]> git.proxmox.com Git - mirror_qemu.git/blame - hw/scsi/scsi-disk.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi-disk: fix double completion of failing passthrough requests
[mirror_qemu.git] / hw / scsi / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
a4ab4792 31#include "qemu/osdep.h"
7e462605 32#include "qemu/units.h"
da34e65c 33#include "qapi/error.h"
1de7afc9 34#include "qemu/error-report.h"
0d09e41a 35#include "hw/scsi/scsi.h"
08e2c9f1 36#include "scsi/constants.h"
9c17d615 37#include "sysemu/sysemu.h"
4be74634 38#include "sysemu/block-backend.h"
9c17d615 39#include "sysemu/blockdev.h"
0d09e41a 40#include "hw/block/block.h"
9c17d615 41#include "sysemu/dma.h"
f348b6d1 42#include "qemu/cutils.h"
22864256 43
336a6915
PB		 44#ifdef __linux
45#include <scsi/sg.h>
46#endif
47
7e462605
PMD		 48#define SCSI_WRITE_SAME_MAX (512 * KiB)
49#define SCSI_DMA_BUF_SIZE (128 * KiB)
215e47b9
PB		 50#define SCSI_MAX_INQUIRY_LEN 256
51#define SCSI_MAX_MODE_LEN 256
52
7e462605
PMD		 53#define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
54#define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
f8e1f533 55#define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
a917d384 56
993935f3
PB		 57#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
58
fcaafb10
PB		 59#define SCSI_DISK_BASE(obj) \
60 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
61#define SCSI_DISK_BASE_CLASS(klass) \
62 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
63#define SCSI_DISK_BASE_GET_CLASS(obj) \
64 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
65
66typedef struct SCSIDiskClass {
67 SCSIDeviceClass parent_class;
68 DMAIOFunc *dma_readv;
69 DMAIOFunc *dma_writev;
94f8ba11 70 bool (*need_fua_emulation)(SCSICommand *cmd);
fcaafb10 71} SCSIDiskClass;
d52affa7 72
4c41d2ef
GH		 73typedef struct SCSIDiskReq {
74 SCSIRequest req;
a917d384 75 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 76 uint64_t sector;
77 uint32_t sector_count;
7285477a 78 uint32_t buflen;
a0e66a69 79 bool started;
94f8ba11 80 bool need_fua_emulation;
c87c0672
AL		 81 struct iovec iov;
82 QEMUIOVector qiov;
a597e79c 83 BlockAcctCookie acct;
8fdc7839 84 unsigned char *status;
4c41d2ef 85} SCSIDiskReq;
a917d384 86
18e673b8
PH		 87#define SCSI_DISK_F_REMOVABLE 0
88#define SCSI_DISK_F_DPOFUA 1
89#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
bfe3d7ac 90
fcaafb10 91typedef struct SCSIDiskState
a917d384 92{
d52affa7 93 SCSIDevice qdev;
bfe3d7ac 94 uint32_t features;
8a9c16f6 95 bool media_changed;
3c2f7c12 96 bool media_event;
4480de19 97 bool eject_request;
64cc2284 98 uint16_t port_index;
8a1bd297 99 uint64_t max_unmap_size;
f8e1f533 100 uint64_t max_io_size;
213189ab 101 QEMUBH *bh;
383b4d9b 102 char *version;
a0fef654 103 char *serial;
353815aa
DF		 104 char *vendor;
105 char *product;
ece0d5e9 106 bool tray_open;
81b1008d 107 bool tray_locked;
070f8009
DB		 108 /*
109 * 0x0000 - rotation rate not reported
110 * 0x0001 - non-rotating medium (SSD)
111 * 0x0002-0x0400 - reserved
112 * 0x0401-0xffe - rotations per minute
113 * 0xffff - reserved
114 */
115 uint16_t rotation_rate;
fcaafb10 116} SCSIDiskState;
2e5d83bb 117
14b20748 118static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
5dba48a8 119
ad2d30f7 120static void scsi_free_request(SCSIRequest *req)
4d611c9a 121{
ad2d30f7
PB		 122 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
123
db4c34c3 124 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 125}
126
b45ef674
PB		 127/* Helper function for command completion with sense. */
128static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 129{
02fa69b6
BS		 130 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
131 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 132 scsi_req_build_sense(&r->req, sense);
133 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 134}
135
03c90063 136static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 137{
7285477a
PB		 138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
139
140 if (!r->iov.iov_base) {
43b978b9 141 r->buflen = size;
4be74634 142 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 143 }
144 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5 145 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
103b40f5
PB		 146}
147
43b978b9
PB		 148static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
149{
150 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
151
152 qemu_put_be64s(f, &r->sector);
153 qemu_put_be32s(f, &r->sector_count);
154 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 155 if (r->buflen) {
156 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 } else if (!req->retry) {
159 uint32_t len = r->iov.iov_len;
160 qemu_put_be32s(f, &len);
161 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
162 }
43b978b9
PB		 163 }
164}
165
166static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
167{
168 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
169
170 qemu_get_be64s(f, &r->sector);
171 qemu_get_be32s(f, &r->sector_count);
172 qemu_get_be32s(f, &r->buflen);
173 if (r->buflen) {
174 scsi_init_iovec(r, r->buflen);
175 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
176 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 177 } else if (!r->req.retry) {
178 uint32_t len;
179 qemu_get_be32s(f, &len);
180 r->iov.iov_len = len;
181 assert(r->iov.iov_len <= r->buflen);
182 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 183 }
184 }
185
186 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
187}
188
5b956f41
PB		 189static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
190{
191 if (r->req.io_canceled) {
192 scsi_req_cancel_complete(&r->req);
193 return true;
194 }
195
14b20748 196 if (ret < 0 || (r->status && *r->status)) {
5b956f41
PB		 197 return scsi_handle_rw_error(r, -ret, acct_failed);
198 }
199
200 return false;
201}
202
c1b35247 203static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 204{
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
46e3f30e
PB		 208 assert(r->req.aiocb != NULL);
209 r->req.aiocb = NULL;
b9e413dd 210 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5b956f41 211 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 212 goto done;
213 }
5d0d2467 214
d7628080 215 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
5d0d2467
PB		 216 scsi_req_complete(&r->req, GOOD);
217
218done:
b9e413dd 219 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
3df9caf8 220 scsi_req_unref(&r->req);
5d0d2467
PB		 221}
222
7e8c49c5
PB		 223static bool scsi_is_cmd_fua(SCSICommand *cmd)
224{
225 switch (cmd->buf[0]) {
226 case READ_10:
227 case READ_12:
228 case READ_16:
229 case WRITE_10:
230 case WRITE_12:
231 case WRITE_16:
232 return (cmd->buf[1] & 8) != 0;
233
7f64f8e2
PB		 234 case VERIFY_10:
235 case VERIFY_12:
236 case VERIFY_16:
7e8c49c5
PB		 237 case WRITE_VERIFY_10:
238 case WRITE_VERIFY_12:
239 case WRITE_VERIFY_16:
240 return true;
241
242 case READ_6:
243 case WRITE_6:
244 default:
245 return false;
246 }
247}
248
249static void scsi_write_do_fua(SCSIDiskReq *r)
250{
251 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
252
5fd2b563 253 assert(r->req.aiocb == NULL);
5b956f41 254 assert(!r->req.io_canceled);
0c92e0e6 255
94f8ba11 256 if (r->need_fua_emulation) {
4be74634 257 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 258 BLOCK_ACCT_FLUSH);
4be74634 259 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
7e8c49c5
PB		 260 return;
261 }
262
263 scsi_req_complete(&r->req, GOOD);
3df9caf8 264 scsi_req_unref(&r->req);
7e8c49c5
PB		 265}
266
5fd2b563 267static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
a917d384 268{
5fd2b563 269 assert(r->req.aiocb == NULL);
5b956f41 270 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 271 goto done;
272 }
a597e79c 273
b77912a7
PB		 274 r->sector += r->sector_count;
275 r->sector_count = 0;
7e8c49c5
PB		 276 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
277 scsi_write_do_fua(r);
278 return;
279 } else {
280 scsi_req_complete(&r->req, GOOD);
281 }
c7bae6a7
PB		 282
283done:
3df9caf8 284 scsi_req_unref(&r->req);
4d611c9a
PB		 285}
286
ef8489d4
PB		 287static void scsi_dma_complete(void *opaque, int ret)
288{
289 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5fd2b563 290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ef8489d4
PB		 291
292 assert(r->req.aiocb != NULL);
5fd2b563
PB		 293 r->req.aiocb = NULL;
294
b9e413dd 295 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 296 if (ret < 0) {
297 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
298 } else {
299 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
300 }
5fd2b563 301 scsi_dma_complete_noio(r, ret);
b9e413dd 302 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
ef8489d4
PB		 303}
304
b77912a7 305static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 306{
307 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
308 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 309 int n;
0a4ac106 310
46e3f30e
PB		 311 assert(r->req.aiocb != NULL);
312 r->req.aiocb = NULL;
b9e413dd 313 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5b956f41 314 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 315 goto done;
316 }
0a4ac106 317
d7628080 318 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
b77912a7
PB		 319 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
320
321 n = r->qiov.size / 512;
322 r->sector += n;
323 r->sector_count -= n;
324 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 325
326done:
3df9caf8 327 scsi_req_unref(&r->req);
b9e413dd 328 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
0a4ac106 329}
5dba48a8 330
ac668426 331/* Actually issue a read to the block device. */
5fd2b563 332static void scsi_do_read(SCSIDiskReq *r, int ret)
ac668426 333{
ac668426 334 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 335 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ac668426 336
5fd2b563 337 assert (r->req.aiocb == NULL);
5b956f41 338 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 339 goto done;
340 }
ac668426 341
31e8fd86
PB		 342 /* The request is used as the AIO opaque value, so add a ref. */
343 scsi_req_ref(&r->req);
344
ac668426 345 if (r->req.sg) {
4be74634 346 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
ac668426 347 r->req.resid -= r->req.sg->size;
fcaafb10
PB		 348 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
349 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 350 BDRV_SECTOR_SIZE,
fcaafb10
PB		 351 sdc->dma_readv, r, scsi_dma_complete, r,
352 DMA_DIRECTION_FROM_DEVICE);
ac668426 353 } else {
03c90063 354 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
4be74634 355 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 356 r->qiov.size, BLOCK_ACCT_READ);
890e48d7 357 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
fcaafb10 358 scsi_read_complete, r, r);
ac668426
PB		 359 }
360
361done:
3df9caf8 362 scsi_req_unref(&r->req);
ac668426
PB		 363}
364
5fd2b563
PB		 365static void scsi_do_read_cb(void *opaque, int ret)
366{
367 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
368 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
369
370 assert (r->req.aiocb != NULL);
371 r->req.aiocb = NULL;
372
b9e413dd 373 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 374 if (ret < 0) {
375 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
376 } else {
377 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
378 }
5fd2b563 379 scsi_do_read(opaque, ret);
b9e413dd 380 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 381}
382
5c6c0e51
HR		 383/* Read more data from scsi device into buffer. */
384static void scsi_read_data(SCSIRequest *req)
2e5d83bb 385{
5c6c0e51 386 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 387 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 388 bool first;
2e5d83bb 389
a917d384
PB		 390 DPRINTF("Read sector_count=%d\n", r->sector_count);
391 if (r->sector_count == 0) {
b45ef674
PB		 392 /* This also clears the sense buffer for REQUEST SENSE. */
393 scsi_req_complete(&r->req, GOOD);
a917d384 394 return;
2e5d83bb
PB		 395 }
396
6fa2c95f
SH		 397 /* No data transfer may already be in progress */
398 assert(r->req.aiocb == NULL);
399
c7bae6a7
PB		 400 /* The request is used as the AIO opaque value, so add a ref. */
401 scsi_req_ref(&r->req);
efb9ee02
HR		 402 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
403 DPRINTF("Data transfer direction invalid\n");
404 scsi_read_complete(r, -EINVAL);
405 return;
406 }
407
cd723b85 408 if (!blk_is_available(req->dev->conf.blk)) {
a1aff5bf 409 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 410 return;
a1aff5bf 411 }
c7bae6a7 412
ac668426 413 first = !r->started;
a0e66a69 414 r->started = true;
94f8ba11 415 if (first && r->need_fua_emulation) {
4be74634 416 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 417 BLOCK_ACCT_FLUSH);
5fd2b563 418 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
5d0d2467 419 } else {
ac668426 420 scsi_do_read(r, 0);
5d0d2467 421 }
2e5d83bb
PB		 422}
423
c7bae6a7 424/*
14b20748
FZ		 425 * scsi_handle_rw_error has two return values. False means that the error
426 * must be ignored, true means that the error has been processed and the
c7bae6a7
PB		 427 * caller should not do anything else for this request. Note that
428 * scsi_handle_rw_error always manages its reference counts, independent
429 * of the return value.
430 */
14b20748 431static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
5dba48a8 432{
c85a7a00 433 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
4c41d2ef 434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
4be74634
MA		 435 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
436 is_read, error);
ea8a5d7f 437
a589569f 438 if (action == BLOCK_ERROR_ACTION_REPORT) {
d7628080
AG		 439 if (acct_failed) {
440 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
441 }
efb9ee02 442 switch (error) {
14b20748 443 case 0:
e6aa5ba4
PB		 444 /* A passthrough command has run and has produced sense data; check
445 * whether the error has to be handled by the guest or should rather
446 * pause the host.
447 */
14b20748 448 assert(r->status && *r->status);
e6aa5ba4
PB		 449 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
450 if (error == ECANCELED || error == EAGAIN || error == ENOTCONN ||
451 error == 0) {
452 /* These errors are handled by guest. */
453 scsi_req_complete(&r->req, *r->status);
454 return true;
455 }
14b20748 456 break;
7e218df5
PB		 457 case ENOMEDIUM:
458 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
459 break;
efb9ee02 460 case ENOMEM:
b45ef674 461 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 462 break;
463 case EINVAL:
b45ef674 464 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02 465 break;
703dd81a
PB		 466 case ENOSPC:
467 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
468 break;
efb9ee02 469 default:
b45ef674 470 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 471 break;
a1f0cce2 472 }
ea8a5d7f 473 }
14b20748 474
4be74634 475 blk_error_action(s->qdev.conf.blk, action, is_read, error);
a589569f 476 if (action == BLOCK_ERROR_ACTION_STOP) {
3e1caa5f
PB		 477 scsi_req_retry(&r->req);
478 }
a589569f 479 return action != BLOCK_ERROR_ACTION_IGNORE;
ea8a5d7f
AL		 480}
481
5fd2b563 482static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
4d611c9a 483{
ea8a5d7f
AL		 484 uint32_t n;
485
5fd2b563 486 assert (r->req.aiocb == NULL);
5b956f41 487 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 488 goto done;
489 }
a597e79c 490
103b40f5 491 n = r->qiov.size / 512;
ea8a5d7f
AL		 492 r->sector += n;
493 r->sector_count -= n;
a917d384 494 if (r->sector_count == 0) {
7e8c49c5
PB		 495 scsi_write_do_fua(r);
496 return;
a917d384 497 } else {
43b978b9 498 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
79fb50bb 499 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
103b40f5 500 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 501 }
c7bae6a7
PB		 502
503done:
3df9caf8 504 scsi_req_unref(&r->req);
4d611c9a
PB		 505}
506
5fd2b563
PB		 507static void scsi_write_complete(void * opaque, int ret)
508{
509 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
511
512 assert (r->req.aiocb != NULL);
513 r->req.aiocb = NULL;
514
b9e413dd 515 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
d7628080
AG		 516 if (ret < 0) {
517 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
518 } else {
519 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
520 }
5fd2b563 521 scsi_write_complete_noio(r, ret);
b9e413dd 522 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 523}
524
42741212 525static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 526{
5c6c0e51 527 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 528 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 529 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ea8a5d7f 530
6fa2c95f
SH		 531 /* No data transfer may already be in progress */
532 assert(r->req.aiocb == NULL);
533
c7bae6a7
PB		 534 /* The request is used as the AIO opaque value, so add a ref. */
535 scsi_req_ref(&r->req);
efb9ee02
HR		 536 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
537 DPRINTF("Data transfer direction invalid\n");
5fd2b563 538 scsi_write_complete_noio(r, -EINVAL);
42741212 539 return;
efb9ee02
HR		 540 }
541
5d0d2467
PB		 542 if (!r->req.sg && !r->qiov.size) {
543 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 544 r->started = true;
5fd2b563 545 scsi_write_complete_noio(r, 0);
5d0d2467
PB		 546 return;
547 }
cd723b85 548 if (!blk_is_available(req->dev->conf.blk)) {
5fd2b563 549 scsi_write_complete_noio(r, -ENOMEDIUM);
5d0d2467
PB		 550 return;
551 }
552
7f64f8e2
PB		 553 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
554 r->req.cmd.buf[0] == VERIFY_16) {
555 if (r->req.sg) {
ef8489d4 556 scsi_dma_complete_noio(r, 0);
7f64f8e2 557 } else {
5fd2b563 558 scsi_write_complete_noio(r, 0);
7f64f8e2
PB		 559 }
560 return;
561 }
562
5d0d2467 563 if (r->req.sg) {
4be74634 564 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
5d0d2467 565 r->req.resid -= r->req.sg->size;
fcaafb10
PB		 566 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
567 r->req.sg, r->sector << BDRV_SECTOR_BITS,
99868af3 568 BDRV_SECTOR_SIZE,
fcaafb10
PB		 569 sdc->dma_writev, r, scsi_dma_complete, r,
570 DMA_DIRECTION_TO_DEVICE);
5d0d2467 571 } else {
4be74634 572 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 573 r->qiov.size, BLOCK_ACCT_WRITE);
fcaafb10
PB		 574 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
575 scsi_write_complete, r, r);
ea8a5d7f 576 }
a917d384 577}
2e5d83bb 578
a917d384 579/* Return a pointer to the data buffer. */
5c6c0e51 580static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 581{
5c6c0e51 582 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 583
3f4cb3d3 584 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 585}
586
0a96ca24 587int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
0b06c059 588{
383b4d9b 589 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0a96ca24
DHB		 590 uint8_t page_code = req->cmd.buf[2];
591 int start, buflen = 0;
0b06c059 592
0a96ca24
DHB		 593 outbuf[buflen++] = s->qdev.type & 0x1f;
594 outbuf[buflen++] = page_code;
595 outbuf[buflen++] = 0x00;
596 outbuf[buflen++] = 0x00;
597 start = buflen;
3e1c0c9a 598
0a96ca24
DHB		 599 switch (page_code) {
600 case 0x00: /* Supported page codes, mandatory */
601 {
602 DPRINTF("Inquiry EVPD[Supported pages] "
603 "buffer size %zd\n", req->cmd.xfer);
604 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
605 if (s->serial) {
606 outbuf[buflen++] = 0x80; /* unit serial number */
607 }
608 outbuf[buflen++] = 0x83; /* device identification */
609 if (s->qdev.type == TYPE_DISK) {
610 outbuf[buflen++] = 0xb0; /* block limits */
611 outbuf[buflen++] = 0xb1; /* block device characteristics */
612 outbuf[buflen++] = 0xb2; /* thin provisioning */
613 }
614 break;
615 }
616 case 0x80: /* Device serial number, optional */
617 {
618 int l;
0b06c059 619
0a96ca24
DHB		 620 if (!s->serial) {
621 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
622 return -1;
0b06c059
GH		 623 }
624
0a96ca24
DHB		 625 l = strlen(s->serial);
626 if (l > 36) {
627 l = 36;
628 }
0b06c059 629
0a96ca24
DHB		 630 DPRINTF("Inquiry EVPD[Serial number] "
631 "buffer size %zd\n", req->cmd.xfer);
632 memcpy(outbuf + buflen, s->serial, l);
633 buflen += l;
634 break;
635 }
64cc2284 636
0a96ca24
DHB		 637 case 0x83: /* Device identification page, mandatory */
638 {
639 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
640 int max_len = s->serial ? 20 : 255 - 8;
641 int id_len = strlen(str);
64cc2284 642
0a96ca24
DHB		 643 if (id_len > max_len) {
644 id_len = max_len;
0b06c059 645 }
0a96ca24
DHB		 646 DPRINTF("Inquiry EVPD[Device identification] "
647 "buffer size %zd\n", req->cmd.xfer);
648
649 outbuf[buflen++] = 0x2; /* ASCII */
650 outbuf[buflen++] = 0; /* not officially assigned */
651 outbuf[buflen++] = 0; /* reserved */
652 outbuf[buflen++] = id_len; /* length of data following */
653 memcpy(outbuf + buflen, str, id_len);
654 buflen += id_len;
655
656 if (s->qdev.wwn) {
657 outbuf[buflen++] = 0x1; /* Binary */
658 outbuf[buflen++] = 0x3; /* NAA */
659 outbuf[buflen++] = 0; /* reserved */
660 outbuf[buflen++] = 8;
661 stq_be_p(&outbuf[buflen], s->qdev.wwn);
662 buflen += 8;
ea3bd56f 663 }
0a96ca24
DHB		 664
665 if (s->qdev.port_wwn) {
666 outbuf[buflen++] = 0x61; /* SAS / Binary */
667 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
668 outbuf[buflen++] = 0; /* reserved */
669 outbuf[buflen++] = 8;
670 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
671 buflen += 8;
070f8009 672 }
0a96ca24
DHB		 673
674 if (s->port_index) {
675 outbuf[buflen++] = 0x61; /* SAS / Binary */
676
677 /* PIV/Target port/relative target port */
678 outbuf[buflen++] = 0x94;
679
680 outbuf[buflen++] = 0; /* reserved */
681 outbuf[buflen++] = 4;
682 stw_be_p(&outbuf[buflen + 2], s->port_index);
683 buflen += 4;
ee3659e3 684 }
0a96ca24
DHB		 685 break;
686 }
687 case 0xb0: /* block limits */
688 {
689 unsigned int unmap_sectors =
690 s->qdev.conf.discard_granularity / s->qdev.blocksize;
691 unsigned int min_io_size =
692 s->qdev.conf.min_io_size / s->qdev.blocksize;
693 unsigned int opt_io_size =
694 s->qdev.conf.opt_io_size / s->qdev.blocksize;
695 unsigned int max_unmap_sectors =
696 s->max_unmap_size / s->qdev.blocksize;
697 unsigned int max_io_sectors =
698 s->max_io_size / s->qdev.blocksize;
699
700 if (s->qdev.type == TYPE_ROM) {
701 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
702 page_code);
0b06c059
GH		 703 return -1;
704 }
0a96ca24
DHB		 705 if (s->qdev.type == TYPE_DISK) {
706 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
707 int max_io_sectors_blk =
708 max_transfer_blk / s->qdev.blocksize;
709
710 max_io_sectors =
711 MIN_NON_ZERO(max_io_sectors_blk, max_io_sectors);
712
713 /* min_io_size and opt_io_size can't be greater than
714 * max_io_sectors */
715 if (min_io_size) {
716 min_io_size = MIN(min_io_size, max_io_sectors);
717 }
718 if (opt_io_size) {
719 opt_io_size = MIN(opt_io_size, max_io_sectors);
720 }
721 }
722 /* required VPD size with unmap support */
723 buflen = 0x40;
724 memset(outbuf + 4, 0, buflen - 4);
725
726 outbuf[4] = 0x1; /* wsnz */
727
728 /* optimal transfer length granularity */
729 outbuf[6] = (min_io_size >> 8) & 0xff;
730 outbuf[7] = min_io_size & 0xff;
731
732 /* maximum transfer length */
733 outbuf[8] = (max_io_sectors >> 24) & 0xff;
734 outbuf[9] = (max_io_sectors >> 16) & 0xff;
735 outbuf[10] = (max_io_sectors >> 8) & 0xff;
736 outbuf[11] = max_io_sectors & 0xff;
737
738 /* optimal transfer length */
739 outbuf[12] = (opt_io_size >> 24) & 0xff;
740 outbuf[13] = (opt_io_size >> 16) & 0xff;
741 outbuf[14] = (opt_io_size >> 8) & 0xff;
742 outbuf[15] = opt_io_size & 0xff;
743
744 /* max unmap LBA count, default is 1GB */
745 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
746 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
747 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
748 outbuf[23] = max_unmap_sectors & 0xff;
749
750 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header */
751 outbuf[24] = 0;
752 outbuf[25] = 0;
753 outbuf[26] = 0;
754 outbuf[27] = 255;
755
756 /* optimal unmap granularity */
757 outbuf[28] = (unmap_sectors >> 24) & 0xff;
758 outbuf[29] = (unmap_sectors >> 16) & 0xff;
759 outbuf[30] = (unmap_sectors >> 8) & 0xff;
760 outbuf[31] = unmap_sectors & 0xff;
761
762 /* max write same size */
763 outbuf[36] = 0;
764 outbuf[37] = 0;
765 outbuf[38] = 0;
766 outbuf[39] = 0;
767
768 outbuf[40] = (max_io_sectors >> 24) & 0xff;
769 outbuf[41] = (max_io_sectors >> 16) & 0xff;
770 outbuf[42] = (max_io_sectors >> 8) & 0xff;
771 outbuf[43] = max_io_sectors & 0xff;
772 break;
773 }
774 case 0xb1: /* block device characteristics */
775 {
740842c9 776 buflen = 0x40;
0a96ca24
DHB		 777 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
778 outbuf[5] = s->rotation_rate & 0xff;
740842c9
DHB		 779 outbuf[6] = 0; /* PRODUCT TYPE */
780 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
781 outbuf[8] = 0; /* VBULS */
0a96ca24
DHB		 782 break;
783 }
784 case 0xb2: /* thin provisioning */
785 {
786 buflen = 8;
787 outbuf[4] = 0;
788 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
789 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
790 outbuf[7] = 0;
791 break;
792 }
793 default:
794 return -1;
795 }
796 /* done with EVPD */
797 assert(buflen - start <= 255);
798 outbuf[start - 1] = buflen - start;
799 return buflen;
800}
801
802static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
803{
804 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
805 int buflen = 0;
806
807 if (req->cmd.buf[1] & 0x1) {
808 /* Vital product data */
809 return scsi_disk_emulate_vpd_page(req, outbuf);
0b06c059
GH		 810 }
811
812 /* Standard INQUIRY data */
813 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 814 return -1;
815 }
816
817 /* PAGE CODE == 0 */
0b06c059 818 buflen = req->cmd.xfer;
f01b5931 819 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 820 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 821 }
0b06c059 822
f37bd73b 823 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 824 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 825
826 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
827 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
828
314b1811 829 memset(&outbuf[32], 0, 4);
552fee93 830 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 831 /*
832 * We claim conformance to SPC-3, which is required for guests
833 * to ask for modern features like READ CAPACITY(16) or the
834 * block characteristics VPD page by default. Not all of SPC-3
835 * is actually implemented, but we're good enough.
836 */
2343be0d 837 outbuf[2] = s->qdev.default_scsi_version;
1109c894 838 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 839
840 if (buflen > 36) {
841 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
842 } else {
843 /* If the allocation length of CDB is too small,
844 the additional length is not adjusted */
845 outbuf[4] = 36 - 5;
846 }
847
0b06c059 848 /* Sync data transfer and TCQ. */
afd4030c 849 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 850 return buflen;
851}
852
430ee2f2
PB		 853static inline bool media_is_dvd(SCSIDiskState *s)
854{
855 uint64_t nb_sectors;
856 if (s->qdev.type != TYPE_ROM) {
857 return false;
858 }
cd723b85 859 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 860 return false;
861 }
4be74634 862 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
430ee2f2
PB		 863 return nb_sectors > CD_MAX_SECTORS;
864}
865
ceb792ef
PB		 866static inline bool media_is_cd(SCSIDiskState *s)
867{
868 uint64_t nb_sectors;
869 if (s->qdev.type != TYPE_ROM) {
870 return false;
871 }
cd723b85 872 if (!blk_is_available(s->qdev.conf.blk)) {
7d99f4c1
MR		 873 return false;
874 }
4be74634 875 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 876 return nb_sectors <= CD_MAX_SECTORS;
877}
878
1a4f0c3a
PB		 879static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
880 uint8_t *outbuf)
881{
882 uint8_t type = r->req.cmd.buf[1] & 7;
883
884 if (s->qdev.type != TYPE_ROM) {
885 return -1;
886 }
887
888 /* Types 1/2 are only defined for Blu-Ray. */
889 if (type != 0) {
890 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
891 return -1;
892 }
893
894 memset(outbuf, 0, 34);
895 outbuf[1] = 32;
896 outbuf[2] = 0xe; /* last session complete, disc finalized */
897 outbuf[3] = 1; /* first track on disc */
898 outbuf[4] = 1; /* # of sessions */
899 outbuf[5] = 1; /* first track of last session */
900 outbuf[6] = 1; /* last track of last session */
901 outbuf[7] = 0x20; /* unrestricted use */
902 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
903 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
904 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
905 /* 24-31: disc bar code */
906 /* 32: disc application code */
907 /* 33: number of OPC tables */
908
909 return 34;
910}
911
b6c251ab
PB		 912static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
913 uint8_t *outbuf)
914{
ceb792ef
PB		 915 static const int rds_caps_size[5] = {
916 [0] = 2048 + 4,
917 [1] = 4 + 4,
918 [3] = 188 + 4,
919 [4] = 2048 + 4,
920 };
921
922 uint8_t media = r->req.cmd.buf[1];
923 uint8_t layer = r->req.cmd.buf[6];
924 uint8_t format = r->req.cmd.buf[7];
925 int size = -1;
926
927 if (s->qdev.type != TYPE_ROM) {
928 return -1;
929 }
930 if (media != 0) {
931 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
932 return -1;
933 }
934
935 if (format != 0xff) {
cd723b85 936 if (!blk_is_available(s->qdev.conf.blk)) {
ceb792ef
PB		 937 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
938 return -1;
939 }
940 if (media_is_cd(s)) {
941 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
942 return -1;
943 }
944 if (format >= ARRAY_SIZE(rds_caps_size)) {
945 return -1;
946 }
947 size = rds_caps_size[format];
948 memset(outbuf, 0, size);
949 }
950
951 switch (format) {
952 case 0x00: {
953 /* Physical format information */
954 uint64_t nb_sectors;
955 if (layer != 0) {
956 goto fail;
957 }
4be74634 958 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 959
960 outbuf[4] = 1; /* DVD-ROM, part version 1 */
961 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
962 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
963 outbuf[7] = 0; /* default densities */
964
965 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
966 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
967 break;
968 }
969
970 case 0x01: /* DVD copyright information, all zeros */
971 break;
972
973 case 0x03: /* BCA information - invalid field for no BCA info */
974 return -1;
975
976 case 0x04: /* DVD disc manufacturing information, all zeros */
977 break;
978
979 case 0xff: { /* List capabilities */
980 int i;
981 size = 4;
982 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
983 if (!rds_caps_size[i]) {
984 continue;
985 }
986 outbuf[size] = i;
987 outbuf[size + 1] = 0x40; /* Not writable, readable */
988 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
989 size += 4;
990 }
991 break;
992 }
993
994 default:
995 return -1;
996 }
997
998 /* Size of buffer, not including 2 byte size field */
999 stw_be_p(outbuf, size - 2);
1000 return size;
1001
1002fail:
b6c251ab
PB		 1003 return -1;
1004}
1005
3c2f7c12 1006static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 1007{
3c2f7c12
PB		 1008 uint8_t event_code, media_status;
1009
1010 media_status = 0;
1011 if (s->tray_open) {
1012 media_status = MS_TRAY_OPEN;
4be74634 1013 } else if (blk_is_inserted(s->qdev.conf.blk)) {
3c2f7c12
PB		 1014 media_status = MS_MEDIA_PRESENT;
1015 }
1016
1017 /* Event notification descriptor */
1018 event_code = MEC_NO_CHANGE;
4480de19
PB		 1019 if (media_status != MS_TRAY_OPEN) {
1020 if (s->media_event) {
1021 event_code = MEC_NEW_MEDIA;
1022 s->media_event = false;
1023 } else if (s->eject_request) {
1024 event_code = MEC_EJECT_REQUESTED;
1025 s->eject_request = false;
1026 }
3c2f7c12
PB		 1027 }
1028
1029 outbuf[0] = event_code;
1030 outbuf[1] = media_status;
1031
1032 /* These fields are reserved, just clear them. */
1033 outbuf[2] = 0;
1034 outbuf[3] = 0;
1035 return 4;
1036}
1037
1038static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1039 uint8_t *outbuf)
1040{
1041 int size;
1042 uint8_t *buf = r->req.cmd.buf;
1043 uint8_t notification_class_request = buf[4];
1044 if (s->qdev.type != TYPE_ROM) {
1045 return -1;
1046 }
1047 if ((buf[1] & 1) == 0) {
1048 /* asynchronous */
1049 return -1;
1050 }
1051
1052 size = 4;
1053 outbuf[0] = outbuf[1] = 0;
1054 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1055 if (notification_class_request & (1 << GESN_MEDIA)) {
1056 outbuf[2] = GESN_MEDIA;
1057 size += scsi_event_status_media(s, &outbuf[size]);
1058 } else {
1059 outbuf[2] = 0x80;
1060 }
1061 stw_be_p(outbuf, size - 4);
1062 return size;
b6c251ab
PB		 1063}
1064
430ee2f2 1065static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 1066{
430ee2f2
PB		 1067 int current;
1068
b6c251ab
PB		 1069 if (s->qdev.type != TYPE_ROM) {
1070 return -1;
1071 }
7d99f4c1
MR		 1072
1073 if (media_is_dvd(s)) {
1074 current = MMC_PROFILE_DVD_ROM;
1075 } else if (media_is_cd(s)) {
1076 current = MMC_PROFILE_CD_ROM;
1077 } else {
1078 current = MMC_PROFILE_NONE;
1079 }
1080
430ee2f2
PB		 1081 memset(outbuf, 0, 40);
1082 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1083 stw_be_p(&outbuf[6], current);
1084 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1085 outbuf[10] = 0x03; /* persistent, current */
1086 outbuf[11] = 8; /* two profiles */
1087 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1088 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1089 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1090 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1091 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1092 stw_be_p(&outbuf[20], 1);
1093 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1094 outbuf[23] = 8;
1095 stl_be_p(&outbuf[24], 1); /* SCSI */
1096 outbuf[28] = 1; /* DBE = 1, mandatory */
1097 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1098 stw_be_p(&outbuf[32], 3);
1099 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1100 outbuf[35] = 4;
1101 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1102 /* TODO: Random readable, CD read, DVD read, drive serial number,
1103 power management */
1104 return 40;
b6c251ab
PB		 1105}
1106
1107static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1108{
1109 if (s->qdev.type != TYPE_ROM) {
1110 return -1;
1111 }
1112 memset(outbuf, 0, 8);
1113 outbuf[5] = 1; /* CD-ROM */
1114 return 8;
1115}
1116
cfc606da 1117static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 1118 int page_control)
ebddfcbe 1119{
a8f4bbe2
PB		 1120 static const int mode_sense_valid[0x3f] = {
1121 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1122 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1123 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 1124 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1125 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 1126 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1127 };
ef405611
PB		 1128
1129 uint8_t *p = *p_outbuf + 2;
1130 int length;
ebddfcbe 1131
a8f4bbe2
PB		 1132 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1133 return -1;
1134 }
1135
282ab04e
BK		 1136 /*
1137 * If Changeable Values are requested, a mask denoting those mode parameters
1138 * that are changeable shall be returned. As we currently don't support
1139 * parameter changes via MODE_SELECT all bits are returned set to zero.
1140 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 1141 *
1142 * The offsets here are off by two compared to the descriptions in the
1143 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1144 * but it is done so that offsets are consistent within our implementation
1145 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1146 * 2-byte and 4-byte headers.
282ab04e 1147 */
ebddfcbe 1148 switch (page) {
67cc61e4 1149 case MODE_PAGE_HD_GEOMETRY:
ef405611 1150 length = 0x16;
282ab04e 1151 if (page_control == 1) { /* Changeable Values */
cfc606da 1152 break;
282ab04e 1153 }
ebddfcbe 1154 /* if a geometry hint is available, use it */
ef405611
PB		 1155 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1156 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1157 p[2] = s->qdev.conf.cyls & 0xff;
1158 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1159 /* Write precomp start cylinder, disabled */
ef405611
PB		 1160 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1161 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1162 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1163 /* Reduced current start cylinder, disabled */
ef405611
PB		 1164 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1165 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1166 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1167 /* Device step rate [ns], 200ns */
ef405611
PB		 1168 p[10] = 0;
1169 p[11] = 200;
ebddfcbe 1170 /* Landing zone cylinder */
ef405611
PB		 1171 p[12] = 0xff;
1172 p[13] = 0xff;
ebddfcbe 1173 p[14] = 0xff;
ebddfcbe 1174 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1175 p[18] = (5400 >> 8) & 0xff;
1176 p[19] = 5400 & 0xff;
cfc606da 1177 break;
ebddfcbe 1178
67cc61e4 1179 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1180 length = 0x1e;
282ab04e 1181 if (page_control == 1) { /* Changeable Values */
cfc606da 1182 break;
282ab04e 1183 }
ebddfcbe 1184 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1185 p[0] = 5000 >> 8;
1186 p[1] = 5000 & 0xff;
ebddfcbe 1187 /* if a geometry hint is available, use it */
ef405611
PB		 1188 p[2] = s->qdev.conf.heads & 0xff;
1189 p[3] = s->qdev.conf.secs & 0xff;
1190 p[4] = s->qdev.blocksize >> 8;
1191 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1192 p[7] = s->qdev.conf.cyls & 0xff;
1193 /* Write precomp start cylinder, disabled */
d252df48
MA		 1194 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1195 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1196 /* Reduced current start cylinder, disabled */
d252df48
MA		 1197 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1198 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1199 /* Device step rate [100us], 100us */
ef405611
PB		 1200 p[12] = 0;
1201 p[13] = 1;
ebddfcbe 1202 /* Device step pulse width [us], 1us */
ef405611 1203 p[14] = 1;
ebddfcbe 1204 /* Device head settle delay [100us], 100us */
ef405611
PB		 1205 p[15] = 0;
1206 p[16] = 1;
ebddfcbe 1207 /* Motor on delay [0.1s], 0.1s */
ef405611 1208 p[17] = 1;
ebddfcbe 1209 /* Motor off delay [0.1s], 0.1s */
ef405611 1210 p[18] = 1;
ebddfcbe 1211 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1212 p[26] = (5400 >> 8) & 0xff;
1213 p[27] = 5400 & 0xff;
cfc606da 1214 break;
ebddfcbe 1215
67cc61e4 1216 case MODE_PAGE_CACHING:
ef405611 1217 length = 0x12;
96c91bbf 1218 if (page_control == 1 || /* Changeable Values */
4be74634 1219 blk_enable_write_cache(s->qdev.conf.blk)) {
ef405611 1220 p[0] = 4; /* WCE */
ebddfcbe 1221 }
cfc606da 1222 break;
ebddfcbe 1223
a07c7dcd 1224 case MODE_PAGE_R_W_ERROR:
ef405611 1225 length = 10;
4f588b15
PB		 1226 if (page_control == 1) { /* Changeable Values */
1227 break;
1228 }
ef405611 1229 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1230 if (s->qdev.type == TYPE_ROM) {
ef405611 1231 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1232 }
1233 break;
1234
1235 case MODE_PAGE_AUDIO_CTL:
ef405611 1236 length = 14;
a07c7dcd
PB		 1237 break;
1238
67cc61e4 1239 case MODE_PAGE_CAPABILITIES:
ef405611 1240 length = 0x14;
282ab04e 1241 if (page_control == 1) { /* Changeable Values */
cfc606da 1242 break;
282ab04e 1243 }
a07c7dcd 1244
ef405611
PB		 1245 p[0] = 0x3b; /* CD-R & CD-RW read */
1246 p[1] = 0; /* Writing not supported */
1247 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1248 mode 2 form 1&2, multi session */
ef405611 1249 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1250 RW corrected, C2 errors, ISRC,
1251 UPC, Bar code */
ef405611 1252 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1253 /* Locking supported, jumper present, eject, tray */
ef405611 1254 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1255 changer */
ef405611
PB		 1256 p[6] = (50 * 176) >> 8; /* 50x read speed */
1257 p[7] = (50 * 176) & 0xff;
1258 p[8] = 2 >> 8; /* Two volume levels */
1259 p[9] = 2 & 0xff;
1260 p[10] = 2048 >> 8; /* 2M buffer */
1261 p[11] = 2048 & 0xff;
1262 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1263 p[13] = (16 * 176) & 0xff;
1264 p[16] = (16 * 176) >> 8; /* 16x write speed */
1265 p[17] = (16 * 176) & 0xff;
1266 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1267 p[19] = (16 * 176) & 0xff;
cfc606da 1268 break;
ebddfcbe
GH		 1269
1270 default:
cfc606da 1271 return -1;
ebddfcbe 1272 }
cfc606da 1273
ef405611
PB		 1274 assert(length < 256);
1275 (*p_outbuf)[0] = page;
1276 (*p_outbuf)[1] = length;
1277 *p_outbuf += length + 2;
1278 return length + 2;
ebddfcbe
GH		 1279}
1280
cfc606da 1281static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1282{
cfc606da 1283 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1284 uint64_t nb_sectors;
e590ecbe
PB		 1285 bool dbd;
1286 int page, buflen, ret, page_control;
ebddfcbe 1287 uint8_t *p;
ce512ee1 1288 uint8_t dev_specific_param;
ebddfcbe 1289
e590ecbe 1290 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1291 page = r->req.cmd.buf[2] & 0x3f;
1292 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1293 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1294 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1295 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1296 p = outbuf;
1297
e590ecbe 1298 if (s->qdev.type == TYPE_DISK) {
da8365db 1299 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
4be74634 1300 if (blk_is_read_only(s->qdev.conf.blk)) {
e590ecbe
PB		 1301 dev_specific_param |= 0x80; /* Readonly. */
1302 }
ce512ee1 1303 } else {
e590ecbe
PB		 1304 /* MMC prescribes that CD/DVD drives have no block descriptors,
1305 * and defines no device-specific parameter. */
6a2de0f2 1306 dev_specific_param = 0x00;
e590ecbe 1307 dbd = true;
ce512ee1
BK		 1308 }
1309
cfc606da 1310 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1311 p[1] = 0; /* Default media type. */
1312 p[2] = dev_specific_param;
1313 p[3] = 0; /* Block descriptor length. */
1314 p += 4;
1315 } else { /* MODE_SENSE_10 */
1316 p[2] = 0; /* Default media type. */
1317 p[3] = dev_specific_param;
1318 p[6] = p[7] = 0; /* Block descriptor length. */
1319 p += 8;
ebddfcbe 1320 }
ebddfcbe 1321
4be74634 1322 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
e590ecbe 1323 if (!dbd && nb_sectors) {
cfc606da 1324 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1325 outbuf[3] = 8; /* Block descriptor length */
1326 } else { /* MODE_SENSE_10 */
1327 outbuf[7] = 8; /* Block descriptor length */
1328 }
69377307 1329 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1330 if (nb_sectors > 0xffffff) {
2488b740 1331 nb_sectors = 0;
f01b5931 1332 }
ebddfcbe
GH		 1333 p[0] = 0; /* media density code */
1334 p[1] = (nb_sectors >> 16) & 0xff;
1335 p[2] = (nb_sectors >> 8) & 0xff;
1336 p[3] = nb_sectors & 0xff;
1337 p[4] = 0; /* reserved */
1338 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1339 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1340 p[7] = 0;
1341 p += 8;
1342 }
1343
cfc606da
PB		 1344 if (page_control == 3) {
1345 /* Saved Values */
1346 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1347 return -1;
282ab04e
BK		 1348 }
1349
cfc606da
PB		 1350 if (page == 0x3f) {
1351 for (page = 0; page <= 0x3e; page++) {
1352 mode_sense_page(s, page, &p, page_control);
1353 }
1354 } else {
1355 ret = mode_sense_page(s, page, &p, page_control);
1356 if (ret == -1) {
1357 return -1;
1358 }
ebddfcbe
GH		 1359 }
1360
1361 buflen = p - outbuf;
ce512ee1
BK		 1362 /*
1363 * The mode data length field specifies the length in bytes of the
1364 * following data that is available to be transferred. The mode data
1365 * length does not include itself.
1366 */
cfc606da 1367 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1368 outbuf[0] = buflen - 1;
1369 } else { /* MODE_SENSE_10 */
1370 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1371 outbuf[1] = (buflen - 2) & 0xff;
1372 }
ebddfcbe
GH		 1373 return buflen;
1374}
1375
02880f43
GH		 1376static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1377{
1378 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1379 int start_track, format, msf, toclen;
1380 uint64_t nb_sectors;
1381
1382 msf = req->cmd.buf[1] & 2;
1383 format = req->cmd.buf[2] & 0xf;
1384 start_track = req->cmd.buf[6];
4be74634 1385 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
02880f43 1386 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1387 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1388 switch (format) {
1389 case 0:
1390 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1391 break;
1392 case 1:
1393 /* multi session : only a single session defined */
1394 toclen = 12;
1395 memset(outbuf, 0, 12);
1396 outbuf[1] = 0x0a;
1397 outbuf[2] = 0x01;
1398 outbuf[3] = 0x01;
1399 break;
1400 case 2:
1401 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1402 break;
1403 default:
1404 return -1;
1405 }
02880f43
GH		 1406 return toclen;
1407}
1408
68bb01f3 1409static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1410{
1411 SCSIRequest *req = &r->req;
1412 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1413 bool start = req->cmd.buf[4] & 1;
1414 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1415 int pwrcnd = req->cmd.buf[4] & 0xf0;
1416
1417 if (pwrcnd) {
1418 /* eject/load only happens for power condition == 0 */
1419 return 0;
1420 }
bfd52647 1421
b456a71c 1422 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1423 if (!start && !s->tray_open && s->tray_locked) {
1424 scsi_check_condition(r,
4be74634 1425 blk_is_inserted(s->qdev.conf.blk)
68bb01f3
MA		 1426 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1427 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1428 return -1;
fdec4404 1429 }
d88b1819
LC		 1430
1431 if (s->tray_open != !start) {
4be74634 1432 blk_eject(s->qdev.conf.blk, !start);
d88b1819
LC		 1433 s->tray_open = !start;
1434 }
bfd52647 1435 }
68bb01f3 1436 return 0;
bfd52647
MA		 1437}
1438
314a3299
PB		 1439static void scsi_disk_emulate_read_data(SCSIRequest *req)
1440{
1441 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1442 int buflen = r->iov.iov_len;
1443
1444 if (buflen) {
79fb50bb 1445 DPRINTF("Read buf_len=%d\n", buflen);
314a3299
PB		 1446 r->iov.iov_len = 0;
1447 r->started = true;
1448 scsi_req_data(&r->req, buflen);
1449 return;
1450 }
1451
1452 /* This also clears the sense buffer for REQUEST SENSE. */
1453 scsi_req_complete(&r->req, GOOD);
1454}
1455
380feaff
PB		 1456static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1457 uint8_t *inbuf, int inlen)
1458{
1459 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1460 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1461 uint8_t *p;
1462 int len, expected_len, changeable_len, i;
1463
1464 /* The input buffer does not include the page header, so it is
1465 * off by 2 bytes.
1466 */
1467 expected_len = inlen + 2;
1468 if (expected_len > SCSI_MAX_MODE_LEN) {
1469 return -1;
1470 }
1471
1472 p = mode_current;
1473 memset(mode_current, 0, inlen + 2);
1474 len = mode_sense_page(s, page, &p, 0);
1475 if (len < 0 || len != expected_len) {
1476 return -1;
1477 }
1478
1479 p = mode_changeable;
1480 memset(mode_changeable, 0, inlen + 2);
1481 changeable_len = mode_sense_page(s, page, &p, 1);
1482 assert(changeable_len == len);
1483
1484 /* Check that unchangeable bits are the same as what MODE SENSE
1485 * would return.
1486 */
1487 for (i = 2; i < len; i++) {
1488 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1489 return -1;
1490 }
1491 }
1492 return 0;
1493}
1494
1495static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1496{
96c91bbf
PB		 1497 switch (page) {
1498 case MODE_PAGE_CACHING:
4be74634 1499 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
96c91bbf
PB		 1500 break;
1501
1502 default:
1503 break;
1504 }
380feaff
PB		 1505}
1506
1507static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1508{
1509 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1510
1511 while (len > 0) {
1512 int page, subpage, page_len;
1513
1514 /* Parse both possible formats for the mode page headers. */
1515 page = p[0] & 0x3f;
1516 if (p[0] & 0x40) {
1517 if (len < 4) {
1518 goto invalid_param_len;
1519 }
1520 subpage = p[1];
1521 page_len = lduw_be_p(&p[2]);
1522 p += 4;
1523 len -= 4;
1524 } else {
1525 if (len < 2) {
1526 goto invalid_param_len;
1527 }
1528 subpage = 0;
1529 page_len = p[1];
1530 p += 2;
1531 len -= 2;
1532 }
1533
1534 if (subpage) {
1535 goto invalid_param;
1536 }
1537 if (page_len > len) {
1538 goto invalid_param_len;
1539 }
1540
1541 if (!change) {
1542 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1543 goto invalid_param;
1544 }
1545 } else {
1546 scsi_disk_apply_mode_select(s, page, p);
1547 }
1548
1549 p += page_len;
1550 len -= page_len;
1551 }
1552 return 0;
1553
1554invalid_param:
1555 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1556 return -1;
1557
1558invalid_param_len:
1559 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1560 return -1;
1561}
1562
1563static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1564{
accfeb2d 1565 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1566 uint8_t *p = inbuf;
1567 int cmd = r->req.cmd.buf[0];
1568 int len = r->req.cmd.xfer;
1569 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1570 int bd_len;
1571 int pass;
1572
1573 /* We only support PF=1, SP=0. */
1574 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1575 goto invalid_field;
1576 }
1577
1578 if (len < hdr_len) {
1579 goto invalid_param_len;
1580 }
1581
1582 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1583 len -= hdr_len;
1584 p += hdr_len;
1585 if (len < bd_len) {
1586 goto invalid_param_len;
1587 }
1588 if (bd_len != 0 && bd_len != 8) {
1589 goto invalid_param;
1590 }
1591
1592 len -= bd_len;
1593 p += bd_len;
1594
1595 /* Ensure no change is made if there is an error! */
1596 for (pass = 0; pass < 2; pass++) {
1597 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1598 assert(pass == 0);
1599 return;
1600 }
1601 }
4be74634 1602 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
accfeb2d
PB		 1603 /* The request is used as the AIO opaque value, so add a ref. */
1604 scsi_req_ref(&r->req);
4be74634 1605 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 1606 BLOCK_ACCT_FLUSH);
4be74634 1607 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
accfeb2d
PB		 1608 return;
1609 }
1610
380feaff
PB		 1611 scsi_req_complete(&r->req, GOOD);
1612 return;
1613
1614invalid_param:
1615 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1616 return;
1617
1618invalid_param_len:
1619 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1620 return;
1621
1622invalid_field:
1623 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1624}
1625
444bc908
PB		 1626static inline bool check_lba_range(SCSIDiskState *s,
1627 uint64_t sector_num, uint32_t nb_sectors)
1628{
1629 /*
1630 * The first line tests that no overflow happens when computing the last
1631 * sector. The second line tests that the last accessed sector is in
1632 * range.
12ca76fc
PB		 1633 *
1634 * Careful, the computations should not underflow for nb_sectors == 0,
1635 * and a 0-block read to the first LBA beyond the end of device is
1636 * valid.
444bc908
PB		 1637 */
1638 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1639 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1640}
1641
5222aaf2
PB		 1642typedef struct UnmapCBData {
1643 SCSIDiskReq *r;
1644 uint8_t *inbuf;
1645 int count;
1646} UnmapCBData;
1647
5fd2b563
PB		 1648static void scsi_unmap_complete(void *opaque, int ret);
1649
1650static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
5222aaf2 1651{
5222aaf2
PB		 1652 SCSIDiskReq *r = data->r;
1653 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1654 uint64_t sector_num;
5bb0b62e 1655 uint32_t nb_sectors;
5222aaf2 1656
5fd2b563 1657 assert(r->req.aiocb == NULL);
5b956f41 1658 if (scsi_disk_req_check_error(r, ret, false)) {
d0242ead
PB		 1659 goto done;
1660 }
1661
d0242ead 1662 if (data->count > 0) {
5222aaf2
PB		 1663 sector_num = ldq_be_p(&data->inbuf[0]);
1664 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
444bc908 1665 if (!check_lba_range(s, sector_num, nb_sectors)) {
5222aaf2
PB		 1666 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1667 goto done;
1668 }
1669
1c6c4bb7
EB		 1670 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1671 sector_num * s->qdev.blocksize,
1672 nb_sectors * s->qdev.blocksize,
1673 scsi_unmap_complete, data);
5222aaf2
PB		 1674 data->count--;
1675 data->inbuf += 16;
1676 return;
1677 }
1678
d0242ead
PB		 1679 scsi_req_complete(&r->req, GOOD);
1680
5222aaf2 1681done:
3df9caf8 1682 scsi_req_unref(&r->req);
5222aaf2
PB		 1683 g_free(data);
1684}
1685
5fd2b563
PB		 1686static void scsi_unmap_complete(void *opaque, int ret)
1687{
1688 UnmapCBData *data = opaque;
1689 SCSIDiskReq *r = data->r;
b9e413dd 1690 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5fd2b563
PB		 1691
1692 assert(r->req.aiocb != NULL);
1693 r->req.aiocb = NULL;
1694
b9e413dd 1695 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563 1696 scsi_unmap_complete_noio(data, ret);
b9e413dd 1697 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
5fd2b563
PB		 1698}
1699
5222aaf2
PB		 1700static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1701{
c5fd1fb0 1702 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5222aaf2
PB		 1703 uint8_t *p = inbuf;
1704 int len = r->req.cmd.xfer;
1705 UnmapCBData *data;
1706
823bd739
PB		 1707 /* Reject ANCHOR=1. */
1708 if (r->req.cmd.buf[1] & 0x1) {
1709 goto invalid_field;
1710 }
1711
5222aaf2
PB		 1712 if (len < 8) {
1713 goto invalid_param_len;
1714 }
1715 if (len < lduw_be_p(&p[0]) + 2) {
1716 goto invalid_param_len;
1717 }
1718 if (len < lduw_be_p(&p[2]) + 8) {
1719 goto invalid_param_len;
1720 }
1721 if (lduw_be_p(&p[2]) & 15) {
1722 goto invalid_param_len;
1723 }
1724
4be74634 1725 if (blk_is_read_only(s->qdev.conf.blk)) {
c5fd1fb0
PB		 1726 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1727 return;
1728 }
1729
5222aaf2
PB		 1730 data = g_new0(UnmapCBData, 1);
1731 data->r = r;
1732 data->inbuf = &p[8];
1733 data->count = lduw_be_p(&p[2]) >> 4;
1734
1735 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1736 scsi_req_ref(&r->req);
5fd2b563 1737 scsi_unmap_complete_noio(data, 0);
5222aaf2
PB		 1738 return;
1739
1740invalid_param_len:
1741 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
823bd739
PB		 1742 return;
1743
1744invalid_field:
1745 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
5222aaf2
PB		 1746}
1747
84f94a9a
PB		 1748typedef struct WriteSameCBData {
1749 SCSIDiskReq *r;
1750 int64_t sector;
1751 int nb_sectors;
1752 QEMUIOVector qiov;
1753 struct iovec iov;
1754} WriteSameCBData;
1755
1756static void scsi_write_same_complete(void *opaque, int ret)
1757{
1758 WriteSameCBData *data = opaque;
1759 SCSIDiskReq *r = data->r;
1760 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1761
1762 assert(r->req.aiocb != NULL);
1763 r->req.aiocb = NULL;
b9e413dd 1764 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
5b956f41 1765 if (scsi_disk_req_check_error(r, ret, true)) {
84f94a9a
PB		 1766 goto done;
1767 }
1768
d7628080
AG		 1769 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1770
84f94a9a
PB		 1771 data->nb_sectors -= data->iov.iov_len / 512;
1772 data->sector += data->iov.iov_len / 512;
1773 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1774 if (data->iov.iov_len) {
4be74634 1775 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1776 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1777 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1778 * where final qiov may need smaller size */
a56537a1 1779 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
03c90063
EB		 1780 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1781 data->sector << BDRV_SECTOR_BITS,
1782 &data->qiov, 0,
1783 scsi_write_same_complete, data);
24355b79 1784 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
84f94a9a
PB		 1785 return;
1786 }
1787
1788 scsi_req_complete(&r->req, GOOD);
1789
1790done:
3df9caf8 1791 scsi_req_unref(&r->req);
84f94a9a
PB		 1792 qemu_vfree(data->iov.iov_base);
1793 g_free(data);
b9e413dd 1794 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
84f94a9a
PB		 1795}
1796
1797static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1798{
1799 SCSIRequest *req = &r->req;
1800 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1894df02 1801 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
84f94a9a
PB		 1802 WriteSameCBData *data;
1803 uint8_t *buf;
1804 int i;
1805
1806 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1807 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1808 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1809 return;
1810 }
1811
4be74634 1812 if (blk_is_read_only(s->qdev.conf.blk)) {
84f94a9a
PB		 1813 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1814 return;
1815 }
1816 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1817 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1818 return;
1819 }
1820
4397a018 1821 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
84f94a9a
PB		 1822 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1823
1824 /* The request is used as the AIO opaque value, so add a ref. */
1825 scsi_req_ref(&r->req);
4be74634 1826 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8
BC		 1827 nb_sectors * s->qdev.blocksize,
1828 BLOCK_ACCT_WRITE);
d004bd52 1829 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
983a1600
EB		 1830 r->req.cmd.lba * s->qdev.blocksize,
1831 nb_sectors * s->qdev.blocksize,
4be74634 1832 flags, scsi_aio_complete, r);
84f94a9a
PB		 1833 return;
1834 }
1835
1836 data = g_new0(WriteSameCBData, 1);
1837 data->r = r;
1838 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1839 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1840 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
4be74634
MA		 1841 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1842 data->iov.iov_len);
84f94a9a
PB		 1843 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1844
1845 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1846 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1847 }
1848
1849 scsi_req_ref(&r->req);
4be74634 1850 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1851 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1852 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1853 data->sector << BDRV_SECTOR_BITS,
1854 &data->qiov, 0,
1855 scsi_write_same_complete, data);
84f94a9a
PB		 1856}
1857
314a3299
PB		 1858static void scsi_disk_emulate_write_data(SCSIRequest *req)
1859{
af6d510d
PB		 1860 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1861
1862 if (r->iov.iov_len) {
1863 int buflen = r->iov.iov_len;
79fb50bb 1864 DPRINTF("Write buf_len=%d\n", buflen);
af6d510d
PB		 1865 r->iov.iov_len = 0;
1866 scsi_req_data(&r->req, buflen);
1867 return;
1868 }
1869
1870 switch (req->cmd.buf[0]) {
1871 case MODE_SELECT:
1872 case MODE_SELECT_10:
1873 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1874 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1875 break;
1876
5222aaf2
PB		 1877 case UNMAP:
1878 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1879 break;
1880
d97e7730
PB		 1881 case VERIFY_10:
1882 case VERIFY_12:
1883 case VERIFY_16:
1884 if (r->req.status == -1) {
1885 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1886 }
1887 break;
1888
84f94a9a
PB		 1889 case WRITE_SAME_10:
1890 case WRITE_SAME_16:
1891 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1892 break;
d97e7730 1893
af6d510d
PB		 1894 default:
1895 abort();
1896 }
314a3299
PB		 1897}
1898
b08d0ea0 1899static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1900{
b08d0ea0 1901 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1902 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1903 uint64_t nb_sectors;
7285477a 1904 uint8_t *outbuf;
af6d510d 1905 int buflen;
aa5dbdc1 1906
b08d0ea0
PB		 1907 switch (req->cmd.buf[0]) {
1908 case INQUIRY:
1909 case MODE_SENSE:
1910 case MODE_SENSE_10:
1911 case RESERVE:
1912 case RESERVE_10:
1913 case RELEASE:
1914 case RELEASE_10:
1915 case START_STOP:
1916 case ALLOW_MEDIUM_REMOVAL:
1917 case GET_CONFIGURATION:
1918 case GET_EVENT_STATUS_NOTIFICATION:
1919 case MECHANISM_STATUS:
1920 case REQUEST_SENSE:
1921 break;
1922
1923 default:
cd723b85 1924 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 1925 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1926 return 0;
1927 }
1928 break;
1929 }
1930
c8dcb531
PB		 1931 /*
1932 * FIXME: we shouldn't return anything bigger than 4k, but the code
1933 * requires the buffer to be as big as req->cmd.xfer in several
1934 * places. So, do not allow CDBs with a very large ALLOCATION
1935 * LENGTH. The real fix would be to modify scsi_read_data and
1936 * dma_buf_read, so that they return data beyond the buflen
1937 * as all zeros.
1938 */
1939 if (req->cmd.xfer > 65536) {
1940 goto illegal_request;
1941 }
1942 r->buflen = MAX(4096, req->cmd.xfer);
1943
7285477a 1944 if (!r->iov.iov_base) {
4be74634 1945 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 1946 }
1947
af6d510d 1948 buflen = req->cmd.xfer;
7285477a 1949 outbuf = r->iov.iov_base;
c8dcb531 1950 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1951 switch (req->cmd.buf[0]) {
1952 case TEST_UNIT_READY:
cd723b85 1953 assert(blk_is_available(s->qdev.conf.blk));
5f71d32f 1954 break;
0b06c059
GH		 1955 case INQUIRY:
1956 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1957 if (buflen < 0) {
0b06c059 1958 goto illegal_request;
f01b5931 1959 }
5f71d32f 1960 break;
ebddfcbe
GH		 1961 case MODE_SENSE:
1962 case MODE_SENSE_10:
cfc606da 1963 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1964 if (buflen < 0) {
ebddfcbe 1965 goto illegal_request;
f01b5931 1966 }
ebddfcbe 1967 break;
02880f43
GH		 1968 case READ_TOC:
1969 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1970 if (buflen < 0) {
02880f43 1971 goto illegal_request;
f01b5931 1972 }
02880f43 1973 break;
3d53ba18 1974 case RESERVE:
f01b5931 1975 if (req->cmd.buf[1] & 1) {
3d53ba18 1976 goto illegal_request;
f01b5931 1977 }
3d53ba18
GH		 1978 break;
1979 case RESERVE_10:
f01b5931 1980 if (req->cmd.buf[1] & 3) {
3d53ba18 1981 goto illegal_request;
f01b5931 1982 }
3d53ba18
GH		 1983 break;
1984 case RELEASE:
f01b5931 1985 if (req->cmd.buf[1] & 1) {
3d53ba18 1986 goto illegal_request;
f01b5931 1987 }
3d53ba18
GH		 1988 break;
1989 case RELEASE_10:
f01b5931 1990 if (req->cmd.buf[1] & 3) {
3d53ba18 1991 goto illegal_request;
f01b5931 1992 }
3d53ba18 1993 break;
8d3628ff 1994 case START_STOP:
68bb01f3 1995 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1996 return 0;
68bb01f3 1997 }
5f71d32f 1998 break;
c68b9f34 1999 case ALLOW_MEDIUM_REMOVAL:
81b1008d 2000 s->tray_locked = req->cmd.buf[4] & 1;
4be74634 2001 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
5f71d32f 2002 break;
5e30a07d 2003 case READ_CAPACITY_10:
e7e25e32 2004 /* The normal LEN field for this command is zero. */
5f71d32f 2005 memset(outbuf, 0, 8);
4be74634 2006 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2007 if (!nb_sectors) {
9bcaf4fe 2008 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2009 return 0;
f01b5931 2010 }
7cec78b6
PB		 2011 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
2012 goto illegal_request;
2013 }
69377307 2014 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 2015 /* Returned value is the address of the last sector. */
2016 nb_sectors--;
2017 /* Remember the new size for read/write sanity checking. */
7877903a 2018 s->qdev.max_lba = nb_sectors;
e7e25e32 2019 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 2020 if (nb_sectors > UINT32_MAX) {
e7e25e32 2021 nb_sectors = UINT32_MAX;
f01b5931 2022 }
e7e25e32
GH		 2023 outbuf[0] = (nb_sectors >> 24) & 0xff;
2024 outbuf[1] = (nb_sectors >> 16) & 0xff;
2025 outbuf[2] = (nb_sectors >> 8) & 0xff;
2026 outbuf[3] = nb_sectors & 0xff;
2027 outbuf[4] = 0;
2028 outbuf[5] = 0;
69377307 2029 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 2030 outbuf[7] = 0;
5f71d32f 2031 break;
f3b338ef
PB		 2032 case REQUEST_SENSE:
2033 /* Just return "NO SENSE". */
37b6045c
PB		 2034 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2035 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 2036 if (buflen < 0) {
2037 goto illegal_request;
2038 }
f3b338ef 2039 break;
b6c251ab
PB		 2040 case MECHANISM_STATUS:
2041 buflen = scsi_emulate_mechanism_status(s, outbuf);
2042 if (buflen < 0) {
2043 goto illegal_request;
2044 }
2045 break;
38215553 2046 case GET_CONFIGURATION:
430ee2f2 2047 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 2048 if (buflen < 0) {
2049 goto illegal_request;
2050 }
2051 break;
2052 case GET_EVENT_STATUS_NOTIFICATION:
2053 buflen = scsi_get_event_status_notification(s, r, outbuf);
2054 if (buflen < 0) {
2055 goto illegal_request;
2056 }
2057 break;
1a4f0c3a
PB		 2058 case READ_DISC_INFORMATION:
2059 buflen = scsi_read_disc_information(s, r, outbuf);
2060 if (buflen < 0) {
2061 goto illegal_request;
2062 }
2063 break;
b6c251ab
PB		 2064 case READ_DVD_STRUCTURE:
2065 buflen = scsi_read_dvd_structure(s, r, outbuf);
2066 if (buflen < 0) {
2067 goto illegal_request;
2068 }
38215553 2069 break;
f6515262 2070 case SERVICE_ACTION_IN_16:
5dd90e2a 2071 /* Service Action In subcommands. */
f6515262 2072 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 2073 DPRINTF("SAI READ CAPACITY(16)\n");
2074 memset(outbuf, 0, req->cmd.xfer);
4be74634 2075 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2076 if (!nb_sectors) {
9bcaf4fe 2077 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2078 return 0;
f01b5931 2079 }
7cec78b6
PB		 2080 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2081 goto illegal_request;
2082 }
69377307 2083 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 2084 /* Returned value is the address of the last sector. */
2085 nb_sectors--;
2086 /* Remember the new size for read/write sanity checking. */
7877903a 2087 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 2088 outbuf[0] = (nb_sectors >> 56) & 0xff;
2089 outbuf[1] = (nb_sectors >> 48) & 0xff;
2090 outbuf[2] = (nb_sectors >> 40) & 0xff;
2091 outbuf[3] = (nb_sectors >> 32) & 0xff;
2092 outbuf[4] = (nb_sectors >> 24) & 0xff;
2093 outbuf[5] = (nb_sectors >> 16) & 0xff;
2094 outbuf[6] = (nb_sectors >> 8) & 0xff;
2095 outbuf[7] = nb_sectors & 0xff;
2096 outbuf[8] = 0;
2097 outbuf[9] = 0;
69377307 2098 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 2099 outbuf[11] = 0;
ee3659e3
CH		 2100 outbuf[12] = 0;
2101 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 2102
2103 /* set TPE bit if the format supports discard */
2104 if (s->qdev.conf.discard_granularity) {
2105 outbuf[14] = 0x80;
2106 }
2107
5dd90e2a 2108 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 2109 break;
2110 }
2111 DPRINTF("Unsupported Service Action In\n");
2112 goto illegal_request;
101aa85f
PB		 2113 case SYNCHRONIZE_CACHE:
2114 /* The request is used as the AIO opaque value, so add a ref. */
2115 scsi_req_ref(&r->req);
4be74634 2116 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 2117 BLOCK_ACCT_FLUSH);
4be74634 2118 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
101aa85f
PB		 2119 return 0;
2120 case SEEK_10:
2121 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2122 if (r->req.cmd.lba > s->qdev.max_lba) {
2123 goto illegal_lba;
2124 }
2125 break;
101aa85f 2126 case MODE_SELECT:
142c2145 2127 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
101aa85f
PB		 2128 break;
2129 case MODE_SELECT_10:
142c2145 2130 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
101aa85f 2131 break;
5222aaf2 2132 case UNMAP:
142c2145 2133 DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer);
5222aaf2 2134 break;
d97e7730
PB		 2135 case VERIFY_10:
2136 case VERIFY_12:
2137 case VERIFY_16:
4525c133 2138 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
d97e7730
PB		 2139 if (req->cmd.buf[1] & 6) {
2140 goto illegal_request;
2141 }
2142 break;
101aa85f 2143 case WRITE_SAME_10:
101aa85f 2144 case WRITE_SAME_16:
84f94a9a
PB		 2145 DPRINTF("WRITE SAME %d (len %lu)\n",
2146 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
142c2145 2147 (unsigned long)r->req.cmd.xfer);
84f94a9a 2148 break;
aa5dbdc1 2149 default:
b9e77bc7
AK		 2150 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2151 scsi_command_name(buf[0]));
b45ef674 2152 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 2153 return 0;
aa5dbdc1 2154 }
314a3299 2155 assert(!r->req.aiocb);
c8dcb531 2156 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 2157 if (r->iov.iov_len == 0) {
2158 scsi_req_complete(&r->req, GOOD);
2159 }
af6d510d
PB		 2160 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2161 assert(r->iov.iov_len == req->cmd.xfer);
2162 return -r->iov.iov_len;
2163 } else {
2164 return r->iov.iov_len;
2165 }
aa5dbdc1 2166
aa5dbdc1 2167illegal_request:
cfc606da
PB		 2168 if (r->req.status == -1) {
2169 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2170 }
b08d0ea0 2171 return 0;
101aa85f
PB		 2172
2173illegal_lba:
2174 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2175 return 0;
aa5dbdc1
GH		 2176}
2177
2e5d83bb
PB		 2178/* Execute a scsi command. Returns the length of the data expected by the
2179 command. This will be Positive for data transfers from the device
2180 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2181 and zero if the command does not transfer any data. */
2182
b08d0ea0 2183static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 2184{
5c6c0e51
HR		 2185 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
94f8ba11 2187 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
e93176d5 2188 uint32_t len;
a917d384 2189 uint8_t command;
a917d384
PB		 2190
2191 command = buf[0];
aa5dbdc1 2192
cd723b85 2193 if (!blk_is_available(s->qdev.conf.blk)) {
b08d0ea0
PB		 2194 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2195 return 0;
9bcaf4fe
PB		 2196 }
2197
1894df02 2198 len = scsi_data_cdb_xfer(r->req.cmd.buf);
a917d384 2199 switch (command) {
ebf46023
GH		 2200 case READ_6:
2201 case READ_10:
bd536cf3
GH		 2202 case READ_12:
2203 case READ_16:
e93176d5 2204 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2343be0d
PB		 2205 /* Protection information is not supported. For SCSI versions 2 and
2206 * older (as determined by snooping the guest's INQUIRY commands),
2207 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2208 */
2209 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
96bdbbab
RS		 2210 goto illegal_request;
2211 }
444bc908 2212 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2213 goto illegal_lba;
f01b5931 2214 }
69377307
PB		 2215 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2216 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 2217 break;
ebf46023
GH		 2218 case WRITE_6:
2219 case WRITE_10:
bd536cf3
GH		 2220 case WRITE_12:
2221 case WRITE_16:
5e30a07d 2222 case WRITE_VERIFY_10:
ebef0bbb
BK		 2223 case WRITE_VERIFY_12:
2224 case WRITE_VERIFY_16:
4be74634 2225 if (blk_is_read_only(s->qdev.conf.blk)) {
6a8a685c
RS		 2226 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2227 return 0;
2228 }
e93176d5 2229 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2dd791b6
HR		 2230 (command & 0xe) == 0xe ? "And Verify " : "",
2231 r->req.cmd.lba, len);
4f04560b 2232 /* fall through */
166dbda7
PB		 2233 case VERIFY_10:
2234 case VERIFY_12:
2235 case VERIFY_16:
2236 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2237 * As far as DMA is concerned, we can treat it the same as a write;
2238 * scsi_block_do_sgio will send VERIFY commands.
2239 */
2343be0d 2240 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
96bdbbab
RS		 2241 goto illegal_request;
2242 }
444bc908 2243 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2244 goto illegal_lba;
f01b5931 2245 }
69377307
PB		 2246 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2247 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 2248 break;
101aa85f 2249 default:
b08d0ea0 2250 abort();
96bdbbab
RS		 2251 illegal_request:
2252 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2253 return 0;
274fb0e1 2254 illegal_lba:
b45ef674 2255 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 2256 return 0;
2e5d83bb 2257 }
94f8ba11 2258 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
b08d0ea0 2259 if (r->sector_count == 0) {
b45ef674 2260 scsi_req_complete(&r->req, GOOD);
a917d384 2261 }
b08d0ea0 2262 assert(r->iov.iov_len == 0);
efb9ee02 2263 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
b08d0ea0 2264 return -r->sector_count * 512;
a917d384 2265 } else {
b08d0ea0 2266 return r->sector_count * 512;
2e5d83bb 2267 }
2e5d83bb
PB		 2268}
2269
e9447f35
JK		 2270static void scsi_disk_reset(DeviceState *dev)
2271{
2272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2273 uint64_t nb_sectors;
2274
c7b48872 2275 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 2276
4be74634 2277 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
69377307 2278 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 2279 if (nb_sectors) {
2280 nb_sectors--;
2281 }
7877903a 2282 s->qdev.max_lba = nb_sectors;
7721c7f7
PH		 2283 /* reset tray statuses */
2284 s->tray_locked = 0;
2285 s->tray_open = 0;
2343be0d
PB		 2286
2287 s->qdev.scsi_version = s->qdev.default_scsi_version;
e9447f35
JK		 2288}
2289
aaebacef
PB		 2290static void scsi_disk_resize_cb(void *opaque)
2291{
2292 SCSIDiskState *s = opaque;
2293
2294 /* SPC lists this sense code as available only for
2295 * direct-access devices.
2296 */
2297 if (s->qdev.type == TYPE_DISK) {
53200fad 2298 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 2299 }
2300}
2301
39829a01 2302static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2c6942fa 2303{
8a9c16f6
PB		 2304 SCSIDiskState *s = opaque;
2305
2306 /*
2307 * When a CD gets changed, we have to report an ejected state and
2308 * then a loaded state to guests so that they detect tray
2309 * open/close and media change events. Guests that do not use
2310 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2311 * states rely on this behavior.
2312 *
2313 * media_changed governs the state machine used for unit attention
2314 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2315 */
2316 s->media_changed = load;
2317 s->tray_open = !load;
e48e84ea 2318 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2319 s->media_event = true;
4480de19
PB		 2320 s->eject_request = false;
2321}
2322
2323static void scsi_cd_eject_request_cb(void *opaque, bool force)
2324{
2325 SCSIDiskState *s = opaque;
2326
2327 s->eject_request = true;
2328 if (force) {
2329 s->tray_locked = false;
2330 }
2c6942fa
MA		 2331}
2332
e4def80b
MA		 2333static bool scsi_cd_is_tray_open(void *opaque)
2334{
2335 return ((SCSIDiskState *)opaque)->tray_open;
2336}
2337
f107639a
MA		 2338static bool scsi_cd_is_medium_locked(void *opaque)
2339{
2340 return ((SCSIDiskState *)opaque)->tray_locked;
2341}
2342
aaebacef 2343static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2344 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2345 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2346 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2347 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2348
2349 .resize_cb = scsi_disk_resize_cb,
2350};
2351
2352static const BlockDevOps scsi_disk_block_ops = {
2353 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2354};
2355
8a9c16f6
PB		 2356static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2357{
2358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2359 if (s->media_changed) {
2360 s->media_changed = false;
e48e84ea 2361 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2362 }
2363}
2364
a818a4b6 2365static void scsi_realize(SCSIDevice *dev, Error **errp)
2e5d83bb 2366{
d52affa7 2367 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2e5d83bb 2368
4be74634 2369 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2370 error_setg(errp, "drive property not set");
2371 return;
d52affa7
GH		 2372 }
2373
bfe3d7ac 2374 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
4be74634 2375 !blk_is_inserted(s->qdev.conf.blk)) {
a818a4b6
FZ		 2376 error_setg(errp, "Device needs media, but drive is empty");
2377 return;
98f28ad7
MA		 2378 }
2379
0eb28a42 2380 blkconf_blocksizes(&s->qdev.conf);
3da023b5
MK		 2381
2382 if (s->qdev.conf.logical_block_size >
2383 s->qdev.conf.physical_block_size) {
2384 error_setg(errp,
2385 "logical_block_size > physical_block_size not supported");
2386 return;
2387 }
2388
5ff5efb4 2389 if (dev->type == TYPE_DISK) {
ceff3e1f 2390 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
a818a4b6 2391 return;
5ff5efb4 2392 }
b7eb0c9f 2393 }
ceff3e1f
MZ		 2394 if (!blkconf_apply_backend_options(&dev->conf,
2395 blk_is_read_only(s->qdev.conf.blk),
2396 dev->type == TYPE_DISK, errp)) {
a17c17a2
KW		 2397 return;
2398 }
a0fef654 2399
215e47b9
PB		 2400 if (s->qdev.conf.discard_granularity == -1) {
2401 s->qdev.conf.discard_granularity =
2402 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2403 }
2404
552fee93 2405 if (!s->version) {
35c2c8dc 2406 s->version = g_strdup(qemu_hw_version());
552fee93 2407 }
353815aa
DF		 2408 if (!s->vendor) {
2409 s->vendor = g_strdup("QEMU");
2410 }
552fee93 2411
4be74634 2412 if (blk_is_sg(s->qdev.conf.blk)) {
a818a4b6
FZ		 2413 error_setg(errp, "unwanted /dev/sg*");
2414 return;
32bb404a
MA		 2415 }
2416
18e673b8
PH		 2417 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2418 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
4be74634 2419 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
aaebacef 2420 } else {
4be74634 2421 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2e5d83bb 2422 }
4be74634 2423 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
8cfacf07 2424
4be74634 2425 blk_iostatus_enable(s->qdev.conf.blk);
d52affa7
GH		 2426}
2427
a818a4b6 2428static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2429{
e39be482 2430 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
df1d4c34
ET		 2431 /* can happen for devices without drive. The error message for missing
2432 * backend will be issued in scsi_realize
2433 */
2434 if (s->qdev.conf.blk) {
2435 blkconf_blocksizes(&s->qdev.conf);
2436 }
e39be482
PB		 2437 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2438 s->qdev.type = TYPE_DISK;
353815aa
DF		 2439 if (!s->product) {
2440 s->product = g_strdup("QEMU HARDDISK");
2441 }
a818a4b6 2442 scsi_realize(&s->qdev, errp);
b443ae67
MA		 2443}
2444
a818a4b6 2445static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2446{
e39be482 2447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
83b4fe0e 2448 int ret;
9ef6e505
KW		 2449
2450 if (!dev->conf.blk) {
83b4fe0e
KW		 2451 /* Anonymous BlockBackend for an empty drive. As we put it into
2452 * dev->conf, qdev takes care of detaching on unplug. */
6d0eb64d 2453 dev->conf.blk = blk_new(0, BLK_PERM_ALL);
83b4fe0e
KW		 2454 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2455 assert(ret == 0);
9ef6e505
KW		 2456 }
2457
e39be482
PB		 2458 s->qdev.blocksize = 2048;
2459 s->qdev.type = TYPE_ROM;
bfe3d7ac 2460 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2461 if (!s->product) {
2462 s->product = g_strdup("QEMU CD-ROM");
2463 }
a818a4b6 2464 scsi_realize(&s->qdev, errp);
b443ae67
MA		 2465}
2466
a818a4b6 2467static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
b443ae67 2468{
95b5edcd 2469 DriveInfo *dinfo;
a818a4b6 2470 Error *local_err = NULL;
b443ae67 2471
4be74634 2472 if (!dev->conf.blk) {
a818a4b6
FZ		 2473 scsi_realize(dev, &local_err);
2474 assert(local_err);
2475 error_propagate(errp, local_err);
2476 return;
b443ae67
MA		 2477 }
2478
4be74634 2479 dinfo = blk_legacy_dinfo(dev->conf.blk);
26f8b3a8 2480 if (dinfo && dinfo->media_cd) {
a818a4b6 2481 scsi_cd_realize(dev, errp);
e39be482 2482 } else {
a818a4b6 2483 scsi_hd_realize(dev, errp);
e39be482 2484 }
b443ae67
MA		 2485}
2486
b08d0ea0 2487static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2488 .size = sizeof(SCSIDiskReq),
12010e7b 2489 .free_req = scsi_free_request,
b08d0ea0 2490 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2491 .read_data = scsi_disk_emulate_read_data,
2492 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2493 .get_buf = scsi_get_buf,
2494};
2495
2496static const SCSIReqOps scsi_disk_dma_reqops = {
2497 .size = sizeof(SCSIDiskReq),
2498 .free_req = scsi_free_request,
2499 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2500 .read_data = scsi_read_data,
2501 .write_data = scsi_write_data,
12010e7b 2502 .get_buf = scsi_get_buf,
43b978b9
PB		 2503 .load_request = scsi_disk_load_request,
2504 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2505};
2506
b08d0ea0
PB		 2507static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2508 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2509 [INQUIRY] = &scsi_disk_emulate_reqops,
2510 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2511 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2512 [START_STOP] = &scsi_disk_emulate_reqops,
2513 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2514 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2515 [READ_TOC] = &scsi_disk_emulate_reqops,
2516 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2517 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2518 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2519 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2520 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2521 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2522 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2523 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2524 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2525 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2526 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2527 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2528 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2529 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
d97e7730
PB		 2530 [VERIFY_10] = &scsi_disk_emulate_reqops,
2531 [VERIFY_12] = &scsi_disk_emulate_reqops,
2532 [VERIFY_16] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2533
2534 [READ_6] = &scsi_disk_dma_reqops,
2535 [READ_10] = &scsi_disk_dma_reqops,
2536 [READ_12] = &scsi_disk_dma_reqops,
2537 [READ_16] = &scsi_disk_dma_reqops,
b08d0ea0
PB		 2538 [WRITE_6] = &scsi_disk_dma_reqops,
2539 [WRITE_10] = &scsi_disk_dma_reqops,
2540 [WRITE_12] = &scsi_disk_dma_reqops,
2541 [WRITE_16] = &scsi_disk_dma_reqops,
2542 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2543 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2544 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2545};
2546
63db0f0e
PB		 2547static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2548 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2549{
2550 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2551 SCSIRequest *req;
b08d0ea0
PB		 2552 const SCSIReqOps *ops;
2553 uint8_t command;
8dbd4574 2554
79fb50bb
PB		 2555 command = buf[0];
2556 ops = scsi_disk_reqops_dispatch[command];
2557 if (!ops) {
2558 ops = &scsi_disk_emulate_reqops;
2559 }
2560 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2561
b08d0ea0 2562#ifdef DEBUG_SCSI
79fb50bb 2563 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
b08d0ea0
PB		 2564 {
2565 int i;
1894df02 2566 for (i = 1; i < scsi_cdb_length(buf); i++) {
b08d0ea0
PB		 2567 printf(" 0x%02x", buf[i]);
2568 }
2569 printf("\n");
2570 }
2571#endif
2572
8dbd4574
PB		 2573 return req;
2574}
2575
336a6915
PB		 2576#ifdef __linux__
2577static int get_device_type(SCSIDiskState *s)
2578{
336a6915
PB		 2579 uint8_t cmd[16];
2580 uint8_t buf[36];
336a6915
PB		 2581 int ret;
2582
2583 memset(cmd, 0, sizeof(cmd));
2584 memset(buf, 0, sizeof(buf));
2585 cmd[0] = INQUIRY;
2586 cmd[4] = sizeof(buf);
2587
a0c7e35b
DHB		 2588 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2589 buf, sizeof(buf));
2590 if (ret < 0) {
336a6915
PB		 2591 return -1;
2592 }
2593 s->qdev.type = buf[0];
bfe3d7ac
PB		 2594 if (buf[1] & 0x80) {
2595 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2596 }
336a6915
PB		 2597 return 0;
2598}
2599
a818a4b6 2600static void scsi_block_realize(SCSIDevice *dev, Error **errp)
336a6915
PB		 2601{
2602 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2603 int sg_version;
2604 int rc;
2605
4be74634 2606 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2607 error_setg(errp, "drive property not set");
2608 return;
336a6915
PB		 2609 }
2610
51f43d57
FZ		 2611 if (s->rotation_rate) {
2612 error_report_once("rotation_rate is specified for scsi-block but is "
2613 "not implemented. This option is deprecated and will "
2614 "be removed in a future version");
2615 }
2616
336a6915 2617 /* check we are using a driver managing SG_IO (version 3 and after) */
4be74634 2618 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
4bbeb8b1 2619 if (rc < 0) {
09c2c6ff
PB		 2620 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2621 if (rc != -EPERM) {
2622 error_append_hint(errp, "Is this a SCSI device?\n");
2623 }
a818a4b6 2624 return;
4bbeb8b1
FZ		 2625 }
2626 if (sg_version < 30000) {
a818a4b6
FZ		 2627 error_setg(errp, "scsi generic interface too old");
2628 return;
336a6915
PB		 2629 }
2630
2631 /* get device type from INQUIRY data */
2632 rc = get_device_type(s);
2633 if (rc < 0) {
a818a4b6
FZ		 2634 error_setg(errp, "INQUIRY failed");
2635 return;
336a6915
PB		 2636 }
2637
2638 /* Make a guess for the block size, we'll fix it when the guest sends.
2639 * READ CAPACITY. If they don't, they likely would assume these sizes
2640 * anyway. (TODO: check in /sys).
2641 */
2642 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2643 s->qdev.blocksize = 2048;
2644 } else {
2645 s->qdev.blocksize = 512;
2646 }
18e673b8
PH		 2647
2648 /* Makes the scsi-block device not removable by using HMP and QMP eject
2649 * command.
2650 */
2651 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2652
a818a4b6 2653 scsi_realize(&s->qdev, errp);
a71c775b 2654 scsi_generic_read_device_inquiry(&s->qdev);
336a6915
PB		 2655}
2656
8fdc7839
PB		 2657typedef struct SCSIBlockReq {
2658 SCSIDiskReq req;
2659 sg_io_hdr_t io_header;
2660
2661 /* Selected bytes of the original CDB, copied into our own CDB. */
2662 uint8_t cmd, cdb1, group_number;
2663
2664 /* CDB passed to SG_IO. */
2665 uint8_t cdb[16];
2666} SCSIBlockReq;
2667
2668static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2669 int64_t offset, QEMUIOVector *iov,
2670 int direction,
2671 BlockCompletionFunc *cb, void *opaque)
2672{
2673 sg_io_hdr_t *io_header = &req->io_header;
2674 SCSIDiskReq *r = &req->req;
2675 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2676 int nb_logical_blocks;
2677 uint64_t lba;
2678 BlockAIOCB *aiocb;
2679
2680 /* This is not supported yet. It can only happen if the guest does
2681 * reads and writes that are not aligned to one logical sectors
2682 * _and_ cover multiple MemoryRegions.
2683 */
2684 assert(offset % s->qdev.blocksize == 0);
2685 assert(iov->size % s->qdev.blocksize == 0);
2686
2687 io_header->interface_id = 'S';
2688
2689 /* The data transfer comes from the QEMUIOVector. */
2690 io_header->dxfer_direction = direction;
2691 io_header->dxfer_len = iov->size;
2692 io_header->dxferp = (void *)iov->iov;
2693 io_header->iovec_count = iov->niov;
2694 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2695
2696 /* Build a new CDB with the LBA and length patched in, in case
2697 * DMA helpers split the transfer in multiple segments. Do not
2698 * build a CDB smaller than what the guest wanted, and only build
2699 * a larger one if strictly necessary.
2700 */
2701 io_header->cmdp = req->cdb;
2702 lba = offset / s->qdev.blocksize;
2703 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2704
2705 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2706 /* 6-byte CDB */
2707 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2708 req->cdb[4] = nb_logical_blocks;
2709 req->cdb[5] = 0;
2710 io_header->cmd_len = 6;
2711 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2712 /* 10-byte CDB */
2713 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2714 req->cdb[1] = req->cdb1;
2715 stl_be_p(&req->cdb[2], lba);
2716 req->cdb[6] = req->group_number;
2717 stw_be_p(&req->cdb[7], nb_logical_blocks);
2718 req->cdb[9] = 0;
2719 io_header->cmd_len = 10;
2720 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2721 /* 12-byte CDB */
2722 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2723 req->cdb[1] = req->cdb1;
2724 stl_be_p(&req->cdb[2], lba);
2725 stl_be_p(&req->cdb[6], nb_logical_blocks);
2726 req->cdb[10] = req->group_number;
2727 req->cdb[11] = 0;
2728 io_header->cmd_len = 12;
2729 } else {
2730 /* 16-byte CDB */
2731 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2732 req->cdb[1] = req->cdb1;
2733 stq_be_p(&req->cdb[2], lba);
2734 stl_be_p(&req->cdb[10], nb_logical_blocks);
2735 req->cdb[14] = req->group_number;
2736 req->cdb[15] = 0;
2737 io_header->cmd_len = 16;
2738 }
2739
2740 /* The rest is as in scsi-generic.c. */
2741 io_header->mx_sb_len = sizeof(r->req.sense);
2742 io_header->sbp = r->req.sense;
2743 io_header->timeout = UINT_MAX;
2744 io_header->usr_ptr = r;
2745 io_header->flags |= SG_FLAG_DIRECT_IO;
2746
2747 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2748 assert(aiocb != NULL);
2749 return aiocb;
2750}
2751
2752static bool scsi_block_no_fua(SCSICommand *cmd)
2753{
2754 return false;
2755}
2756
2757static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2758 QEMUIOVector *iov,
2759 BlockCompletionFunc *cb, void *cb_opaque,
2760 void *opaque)
2761{
2762 SCSIBlockReq *r = opaque;
2763 return scsi_block_do_sgio(r, offset, iov,
2764 SG_DXFER_FROM_DEV, cb, cb_opaque);
2765}
2766
2767static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2768 QEMUIOVector *iov,
2769 BlockCompletionFunc *cb, void *cb_opaque,
2770 void *opaque)
2771{
2772 SCSIBlockReq *r = opaque;
2773 return scsi_block_do_sgio(r, offset, iov,
2774 SG_DXFER_TO_DEV, cb, cb_opaque);
2775}
2776
592c3b28 2777static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
336a6915 2778{
336a6915 2779 switch (buf[0]) {
8fdc7839
PB		 2780 case VERIFY_10:
2781 case VERIFY_12:
2782 case VERIFY_16:
2783 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2784 * for the number of logical blocks specified in the length
2785 * field). For other modes, do not use scatter/gather operation.
2786 */
1f8af0d1 2787 if ((buf[1] & 6) == 2) {
8fdc7839
PB		 2788 return false;
2789 }
2790 break;
2791
336a6915
PB		 2792 case READ_6:
2793 case READ_10:
2794 case READ_12:
2795 case READ_16:
2796 case WRITE_6:
2797 case WRITE_10:
2798 case WRITE_12:
2799 case WRITE_16:
2800 case WRITE_VERIFY_10:
2801 case WRITE_VERIFY_12:
2802 case WRITE_VERIFY_16:
8fdc7839 2803 /* MMC writing cannot be done via DMA helpers, because it sometimes
33ebad12 2804 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
166dbda7 2805 * We might use scsi_block_dma_reqops as long as no writing commands are
33ebad12
PB		 2806 * seen, but performance usually isn't paramount on optical media. So,
2807 * just make scsi-block operate the same as scsi-generic for them.
2808 */
b08d0ea0 2809 if (s->qdev.type != TYPE_ROM) {
592c3b28 2810 return false;
b08d0ea0 2811 }
592c3b28
PB		 2812 break;
2813
2814 default:
2815 break;
336a6915
PB		 2816 }
2817
592c3b28
PB		 2818 return true;
2819}
2820
2821
8fdc7839
PB		 2822static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2823{
2824 SCSIBlockReq *r = (SCSIBlockReq *)req;
2343be0d
PB		 2825 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2826
8fdc7839
PB		 2827 r->cmd = req->cmd.buf[0];
2828 switch (r->cmd >> 5) {
2829 case 0:
2830 /* 6-byte CDB. */
2831 r->cdb1 = r->group_number = 0;
2832 break;
2833 case 1:
2834 /* 10-byte CDB. */
2835 r->cdb1 = req->cmd.buf[1];
2836 r->group_number = req->cmd.buf[6];
ed45cae3 2837 break;
8fdc7839
PB		 2838 case 4:
2839 /* 12-byte CDB. */
2840 r->cdb1 = req->cmd.buf[1];
2841 r->group_number = req->cmd.buf[10];
2842 break;
2843 case 5:
2844 /* 16-byte CDB. */
2845 r->cdb1 = req->cmd.buf[1];
2846 r->group_number = req->cmd.buf[14];
2847 break;
2848 default:
2849 abort();
2850 }
2851
2343be0d
PB		 2852 /* Protection information is not supported. For SCSI versions 2 and
2853 * older (as determined by snooping the guest's INQUIRY commands),
2854 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2855 */
2856 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
8fdc7839
PB		 2857 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2858 return 0;
2859 }
2860
2861 r->req.status = &r->io_header.status;
2862 return scsi_disk_dma_command(req, buf);
2863}
2864
2865static const SCSIReqOps scsi_block_dma_reqops = {
2866 .size = sizeof(SCSIBlockReq),
2867 .free_req = scsi_free_request,
2868 .send_command = scsi_block_dma_command,
2869 .read_data = scsi_read_data,
2870 .write_data = scsi_write_data,
2871 .get_buf = scsi_get_buf,
2872 .load_request = scsi_disk_load_request,
2873 .save_request = scsi_disk_save_request,
2874};
2875
592c3b28
PB		 2876static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2877 uint32_t lun, uint8_t *buf,
2878 void *hba_private)
2879{
2880 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2881
2882 if (scsi_block_is_passthrough(s, buf)) {
2883 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2884 hba_private);
2885 } else {
8fdc7839 2886 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
592c3b28
PB		 2887 hba_private);
2888 }
336a6915 2889}
3e7e180a
PB		 2890
2891static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2892 uint8_t *buf, void *hba_private)
2893{
2894 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2895
2896 if (scsi_block_is_passthrough(s, buf)) {
2897 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2898 } else {
2899 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2900 }
2901}
2902
336a6915
PB		 2903#endif
2904
fcaafb10
PB		 2905static
2906BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2907 BlockCompletionFunc *cb, void *cb_opaque,
2908 void *opaque)
2909{
2910 SCSIDiskReq *r = opaque;
2911 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2912 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2913}
2914
2915static
2916BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2917 BlockCompletionFunc *cb, void *cb_opaque,
2918 void *opaque)
2919{
2920 SCSIDiskReq *r = opaque;
2921 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2922 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2923}
2924
993935f3
PB		 2925static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2926{
2927 DeviceClass *dc = DEVICE_CLASS(klass);
fcaafb10 2928 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
993935f3
PB		 2929
2930 dc->fw_name = "disk";
2931 dc->reset = scsi_disk_reset;
fcaafb10
PB		 2932 sdc->dma_readv = scsi_dma_readv;
2933 sdc->dma_writev = scsi_dma_writev;
94f8ba11 2934 sdc->need_fua_emulation = scsi_is_cmd_fua;
993935f3
PB		 2935}
2936
2937static const TypeInfo scsi_disk_base_info = {
2938 .name = TYPE_SCSI_DISK_BASE,
2939 .parent = TYPE_SCSI_DEVICE,
2940 .class_init = scsi_disk_base_class_initfn,
2941 .instance_size = sizeof(SCSIDiskState),
fcaafb10 2942 .class_size = sizeof(SCSIDiskClass),
6214a11a 2943 .abstract = true,
993935f3
PB		 2944};
2945
353815aa
DF		 2946#define DEFINE_SCSI_DISK_PROPERTIES() \
2947 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
8c398252 2948 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
353815aa
DF		 2949 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2950 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2951 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2952 DEFINE_PROP_STRING("product", SCSIDiskState, product)
b443ae67 2953
39bffca2
AL		 2954static Property scsi_hd_properties[] = {
2955 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2956 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2957 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2958 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2959 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 2960 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2961 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 2962 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 2963 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2964 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 2965 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2966 DEFAULT_MAX_IO_SIZE),
070f8009 2967 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
2343be0d
PB		 2968 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
2969 5),
d252df48 2970 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 2971 DEFINE_PROP_END_OF_LIST(),
2972};
2973
43b978b9
PB		 2974static const VMStateDescription vmstate_scsi_disk_state = {
2975 .name = "scsi-disk",
2976 .version_id = 1,
2977 .minimum_version_id = 1,
43b978b9
PB		 2978 .fields = (VMStateField[]) {
2979 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2980 VMSTATE_BOOL(media_changed, SCSIDiskState),
2981 VMSTATE_BOOL(media_event, SCSIDiskState),
2982 VMSTATE_BOOL(eject_request, SCSIDiskState),
2983 VMSTATE_BOOL(tray_open, SCSIDiskState),
2984 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2985 VMSTATE_END_OF_LIST()
2986 }
2987};
2988
b9eea3e6
AL		 2989static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2990{
39bffca2 2991 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2992 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2993
a818a4b6 2994 sc->realize = scsi_hd_realize;
b9eea3e6
AL		 2995 sc->alloc_req = scsi_new_request;
2996 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 2997 dc->desc = "virtual SCSI disk";
39bffca2 2998 dc->props = scsi_hd_properties;
43b978b9 2999 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3000}
3001
8c43a6f0 3002static const TypeInfo scsi_hd_info = {
39bffca2 3003 .name = "scsi-hd",
993935f3 3004 .parent = TYPE_SCSI_DISK_BASE,
39bffca2
AL		 3005 .class_init = scsi_hd_class_initfn,
3006};
3007
3008static Property scsi_cd_properties[] = {
3009 DEFINE_SCSI_DISK_PROPERTIES(),
2ecab408
PB		 3010 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3011 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 3012 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
f8e1f533
PB		 3013 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3014 DEFAULT_MAX_IO_SIZE),
2343be0d
PB		 3015 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3016 5),
39bffca2 3017 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 3018};
3019
3020static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3021{
39bffca2 3022 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 3023 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3024
a818a4b6 3025 sc->realize = scsi_cd_realize;
b9eea3e6
AL		 3026 sc->alloc_req = scsi_new_request;
3027 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 3028 dc->desc = "virtual SCSI CD-ROM";
39bffca2 3029 dc->props = scsi_cd_properties;
43b978b9 3030 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3031}
3032
8c43a6f0 3033static const TypeInfo scsi_cd_info = {
39bffca2 3034 .name = "scsi-cd",
993935f3 3035 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3036 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 3037};
3038
336a6915 3039#ifdef __linux__
39bffca2 3040static Property scsi_block_properties[] = {
14b20748 3041 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
4be74634 3042 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
07488549 3043 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
070f8009 3044 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
0a96ca24
DHB		 3045 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3046 DEFAULT_MAX_UNMAP_SIZE),
3047 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3048 DEFAULT_MAX_IO_SIZE),
2343be0d 3049 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
29e560f0 3050 -1),
39bffca2
AL		 3051 DEFINE_PROP_END_OF_LIST(),
3052};
3053
b9eea3e6
AL		 3054static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3055{
39bffca2 3056 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6 3057 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
8fdc7839 3058 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
b9eea3e6 3059
a818a4b6 3060 sc->realize = scsi_block_realize;
b9eea3e6 3061 sc->alloc_req = scsi_block_new_request;
3e7e180a 3062 sc->parse_cdb = scsi_block_parse_cdb;
8fdc7839
PB		 3063 sdc->dma_readv = scsi_block_dma_readv;
3064 sdc->dma_writev = scsi_block_dma_writev;
3065 sdc->need_fua_emulation = scsi_block_no_fua;
39bffca2 3066 dc->desc = "SCSI block device passthrough";
39bffca2 3067 dc->props = scsi_block_properties;
43b978b9 3068 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3069}
3070
8c43a6f0 3071static const TypeInfo scsi_block_info = {
39bffca2 3072 .name = "scsi-block",
993935f3 3073 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3074 .class_init = scsi_block_class_initfn,
b9eea3e6 3075};
336a6915 3076#endif
b9eea3e6 3077
39bffca2
AL		 3078static Property scsi_disk_properties[] = {
3079 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 3080 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3081 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 3082 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3083 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 3084 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3085 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 3086 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 3087 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3088 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 3089 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3090 DEFAULT_MAX_IO_SIZE),
2343be0d
PB		 3091 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3092 5),
39bffca2
AL		 3093 DEFINE_PROP_END_OF_LIST(),
3094};
3095
b9eea3e6
AL		 3096static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
3097{
39bffca2 3098 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 3099 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3100
a818a4b6 3101 sc->realize = scsi_disk_realize;
b9eea3e6
AL		 3102 sc->alloc_req = scsi_new_request;
3103 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 3104 dc->fw_name = "disk";
3105 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
3106 dc->reset = scsi_disk_reset;
3107 dc->props = scsi_disk_properties;
43b978b9 3108 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 3109}
3110
8c43a6f0 3111static const TypeInfo scsi_disk_info = {
39bffca2 3112 .name = "scsi-disk",
993935f3 3113 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3114 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 3115};
3116
83f7d43a 3117static void scsi_disk_register_types(void)
d52affa7 3118{
993935f3 3119 type_register_static(&scsi_disk_base_info);
39bffca2
AL		 3120 type_register_static(&scsi_hd_info);
3121 type_register_static(&scsi_cd_info);
b9eea3e6 3122#ifdef __linux__
39bffca2 3123 type_register_static(&scsi_block_info);
b9eea3e6 3124#endif
39bffca2 3125 type_register_static(&scsi_disk_info);
8ccc2ace 3126}
83f7d43a
AF		 3127
3128type_init(scsi_disk_register_types)
QEMU mirror