ CAPACITY(16) or the
793 * block characteristics VPD page by default. Not all of SPC-3
794 * is actually implemented, but we're good enough.
795 */
2343be0d 796 outbuf[2] = s->qdev.default_scsi_version;
1109c894 797 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 798
799 if (buflen > 36) {
800 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
801 } else {
802 /* If the allocation length of CDB is too small,
803 the additional length is not adjusted */
804 outbuf[4] = 36 - 5;
805 }
806
0b06c059 807 /* Sync data transfer and TCQ. */
afd4030c 808 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 809 return buflen;
810}
811
430ee2f2
PB		 812static inline bool media_is_dvd(SCSIDiskState *s)
813{
814 uint64_t nb_sectors;
815 if (s->qdev.type != TYPE_ROM) {
816 return false;
817 }
cd723b85 818 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 819 return false;
820 }
4be74634 821 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
430ee2f2
PB		 822 return nb_sectors > CD_MAX_SECTORS;
823}
824
ceb792ef
PB		 825static inline bool media_is_cd(SCSIDiskState *s)
826{
827 uint64_t nb_sectors;
828 if (s->qdev.type != TYPE_ROM) {
829 return false;
830 }
cd723b85 831 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 832 return false;
833 }
4be74634 834 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 835 return nb_sectors <= CD_MAX_SECTORS;
836}
837
1a4f0c3a
PB		 838static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
839 uint8_t *outbuf)
840{
841 uint8_t type = r->req.cmd.buf[1] & 7;
842
843 if (s->qdev.type != TYPE_ROM) {
844 return -1;
845 }
846
847 /* Types 1/2 are only defined for Blu-Ray. */
848 if (type != 0) {
849 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
850 return -1;
851 }
852
853 memset(outbuf, 0, 34);
854 outbuf[1] = 32;
855 outbuf[2] = 0xe; /* last session complete, disc finalized */
856 outbuf[3] = 1; /* first track on disc */
857 outbuf[4] = 1; /* # of sessions */
858 outbuf[5] = 1; /* first track of last session */
859 outbuf[6] = 1; /* last track of last session */
860 outbuf[7] = 0x20; /* unrestricted use */
861 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
862 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
863 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
864 /* 24-31: disc bar code */
865 /* 32: disc application code */
866 /* 33: number of OPC tables */
867
868 return 34;
869}
870
b6c251ab
PB		 871static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
872 uint8_t *outbuf)
873{
ceb792ef
PB		 874 static const int rds_caps_size[5] = {
875 [0] = 2048 + 4,
876 [1] = 4 + 4,
877 [3] = 188 + 4,
878 [4] = 2048 + 4,
879 };
880
881 uint8_t media = r->req.cmd.buf[1];
882 uint8_t layer = r->req.cmd.buf[6];
883 uint8_t format = r->req.cmd.buf[7];
884 int size = -1;
885
886 if (s->qdev.type != TYPE_ROM) {
887 return -1;
888 }
889 if (media != 0) {
890 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
891 return -1;
892 }
893
894 if (format != 0xff) {
cd723b85 895 if (!blk_is_available(s->qdev.conf.blk)) {
ceb792ef
PB		 896 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
897 return -1;
898 }
899 if (media_is_cd(s)) {
900 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
901 return -1;
902 }
903 if (format >= ARRAY_SIZE(rds_caps_size)) {
904 return -1;
905 }
906 size = rds_caps_size[format];
907 memset(outbuf, 0, size);
908 }
909
910 switch (format) {
911 case 0x00: {
912 /* Physical format information */
913 uint64_t nb_sectors;
914 if (layer != 0) {
915 goto fail;
916 }
4be74634 917 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 918
919 outbuf[4] = 1; /* DVD-ROM, part version 1 */
920 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
921 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
922 outbuf[7] = 0; /* default densities */
923
924 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
925 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
926 break;
927 }
928
929 case 0x01: /* DVD copyright information, all zeros */
930 break;
931
932 case 0x03: /* BCA information - invalid field for no BCA info */
933 return -1;
934
935 case 0x04: /* DVD disc manufacturing information, all zeros */
936 break;
937
938 case 0xff: { /* List capabilities */
939 int i;
940 size = 4;
941 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
942 if (!rds_caps_size[i]) {
943 continue;
944 }
945 outbuf[size] = i;
946 outbuf[size + 1] = 0x40; /* Not writable, readable */
947 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
948 size += 4;
949 }
950 break;
951 }
952
953 default:
954 return -1;
955 }
956
957 /* Size of buffer, not including 2 byte size field */
958 stw_be_p(outbuf, size - 2);
959 return size;
960
961fail:
b6c251ab
PB		 962 return -1;
963}
964
3c2f7c12 965static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 966{
3c2f7c12
PB		 967 uint8_t event_code, media_status;
968
969 media_status = 0;
970 if (s->tray_open) {
971 media_status = MS_TRAY_OPEN;
4be74634 972 } else if (blk_is_inserted(s->qdev.conf.blk)) {
3c2f7c12
PB		 973 media_status = MS_MEDIA_PRESENT;
974 }
975
976 /* Event notification descriptor */
977 event_code = MEC_NO_CHANGE;
4480de19
PB		 978 if (media_status != MS_TRAY_OPEN) {
979 if (s->media_event) {
980 event_code = MEC_NEW_MEDIA;
981 s->media_event = false;
982 } else if (s->eject_request) {
983 event_code = MEC_EJECT_REQUESTED;
984 s->eject_request = false;
985 }
3c2f7c12
PB		 986 }
987
988 outbuf[0] = event_code;
989 outbuf[1] = media_status;
990
991 /* These fields are reserved, just clear them. */
992 outbuf[2] = 0;
993 outbuf[3] = 0;
994 return 4;
995}
996
997static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
998 uint8_t *outbuf)
999{
1000 int size;
1001 uint8_t *buf = r->req.cmd.buf;
1002 uint8_t notification_class_request = buf[4];
1003 if (s->qdev.type != TYPE_ROM) {
1004 return -1;
1005 }
1006 if ((buf[1] & 1) == 0) {
1007 /* asynchronous */
1008 return -1;
1009 }
1010
1011 size = 4;
1012 outbuf[0] = outbuf[1] = 0;
1013 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1014 if (notification_class_request & (1 << GESN_MEDIA)) {
1015 outbuf[2] = GESN_MEDIA;
1016 size += scsi_event_status_media(s, &outbuf[size]);
1017 } else {
1018 outbuf[2] = 0x80;
1019 }
1020 stw_be_p(outbuf, size - 4);
1021 return size;
b6c251ab
PB		 1022}
1023
430ee2f2 1024static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 1025{
430ee2f2
PB		 1026 int current;
1027
b6c251ab
PB		 1028 if (s->qdev.type != TYPE_ROM) {
1029 return -1;
1030 }
7d99f4c1
MR		 1031
1032 if (media_is_dvd(s)) {
1033 current = MMC_PROFILE_DVD_ROM;
1034 } else if (media_is_cd(s)) {
1035 current = MMC_PROFILE_CD_ROM;
1036 } else {
1037 current = MMC_PROFILE_NONE;
1038 }
1039
430ee2f2
PB		 1040 memset(outbuf, 0, 40);
1041 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1042 stw_be_p(&outbuf[6], current);
1043 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1044 outbuf[10] = 0x03; /* persistent, current */
1045 outbuf[11] = 8; /* two profiles */
1046 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1047 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1048 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1049 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1050 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1051 stw_be_p(&outbuf[20], 1);
1052 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1053 outbuf[23] = 8;
1054 stl_be_p(&outbuf[24], 1); /* SCSI */
1055 outbuf[28] = 1; /* DBE = 1, mandatory */
1056 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1057 stw_be_p(&outbuf[32], 3);
1058 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1059 outbuf[35] = 4;
1060 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1061 /* TODO: Random readable, CD read, DVD read, drive serial number,
1062 power management */
1063 return 40;
b6c251ab
PB		 1064}
1065
1066static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1067{
1068 if (s->qdev.type != TYPE_ROM) {
1069 return -1;
1070 }
1071 memset(outbuf, 0, 8);
1072 outbuf[5] = 1; /* CD-ROM */
1073 return 8;
1074}
1075
cfc606da 1076static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 1077 int page_control)
ebddfcbe 1078{
a8f4bbe2
PB		 1079 static const int mode_sense_valid[0x3f] = {
1080 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1081 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1082 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 1083 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1084 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 1085 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1086 };
ef405611
PB		 1087
1088 uint8_t *p = *p_outbuf + 2;
1089 int length;
ebddfcbe 1090
b3af7fdf 1091 assert(page < ARRAY_SIZE(mode_sense_valid));
a8f4bbe2
PB		 1092 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1093 return -1;
1094 }
1095
282ab04e
BK		 1096 /*
1097 * If Changeable Values are requested, a mask denoting those mode parameters
1098 * that are changeable shall be returned. As we currently don't support
1099 * parameter changes via MODE_SELECT all bits are returned set to zero.
1100 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 1101 *
1102 * The offsets here are off by two compared to the descriptions in the
1103 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1104 * but it is done so that offsets are consistent within our implementation
1105 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1106 * 2-byte and 4-byte headers.
282ab04e 1107 */
ebddfcbe 1108 switch (page) {
67cc61e4 1109 case MODE_PAGE_HD_GEOMETRY:
ef405611 1110 length = 0x16;
282ab04e 1111 if (page_control == 1) { /* Changeable Values */
cfc606da 1112 break;
282ab04e 1113 }
ebddfcbe 1114 /* if a geometry hint is available, use it */
ef405611
PB		 1115 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1116 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1117 p[2] = s->qdev.conf.cyls & 0xff;
1118 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1119 /* Write precomp start cylinder, disabled */
ef405611
PB		 1120 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1121 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1122 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1123 /* Reduced current start cylinder, disabled */
ef405611
PB		 1124 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1125 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1126 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1127 /* Device step rate [ns], 200ns */
ef405611
PB		 1128 p[10] = 0;
1129 p[11] = 200;
ebddfcbe 1130 /* Landing zone cylinder */
ef405611
PB		 1131 p[12] = 0xff;
1132 p[13] = 0xff;
ebddfcbe 1133 p[14] = 0xff;
ebddfcbe 1134 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1135 p[18] = (5400 >> 8) & 0xff;
1136 p[19] = 5400 & 0xff;
cfc606da 1137 break;
ebddfcbe 1138
67cc61e4 1139 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1140 length = 0x1e;
282ab04e 1141 if (page_control == 1) { /* Changeable Values */
cfc606da 1142 break;
282ab04e 1143 }
ebddfcbe 1144 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1145 p[0] = 5000 >> 8;
1146 p[1] = 5000 & 0xff;
ebddfcbe 1147 /* if a geometry hint is available, use it */
ef405611
PB		 1148 p[2] = s->qdev.conf.heads & 0xff;
1149 p[3] = s->qdev.conf.secs & 0xff;
1150 p[4] = s->qdev.blocksize >> 8;
1151 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1152 p[7] = s->qdev.conf.cyls & 0xff;
1153 /* Write precomp start cylinder, disabled */
d252df48
MA		 1154 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1155 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1156 /* Reduced current start cylinder, disabled */
d252df48
MA		 1157 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1158 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1159 /* Device step rate [100us], 100us */
ef405611
PB		 1160 p[12] = 0;
1161 p[13] = 1;
ebddfcbe 1162 /* Device step pulse width [us], 1us */
ef405611 1163 p[14] = 1;
ebddfcbe 1164 /* Device head settle delay [100us], 100us */
ef405611
PB		 1165 p[15] = 0;
1166 p[16] = 1;
ebddfcbe 1167 /* Motor on delay [0.1s], 0.1s */
ef405611 1168 p[17] = 1;
ebddfcbe 1169 /* Motor off delay [0.1s], 0.1s */
ef405611 1170 p[18] = 1;
ebddfcbe 1171 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1172 p[26] = (5400 >> 8) & 0xff;
1173 p[27] = 5400 & 0xff;
cfc606da 1174 break;
ebddfcbe 1175
67cc61e4 1176 case MODE_PAGE_CACHING:
ef405611 1177 length = 0x12;
96c91bbf 1178 if (page_control == 1 || /* Changeable Values */
4be74634 1179 blk_enable_write_cache(s->qdev.conf.blk)) {
ef405611 1180 p[0] = 4; /* WCE */
ebddfcbe 1181 }
cfc606da 1182 break;
ebddfcbe 1183
a07c7dcd 1184 case MODE_PAGE_R_W_ERROR:
ef405611 1185 length = 10;
4f588b15
PB		 1186 if (page_control == 1) { /* Changeable Values */
1187 break;
1188 }
ef405611 1189 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1190 if (s->qdev.type == TYPE_ROM) {
ef405611 1191 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1192 }
1193 break;
1194
1195 case MODE_PAGE_AUDIO_CTL:
ef405611 1196 length = 14;
a07c7dcd
PB		 1197 break;
1198
67cc61e4 1199 case MODE_PAGE_CAPABILITIES:
ef405611 1200 length = 0x14;
282ab04e 1201 if (page_control == 1) { /* Changeable Values */
cfc606da 1202 break;
282ab04e 1203 }
a07c7dcd 1204
ef405611
PB		 1205 p[0] = 0x3b; /* CD-R & CD-RW read */
1206 p[1] = 0; /* Writing not supported */
1207 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1208 mode 2 form 1&2, multi session */
ef405611 1209 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1210 RW corrected, C2 errors, ISRC,
1211 UPC, Bar code */
ef405611 1212 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1213 /* Locking supported, jumper present, eject, tray */
ef405611 1214 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1215 changer */
ef405611
PB		 1216 p[6] = (50 * 176) >> 8; /* 50x read speed */
1217 p[7] = (50 * 176) & 0xff;
1218 p[8] = 2 >> 8; /* Two volume levels */
1219 p[9] = 2 & 0xff;
1220 p[10] = 2048 >> 8; /* 2M buffer */
1221 p[11] = 2048 & 0xff;
1222 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1223 p[13] = (16 * 176) & 0xff;
1224 p[16] = (16 * 176) >> 8; /* 16x write speed */
1225 p[17] = (16 * 176) & 0xff;
1226 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1227 p[19] = (16 * 176) & 0xff;
cfc606da 1228 break;
ebddfcbe
GH		 1229
1230 default:
cfc606da 1231 return -1;
ebddfcbe 1232 }
cfc606da 1233
ef405611
PB		 1234 assert(length < 256);
1235 (*p_outbuf)[0] = page;
1236 (*p_outbuf)[1] = length;
1237 *p_outbuf += length + 2;
1238 return length + 2;
ebddfcbe
GH		 1239}
1240
cfc606da 1241static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1242{
cfc606da 1243 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1244 uint64_t nb_sectors;
e590ecbe
PB		 1245 bool dbd;
1246 int page, buflen, ret, page_control;
ebddfcbe 1247 uint8_t *p;
ce512ee1 1248 uint8_t dev_specific_param;
ebddfcbe 1249
e590ecbe 1250 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1251 page = r->req.cmd.buf[2] & 0x3f;
1252 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
59ee9500
LV		 1253
1254 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1255 10, page, r->req.cmd.xfer, page_control);
cfc606da 1256 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1257 p = outbuf;
1258
e590ecbe 1259 if (s->qdev.type == TYPE_DISK) {
da8365db 1260 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
86b1cf32 1261 if (!blk_is_writable(s->qdev.conf.blk)) {
e590ecbe
PB		 1262 dev_specific_param |= 0x80; /* Readonly. */
1263 }
ce512ee1 1264 } else {
e590ecbe
PB		 1265 /* MMC prescribes that CD/DVD drives have no block descriptors,
1266 * and defines no device-specific parameter. */
6a2de0f2 1267 dev_specific_param = 0x00;
e590ecbe 1268 dbd = true;
ce512ee1
BK		 1269 }
1270
cfc606da 1271 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1272 p[1] = 0; /* Default media type. */
1273 p[2] = dev_specific_param;
1274 p[3] = 0; /* Block descriptor length. */
1275 p += 4;
1276 } else { /* MODE_SENSE_10 */
1277 p[2] = 0; /* Default media type. */
1278 p[3] = dev_specific_param;
1279 p[6] = p[7] = 0; /* Block descriptor length. */
1280 p += 8;
ebddfcbe 1281 }
ebddfcbe 1282
4be74634 1283 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
e590ecbe 1284 if (!dbd && nb_sectors) {
cfc606da 1285 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1286 outbuf[3] = 8; /* Block descriptor length */
1287 } else { /* MODE_SENSE_10 */
1288 outbuf[7] = 8; /* Block descriptor length */
1289 }
3dc516bf 1290 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
f01b5931 1291 if (nb_sectors > 0xffffff) {
2488b740 1292 nb_sectors = 0;
f01b5931 1293 }
ebddfcbe
GH		 1294 p[0] = 0; /* media density code */
1295 p[1] = (nb_sectors >> 16) & 0xff;
1296 p[2] = (nb_sectors >> 8) & 0xff;
1297 p[3] = nb_sectors & 0xff;
1298 p[4] = 0; /* reserved */
1299 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1300 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1301 p[7] = 0;
1302 p += 8;
1303 }
1304
cfc606da
PB		 1305 if (page_control == 3) {
1306 /* Saved Values */
1307 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1308 return -1;
282ab04e
BK		 1309 }
1310
cfc606da
PB		 1311 if (page == 0x3f) {
1312 for (page = 0; page <= 0x3e; page++) {
1313 mode_sense_page(s, page, &p, page_control);
1314 }
1315 } else {
1316 ret = mode_sense_page(s, page, &p, page_control);
1317 if (ret == -1) {
1318 return -1;
1319 }
ebddfcbe
GH		 1320 }
1321
1322 buflen = p - outbuf;
ce512ee1
BK		 1323 /*
1324 * The mode data length field specifies the length in bytes of the
1325 * following data that is available to be transferred. The mode data
1326 * length does not include itself.
1327 */
cfc606da 1328 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1329 outbuf[0] = buflen - 1;
1330 } else { /* MODE_SENSE_10 */
1331 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1332 outbuf[1] = (buflen - 2) & 0xff;
1333 }
ebddfcbe
GH		 1334 return buflen;
1335}
1336
02880f43
GH		 1337static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1338{
1339 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1340 int start_track, format, msf, toclen;
1341 uint64_t nb_sectors;
1342
1343 msf = req->cmd.buf[1] & 2;
1344 format = req->cmd.buf[2] & 0xf;
1345 start_track = req->cmd.buf[6];
4be74634 1346 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
59ee9500 1347 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
3dc516bf 1348 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
02880f43
GH		 1349 switch (format) {
1350 case 0:
1351 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1352 break;
1353 case 1:
1354 /* multi session : only a single session defined */
1355 toclen = 12;
1356 memset(outbuf, 0, 12);
1357 outbuf[1] = 0x0a;
1358 outbuf[2] = 0x01;
1359 outbuf[3] = 0x01;
1360 break;
1361 case 2:
1362 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1363 break;
1364 default:
1365 return -1;
1366 }
02880f43
GH		 1367 return toclen;
1368}
1369
68bb01f3 1370static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1371{
1372 SCSIRequest *req = &r->req;
1373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1374 bool start = req->cmd.buf[4] & 1;
1375 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1376 int pwrcnd = req->cmd.buf[4] & 0xf0;
1377
1378 if (pwrcnd) {
1379 /* eject/load only happens for power condition == 0 */
1380 return 0;
1381 }
bfd52647 1382
b456a71c 1383 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1384 if (!start && !s->tray_open && s->tray_locked) {
1385 scsi_check_condition(r,
4be74634 1386 blk_is_inserted(s->qdev.conf.blk)
68bb01f3
MA		 1387 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1388 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1389 return -1;
fdec4404 1390 }
d88b1819
LC		 1391
1392 if (s->tray_open != !start) {
4be74634 1393 blk_eject(s->qdev.conf.blk, !start);
d88b1819
LC		 1394 s->tray_open = !start;
1395 }
bfd52647 1396 }
68bb01f3 1397 return 0;
bfd52647
MA		 1398}
1399
314a3299
PB		 1400static void scsi_disk_emulate_read_data(SCSIRequest *req)
1401{
1402 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1403 int buflen = r->iov.iov_len;
1404
1405 if (buflen) {
59ee9500 1406 trace_scsi_disk_emulate_read_data(buflen);
314a3299
PB		 1407 r->iov.iov_len = 0;
1408 r->started = true;
1409 scsi_req_data(&r->req, buflen);
1410 return;
1411 }
1412
1413 /* This also clears the sense buffer for REQUEST SENSE. */
1414 scsi_req_complete(&r->req, GOOD);
1415}
1416
380feaff
PB		 1417static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1418 uint8_t *inbuf, int inlen)
1419{
1420 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1421 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1422 uint8_t *p;
1423 int len, expected_len, changeable_len, i;
1424
1425 /* The input buffer does not include the page header, so it is
1426 * off by 2 bytes.
1427 */
1428 expected_len = inlen + 2;
1429 if (expected_len > SCSI_MAX_MODE_LEN) {
1430 return -1;
1431 }
1432
b3af7fdf
MMC		 1433 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
1434 if (page == MODE_PAGE_ALLS) {
1435 return -1;
1436 }
1437
380feaff
PB		 1438 p = mode_current;
1439 memset(mode_current, 0, inlen + 2);
1440 len = mode_sense_page(s, page, &p, 0);
1441 if (len < 0 || len != expected_len) {
1442 return -1;
1443 }
1444
1445 p = mode_changeable;
1446 memset(mode_changeable, 0, inlen + 2);
1447 changeable_len = mode_sense_page(s, page, &p, 1);
1448 assert(changeable_len == len);
1449
1450 /* Check that unchangeable bits are the same as what MODE SENSE
1451 * would return.
1452 */
1453 for (i = 2; i < len; i++) {
1454 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1455 return -1;
1456 }
1457 }
1458 return 0;
1459}
1460
1461static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1462{
96c91bbf
PB		 1463 switch (page) {
1464 case MODE_PAGE_CACHING:
4be74634 1465 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
96c91bbf
PB		 1466 break;
1467
1468 default:
1469 break;
1470 }
380feaff
PB		 1471}
1472
1473static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1474{
1475 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1476
1477 while (len > 0) {
1478 int page, subpage, page_len;
1479
1480 /* Parse both possible formats for the mode page headers. */
1481 page = p[0] & 0x3f;
1482 if (p[0] & 0x40) {
1483 if (len < 4) {
1484 goto invalid_param_len;
1485 }
1486 subpage = p[1];
1487 page_len = lduw_be_p(&p[2]);
1488 p += 4;
1489 len -= 4;
1490 } else {
1491 if (len < 2) {
1492 goto invalid_param_len;
1493 }
1494 subpage = 0;
1495 page_len = p[1];
1496 p += 2;
1497 len -= 2;
1498 }
1499
1500 if (subpage) {
1501 goto invalid_param;
1502 }
1503 if (page_len > len) {
1504 goto invalid_param_len;
1505 }
1506
1507 if (!change) {
1508 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1509 goto invalid_param;
1510 }
1511 } else {
1512 scsi_disk_apply_mode_select(s, page, p);
1513 }
1514
1515 p += page_len;
1516 len -= page_len;
1517 }
1518 return 0;
1519
1520invalid_param:
1521 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1522 return -1;
1523
1524invalid_param_len:
1525 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1526 return -1;
1527}
1528
1529static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1530{
accfeb2d 1531 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1532 uint8_t *p = inbuf;
1533 int cmd = r->req.cmd.buf[0];
1534 int len = r->req.cmd.xfer;
1535 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1536 int bd_len;
1537 int pass;
1538
1539 /* We only support PF=1, SP=0. */
1540 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1541 goto invalid_field;
1542 }
1543
1544 if (len < hdr_len) {
1545 goto invalid_param_len;
1546 }
1547
1548 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1549 len -= hdr_len;
1550 p += hdr_len;
1551 if (len < bd_len) {
1552 goto invalid_param_len;
1553 }
1554 if (bd_len != 0 && bd_len != 8) {
1555 goto invalid_param;
1556 }
1557
1558 len -= bd_len;
1559 p += bd_len;
1560
1561 /* Ensure no change is made if there is an error! */
1562 for (pass = 0; pass < 2; pass++) {
1563 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1564 assert(pass == 0);
1565 return;
1566 }
1567 }
4be74634 1568 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
accfeb2d
PB		 1569 /* The request is used as the AIO opaque value, so add a ref. */
1570 scsi_req_ref(&r->req);
4be74634 1571 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 1572 BLOCK_ACCT_FLUSH);
4be74634 1573 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
accfeb2d
PB		 1574 return;
1575 }
1576
380feaff
PB		 1577 scsi_req_complete(&r->req, GOOD);
1578 return;
1579
1580invalid_param:
1581 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1582 return;
1583
1584invalid_param_len:
1585 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1586 return;
1587
1588invalid_field:
1589 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1590}
1591
b802d14d 1592/* sector_num and nb_sectors expected to be in qdev blocksize */
444bc908
PB		 1593static inline bool check_lba_range(SCSIDiskState *s,
1594 uint64_t sector_num, uint32_t nb_sectors)
1595{
1596 /*
1597 * The first line tests that no overflow happens when computing the last
1598 * sector. The second line tests that the last accessed sector is in
1599 * range.
12ca76fc
PB		 1600 *
1601 * Careful, the computations should not underflow for nb_sectors == 0,
1602 * and a 0-block read to the first LBA beyond the end of device is
1603 * valid.
444bc908
PB		 1604 */
1605 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1606 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1607}
1608
5222aaf2
PB		 1609typedef struct UnmapCBData {
1610 SCSIDiskReq *r;
1611 uint8_t *inbuf;
1612 int count;
1613} UnmapCBData;
1614
5fd2b563
PB		 1615static void scsi_unmap_complete(void *opaque, int ret);
1616
1617static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
5222aaf2 1618{
5222aaf2
PB		 1619 SCSIDiskReq *r = data->r;
1620 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5222aaf2 1621
5fd2b563 1622 assert(r->req.aiocb == NULL);
d0242ead 1623
d0242ead 1624 if (data->count > 0) {
b802d14d
KW		 1625 uint64_t sector_num = ldq_be_p(&data->inbuf[0]);
1626 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1627 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1628 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1629
1630 if (!check_lba_range(s, sector_num, nb_sectors)) {
4989ef57
AN		 1631 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1632 BLOCK_ACCT_UNMAP);
5222aaf2
PB		 1633 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1634 goto done;
1635 }
1636
4989ef57
AN		 1637 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1638 r->sector_count * BDRV_SECTOR_SIZE,
1639 BLOCK_ACCT_UNMAP);
1640
1c6c4bb7 1641 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
6d068082
AN		 1642 r->sector * BDRV_SECTOR_SIZE,
1643 r->sector_count * BDRV_SECTOR_SIZE,
1c6c4bb7 1644 scsi_unmap_complete, data);
5222aaf2
PB		 1645 data->count--;
1646 data->inbuf += 16;
1647 return;
1648 }
1649
d0242ead
PB		 1650 scsi_req_complete(&r->req, GOOD);
1651
5222aaf2 1652done:
3df9caf8 1653 scsi_req_unref(&r->req);
5222aaf2
PB		 1654 g_free(data);
1655}
1656
5fd2b563
PB		 1657static void scsi_unmap_complete(void *opaque, int ret)
1658{
1659 UnmapCBData *data = opaque;
1660 SCSIDiskReq *r = data->r;
b9e413dd 1661 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5fd2b563
PB		 1662
1663 assert(r->req.aiocb != NULL);
1664 r->req.aiocb = NULL;
1665
b9e413dd 1666 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
4989ef57 1667 if (scsi_disk_req_check_error(r, ret, true)) {
90ebf843
AN		 1668 scsi_req_unref(&r->req);
1669 g_free(data);
1670 } else {
4989ef57 1671 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
90ebf843
AN		 1672 scsi_unmap_complete_noio(data, ret);
1673 }
b9e413dd 1674 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 1675}
1676
5222aaf2
PB		 1677static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1678{
c5fd1fb0 1679 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5222aaf2
PB		 1680 uint8_t *p = inbuf;
1681 int len = r->req.cmd.xfer;
1682 UnmapCBData *data;
1683
823bd739
PB		 1684 /* Reject ANCHOR=1. */
1685 if (r->req.cmd.buf[1] & 0x1) {
1686 goto invalid_field;
1687 }
1688
5222aaf2
PB		 1689 if (len < 8) {
1690 goto invalid_param_len;
1691 }
1692 if (len < lduw_be_p(&p[0]) + 2) {
1693 goto invalid_param_len;
1694 }
1695 if (len < lduw_be_p(&p[2]) + 8) {
1696 goto invalid_param_len;
1697 }
1698 if (lduw_be_p(&p[2]) & 15) {
1699 goto invalid_param_len;
1700 }
1701
86b1cf32 1702 if (!blk_is_writable(s->qdev.conf.blk)) {
4989ef57 1703 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
c5fd1fb0
PB		 1704 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1705 return;
1706 }
1707
5222aaf2
PB		 1708 data = g_new0(UnmapCBData, 1);
1709 data->r = r;
1710 data->inbuf = &p[8];
1711 data->count = lduw_be_p(&p[2]) >> 4;
1712
1713 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1714 scsi_req_ref(&r->req);
5fd2b563 1715 scsi_unmap_complete_noio(data, 0);
5222aaf2
PB		 1716 return;
1717
1718invalid_param_len:
4989ef57 1719 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
5222aaf2 1720 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
823bd739
PB		 1721 return;
1722
1723invalid_field:
4989ef57 1724 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
823bd739 1725 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
5222aaf2
PB		 1726}
1727
84f94a9a
PB		 1728typedef struct WriteSameCBData {
1729 SCSIDiskReq *r;
1730 int64_t sector;
1731 int nb_sectors;
1732 QEMUIOVector qiov;
1733 struct iovec iov;
1734} WriteSameCBData;
1735
1736static void scsi_write_same_complete(void *opaque, int ret)
1737{
1738 WriteSameCBData *data = opaque;
1739 SCSIDiskReq *r = data->r;
1740 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1741
1742 assert(r->req.aiocb != NULL);
1743 r->req.aiocb = NULL;
b9e413dd 1744 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5b956f41 1745 if (scsi_disk_req_check_error(r, ret, true)) {
84f94a9a
PB		 1746 goto done;
1747 }
1748
d7628080
AG		 1749 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1750
3dc516bf
PMD		 1751 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1752 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1753 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1754 data->iov.iov_len);
84f94a9a 1755 if (data->iov.iov_len) {
4be74634 1756 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1757 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1758 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1759 * where final qiov may need smaller size */
a56537a1 1760 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
03c90063
EB		 1761 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1762 data->sector << BDRV_SECTOR_BITS,
1763 &data->qiov, 0,
1764 scsi_write_same_complete, data);
24355b79 1765 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
84f94a9a
PB		 1766 return;
1767 }
1768
1769 scsi_req_complete(&r->req, GOOD);
1770
1771done:
3df9caf8 1772 scsi_req_unref(&r->req);
84f94a9a
PB		 1773 qemu_vfree(data->iov.iov_base);
1774 g_free(data);
b9e413dd 1775 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
84f94a9a
PB		 1776}
1777
1778static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1779{
1780 SCSIRequest *req = &r->req;
1781 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1894df02 1782 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
84f94a9a
PB		 1783 WriteSameCBData *data;
1784 uint8_t *buf;
1785 int i;
1786
1787 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1788 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1789 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1790 return;
1791 }
1792
86b1cf32 1793 if (!blk_is_writable(s->qdev.conf.blk)) {
84f94a9a
PB		 1794 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1795 return;
1796 }
1797 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1798 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1799 return;
1800 }
1801
4397a018 1802 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
84f94a9a
PB		 1803 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1804
1805 /* The request is used as the AIO opaque value, so add a ref. */
1806 scsi_req_ref(&r->req);
4be74634 1807 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8
BC		 1808 nb_sectors * s->qdev.blocksize,
1809 BLOCK_ACCT_WRITE);
d004bd52 1810 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
983a1600
EB		 1811 r->req.cmd.lba * s->qdev.blocksize,
1812 nb_sectors * s->qdev.blocksize,
4be74634 1813 flags, scsi_aio_complete, r);
84f94a9a
PB		 1814 return;
1815 }
1816
1817 data = g_new0(WriteSameCBData, 1);
1818 data->r = r;
3dc516bf
PMD		 1819 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1820 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1821 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1822 SCSI_WRITE_SAME_MAX);
4be74634
MA		 1823 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1824 data->iov.iov_len);
84f94a9a
PB		 1825 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1826
1827 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1828 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1829 }
1830
1831 scsi_req_ref(&r->req);
4be74634 1832 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1833 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1834 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1835 data->sector << BDRV_SECTOR_BITS,
1836 &data->qiov, 0,
1837 scsi_write_same_complete, data);
84f94a9a
PB		 1838}
1839
314a3299
PB		 1840static void scsi_disk_emulate_write_data(SCSIRequest *req)
1841{
af6d510d
PB		 1842 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1843
1844 if (r->iov.iov_len) {
1845 int buflen = r->iov.iov_len;
59ee9500 1846 trace_scsi_disk_emulate_write_data(buflen);
af6d510d
PB		 1847 r->iov.iov_len = 0;
1848 scsi_req_data(&r->req, buflen);
1849 return;
1850 }
1851
1852 switch (req->cmd.buf[0]) {
1853 case MODE_SELECT:
1854 case MODE_SELECT_10:
1855 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1856 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1857 break;
1858
5222aaf2
PB		 1859 case UNMAP:
1860 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1861 break;
1862
d97e7730
PB		 1863 case VERIFY_10:
1864 case VERIFY_12:
1865 case VERIFY_16:
1866 if (r->req.status == -1) {
1867 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1868 }
1869 break;
1870
84f94a9a
PB		 1871 case WRITE_SAME_10:
1872 case WRITE_SAME_16:
1873 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1874 break;
d97e7730 1875
af6d510d
PB		 1876 default:
1877 abort();
1878 }
314a3299
PB		 1879}
1880
b08d0ea0 1881static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1882{
b08d0ea0 1883 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1884 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1885 uint64_t nb_sectors;
7285477a 1886 uint8_t *outbuf;
af6d510d 1887 int buflen;
aa5dbdc1 1888
b08d0ea0
PB		 1889 switch (req->cmd.buf[0]) {
1890 case INQUIRY:
1891 case MODE_SENSE:
1892 case MODE_SENSE_10:
1893 case RESERVE:
1894 case RESERVE_10:
1895 case RELEASE:
1896 case RELEASE_10:
1897 case START_STOP:
1898 case ALLOW_MEDIUM_REMOVAL:
1899 case GET_CONFIGURATION:
1900 case GET_EVENT_STATUS_NOTIFICATION:
1901 case MECHANISM_STATUS:
1902 case REQUEST_SENSE:
1903 break;
1904
1905 default:
cd723b85 1906 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 1907 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1908 return 0;
1909 }
1910 break;
1911 }
1912
c8dcb531
PB		 1913 /*
1914 * FIXME: we shouldn't return anything bigger than 4k, but the code
1915 * requires the buffer to be as big as req->cmd.xfer in several
1916 * places. So, do not allow CDBs with a very large ALLOCATION
1917 * LENGTH. The real fix would be to modify scsi_read_data and
1918 * dma_buf_read, so that they return data beyond the buflen
1919 * as all zeros.
1920 */
1921 if (req->cmd.xfer > 65536) {
1922 goto illegal_request;
1923 }
1924 r->buflen = MAX(4096, req->cmd.xfer);
1925
7285477a 1926 if (!r->iov.iov_base) {
4be74634 1927 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 1928 }
1929
1930 outbuf = r->iov.iov_base;
c8dcb531 1931 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1932 switch (req->cmd.buf[0]) {
1933 case TEST_UNIT_READY:
cd723b85 1934 assert(blk_is_available(s->qdev.conf.blk));
5f71d32f 1935 break;
0b06c059
GH		 1936 case INQUIRY:
1937 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1938 if (buflen < 0) {
0b06c059 1939 goto illegal_request;
f01b5931 1940 }
5f71d32f 1941 break;
ebddfcbe
GH		 1942 case MODE_SENSE:
1943 case MODE_SENSE_10:
cfc606da 1944 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1945 if (buflen < 0) {
ebddfcbe 1946 goto illegal_request;
f01b5931 1947 }
ebddfcbe 1948 break;
02880f43
GH		 1949 case READ_TOC:
1950 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1951 if (buflen < 0) {
02880f43 1952 goto illegal_request;
f01b5931 1953 }
02880f43 1954 break;
3d53ba18 1955 case RESERVE:
f01b5931 1956 if (req->cmd.buf[1] & 1) {
3d53ba18 1957 goto illegal_request;
f01b5931 1958 }
3d53ba18
GH		 1959 break;
1960 case RESERVE_10:
f01b5931 1961 if (req->cmd.buf[1] & 3) {
3d53ba18 1962 goto illegal_request;
f01b5931 1963 }
3d53ba18
GH		 1964 break;
1965 case RELEASE:
f01b5931 1966 if (req->cmd.buf[1] & 1) {
3d53ba18 1967 goto illegal_request;
f01b5931 1968 }
3d53ba18
GH		 1969 break;
1970 case RELEASE_10:
f01b5931 1971 if (req->cmd.buf[1] & 3) {
3d53ba18 1972 goto illegal_request;
f01b5931 1973 }
3d53ba18 1974 break;
8d3628ff 1975 case START_STOP:
68bb01f3 1976 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1977 return 0;
68bb01f3 1978 }
5f71d32f 1979 break;
c68b9f34 1980 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1981 s->tray_locked = req->cmd.buf[4] & 1;
4be74634 1982 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
5f71d32f 1983 break;
5e30a07d 1984 case READ_CAPACITY_10:
e7e25e32 1985 /* The normal LEN field for this command is zero. */
5f71d32f 1986 memset(outbuf, 0, 8);
4be74634 1987 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 1988 if (!nb_sectors) {
9bcaf4fe 1989 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1990 return 0;
f01b5931 1991 }
7cec78b6
PB		 1992 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1993 goto illegal_request;
1994 }
3dc516bf 1995 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
e7e25e32
GH		 1996 /* Returned value is the address of the last sector. */
1997 nb_sectors--;
1998 /* Remember the new size for read/write sanity checking. */
7877903a 1999 s->qdev.max_lba = nb_sectors;
e7e25e32 2000 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 2001 if (nb_sectors > UINT32_MAX) {
e7e25e32 2002 nb_sectors = UINT32_MAX;
f01b5931 2003 }
e7e25e32
GH		 2004 outbuf[0] = (nb_sectors >> 24) & 0xff;
2005 outbuf[1] = (nb_sectors >> 16) & 0xff;
2006 outbuf[2] = (nb_sectors >> 8) & 0xff;
2007 outbuf[3] = nb_sectors & 0xff;
2008 outbuf[4] = 0;
2009 outbuf[5] = 0;
69377307 2010 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 2011 outbuf[7] = 0;
5f71d32f 2012 break;
f3b338ef
PB		 2013 case REQUEST_SENSE:
2014 /* Just return "NO SENSE". */
37b6045c
PB		 2015 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2016 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 2017 if (buflen < 0) {
2018 goto illegal_request;
2019 }
f3b338ef 2020 break;
b6c251ab
PB		 2021 case MECHANISM_STATUS:
2022 buflen = scsi_emulate_mechanism_status(s, outbuf);
2023 if (buflen < 0) {
2024 goto illegal_request;
2025 }
2026 break;
38215553 2027 case GET_CONFIGURATION:
430ee2f2 2028 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 2029 if (buflen < 0) {
2030 goto illegal_request;
2031 }
2032 break;
2033 case GET_EVENT_STATUS_NOTIFICATION:
2034 buflen = scsi_get_event_status_notification(s, r, outbuf);
2035 if (buflen < 0) {
2036 goto illegal_request;
2037 }
2038 break;
1a4f0c3a
PB		 2039 case READ_DISC_INFORMATION:
2040 buflen = scsi_read_disc_information(s, r, outbuf);
2041 if (buflen < 0) {
2042 goto illegal_request;
2043 }
2044 break;
b6c251ab
PB		 2045 case READ_DVD_STRUCTURE:
2046 buflen = scsi_read_dvd_structure(s, r, outbuf);
2047 if (buflen < 0) {
2048 goto illegal_request;
2049 }
38215553 2050 break;
f6515262 2051 case SERVICE_ACTION_IN_16:
5dd90e2a 2052 /* Service Action In subcommands. */
f6515262 2053 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
59ee9500 2054 trace_scsi_disk_emulate_command_SAI_16();
5dd90e2a 2055 memset(outbuf, 0, req->cmd.xfer);
4be74634 2056 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2057 if (!nb_sectors) {
9bcaf4fe 2058 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2059 return 0;
f01b5931 2060 }
7cec78b6
PB		 2061 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2062 goto illegal_request;
2063 }
3dc516bf 2064 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
5dd90e2a
GH		 2065 /* Returned value is the address of the last sector. */
2066 nb_sectors--;
2067 /* Remember the new size for read/write sanity checking. */
7877903a 2068 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 2069 outbuf[0] = (nb_sectors >> 56) & 0xff;
2070 outbuf[1] = (nb_sectors >> 48) & 0xff;
2071 outbuf[2] = (nb_sectors >> 40) & 0xff;
2072 outbuf[3] = (nb_sectors >> 32) & 0xff;
2073 outbuf[4] = (nb_sectors >> 24) & 0xff;
2074 outbuf[5] = (nb_sectors >> 16) & 0xff;
2075 outbuf[6] = (nb_sectors >> 8) & 0xff;
2076 outbuf[7] = nb_sectors & 0xff;
2077 outbuf[8] = 0;
2078 outbuf[9] = 0;
69377307 2079 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 2080 outbuf[11] = 0;
ee3659e3
CH		 2081 outbuf[12] = 0;
2082 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 2083
2084 /* set TPE bit if the format supports discard */
2085 if (s->qdev.conf.discard_granularity) {
2086 outbuf[14] = 0x80;
2087 }
2088
5dd90e2a 2089 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 2090 break;
2091 }
59ee9500 2092 trace_scsi_disk_emulate_command_SAI_unsupported();
5dd90e2a 2093 goto illegal_request;
101aa85f
PB		 2094 case SYNCHRONIZE_CACHE:
2095 /* The request is used as the AIO opaque value, so add a ref. */
2096 scsi_req_ref(&r->req);
4be74634 2097 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 2098 BLOCK_ACCT_FLUSH);
4be74634 2099 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
101aa85f
PB		 2100 return 0;
2101 case SEEK_10:
59ee9500 2102 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
101aa85f
PB		 2103 if (r->req.cmd.lba > s->qdev.max_lba) {
2104 goto illegal_lba;
2105 }
2106 break;
101aa85f 2107 case MODE_SELECT:
59ee9500 2108 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
101aa85f
PB		 2109 break;
2110 case MODE_SELECT_10:
59ee9500 2111 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
101aa85f 2112 break;
5222aaf2 2113 case UNMAP:
59ee9500 2114 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
5222aaf2 2115 break;
d97e7730
PB		 2116 case VERIFY_10:
2117 case VERIFY_12:
2118 case VERIFY_16:
59ee9500 2119 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
d97e7730
PB		 2120 if (req->cmd.buf[1] & 6) {
2121 goto illegal_request;
2122 }
2123 break;
101aa85f 2124 case WRITE_SAME_10:
101aa85f 2125 case WRITE_SAME_16:
59ee9500
LV		 2126 trace_scsi_disk_emulate_command_WRITE_SAME(
2127 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
84f94a9a 2128 break;
aa5dbdc1 2129 default:
59ee9500
LV		 2130 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2131 scsi_command_name(buf[0]));
b45ef674 2132 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 2133 return 0;
aa5dbdc1 2134 }
314a3299 2135 assert(!r->req.aiocb);
c8dcb531 2136 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 2137 if (r->iov.iov_len == 0) {
2138 scsi_req_complete(&r->req, GOOD);
2139 }
af6d510d
PB		 2140 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2141 assert(r->iov.iov_len == req->cmd.xfer);
2142 return -r->iov.iov_len;
2143 } else {
2144 return r->iov.iov_len;
2145 }
aa5dbdc1 2146
aa5dbdc1 2147illegal_request:
cfc606da
PB		 2148 if (r->req.status == -1) {
2149 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2150 }
b08d0ea0 2151 return 0;
101aa85f
PB		 2152
2153illegal_lba:
2154 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2155 return 0;
aa5dbdc1
GH		 2156}
2157
2e5d83bb
PB		 2158/* Execute a scsi command. Returns the length of the data expected by the
2159 command. This will be Positive for data transfers from the device
2160 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2161 and zero if the command does not transfer any data. */
2162
b08d0ea0 2163static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 2164{
5c6c0e51
HR		 2165 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2166 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
94f8ba11 2167 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
e93176d5 2168 uint32_t len;
a917d384 2169 uint8_t command;
a917d384
PB		 2170
2171 command = buf[0];
aa5dbdc1 2172
cd723b85 2173 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 2174 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2175 return 0;
9bcaf4fe
PB		 2176 }
2177
1894df02 2178 len = scsi_data_cdb_xfer(r->req.cmd.buf);
a917d384 2179 switch (command) {
ebf46023
GH		 2180 case READ_6:
2181 case READ_10:
bd536cf3
GH		 2182 case READ_12:
2183 case READ_16:
59ee9500 2184 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2343be0d
PB		 2185 /* Protection information is not supported. For SCSI versions 2 and
2186 * older (as determined by snooping the guest's INQUIRY commands),
2187 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2188 */
2189 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
96bdbbab
RS		 2190 goto illegal_request;
2191 }
444bc908 2192 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2193 goto illegal_lba;
f01b5931 2194 }
3dc516bf
PMD		 2195 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2196 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2e5d83bb 2197 break;
ebf46023
GH		 2198 case WRITE_6:
2199 case WRITE_10:
bd536cf3
GH		 2200 case WRITE_12:
2201 case WRITE_16:
5e30a07d 2202 case WRITE_VERIFY_10:
ebef0bbb
BK		 2203 case WRITE_VERIFY_12:
2204 case WRITE_VERIFY_16:
86b1cf32 2205 if (!blk_is_writable(s->qdev.conf.blk)) {
6a8a685c
RS		 2206 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2207 return 0;
2208 }
59ee9500 2209 trace_scsi_disk_dma_command_WRITE(
2dd791b6
HR		 2210 (command & 0xe) == 0xe ? "And Verify " : "",
2211 r->req.cmd.lba, len);
4f04560b 2212 /* fall through */
166dbda7
PB		 2213 case VERIFY_10:
2214 case VERIFY_12:
2215 case VERIFY_16:
2216 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2217 * As far as DMA is concerned, we can treat it the same as a write;
2218 * scsi_block_do_sgio will send VERIFY commands.
2219 */
2343be0d 2220 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
96bdbbab
RS		 2221 goto illegal_request;
2222 }
444bc908 2223 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2224 goto illegal_lba;
f01b5931 2225 }
3dc516bf
PMD		 2226 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2227 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2e5d83bb 2228 break;
101aa85f 2229 default:
b08d0ea0 2230 abort();
96bdbbab
RS		 2231 illegal_request:
2232 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2233 return 0;
274fb0e1 2234 illegal_lba:
b45ef674 2235 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 2236 return 0;
2e5d83bb 2237 }
94f8ba11 2238 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
b08d0ea0 2239 if (r->sector_count == 0) {
b45ef674 2240 scsi_req_complete(&r->req, GOOD);
a917d384 2241 }
b08d0ea0 2242 assert(r->iov.iov_len == 0);
efb9ee02 2243 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
3dc516bf 2244 return -r->sector_count * BDRV_SECTOR_SIZE;
a917d384 2245 } else {
3dc516bf 2246 return r->sector_count * BDRV_SECTOR_SIZE;
2e5d83bb 2247 }
2e5d83bb
PB		 2248}
2249
e9447f35
JK		 2250static void scsi_disk_reset(DeviceState *dev)
2251{
2252 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2253 uint64_t nb_sectors;
2254
c7b48872 2255 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 2256
4be74634 2257 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
3dc516bf 2258 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
e9447f35
JK		 2259 if (nb_sectors) {
2260 nb_sectors--;
2261 }
7877903a 2262 s->qdev.max_lba = nb_sectors;
7721c7f7
PH		 2263 /* reset tray statuses */
2264 s->tray_locked = 0;
2265 s->tray_open = 0;
2343be0d
PB		 2266
2267 s->qdev.scsi_version = s->qdev.default_scsi_version;
e9447f35
JK		 2268}
2269
aaebacef
PB		 2270static void scsi_disk_resize_cb(void *opaque)
2271{
2272 SCSIDiskState *s = opaque;
2273
2274 /* SPC lists this sense code as available only for
2275 * direct-access devices.
2276 */
2277 if (s->qdev.type == TYPE_DISK) {
53200fad 2278 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 2279 }
2280}
2281
39829a01 2282static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2c6942fa 2283{
8a9c16f6
PB		 2284 SCSIDiskState *s = opaque;
2285
2286 /*
2287 * When a CD gets changed, we have to report an ejected state and
2288 * then a loaded state to guests so that they detect tray
2289 * open/close and media change events. Guests that do not use
2290 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2291 * states rely on this behavior.
2292 *
2293 * media_changed governs the state machine used for unit attention
2294 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2295 */
2296 s->media_changed = load;
2297 s->tray_open = !load;
e48e84ea 2298 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2299 s->media_event = true;
4480de19
PB		 2300 s->eject_request = false;
2301}
2302
2303static void scsi_cd_eject_request_cb(void *opaque, bool force)
2304{
2305 SCSIDiskState *s = opaque;
2306
2307 s->eject_request = true;
2308 if (force) {
2309 s->tray_locked = false;
2310 }
2c6942fa
MA		 2311}
2312
e4def80b
MA		 2313static bool scsi_cd_is_tray_open(void *opaque)
2314{
2315 return ((SCSIDiskState *)opaque)->tray_open;
2316}
2317
f107639a
MA		 2318static bool scsi_cd_is_medium_locked(void *opaque)
2319{
2320 return ((SCSIDiskState *)opaque)->tray_locked;
2321}
2322
aaebacef 2323static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2324 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2325 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2326 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2327 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2328
2329 .resize_cb = scsi_disk_resize_cb,
2330};
2331
2332static const BlockDevOps scsi_disk_block_ops = {
2333 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2334};
2335
8a9c16f6
PB		 2336static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2337{
2338 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2339 if (s->media_changed) {
2340 s->media_changed = false;
e48e84ea 2341 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2342 }
2343}
2344
a818a4b6 2345static void scsi_realize(SCSIDevice *dev, Error **errp)
2e5d83bb 2346{
d52affa7 2347 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
7cef3d12 2348 bool read_only;
2e5d83bb 2349
4be74634 2350 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2351 error_setg(errp, "drive property not set");
2352 return;
d52affa7
GH		 2353 }
2354
bfe3d7ac 2355 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
4be74634 2356 !blk_is_inserted(s->qdev.conf.blk)) {
a818a4b6
FZ		 2357 error_setg(errp, "Device needs media, but drive is empty");
2358 return;
98f28ad7
MA		 2359 }
2360
c56ee92f 2361 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
3da023b5
MK		 2362 return;
2363 }
2364
4f71fb43
KW		 2365 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2366 !s->qdev.hba_supports_iothread)
2367 {
2368 error_setg(errp, "HBA does not support iothreads");
2369 return;
2370 }
2371
5ff5efb4 2372 if (dev->type == TYPE_DISK) {
ceff3e1f 2373 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
a818a4b6 2374 return;
5ff5efb4 2375 }
b7eb0c9f 2376 }
7cef3d12 2377
86b1cf32 2378 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
7cef3d12
KW		 2379 if (dev->type == TYPE_ROM) {
2380 read_only = true;
2381 }
2382
2383 if (!blkconf_apply_backend_options(&dev->conf, read_only,
ceff3e1f 2384 dev->type == TYPE_DISK, errp)) {
a17c17a2
KW		 2385 return;
2386 }
a0fef654 2387
215e47b9
PB		 2388 if (s->qdev.conf.discard_granularity == -1) {
2389 s->qdev.conf.discard_granularity =
2390 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2391 }
2392
552fee93 2393 if (!s->version) {
35c2c8dc 2394 s->version = g_strdup(qemu_hw_version());
552fee93 2395 }
353815aa
DF		 2396 if (!s->vendor) {
2397 s->vendor = g_strdup("QEMU");
2398 }
7471a649
KW		 2399 if (!s->device_id) {
2400 if (s->serial) {
2401 s->device_id = g_strdup_printf("%.20s", s->serial);
2402 } else {
2403 const char *str = blk_name(s->qdev.conf.blk);
2404 if (str && *str) {
2405 s->device_id = g_strdup(str);
2406 }
2407 }
2408 }
552fee93 2409
4be74634 2410 if (blk_is_sg(s->qdev.conf.blk)) {
a818a4b6
FZ		 2411 error_setg(errp, "unwanted /dev/sg*");
2412 return;
32bb404a
MA		 2413 }
2414
18e673b8
PH		 2415 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2416 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
4be74634 2417 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
aaebacef 2418 } else {
4be74634 2419 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2e5d83bb 2420 }
4be74634 2421 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
8cfacf07 2422
4be74634 2423 blk_iostatus_enable(s->qdev.conf.blk);
71f571a2
SE		 2424
2425 add_boot_device_lchs(&dev->qdev, NULL,
2426 dev->conf.lcyls,
2427 dev->conf.lheads,
2428 dev->conf.lsecs);
2429}
2430
b69c3c21 2431static void scsi_unrealize(SCSIDevice *dev)
71f571a2
SE		 2432{
2433 del_boot_device_lchs(&dev->qdev, NULL);
d52affa7
GH		 2434}
2435
a818a4b6 2436static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2437{
e39be482 2438 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
3ff35ba3 2439 AioContext *ctx = NULL;
df1d4c34
ET		 2440 /* can happen for devices without drive. The error message for missing
2441 * backend will be issued in scsi_realize
2442 */
2443 if (s->qdev.conf.blk) {
3ff35ba3
AG		 2444 ctx = blk_get_aio_context(s->qdev.conf.blk);
2445 aio_context_acquire(ctx);
c56ee92f
RK		 2446 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2447 goto out;
2448 }
df1d4c34 2449 }
e39be482
PB		 2450 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2451 s->qdev.type = TYPE_DISK;
353815aa
DF		 2452 if (!s->product) {
2453 s->product = g_strdup("QEMU HARDDISK");
2454 }
a818a4b6 2455 scsi_realize(&s->qdev, errp);
c56ee92f 2456out:
3ff35ba3
AG		 2457 if (ctx) {
2458 aio_context_release(ctx);
2459 }
b443ae67
MA		 2460}
2461
a818a4b6 2462static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2463{
e39be482 2464 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
3ff35ba3 2465 AioContext *ctx;
83b4fe0e 2466 int ret;
9ef6e505
KW		 2467
2468 if (!dev->conf.blk) {
83b4fe0e
KW		 2469 /* Anonymous BlockBackend for an empty drive. As we put it into
2470 * dev->conf, qdev takes care of detaching on unplug. */
d861ab3a 2471 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
83b4fe0e
KW		 2472 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2473 assert(ret == 0);
9ef6e505
KW		 2474 }
2475
3ff35ba3
AG		 2476 ctx = blk_get_aio_context(dev->conf.blk);
2477 aio_context_acquire(ctx);
e39be482
PB		 2478 s->qdev.blocksize = 2048;
2479 s->qdev.type = TYPE_ROM;
bfe3d7ac 2480 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2481 if (!s->product) {
2482 s->product = g_strdup("QEMU CD-ROM");
2483 }
a818a4b6 2484 scsi_realize(&s->qdev, errp);
3ff35ba3 2485 aio_context_release(ctx);
b443ae67
MA		 2486}
2487
b443ae67 2488
b08d0ea0 2489static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2490 .size = sizeof(SCSIDiskReq),
12010e7b 2491 .free_req = scsi_free_request,
b08d0ea0 2492 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2493 .read_data = scsi_disk_emulate_read_data,
2494 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2495 .get_buf = scsi_get_buf,
2496};
2497
2498static const SCSIReqOps scsi_disk_dma_reqops = {
2499 .size = sizeof(SCSIDiskReq),
2500 .free_req = scsi_free_request,
2501 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2502 .read_data = scsi_read_data,
2503 .write_data = scsi_write_data,
12010e7b 2504 .get_buf = scsi_get_buf,
43b978b9
PB		 2505 .load_request = scsi_disk_load_request,
2506 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2507};
2508
b08d0ea0
PB		 2509static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2510 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2511 [INQUIRY] = &scsi_disk_emulate_reqops,
2512 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2513 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2514 [START_STOP] = &scsi_disk_emulate_reqops,
2515 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2516 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2517 [READ_TOC] = &scsi_disk_emulate_reqops,
2518 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2519 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2520 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2521 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2522 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2523 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2524 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2525 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2526 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2527 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2528 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2529 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2530 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2531 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
d97e7730
PB		 2532 [VERIFY_10] = &scsi_disk_emulate_reqops,
2533 [VERIFY_12] = &scsi_disk_emulate_reqops,
2534 [VERIFY_16] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2535
2536 [READ_6] = &scsi_disk_dma_reqops,
2537 [READ_10] = &scsi_disk_dma_reqops,
2538 [READ_12] = &scsi_disk_dma_reqops,
2539 [READ_16] = &scsi_disk_dma_reqops,
b08d0ea0
PB		 2540 [WRITE_6] = &scsi_disk_dma_reqops,
2541 [WRITE_10] = &scsi_disk_dma_reqops,
2542 [WRITE_12] = &scsi_disk_dma_reqops,
2543 [WRITE_16] = &scsi_disk_dma_reqops,
2544 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2545 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2546 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2547};
2548
59ee9500
LV		 2549static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2550{
2551 int i;
2552 int len = scsi_cdb_length(buf);
2553 char *line_buffer, *p;
2554
e91bae8e 2555 assert(len > 0 && len <= 16);
59ee9500
LV		 2556 line_buffer = g_malloc(len * 5 + 1);
2557
2558 for (i = 0, p = line_buffer; i < len; i++) {
2559 p += sprintf(p, " 0x%02x", buf[i]);
2560 }
2561 trace_scsi_disk_new_request(lun, tag, line_buffer);
2562
2563 g_free(line_buffer);
2564}
2565
63db0f0e
PB		 2566static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2567 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2568{
2569 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2570 SCSIRequest *req;
b08d0ea0
PB		 2571 const SCSIReqOps *ops;
2572 uint8_t command;
8dbd4574 2573
79fb50bb
PB		 2574 command = buf[0];
2575 ops = scsi_disk_reqops_dispatch[command];
2576 if (!ops) {
2577 ops = &scsi_disk_emulate_reqops;
2578 }
2579 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2580
59ee9500
LV		 2581 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2582 scsi_disk_new_request_dump(lun, tag, buf);
b08d0ea0 2583 }
b08d0ea0 2584
8dbd4574
PB		 2585 return req;
2586}
2587
336a6915
PB		 2588#ifdef __linux__
2589static int get_device_type(SCSIDiskState *s)
2590{
336a6915
PB		 2591 uint8_t cmd[16];
2592 uint8_t buf[36];
336a6915
PB		 2593 int ret;
2594
2595 memset(cmd, 0, sizeof(cmd));
2596 memset(buf, 0, sizeof(buf));
2597 cmd[0] = INQUIRY;
2598 cmd[4] = sizeof(buf);
2599
a0c7e35b 2600 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
c9b6609b 2601 buf, sizeof(buf), s->qdev.io_timeout);
a0c7e35b 2602 if (ret < 0) {
336a6915
PB		 2603 return -1;
2604 }
2605 s->qdev.type = buf[0];
bfe3d7ac
PB		 2606 if (buf[1] & 0x80) {
2607 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2608 }
336a6915
PB		 2609 return 0;
2610}
2611
a818a4b6 2612static void scsi_block_realize(SCSIDevice *dev, Error **errp)
336a6915
PB		 2613{
2614 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
3ff35ba3 2615 AioContext *ctx;
336a6915
PB		 2616 int sg_version;
2617 int rc;
2618
4be74634 2619 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2620 error_setg(errp, "drive property not set");
2621 return;
336a6915
PB		 2622 }
2623
51f43d57
FZ		 2624 if (s->rotation_rate) {
2625 error_report_once("rotation_rate is specified for scsi-block but is "
2626 "not implemented. This option is deprecated and will "
2627 "be removed in a future version");
2628 }
2629
3ff35ba3
AG		 2630 ctx = blk_get_aio_context(s->qdev.conf.blk);
2631 aio_context_acquire(ctx);
2632
336a6915 2633 /* check we are using a driver managing SG_IO (version 3 and after) */
4be74634 2634 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
4bbeb8b1 2635 if (rc < 0) {
09c2c6ff
PB		 2636 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2637 if (rc != -EPERM) {
2638 error_append_hint(errp, "Is this a SCSI device?\n");
2639 }
3ff35ba3 2640 goto out;
4bbeb8b1
FZ		 2641 }
2642 if (sg_version < 30000) {
a818a4b6 2643 error_setg(errp, "scsi generic interface too old");
3ff35ba3 2644 goto out;
336a6915
PB		 2645 }
2646
2647 /* get device type from INQUIRY data */
2648 rc = get_device_type(s);
2649 if (rc < 0) {
a818a4b6 2650 error_setg(errp, "INQUIRY failed");
3ff35ba3 2651 goto out;
336a6915
PB		 2652 }
2653
2654 /* Make a guess for the block size, we'll fix it when the guest sends.
2655 * READ CAPACITY. If they don't, they likely would assume these sizes
2656 * anyway. (TODO: check in /sys).
2657 */
2658 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2659 s->qdev.blocksize = 2048;
2660 } else {
2661 s->qdev.blocksize = 512;
2662 }
18e673b8
PH		 2663
2664 /* Makes the scsi-block device not removable by using HMP and QMP eject
2665 * command.
2666 */
2667 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2668
a818a4b6 2669 scsi_realize(&s->qdev, errp);
a71c775b 2670 scsi_generic_read_device_inquiry(&s->qdev);
3ff35ba3
AG		 2671
2672out:
2673 aio_context_release(ctx);
336a6915
PB		 2674}
2675
8fdc7839
PB		 2676typedef struct SCSIBlockReq {
2677 SCSIDiskReq req;
2678 sg_io_hdr_t io_header;
2679
2680 /* Selected bytes of the original CDB, copied into our own CDB. */
2681 uint8_t cmd, cdb1, group_number;
2682
2683 /* CDB passed to SG_IO. */
2684 uint8_t cdb[16];
a108557b
HR		 2685 BlockCompletionFunc *cb;
2686 void *cb_opaque;
8fdc7839
PB		 2687} SCSIBlockReq;
2688
a108557b
HR		 2689static void scsi_block_sgio_complete(void *opaque, int ret)
2690{
2691 SCSIBlockReq *req = (SCSIBlockReq *)opaque;
2692 SCSIDiskReq *r = &req->req;
2693 SCSIDevice *s = r->req.dev;
2694 sg_io_hdr_t *io_hdr = &req->io_header;
a108557b
HR		 2695
2696 if (ret == 0) {
2697 if (io_hdr->host_status != SCSI_HOST_OK) {
f3126d65
HR		 2698 scsi_req_complete_failed(&r->req, io_hdr->host_status);
2699 scsi_req_unref(&r->req);
2700 return;
2701 }
2702
2703 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
a108557b
HR		 2704 ret = BUSY;
2705 } else {
2706 ret = io_hdr->status;
2707 }
2708
2709 if (ret > 0) {
2710 aio_context_acquire(blk_get_aio_context(s->conf.blk));
2711 if (scsi_handle_rw_error(r, ret, true)) {
2712 aio_context_release(blk_get_aio_context(s->conf.blk));
2713 scsi_req_unref(&r->req);
2714 return;
2715 }
2716 aio_context_release(blk_get_aio_context(s->conf.blk));
2717
2718 /* Ignore error. */
2719 ret = 0;
2720 }
2721 }
2722
2723 req->cb(req->cb_opaque, ret);
2724}
2725
8fdc7839
PB		 2726static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2727 int64_t offset, QEMUIOVector *iov,
2728 int direction,
2729 BlockCompletionFunc *cb, void *opaque)
2730{
2731 sg_io_hdr_t *io_header = &req->io_header;
2732 SCSIDiskReq *r = &req->req;
2733 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2734 int nb_logical_blocks;
2735 uint64_t lba;
2736 BlockAIOCB *aiocb;
2737
2738 /* This is not supported yet. It can only happen if the guest does
2739 * reads and writes that are not aligned to one logical sectors
2740 * _and_ cover multiple MemoryRegions.
2741 */
2742 assert(offset % s->qdev.blocksize == 0);
2743 assert(iov->size % s->qdev.blocksize == 0);
2744
2745 io_header->interface_id = 'S';
2746
2747 /* The data transfer comes from the QEMUIOVector. */
2748 io_header->dxfer_direction = direction;
2749 io_header->dxfer_len = iov->size;
2750 io_header->dxferp = (void *)iov->iov;
2751 io_header->iovec_count = iov->niov;
2752 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2753
2754 /* Build a new CDB with the LBA and length patched in, in case
2755 * DMA helpers split the transfer in multiple segments. Do not
2756 * build a CDB smaller than what the guest wanted, and only build
2757 * a larger one if strictly necessary.
2758 */
2759 io_header->cmdp = req->cdb;
2760 lba = offset / s->qdev.blocksize;
2761 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2762
2763 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2764 /* 6-byte CDB */
2765 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2766 req->cdb[4] = nb_logical_blocks;
2767 req->cdb[5] = 0;
2768 io_header->cmd_len = 6;
2769 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2770 /* 10-byte CDB */
2771 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2772 req->cdb[1] = req->cdb1;
2773 stl_be_p(&req->cdb[2], lba);
2774 req->cdb[6] = req->group_number;
2775 stw_be_p(&req->cdb[7], nb_logical_blocks);
2776 req->cdb[9] = 0;
2777 io_header->cmd_len = 10;
2778 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2779 /* 12-byte CDB */
2780 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2781 req->cdb[1] = req->cdb1;
2782 stl_be_p(&req->cdb[2], lba);
2783 stl_be_p(&req->cdb[6], nb_logical_blocks);
2784 req->cdb[10] = req->group_number;
2785 req->cdb[11] = 0;
2786 io_header->cmd_len = 12;
2787 } else {
2788 /* 16-byte CDB */
2789 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2790 req->cdb[1] = req->cdb1;
2791 stq_be_p(&req->cdb[2], lba);
2792 stl_be_p(&req->cdb[10], nb_logical_blocks);
2793 req->cdb[14] = req->group_number;
2794 req->cdb[15] = 0;
2795 io_header->cmd_len = 16;
2796 }
2797
2798 /* The rest is as in scsi-generic.c. */
2799 io_header->mx_sb_len = sizeof(r->req.sense);
2800 io_header->sbp = r->req.sense;
c9b6609b 2801 io_header->timeout = s->qdev.io_timeout * 1000;
8fdc7839
PB		 2802 io_header->usr_ptr = r;
2803 io_header->flags |= SG_FLAG_DIRECT_IO;
a108557b
HR		 2804 req->cb = cb;
2805 req->cb_opaque = opaque;
b2d50a33
HR		 2806 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2807 nb_logical_blocks, io_header->timeout);
a108557b 2808 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req);
8fdc7839
PB		 2809 assert(aiocb != NULL);
2810 return aiocb;
2811}
2812
2813static bool scsi_block_no_fua(SCSICommand *cmd)
2814{
2815 return false;
2816}
2817
2818static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2819 QEMUIOVector *iov,
2820 BlockCompletionFunc *cb, void *cb_opaque,
2821 void *opaque)
2822{
2823 SCSIBlockReq *r = opaque;
2824 return scsi_block_do_sgio(r, offset, iov,
2825 SG_DXFER_FROM_DEV, cb, cb_opaque);
2826}
2827
2828static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2829 QEMUIOVector *iov,
2830 BlockCompletionFunc *cb, void *cb_opaque,
2831 void *opaque)
2832{
2833 SCSIBlockReq *r = opaque;
2834 return scsi_block_do_sgio(r, offset, iov,
2835 SG_DXFER_TO_DEV, cb, cb_opaque);
2836}
2837
592c3b28 2838static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
336a6915 2839{
336a6915 2840 switch (buf[0]) {
8fdc7839
PB		 2841 case VERIFY_10:
2842 case VERIFY_12:
2843 case VERIFY_16:
2844 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2845 * for the number of logical blocks specified in the length
2846 * field). For other modes, do not use scatter/gather operation.
2847 */
1f8af0d1 2848 if ((buf[1] & 6) == 2) {
8fdc7839
PB		 2849 return false;
2850 }
2851 break;
2852
336a6915
PB		 2853 case READ_6:
2854 case READ_10:
2855 case READ_12:
2856 case READ_16:
2857 case WRITE_6:
2858 case WRITE_10:
2859 case WRITE_12:
2860 case WRITE_16:
2861 case WRITE_VERIFY_10:
2862 case WRITE_VERIFY_12:
2863 case WRITE_VERIFY_16:
8fdc7839 2864 /* MMC writing cannot be done via DMA helpers, because it sometimes
33ebad12 2865 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
166dbda7 2866 * We might use scsi_block_dma_reqops as long as no writing commands are
33ebad12
PB		 2867 * seen, but performance usually isn't paramount on optical media. So,
2868 * just make scsi-block operate the same as scsi-generic for them.
2869 */
b08d0ea0 2870 if (s->qdev.type != TYPE_ROM) {
592c3b28 2871 return false;
b08d0ea0 2872 }
592c3b28
PB		 2873 break;
2874
2875 default:
2876 break;
336a6915
PB		 2877 }
2878
592c3b28
PB		 2879 return true;
2880}
2881
2882
8fdc7839
PB		 2883static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2884{
2885 SCSIBlockReq *r = (SCSIBlockReq *)req;
2343be0d
PB		 2886 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2887
8fdc7839
PB		 2888 r->cmd = req->cmd.buf[0];
2889 switch (r->cmd >> 5) {
2890 case 0:
2891 /* 6-byte CDB. */
2892 r->cdb1 = r->group_number = 0;
2893 break;
2894 case 1:
2895 /* 10-byte CDB. */
2896 r->cdb1 = req->cmd.buf[1];
2897 r->group_number = req->cmd.buf[6];
ed45cae3 2898 break;
8fdc7839
PB		 2899 case 4:
2900 /* 12-byte CDB. */
2901 r->cdb1 = req->cmd.buf[1];
2902 r->group_number = req->cmd.buf[10];
2903 break;
2904 case 5:
2905 /* 16-byte CDB. */
2906 r->cdb1 = req->cmd.buf[1];
2907 r->group_number = req->cmd.buf[14];
2908 break;
2909 default:
2910 abort();
2911 }
2912
2343be0d
PB		 2913 /* Protection information is not supported. For SCSI versions 2 and
2914 * older (as determined by snooping the guest's INQUIRY commands),
2915 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2916 */
2917 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
8fdc7839
PB		 2918 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2919 return 0;
2920 }
2921
8fdc7839
PB		 2922 return scsi_disk_dma_command(req, buf);
2923}
2924
2925static const SCSIReqOps scsi_block_dma_reqops = {
2926 .size = sizeof(SCSIBlockReq),
2927 .free_req = scsi_free_request,
2928 .send_command = scsi_block_dma_command,
2929 .read_data = scsi_read_data,
2930 .write_data = scsi_write_data,
2931 .get_buf = scsi_get_buf,
2932 .load_request = scsi_disk_load_request,
2933 .save_request = scsi_disk_save_request,
2934};
2935
592c3b28
PB		 2936static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2937 uint32_t lun, uint8_t *buf,
2938 void *hba_private)
2939{
2940 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2941
2942 if (scsi_block_is_passthrough(s, buf)) {
2943 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2944 hba_private);
2945 } else {
8fdc7839 2946 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
592c3b28
PB		 2947 hba_private);
2948 }
336a6915 2949}
3e7e180a
PB		 2950
2951static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2952 uint8_t *buf, void *hba_private)
2953{
2954 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2955
2956 if (scsi_block_is_passthrough(s, buf)) {
2957 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2958 } else {
2959 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2960 }
2961}
2962
d31347f5
SK		 2963static void scsi_block_update_sense(SCSIRequest *req)
2964{
2965 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2966 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
2967 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
2968}
336a6915
PB		 2969#endif
2970
fcaafb10
PB		 2971static
2972BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2973 BlockCompletionFunc *cb, void *cb_opaque,
2974 void *opaque)
2975{
2976 SCSIDiskReq *r = opaque;
2977 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2978 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2979}
2980
2981static
2982BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2983 BlockCompletionFunc *cb, void *cb_opaque,
2984 void *opaque)
2985{
2986 SCSIDiskReq *r = opaque;
2987 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2988 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2989}
2990
993935f3
PB		 2991static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2992{
2993 DeviceClass *dc = DEVICE_CLASS(klass);
fcaafb10 2994 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
993935f3
PB		 2995
2996 dc->fw_name = "disk";
2997 dc->reset = scsi_disk_reset;
fcaafb10
PB		 2998 sdc->dma_readv = scsi_dma_readv;
2999 sdc->dma_writev = scsi_dma_writev;
94f8ba11 3000 sdc->need_fua_emulation = scsi_is_cmd_fua;
993935f3
PB		 3001}
3002
3003static const TypeInfo scsi_disk_base_info = {
3004 .name = TYPE_SCSI_DISK_BASE,
3005 .parent = TYPE_SCSI_DEVICE,
3006 .class_init = scsi_disk_base_class_initfn,
3007 .instance_size = sizeof(SCSIDiskState),
fcaafb10 3008 .class_size = sizeof(SCSIDiskClass),
6214a11a 3009 .abstract = true,
993935f3
PB		 3010};
3011
4f71fb43
KW		 3012#define DEFINE_SCSI_DISK_PROPERTIES() \
3013 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
3014 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
3015 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3016 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
3017 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
3018 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
3019 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
7471a649
KW		 3020 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
3021
b443ae67 3022
39bffca2
AL		 3023static Property scsi_hd_properties[] = {
3024 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 3025 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3026 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 3027 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3028 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 3029 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3030 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 3031 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 3032 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3033 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 3034 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3035 DEFAULT_MAX_IO_SIZE),
070f8009 3036 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
2343be0d
PB		 3037 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3038 5),
d252df48 3039 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 3040 DEFINE_PROP_END_OF_LIST(),
3041};
3042
43b978b9
PB		 3043static const VMStateDescription vmstate_scsi_disk_state = {
3044 .name = "scsi-disk",
3045 .version_id = 1,
3046 .minimum_version_id = 1,
43b978b9
PB		 3047 .fields = (VMStateField[]) {
3048 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3049 VMSTATE_BOOL(media_changed, SCSIDiskState),
3050 VMSTATE_BOOL(media_event, SCSIDiskState),
3051 VMSTATE_BOOL(eject_request, SCSIDiskState),
3052 VMSTATE_BOOL(tray_open, SCSIDiskState),
3053 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3054 VMSTATE_END_OF_LIST()
3055 }
3056};
3057
b9eea3e6
AL		 3058static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3059{
39bffca2 3060 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 3061 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3062
a818a4b6 3063 sc->realize = scsi_hd_realize;
71f571a2 3064 sc->unrealize = scsi_unrealize;
b9eea3e6
AL		 3065 sc->alloc_req = scsi_new_request;
3066 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 3067 dc->desc = "virtual SCSI disk";
4f67d30b 3068 device_class_set_props(dc, scsi_hd_properties);
43b978b9 3069 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3070}
3071
8c43a6f0 3072static const TypeInfo scsi_hd_info = {
39bffca2 3073 .name = "scsi-hd",
993935f3 3074 .parent = TYPE_SCSI_DISK_BASE,
39bffca2
AL		 3075 .class_init = scsi_hd_class_initfn,
3076};
3077
3078static Property scsi_cd_properties[] = {
3079 DEFINE_SCSI_DISK_PROPERTIES(),
2ecab408
PB		 3080 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3081 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 3082 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
f8e1f533
PB		 3083 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3084 DEFAULT_MAX_IO_SIZE),
2343be0d
PB		 3085 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3086 5),
39bffca2 3087 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 3088};
3089
3090static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3091{
39bffca2 3092 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 3093 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3094
a818a4b6 3095 sc->realize = scsi_cd_realize;
b9eea3e6
AL		 3096 sc->alloc_req = scsi_new_request;
3097 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 3098 dc->desc = "virtual SCSI CD-ROM";
4f67d30b 3099 device_class_set_props(dc, scsi_cd_properties);
43b978b9 3100 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3101}
3102
8c43a6f0 3103static const TypeInfo scsi_cd_info = {
39bffca2 3104 .name = "scsi-cd",
993935f3 3105 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3106 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 3107};
3108
336a6915 3109#ifdef __linux__
39bffca2 3110static Property scsi_block_properties[] = {
78ee6bd0 3111 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
4be74634 3112 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
07488549 3113 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
070f8009 3114 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
0a96ca24
DHB		 3115 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3116 DEFAULT_MAX_UNMAP_SIZE),
3117 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3118 DEFAULT_MAX_IO_SIZE),
2343be0d 3119 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
29e560f0 3120 -1),
c9b6609b
HR		 3121 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3122 DEFAULT_IO_TIMEOUT),
39bffca2
AL		 3123 DEFINE_PROP_END_OF_LIST(),
3124};
3125
b9eea3e6
AL		 3126static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3127{
39bffca2 3128 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6 3129 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
8fdc7839 3130 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
b9eea3e6 3131
a818a4b6 3132 sc->realize = scsi_block_realize;
b9eea3e6 3133 sc->alloc_req = scsi_block_new_request;
3e7e180a 3134 sc->parse_cdb = scsi_block_parse_cdb;
8fdc7839
PB		 3135 sdc->dma_readv = scsi_block_dma_readv;
3136 sdc->dma_writev = scsi_block_dma_writev;
d31347f5 3137 sdc->update_sense = scsi_block_update_sense;
8fdc7839 3138 sdc->need_fua_emulation = scsi_block_no_fua;
39bffca2 3139 dc->desc = "SCSI block device passthrough";
4f67d30b 3140 device_class_set_props(dc, scsi_block_properties);
43b978b9 3141 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3142}
3143
8c43a6f0 3144static const TypeInfo scsi_block_info = {
39bffca2 3145 .name = "scsi-block",
993935f3 3146 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3147 .class_init = scsi_block_class_initfn,
b9eea3e6 3148};
336a6915 3149#endif
b9eea3e6 3150
83f7d43a 3151static void scsi_disk_register_types(void)
d52affa7 3152{
993935f3 3153 type_register_static(&scsi_disk_base_info);
39bffca2
AL		 3154 type_register_static(&scsi_hd_info);
3155 type_register_static(&scsi_cd_info);
b9eea3e6 3156#ifdef __linux__
39bffca2 3157 type_register_static(&scsi_block_info);
b9eea3e6 3158#endif
8ccc2ace 3159}
83f7d43a
AF		 3160
3161type_init(scsi_disk_register_types)
QEMU mirror