]> git.proxmox.com Git - mirror_qemu.git/blame - hw/scsi/scsi-disk.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi-disk: ensure that FORMAT UNIT commands are terminated
[mirror_qemu.git] / hw / scsi / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
a4ab4792 22#include "qemu/osdep.h"
7e462605 23#include "qemu/units.h"
da34e65c 24#include "qapi/error.h"
1de7afc9 25#include "qemu/error-report.h"
db725815 26#include "qemu/main-loop.h"
0b8fa32f 27#include "qemu/module.h"
15e09912 28#include "qemu/hw-version.h"
5df022cf 29#include "qemu/memalign.h"
0d09e41a 30#include "hw/scsi/scsi.h"
ca77ee28 31#include "migration/qemu-file-types.h"
d6454270 32#include "migration/vmstate.h"
3d4a8bf0 33#include "hw/scsi/emulation.h"
08e2c9f1 34#include "scsi/constants.h"
4be74634 35#include "sysemu/block-backend.h"
9c17d615 36#include "sysemu/blockdev.h"
0d09e41a 37#include "hw/block/block.h"
a27bd6c7 38#include "hw/qdev-properties.h"
ce35e229 39#include "hw/qdev-properties-system.h"
9c17d615 40#include "sysemu/dma.h"
71f571a2 41#include "sysemu/sysemu.h"
f348b6d1 42#include "qemu/cutils.h"
59ee9500 43#include "trace.h"
db1015e9 44#include "qom/object.h"
22864256 45
336a6915
PB		 46#ifdef __linux
47#include <scsi/sg.h>
48#endif
49
7e462605
PMD		 50#define SCSI_WRITE_SAME_MAX (512 * KiB)
51#define SCSI_DMA_BUF_SIZE (128 * KiB)
215e47b9
PB		 52#define SCSI_MAX_INQUIRY_LEN 256
53#define SCSI_MAX_MODE_LEN 256
54
7e462605
PMD		 55#define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
56#define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
f8e1f533 57#define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
a917d384 58
993935f3
PB		 59#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
60
a489d195 61OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
fcaafb10 62
db1015e9 63struct SCSIDiskClass {
fcaafb10
PB		 64 SCSIDeviceClass parent_class;
65 DMAIOFunc *dma_readv;
66 DMAIOFunc *dma_writev;
94f8ba11 67 bool (*need_fua_emulation)(SCSICommand *cmd);
d31347f5 68 void (*update_sense)(SCSIRequest *r);
db1015e9 69};
d52affa7 70
4c41d2ef
GH		 71typedef struct SCSIDiskReq {
72 SCSIRequest req;
3dc516bf 73 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */
e035b43d
AL		 74 uint64_t sector;
75 uint32_t sector_count;
7285477a 76 uint32_t buflen;
a0e66a69 77 bool started;
94f8ba11 78 bool need_fua_emulation;
c87c0672
AL		 79 struct iovec iov;
80 QEMUIOVector qiov;
a597e79c 81 BlockAcctCookie acct;
4c41d2ef 82} SCSIDiskReq;
a917d384 83
18e673b8
PH		 84#define SCSI_DISK_F_REMOVABLE 0
85#define SCSI_DISK_F_DPOFUA 1
86#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
bfe3d7ac 87
db1015e9 88struct SCSIDiskState {
d52affa7 89 SCSIDevice qdev;
bfe3d7ac 90 uint32_t features;
8a9c16f6 91 bool media_changed;
3c2f7c12 92 bool media_event;
4480de19 93 bool eject_request;
64cc2284 94 uint16_t port_index;
8a1bd297 95 uint64_t max_unmap_size;
f8e1f533 96 uint64_t max_io_size;
3412f9c3 97 uint32_t quirks;
213189ab 98 QEMUBH *bh;
383b4d9b 99 char *version;
a0fef654 100 char *serial;
353815aa
DF		 101 char *vendor;
102 char *product;
7471a649 103 char *device_id;
ece0d5e9 104 bool tray_open;
81b1008d 105 bool tray_locked;
070f8009
DB		 106 /*
107 * 0x0000 - rotation rate not reported
108 * 0x0001 - non-rotating medium (SSD)
109 * 0x0002-0x0400 - reserved
110 * 0x0401-0xffe - rotations per minute
111 * 0xffff - reserved
112 */
113 uint16_t rotation_rate;
db1015e9 114};
2e5d83bb 115
ad2d30f7 116static void scsi_free_request(SCSIRequest *req)
4d611c9a 117{
ad2d30f7
PB		 118 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
119
db4c34c3 120 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 121}
122
b45ef674
PB		 123/* Helper function for command completion with sense. */
124static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 125{
59ee9500
LV		 126 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
127 sense.ascq);
b45ef674
PB		 128 scsi_req_build_sense(&r->req, sense);
129 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 130}
131
03c90063 132static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 133{
7285477a
PB		 134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
135
136 if (!r->iov.iov_base) {
43b978b9 137 r->buflen = size;
4be74634 138 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a 139 }
3dc516bf 140 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
103b40f5 141 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
103b40f5
PB		 142}
143
43b978b9
PB		 144static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
145{
146 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
147
148 qemu_put_be64s(f, &r->sector);
149 qemu_put_be32s(f, &r->sector_count);
150 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 151 if (r->buflen) {
152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
153 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
154 } else if (!req->retry) {
155 uint32_t len = r->iov.iov_len;
156 qemu_put_be32s(f, &len);
157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 }
43b978b9
PB		 159 }
160}
161
162static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
163{
164 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
165
166 qemu_get_be64s(f, &r->sector);
167 qemu_get_be32s(f, &r->sector_count);
168 qemu_get_be32s(f, &r->buflen);
169 if (r->buflen) {
170 scsi_init_iovec(r, r->buflen);
171 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 173 } else if (!r->req.retry) {
174 uint32_t len;
175 qemu_get_be32s(f, &len);
176 r->iov.iov_len = len;
177 assert(r->iov.iov_len <= r->buflen);
178 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 179 }
180 }
181
182 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
183}
184
f95f61c2
PB		 185/*
186 * scsi_handle_rw_error has two return values. False means that the error
187 * must be ignored, true means that the error has been processed and the
188 * caller should not do anything else for this request. Note that
189 * scsi_handle_rw_error always manages its reference counts, independent
190 * of the return value.
191 */
f63c68bc 192static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
f95f61c2
PB		 193{
194 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
196 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
f63c68bc
PB		 197 SCSISense sense = SENSE_CODE(NO_SENSE);
198 int error = 0;
199 bool req_has_sense = false;
200 BlockErrorAction action;
201 int status;
f95f61c2 202
f63c68bc
PB		 203 if (ret < 0) {
204 status = scsi_sense_from_errno(-ret, &sense);
205 error = -ret;
206 } else {
207 /* A passthrough command has completed with nonzero status. */
208 status = ret;
209 if (status == CHECK_CONDITION) {
210 req_has_sense = true;
211 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
212 } else {
213 error = EINVAL;
214 }
215 }
216
782a78c9
PB		 217 /*
218 * Check whether the error has to be handled by the guest or should
219 * rather follow the rerror=/werror= settings. Guest-handled errors
220 * are usually retried immediately, so do not post them to QMP and
221 * do not account them as failed I/O.
222 */
223 if (req_has_sense &&
224 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
225 action = BLOCK_ERROR_ACTION_REPORT;
226 acct_failed = false;
227 } else {
228 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
229 blk_error_action(s->qdev.conf.blk, action, is_read, error);
230 }
231
232 switch (action) {
233 case BLOCK_ERROR_ACTION_REPORT:
f95f61c2
PB		 234 if (acct_failed) {
235 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
236 }
f63c68bc 237 if (req_has_sense) {
782a78c9
PB		 238 sdc->update_sense(&r->req);
239 } else if (status == CHECK_CONDITION) {
240 scsi_req_build_sense(&r->req, sense);
f95f61c2 241 }
782a78c9
PB		 242 scsi_req_complete(&r->req, status);
243 return true;
f95f61c2 244
782a78c9 245 case BLOCK_ERROR_ACTION_IGNORE:
424740de 246 return false;
f95f61c2 247
782a78c9 248 case BLOCK_ERROR_ACTION_STOP:
f95f61c2 249 scsi_req_retry(&r->req);
782a78c9
PB		 250 return true;
251
252 default:
253 g_assert_not_reached();
f95f61c2 254 }
f95f61c2
PB		 255}
256
5b956f41
PB		 257static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
258{
259 if (r->req.io_canceled) {
260 scsi_req_cancel_complete(&r->req);
261 return true;
262 }
263
f63c68bc
PB		 264 if (ret < 0) {
265 return scsi_handle_rw_error(r, ret, acct_failed);
5b956f41
PB		 266 }
267
268 return false;
269}
270
c1b35247 271static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 272{
273 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
275
7b7fc3d0
SH		 276 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
277
46e3f30e
PB		 278 assert(r->req.aiocb != NULL);
279 r->req.aiocb = NULL;
7b7fc3d0 280
5b956f41 281 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 282 goto done;
283 }
5d0d2467 284
d7628080 285 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
5d0d2467
PB		 286 scsi_req_complete(&r->req, GOOD);
287
288done:
b9e413dd 289 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
3df9caf8 290 scsi_req_unref(&r->req);
5d0d2467
PB		 291}
292
7e8c49c5
PB		 293static bool scsi_is_cmd_fua(SCSICommand *cmd)
294{
295 switch (cmd->buf[0]) {
296 case READ_10:
297 case READ_12:
298 case READ_16:
299 case WRITE_10:
300 case WRITE_12:
301 case WRITE_16:
302 return (cmd->buf[1] & 8) != 0;
303
7f64f8e2
PB		 304 case VERIFY_10:
305 case VERIFY_12:
306 case VERIFY_16:
7e8c49c5
PB		 307 case WRITE_VERIFY_10:
308 case WRITE_VERIFY_12:
309 case WRITE_VERIFY_16:
310 return true;
311
312 case READ_6:
313 case WRITE_6:
314 default:
315 return false;
316 }
317}
318
319static void scsi_write_do_fua(SCSIDiskReq *r)
320{
321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
322
5fd2b563 323 assert(r->req.aiocb == NULL);
5b956f41 324 assert(!r->req.io_canceled);
0c92e0e6 325
94f8ba11 326 if (r->need_fua_emulation) {
4be74634 327 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 328 BLOCK_ACCT_FLUSH);
4be74634 329 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
7e8c49c5
PB		 330 return;
331 }
332
333 scsi_req_complete(&r->req, GOOD);
3df9caf8 334 scsi_req_unref(&r->req);
7e8c49c5
PB		 335}
336
5fd2b563 337static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
a917d384 338{
5fd2b563 339 assert(r->req.aiocb == NULL);
5b956f41 340 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 341 goto done;
342 }
a597e79c 343
b77912a7
PB		 344 r->sector += r->sector_count;
345 r->sector_count = 0;
7e8c49c5
PB		 346 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
347 scsi_write_do_fua(r);
348 return;
349 } else {
350 scsi_req_complete(&r->req, GOOD);
351 }
c7bae6a7
PB		 352
353done:
3df9caf8 354 scsi_req_unref(&r->req);
4d611c9a
PB		 355}
356
abfcd276 357/* Called with AioContext lock held */
ef8489d4
PB		 358static void scsi_dma_complete(void *opaque, int ret)
359{
360 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5fd2b563 361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ef8489d4
PB		 362
363 assert(r->req.aiocb != NULL);
5fd2b563
PB		 364 r->req.aiocb = NULL;
365
d7628080
AG		 366 if (ret < 0) {
367 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
368 } else {
369 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
370 }
5fd2b563 371 scsi_dma_complete_noio(r, ret);
ef8489d4
PB		 372}
373
1505421a 374static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
0a4ac106 375{
1505421a 376 uint32_t n;
0a4ac106 377
1505421a
ZL		 378 assert(r->req.aiocb == NULL);
379 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 380 goto done;
381 }
0a4ac106 382
3dc516bf 383 n = r->qiov.size / BDRV_SECTOR_SIZE;
b77912a7
PB		 384 r->sector += n;
385 r->sector_count -= n;
386 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 387
388done:
3df9caf8 389 scsi_req_unref(&r->req);
1505421a
ZL		 390}
391
392static void scsi_read_complete(void *opaque, int ret)
393{
394 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
395 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
396
7b7fc3d0
SH		 397 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
398
1505421a
ZL		 399 assert(r->req.aiocb != NULL);
400 r->req.aiocb = NULL;
401
1505421a
ZL		 402 if (ret < 0) {
403 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
404 } else {
405 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
406 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
407 }
408 scsi_read_complete_noio(r, ret);
b9e413dd 409 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
0a4ac106 410}
5dba48a8 411
ac668426 412/* Actually issue a read to the block device. */
5fd2b563 413static void scsi_do_read(SCSIDiskReq *r, int ret)
ac668426 414{
ac668426 415 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 416 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ac668426 417
5fd2b563 418 assert (r->req.aiocb == NULL);
5b956f41 419 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 420 goto done;
421 }
ac668426 422
31e8fd86
PB		 423 /* The request is used as the AIO opaque value, so add a ref. */
424 scsi_req_ref(&r->req);
425
ac668426 426 if (r->req.sg) {
4be74634 427 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
5f412602 428 r->req.residual -= r->req.sg->size;
fcaafb10
PB		 429 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
430 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 431 BDRV_SECTOR_SIZE,
fcaafb10
PB		 432 sdc->dma_readv, r, scsi_dma_complete, r,
433 DMA_DIRECTION_FROM_DEVICE);
ac668426 434 } else {
03c90063 435 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
4be74634 436 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 437 r->qiov.size, BLOCK_ACCT_READ);
890e48d7 438 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
fcaafb10 439 scsi_read_complete, r, r);
ac668426
PB		 440 }
441
442done:
3df9caf8 443 scsi_req_unref(&r->req);
ac668426
PB		 444}
445
5fd2b563
PB		 446static void scsi_do_read_cb(void *opaque, int ret)
447{
448 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
449 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
450
7b7fc3d0
SH		 451 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
452
5fd2b563
PB		 453 assert (r->req.aiocb != NULL);
454 r->req.aiocb = NULL;
455
d7628080
AG		 456 if (ret < 0) {
457 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
458 } else {
459 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
460 }
5fd2b563 461 scsi_do_read(opaque, ret);
b9e413dd 462 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 463}
464
5c6c0e51
HR		 465/* Read more data from scsi device into buffer. */
466static void scsi_read_data(SCSIRequest *req)
2e5d83bb 467{
5c6c0e51 468 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 470 bool first;
2e5d83bb 471
59ee9500 472 trace_scsi_disk_read_data_count(r->sector_count);
a917d384 473 if (r->sector_count == 0) {
b45ef674
PB		 474 /* This also clears the sense buffer for REQUEST SENSE. */
475 scsi_req_complete(&r->req, GOOD);
a917d384 476 return;
2e5d83bb
PB		 477 }
478
6fa2c95f
SH		 479 /* No data transfer may already be in progress */
480 assert(r->req.aiocb == NULL);
481
c7bae6a7
PB		 482 /* The request is used as the AIO opaque value, so add a ref. */
483 scsi_req_ref(&r->req);
efb9ee02 484 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
59ee9500 485 trace_scsi_disk_read_data_invalid();
1505421a 486 scsi_read_complete_noio(r, -EINVAL);
efb9ee02
HR		 487 return;
488 }
489
cd723b85 490 if (!blk_is_available(req->dev->conf.blk)) {
1505421a 491 scsi_read_complete_noio(r, -ENOMEDIUM);
c7bae6a7 492 return;
a1aff5bf 493 }
c7bae6a7 494
ac668426 495 first = !r->started;
a0e66a69 496 r->started = true;
94f8ba11 497 if (first && r->need_fua_emulation) {
4be74634 498 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 499 BLOCK_ACCT_FLUSH);
5fd2b563 500 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
5d0d2467 501 } else {
ac668426 502 scsi_do_read(r, 0);
5d0d2467 503 }
2e5d83bb
PB		 504}
505
5fd2b563 506static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
4d611c9a 507{
ea8a5d7f
AL		 508 uint32_t n;
509
5fd2b563 510 assert (r->req.aiocb == NULL);
5b956f41 511 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 512 goto done;
513 }
a597e79c 514
3dc516bf 515 n = r->qiov.size / BDRV_SECTOR_SIZE;
ea8a5d7f
AL		 516 r->sector += n;
517 r->sector_count -= n;
a917d384 518 if (r->sector_count == 0) {
7e8c49c5
PB		 519 scsi_write_do_fua(r);
520 return;
a917d384 521 } else {
43b978b9 522 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
59ee9500 523 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
103b40f5 524 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 525 }
c7bae6a7
PB		 526
527done:
3df9caf8 528 scsi_req_unref(&r->req);
4d611c9a
PB		 529}
530
5fd2b563
PB		 531static void scsi_write_complete(void * opaque, int ret)
532{
533 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
534 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
535
7b7fc3d0
SH		 536 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
537
5fd2b563
PB		 538 assert (r->req.aiocb != NULL);
539 r->req.aiocb = NULL;
540
d7628080
AG		 541 if (ret < 0) {
542 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
543 } else {
544 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
545 }
5fd2b563 546 scsi_write_complete_noio(r, ret);
b9e413dd 547 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 548}
549
42741212 550static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 551{
5c6c0e51 552 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 553 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 554 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ea8a5d7f 555
6fa2c95f
SH		 556 /* No data transfer may already be in progress */
557 assert(r->req.aiocb == NULL);
558
c7bae6a7
PB		 559 /* The request is used as the AIO opaque value, so add a ref. */
560 scsi_req_ref(&r->req);
efb9ee02 561 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
59ee9500 562 trace_scsi_disk_write_data_invalid();
5fd2b563 563 scsi_write_complete_noio(r, -EINVAL);
42741212 564 return;
efb9ee02
HR		 565 }
566
5d0d2467
PB		 567 if (!r->req.sg && !r->qiov.size) {
568 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 569 r->started = true;
5fd2b563 570 scsi_write_complete_noio(r, 0);
5d0d2467
PB		 571 return;
572 }
cd723b85 573 if (!blk_is_available(req->dev->conf.blk)) {
5fd2b563 574 scsi_write_complete_noio(r, -ENOMEDIUM);
5d0d2467
PB		 575 return;
576 }
577
7f64f8e2
PB		 578 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
579 r->req.cmd.buf[0] == VERIFY_16) {
580 if (r->req.sg) {
ef8489d4 581 scsi_dma_complete_noio(r, 0);
7f64f8e2 582 } else {
5fd2b563 583 scsi_write_complete_noio(r, 0);
7f64f8e2
PB		 584 }
585 return;
586 }
587
5d0d2467 588 if (r->req.sg) {
4be74634 589 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
5f412602 590 r->req.residual -= r->req.sg->size;
fcaafb10
PB		 591 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
592 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 593 BDRV_SECTOR_SIZE,
fcaafb10
PB		 594 sdc->dma_writev, r, scsi_dma_complete, r,
595 DMA_DIRECTION_TO_DEVICE);
5d0d2467 596 } else {
4be74634 597 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 598 r->qiov.size, BLOCK_ACCT_WRITE);
fcaafb10
PB		 599 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
600 scsi_write_complete, r, r);
ea8a5d7f 601 }
a917d384 602}
2e5d83bb 603
a917d384 604/* Return a pointer to the data buffer. */
5c6c0e51 605static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 606{
5c6c0e51 607 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 608
3f4cb3d3 609 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 610}
611
3d4a8bf0 612static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
0b06c059 613{
383b4d9b 614 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0a96ca24
DHB		 615 uint8_t page_code = req->cmd.buf[2];
616 int start, buflen = 0;
0b06c059 617
0a96ca24
DHB		 618 outbuf[buflen++] = s->qdev.type & 0x1f;
619 outbuf[buflen++] = page_code;
620 outbuf[buflen++] = 0x00;
621 outbuf[buflen++] = 0x00;
622 start = buflen;
3e1c0c9a 623
0a96ca24
DHB		 624 switch (page_code) {
625 case 0x00: /* Supported page codes, mandatory */
626 {
59ee9500 627 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
0a96ca24
DHB		 628 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
629 if (s->serial) {
630 outbuf[buflen++] = 0x80; /* unit serial number */
631 }
632 outbuf[buflen++] = 0x83; /* device identification */
633 if (s->qdev.type == TYPE_DISK) {
634 outbuf[buflen++] = 0xb0; /* block limits */
635 outbuf[buflen++] = 0xb1; /* block device characteristics */
636 outbuf[buflen++] = 0xb2; /* thin provisioning */
637 }
638 break;
639 }
640 case 0x80: /* Device serial number, optional */
641 {
642 int l;
0b06c059 643
0a96ca24 644 if (!s->serial) {
59ee9500 645 trace_scsi_disk_emulate_vpd_page_80_not_supported();
0a96ca24 646 return -1;
0b06c059
GH		 647 }
648
0a96ca24
DHB		 649 l = strlen(s->serial);
650 if (l > 36) {
651 l = 36;
652 }
0b06c059 653
59ee9500 654 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
0a96ca24
DHB		 655 memcpy(outbuf + buflen, s->serial, l);
656 buflen += l;
657 break;
658 }
64cc2284 659
0a96ca24
DHB		 660 case 0x83: /* Device identification page, mandatory */
661 {
7471a649 662 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
64cc2284 663
59ee9500 664 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
0a96ca24 665
a8f58afc
KW		 666 if (id_len) {
667 outbuf[buflen++] = 0x2; /* ASCII */
668 outbuf[buflen++] = 0; /* not officially assigned */
669 outbuf[buflen++] = 0; /* reserved */
670 outbuf[buflen++] = id_len; /* length of data following */
7471a649 671 memcpy(outbuf + buflen, s->device_id, id_len);
a8f58afc
KW		 672 buflen += id_len;
673 }
0a96ca24
DHB		 674
675 if (s->qdev.wwn) {
676 outbuf[buflen++] = 0x1; /* Binary */
677 outbuf[buflen++] = 0x3; /* NAA */
678 outbuf[buflen++] = 0; /* reserved */
679 outbuf[buflen++] = 8;
680 stq_be_p(&outbuf[buflen], s->qdev.wwn);
681 buflen += 8;
ea3bd56f 682 }
0a96ca24
DHB		 683
684 if (s->qdev.port_wwn) {
685 outbuf[buflen++] = 0x61; /* SAS / Binary */
686 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
687 outbuf[buflen++] = 0; /* reserved */
688 outbuf[buflen++] = 8;
689 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
690 buflen += 8;
070f8009 691 }
0a96ca24
DHB		 692
693 if (s->port_index) {
694 outbuf[buflen++] = 0x61; /* SAS / Binary */
695
696 /* PIV/Target port/relative target port */
697 outbuf[buflen++] = 0x94;
698
699 outbuf[buflen++] = 0; /* reserved */
700 outbuf[buflen++] = 4;
701 stw_be_p(&outbuf[buflen + 2], s->port_index);
702 buflen += 4;
ee3659e3 703 }
0a96ca24
DHB		 704 break;
705 }
706 case 0xb0: /* block limits */
707 {
3d4a8bf0 708 SCSIBlockLimits bl = {};
0a96ca24
DHB		 709
710 if (s->qdev.type == TYPE_ROM) {
59ee9500 711 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
0b06c059
GH		 712 return -1;
713 }
3d4a8bf0
PB		 714 bl.wsnz = 1;
715 bl.unmap_sectors =
716 s->qdev.conf.discard_granularity / s->qdev.blocksize;
717 bl.min_io_size =
718 s->qdev.conf.min_io_size / s->qdev.blocksize;
719 bl.opt_io_size =
720 s->qdev.conf.opt_io_size / s->qdev.blocksize;
721 bl.max_unmap_sectors =
722 s->max_unmap_size / s->qdev.blocksize;
723 bl.max_io_sectors =
724 s->max_io_size / s->qdev.blocksize;
725 /* 255 descriptors fit in 4 KiB with an 8-byte header */
726 bl.max_unmap_descr = 255;
727
0a96ca24
DHB		 728 if (s->qdev.type == TYPE_DISK) {
729 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
730 int max_io_sectors_blk =
731 max_transfer_blk / s->qdev.blocksize;
732
3d4a8bf0
PB		 733 bl.max_io_sectors =
734 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
0a96ca24 735 }
3d4a8bf0 736 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
0a96ca24
DHB		 737 break;
738 }
739 case 0xb1: /* block device characteristics */
740 {
740842c9 741 buflen = 0x40;
0a96ca24
DHB		 742 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
743 outbuf[5] = s->rotation_rate & 0xff;
740842c9
DHB		 744 outbuf[6] = 0; /* PRODUCT TYPE */
745 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
746 outbuf[8] = 0; /* VBULS */
0a96ca24
DHB		 747 break;
748 }
749 case 0xb2: /* thin provisioning */
750 {
751 buflen = 8;
752 outbuf[4] = 0;
753 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
754 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
755 outbuf[7] = 0;
756 break;
757 }
758 default:
759 return -1;
760 }
761 /* done with EVPD */
762 assert(buflen - start <= 255);
763 outbuf[start - 1] = buflen - start;
764 return buflen;
765}
766
767static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
768{
769 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
770 int buflen = 0;
771
772 if (req->cmd.buf[1] & 0x1) {
773 /* Vital product data */
774 return scsi_disk_emulate_vpd_page(req, outbuf);
0b06c059
GH		 775 }
776
777 /* Standard INQUIRY data */
778 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 779 return -1;
780 }
781
782 /* PAGE CODE == 0 */
0b06c059 783 buflen = req->cmd.xfer;
f01b5931 784 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 785 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 786 }
0b06c059 787
f37bd73b 788 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 789 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 790
791 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
792 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
793
314b1811 794 memset(&outbuf[32], 0, 4);
552fee93 795 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 796 /*
797 * We claim conformance to SPC-3, which is required for guests
798 * to ask for modern features like READ CAPACITY(16) or the
799 * block characteristics VPD page by default. Not all of SPC-3
800 * is actually implemented, but we're good enough.
801 */
2343be0d 802 outbuf[2] = s->qdev.default_scsi_version;
1109c894 803 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 804
805 if (buflen > 36) {
806 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
807 } else {
808 /* If the allocation length of CDB is too small,
809 the additional length is not adjusted */
810 outbuf[4] = 36 - 5;
811 }
812
0b06c059 813 /* Sync data transfer and TCQ. */
afd4030c 814 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 815 return buflen;
816}
817
430ee2f2
PB		 818static inline bool media_is_dvd(SCSIDiskState *s)
819{
820 uint64_t nb_sectors;
821 if (s->qdev.type != TYPE_ROM) {
822 return false;
823 }
cd723b85 824 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 825 return false;
826 }
4be74634 827 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
430ee2f2
PB		 828 return nb_sectors > CD_MAX_SECTORS;
829}
830
ceb792ef
PB		 831static inline bool media_is_cd(SCSIDiskState *s)
832{
833 uint64_t nb_sectors;
834 if (s->qdev.type != TYPE_ROM) {
835 return false;
836 }
cd723b85 837 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 838 return false;
839 }
4be74634 840 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 841 return nb_sectors <= CD_MAX_SECTORS;
842}
843
1a4f0c3a
PB		 844static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
845 uint8_t *outbuf)
846{
847 uint8_t type = r->req.cmd.buf[1] & 7;
848
849 if (s->qdev.type != TYPE_ROM) {
850 return -1;
851 }
852
853 /* Types 1/2 are only defined for Blu-Ray. */
854 if (type != 0) {
855 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
856 return -1;
857 }
858
859 memset(outbuf, 0, 34);
860 outbuf[1] = 32;
861 outbuf[2] = 0xe; /* last session complete, disc finalized */
862 outbuf[3] = 1; /* first track on disc */
863 outbuf[4] = 1; /* # of sessions */
864 outbuf[5] = 1; /* first track of last session */
865 outbuf[6] = 1; /* last track of last session */
866 outbuf[7] = 0x20; /* unrestricted use */
867 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
868 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
869 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
870 /* 24-31: disc bar code */
871 /* 32: disc application code */
872 /* 33: number of OPC tables */
873
874 return 34;
875}
876
b6c251ab
PB		 877static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
878 uint8_t *outbuf)
879{
ceb792ef
PB		 880 static const int rds_caps_size[5] = {
881 [0] = 2048 + 4,
882 [1] = 4 + 4,
883 [3] = 188 + 4,
884 [4] = 2048 + 4,
885 };
886
887 uint8_t media = r->req.cmd.buf[1];
888 uint8_t layer = r->req.cmd.buf[6];
889 uint8_t format = r->req.cmd.buf[7];
890 int size = -1;
891
892 if (s->qdev.type != TYPE_ROM) {
893 return -1;
894 }
895 if (media != 0) {
896 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
897 return -1;
898 }
899
900 if (format != 0xff) {
cd723b85 901 if (!blk_is_available(s->qdev.conf.blk)) {
ceb792ef
PB		 902 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
903 return -1;
904 }
905 if (media_is_cd(s)) {
906 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
907 return -1;
908 }
909 if (format >= ARRAY_SIZE(rds_caps_size)) {
910 return -1;
911 }
912 size = rds_caps_size[format];
913 memset(outbuf, 0, size);
914 }
915
916 switch (format) {
917 case 0x00: {
918 /* Physical format information */
919 uint64_t nb_sectors;
920 if (layer != 0) {
921 goto fail;
922 }
4be74634 923 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 924
925 outbuf[4] = 1; /* DVD-ROM, part version 1 */
926 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
927 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
928 outbuf[7] = 0; /* default densities */
929
930 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
931 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
932 break;
933 }
934
935 case 0x01: /* DVD copyright information, all zeros */
936 break;
937
938 case 0x03: /* BCA information - invalid field for no BCA info */
939 return -1;
940
941 case 0x04: /* DVD disc manufacturing information, all zeros */
942 break;
943
944 case 0xff: { /* List capabilities */
945 int i;
946 size = 4;
947 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
948 if (!rds_caps_size[i]) {
949 continue;
950 }
951 outbuf[size] = i;
952 outbuf[size + 1] = 0x40; /* Not writable, readable */
953 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
954 size += 4;
955 }
956 break;
957 }
958
959 default:
960 return -1;
961 }
962
963 /* Size of buffer, not including 2 byte size field */
964 stw_be_p(outbuf, size - 2);
965 return size;
966
967fail:
b6c251ab
PB		 968 return -1;
969}
970
3c2f7c12 971static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 972{
3c2f7c12
PB		 973 uint8_t event_code, media_status;
974
975 media_status = 0;
976 if (s->tray_open) {
977 media_status = MS_TRAY_OPEN;
4be74634 978 } else if (blk_is_inserted(s->qdev.conf.blk)) {
3c2f7c12
PB		 979 media_status = MS_MEDIA_PRESENT;
980 }
981
982 /* Event notification descriptor */
983 event_code = MEC_NO_CHANGE;
4480de19
PB		 984 if (media_status != MS_TRAY_OPEN) {
985 if (s->media_event) {
986 event_code = MEC_NEW_MEDIA;
987 s->media_event = false;
988 } else if (s->eject_request) {
989 event_code = MEC_EJECT_REQUESTED;
990 s->eject_request = false;
991 }
3c2f7c12
PB		 992 }
993
994 outbuf[0] = event_code;
995 outbuf[1] = media_status;
996
997 /* These fields are reserved, just clear them. */
998 outbuf[2] = 0;
999 outbuf[3] = 0;
1000 return 4;
1001}
1002
1003static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1004 uint8_t *outbuf)
1005{
1006 int size;
1007 uint8_t *buf = r->req.cmd.buf;
1008 uint8_t notification_class_request = buf[4];
1009 if (s->qdev.type != TYPE_ROM) {
1010 return -1;
1011 }
1012 if ((buf[1] & 1) == 0) {
1013 /* asynchronous */
1014 return -1;
1015 }
1016
1017 size = 4;
1018 outbuf[0] = outbuf[1] = 0;
1019 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1020 if (notification_class_request & (1 << GESN_MEDIA)) {
1021 outbuf[2] = GESN_MEDIA;
1022 size += scsi_event_status_media(s, &outbuf[size]);
1023 } else {
1024 outbuf[2] = 0x80;
1025 }
1026 stw_be_p(outbuf, size - 4);
1027 return size;
b6c251ab
PB		 1028}
1029
430ee2f2 1030static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 1031{
430ee2f2
PB		 1032 int current;
1033
b6c251ab
PB		 1034 if (s->qdev.type != TYPE_ROM) {
1035 return -1;
1036 }
7d99f4c1
MR		 1037
1038 if (media_is_dvd(s)) {
1039 current = MMC_PROFILE_DVD_ROM;
1040 } else if (media_is_cd(s)) {
1041 current = MMC_PROFILE_CD_ROM;
1042 } else {
1043 current = MMC_PROFILE_NONE;
1044 }
1045
430ee2f2
PB		 1046 memset(outbuf, 0, 40);
1047 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1048 stw_be_p(&outbuf[6], current);
1049 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1050 outbuf[10] = 0x03; /* persistent, current */
1051 outbuf[11] = 8; /* two profiles */
1052 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1053 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1054 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1055 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1056 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1057 stw_be_p(&outbuf[20], 1);
1058 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1059 outbuf[23] = 8;
1060 stl_be_p(&outbuf[24], 1); /* SCSI */
1061 outbuf[28] = 1; /* DBE = 1, mandatory */
1062 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1063 stw_be_p(&outbuf[32], 3);
1064 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1065 outbuf[35] = 4;
1066 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1067 /* TODO: Random readable, CD read, DVD read, drive serial number,
1068 power management */
1069 return 40;
b6c251ab
PB		 1070}
1071
1072static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1073{
1074 if (s->qdev.type != TYPE_ROM) {
1075 return -1;
1076 }
1077 memset(outbuf, 0, 8);
1078 outbuf[5] = 1; /* CD-ROM */
1079 return 8;
1080}
1081
cfc606da 1082static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 1083 int page_control)
ebddfcbe 1084{
a8f4bbe2 1085 static const int mode_sense_valid[0x3f] = {
09274de1 1086 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a8f4bbe2
PB		 1087 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1088 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1089 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 1090 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1091 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2 1092 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
09d37867 1093 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM),
a8f4bbe2 1094 };
ef405611
PB		 1095
1096 uint8_t *p = *p_outbuf + 2;
1097 int length;
ebddfcbe 1098
b3af7fdf 1099 assert(page < ARRAY_SIZE(mode_sense_valid));
a8f4bbe2
PB		 1100 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1101 return -1;
1102 }
1103
282ab04e
BK		 1104 /*
1105 * If Changeable Values are requested, a mask denoting those mode parameters
1106 * that are changeable shall be returned. As we currently don't support
1107 * parameter changes via MODE_SELECT all bits are returned set to zero.
1108 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 1109 *
1110 * The offsets here are off by two compared to the descriptions in the
1111 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1112 * but it is done so that offsets are consistent within our implementation
1113 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1114 * 2-byte and 4-byte headers.
282ab04e 1115 */
ebddfcbe 1116 switch (page) {
67cc61e4 1117 case MODE_PAGE_HD_GEOMETRY:
ef405611 1118 length = 0x16;
282ab04e 1119 if (page_control == 1) { /* Changeable Values */
cfc606da 1120 break;
282ab04e 1121 }
ebddfcbe 1122 /* if a geometry hint is available, use it */
ef405611
PB		 1123 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1124 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1125 p[2] = s->qdev.conf.cyls & 0xff;
1126 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1127 /* Write precomp start cylinder, disabled */
ef405611
PB		 1128 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1129 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1130 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1131 /* Reduced current start cylinder, disabled */
ef405611
PB		 1132 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1133 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1134 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1135 /* Device step rate [ns], 200ns */
ef405611
PB		 1136 p[10] = 0;
1137 p[11] = 200;
ebddfcbe 1138 /* Landing zone cylinder */
ef405611
PB		 1139 p[12] = 0xff;
1140 p[13] = 0xff;
ebddfcbe 1141 p[14] = 0xff;
ebddfcbe 1142 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1143 p[18] = (5400 >> 8) & 0xff;
1144 p[19] = 5400 & 0xff;
cfc606da 1145 break;
ebddfcbe 1146
67cc61e4 1147 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1148 length = 0x1e;
282ab04e 1149 if (page_control == 1) { /* Changeable Values */
cfc606da 1150 break;
282ab04e 1151 }
ebddfcbe 1152 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1153 p[0] = 5000 >> 8;
1154 p[1] = 5000 & 0xff;
ebddfcbe 1155 /* if a geometry hint is available, use it */
ef405611
PB		 1156 p[2] = s->qdev.conf.heads & 0xff;
1157 p[3] = s->qdev.conf.secs & 0xff;
1158 p[4] = s->qdev.blocksize >> 8;
1159 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1160 p[7] = s->qdev.conf.cyls & 0xff;
1161 /* Write precomp start cylinder, disabled */
d252df48
MA		 1162 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1163 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1164 /* Reduced current start cylinder, disabled */
d252df48
MA		 1165 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1166 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1167 /* Device step rate [100us], 100us */
ef405611
PB		 1168 p[12] = 0;
1169 p[13] = 1;
ebddfcbe 1170 /* Device step pulse width [us], 1us */
ef405611 1171 p[14] = 1;
ebddfcbe 1172 /* Device head settle delay [100us], 100us */
ef405611
PB		 1173 p[15] = 0;
1174 p[16] = 1;
ebddfcbe 1175 /* Motor on delay [0.1s], 0.1s */
ef405611 1176 p[17] = 1;
ebddfcbe 1177 /* Motor off delay [0.1s], 0.1s */
ef405611 1178 p[18] = 1;
ebddfcbe 1179 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1180 p[26] = (5400 >> 8) & 0xff;
1181 p[27] = 5400 & 0xff;
cfc606da 1182 break;
ebddfcbe 1183
67cc61e4 1184 case MODE_PAGE_CACHING:
ef405611 1185 length = 0x12;
96c91bbf 1186 if (page_control == 1 || /* Changeable Values */
4be74634 1187 blk_enable_write_cache(s->qdev.conf.blk)) {
ef405611 1188 p[0] = 4; /* WCE */
ebddfcbe 1189 }
cfc606da 1190 break;
ebddfcbe 1191
a07c7dcd 1192 case MODE_PAGE_R_W_ERROR:
ef405611 1193 length = 10;
4f588b15 1194 if (page_control == 1) { /* Changeable Values */
4536fba0
MCA		 1195 if (s->qdev.type == TYPE_ROM) {
1196 /* Automatic Write Reallocation Enabled */
1197 p[0] = 0x80;
1198 }
4f588b15
PB		 1199 break;
1200 }
ef405611 1201 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1202 if (s->qdev.type == TYPE_ROM) {
ef405611 1203 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1204 }
1205 break;
1206
1207 case MODE_PAGE_AUDIO_CTL:
ef405611 1208 length = 14;
a07c7dcd
PB		 1209 break;
1210
67cc61e4 1211 case MODE_PAGE_CAPABILITIES:
ef405611 1212 length = 0x14;
282ab04e 1213 if (page_control == 1) { /* Changeable Values */
cfc606da 1214 break;
282ab04e 1215 }
a07c7dcd 1216
ef405611
PB		 1217 p[0] = 0x3b; /* CD-R & CD-RW read */
1218 p[1] = 0; /* Writing not supported */
1219 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1220 mode 2 form 1&2, multi session */
ef405611 1221 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1222 RW corrected, C2 errors, ISRC,
1223 UPC, Bar code */
ef405611 1224 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1225 /* Locking supported, jumper present, eject, tray */
ef405611 1226 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1227 changer */
ef405611
PB		 1228 p[6] = (50 * 176) >> 8; /* 50x read speed */
1229 p[7] = (50 * 176) & 0xff;
1230 p[8] = 2 >> 8; /* Two volume levels */
1231 p[9] = 2 & 0xff;
1232 p[10] = 2048 >> 8; /* 2M buffer */
1233 p[11] = 2048 & 0xff;
1234 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1235 p[13] = (16 * 176) & 0xff;
1236 p[16] = (16 * 176) >> 8; /* 16x write speed */
1237 p[17] = (16 * 176) & 0xff;
1238 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1239 p[19] = (16 * 176) & 0xff;
cfc606da 1240 break;
ebddfcbe 1241
09d37867
MCA		 1242 case MODE_PAGE_APPLE_VENDOR:
1243 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) {
1244 length = 0x1e;
1245 if (page_control == 1) { /* Changeable Values */
1246 break;
1247 }
1248
1249 memset(p, 0, length);
1250 strcpy((char *)p + 8, "APPLE COMPUTER, INC ");
1251 break;
1252 } else {
1253 return -1;
1254 }
1255
09274de1
MCA		 1256 case MODE_PAGE_VENDOR_SPECIFIC:
1257 if (s->qdev.type == TYPE_DISK && (s->quirks &
1258 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1259 length = 0x2;
1260 if (page_control == 1) { /* Changeable Values */
1261 p[0] = 0xff;
1262 p[1] = 0xff;
1263 break;
1264 }
1265 p[0] = 0;
1266 p[1] = 0;
1267 break;
1268 } else {
1269 return -1;
1270 }
1271
ebddfcbe 1272 default:
cfc606da 1273 return -1;
ebddfcbe 1274 }
cfc606da 1275
ef405611
PB		 1276 assert(length < 256);
1277 (*p_outbuf)[0] = page;
1278 (*p_outbuf)[1] = length;
1279 *p_outbuf += length + 2;
1280 return length + 2;
ebddfcbe
GH		 1281}
1282
cfc606da 1283static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1284{
cfc606da 1285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1286 uint64_t nb_sectors;
e590ecbe
PB		 1287 bool dbd;
1288 int page, buflen, ret, page_control;
ebddfcbe 1289 uint8_t *p;
ce512ee1 1290 uint8_t dev_specific_param;
ebddfcbe 1291
e590ecbe 1292 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1293 page = r->req.cmd.buf[2] & 0x3f;
1294 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
59ee9500
LV		 1295
1296 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1297 10, page, r->req.cmd.xfer, page_control);
cfc606da 1298 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1299 p = outbuf;
1300
e590ecbe 1301 if (s->qdev.type == TYPE_DISK) {
da8365db 1302 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
86b1cf32 1303 if (!blk_is_writable(s->qdev.conf.blk)) {
e590ecbe
PB		 1304 dev_specific_param |= 0x80; /* Readonly. */
1305 }
ce512ee1 1306 } else {
f43c2b94
MCA		 1307 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) {
1308 /* Use DBD from the request... */
1309 dev_specific_param = 0x00;
1310
1311 /*
1312 * ... unless we receive a request for MODE_PAGE_APPLE_VENDOR
1313 * which should never return a block descriptor even though DBD is
1314 * not set, otherwise CDROM detection fails in MacOS
1315 */
1316 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) &&
1317 page == MODE_PAGE_APPLE_VENDOR) {
1318 dbd = true;
1319 }
1320 } else {
1321 /*
1322 * MMC prescribes that CD/DVD drives have no block descriptors,
1323 * and defines no device-specific parameter.
1324 */
1325 dev_specific_param = 0x00;
1326 dbd = true;
1327 }
ce512ee1
BK		 1328 }
1329
cfc606da 1330 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1331 p[1] = 0; /* Default media type. */
1332 p[2] = dev_specific_param;
1333 p[3] = 0; /* Block descriptor length. */
1334 p += 4;
1335 } else { /* MODE_SENSE_10 */
1336 p[2] = 0; /* Default media type. */
1337 p[3] = dev_specific_param;
1338 p[6] = p[7] = 0; /* Block descriptor length. */
1339 p += 8;
ebddfcbe 1340 }
ebddfcbe 1341
4be74634 1342 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
e590ecbe 1343 if (!dbd && nb_sectors) {
cfc606da 1344 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1345 outbuf[3] = 8; /* Block descriptor length */
1346 } else { /* MODE_SENSE_10 */
1347 outbuf[7] = 8; /* Block descriptor length */
1348 }
3dc516bf 1349 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
f01b5931 1350 if (nb_sectors > 0xffffff) {
2488b740 1351 nb_sectors = 0;
f01b5931 1352 }
ebddfcbe
GH		 1353 p[0] = 0; /* media density code */
1354 p[1] = (nb_sectors >> 16) & 0xff;
1355 p[2] = (nb_sectors >> 8) & 0xff;
1356 p[3] = nb_sectors & 0xff;
1357 p[4] = 0; /* reserved */
1358 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1359 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1360 p[7] = 0;
1361 p += 8;
1362 }
1363
cfc606da
PB		 1364 if (page_control == 3) {
1365 /* Saved Values */
1366 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1367 return -1;
282ab04e
BK		 1368 }
1369
cfc606da
PB		 1370 if (page == 0x3f) {
1371 for (page = 0; page <= 0x3e; page++) {
1372 mode_sense_page(s, page, &p, page_control);
1373 }
1374 } else {
1375 ret = mode_sense_page(s, page, &p, page_control);
1376 if (ret == -1) {
1377 return -1;
1378 }
ebddfcbe
GH		 1379 }
1380
1381 buflen = p - outbuf;
ce512ee1
BK		 1382 /*
1383 * The mode data length field specifies the length in bytes of the
1384 * following data that is available to be transferred. The mode data
1385 * length does not include itself.
1386 */
cfc606da 1387 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1388 outbuf[0] = buflen - 1;
1389 } else { /* MODE_SENSE_10 */
1390 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1391 outbuf[1] = (buflen - 2) & 0xff;
1392 }
ebddfcbe
GH		 1393 return buflen;
1394}
1395
02880f43
GH		 1396static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1397{
1398 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1399 int start_track, format, msf, toclen;
1400 uint64_t nb_sectors;
1401
1402 msf = req->cmd.buf[1] & 2;
1403 format = req->cmd.buf[2] & 0xf;
1404 start_track = req->cmd.buf[6];
4be74634 1405 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
59ee9500 1406 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
3dc516bf 1407 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
02880f43
GH		 1408 switch (format) {
1409 case 0:
1410 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1411 break;
1412 case 1:
1413 /* multi session : only a single session defined */
1414 toclen = 12;
1415 memset(outbuf, 0, 12);
1416 outbuf[1] = 0x0a;
1417 outbuf[2] = 0x01;
1418 outbuf[3] = 0x01;
1419 break;
1420 case 2:
1421 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1422 break;
1423 default:
1424 return -1;
1425 }
02880f43
GH		 1426 return toclen;
1427}
1428
68bb01f3 1429static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1430{
1431 SCSIRequest *req = &r->req;
1432 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1433 bool start = req->cmd.buf[4] & 1;
1434 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1435 int pwrcnd = req->cmd.buf[4] & 0xf0;
1436
1437 if (pwrcnd) {
1438 /* eject/load only happens for power condition == 0 */
1439 return 0;
1440 }
bfd52647 1441
b456a71c 1442 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1443 if (!start && !s->tray_open && s->tray_locked) {
1444 scsi_check_condition(r,
4be74634 1445 blk_is_inserted(s->qdev.conf.blk)
68bb01f3
MA		 1446 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1447 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1448 return -1;
fdec4404 1449 }
d88b1819
LC		 1450
1451 if (s->tray_open != !start) {
4be74634 1452 blk_eject(s->qdev.conf.blk, !start);
d88b1819
LC		 1453 s->tray_open = !start;
1454 }
bfd52647 1455 }
68bb01f3 1456 return 0;
bfd52647
MA		 1457}
1458
314a3299
PB		 1459static void scsi_disk_emulate_read_data(SCSIRequest *req)
1460{
1461 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1462 int buflen = r->iov.iov_len;
1463
1464 if (buflen) {
59ee9500 1465 trace_scsi_disk_emulate_read_data(buflen);
314a3299
PB		 1466 r->iov.iov_len = 0;
1467 r->started = true;
1468 scsi_req_data(&r->req, buflen);
1469 return;
1470 }
1471
1472 /* This also clears the sense buffer for REQUEST SENSE. */
1473 scsi_req_complete(&r->req, GOOD);
1474}
1475
380feaff
PB		 1476static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1477 uint8_t *inbuf, int inlen)
1478{
1479 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1480 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1481 uint8_t *p;
1482 int len, expected_len, changeable_len, i;
1483
1484 /* The input buffer does not include the page header, so it is
1485 * off by 2 bytes.
1486 */
1487 expected_len = inlen + 2;
1488 if (expected_len > SCSI_MAX_MODE_LEN) {
1489 return -1;
1490 }
1491
b3af7fdf
MMC		 1492 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
1493 if (page == MODE_PAGE_ALLS) {
1494 return -1;
1495 }
1496
380feaff
PB		 1497 p = mode_current;
1498 memset(mode_current, 0, inlen + 2);
1499 len = mode_sense_page(s, page, &p, 0);
1500 if (len < 0 || len != expected_len) {
1501 return -1;
1502 }
1503
1504 p = mode_changeable;
1505 memset(mode_changeable, 0, inlen + 2);
1506 changeable_len = mode_sense_page(s, page, &p, 1);
1507 assert(changeable_len == len);
1508
1509 /* Check that unchangeable bits are the same as what MODE SENSE
1510 * would return.
1511 */
1512 for (i = 2; i < len; i++) {
1513 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1514 return -1;
1515 }
1516 }
1517 return 0;
1518}
1519
1520static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1521{
96c91bbf
PB		 1522 switch (page) {
1523 case MODE_PAGE_CACHING:
4be74634 1524 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
96c91bbf
PB		 1525 break;
1526
1527 default:
1528 break;
1529 }
380feaff
PB		 1530}
1531
1532static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1533{
1534 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1535
1536 while (len > 0) {
1537 int page, subpage, page_len;
1538
1539 /* Parse both possible formats for the mode page headers. */
1540 page = p[0] & 0x3f;
1541 if (p[0] & 0x40) {
1542 if (len < 4) {
1543 goto invalid_param_len;
1544 }
1545 subpage = p[1];
1546 page_len = lduw_be_p(&p[2]);
1547 p += 4;
1548 len -= 4;
1549 } else {
1550 if (len < 2) {
1551 goto invalid_param_len;
1552 }
1553 subpage = 0;
1554 page_len = p[1];
1555 p += 2;
1556 len -= 2;
1557 }
1558
1559 if (subpage) {
1560 goto invalid_param;
1561 }
1562 if (page_len > len) {
389e18eb
MCA		 1563 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) {
1564 goto invalid_param_len;
1565 }
1566 trace_scsi_disk_mode_select_page_truncated(page, page_len, len);
380feaff
PB		 1567 }
1568
1569 if (!change) {
1570 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1571 goto invalid_param;
1572 }
1573 } else {
1574 scsi_disk_apply_mode_select(s, page, p);
1575 }
1576
1577 p += page_len;
1578 len -= page_len;
1579 }
1580 return 0;
1581
1582invalid_param:
1583 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1584 return -1;
1585
1586invalid_param_len:
1587 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1588 return -1;
1589}
1590
1591static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1592{
accfeb2d 1593 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1594 uint8_t *p = inbuf;
1595 int cmd = r->req.cmd.buf[0];
1596 int len = r->req.cmd.xfer;
1597 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
55794c90 1598 int bd_len, bs;
380feaff
PB		 1599 int pass;
1600
380feaff 1601 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
09274de1
MCA		 1602 if (!(s->quirks &
1603 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1604 /* We only support PF=1, SP=0. */
1605 goto invalid_field;
1606 }
380feaff
PB		 1607 }
1608
1609 if (len < hdr_len) {
1610 goto invalid_param_len;
1611 }
1612
1613 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1614 len -= hdr_len;
1615 p += hdr_len;
1616 if (len < bd_len) {
1617 goto invalid_param_len;
1618 }
1619 if (bd_len != 0 && bd_len != 8) {
1620 goto invalid_param;
1621 }
1622
356c4c44 1623 /* Allow changing the block size */
55794c90
MCA		 1624 if (bd_len) {
1625 bs = p[5] << 16 | p[6] << 8 | p[7];
1626
1627 /*
1628 * Since the existing code only checks/updates bits 8-15 of the block
1629 * size, restrict ourselves to the same requirement for now to ensure
1630 * that a block size set by a block descriptor and then read back by
7cfcc79b
TH		 1631 * a subsequent SCSI command will be the same. Also disallow a block
1632 * size of 256 since we cannot handle anything below BDRV_SECTOR_SIZE.
55794c90 1633 */
7cfcc79b 1634 if (bs && !(bs & ~0xfe00) && bs != s->qdev.blocksize) {
55794c90
MCA		 1635 s->qdev.blocksize = bs;
1636 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize);
1637 }
356c4c44
MCA		 1638 }
1639
380feaff
PB		 1640 len -= bd_len;
1641 p += bd_len;
1642
1643 /* Ensure no change is made if there is an error! */
1644 for (pass = 0; pass < 2; pass++) {
1645 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1646 assert(pass == 0);
1647 return;
1648 }
1649 }
4be74634 1650 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
accfeb2d
PB		 1651 /* The request is used as the AIO opaque value, so add a ref. */
1652 scsi_req_ref(&r->req);
4be74634 1653 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 1654 BLOCK_ACCT_FLUSH);
4be74634 1655 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
accfeb2d
PB		 1656 return;
1657 }
1658
380feaff
PB		 1659 scsi_req_complete(&r->req, GOOD);
1660 return;
1661
1662invalid_param:
1663 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1664 return;
1665
1666invalid_param_len:
1667 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1668 return;
1669
1670invalid_field:
1671 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1672}
1673
b802d14d 1674/* sector_num and nb_sectors expected to be in qdev blocksize */
444bc908
PB		 1675static inline bool check_lba_range(SCSIDiskState *s,
1676 uint64_t sector_num, uint32_t nb_sectors)
1677{
1678 /*
1679 * The first line tests that no overflow happens when computing the last
1680 * sector. The second line tests that the last accessed sector is in
1681 * range.
12ca76fc
PB		 1682 *
1683 * Careful, the computations should not underflow for nb_sectors == 0,
1684 * and a 0-block read to the first LBA beyond the end of device is
1685 * valid.
444bc908
PB		 1686 */
1687 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1688 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1689}
1690
5222aaf2
PB		 1691typedef struct UnmapCBData {
1692 SCSIDiskReq *r;
1693 uint8_t *inbuf;
1694 int count;
1695} UnmapCBData;
1696
5fd2b563
PB		 1697static void scsi_unmap_complete(void *opaque, int ret);
1698
1699static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
5222aaf2 1700{
5222aaf2
PB		 1701 SCSIDiskReq *r = data->r;
1702 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5222aaf2 1703
5fd2b563 1704 assert(r->req.aiocb == NULL);
d0242ead 1705
d0242ead 1706 if (data->count > 0) {
b802d14d
KW		 1707 uint64_t sector_num = ldq_be_p(&data->inbuf[0]);
1708 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1709 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1710 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1711
1712 if (!check_lba_range(s, sector_num, nb_sectors)) {
4989ef57
AN		 1713 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1714 BLOCK_ACCT_UNMAP);
5222aaf2
PB		 1715 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1716 goto done;
1717 }
1718
4989ef57
AN		 1719 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1720 r->sector_count * BDRV_SECTOR_SIZE,
1721 BLOCK_ACCT_UNMAP);
1722
1c6c4bb7 1723 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
6d068082
AN		 1724 r->sector * BDRV_SECTOR_SIZE,
1725 r->sector_count * BDRV_SECTOR_SIZE,
1c6c4bb7 1726 scsi_unmap_complete, data);
5222aaf2
PB		 1727 data->count--;
1728 data->inbuf += 16;
1729 return;
1730 }
1731
d0242ead
PB		 1732 scsi_req_complete(&r->req, GOOD);
1733
5222aaf2 1734done:
3df9caf8 1735 scsi_req_unref(&r->req);
5222aaf2
PB		 1736 g_free(data);
1737}
1738
5fd2b563
PB		 1739static void scsi_unmap_complete(void *opaque, int ret)
1740{
1741 UnmapCBData *data = opaque;
1742 SCSIDiskReq *r = data->r;
b9e413dd 1743 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5fd2b563 1744
7b7fc3d0
SH		 1745 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1746
5fd2b563
PB		 1747 assert(r->req.aiocb != NULL);
1748 r->req.aiocb = NULL;
1749
4989ef57 1750 if (scsi_disk_req_check_error(r, ret, true)) {
90ebf843
AN		 1751 scsi_req_unref(&r->req);
1752 g_free(data);
1753 } else {
4989ef57 1754 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
90ebf843
AN		 1755 scsi_unmap_complete_noio(data, ret);
1756 }
b9e413dd 1757 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 1758}
1759
5222aaf2
PB		 1760static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1761{
c5fd1fb0 1762 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5222aaf2
PB		 1763 uint8_t *p = inbuf;
1764 int len = r->req.cmd.xfer;
1765 UnmapCBData *data;
1766
823bd739
PB		 1767 /* Reject ANCHOR=1. */
1768 if (r->req.cmd.buf[1] & 0x1) {
1769 goto invalid_field;
1770 }
1771
5222aaf2
PB		 1772 if (len < 8) {
1773 goto invalid_param_len;
1774 }
1775 if (len < lduw_be_p(&p[0]) + 2) {
1776 goto invalid_param_len;
1777 }
1778 if (len < lduw_be_p(&p[2]) + 8) {
1779 goto invalid_param_len;
1780 }
1781 if (lduw_be_p(&p[2]) & 15) {
1782 goto invalid_param_len;
1783 }
1784
86b1cf32 1785 if (!blk_is_writable(s->qdev.conf.blk)) {
4989ef57 1786 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
c5fd1fb0
PB		 1787 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1788 return;
1789 }
1790
5222aaf2
PB		 1791 data = g_new0(UnmapCBData, 1);
1792 data->r = r;
1793 data->inbuf = &p[8];
1794 data->count = lduw_be_p(&p[2]) >> 4;
1795
1796 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1797 scsi_req_ref(&r->req);
5fd2b563 1798 scsi_unmap_complete_noio(data, 0);
5222aaf2
PB		 1799 return;
1800
1801invalid_param_len:
4989ef57 1802 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
5222aaf2 1803 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
823bd739
PB		 1804 return;
1805
1806invalid_field:
4989ef57 1807 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
823bd739 1808 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
5222aaf2
PB		 1809}
1810
84f94a9a
PB		 1811typedef struct WriteSameCBData {
1812 SCSIDiskReq *r;
1813 int64_t sector;
1814 int nb_sectors;
1815 QEMUIOVector qiov;
1816 struct iovec iov;
1817} WriteSameCBData;
1818
1819static void scsi_write_same_complete(void *opaque, int ret)
1820{
1821 WriteSameCBData *data = opaque;
1822 SCSIDiskReq *r = data->r;
1823 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1824
7b7fc3d0
SH		 1825 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1826
84f94a9a
PB		 1827 assert(r->req.aiocb != NULL);
1828 r->req.aiocb = NULL;
7b7fc3d0 1829
5b956f41 1830 if (scsi_disk_req_check_error(r, ret, true)) {
84f94a9a
PB		 1831 goto done;
1832 }
1833
d7628080
AG		 1834 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1835
3dc516bf
PMD		 1836 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1837 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1838 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1839 data->iov.iov_len);
84f94a9a 1840 if (data->iov.iov_len) {
4be74634 1841 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1842 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1843 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1844 * where final qiov may need smaller size */
a56537a1 1845 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
03c90063
EB		 1846 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1847 data->sector << BDRV_SECTOR_BITS,
1848 &data->qiov, 0,
1849 scsi_write_same_complete, data);
24355b79 1850 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
84f94a9a
PB		 1851 return;
1852 }
1853
1854 scsi_req_complete(&r->req, GOOD);
1855
1856done:
3df9caf8 1857 scsi_req_unref(&r->req);
84f94a9a
PB		 1858 qemu_vfree(data->iov.iov_base);
1859 g_free(data);
b9e413dd 1860 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
84f94a9a
PB		 1861}
1862
1863static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1864{
1865 SCSIRequest *req = &r->req;
1866 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1894df02 1867 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
84f94a9a
PB		 1868 WriteSameCBData *data;
1869 uint8_t *buf;
54a53a00 1870 int i, l;
84f94a9a
PB		 1871
1872 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1873 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1874 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1875 return;
1876 }
1877
86b1cf32 1878 if (!blk_is_writable(s->qdev.conf.blk)) {
84f94a9a
PB		 1879 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1880 return;
1881 }
1882 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1883 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1884 return;
1885 }
1886
4397a018 1887 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
84f94a9a
PB		 1888 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1889
1890 /* The request is used as the AIO opaque value, so add a ref. */
1891 scsi_req_ref(&r->req);
4be74634 1892 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8
BC		 1893 nb_sectors * s->qdev.blocksize,
1894 BLOCK_ACCT_WRITE);
d004bd52 1895 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
983a1600
EB		 1896 r->req.cmd.lba * s->qdev.blocksize,
1897 nb_sectors * s->qdev.blocksize,
4be74634 1898 flags, scsi_aio_complete, r);
84f94a9a
PB		 1899 return;
1900 }
1901
1902 data = g_new0(WriteSameCBData, 1);
1903 data->r = r;
3dc516bf
PMD		 1904 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1905 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1906 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1907 SCSI_WRITE_SAME_MAX);
4be74634
MA		 1908 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1909 data->iov.iov_len);
84f94a9a
PB		 1910 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1911
54a53a00
MCA		 1912 for (i = 0; i < data->iov.iov_len; i += l) {
1913 l = MIN(s->qdev.blocksize, data->iov.iov_len - i);
1914 memcpy(&buf[i], inbuf, l);
84f94a9a
PB		 1915 }
1916
1917 scsi_req_ref(&r->req);
4be74634 1918 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1919 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1920 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1921 data->sector << BDRV_SECTOR_BITS,
1922 &data->qiov, 0,
1923 scsi_write_same_complete, data);
84f94a9a
PB		 1924}
1925
314a3299
PB		 1926static void scsi_disk_emulate_write_data(SCSIRequest *req)
1927{
af6d510d
PB		 1928 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1929
1930 if (r->iov.iov_len) {
1931 int buflen = r->iov.iov_len;
59ee9500 1932 trace_scsi_disk_emulate_write_data(buflen);
af6d510d
PB		 1933 r->iov.iov_len = 0;
1934 scsi_req_data(&r->req, buflen);
1935 return;
1936 }
1937
1938 switch (req->cmd.buf[0]) {
1939 case MODE_SELECT:
1940 case MODE_SELECT_10:
1941 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1942 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1943 break;
1944
5222aaf2
PB		 1945 case UNMAP:
1946 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1947 break;
1948
d97e7730
PB		 1949 case VERIFY_10:
1950 case VERIFY_12:
1951 case VERIFY_16:
1952 if (r->req.status == -1) {
1953 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1954 }
1955 break;
1956
84f94a9a
PB		 1957 case WRITE_SAME_10:
1958 case WRITE_SAME_16:
1959 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1960 break;
d97e7730 1961
be2b619a
MCA		 1962 case FORMAT_UNIT:
1963 scsi_req_complete(&r->req, GOOD);
1964 break;
1965
af6d510d
PB		 1966 default:
1967 abort();
1968 }
314a3299
PB		 1969}
1970
b08d0ea0 1971static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1972{
b08d0ea0 1973 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1974 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1975 uint64_t nb_sectors;
7285477a 1976 uint8_t *outbuf;
af6d510d 1977 int buflen;
aa5dbdc1 1978
b08d0ea0
PB		 1979 switch (req->cmd.buf[0]) {
1980 case INQUIRY:
1981 case MODE_SENSE:
1982 case MODE_SENSE_10:
1983 case RESERVE:
1984 case RESERVE_10:
1985 case RELEASE:
1986 case RELEASE_10:
1987 case START_STOP:
1988 case ALLOW_MEDIUM_REMOVAL:
1989 case GET_CONFIGURATION:
1990 case GET_EVENT_STATUS_NOTIFICATION:
1991 case MECHANISM_STATUS:
1992 case REQUEST_SENSE:
1993 break;
1994
1995 default:
cd723b85 1996 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 1997 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1998 return 0;
1999 }
2000 break;
2001 }
2002
c8dcb531
PB		 2003 /*
2004 * FIXME: we shouldn't return anything bigger than 4k, but the code
2005 * requires the buffer to be as big as req->cmd.xfer in several
2006 * places. So, do not allow CDBs with a very large ALLOCATION
2007 * LENGTH. The real fix would be to modify scsi_read_data and
2008 * dma_buf_read, so that they return data beyond the buflen
2009 * as all zeros.
2010 */
2011 if (req->cmd.xfer > 65536) {
2012 goto illegal_request;
2013 }
2014 r->buflen = MAX(4096, req->cmd.xfer);
2015
7285477a 2016 if (!r->iov.iov_base) {
4be74634 2017 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 2018 }
2019
2020 outbuf = r->iov.iov_base;
c8dcb531 2021 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 2022 switch (req->cmd.buf[0]) {
2023 case TEST_UNIT_READY:
cd723b85 2024 assert(blk_is_available(s->qdev.conf.blk));
5f71d32f 2025 break;
0b06c059
GH		 2026 case INQUIRY:
2027 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 2028 if (buflen < 0) {
0b06c059 2029 goto illegal_request;
f01b5931 2030 }
5f71d32f 2031 break;
ebddfcbe
GH		 2032 case MODE_SENSE:
2033 case MODE_SENSE_10:
cfc606da 2034 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 2035 if (buflen < 0) {
ebddfcbe 2036 goto illegal_request;
f01b5931 2037 }
ebddfcbe 2038 break;
02880f43
GH		 2039 case READ_TOC:
2040 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 2041 if (buflen < 0) {
02880f43 2042 goto illegal_request;
f01b5931 2043 }
02880f43 2044 break;
3d53ba18 2045 case RESERVE:
f01b5931 2046 if (req->cmd.buf[1] & 1) {
3d53ba18 2047 goto illegal_request;
f01b5931 2048 }
3d53ba18
GH		 2049 break;
2050 case RESERVE_10:
f01b5931 2051 if (req->cmd.buf[1] & 3) {
3d53ba18 2052 goto illegal_request;
f01b5931 2053 }
3d53ba18
GH		 2054 break;
2055 case RELEASE:
f01b5931 2056 if (req->cmd.buf[1] & 1) {
3d53ba18 2057 goto illegal_request;
f01b5931 2058 }
3d53ba18
GH		 2059 break;
2060 case RELEASE_10:
f01b5931 2061 if (req->cmd.buf[1] & 3) {
3d53ba18 2062 goto illegal_request;
f01b5931 2063 }
3d53ba18 2064 break;
8d3628ff 2065 case START_STOP:
68bb01f3 2066 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 2067 return 0;
68bb01f3 2068 }
5f71d32f 2069 break;
c68b9f34 2070 case ALLOW_MEDIUM_REMOVAL:
81b1008d 2071 s->tray_locked = req->cmd.buf[4] & 1;
4be74634 2072 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
5f71d32f 2073 break;
5e30a07d 2074 case READ_CAPACITY_10:
e7e25e32 2075 /* The normal LEN field for this command is zero. */
5f71d32f 2076 memset(outbuf, 0, 8);
4be74634 2077 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2078 if (!nb_sectors) {
9bcaf4fe 2079 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2080 return 0;
f01b5931 2081 }
7cec78b6
PB		 2082 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
2083 goto illegal_request;
2084 }
3dc516bf 2085 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
e7e25e32
GH		 2086 /* Returned value is the address of the last sector. */
2087 nb_sectors--;
2088 /* Remember the new size for read/write sanity checking. */
7877903a 2089 s->qdev.max_lba = nb_sectors;
e7e25e32 2090 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 2091 if (nb_sectors > UINT32_MAX) {
e7e25e32 2092 nb_sectors = UINT32_MAX;
f01b5931 2093 }
e7e25e32
GH		 2094 outbuf[0] = (nb_sectors >> 24) & 0xff;
2095 outbuf[1] = (nb_sectors >> 16) & 0xff;
2096 outbuf[2] = (nb_sectors >> 8) & 0xff;
2097 outbuf[3] = nb_sectors & 0xff;
2098 outbuf[4] = 0;
2099 outbuf[5] = 0;
69377307 2100 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 2101 outbuf[7] = 0;
5f71d32f 2102 break;
f3b338ef
PB		 2103 case REQUEST_SENSE:
2104 /* Just return "NO SENSE". */
37b6045c
PB		 2105 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2106 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 2107 if (buflen < 0) {
2108 goto illegal_request;
2109 }
f3b338ef 2110 break;
b6c251ab
PB		 2111 case MECHANISM_STATUS:
2112 buflen = scsi_emulate_mechanism_status(s, outbuf);
2113 if (buflen < 0) {
2114 goto illegal_request;
2115 }
2116 break;
38215553 2117 case GET_CONFIGURATION:
430ee2f2 2118 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 2119 if (buflen < 0) {
2120 goto illegal_request;
2121 }
2122 break;
2123 case GET_EVENT_STATUS_NOTIFICATION:
2124 buflen = scsi_get_event_status_notification(s, r, outbuf);
2125 if (buflen < 0) {
2126 goto illegal_request;
2127 }
2128 break;
1a4f0c3a
PB		 2129 case READ_DISC_INFORMATION:
2130 buflen = scsi_read_disc_information(s, r, outbuf);
2131 if (buflen < 0) {
2132 goto illegal_request;
2133 }
2134 break;
b6c251ab
PB		 2135 case READ_DVD_STRUCTURE:
2136 buflen = scsi_read_dvd_structure(s, r, outbuf);
2137 if (buflen < 0) {
2138 goto illegal_request;
2139 }
38215553 2140 break;
f6515262 2141 case SERVICE_ACTION_IN_16:
5dd90e2a 2142 /* Service Action In subcommands. */
f6515262 2143 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
59ee9500 2144 trace_scsi_disk_emulate_command_SAI_16();
5dd90e2a 2145 memset(outbuf, 0, req->cmd.xfer);
4be74634 2146 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2147 if (!nb_sectors) {
9bcaf4fe 2148 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2149 return 0;
f01b5931 2150 }
7cec78b6
PB		 2151 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2152 goto illegal_request;
2153 }
3dc516bf 2154 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
5dd90e2a
GH		 2155 /* Returned value is the address of the last sector. */
2156 nb_sectors--;
2157 /* Remember the new size for read/write sanity checking. */
7877903a 2158 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 2159 outbuf[0] = (nb_sectors >> 56) & 0xff;
2160 outbuf[1] = (nb_sectors >> 48) & 0xff;
2161 outbuf[2] = (nb_sectors >> 40) & 0xff;
2162 outbuf[3] = (nb_sectors >> 32) & 0xff;
2163 outbuf[4] = (nb_sectors >> 24) & 0xff;
2164 outbuf[5] = (nb_sectors >> 16) & 0xff;
2165 outbuf[6] = (nb_sectors >> 8) & 0xff;
2166 outbuf[7] = nb_sectors & 0xff;
2167 outbuf[8] = 0;
2168 outbuf[9] = 0;
69377307 2169 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 2170 outbuf[11] = 0;
ee3659e3
CH		 2171 outbuf[12] = 0;
2172 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 2173
2174 /* set TPE bit if the format supports discard */
2175 if (s->qdev.conf.discard_granularity) {
2176 outbuf[14] = 0x80;
2177 }
2178
5dd90e2a 2179 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 2180 break;
2181 }
59ee9500 2182 trace_scsi_disk_emulate_command_SAI_unsupported();
5dd90e2a 2183 goto illegal_request;
101aa85f
PB		 2184 case SYNCHRONIZE_CACHE:
2185 /* The request is used as the AIO opaque value, so add a ref. */
2186 scsi_req_ref(&r->req);
4be74634 2187 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 2188 BLOCK_ACCT_FLUSH);
4be74634 2189 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
101aa85f
PB		 2190 return 0;
2191 case SEEK_10:
59ee9500 2192 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
101aa85f
PB		 2193 if (r->req.cmd.lba > s->qdev.max_lba) {
2194 goto illegal_lba;
2195 }
2196 break;
101aa85f 2197 case MODE_SELECT:
59ee9500 2198 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
101aa85f
PB		 2199 break;
2200 case MODE_SELECT_10:
59ee9500 2201 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
101aa85f 2202 break;
5222aaf2 2203 case UNMAP:
59ee9500 2204 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
5222aaf2 2205 break;
d97e7730
PB		 2206 case VERIFY_10:
2207 case VERIFY_12:
2208 case VERIFY_16:
59ee9500 2209 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
d97e7730
PB		 2210 if (req->cmd.buf[1] & 6) {
2211 goto illegal_request;
2212 }
2213 break;
101aa85f 2214 case WRITE_SAME_10:
101aa85f 2215 case WRITE_SAME_16:
59ee9500
LV		 2216 trace_scsi_disk_emulate_command_WRITE_SAME(
2217 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
84f94a9a 2218 break;
6ab71761
MCA		 2219 case FORMAT_UNIT:
2220 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer);
2221 break;
aa5dbdc1 2222 default:
59ee9500
LV		 2223 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2224 scsi_command_name(buf[0]));
b45ef674 2225 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 2226 return 0;
aa5dbdc1 2227 }
314a3299 2228 assert(!r->req.aiocb);
c8dcb531 2229 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 2230 if (r->iov.iov_len == 0) {
2231 scsi_req_complete(&r->req, GOOD);
2232 }
af6d510d
PB		 2233 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2234 assert(r->iov.iov_len == req->cmd.xfer);
2235 return -r->iov.iov_len;
2236 } else {
2237 return r->iov.iov_len;
2238 }
aa5dbdc1 2239
aa5dbdc1 2240illegal_request:
cfc606da
PB		 2241 if (r->req.status == -1) {
2242 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2243 }
b08d0ea0 2244 return 0;
101aa85f
PB		 2245
2246illegal_lba:
2247 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2248 return 0;
aa5dbdc1
GH		 2249}
2250
2e5d83bb
PB		 2251/* Execute a scsi command. Returns the length of the data expected by the
2252 command. This will be Positive for data transfers from the device
2253 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2254 and zero if the command does not transfer any data. */
2255
b08d0ea0 2256static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 2257{
5c6c0e51
HR		 2258 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2259 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
94f8ba11 2260 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
e93176d5 2261 uint32_t len;
a917d384 2262 uint8_t command;
a917d384
PB		 2263
2264 command = buf[0];
aa5dbdc1 2265
cd723b85 2266 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 2267 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2268 return 0;
9bcaf4fe
PB		 2269 }
2270
1894df02 2271 len = scsi_data_cdb_xfer(r->req.cmd.buf);
a917d384 2272 switch (command) {
ebf46023
GH		 2273 case READ_6:
2274 case READ_10:
bd536cf3
GH		 2275 case READ_12:
2276 case READ_16:
59ee9500 2277 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2343be0d
PB		 2278 /* Protection information is not supported. For SCSI versions 2 and
2279 * older (as determined by snooping the guest's INQUIRY commands),
2280 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2281 */
2282 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
96bdbbab
RS		 2283 goto illegal_request;
2284 }
444bc908 2285 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2286 goto illegal_lba;
f01b5931 2287 }
3dc516bf
PMD		 2288 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2289 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2e5d83bb 2290 break;
ebf46023
GH		 2291 case WRITE_6:
2292 case WRITE_10:
bd536cf3
GH		 2293 case WRITE_12:
2294 case WRITE_16:
5e30a07d 2295 case WRITE_VERIFY_10:
ebef0bbb
BK		 2296 case WRITE_VERIFY_12:
2297 case WRITE_VERIFY_16:
86b1cf32 2298 if (!blk_is_writable(s->qdev.conf.blk)) {
6a8a685c
RS		 2299 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2300 return 0;
2301 }
59ee9500 2302 trace_scsi_disk_dma_command_WRITE(
2dd791b6
HR		 2303 (command & 0xe) == 0xe ? "And Verify " : "",
2304 r->req.cmd.lba, len);
4f04560b 2305 /* fall through */
166dbda7
PB		 2306 case VERIFY_10:
2307 case VERIFY_12:
2308 case VERIFY_16:
2309 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2310 * As far as DMA is concerned, we can treat it the same as a write;
2311 * scsi_block_do_sgio will send VERIFY commands.
2312 */
2343be0d 2313 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
96bdbbab
RS		 2314 goto illegal_request;
2315 }
444bc908 2316 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2317 goto illegal_lba;
f01b5931 2318 }
3dc516bf
PMD		 2319 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2320 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2e5d83bb 2321 break;
101aa85f 2322 default:
b08d0ea0 2323 abort();
96bdbbab
RS		 2324 illegal_request:
2325 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2326 return 0;
274fb0e1 2327 illegal_lba:
b45ef674 2328 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 2329 return 0;
2e5d83bb 2330 }
94f8ba11 2331 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
b08d0ea0 2332 if (r->sector_count == 0) {
b45ef674 2333 scsi_req_complete(&r->req, GOOD);
a917d384 2334 }
b08d0ea0 2335 assert(r->iov.iov_len == 0);
efb9ee02 2336 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
3dc516bf 2337 return -r->sector_count * BDRV_SECTOR_SIZE;
a917d384 2338 } else {
3dc516bf 2339 return r->sector_count * BDRV_SECTOR_SIZE;
2e5d83bb 2340 }
2e5d83bb
PB		 2341}
2342
e9447f35
JK		 2343static void scsi_disk_reset(DeviceState *dev)
2344{
2345 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2346 uint64_t nb_sectors;
c86422c5 2347 AioContext *ctx;
e9447f35 2348
c7b48872 2349 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 2350
c86422c5
EGE		 2351 ctx = blk_get_aio_context(s->qdev.conf.blk);
2352 aio_context_acquire(ctx);
4be74634 2353 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
c86422c5
EGE		 2354 aio_context_release(ctx);
2355
3dc516bf 2356 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
e9447f35
JK		 2357 if (nb_sectors) {
2358 nb_sectors--;
2359 }
7877903a 2360 s->qdev.max_lba = nb_sectors;
7721c7f7
PH		 2361 /* reset tray statuses */
2362 s->tray_locked = 0;
2363 s->tray_open = 0;
2343be0d
PB		 2364
2365 s->qdev.scsi_version = s->qdev.default_scsi_version;
e9447f35
JK		 2366}
2367
766aa2de
SH		 2368static void scsi_disk_drained_begin(void *opaque)
2369{
2370 SCSIDiskState *s = opaque;
2371
2372 scsi_device_drained_begin(&s->qdev);
2373}
2374
2375static void scsi_disk_drained_end(void *opaque)
2376{
2377 SCSIDiskState *s = opaque;
2378
2379 scsi_device_drained_end(&s->qdev);
2380}
2381
aaebacef
PB		 2382static void scsi_disk_resize_cb(void *opaque)
2383{
2384 SCSIDiskState *s = opaque;
2385
2386 /* SPC lists this sense code as available only for
2387 * direct-access devices.
2388 */
2389 if (s->qdev.type == TYPE_DISK) {
53200fad 2390 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 2391 }
2392}
2393
39829a01 2394static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2c6942fa 2395{
8a9c16f6
PB		 2396 SCSIDiskState *s = opaque;
2397
2398 /*
2399 * When a CD gets changed, we have to report an ejected state and
2400 * then a loaded state to guests so that they detect tray
2401 * open/close and media change events. Guests that do not use
2402 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2403 * states rely on this behavior.
2404 *
2405 * media_changed governs the state machine used for unit attention
2406 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2407 */
2408 s->media_changed = load;
2409 s->tray_open = !load;
e48e84ea 2410 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2411 s->media_event = true;
4480de19
PB		 2412 s->eject_request = false;
2413}
2414
2415static void scsi_cd_eject_request_cb(void *opaque, bool force)
2416{
2417 SCSIDiskState *s = opaque;
2418
2419 s->eject_request = true;
2420 if (force) {
2421 s->tray_locked = false;
2422 }
2c6942fa
MA		 2423}
2424
e4def80b
MA		 2425static bool scsi_cd_is_tray_open(void *opaque)
2426{
2427 return ((SCSIDiskState *)opaque)->tray_open;
2428}
2429
f107639a
MA		 2430static bool scsi_cd_is_medium_locked(void *opaque)
2431{
2432 return ((SCSIDiskState *)opaque)->tray_locked;
2433}
2434
aaebacef 2435static const BlockDevOps scsi_disk_removable_block_ops = {
766aa2de
SH		 2436 .change_media_cb = scsi_cd_change_media_cb,
2437 .drained_begin = scsi_disk_drained_begin,
2438 .drained_end = scsi_disk_drained_end,
4480de19 2439 .eject_request_cb = scsi_cd_eject_request_cb,
f107639a 2440 .is_medium_locked = scsi_cd_is_medium_locked,
766aa2de
SH		 2441 .is_tray_open = scsi_cd_is_tray_open,
2442 .resize_cb = scsi_disk_resize_cb,
aaebacef
PB		 2443};
2444
2445static const BlockDevOps scsi_disk_block_ops = {
766aa2de
SH		 2446 .drained_begin = scsi_disk_drained_begin,
2447 .drained_end = scsi_disk_drained_end,
2448 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2449};
2450
8a9c16f6
PB		 2451static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2452{
2453 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2454 if (s->media_changed) {
2455 s->media_changed = false;
e48e84ea 2456 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2457 }
2458}
2459
a818a4b6 2460static void scsi_realize(SCSIDevice *dev, Error **errp)
2e5d83bb 2461{
d52affa7 2462 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
7cef3d12 2463 bool read_only;
2e5d83bb 2464
4be74634 2465 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2466 error_setg(errp, "drive property not set");
2467 return;
d52affa7
GH		 2468 }
2469
bfe3d7ac 2470 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
4be74634 2471 !blk_is_inserted(s->qdev.conf.blk)) {
a818a4b6
FZ		 2472 error_setg(errp, "Device needs media, but drive is empty");
2473 return;
98f28ad7
MA		 2474 }
2475
c56ee92f 2476 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
3da023b5
MK		 2477 return;
2478 }
2479
4f71fb43
KW		 2480 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2481 !s->qdev.hba_supports_iothread)
2482 {
2483 error_setg(errp, "HBA does not support iothreads");
2484 return;
2485 }
2486
5ff5efb4 2487 if (dev->type == TYPE_DISK) {
ceff3e1f 2488 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
a818a4b6 2489 return;
5ff5efb4 2490 }
b7eb0c9f 2491 }
7cef3d12 2492
86b1cf32 2493 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
7cef3d12
KW		 2494 if (dev->type == TYPE_ROM) {
2495 read_only = true;
2496 }
2497
2498 if (!blkconf_apply_backend_options(&dev->conf, read_only,
ceff3e1f 2499 dev->type == TYPE_DISK, errp)) {
a17c17a2
KW		 2500 return;
2501 }
a0fef654 2502
215e47b9
PB		 2503 if (s->qdev.conf.discard_granularity == -1) {
2504 s->qdev.conf.discard_granularity =
2505 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2506 }
2507
552fee93 2508 if (!s->version) {
35c2c8dc 2509 s->version = g_strdup(qemu_hw_version());
552fee93 2510 }
353815aa
DF		 2511 if (!s->vendor) {
2512 s->vendor = g_strdup("QEMU");
2513 }
7471a649
KW		 2514 if (!s->device_id) {
2515 if (s->serial) {
2516 s->device_id = g_strdup_printf("%.20s", s->serial);
2517 } else {
2518 const char *str = blk_name(s->qdev.conf.blk);
2519 if (str && *str) {
2520 s->device_id = g_strdup(str);
2521 }
2522 }
2523 }
552fee93 2524
4be74634 2525 if (blk_is_sg(s->qdev.conf.blk)) {
a818a4b6
FZ		 2526 error_setg(errp, "unwanted /dev/sg*");
2527 return;
32bb404a
MA		 2528 }
2529
18e673b8
PH		 2530 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2531 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
4be74634 2532 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
aaebacef 2533 } else {
4be74634 2534 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2e5d83bb 2535 }
8cfacf07 2536
4be74634 2537 blk_iostatus_enable(s->qdev.conf.blk);
71f571a2
SE		 2538
2539 add_boot_device_lchs(&dev->qdev, NULL,
2540 dev->conf.lcyls,
2541 dev->conf.lheads,
2542 dev->conf.lsecs);
2543}
2544
b69c3c21 2545static void scsi_unrealize(SCSIDevice *dev)
71f571a2
SE		 2546{
2547 del_boot_device_lchs(&dev->qdev, NULL);
d52affa7
GH		 2548}
2549
a818a4b6 2550static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2551{
e39be482 2552 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
3ff35ba3 2553 AioContext *ctx = NULL;
df1d4c34
ET		 2554 /* can happen for devices without drive. The error message for missing
2555 * backend will be issued in scsi_realize
2556 */
2557 if (s->qdev.conf.blk) {
3ff35ba3
AG		 2558 ctx = blk_get_aio_context(s->qdev.conf.blk);
2559 aio_context_acquire(ctx);
c56ee92f
RK		 2560 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2561 goto out;
2562 }
df1d4c34 2563 }
e39be482
PB		 2564 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2565 s->qdev.type = TYPE_DISK;
353815aa
DF		 2566 if (!s->product) {
2567 s->product = g_strdup("QEMU HARDDISK");
2568 }
a818a4b6 2569 scsi_realize(&s->qdev, errp);
c56ee92f 2570out:
3ff35ba3
AG		 2571 if (ctx) {
2572 aio_context_release(ctx);
2573 }
b443ae67
MA		 2574}
2575
a818a4b6 2576static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2577{
e39be482 2578 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
3ff35ba3 2579 AioContext *ctx;
83b4fe0e 2580 int ret;
298c31de 2581 uint32_t blocksize = 2048;
9ef6e505
KW		 2582
2583 if (!dev->conf.blk) {
83b4fe0e
KW		 2584 /* Anonymous BlockBackend for an empty drive. As we put it into
2585 * dev->conf, qdev takes care of detaching on unplug. */
d861ab3a 2586 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
83b4fe0e
KW		 2587 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2588 assert(ret == 0);
9ef6e505
KW		 2589 }
2590
298c31de
JM		 2591 if (dev->conf.physical_block_size != 0) {
2592 blocksize = dev->conf.physical_block_size;
2593 }
2594
3ff35ba3
AG		 2595 ctx = blk_get_aio_context(dev->conf.blk);
2596 aio_context_acquire(ctx);
298c31de 2597 s->qdev.blocksize = blocksize;
e39be482 2598 s->qdev.type = TYPE_ROM;
bfe3d7ac 2599 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2600 if (!s->product) {
2601 s->product = g_strdup("QEMU CD-ROM");
2602 }
a818a4b6 2603 scsi_realize(&s->qdev, errp);
3ff35ba3 2604 aio_context_release(ctx);
b443ae67
MA		 2605}
2606
b443ae67 2607
b08d0ea0 2608static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2609 .size = sizeof(SCSIDiskReq),
12010e7b 2610 .free_req = scsi_free_request,
b08d0ea0 2611 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2612 .read_data = scsi_disk_emulate_read_data,
2613 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2614 .get_buf = scsi_get_buf,
2615};
2616
2617static const SCSIReqOps scsi_disk_dma_reqops = {
2618 .size = sizeof(SCSIDiskReq),
2619 .free_req = scsi_free_request,
2620 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2621 .read_data = scsi_read_data,
2622 .write_data = scsi_write_data,
12010e7b 2623 .get_buf = scsi_get_buf,
43b978b9
PB		 2624 .load_request = scsi_disk_load_request,
2625 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2626};
2627
b08d0ea0
PB		 2628static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2629 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2630 [INQUIRY] = &scsi_disk_emulate_reqops,
2631 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2632 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2633 [START_STOP] = &scsi_disk_emulate_reqops,
2634 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2635 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2636 [READ_TOC] = &scsi_disk_emulate_reqops,
2637 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2638 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2639 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2640 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2641 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2642 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2643 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2644 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2645 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2646 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2647 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2648 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2649 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2650 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
d97e7730
PB		 2651 [VERIFY_10] = &scsi_disk_emulate_reqops,
2652 [VERIFY_12] = &scsi_disk_emulate_reqops,
2653 [VERIFY_16] = &scsi_disk_emulate_reqops,
6ab71761 2654 [FORMAT_UNIT] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2655
2656 [READ_6] = &scsi_disk_dma_reqops,
2657 [READ_10] = &scsi_disk_dma_reqops,
2658 [READ_12] = &scsi_disk_dma_reqops,
2659 [READ_16] = &scsi_disk_dma_reqops,
b08d0ea0
PB		 2660 [WRITE_6] = &scsi_disk_dma_reqops,
2661 [WRITE_10] = &scsi_disk_dma_reqops,
2662 [WRITE_12] = &scsi_disk_dma_reqops,
2663 [WRITE_16] = &scsi_disk_dma_reqops,
2664 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2665 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2666 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2667};
2668
59ee9500
LV		 2669static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2670{
2671 int i;
2672 int len = scsi_cdb_length(buf);
2673 char *line_buffer, *p;
2674
e91bae8e 2675 assert(len > 0 && len <= 16);
59ee9500
LV		 2676 line_buffer = g_malloc(len * 5 + 1);
2677
2678 for (i = 0, p = line_buffer; i < len; i++) {
2679 p += sprintf(p, " 0x%02x", buf[i]);
2680 }
2681 trace_scsi_disk_new_request(lun, tag, line_buffer);
2682
2683 g_free(line_buffer);
2684}
2685
63db0f0e
PB		 2686static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2687 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2688{
2689 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2690 SCSIRequest *req;
b08d0ea0
PB		 2691 const SCSIReqOps *ops;
2692 uint8_t command;
8dbd4574 2693
79fb50bb
PB		 2694 command = buf[0];
2695 ops = scsi_disk_reqops_dispatch[command];
2696 if (!ops) {
2697 ops = &scsi_disk_emulate_reqops;
2698 }
2699 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2700
59ee9500
LV		 2701 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2702 scsi_disk_new_request_dump(lun, tag, buf);
b08d0ea0 2703 }
b08d0ea0 2704
8dbd4574
PB		 2705 return req;
2706}
2707
336a6915
PB		 2708#ifdef __linux__
2709static int get_device_type(SCSIDiskState *s)
2710{
336a6915
PB		 2711 uint8_t cmd[16];
2712 uint8_t buf[36];
336a6915
PB		 2713 int ret;
2714
2715 memset(cmd, 0, sizeof(cmd));
2716 memset(buf, 0, sizeof(buf));
2717 cmd[0] = INQUIRY;
2718 cmd[4] = sizeof(buf);
2719
a0c7e35b 2720 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
c9b6609b 2721 buf, sizeof(buf), s->qdev.io_timeout);
a0c7e35b 2722 if (ret < 0) {
336a6915
PB		 2723 return -1;
2724 }
2725 s->qdev.type = buf[0];
bfe3d7ac
PB		 2726 if (buf[1] & 0x80) {
2727 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2728 }
336a6915
PB		 2729 return 0;
2730}
2731
a818a4b6 2732static void scsi_block_realize(SCSIDevice *dev, Error **errp)
336a6915
PB		 2733{
2734 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
3ff35ba3 2735 AioContext *ctx;
336a6915
PB		 2736 int sg_version;
2737 int rc;
2738
4be74634 2739 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2740 error_setg(errp, "drive property not set");
2741 return;
336a6915
PB		 2742 }
2743
51f43d57
FZ		 2744 if (s->rotation_rate) {
2745 error_report_once("rotation_rate is specified for scsi-block but is "
2746 "not implemented. This option is deprecated and will "
2747 "be removed in a future version");
2748 }
2749
3ff35ba3
AG		 2750 ctx = blk_get_aio_context(s->qdev.conf.blk);
2751 aio_context_acquire(ctx);
2752
336a6915 2753 /* check we are using a driver managing SG_IO (version 3 and after) */
4be74634 2754 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
4bbeb8b1 2755 if (rc < 0) {
09c2c6ff
PB		 2756 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2757 if (rc != -EPERM) {
2758 error_append_hint(errp, "Is this a SCSI device?\n");
2759 }
3ff35ba3 2760 goto out;
4bbeb8b1
FZ		 2761 }
2762 if (sg_version < 30000) {
a818a4b6 2763 error_setg(errp, "scsi generic interface too old");
3ff35ba3 2764 goto out;
336a6915
PB		 2765 }
2766
2767 /* get device type from INQUIRY data */
2768 rc = get_device_type(s);
2769 if (rc < 0) {
a818a4b6 2770 error_setg(errp, "INQUIRY failed");
3ff35ba3 2771 goto out;
336a6915
PB		 2772 }
2773
2774 /* Make a guess for the block size, we'll fix it when the guest sends.
2775 * READ CAPACITY. If they don't, they likely would assume these sizes
2776 * anyway. (TODO: check in /sys).
2777 */
2778 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2779 s->qdev.blocksize = 2048;
2780 } else {
2781 s->qdev.blocksize = 512;
2782 }
18e673b8
PH		 2783
2784 /* Makes the scsi-block device not removable by using HMP and QMP eject
2785 * command.
2786 */
2787 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2788
a818a4b6 2789 scsi_realize(&s->qdev, errp);
a71c775b 2790 scsi_generic_read_device_inquiry(&s->qdev);
3ff35ba3
AG		 2791
2792out:
2793 aio_context_release(ctx);
336a6915
PB		 2794}
2795
8fdc7839
PB		 2796typedef struct SCSIBlockReq {
2797 SCSIDiskReq req;
2798 sg_io_hdr_t io_header;
2799
2800 /* Selected bytes of the original CDB, copied into our own CDB. */
2801 uint8_t cmd, cdb1, group_number;
2802
2803 /* CDB passed to SG_IO. */
2804 uint8_t cdb[16];
a108557b
HR		 2805 BlockCompletionFunc *cb;
2806 void *cb_opaque;
8fdc7839
PB		 2807} SCSIBlockReq;
2808
a108557b
HR		 2809static void scsi_block_sgio_complete(void *opaque, int ret)
2810{
2811 SCSIBlockReq *req = (SCSIBlockReq *)opaque;
2812 SCSIDiskReq *r = &req->req;
2813 SCSIDevice *s = r->req.dev;
2814 sg_io_hdr_t *io_hdr = &req->io_header;
a108557b
HR		 2815
2816 if (ret == 0) {
2817 if (io_hdr->host_status != SCSI_HOST_OK) {
f3126d65
HR		 2818 scsi_req_complete_failed(&r->req, io_hdr->host_status);
2819 scsi_req_unref(&r->req);
2820 return;
2821 }
2822
2823 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
a108557b
HR		 2824 ret = BUSY;
2825 } else {
2826 ret = io_hdr->status;
2827 }
2828
2829 if (ret > 0) {
2830 aio_context_acquire(blk_get_aio_context(s->conf.blk));
2831 if (scsi_handle_rw_error(r, ret, true)) {
2832 aio_context_release(blk_get_aio_context(s->conf.blk));
2833 scsi_req_unref(&r->req);
2834 return;
2835 }
2836 aio_context_release(blk_get_aio_context(s->conf.blk));
2837
2838 /* Ignore error. */
2839 ret = 0;
2840 }
2841 }
2842
2843 req->cb(req->cb_opaque, ret);
2844}
2845
8fdc7839
PB		 2846static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2847 int64_t offset, QEMUIOVector *iov,
2848 int direction,
2849 BlockCompletionFunc *cb, void *opaque)
2850{
2851 sg_io_hdr_t *io_header = &req->io_header;
2852 SCSIDiskReq *r = &req->req;
2853 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2854 int nb_logical_blocks;
2855 uint64_t lba;
2856 BlockAIOCB *aiocb;
2857
2858 /* This is not supported yet. It can only happen if the guest does
2859 * reads and writes that are not aligned to one logical sectors
2860 * _and_ cover multiple MemoryRegions.
2861 */
2862 assert(offset % s->qdev.blocksize == 0);
2863 assert(iov->size % s->qdev.blocksize == 0);
2864
2865 io_header->interface_id = 'S';
2866
2867 /* The data transfer comes from the QEMUIOVector. */
2868 io_header->dxfer_direction = direction;
2869 io_header->dxfer_len = iov->size;
2870 io_header->dxferp = (void *)iov->iov;
2871 io_header->iovec_count = iov->niov;
2872 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2873
2874 /* Build a new CDB with the LBA and length patched in, in case
2875 * DMA helpers split the transfer in multiple segments. Do not
2876 * build a CDB smaller than what the guest wanted, and only build
2877 * a larger one if strictly necessary.
2878 */
2879 io_header->cmdp = req->cdb;
2880 lba = offset / s->qdev.blocksize;
2881 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2882
2883 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2884 /* 6-byte CDB */
2885 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2886 req->cdb[4] = nb_logical_blocks;
2887 req->cdb[5] = 0;
2888 io_header->cmd_len = 6;
2889 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2890 /* 10-byte CDB */
2891 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2892 req->cdb[1] = req->cdb1;
2893 stl_be_p(&req->cdb[2], lba);
2894 req->cdb[6] = req->group_number;
2895 stw_be_p(&req->cdb[7], nb_logical_blocks);
2896 req->cdb[9] = 0;
2897 io_header->cmd_len = 10;
2898 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2899 /* 12-byte CDB */
2900 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2901 req->cdb[1] = req->cdb1;
2902 stl_be_p(&req->cdb[2], lba);
2903 stl_be_p(&req->cdb[6], nb_logical_blocks);
2904 req->cdb[10] = req->group_number;
2905 req->cdb[11] = 0;
2906 io_header->cmd_len = 12;
2907 } else {
2908 /* 16-byte CDB */
2909 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2910 req->cdb[1] = req->cdb1;
2911 stq_be_p(&req->cdb[2], lba);
2912 stl_be_p(&req->cdb[10], nb_logical_blocks);
2913 req->cdb[14] = req->group_number;
2914 req->cdb[15] = 0;
2915 io_header->cmd_len = 16;
2916 }
2917
2918 /* The rest is as in scsi-generic.c. */
2919 io_header->mx_sb_len = sizeof(r->req.sense);
2920 io_header->sbp = r->req.sense;
c9b6609b 2921 io_header->timeout = s->qdev.io_timeout * 1000;
8fdc7839
PB		 2922 io_header->usr_ptr = r;
2923 io_header->flags |= SG_FLAG_DIRECT_IO;
a108557b
HR		 2924 req->cb = cb;
2925 req->cb_opaque = opaque;
b2d50a33
HR		 2926 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2927 nb_logical_blocks, io_header->timeout);
a108557b 2928 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req);
8fdc7839
PB		 2929 assert(aiocb != NULL);
2930 return aiocb;
2931}
2932
2933static bool scsi_block_no_fua(SCSICommand *cmd)
2934{
2935 return false;
2936}
2937
2938static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2939 QEMUIOVector *iov,
2940 BlockCompletionFunc *cb, void *cb_opaque,
2941 void *opaque)
2942{
2943 SCSIBlockReq *r = opaque;
2944 return scsi_block_do_sgio(r, offset, iov,
2945 SG_DXFER_FROM_DEV, cb, cb_opaque);
2946}
2947
2948static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2949 QEMUIOVector *iov,
2950 BlockCompletionFunc *cb, void *cb_opaque,
2951 void *opaque)
2952{
2953 SCSIBlockReq *r = opaque;
2954 return scsi_block_do_sgio(r, offset, iov,
2955 SG_DXFER_TO_DEV, cb, cb_opaque);
2956}
2957
592c3b28 2958static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
336a6915 2959{
336a6915 2960 switch (buf[0]) {
8fdc7839
PB		 2961 case VERIFY_10:
2962 case VERIFY_12:
2963 case VERIFY_16:
2964 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2965 * for the number of logical blocks specified in the length
2966 * field). For other modes, do not use scatter/gather operation.
2967 */
1f8af0d1 2968 if ((buf[1] & 6) == 2) {
8fdc7839
PB		 2969 return false;
2970 }
2971 break;
2972
336a6915
PB		 2973 case READ_6:
2974 case READ_10:
2975 case READ_12:
2976 case READ_16:
2977 case WRITE_6:
2978 case WRITE_10:
2979 case WRITE_12:
2980 case WRITE_16:
2981 case WRITE_VERIFY_10:
2982 case WRITE_VERIFY_12:
2983 case WRITE_VERIFY_16:
8fdc7839 2984 /* MMC writing cannot be done via DMA helpers, because it sometimes
33ebad12 2985 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
166dbda7 2986 * We might use scsi_block_dma_reqops as long as no writing commands are
33ebad12
PB		 2987 * seen, but performance usually isn't paramount on optical media. So,
2988 * just make scsi-block operate the same as scsi-generic for them.
2989 */
b08d0ea0 2990 if (s->qdev.type != TYPE_ROM) {
592c3b28 2991 return false;
b08d0ea0 2992 }
592c3b28
PB		 2993 break;
2994
2995 default:
2996 break;
336a6915
PB		 2997 }
2998
592c3b28
PB		 2999 return true;
3000}
3001
3002
8fdc7839
PB		 3003static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
3004{
3005 SCSIBlockReq *r = (SCSIBlockReq *)req;
2343be0d
PB		 3006 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
3007
8fdc7839
PB		 3008 r->cmd = req->cmd.buf[0];
3009 switch (r->cmd >> 5) {
3010 case 0:
3011 /* 6-byte CDB. */
3012 r->cdb1 = r->group_number = 0;
3013 break;
3014 case 1:
3015 /* 10-byte CDB. */
3016 r->cdb1 = req->cmd.buf[1];
3017 r->group_number = req->cmd.buf[6];
ed45cae3 3018 break;
8fdc7839
PB		 3019 case 4:
3020 /* 12-byte CDB. */
3021 r->cdb1 = req->cmd.buf[1];
3022 r->group_number = req->cmd.buf[10];
3023 break;
3024 case 5:
3025 /* 16-byte CDB. */
3026 r->cdb1 = req->cmd.buf[1];
3027 r->group_number = req->cmd.buf[14];
3028 break;
3029 default:
3030 abort();
3031 }
3032
2343be0d
PB		 3033 /* Protection information is not supported. For SCSI versions 2 and
3034 * older (as determined by snooping the guest's INQUIRY commands),
3035 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
3036 */
3037 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
8fdc7839
PB		 3038 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
3039 return 0;
3040 }
3041
8fdc7839
PB		 3042 return scsi_disk_dma_command(req, buf);
3043}
3044
3045static const SCSIReqOps scsi_block_dma_reqops = {
3046 .size = sizeof(SCSIBlockReq),
3047 .free_req = scsi_free_request,
3048 .send_command = scsi_block_dma_command,
3049 .read_data = scsi_read_data,
3050 .write_data = scsi_write_data,
3051 .get_buf = scsi_get_buf,
3052 .load_request = scsi_disk_load_request,
3053 .save_request = scsi_disk_save_request,
3054};
3055
592c3b28
PB		 3056static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
3057 uint32_t lun, uint8_t *buf,
3058 void *hba_private)
3059{
3060 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3061
3062 if (scsi_block_is_passthrough(s, buf)) {
3063 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
3064 hba_private);
3065 } else {
8fdc7839 3066 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
592c3b28
PB		 3067 hba_private);
3068 }
336a6915 3069}
3e7e180a
PB		 3070
3071static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
fe9d8927
JM		 3072 uint8_t *buf, size_t buf_len,
3073 void *hba_private)
3e7e180a
PB		 3074{
3075 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3076
3077 if (scsi_block_is_passthrough(s, buf)) {
fe9d8927 3078 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private);
3e7e180a 3079 } else {
fe9d8927 3080 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len);
3e7e180a
PB		 3081 }
3082}
3083
d31347f5
SK		 3084static void scsi_block_update_sense(SCSIRequest *req)
3085{
3086 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
3087 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
3088 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
3089}
336a6915
PB		 3090#endif
3091
fcaafb10
PB		 3092static
3093BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
3094 BlockCompletionFunc *cb, void *cb_opaque,
3095 void *opaque)
3096{
3097 SCSIDiskReq *r = opaque;
3098 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3099 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3100}
3101
3102static
3103BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
3104 BlockCompletionFunc *cb, void *cb_opaque,
3105 void *opaque)
3106{
3107 SCSIDiskReq *r = opaque;
3108 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3109 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3110}
3111
993935f3
PB		 3112static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
3113{
3114 DeviceClass *dc = DEVICE_CLASS(klass);
fcaafb10 3115 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
993935f3
PB		 3116
3117 dc->fw_name = "disk";
3118 dc->reset = scsi_disk_reset;
fcaafb10
PB		 3119 sdc->dma_readv = scsi_dma_readv;
3120 sdc->dma_writev = scsi_dma_writev;
94f8ba11 3121 sdc->need_fua_emulation = scsi_is_cmd_fua;
993935f3
PB		 3122}
3123
3124static const TypeInfo scsi_disk_base_info = {
3125 .name = TYPE_SCSI_DISK_BASE,
3126 .parent = TYPE_SCSI_DEVICE,
3127 .class_init = scsi_disk_base_class_initfn,
3128 .instance_size = sizeof(SCSIDiskState),
fcaafb10 3129 .class_size = sizeof(SCSIDiskClass),
6214a11a 3130 .abstract = true,
993935f3
PB		 3131};
3132
4f71fb43
KW		 3133#define DEFINE_SCSI_DISK_PROPERTIES() \
3134 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
3135 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
3136 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3137 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
3138 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
3139 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
3140 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
7471a649
KW		 3141 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
3142
b443ae67 3143
39bffca2
AL		 3144static Property scsi_hd_properties[] = {
3145 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 3146 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3147 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 3148 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3149 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 3150 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3151 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 3152 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 3153 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3154 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 3155 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3156 DEFAULT_MAX_IO_SIZE),
070f8009 3157 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
2343be0d
PB		 3158 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3159 5),
09274de1
MCA		 3160 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3161 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3162 0),
d252df48 3163 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 3164 DEFINE_PROP_END_OF_LIST(),
3165};
3166
43b978b9
PB		 3167static const VMStateDescription vmstate_scsi_disk_state = {
3168 .name = "scsi-disk",
3169 .version_id = 1,
3170 .minimum_version_id = 1,
43b978b9
PB		 3171 .fields = (VMStateField[]) {
3172 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3173 VMSTATE_BOOL(media_changed, SCSIDiskState),
3174 VMSTATE_BOOL(media_event, SCSIDiskState),
3175 VMSTATE_BOOL(eject_request, SCSIDiskState),
3176 VMSTATE_BOOL(tray_open, SCSIDiskState),
3177 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3178 VMSTATE_END_OF_LIST()
3179 }
3180};
3181
b9eea3e6
AL		 3182static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3183{
39bffca2 3184 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 3185 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3186
a818a4b6 3187 sc->realize = scsi_hd_realize;
71f571a2 3188 sc->unrealize = scsi_unrealize;
b9eea3e6
AL		 3189 sc->alloc_req = scsi_new_request;
3190 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 3191 dc->desc = "virtual SCSI disk";
4f67d30b 3192 device_class_set_props(dc, scsi_hd_properties);
43b978b9 3193 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3194}
3195
8c43a6f0 3196static const TypeInfo scsi_hd_info = {
39bffca2 3197 .name = "scsi-hd",
993935f3 3198 .parent = TYPE_SCSI_DISK_BASE,
39bffca2
AL		 3199 .class_init = scsi_hd_class_initfn,
3200};
3201
3202static Property scsi_cd_properties[] = {
3203 DEFINE_SCSI_DISK_PROPERTIES(),
2ecab408
PB		 3204 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3205 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 3206 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
f8e1f533
PB		 3207 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3208 DEFAULT_MAX_IO_SIZE),
2343be0d
PB		 3209 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3210 5),
09d37867
MCA		 3211 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks,
3212 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0),
f43c2b94
MCA		 3213 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks,
3214 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0),
09274de1
MCA		 3215 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3216 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3217 0),
389e18eb
MCA		 3218 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks,
3219 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0),
39bffca2 3220 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 3221};
3222
3223static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3224{
39bffca2 3225 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 3226 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3227
a818a4b6 3228 sc->realize = scsi_cd_realize;
b9eea3e6
AL		 3229 sc->alloc_req = scsi_new_request;
3230 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 3231 dc->desc = "virtual SCSI CD-ROM";
4f67d30b 3232 device_class_set_props(dc, scsi_cd_properties);
43b978b9 3233 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3234}
3235
8c43a6f0 3236static const TypeInfo scsi_cd_info = {
39bffca2 3237 .name = "scsi-cd",
993935f3 3238 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3239 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 3240};
3241
336a6915 3242#ifdef __linux__
39bffca2 3243static Property scsi_block_properties[] = {
78ee6bd0 3244 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
4be74634 3245 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
07488549 3246 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
070f8009 3247 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
0a96ca24
DHB		 3248 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3249 DEFAULT_MAX_UNMAP_SIZE),
3250 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3251 DEFAULT_MAX_IO_SIZE),
2343be0d 3252 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
29e560f0 3253 -1),
c9b6609b
HR		 3254 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3255 DEFAULT_IO_TIMEOUT),
39bffca2
AL		 3256 DEFINE_PROP_END_OF_LIST(),
3257};
3258
b9eea3e6
AL		 3259static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3260{
39bffca2 3261 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6 3262 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
8fdc7839 3263 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
b9eea3e6 3264
a818a4b6 3265 sc->realize = scsi_block_realize;
b9eea3e6 3266 sc->alloc_req = scsi_block_new_request;
3e7e180a 3267 sc->parse_cdb = scsi_block_parse_cdb;
8fdc7839
PB		 3268 sdc->dma_readv = scsi_block_dma_readv;
3269 sdc->dma_writev = scsi_block_dma_writev;
d31347f5 3270 sdc->update_sense = scsi_block_update_sense;
8fdc7839 3271 sdc->need_fua_emulation = scsi_block_no_fua;
39bffca2 3272 dc->desc = "SCSI block device passthrough";
4f67d30b 3273 device_class_set_props(dc, scsi_block_properties);
43b978b9 3274 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3275}
3276
8c43a6f0 3277static const TypeInfo scsi_block_info = {
39bffca2 3278 .name = "scsi-block",
993935f3 3279 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3280 .class_init = scsi_block_class_initfn,
b9eea3e6 3281};
336a6915 3282#endif
b9eea3e6 3283
83f7d43a 3284static void scsi_disk_register_types(void)
d52affa7 3285{
993935f3 3286 type_register_static(&scsi_disk_base_info);
39bffca2
AL		 3287 type_register_static(&scsi_hd_info);
3288 type_register_static(&scsi_cd_info);
b9eea3e6 3289#ifdef __linux__
39bffca2 3290 type_register_static(&scsi_block_info);
b9eea3e6 3291#endif
8ccc2ace 3292}
83f7d43a
AF		 3293
3294type_init(scsi_disk_register_types)
QEMU mirror