]> git.proxmox.com Git - mirror_qemu.git/blame - hw/scsi/scsi-disk.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dma-helpers: explicitly pass alignment into DMA helpers
[mirror_qemu.git] / hw / scsi / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
a4ab4792 31#include "qemu/osdep.h"
da34e65c 32#include "qapi/error.h"
1de7afc9 33#include "qemu/error-report.h"
0d09e41a
PB		 34#include "hw/scsi/scsi.h"
35#include "block/scsi.h"
9c17d615 36#include "sysemu/sysemu.h"
4be74634 37#include "sysemu/block-backend.h"
9c17d615 38#include "sysemu/blockdev.h"
0d09e41a 39#include "hw/block/block.h"
9c17d615 40#include "sysemu/dma.h"
f348b6d1 41#include "qemu/cutils.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
84f94a9a 47#define SCSI_WRITE_SAME_MAX 524288
215e47b9
PB		 48#define SCSI_DMA_BUF_SIZE 131072
49#define SCSI_MAX_INQUIRY_LEN 256
50#define SCSI_MAX_MODE_LEN 256
51
52#define DEFAULT_DISCARD_GRANULARITY 4096
8a1bd297 53#define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
f8e1f533 54#define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
a917d384 55
993935f3
PB		 56#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
57
fcaafb10
PB		 58#define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60#define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62#define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
64
65typedef struct SCSIDiskClass {
66 SCSIDeviceClass parent_class;
67 DMAIOFunc *dma_readv;
68 DMAIOFunc *dma_writev;
94f8ba11 69 bool (*need_fua_emulation)(SCSICommand *cmd);
fcaafb10 70} SCSIDiskClass;
d52affa7 71
4c41d2ef
GH		 72typedef struct SCSIDiskReq {
73 SCSIRequest req;
a917d384 74 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 75 uint64_t sector;
76 uint32_t sector_count;
7285477a 77 uint32_t buflen;
a0e66a69 78 bool started;
94f8ba11 79 bool need_fua_emulation;
c87c0672
AL		 80 struct iovec iov;
81 QEMUIOVector qiov;
a597e79c 82 BlockAcctCookie acct;
8fdc7839 83 unsigned char *status;
4c41d2ef 84} SCSIDiskReq;
a917d384 85
18e673b8
PH		 86#define SCSI_DISK_F_REMOVABLE 0
87#define SCSI_DISK_F_DPOFUA 1
88#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
bfe3d7ac 89
fcaafb10 90typedef struct SCSIDiskState
a917d384 91{
d52affa7 92 SCSIDevice qdev;
bfe3d7ac 93 uint32_t features;
8a9c16f6 94 bool media_changed;
3c2f7c12 95 bool media_event;
4480de19 96 bool eject_request;
64cc2284 97 uint16_t port_index;
8a1bd297 98 uint64_t max_unmap_size;
f8e1f533 99 uint64_t max_io_size;
213189ab 100 QEMUBH *bh;
383b4d9b 101 char *version;
a0fef654 102 char *serial;
353815aa
DF		 103 char *vendor;
104 char *product;
ece0d5e9 105 bool tray_open;
81b1008d 106 bool tray_locked;
fcaafb10 107} SCSIDiskState;
2e5d83bb 108
d7628080 109static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
5dba48a8 110
ad2d30f7 111static void scsi_free_request(SCSIRequest *req)
4d611c9a 112{
ad2d30f7
PB		 113 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
114
db4c34c3 115 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 116}
117
b45ef674
PB		 118/* Helper function for command completion with sense. */
119static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 120{
02fa69b6
BS		 121 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
122 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 123 scsi_req_build_sense(&r->req, sense);
124 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 125}
126
03c90063 127static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 128{
7285477a
PB		 129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
130
131 if (!r->iov.iov_base) {
43b978b9 132 r->buflen = size;
4be74634 133 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 134 }
135 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5 136 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
103b40f5
PB		 137}
138
43b978b9
PB		 139static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
140{
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_put_be64s(f, &r->sector);
144 qemu_put_be32s(f, &r->sector_count);
145 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 146 if (r->buflen) {
147 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
148 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
149 } else if (!req->retry) {
150 uint32_t len = r->iov.iov_len;
151 qemu_put_be32s(f, &len);
152 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 }
43b978b9
PB		 154 }
155}
156
157static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
158{
159 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
160
161 qemu_get_be64s(f, &r->sector);
162 qemu_get_be32s(f, &r->sector_count);
163 qemu_get_be32s(f, &r->buflen);
164 if (r->buflen) {
165 scsi_init_iovec(r, r->buflen);
166 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
167 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 168 } else if (!r->req.retry) {
169 uint32_t len;
170 qemu_get_be32s(f, &len);
171 r->iov.iov_len = len;
172 assert(r->iov.iov_len <= r->buflen);
173 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 174 }
175 }
176
177 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
178}
179
5b956f41
PB		 180static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
181{
182 if (r->req.io_canceled) {
183 scsi_req_cancel_complete(&r->req);
184 return true;
185 }
186
187 if (ret < 0) {
188 return scsi_handle_rw_error(r, -ret, acct_failed);
189 }
190
8fdc7839
PB		 191 if (r->status && *r->status) {
192 if (acct_failed) {
193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
194 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
195 }
196 scsi_req_complete(&r->req, *r->status);
197 return true;
198 }
199
5b956f41
PB		 200 return false;
201}
202
c1b35247 203static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 204{
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
46e3f30e
PB		 208 assert(r->req.aiocb != NULL);
209 r->req.aiocb = NULL;
5b956f41 210 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 211 goto done;
212 }
5d0d2467 213
d7628080 214 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
5d0d2467
PB		 215 scsi_req_complete(&r->req, GOOD);
216
217done:
3df9caf8 218 scsi_req_unref(&r->req);
5d0d2467
PB		 219}
220
7e8c49c5
PB		 221static bool scsi_is_cmd_fua(SCSICommand *cmd)
222{
223 switch (cmd->buf[0]) {
224 case READ_10:
225 case READ_12:
226 case READ_16:
227 case WRITE_10:
228 case WRITE_12:
229 case WRITE_16:
230 return (cmd->buf[1] & 8) != 0;
231
7f64f8e2
PB		 232 case VERIFY_10:
233 case VERIFY_12:
234 case VERIFY_16:
7e8c49c5
PB		 235 case WRITE_VERIFY_10:
236 case WRITE_VERIFY_12:
237 case WRITE_VERIFY_16:
238 return true;
239
240 case READ_6:
241 case WRITE_6:
242 default:
243 return false;
244 }
245}
246
247static void scsi_write_do_fua(SCSIDiskReq *r)
248{
249 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
250
5fd2b563 251 assert(r->req.aiocb == NULL);
5b956f41 252 assert(!r->req.io_canceled);
0c92e0e6 253
94f8ba11 254 if (r->need_fua_emulation) {
4be74634 255 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 256 BLOCK_ACCT_FLUSH);
4be74634 257 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
7e8c49c5
PB		 258 return;
259 }
260
261 scsi_req_complete(&r->req, GOOD);
3df9caf8 262 scsi_req_unref(&r->req);
7e8c49c5
PB		 263}
264
5fd2b563 265static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
a917d384 266{
5fd2b563 267 assert(r->req.aiocb == NULL);
5b956f41 268 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 269 goto done;
270 }
a597e79c 271
b77912a7
PB		 272 r->sector += r->sector_count;
273 r->sector_count = 0;
7e8c49c5
PB		 274 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
275 scsi_write_do_fua(r);
276 return;
277 } else {
278 scsi_req_complete(&r->req, GOOD);
279 }
c7bae6a7
PB		 280
281done:
3df9caf8 282 scsi_req_unref(&r->req);
4d611c9a
PB		 283}
284
ef8489d4
PB		 285static void scsi_dma_complete(void *opaque, int ret)
286{
287 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5fd2b563 288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ef8489d4
PB		 289
290 assert(r->req.aiocb != NULL);
5fd2b563
PB		 291 r->req.aiocb = NULL;
292
d7628080
AG		 293 if (ret < 0) {
294 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
295 } else {
296 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
297 }
5fd2b563 298 scsi_dma_complete_noio(r, ret);
ef8489d4
PB		 299}
300
b77912a7 301static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 302{
303 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 305 int n;
0a4ac106 306
46e3f30e
PB		 307 assert(r->req.aiocb != NULL);
308 r->req.aiocb = NULL;
5b956f41 309 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 310 goto done;
311 }
0a4ac106 312
d7628080 313 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
b77912a7
PB		 314 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
315
316 n = r->qiov.size / 512;
317 r->sector += n;
318 r->sector_count -= n;
319 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 320
321done:
3df9caf8 322 scsi_req_unref(&r->req);
0a4ac106 323}
5dba48a8 324
ac668426 325/* Actually issue a read to the block device. */
5fd2b563 326static void scsi_do_read(SCSIDiskReq *r, int ret)
ac668426 327{
ac668426 328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 329 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ac668426 330
5fd2b563 331 assert (r->req.aiocb == NULL);
5b956f41 332 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 333 goto done;
334 }
ac668426 335
31e8fd86
PB		 336 /* The request is used as the AIO opaque value, so add a ref. */
337 scsi_req_ref(&r->req);
338
ac668426 339 if (r->req.sg) {
4be74634 340 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
ac668426 341 r->req.resid -= r->req.sg->size;
fcaafb10
PB		 342 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
343 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 344 BDRV_SECTOR_SIZE,
fcaafb10
PB		 345 sdc->dma_readv, r, scsi_dma_complete, r,
346 DMA_DIRECTION_FROM_DEVICE);
ac668426 347 } else {
03c90063 348 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
4be74634 349 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 350 r->qiov.size, BLOCK_ACCT_READ);
890e48d7 351 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
fcaafb10 352 scsi_read_complete, r, r);
ac668426
PB		 353 }
354
355done:
3df9caf8 356 scsi_req_unref(&r->req);
ac668426
PB		 357}
358
5fd2b563
PB		 359static void scsi_do_read_cb(void *opaque, int ret)
360{
361 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
362 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
363
364 assert (r->req.aiocb != NULL);
365 r->req.aiocb = NULL;
366
d7628080
AG		 367 if (ret < 0) {
368 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
369 } else {
370 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
371 }
5fd2b563
PB		 372 scsi_do_read(opaque, ret);
373}
374
5c6c0e51
HR		 375/* Read more data from scsi device into buffer. */
376static void scsi_read_data(SCSIRequest *req)
2e5d83bb 377{
5c6c0e51 378 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 379 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 380 bool first;
2e5d83bb 381
a917d384
PB		 382 DPRINTF("Read sector_count=%d\n", r->sector_count);
383 if (r->sector_count == 0) {
b45ef674
PB		 384 /* This also clears the sense buffer for REQUEST SENSE. */
385 scsi_req_complete(&r->req, GOOD);
a917d384 386 return;
2e5d83bb
PB		 387 }
388
6fa2c95f
SH		 389 /* No data transfer may already be in progress */
390 assert(r->req.aiocb == NULL);
391
c7bae6a7
PB		 392 /* The request is used as the AIO opaque value, so add a ref. */
393 scsi_req_ref(&r->req);
efb9ee02
HR		 394 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
395 DPRINTF("Data transfer direction invalid\n");
396 scsi_read_complete(r, -EINVAL);
397 return;
398 }
399
cd723b85 400 if (!blk_is_available(req->dev->conf.blk)) {
a1aff5bf 401 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 402 return;
a1aff5bf 403 }
c7bae6a7 404
ac668426 405 first = !r->started;
a0e66a69 406 r->started = true;
94f8ba11 407 if (first && r->need_fua_emulation) {
4be74634 408 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 409 BLOCK_ACCT_FLUSH);
5fd2b563 410 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
5d0d2467 411 } else {
ac668426 412 scsi_do_read(r, 0);
5d0d2467 413 }
2e5d83bb
PB		 414}
415
c7bae6a7
PB		 416/*
417 * scsi_handle_rw_error has two return values. 0 means that the error
418 * must be ignored, 1 means that the error has been processed and the
419 * caller should not do anything else for this request. Note that
420 * scsi_handle_rw_error always manages its reference counts, independent
421 * of the return value.
422 */
d7628080 423static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
5dba48a8 424{
c85a7a00 425 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
4c41d2ef 426 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
4be74634
MA		 427 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
428 is_read, error);
ea8a5d7f 429
a589569f 430 if (action == BLOCK_ERROR_ACTION_REPORT) {
d7628080
AG		 431 if (acct_failed) {
432 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
433 }
efb9ee02 434 switch (error) {
7e218df5
PB		 435 case ENOMEDIUM:
436 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
437 break;
efb9ee02 438 case ENOMEM:
b45ef674 439 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 440 break;
441 case EINVAL:
b45ef674 442 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02 443 break;
703dd81a
PB		 444 case ENOSPC:
445 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
446 break;
efb9ee02 447 default:
b45ef674 448 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 449 break;
a1f0cce2 450 }
ea8a5d7f 451 }
4be74634 452 blk_error_action(s->qdev.conf.blk, action, is_read, error);
a589569f 453 if (action == BLOCK_ERROR_ACTION_STOP) {
3e1caa5f
PB		 454 scsi_req_retry(&r->req);
455 }
a589569f 456 return action != BLOCK_ERROR_ACTION_IGNORE;
ea8a5d7f
AL		 457}
458
5fd2b563 459static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
4d611c9a 460{
ea8a5d7f
AL		 461 uint32_t n;
462
5fd2b563 463 assert (r->req.aiocb == NULL);
5b956f41 464 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 465 goto done;
466 }
a597e79c 467
103b40f5 468 n = r->qiov.size / 512;
ea8a5d7f
AL		 469 r->sector += n;
470 r->sector_count -= n;
a917d384 471 if (r->sector_count == 0) {
7e8c49c5
PB		 472 scsi_write_do_fua(r);
473 return;
a917d384 474 } else {
43b978b9 475 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
79fb50bb 476 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
103b40f5 477 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 478 }
c7bae6a7
PB		 479
480done:
3df9caf8 481 scsi_req_unref(&r->req);
4d611c9a
PB		 482}
483
5fd2b563
PB		 484static void scsi_write_complete(void * opaque, int ret)
485{
486 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
487 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
488
489 assert (r->req.aiocb != NULL);
490 r->req.aiocb = NULL;
491
d7628080
AG		 492 if (ret < 0) {
493 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
494 } else {
495 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
496 }
5fd2b563
PB		 497 scsi_write_complete_noio(r, ret);
498}
499
42741212 500static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 501{
5c6c0e51 502 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 503 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 504 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ea8a5d7f 505
6fa2c95f
SH		 506 /* No data transfer may already be in progress */
507 assert(r->req.aiocb == NULL);
508
c7bae6a7
PB		 509 /* The request is used as the AIO opaque value, so add a ref. */
510 scsi_req_ref(&r->req);
efb9ee02
HR		 511 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
512 DPRINTF("Data transfer direction invalid\n");
5fd2b563 513 scsi_write_complete_noio(r, -EINVAL);
42741212 514 return;
efb9ee02
HR		 515 }
516
5d0d2467
PB		 517 if (!r->req.sg && !r->qiov.size) {
518 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 519 r->started = true;
5fd2b563 520 scsi_write_complete_noio(r, 0);
5d0d2467
PB		 521 return;
522 }
cd723b85 523 if (!blk_is_available(req->dev->conf.blk)) {
5fd2b563 524 scsi_write_complete_noio(r, -ENOMEDIUM);
5d0d2467
PB		 525 return;
526 }
527
7f64f8e2
PB		 528 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
529 r->req.cmd.buf[0] == VERIFY_16) {
530 if (r->req.sg) {
ef8489d4 531 scsi_dma_complete_noio(r, 0);
7f64f8e2 532 } else {
5fd2b563 533 scsi_write_complete_noio(r, 0);
7f64f8e2
PB		 534 }
535 return;
536 }
537
5d0d2467 538 if (r->req.sg) {
4be74634 539 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
5d0d2467 540 r->req.resid -= r->req.sg->size;
fcaafb10
PB		 541 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
542 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 543 BDRV_SECTOR_SIZE,
fcaafb10
PB		 544 sdc->dma_writev, r, scsi_dma_complete, r,
545 DMA_DIRECTION_TO_DEVICE);
5d0d2467 546 } else {
4be74634 547 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 548 r->qiov.size, BLOCK_ACCT_WRITE);
fcaafb10
PB		 549 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
550 scsi_write_complete, r, r);
ea8a5d7f 551 }
a917d384 552}
2e5d83bb 553
a917d384 554/* Return a pointer to the data buffer. */
5c6c0e51 555static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 556{
5c6c0e51 557 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 558
3f4cb3d3 559 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 560}
561
0b06c059
GH		 562static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
563{
383b4d9b 564 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059 565 int buflen = 0;
82579390 566 int start;
0b06c059 567
0b06c059
GH		 568 if (req->cmd.buf[1] & 0x1) {
569 /* Vital product data */
570 uint8_t page_code = req->cmd.buf[2];
0b06c059 571
e39be482 572 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 573 outbuf[buflen++] = page_code ; // this page
574 outbuf[buflen++] = 0x00;
82579390
PB		 575 outbuf[buflen++] = 0x00;
576 start = buflen;
0b06c059
GH		 577
578 switch (page_code) {
579 case 0x00: /* Supported page codes, mandatory */
39d98982 580 {
0b06c059
GH		 581 DPRINTF("Inquiry EVPD[Supported pages] "
582 "buffer size %zd\n", req->cmd.xfer);
0b06c059 583 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 584 if (s->serial) {
3e1c0c9a 585 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 586 }
0b06c059 587 outbuf[buflen++] = 0x83; // device identification
f37bd73b 588 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 589 outbuf[buflen++] = 0xb0; // block limits
590 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982 591 }
0b06c059 592 break;
39d98982 593 }
0b06c059
GH		 594 case 0x80: /* Device serial number, optional */
595 {
3e1c0c9a 596 int l;
0b06c059 597
3e1c0c9a
HR		 598 if (!s->serial) {
599 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
600 return -1;
601 }
602
603 l = strlen(s->serial);
48b62063
RW		 604 if (l > 36) {
605 l = 36;
f01b5931 606 }
0b06c059
GH		 607
608 DPRINTF("Inquiry EVPD[Serial number] "
609 "buffer size %zd\n", req->cmd.xfer);
a0fef654 610 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 611 buflen += l;
612 break;
613 }
614
615 case 0x83: /* Device identification page, mandatory */
616 {
4be74634 617 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
fd930791
PB		 618 int max_len = s->serial ? 20 : 255 - 8;
619 int id_len = strlen(str);
0b06c059 620
f01b5931 621 if (id_len > max_len) {
0b06c059 622 id_len = max_len;
f01b5931 623 }
0b06c059
GH		 624 DPRINTF("Inquiry EVPD[Device identification] "
625 "buffer size %zd\n", req->cmd.xfer);
626
0b06c059
GH		 627 outbuf[buflen++] = 0x2; // ASCII
628 outbuf[buflen++] = 0; // not officially assigned
629 outbuf[buflen++] = 0; // reserved
630 outbuf[buflen++] = id_len; // length of data following
fd930791 631 memcpy(outbuf+buflen, str, id_len);
0b06c059 632 buflen += id_len;
27395add 633
2ecab408 634 if (s->qdev.wwn) {
27395add
PB		 635 outbuf[buflen++] = 0x1; // Binary
636 outbuf[buflen++] = 0x3; // NAA
637 outbuf[buflen++] = 0; // reserved
638 outbuf[buflen++] = 8;
2ecab408 639 stq_be_p(&outbuf[buflen], s->qdev.wwn);
27395add
PB		 640 buflen += 8;
641 }
64cc2284 642
2ecab408 643 if (s->qdev.port_wwn) {
64cc2284
RD		 644 outbuf[buflen++] = 0x61; // SAS / Binary
645 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
646 outbuf[buflen++] = 0; // reserved
647 outbuf[buflen++] = 8;
2ecab408 648 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
64cc2284
RD		 649 buflen += 8;
650 }
651
652 if (s->port_index) {
653 outbuf[buflen++] = 0x61; // SAS / Binary
654 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
655 outbuf[buflen++] = 0; // reserved
656 outbuf[buflen++] = 4;
657 stw_be_p(&outbuf[buflen + 2], s->port_index);
658 buflen += 4;
659 }
0b06c059
GH		 660 break;
661 }
ea3bd56f 662 case 0xb0: /* block limits */
ee3659e3 663 {
ea3bd56f
CH		 664 unsigned int unmap_sectors =
665 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 666 unsigned int min_io_size =
667 s->qdev.conf.min_io_size / s->qdev.blocksize;
668 unsigned int opt_io_size =
669 s->qdev.conf.opt_io_size / s->qdev.blocksize;
8a1bd297
PB		 670 unsigned int max_unmap_sectors =
671 s->max_unmap_size / s->qdev.blocksize;
f8e1f533
PB		 672 unsigned int max_io_sectors =
673 s->max_io_size / s->qdev.blocksize;
ee3659e3 674
f37bd73b 675 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 676 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
677 page_code);
678 return -1;
679 }
ee3659e3 680 /* required VPD size with unmap support */
82579390 681 buflen = 0x40;
ee3659e3
CH		 682 memset(outbuf + 4, 0, buflen - 4);
683
84f94a9a
PB		 684 outbuf[4] = 0x1; /* wsnz */
685
ee3659e3
CH		 686 /* optimal transfer length granularity */
687 outbuf[6] = (min_io_size >> 8) & 0xff;
688 outbuf[7] = min_io_size & 0xff;
689
f8e1f533
PB		 690 /* maximum transfer length */
691 outbuf[8] = (max_io_sectors >> 24) & 0xff;
692 outbuf[9] = (max_io_sectors >> 16) & 0xff;
693 outbuf[10] = (max_io_sectors >> 8) & 0xff;
694 outbuf[11] = max_io_sectors & 0xff;
695
ee3659e3
CH		 696 /* optimal transfer length */
697 outbuf[12] = (opt_io_size >> 24) & 0xff;
698 outbuf[13] = (opt_io_size >> 16) & 0xff;
699 outbuf[14] = (opt_io_size >> 8) & 0xff;
700 outbuf[15] = opt_io_size & 0xff;
ea3bd56f 701
8a1bd297
PB		 702 /* max unmap LBA count, default is 1GB */
703 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
704 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
705 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
706 outbuf[23] = max_unmap_sectors & 0xff;
707
708 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
709 outbuf[24] = 0;
710 outbuf[25] = 0;
711 outbuf[26] = 0;
712 outbuf[27] = 255;
713
ea3bd56f
CH		 714 /* optimal unmap granularity */
715 outbuf[28] = (unmap_sectors >> 24) & 0xff;
716 outbuf[29] = (unmap_sectors >> 16) & 0xff;
717 outbuf[30] = (unmap_sectors >> 8) & 0xff;
718 outbuf[31] = unmap_sectors & 0xff;
f8e1f533
PB		 719
720 /* max write same size */
721 outbuf[36] = 0;
722 outbuf[37] = 0;
723 outbuf[38] = 0;
724 outbuf[39] = 0;
725
726 outbuf[40] = (max_io_sectors >> 24) & 0xff;
727 outbuf[41] = (max_io_sectors >> 16) & 0xff;
728 outbuf[42] = (max_io_sectors >> 8) & 0xff;
729 outbuf[43] = max_io_sectors & 0xff;
ea3bd56f
CH		 730 break;
731 }
732 case 0xb2: /* thin provisioning */
733 {
82579390 734 buflen = 8;
ea3bd56f 735 outbuf[4] = 0;
5222aaf2 736 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
f644a290 737 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
ea3bd56f 738 outbuf[7] = 0;
ee3659e3
CH		 739 break;
740 }
0b06c059 741 default:
0b06c059
GH		 742 return -1;
743 }
744 /* done with EVPD */
82579390
PB		 745 assert(buflen - start <= 255);
746 outbuf[start - 1] = buflen - start;
0b06c059
GH		 747 return buflen;
748 }
749
750 /* Standard INQUIRY data */
751 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 752 return -1;
753 }
754
755 /* PAGE CODE == 0 */
0b06c059 756 buflen = req->cmd.xfer;
f01b5931 757 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 758 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 759 }
0b06c059 760
f37bd73b 761 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 762 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 763
764 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
765 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
766
314b1811 767 memset(&outbuf[32], 0, 4);
552fee93 768 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 769 /*
770 * We claim conformance to SPC-3, which is required for guests
771 * to ask for modern features like READ CAPACITY(16) or the
772 * block characteristics VPD page by default. Not all of SPC-3
773 * is actually implemented, but we're good enough.
774 */
ee3659e3 775 outbuf[2] = 5;
1109c894 776 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 777
778 if (buflen > 36) {
779 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
780 } else {
781 /* If the allocation length of CDB is too small,
782 the additional length is not adjusted */
783 outbuf[4] = 36 - 5;
784 }
785
0b06c059 786 /* Sync data transfer and TCQ. */
afd4030c 787 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 788 return buflen;
789}
790
430ee2f2
PB		 791static inline bool media_is_dvd(SCSIDiskState *s)
792{
793 uint64_t nb_sectors;
794 if (s->qdev.type != TYPE_ROM) {
795 return false;
796 }
cd723b85 797 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 798 return false;
799 }
4be74634 800 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
430ee2f2
PB		 801 return nb_sectors > CD_MAX_SECTORS;
802}
803
ceb792ef
PB		 804static inline bool media_is_cd(SCSIDiskState *s)
805{
806 uint64_t nb_sectors;
807 if (s->qdev.type != TYPE_ROM) {
808 return false;
809 }
cd723b85 810 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 811 return false;
812 }
4be74634 813 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 814 return nb_sectors <= CD_MAX_SECTORS;
815}
816
1a4f0c3a
PB		 817static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
818 uint8_t *outbuf)
819{
820 uint8_t type = r->req.cmd.buf[1] & 7;
821
822 if (s->qdev.type != TYPE_ROM) {
823 return -1;
824 }
825
826 /* Types 1/2 are only defined for Blu-Ray. */
827 if (type != 0) {
828 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
829 return -1;
830 }
831
832 memset(outbuf, 0, 34);
833 outbuf[1] = 32;
834 outbuf[2] = 0xe; /* last session complete, disc finalized */
835 outbuf[3] = 1; /* first track on disc */
836 outbuf[4] = 1; /* # of sessions */
837 outbuf[5] = 1; /* first track of last session */
838 outbuf[6] = 1; /* last track of last session */
839 outbuf[7] = 0x20; /* unrestricted use */
840 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
841 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
842 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
843 /* 24-31: disc bar code */
844 /* 32: disc application code */
845 /* 33: number of OPC tables */
846
847 return 34;
848}
849
b6c251ab
PB		 850static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
851 uint8_t *outbuf)
852{
ceb792ef
PB		 853 static const int rds_caps_size[5] = {
854 [0] = 2048 + 4,
855 [1] = 4 + 4,
856 [3] = 188 + 4,
857 [4] = 2048 + 4,
858 };
859
860 uint8_t media = r->req.cmd.buf[1];
861 uint8_t layer = r->req.cmd.buf[6];
862 uint8_t format = r->req.cmd.buf[7];
863 int size = -1;
864
865 if (s->qdev.type != TYPE_ROM) {
866 return -1;
867 }
868 if (media != 0) {
869 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
870 return -1;
871 }
872
873 if (format != 0xff) {
cd723b85 874 if (!blk_is_available(s->qdev.conf.blk)) {
ceb792ef
PB		 875 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
876 return -1;
877 }
878 if (media_is_cd(s)) {
879 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
880 return -1;
881 }
882 if (format >= ARRAY_SIZE(rds_caps_size)) {
883 return -1;
884 }
885 size = rds_caps_size[format];
886 memset(outbuf, 0, size);
887 }
888
889 switch (format) {
890 case 0x00: {
891 /* Physical format information */
892 uint64_t nb_sectors;
893 if (layer != 0) {
894 goto fail;
895 }
4be74634 896 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 897
898 outbuf[4] = 1; /* DVD-ROM, part version 1 */
899 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
900 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
901 outbuf[7] = 0; /* default densities */
902
903 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
904 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
905 break;
906 }
907
908 case 0x01: /* DVD copyright information, all zeros */
909 break;
910
911 case 0x03: /* BCA information - invalid field for no BCA info */
912 return -1;
913
914 case 0x04: /* DVD disc manufacturing information, all zeros */
915 break;
916
917 case 0xff: { /* List capabilities */
918 int i;
919 size = 4;
920 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
921 if (!rds_caps_size[i]) {
922 continue;
923 }
924 outbuf[size] = i;
925 outbuf[size + 1] = 0x40; /* Not writable, readable */
926 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
927 size += 4;
928 }
929 break;
930 }
931
932 default:
933 return -1;
934 }
935
936 /* Size of buffer, not including 2 byte size field */
937 stw_be_p(outbuf, size - 2);
938 return size;
939
940fail:
b6c251ab
PB		 941 return -1;
942}
943
3c2f7c12 944static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 945{
3c2f7c12
PB		 946 uint8_t event_code, media_status;
947
948 media_status = 0;
949 if (s->tray_open) {
950 media_status = MS_TRAY_OPEN;
4be74634 951 } else if (blk_is_inserted(s->qdev.conf.blk)) {
3c2f7c12
PB		 952 media_status = MS_MEDIA_PRESENT;
953 }
954
955 /* Event notification descriptor */
956 event_code = MEC_NO_CHANGE;
4480de19
PB		 957 if (media_status != MS_TRAY_OPEN) {
958 if (s->media_event) {
959 event_code = MEC_NEW_MEDIA;
960 s->media_event = false;
961 } else if (s->eject_request) {
962 event_code = MEC_EJECT_REQUESTED;
963 s->eject_request = false;
964 }
3c2f7c12
PB		 965 }
966
967 outbuf[0] = event_code;
968 outbuf[1] = media_status;
969
970 /* These fields are reserved, just clear them. */
971 outbuf[2] = 0;
972 outbuf[3] = 0;
973 return 4;
974}
975
976static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
977 uint8_t *outbuf)
978{
979 int size;
980 uint8_t *buf = r->req.cmd.buf;
981 uint8_t notification_class_request = buf[4];
982 if (s->qdev.type != TYPE_ROM) {
983 return -1;
984 }
985 if ((buf[1] & 1) == 0) {
986 /* asynchronous */
987 return -1;
988 }
989
990 size = 4;
991 outbuf[0] = outbuf[1] = 0;
992 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
993 if (notification_class_request & (1 << GESN_MEDIA)) {
994 outbuf[2] = GESN_MEDIA;
995 size += scsi_event_status_media(s, &outbuf[size]);
996 } else {
997 outbuf[2] = 0x80;
998 }
999 stw_be_p(outbuf, size - 4);
1000 return size;
b6c251ab
PB		 1001}
1002
430ee2f2 1003static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 1004{
430ee2f2
PB		 1005 int current;
1006
b6c251ab
PB		 1007 if (s->qdev.type != TYPE_ROM) {
1008 return -1;
1009 }
7d99f4c1
MR		 1010
1011 if (media_is_dvd(s)) {
1012 current = MMC_PROFILE_DVD_ROM;
1013 } else if (media_is_cd(s)) {
1014 current = MMC_PROFILE_CD_ROM;
1015 } else {
1016 current = MMC_PROFILE_NONE;
1017 }
1018
430ee2f2
PB		 1019 memset(outbuf, 0, 40);
1020 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1021 stw_be_p(&outbuf[6], current);
1022 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1023 outbuf[10] = 0x03; /* persistent, current */
1024 outbuf[11] = 8; /* two profiles */
1025 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1026 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1027 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1028 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1029 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1030 stw_be_p(&outbuf[20], 1);
1031 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1032 outbuf[23] = 8;
1033 stl_be_p(&outbuf[24], 1); /* SCSI */
1034 outbuf[28] = 1; /* DBE = 1, mandatory */
1035 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1036 stw_be_p(&outbuf[32], 3);
1037 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1038 outbuf[35] = 4;
1039 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1040 /* TODO: Random readable, CD read, DVD read, drive serial number,
1041 power management */
1042 return 40;
b6c251ab
PB		 1043}
1044
1045static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1046{
1047 if (s->qdev.type != TYPE_ROM) {
1048 return -1;
1049 }
1050 memset(outbuf, 0, 8);
1051 outbuf[5] = 1; /* CD-ROM */
1052 return 8;
1053}
1054
cfc606da 1055static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 1056 int page_control)
ebddfcbe 1057{
a8f4bbe2
PB		 1058 static const int mode_sense_valid[0x3f] = {
1059 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1060 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1061 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 1062 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1063 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 1064 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1065 };
ef405611
PB		 1066
1067 uint8_t *p = *p_outbuf + 2;
1068 int length;
ebddfcbe 1069
a8f4bbe2
PB		 1070 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1071 return -1;
1072 }
1073
282ab04e
BK		 1074 /*
1075 * If Changeable Values are requested, a mask denoting those mode parameters
1076 * that are changeable shall be returned. As we currently don't support
1077 * parameter changes via MODE_SELECT all bits are returned set to zero.
1078 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 1079 *
1080 * The offsets here are off by two compared to the descriptions in the
1081 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1082 * but it is done so that offsets are consistent within our implementation
1083 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1084 * 2-byte and 4-byte headers.
282ab04e 1085 */
ebddfcbe 1086 switch (page) {
67cc61e4 1087 case MODE_PAGE_HD_GEOMETRY:
ef405611 1088 length = 0x16;
282ab04e 1089 if (page_control == 1) { /* Changeable Values */
cfc606da 1090 break;
282ab04e 1091 }
ebddfcbe 1092 /* if a geometry hint is available, use it */
ef405611
PB		 1093 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1094 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1095 p[2] = s->qdev.conf.cyls & 0xff;
1096 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1097 /* Write precomp start cylinder, disabled */
ef405611
PB		 1098 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1099 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1100 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1101 /* Reduced current start cylinder, disabled */
ef405611
PB		 1102 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1103 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1104 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1105 /* Device step rate [ns], 200ns */
ef405611
PB		 1106 p[10] = 0;
1107 p[11] = 200;
ebddfcbe 1108 /* Landing zone cylinder */
ef405611
PB		 1109 p[12] = 0xff;
1110 p[13] = 0xff;
ebddfcbe 1111 p[14] = 0xff;
ebddfcbe 1112 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1113 p[18] = (5400 >> 8) & 0xff;
1114 p[19] = 5400 & 0xff;
cfc606da 1115 break;
ebddfcbe 1116
67cc61e4 1117 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1118 length = 0x1e;
282ab04e 1119 if (page_control == 1) { /* Changeable Values */
cfc606da 1120 break;
282ab04e 1121 }
ebddfcbe 1122 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1123 p[0] = 5000 >> 8;
1124 p[1] = 5000 & 0xff;
ebddfcbe 1125 /* if a geometry hint is available, use it */
ef405611
PB		 1126 p[2] = s->qdev.conf.heads & 0xff;
1127 p[3] = s->qdev.conf.secs & 0xff;
1128 p[4] = s->qdev.blocksize >> 8;
1129 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1130 p[7] = s->qdev.conf.cyls & 0xff;
1131 /* Write precomp start cylinder, disabled */
d252df48
MA		 1132 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1133 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1134 /* Reduced current start cylinder, disabled */
d252df48
MA		 1135 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1136 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1137 /* Device step rate [100us], 100us */
ef405611
PB		 1138 p[12] = 0;
1139 p[13] = 1;
ebddfcbe 1140 /* Device step pulse width [us], 1us */
ef405611 1141 p[14] = 1;
ebddfcbe 1142 /* Device head settle delay [100us], 100us */
ef405611
PB		 1143 p[15] = 0;
1144 p[16] = 1;
ebddfcbe 1145 /* Motor on delay [0.1s], 0.1s */
ef405611 1146 p[17] = 1;
ebddfcbe 1147 /* Motor off delay [0.1s], 0.1s */
ef405611 1148 p[18] = 1;
ebddfcbe 1149 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1150 p[26] = (5400 >> 8) & 0xff;
1151 p[27] = 5400 & 0xff;
cfc606da 1152 break;
ebddfcbe 1153
67cc61e4 1154 case MODE_PAGE_CACHING:
ef405611 1155 length = 0x12;
96c91bbf 1156 if (page_control == 1 || /* Changeable Values */
4be74634 1157 blk_enable_write_cache(s->qdev.conf.blk)) {
ef405611 1158 p[0] = 4; /* WCE */
ebddfcbe 1159 }
cfc606da 1160 break;
ebddfcbe 1161
a07c7dcd 1162 case MODE_PAGE_R_W_ERROR:
ef405611 1163 length = 10;
4f588b15
PB		 1164 if (page_control == 1) { /* Changeable Values */
1165 break;
1166 }
ef405611 1167 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1168 if (s->qdev.type == TYPE_ROM) {
ef405611 1169 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1170 }
1171 break;
1172
1173 case MODE_PAGE_AUDIO_CTL:
ef405611 1174 length = 14;
a07c7dcd
PB		 1175 break;
1176
67cc61e4 1177 case MODE_PAGE_CAPABILITIES:
ef405611 1178 length = 0x14;
282ab04e 1179 if (page_control == 1) { /* Changeable Values */
cfc606da 1180 break;
282ab04e 1181 }
a07c7dcd 1182
ef405611
PB		 1183 p[0] = 0x3b; /* CD-R & CD-RW read */
1184 p[1] = 0; /* Writing not supported */
1185 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1186 mode 2 form 1&2, multi session */
ef405611 1187 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1188 RW corrected, C2 errors, ISRC,
1189 UPC, Bar code */
ef405611 1190 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1191 /* Locking supported, jumper present, eject, tray */
ef405611 1192 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1193 changer */
ef405611
PB		 1194 p[6] = (50 * 176) >> 8; /* 50x read speed */
1195 p[7] = (50 * 176) & 0xff;
1196 p[8] = 2 >> 8; /* Two volume levels */
1197 p[9] = 2 & 0xff;
1198 p[10] = 2048 >> 8; /* 2M buffer */
1199 p[11] = 2048 & 0xff;
1200 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1201 p[13] = (16 * 176) & 0xff;
1202 p[16] = (16 * 176) >> 8; /* 16x write speed */
1203 p[17] = (16 * 176) & 0xff;
1204 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1205 p[19] = (16 * 176) & 0xff;
cfc606da 1206 break;
ebddfcbe
GH		 1207
1208 default:
cfc606da 1209 return -1;
ebddfcbe 1210 }
cfc606da 1211
ef405611
PB		 1212 assert(length < 256);
1213 (*p_outbuf)[0] = page;
1214 (*p_outbuf)[1] = length;
1215 *p_outbuf += length + 2;
1216 return length + 2;
ebddfcbe
GH		 1217}
1218
cfc606da 1219static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1220{
cfc606da 1221 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1222 uint64_t nb_sectors;
e590ecbe
PB		 1223 bool dbd;
1224 int page, buflen, ret, page_control;
ebddfcbe 1225 uint8_t *p;
ce512ee1 1226 uint8_t dev_specific_param;
ebddfcbe 1227
e590ecbe 1228 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1229 page = r->req.cmd.buf[2] & 0x3f;
1230 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1231 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1232 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1233 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1234 p = outbuf;
1235
e590ecbe 1236 if (s->qdev.type == TYPE_DISK) {
da8365db 1237 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
4be74634 1238 if (blk_is_read_only(s->qdev.conf.blk)) {
e590ecbe
PB		 1239 dev_specific_param |= 0x80; /* Readonly. */
1240 }
ce512ee1 1241 } else {
e590ecbe
PB		 1242 /* MMC prescribes that CD/DVD drives have no block descriptors,
1243 * and defines no device-specific parameter. */
6a2de0f2 1244 dev_specific_param = 0x00;
e590ecbe 1245 dbd = true;
ce512ee1
BK		 1246 }
1247
cfc606da 1248 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1249 p[1] = 0; /* Default media type. */
1250 p[2] = dev_specific_param;
1251 p[3] = 0; /* Block descriptor length. */
1252 p += 4;
1253 } else { /* MODE_SENSE_10 */
1254 p[2] = 0; /* Default media type. */
1255 p[3] = dev_specific_param;
1256 p[6] = p[7] = 0; /* Block descriptor length. */
1257 p += 8;
ebddfcbe 1258 }
ebddfcbe 1259
4be74634 1260 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
e590ecbe 1261 if (!dbd && nb_sectors) {
cfc606da 1262 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1263 outbuf[3] = 8; /* Block descriptor length */
1264 } else { /* MODE_SENSE_10 */
1265 outbuf[7] = 8; /* Block descriptor length */
1266 }
69377307 1267 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1268 if (nb_sectors > 0xffffff) {
2488b740 1269 nb_sectors = 0;
f01b5931 1270 }
ebddfcbe
GH		 1271 p[0] = 0; /* media density code */
1272 p[1] = (nb_sectors >> 16) & 0xff;
1273 p[2] = (nb_sectors >> 8) & 0xff;
1274 p[3] = nb_sectors & 0xff;
1275 p[4] = 0; /* reserved */
1276 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1277 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1278 p[7] = 0;
1279 p += 8;
1280 }
1281
cfc606da
PB		 1282 if (page_control == 3) {
1283 /* Saved Values */
1284 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1285 return -1;
282ab04e
BK		 1286 }
1287
cfc606da
PB		 1288 if (page == 0x3f) {
1289 for (page = 0; page <= 0x3e; page++) {
1290 mode_sense_page(s, page, &p, page_control);
1291 }
1292 } else {
1293 ret = mode_sense_page(s, page, &p, page_control);
1294 if (ret == -1) {
1295 return -1;
1296 }
ebddfcbe
GH		 1297 }
1298
1299 buflen = p - outbuf;
ce512ee1
BK		 1300 /*
1301 * The mode data length field specifies the length in bytes of the
1302 * following data that is available to be transferred. The mode data
1303 * length does not include itself.
1304 */
cfc606da 1305 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1306 outbuf[0] = buflen - 1;
1307 } else { /* MODE_SENSE_10 */
1308 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1309 outbuf[1] = (buflen - 2) & 0xff;
1310 }
ebddfcbe
GH		 1311 return buflen;
1312}
1313
02880f43
GH		 1314static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1315{
1316 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1317 int start_track, format, msf, toclen;
1318 uint64_t nb_sectors;
1319
1320 msf = req->cmd.buf[1] & 2;
1321 format = req->cmd.buf[2] & 0xf;
1322 start_track = req->cmd.buf[6];
4be74634 1323 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
02880f43 1324 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1325 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1326 switch (format) {
1327 case 0:
1328 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1329 break;
1330 case 1:
1331 /* multi session : only a single session defined */
1332 toclen = 12;
1333 memset(outbuf, 0, 12);
1334 outbuf[1] = 0x0a;
1335 outbuf[2] = 0x01;
1336 outbuf[3] = 0x01;
1337 break;
1338 case 2:
1339 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1340 break;
1341 default:
1342 return -1;
1343 }
02880f43
GH		 1344 return toclen;
1345}
1346
68bb01f3 1347static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1348{
1349 SCSIRequest *req = &r->req;
1350 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1351 bool start = req->cmd.buf[4] & 1;
1352 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1353 int pwrcnd = req->cmd.buf[4] & 0xf0;
1354
1355 if (pwrcnd) {
1356 /* eject/load only happens for power condition == 0 */
1357 return 0;
1358 }
bfd52647 1359
b456a71c 1360 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1361 if (!start && !s->tray_open && s->tray_locked) {
1362 scsi_check_condition(r,
4be74634 1363 blk_is_inserted(s->qdev.conf.blk)
68bb01f3
MA		 1364 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1365 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1366 return -1;
fdec4404 1367 }
d88b1819
LC		 1368
1369 if (s->tray_open != !start) {
4be74634 1370 blk_eject(s->qdev.conf.blk, !start);
d88b1819
LC		 1371 s->tray_open = !start;
1372 }
bfd52647 1373 }
68bb01f3 1374 return 0;
bfd52647
MA		 1375}
1376
314a3299
PB		 1377static void scsi_disk_emulate_read_data(SCSIRequest *req)
1378{
1379 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1380 int buflen = r->iov.iov_len;
1381
1382 if (buflen) {
79fb50bb 1383 DPRINTF("Read buf_len=%d\n", buflen);
314a3299
PB		 1384 r->iov.iov_len = 0;
1385 r->started = true;
1386 scsi_req_data(&r->req, buflen);
1387 return;
1388 }
1389
1390 /* This also clears the sense buffer for REQUEST SENSE. */
1391 scsi_req_complete(&r->req, GOOD);
1392}
1393
380feaff
PB		 1394static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1395 uint8_t *inbuf, int inlen)
1396{
1397 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1398 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1399 uint8_t *p;
1400 int len, expected_len, changeable_len, i;
1401
1402 /* The input buffer does not include the page header, so it is
1403 * off by 2 bytes.
1404 */
1405 expected_len = inlen + 2;
1406 if (expected_len > SCSI_MAX_MODE_LEN) {
1407 return -1;
1408 }
1409
1410 p = mode_current;
1411 memset(mode_current, 0, inlen + 2);
1412 len = mode_sense_page(s, page, &p, 0);
1413 if (len < 0 || len != expected_len) {
1414 return -1;
1415 }
1416
1417 p = mode_changeable;
1418 memset(mode_changeable, 0, inlen + 2);
1419 changeable_len = mode_sense_page(s, page, &p, 1);
1420 assert(changeable_len == len);
1421
1422 /* Check that unchangeable bits are the same as what MODE SENSE
1423 * would return.
1424 */
1425 for (i = 2; i < len; i++) {
1426 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1427 return -1;
1428 }
1429 }
1430 return 0;
1431}
1432
1433static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1434{
96c91bbf
PB		 1435 switch (page) {
1436 case MODE_PAGE_CACHING:
4be74634 1437 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
96c91bbf
PB		 1438 break;
1439
1440 default:
1441 break;
1442 }
380feaff
PB		 1443}
1444
1445static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1446{
1447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1448
1449 while (len > 0) {
1450 int page, subpage, page_len;
1451
1452 /* Parse both possible formats for the mode page headers. */
1453 page = p[0] & 0x3f;
1454 if (p[0] & 0x40) {
1455 if (len < 4) {
1456 goto invalid_param_len;
1457 }
1458 subpage = p[1];
1459 page_len = lduw_be_p(&p[2]);
1460 p += 4;
1461 len -= 4;
1462 } else {
1463 if (len < 2) {
1464 goto invalid_param_len;
1465 }
1466 subpage = 0;
1467 page_len = p[1];
1468 p += 2;
1469 len -= 2;
1470 }
1471
1472 if (subpage) {
1473 goto invalid_param;
1474 }
1475 if (page_len > len) {
1476 goto invalid_param_len;
1477 }
1478
1479 if (!change) {
1480 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1481 goto invalid_param;
1482 }
1483 } else {
1484 scsi_disk_apply_mode_select(s, page, p);
1485 }
1486
1487 p += page_len;
1488 len -= page_len;
1489 }
1490 return 0;
1491
1492invalid_param:
1493 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1494 return -1;
1495
1496invalid_param_len:
1497 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1498 return -1;
1499}
1500
1501static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1502{
accfeb2d 1503 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1504 uint8_t *p = inbuf;
1505 int cmd = r->req.cmd.buf[0];
1506 int len = r->req.cmd.xfer;
1507 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1508 int bd_len;
1509 int pass;
1510
1511 /* We only support PF=1, SP=0. */
1512 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1513 goto invalid_field;
1514 }
1515
1516 if (len < hdr_len) {
1517 goto invalid_param_len;
1518 }
1519
1520 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1521 len -= hdr_len;
1522 p += hdr_len;
1523 if (len < bd_len) {
1524 goto invalid_param_len;
1525 }
1526 if (bd_len != 0 && bd_len != 8) {
1527 goto invalid_param;
1528 }
1529
1530 len -= bd_len;
1531 p += bd_len;
1532
1533 /* Ensure no change is made if there is an error! */
1534 for (pass = 0; pass < 2; pass++) {
1535 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1536 assert(pass == 0);
1537 return;
1538 }
1539 }
4be74634 1540 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
accfeb2d
PB		 1541 /* The request is used as the AIO opaque value, so add a ref. */
1542 scsi_req_ref(&r->req);
4be74634 1543 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 1544 BLOCK_ACCT_FLUSH);
4be74634 1545 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
accfeb2d
PB		 1546 return;
1547 }
1548
380feaff
PB		 1549 scsi_req_complete(&r->req, GOOD);
1550 return;
1551
1552invalid_param:
1553 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1554 return;
1555
1556invalid_param_len:
1557 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1558 return;
1559
1560invalid_field:
1561 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1562}
1563
444bc908
PB		 1564static inline bool check_lba_range(SCSIDiskState *s,
1565 uint64_t sector_num, uint32_t nb_sectors)
1566{
1567 /*
1568 * The first line tests that no overflow happens when computing the last
1569 * sector. The second line tests that the last accessed sector is in
1570 * range.
12ca76fc
PB		 1571 *
1572 * Careful, the computations should not underflow for nb_sectors == 0,
1573 * and a 0-block read to the first LBA beyond the end of device is
1574 * valid.
444bc908
PB		 1575 */
1576 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1577 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1578}
1579
5222aaf2
PB		 1580typedef struct UnmapCBData {
1581 SCSIDiskReq *r;
1582 uint8_t *inbuf;
1583 int count;
1584} UnmapCBData;
1585
5fd2b563
PB		 1586static void scsi_unmap_complete(void *opaque, int ret);
1587
1588static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
5222aaf2 1589{
5222aaf2
PB		 1590 SCSIDiskReq *r = data->r;
1591 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1592 uint64_t sector_num;
5bb0b62e 1593 uint32_t nb_sectors;
5222aaf2 1594
5fd2b563 1595 assert(r->req.aiocb == NULL);
5b956f41 1596 if (scsi_disk_req_check_error(r, ret, false)) {
d0242ead
PB		 1597 goto done;
1598 }
1599
d0242ead 1600 if (data->count > 0) {
5222aaf2
PB		 1601 sector_num = ldq_be_p(&data->inbuf[0]);
1602 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
444bc908 1603 if (!check_lba_range(s, sector_num, nb_sectors)) {
5222aaf2
PB		 1604 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1605 goto done;
1606 }
1607
1c6c4bb7
EB		 1608 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1609 sector_num * s->qdev.blocksize,
1610 nb_sectors * s->qdev.blocksize,
1611 scsi_unmap_complete, data);
5222aaf2
PB		 1612 data->count--;
1613 data->inbuf += 16;
1614 return;
1615 }
1616
d0242ead
PB		 1617 scsi_req_complete(&r->req, GOOD);
1618
5222aaf2 1619done:
3df9caf8 1620 scsi_req_unref(&r->req);
5222aaf2
PB		 1621 g_free(data);
1622}
1623
5fd2b563
PB		 1624static void scsi_unmap_complete(void *opaque, int ret)
1625{
1626 UnmapCBData *data = opaque;
1627 SCSIDiskReq *r = data->r;
1628
1629 assert(r->req.aiocb != NULL);
1630 r->req.aiocb = NULL;
1631
1632 scsi_unmap_complete_noio(data, ret);
1633}
1634
5222aaf2
PB		 1635static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1636{
c5fd1fb0 1637 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5222aaf2
PB		 1638 uint8_t *p = inbuf;
1639 int len = r->req.cmd.xfer;
1640 UnmapCBData *data;
1641
823bd739
PB		 1642 /* Reject ANCHOR=1. */
1643 if (r->req.cmd.buf[1] & 0x1) {
1644 goto invalid_field;
1645 }
1646
5222aaf2
PB		 1647 if (len < 8) {
1648 goto invalid_param_len;
1649 }
1650 if (len < lduw_be_p(&p[0]) + 2) {
1651 goto invalid_param_len;
1652 }
1653 if (len < lduw_be_p(&p[2]) + 8) {
1654 goto invalid_param_len;
1655 }
1656 if (lduw_be_p(&p[2]) & 15) {
1657 goto invalid_param_len;
1658 }
1659
4be74634 1660 if (blk_is_read_only(s->qdev.conf.blk)) {
c5fd1fb0
PB		 1661 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1662 return;
1663 }
1664
5222aaf2
PB		 1665 data = g_new0(UnmapCBData, 1);
1666 data->r = r;
1667 data->inbuf = &p[8];
1668 data->count = lduw_be_p(&p[2]) >> 4;
1669
1670 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1671 scsi_req_ref(&r->req);
5fd2b563 1672 scsi_unmap_complete_noio(data, 0);
5222aaf2
PB		 1673 return;
1674
1675invalid_param_len:
1676 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
823bd739
PB		 1677 return;
1678
1679invalid_field:
1680 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
5222aaf2
PB		 1681}
1682
84f94a9a
PB		 1683typedef struct WriteSameCBData {
1684 SCSIDiskReq *r;
1685 int64_t sector;
1686 int nb_sectors;
1687 QEMUIOVector qiov;
1688 struct iovec iov;
1689} WriteSameCBData;
1690
1691static void scsi_write_same_complete(void *opaque, int ret)
1692{
1693 WriteSameCBData *data = opaque;
1694 SCSIDiskReq *r = data->r;
1695 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1696
1697 assert(r->req.aiocb != NULL);
1698 r->req.aiocb = NULL;
5b956f41 1699 if (scsi_disk_req_check_error(r, ret, true)) {
84f94a9a
PB		 1700 goto done;
1701 }
1702
d7628080
AG		 1703 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1704
84f94a9a
PB		 1705 data->nb_sectors -= data->iov.iov_len / 512;
1706 data->sector += data->iov.iov_len / 512;
1707 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1708 if (data->iov.iov_len) {
4be74634 1709 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1710 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1711 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1712 * where final qiov may need smaller size */
a56537a1 1713 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
03c90063
EB		 1714 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1715 data->sector << BDRV_SECTOR_BITS,
1716 &data->qiov, 0,
1717 scsi_write_same_complete, data);
84f94a9a
PB		 1718 return;
1719 }
1720
1721 scsi_req_complete(&r->req, GOOD);
1722
1723done:
3df9caf8 1724 scsi_req_unref(&r->req);
84f94a9a
PB		 1725 qemu_vfree(data->iov.iov_base);
1726 g_free(data);
1727}
1728
1729static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1730{
1731 SCSIRequest *req = &r->req;
1732 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1894df02 1733 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
84f94a9a
PB		 1734 WriteSameCBData *data;
1735 uint8_t *buf;
1736 int i;
1737
1738 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1739 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1740 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1741 return;
1742 }
1743
4be74634 1744 if (blk_is_read_only(s->qdev.conf.blk)) {
84f94a9a
PB		 1745 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1746 return;
1747 }
1748 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1749 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1750 return;
1751 }
1752
1753 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1754 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1755
1756 /* The request is used as the AIO opaque value, so add a ref. */
1757 scsi_req_ref(&r->req);
4be74634 1758 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8
BC		 1759 nb_sectors * s->qdev.blocksize,
1760 BLOCK_ACCT_WRITE);
d004bd52 1761 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
983a1600
EB		 1762 r->req.cmd.lba * s->qdev.blocksize,
1763 nb_sectors * s->qdev.blocksize,
4be74634 1764 flags, scsi_aio_complete, r);
84f94a9a
PB		 1765 return;
1766 }
1767
1768 data = g_new0(WriteSameCBData, 1);
1769 data->r = r;
1770 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1771 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1772 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
4be74634
MA		 1773 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1774 data->iov.iov_len);
84f94a9a
PB		 1775 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1776
1777 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1778 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1779 }
1780
1781 scsi_req_ref(&r->req);
4be74634 1782 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1783 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1784 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1785 data->sector << BDRV_SECTOR_BITS,
1786 &data->qiov, 0,
1787 scsi_write_same_complete, data);
84f94a9a
PB		 1788}
1789
314a3299
PB		 1790static void scsi_disk_emulate_write_data(SCSIRequest *req)
1791{
af6d510d
PB		 1792 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1793
1794 if (r->iov.iov_len) {
1795 int buflen = r->iov.iov_len;
79fb50bb 1796 DPRINTF("Write buf_len=%d\n", buflen);
af6d510d
PB		 1797 r->iov.iov_len = 0;
1798 scsi_req_data(&r->req, buflen);
1799 return;
1800 }
1801
1802 switch (req->cmd.buf[0]) {
1803 case MODE_SELECT:
1804 case MODE_SELECT_10:
1805 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1806 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1807 break;
1808
5222aaf2
PB		 1809 case UNMAP:
1810 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1811 break;
1812
d97e7730
PB		 1813 case VERIFY_10:
1814 case VERIFY_12:
1815 case VERIFY_16:
1816 if (r->req.status == -1) {
1817 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1818 }
1819 break;
1820
84f94a9a
PB		 1821 case WRITE_SAME_10:
1822 case WRITE_SAME_16:
1823 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1824 break;
d97e7730 1825
af6d510d
PB		 1826 default:
1827 abort();
1828 }
314a3299
PB		 1829}
1830
b08d0ea0 1831static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1832{
b08d0ea0 1833 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1834 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1835 uint64_t nb_sectors;
7285477a 1836 uint8_t *outbuf;
af6d510d 1837 int buflen;
aa5dbdc1 1838
b08d0ea0
PB		 1839 switch (req->cmd.buf[0]) {
1840 case INQUIRY:
1841 case MODE_SENSE:
1842 case MODE_SENSE_10:
1843 case RESERVE:
1844 case RESERVE_10:
1845 case RELEASE:
1846 case RELEASE_10:
1847 case START_STOP:
1848 case ALLOW_MEDIUM_REMOVAL:
1849 case GET_CONFIGURATION:
1850 case GET_EVENT_STATUS_NOTIFICATION:
1851 case MECHANISM_STATUS:
1852 case REQUEST_SENSE:
1853 break;
1854
1855 default:
cd723b85 1856 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 1857 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1858 return 0;
1859 }
1860 break;
1861 }
1862
c8dcb531
PB		 1863 /*
1864 * FIXME: we shouldn't return anything bigger than 4k, but the code
1865 * requires the buffer to be as big as req->cmd.xfer in several
1866 * places. So, do not allow CDBs with a very large ALLOCATION
1867 * LENGTH. The real fix would be to modify scsi_read_data and
1868 * dma_buf_read, so that they return data beyond the buflen
1869 * as all zeros.
1870 */
1871 if (req->cmd.xfer > 65536) {
1872 goto illegal_request;
1873 }
1874 r->buflen = MAX(4096, req->cmd.xfer);
1875
7285477a 1876 if (!r->iov.iov_base) {
4be74634 1877 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 1878 }
1879
af6d510d 1880 buflen = req->cmd.xfer;
7285477a 1881 outbuf = r->iov.iov_base;
c8dcb531 1882 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1883 switch (req->cmd.buf[0]) {
1884 case TEST_UNIT_READY:
cd723b85 1885 assert(blk_is_available(s->qdev.conf.blk));
5f71d32f 1886 break;
0b06c059
GH		 1887 case INQUIRY:
1888 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1889 if (buflen < 0) {
0b06c059 1890 goto illegal_request;
f01b5931 1891 }
5f71d32f 1892 break;
ebddfcbe
GH		 1893 case MODE_SENSE:
1894 case MODE_SENSE_10:
cfc606da 1895 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1896 if (buflen < 0) {
ebddfcbe 1897 goto illegal_request;
f01b5931 1898 }
ebddfcbe 1899 break;
02880f43
GH		 1900 case READ_TOC:
1901 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1902 if (buflen < 0) {
02880f43 1903 goto illegal_request;
f01b5931 1904 }
02880f43 1905 break;
3d53ba18 1906 case RESERVE:
f01b5931 1907 if (req->cmd.buf[1] & 1) {
3d53ba18 1908 goto illegal_request;
f01b5931 1909 }
3d53ba18
GH		 1910 break;
1911 case RESERVE_10:
f01b5931 1912 if (req->cmd.buf[1] & 3) {
3d53ba18 1913 goto illegal_request;
f01b5931 1914 }
3d53ba18
GH		 1915 break;
1916 case RELEASE:
f01b5931 1917 if (req->cmd.buf[1] & 1) {
3d53ba18 1918 goto illegal_request;
f01b5931 1919 }
3d53ba18
GH		 1920 break;
1921 case RELEASE_10:
f01b5931 1922 if (req->cmd.buf[1] & 3) {
3d53ba18 1923 goto illegal_request;
f01b5931 1924 }
3d53ba18 1925 break;
8d3628ff 1926 case START_STOP:
68bb01f3 1927 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1928 return 0;
68bb01f3 1929 }
5f71d32f 1930 break;
c68b9f34 1931 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1932 s->tray_locked = req->cmd.buf[4] & 1;
4be74634 1933 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
5f71d32f 1934 break;
5e30a07d 1935 case READ_CAPACITY_10:
e7e25e32 1936 /* The normal LEN field for this command is zero. */
5f71d32f 1937 memset(outbuf, 0, 8);
4be74634 1938 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 1939 if (!nb_sectors) {
9bcaf4fe 1940 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1941 return 0;
f01b5931 1942 }
7cec78b6
PB		 1943 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1944 goto illegal_request;
1945 }
69377307 1946 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1947 /* Returned value is the address of the last sector. */
1948 nb_sectors--;
1949 /* Remember the new size for read/write sanity checking. */
7877903a 1950 s->qdev.max_lba = nb_sectors;
e7e25e32 1951 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1952 if (nb_sectors > UINT32_MAX) {
e7e25e32 1953 nb_sectors = UINT32_MAX;
f01b5931 1954 }
e7e25e32
GH		 1955 outbuf[0] = (nb_sectors >> 24) & 0xff;
1956 outbuf[1] = (nb_sectors >> 16) & 0xff;
1957 outbuf[2] = (nb_sectors >> 8) & 0xff;
1958 outbuf[3] = nb_sectors & 0xff;
1959 outbuf[4] = 0;
1960 outbuf[5] = 0;
69377307 1961 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 1962 outbuf[7] = 0;
5f71d32f 1963 break;
f3b338ef
PB		 1964 case REQUEST_SENSE:
1965 /* Just return "NO SENSE". */
1966 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1967 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 1968 if (buflen < 0) {
1969 goto illegal_request;
1970 }
f3b338ef 1971 break;
b6c251ab
PB		 1972 case MECHANISM_STATUS:
1973 buflen = scsi_emulate_mechanism_status(s, outbuf);
1974 if (buflen < 0) {
1975 goto illegal_request;
1976 }
1977 break;
38215553 1978 case GET_CONFIGURATION:
430ee2f2 1979 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1980 if (buflen < 0) {
1981 goto illegal_request;
1982 }
1983 break;
1984 case GET_EVENT_STATUS_NOTIFICATION:
1985 buflen = scsi_get_event_status_notification(s, r, outbuf);
1986 if (buflen < 0) {
1987 goto illegal_request;
1988 }
1989 break;
1a4f0c3a
PB		 1990 case READ_DISC_INFORMATION:
1991 buflen = scsi_read_disc_information(s, r, outbuf);
1992 if (buflen < 0) {
1993 goto illegal_request;
1994 }
1995 break;
b6c251ab
PB		 1996 case READ_DVD_STRUCTURE:
1997 buflen = scsi_read_dvd_structure(s, r, outbuf);
1998 if (buflen < 0) {
1999 goto illegal_request;
2000 }
38215553 2001 break;
f6515262 2002 case SERVICE_ACTION_IN_16:
5dd90e2a 2003 /* Service Action In subcommands. */
f6515262 2004 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 2005 DPRINTF("SAI READ CAPACITY(16)\n");
2006 memset(outbuf, 0, req->cmd.xfer);
4be74634 2007 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2008 if (!nb_sectors) {
9bcaf4fe 2009 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2010 return 0;
f01b5931 2011 }
7cec78b6
PB		 2012 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2013 goto illegal_request;
2014 }
69377307 2015 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 2016 /* Returned value is the address of the last sector. */
2017 nb_sectors--;
2018 /* Remember the new size for read/write sanity checking. */
7877903a 2019 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 2020 outbuf[0] = (nb_sectors >> 56) & 0xff;
2021 outbuf[1] = (nb_sectors >> 48) & 0xff;
2022 outbuf[2] = (nb_sectors >> 40) & 0xff;
2023 outbuf[3] = (nb_sectors >> 32) & 0xff;
2024 outbuf[4] = (nb_sectors >> 24) & 0xff;
2025 outbuf[5] = (nb_sectors >> 16) & 0xff;
2026 outbuf[6] = (nb_sectors >> 8) & 0xff;
2027 outbuf[7] = nb_sectors & 0xff;
2028 outbuf[8] = 0;
2029 outbuf[9] = 0;
69377307 2030 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 2031 outbuf[11] = 0;
ee3659e3
CH		 2032 outbuf[12] = 0;
2033 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 2034
2035 /* set TPE bit if the format supports discard */
2036 if (s->qdev.conf.discard_granularity) {
2037 outbuf[14] = 0x80;
2038 }
2039
5dd90e2a 2040 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 2041 break;
2042 }
2043 DPRINTF("Unsupported Service Action In\n");
2044 goto illegal_request;
101aa85f
PB		 2045 case SYNCHRONIZE_CACHE:
2046 /* The request is used as the AIO opaque value, so add a ref. */
2047 scsi_req_ref(&r->req);
4be74634 2048 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 2049 BLOCK_ACCT_FLUSH);
4be74634 2050 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
101aa85f
PB		 2051 return 0;
2052 case SEEK_10:
2053 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2054 if (r->req.cmd.lba > s->qdev.max_lba) {
2055 goto illegal_lba;
2056 }
2057 break;
101aa85f 2058 case MODE_SELECT:
142c2145 2059 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
101aa85f
PB		 2060 break;
2061 case MODE_SELECT_10:
142c2145 2062 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
101aa85f 2063 break;
5222aaf2 2064 case UNMAP:
142c2145 2065 DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer);
5222aaf2 2066 break;
d97e7730
PB		 2067 case VERIFY_10:
2068 case VERIFY_12:
2069 case VERIFY_16:
4525c133 2070 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
d97e7730
PB		 2071 if (req->cmd.buf[1] & 6) {
2072 goto illegal_request;
2073 }
2074 break;
101aa85f 2075 case WRITE_SAME_10:
101aa85f 2076 case WRITE_SAME_16:
84f94a9a
PB		 2077 DPRINTF("WRITE SAME %d (len %lu)\n",
2078 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
142c2145 2079 (unsigned long)r->req.cmd.xfer);
84f94a9a 2080 break;
aa5dbdc1 2081 default:
b9e77bc7
AK		 2082 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2083 scsi_command_name(buf[0]));
b45ef674 2084 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 2085 return 0;
aa5dbdc1 2086 }
314a3299 2087 assert(!r->req.aiocb);
c8dcb531 2088 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 2089 if (r->iov.iov_len == 0) {
2090 scsi_req_complete(&r->req, GOOD);
2091 }
af6d510d
PB		 2092 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2093 assert(r->iov.iov_len == req->cmd.xfer);
2094 return -r->iov.iov_len;
2095 } else {
2096 return r->iov.iov_len;
2097 }
aa5dbdc1 2098
aa5dbdc1 2099illegal_request:
cfc606da
PB		 2100 if (r->req.status == -1) {
2101 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2102 }
b08d0ea0 2103 return 0;
101aa85f
PB		 2104
2105illegal_lba:
2106 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2107 return 0;
aa5dbdc1
GH		 2108}
2109
2e5d83bb
PB		 2110/* Execute a scsi command. Returns the length of the data expected by the
2111 command. This will be Positive for data transfers from the device
2112 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2113 and zero if the command does not transfer any data. */
2114
b08d0ea0 2115static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 2116{
5c6c0e51
HR		 2117 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
94f8ba11 2119 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
e93176d5 2120 uint32_t len;
a917d384 2121 uint8_t command;
a917d384
PB		 2122
2123 command = buf[0];
aa5dbdc1 2124
cd723b85 2125 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 2126 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2127 return 0;
9bcaf4fe
PB		 2128 }
2129
1894df02 2130 len = scsi_data_cdb_xfer(r->req.cmd.buf);
a917d384 2131 switch (command) {
ebf46023
GH		 2132 case READ_6:
2133 case READ_10:
bd536cf3
GH		 2134 case READ_12:
2135 case READ_16:
e93176d5 2136 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
96bdbbab
RS		 2137 if (r->req.cmd.buf[1] & 0xe0) {
2138 goto illegal_request;
2139 }
444bc908 2140 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2141 goto illegal_lba;
f01b5931 2142 }
69377307
PB		 2143 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2144 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 2145 break;
ebf46023
GH		 2146 case WRITE_6:
2147 case WRITE_10:
bd536cf3
GH		 2148 case WRITE_12:
2149 case WRITE_16:
5e30a07d 2150 case WRITE_VERIFY_10:
ebef0bbb
BK		 2151 case WRITE_VERIFY_12:
2152 case WRITE_VERIFY_16:
4be74634 2153 if (blk_is_read_only(s->qdev.conf.blk)) {
6a8a685c
RS		 2154 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2155 return 0;
2156 }
e93176d5 2157 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2dd791b6
HR		 2158 (command & 0xe) == 0xe ? "And Verify " : "",
2159 r->req.cmd.lba, len);
96bdbbab
RS		 2160 if (r->req.cmd.buf[1] & 0xe0) {
2161 goto illegal_request;
2162 }
444bc908 2163 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2164 goto illegal_lba;
f01b5931 2165 }
69377307
PB		 2166 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2167 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 2168 break;
101aa85f 2169 default:
b08d0ea0 2170 abort();
96bdbbab
RS		 2171 illegal_request:
2172 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2173 return 0;
274fb0e1 2174 illegal_lba:
b45ef674 2175 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 2176 return 0;
2e5d83bb 2177 }
94f8ba11 2178 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
b08d0ea0 2179 if (r->sector_count == 0) {
b45ef674 2180 scsi_req_complete(&r->req, GOOD);
a917d384 2181 }
b08d0ea0 2182 assert(r->iov.iov_len == 0);
efb9ee02 2183 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
b08d0ea0 2184 return -r->sector_count * 512;
a917d384 2185 } else {
b08d0ea0 2186 return r->sector_count * 512;
2e5d83bb 2187 }
2e5d83bb
PB		 2188}
2189
e9447f35
JK		 2190static void scsi_disk_reset(DeviceState *dev)
2191{
2192 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2193 uint64_t nb_sectors;
2194
c7b48872 2195 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 2196
4be74634 2197 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
69377307 2198 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 2199 if (nb_sectors) {
2200 nb_sectors--;
2201 }
7877903a 2202 s->qdev.max_lba = nb_sectors;
7721c7f7
PH		 2203 /* reset tray statuses */
2204 s->tray_locked = 0;
2205 s->tray_open = 0;
e9447f35
JK		 2206}
2207
aaebacef
PB		 2208static void scsi_disk_resize_cb(void *opaque)
2209{
2210 SCSIDiskState *s = opaque;
2211
2212 /* SPC lists this sense code as available only for
2213 * direct-access devices.
2214 */
2215 if (s->qdev.type == TYPE_DISK) {
53200fad 2216 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 2217 }
2218}
2219
7d4b4ba5 2220static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 2221{
8a9c16f6
PB		 2222 SCSIDiskState *s = opaque;
2223
2224 /*
2225 * When a CD gets changed, we have to report an ejected state and
2226 * then a loaded state to guests so that they detect tray
2227 * open/close and media change events. Guests that do not use
2228 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2229 * states rely on this behavior.
2230 *
2231 * media_changed governs the state machine used for unit attention
2232 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2233 */
2234 s->media_changed = load;
2235 s->tray_open = !load;
e48e84ea 2236 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2237 s->media_event = true;
4480de19
PB		 2238 s->eject_request = false;
2239}
2240
2241static void scsi_cd_eject_request_cb(void *opaque, bool force)
2242{
2243 SCSIDiskState *s = opaque;
2244
2245 s->eject_request = true;
2246 if (force) {
2247 s->tray_locked = false;
2248 }
2c6942fa
MA		 2249}
2250
e4def80b
MA		 2251static bool scsi_cd_is_tray_open(void *opaque)
2252{
2253 return ((SCSIDiskState *)opaque)->tray_open;
2254}
2255
f107639a
MA		 2256static bool scsi_cd_is_medium_locked(void *opaque)
2257{
2258 return ((SCSIDiskState *)opaque)->tray_locked;
2259}
2260
aaebacef 2261static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2262 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2263 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2264 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2265 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2266
2267 .resize_cb = scsi_disk_resize_cb,
2268};
2269
2270static const BlockDevOps scsi_disk_block_ops = {
2271 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2272};
2273
8a9c16f6
PB		 2274static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2275{
2276 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2277 if (s->media_changed) {
2278 s->media_changed = false;
e48e84ea 2279 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2280 }
2281}
2282
a818a4b6 2283static void scsi_realize(SCSIDevice *dev, Error **errp)
2e5d83bb 2284{
d52affa7 2285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
5ff5efb4 2286 Error *err = NULL;
2e5d83bb 2287
4be74634 2288 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2289 error_setg(errp, "drive property not set");
2290 return;
d52affa7
GH		 2291 }
2292
bfe3d7ac 2293 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
4be74634 2294 !blk_is_inserted(s->qdev.conf.blk)) {
a818a4b6
FZ		 2295 error_setg(errp, "Device needs media, but drive is empty");
2296 return;
98f28ad7
MA		 2297 }
2298
911525db 2299 blkconf_serial(&s->qdev.conf, &s->serial);
0eb28a42 2300 blkconf_blocksizes(&s->qdev.conf);
5ff5efb4
FZ		 2301 if (dev->type == TYPE_DISK) {
2302 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2303 if (err) {
a818a4b6
FZ		 2304 error_propagate(errp, err);
2305 return;
5ff5efb4 2306 }
b7eb0c9f 2307 }
f6166a06 2308 blkconf_apply_backend_options(&dev->conf);
a0fef654 2309
215e47b9
PB		 2310 if (s->qdev.conf.discard_granularity == -1) {
2311 s->qdev.conf.discard_granularity =
2312 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2313 }
2314
552fee93 2315 if (!s->version) {
35c2c8dc 2316 s->version = g_strdup(qemu_hw_version());
552fee93 2317 }
353815aa
DF		 2318 if (!s->vendor) {
2319 s->vendor = g_strdup("QEMU");
2320 }
552fee93 2321
4be74634 2322 if (blk_is_sg(s->qdev.conf.blk)) {
a818a4b6
FZ		 2323 error_setg(errp, "unwanted /dev/sg*");
2324 return;
32bb404a
MA		 2325 }
2326
18e673b8
PH		 2327 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2328 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
4be74634 2329 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
aaebacef 2330 } else {
4be74634 2331 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2e5d83bb 2332 }
4be74634 2333 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
8cfacf07 2334
4be74634 2335 blk_iostatus_enable(s->qdev.conf.blk);
d52affa7
GH		 2336}
2337
a818a4b6 2338static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2339{
e39be482 2340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
df1d4c34
ET		 2341 /* can happen for devices without drive. The error message for missing
2342 * backend will be issued in scsi_realize
2343 */
2344 if (s->qdev.conf.blk) {
2345 blkconf_blocksizes(&s->qdev.conf);
2346 }
e39be482
PB		 2347 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2348 s->qdev.type = TYPE_DISK;
353815aa
DF		 2349 if (!s->product) {
2350 s->product = g_strdup("QEMU HARDDISK");
2351 }
a818a4b6 2352 scsi_realize(&s->qdev, errp);
b443ae67
MA		 2353}
2354
a818a4b6 2355static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2356{
e39be482 2357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
9ef6e505
KW		 2358
2359 if (!dev->conf.blk) {
2360 dev->conf.blk = blk_new();
2361 }
2362
e39be482
PB		 2363 s->qdev.blocksize = 2048;
2364 s->qdev.type = TYPE_ROM;
bfe3d7ac 2365 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2366 if (!s->product) {
2367 s->product = g_strdup("QEMU CD-ROM");
2368 }
a818a4b6 2369 scsi_realize(&s->qdev, errp);
b443ae67
MA		 2370}
2371
a818a4b6 2372static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
b443ae67 2373{
95b5edcd 2374 DriveInfo *dinfo;
a818a4b6 2375 Error *local_err = NULL;
b443ae67 2376
4be74634 2377 if (!dev->conf.blk) {
a818a4b6
FZ		 2378 scsi_realize(dev, &local_err);
2379 assert(local_err);
2380 error_propagate(errp, local_err);
2381 return;
b443ae67
MA		 2382 }
2383
4be74634 2384 dinfo = blk_legacy_dinfo(dev->conf.blk);
26f8b3a8 2385 if (dinfo && dinfo->media_cd) {
a818a4b6 2386 scsi_cd_realize(dev, errp);
e39be482 2387 } else {
a818a4b6 2388 scsi_hd_realize(dev, errp);
e39be482 2389 }
b443ae67
MA		 2390}
2391
b08d0ea0 2392static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2393 .size = sizeof(SCSIDiskReq),
12010e7b 2394 .free_req = scsi_free_request,
b08d0ea0 2395 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2396 .read_data = scsi_disk_emulate_read_data,
2397 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2398 .get_buf = scsi_get_buf,
2399};
2400
2401static const SCSIReqOps scsi_disk_dma_reqops = {
2402 .size = sizeof(SCSIDiskReq),
2403 .free_req = scsi_free_request,
2404 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2405 .read_data = scsi_read_data,
2406 .write_data = scsi_write_data,
12010e7b 2407 .get_buf = scsi_get_buf,
43b978b9
PB		 2408 .load_request = scsi_disk_load_request,
2409 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2410};
2411
b08d0ea0
PB		 2412static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2413 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2414 [INQUIRY] = &scsi_disk_emulate_reqops,
2415 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2416 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2417 [START_STOP] = &scsi_disk_emulate_reqops,
2418 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2419 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2420 [READ_TOC] = &scsi_disk_emulate_reqops,
2421 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2422 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2423 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2424 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2425 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2426 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2427 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2428 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2429 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2430 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2431 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2432 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2433 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2434 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
d97e7730
PB		 2435 [VERIFY_10] = &scsi_disk_emulate_reqops,
2436 [VERIFY_12] = &scsi_disk_emulate_reqops,
2437 [VERIFY_16] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2438
2439 [READ_6] = &scsi_disk_dma_reqops,
2440 [READ_10] = &scsi_disk_dma_reqops,
2441 [READ_12] = &scsi_disk_dma_reqops,
2442 [READ_16] = &scsi_disk_dma_reqops,
b08d0ea0
PB		 2443 [WRITE_6] = &scsi_disk_dma_reqops,
2444 [WRITE_10] = &scsi_disk_dma_reqops,
2445 [WRITE_12] = &scsi_disk_dma_reqops,
2446 [WRITE_16] = &scsi_disk_dma_reqops,
2447 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2448 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2449 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2450};
2451
63db0f0e
PB		 2452static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2453 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2454{
2455 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2456 SCSIRequest *req;
b08d0ea0
PB		 2457 const SCSIReqOps *ops;
2458 uint8_t command;
8dbd4574 2459
79fb50bb
PB		 2460 command = buf[0];
2461 ops = scsi_disk_reqops_dispatch[command];
2462 if (!ops) {
2463 ops = &scsi_disk_emulate_reqops;
2464 }
2465 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2466
b08d0ea0 2467#ifdef DEBUG_SCSI
79fb50bb 2468 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
b08d0ea0
PB		 2469 {
2470 int i;
1894df02 2471 for (i = 1; i < scsi_cdb_length(buf); i++) {
b08d0ea0
PB		 2472 printf(" 0x%02x", buf[i]);
2473 }
2474 printf("\n");
2475 }
2476#endif
2477
8dbd4574
PB		 2478 return req;
2479}
2480
336a6915
PB		 2481#ifdef __linux__
2482static int get_device_type(SCSIDiskState *s)
2483{
336a6915
PB		 2484 uint8_t cmd[16];
2485 uint8_t buf[36];
2486 uint8_t sensebuf[8];
2487 sg_io_hdr_t io_header;
2488 int ret;
2489
2490 memset(cmd, 0, sizeof(cmd));
2491 memset(buf, 0, sizeof(buf));
2492 cmd[0] = INQUIRY;
2493 cmd[4] = sizeof(buf);
2494
2495 memset(&io_header, 0, sizeof(io_header));
2496 io_header.interface_id = 'S';
2497 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2498 io_header.dxfer_len = sizeof(buf);
2499 io_header.dxferp = buf;
2500 io_header.cmdp = cmd;
2501 io_header.cmd_len = sizeof(cmd);
2502 io_header.mx_sb_len = sizeof(sensebuf);
2503 io_header.sbp = sensebuf;
2504 io_header.timeout = 6000; /* XXX */
2505
4be74634 2506 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
336a6915
PB		 2507 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2508 return -1;
2509 }
2510 s->qdev.type = buf[0];
bfe3d7ac
PB		 2511 if (buf[1] & 0x80) {
2512 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2513 }
336a6915
PB		 2514 return 0;
2515}
2516
a818a4b6 2517static void scsi_block_realize(SCSIDevice *dev, Error **errp)
336a6915
PB		 2518{
2519 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2520 int sg_version;
2521 int rc;
2522
4be74634 2523 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2524 error_setg(errp, "drive property not set");
2525 return;
336a6915
PB		 2526 }
2527
2528 /* check we are using a driver managing SG_IO (version 3 and after) */
4be74634 2529 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
4bbeb8b1 2530 if (rc < 0) {
a818a4b6 2531 error_setg(errp, "cannot get SG_IO version number: %s. "
6ee143a0 2532 "Is this a SCSI device?",
4bbeb8b1 2533 strerror(-rc));
a818a4b6 2534 return;
4bbeb8b1
FZ		 2535 }
2536 if (sg_version < 30000) {
a818a4b6
FZ		 2537 error_setg(errp, "scsi generic interface too old");
2538 return;
336a6915
PB		 2539 }
2540
2541 /* get device type from INQUIRY data */
2542 rc = get_device_type(s);
2543 if (rc < 0) {
a818a4b6
FZ		 2544 error_setg(errp, "INQUIRY failed");
2545 return;
336a6915
PB		 2546 }
2547
2548 /* Make a guess for the block size, we'll fix it when the guest sends.
2549 * READ CAPACITY. If they don't, they likely would assume these sizes
2550 * anyway. (TODO: check in /sys).
2551 */
2552 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2553 s->qdev.blocksize = 2048;
2554 } else {
2555 s->qdev.blocksize = 512;
2556 }
18e673b8
PH		 2557
2558 /* Makes the scsi-block device not removable by using HMP and QMP eject
2559 * command.
2560 */
2561 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2562
a818a4b6 2563 scsi_realize(&s->qdev, errp);
9fd7e859 2564 scsi_generic_read_device_identification(&s->qdev);
336a6915
PB		 2565}
2566
8fdc7839
PB		 2567typedef struct SCSIBlockReq {
2568 SCSIDiskReq req;
2569 sg_io_hdr_t io_header;
2570
2571 /* Selected bytes of the original CDB, copied into our own CDB. */
2572 uint8_t cmd, cdb1, group_number;
2573
2574 /* CDB passed to SG_IO. */
2575 uint8_t cdb[16];
2576} SCSIBlockReq;
2577
2578static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2579 int64_t offset, QEMUIOVector *iov,
2580 int direction,
2581 BlockCompletionFunc *cb, void *opaque)
2582{
2583 sg_io_hdr_t *io_header = &req->io_header;
2584 SCSIDiskReq *r = &req->req;
2585 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2586 int nb_logical_blocks;
2587 uint64_t lba;
2588 BlockAIOCB *aiocb;
2589
2590 /* This is not supported yet. It can only happen if the guest does
2591 * reads and writes that are not aligned to one logical sectors
2592 * _and_ cover multiple MemoryRegions.
2593 */
2594 assert(offset % s->qdev.blocksize == 0);
2595 assert(iov->size % s->qdev.blocksize == 0);
2596
2597 io_header->interface_id = 'S';
2598
2599 /* The data transfer comes from the QEMUIOVector. */
2600 io_header->dxfer_direction = direction;
2601 io_header->dxfer_len = iov->size;
2602 io_header->dxferp = (void *)iov->iov;
2603 io_header->iovec_count = iov->niov;
2604 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2605
2606 /* Build a new CDB with the LBA and length patched in, in case
2607 * DMA helpers split the transfer in multiple segments. Do not
2608 * build a CDB smaller than what the guest wanted, and only build
2609 * a larger one if strictly necessary.
2610 */
2611 io_header->cmdp = req->cdb;
2612 lba = offset / s->qdev.blocksize;
2613 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2614
2615 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2616 /* 6-byte CDB */
2617 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2618 req->cdb[4] = nb_logical_blocks;
2619 req->cdb[5] = 0;
2620 io_header->cmd_len = 6;
2621 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2622 /* 10-byte CDB */
2623 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2624 req->cdb[1] = req->cdb1;
2625 stl_be_p(&req->cdb[2], lba);
2626 req->cdb[6] = req->group_number;
2627 stw_be_p(&req->cdb[7], nb_logical_blocks);
2628 req->cdb[9] = 0;
2629 io_header->cmd_len = 10;
2630 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2631 /* 12-byte CDB */
2632 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2633 req->cdb[1] = req->cdb1;
2634 stl_be_p(&req->cdb[2], lba);
2635 stl_be_p(&req->cdb[6], nb_logical_blocks);
2636 req->cdb[10] = req->group_number;
2637 req->cdb[11] = 0;
2638 io_header->cmd_len = 12;
2639 } else {
2640 /* 16-byte CDB */
2641 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2642 req->cdb[1] = req->cdb1;
2643 stq_be_p(&req->cdb[2], lba);
2644 stl_be_p(&req->cdb[10], nb_logical_blocks);
2645 req->cdb[14] = req->group_number;
2646 req->cdb[15] = 0;
2647 io_header->cmd_len = 16;
2648 }
2649
2650 /* The rest is as in scsi-generic.c. */
2651 io_header->mx_sb_len = sizeof(r->req.sense);
2652 io_header->sbp = r->req.sense;
2653 io_header->timeout = UINT_MAX;
2654 io_header->usr_ptr = r;
2655 io_header->flags |= SG_FLAG_DIRECT_IO;
2656
2657 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2658 assert(aiocb != NULL);
2659 return aiocb;
2660}
2661
2662static bool scsi_block_no_fua(SCSICommand *cmd)
2663{
2664 return false;
2665}
2666
2667static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2668 QEMUIOVector *iov,
2669 BlockCompletionFunc *cb, void *cb_opaque,
2670 void *opaque)
2671{
2672 SCSIBlockReq *r = opaque;
2673 return scsi_block_do_sgio(r, offset, iov,
2674 SG_DXFER_FROM_DEV, cb, cb_opaque);
2675}
2676
2677static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2678 QEMUIOVector *iov,
2679 BlockCompletionFunc *cb, void *cb_opaque,
2680 void *opaque)
2681{
2682 SCSIBlockReq *r = opaque;
2683 return scsi_block_do_sgio(r, offset, iov,
2684 SG_DXFER_TO_DEV, cb, cb_opaque);
2685}
2686
592c3b28 2687static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
336a6915 2688{
336a6915 2689 switch (buf[0]) {
8fdc7839
PB		 2690 case VERIFY_10:
2691 case VERIFY_12:
2692 case VERIFY_16:
2693 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2694 * for the number of logical blocks specified in the length
2695 * field). For other modes, do not use scatter/gather operation.
2696 */
2697 if ((buf[1] & 6) != 2) {
2698 return false;
2699 }
2700 break;
2701
336a6915
PB		 2702 case READ_6:
2703 case READ_10:
2704 case READ_12:
2705 case READ_16:
2706 case WRITE_6:
2707 case WRITE_10:
2708 case WRITE_12:
2709 case WRITE_16:
2710 case WRITE_VERIFY_10:
2711 case WRITE_VERIFY_12:
2712 case WRITE_VERIFY_16:
8fdc7839 2713 /* MMC writing cannot be done via DMA helpers, because it sometimes
33ebad12 2714 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
b08d0ea0 2715 * We might use scsi_disk_dma_reqops as long as no writing commands are
33ebad12
PB		 2716 * seen, but performance usually isn't paramount on optical media. So,
2717 * just make scsi-block operate the same as scsi-generic for them.
2718 */
b08d0ea0 2719 if (s->qdev.type != TYPE_ROM) {
592c3b28 2720 return false;
b08d0ea0 2721 }
592c3b28
PB		 2722 break;
2723
2724 default:
2725 break;
336a6915
PB		 2726 }
2727
592c3b28
PB		 2728 return true;
2729}
2730
2731
8fdc7839
PB		 2732static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2733{
2734 SCSIBlockReq *r = (SCSIBlockReq *)req;
2735 r->cmd = req->cmd.buf[0];
2736 switch (r->cmd >> 5) {
2737 case 0:
2738 /* 6-byte CDB. */
2739 r->cdb1 = r->group_number = 0;
2740 break;
2741 case 1:
2742 /* 10-byte CDB. */
2743 r->cdb1 = req->cmd.buf[1];
2744 r->group_number = req->cmd.buf[6];
ed45cae3 2745 break;
8fdc7839
PB		 2746 case 4:
2747 /* 12-byte CDB. */
2748 r->cdb1 = req->cmd.buf[1];
2749 r->group_number = req->cmd.buf[10];
2750 break;
2751 case 5:
2752 /* 16-byte CDB. */
2753 r->cdb1 = req->cmd.buf[1];
2754 r->group_number = req->cmd.buf[14];
2755 break;
2756 default:
2757 abort();
2758 }
2759
2760 if (r->cdb1 & 0xe0) {
2761 /* Protection information is not supported. */
2762 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2763 return 0;
2764 }
2765
2766 r->req.status = &r->io_header.status;
2767 return scsi_disk_dma_command(req, buf);
2768}
2769
2770static const SCSIReqOps scsi_block_dma_reqops = {
2771 .size = sizeof(SCSIBlockReq),
2772 .free_req = scsi_free_request,
2773 .send_command = scsi_block_dma_command,
2774 .read_data = scsi_read_data,
2775 .write_data = scsi_write_data,
2776 .get_buf = scsi_get_buf,
2777 .load_request = scsi_disk_load_request,
2778 .save_request = scsi_disk_save_request,
2779};
2780
592c3b28
PB		 2781static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2782 uint32_t lun, uint8_t *buf,
2783 void *hba_private)
2784{
2785 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2786
2787 if (scsi_block_is_passthrough(s, buf)) {
2788 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2789 hba_private);
2790 } else {
8fdc7839 2791 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
592c3b28
PB		 2792 hba_private);
2793 }
336a6915 2794}
3e7e180a
PB		 2795
2796static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2797 uint8_t *buf, void *hba_private)
2798{
2799 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2800
2801 if (scsi_block_is_passthrough(s, buf)) {
2802 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2803 } else {
2804 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2805 }
2806}
2807
336a6915
PB		 2808#endif
2809
fcaafb10
PB		 2810static
2811BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2812 BlockCompletionFunc *cb, void *cb_opaque,
2813 void *opaque)
2814{
2815 SCSIDiskReq *r = opaque;
2816 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2817 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2818}
2819
2820static
2821BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2822 BlockCompletionFunc *cb, void *cb_opaque,
2823 void *opaque)
2824{
2825 SCSIDiskReq *r = opaque;
2826 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2827 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2828}
2829
993935f3
PB		 2830static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2831{
2832 DeviceClass *dc = DEVICE_CLASS(klass);
fcaafb10 2833 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
993935f3
PB		 2834
2835 dc->fw_name = "disk";
2836 dc->reset = scsi_disk_reset;
fcaafb10
PB		 2837 sdc->dma_readv = scsi_dma_readv;
2838 sdc->dma_writev = scsi_dma_writev;
94f8ba11 2839 sdc->need_fua_emulation = scsi_is_cmd_fua;
993935f3
PB		 2840}
2841
2842static const TypeInfo scsi_disk_base_info = {
2843 .name = TYPE_SCSI_DISK_BASE,
2844 .parent = TYPE_SCSI_DEVICE,
2845 .class_init = scsi_disk_base_class_initfn,
2846 .instance_size = sizeof(SCSIDiskState),
fcaafb10 2847 .class_size = sizeof(SCSIDiskClass),
6214a11a 2848 .abstract = true,
993935f3
PB		 2849};
2850
353815aa
DF		 2851#define DEFINE_SCSI_DISK_PROPERTIES() \
2852 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
8c398252 2853 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
353815aa
DF		 2854 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2855 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2856 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2857 DEFINE_PROP_STRING("product", SCSIDiskState, product)
b443ae67 2858
39bffca2
AL		 2859static Property scsi_hd_properties[] = {
2860 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2861 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2862 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2863 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2864 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 2865 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2866 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 2867 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 2868 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2869 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 2870 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2871 DEFAULT_MAX_IO_SIZE),
d252df48 2872 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 2873 DEFINE_PROP_END_OF_LIST(),
2874};
2875
43b978b9
PB		 2876static const VMStateDescription vmstate_scsi_disk_state = {
2877 .name = "scsi-disk",
2878 .version_id = 1,
2879 .minimum_version_id = 1,
43b978b9
PB		 2880 .fields = (VMStateField[]) {
2881 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2882 VMSTATE_BOOL(media_changed, SCSIDiskState),
2883 VMSTATE_BOOL(media_event, SCSIDiskState),
2884 VMSTATE_BOOL(eject_request, SCSIDiskState),
2885 VMSTATE_BOOL(tray_open, SCSIDiskState),
2886 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2887 VMSTATE_END_OF_LIST()
2888 }
2889};
2890
b9eea3e6
AL		 2891static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2892{
39bffca2 2893 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2894 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2895
a818a4b6 2896 sc->realize = scsi_hd_realize;
b9eea3e6
AL		 2897 sc->alloc_req = scsi_new_request;
2898 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 2899 dc->desc = "virtual SCSI disk";
39bffca2 2900 dc->props = scsi_hd_properties;
43b978b9 2901 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2902}
2903
8c43a6f0 2904static const TypeInfo scsi_hd_info = {
39bffca2 2905 .name = "scsi-hd",
993935f3 2906 .parent = TYPE_SCSI_DISK_BASE,
39bffca2
AL		 2907 .class_init = scsi_hd_class_initfn,
2908};
2909
2910static Property scsi_cd_properties[] = {
2911 DEFINE_SCSI_DISK_PROPERTIES(),
2ecab408
PB		 2912 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2913 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 2914 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
f8e1f533
PB		 2915 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2916 DEFAULT_MAX_IO_SIZE),
39bffca2 2917 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 2918};
2919
2920static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2921{
39bffca2 2922 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2923 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2924
a818a4b6 2925 sc->realize = scsi_cd_realize;
b9eea3e6
AL		 2926 sc->alloc_req = scsi_new_request;
2927 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 2928 dc->desc = "virtual SCSI CD-ROM";
39bffca2 2929 dc->props = scsi_cd_properties;
43b978b9 2930 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2931}
2932
8c43a6f0 2933static const TypeInfo scsi_cd_info = {
39bffca2 2934 .name = "scsi-cd",
993935f3 2935 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 2936 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 2937};
2938
336a6915 2939#ifdef __linux__
39bffca2 2940static Property scsi_block_properties[] = {
4be74634 2941 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
39bffca2
AL		 2942 DEFINE_PROP_END_OF_LIST(),
2943};
2944
b9eea3e6
AL		 2945static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2946{
39bffca2 2947 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6 2948 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
8fdc7839 2949 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
b9eea3e6 2950
a818a4b6 2951 sc->realize = scsi_block_realize;
b9eea3e6 2952 sc->alloc_req = scsi_block_new_request;
3e7e180a 2953 sc->parse_cdb = scsi_block_parse_cdb;
8fdc7839
PB		 2954 sdc->dma_readv = scsi_block_dma_readv;
2955 sdc->dma_writev = scsi_block_dma_writev;
2956 sdc->need_fua_emulation = scsi_block_no_fua;
39bffca2 2957 dc->desc = "SCSI block device passthrough";
39bffca2 2958 dc->props = scsi_block_properties;
43b978b9 2959 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2960}
2961
8c43a6f0 2962static const TypeInfo scsi_block_info = {
39bffca2 2963 .name = "scsi-block",
993935f3 2964 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 2965 .class_init = scsi_block_class_initfn,
b9eea3e6 2966};
336a6915 2967#endif
b9eea3e6 2968
39bffca2
AL		 2969static Property scsi_disk_properties[] = {
2970 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2971 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2972 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2973 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2974 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 2975 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2976 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 2977 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 2978 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2979 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 2980 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2981 DEFAULT_MAX_IO_SIZE),
39bffca2
AL		 2982 DEFINE_PROP_END_OF_LIST(),
2983};
2984
b9eea3e6
AL		 2985static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2986{
39bffca2 2987 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2988 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2989
a818a4b6 2990 sc->realize = scsi_disk_realize;
b9eea3e6
AL		 2991 sc->alloc_req = scsi_new_request;
2992 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2993 dc->fw_name = "disk";
2994 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2995 dc->reset = scsi_disk_reset;
2996 dc->props = scsi_disk_properties;
43b978b9 2997 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2998}
2999
8c43a6f0 3000static const TypeInfo scsi_disk_info = {
39bffca2 3001 .name = "scsi-disk",
993935f3 3002 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3003 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 3004};
3005
83f7d43a 3006static void scsi_disk_register_types(void)
d52affa7 3007{
993935f3 3008 type_register_static(&scsi_disk_base_info);
39bffca2
AL		 3009 type_register_static(&scsi_hd_info);
3010 type_register_static(&scsi_cd_info);
b9eea3e6 3011#ifdef __linux__
39bffca2 3012 type_register_static(&scsi_block_info);
b9eea3e6 3013#endif
39bffca2 3014 type_register_static(&scsi_disk_info);
8ccc2ace 3015}
83f7d43a
AF		 3016
3017type_init(scsi_disk_register_types)
QEMU mirror