]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Introduce a 'client_add' monitor command accepting an open FD
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb
PB		 14 *
15 * This code is licenced under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
5dba48a8
KW		 44#define SCSI_REQ_STATUS_RETRY 0x01
45#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46#define SCSI_REQ_STATUS_RETRY_READ 0x00
47#define SCSI_REQ_STATUS_RETRY_WRITE 0x02
78ced65e 48#define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
ea8a5d7f 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
c87c0672
AL		 57 struct iovec iov;
58 QEMUIOVector qiov;
ea8a5d7f 59 uint32_t status;
4c41d2ef 60} SCSIDiskReq;
a917d384 61
b443ae67
MA		 62typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
63
d52affa7 64struct SCSIDiskState
a917d384 65{
d52affa7 66 SCSIDevice qdev;
428c149b 67 BlockDriverState *bs;
a917d384
PB		 68 /* The qemu block layer uses a fixed 512 byte sector size.
69 This is the number of 512 byte blocks in a single scsi sector. */
70 int cluster_size;
419e691f 71 uint32_t removable;
274fb0e1 72 uint64_t max_lba;
213189ab 73 QEMUBH *bh;
383b4d9b 74 char *version;
a0fef654 75 char *serial;
a6d96eb7 76 SCSISense sense;
b443ae67 77 SCSIDriveKind drive_kind;
2e5d83bb
PB		 78};
79
5dba48a8 80static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78ced65e 81static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
5dba48a8 82
5c6c0e51 83static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
c5bf71a9 84 uint32_t lun, void *hba_private)
2e5d83bb 85{
5c6c0e51 86 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
89b08ae1 87 SCSIRequest *req;
4c41d2ef 88 SCSIDiskReq *r;
a917d384 89
c5bf71a9 90 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun, hba_private);
89b08ae1 91 r = DO_UPCAST(SCSIDiskReq, req, req);
72aef731 92 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
5c6c0e51 93 return req;
2e5d83bb
PB		 94}
95
ad2d30f7 96static void scsi_free_request(SCSIRequest *req)
4d611c9a 97{
ad2d30f7
PB		 98 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
99
f8a83245 100 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 101}
102
a6d96eb7 103static void scsi_disk_clear_sense(SCSIDiskState *s)
ed3a34a3 104{
a6d96eb7
HR		 105 memset(&s->sense, 0, sizeof(s->sense));
106}
107
a1f0cce2 108static void scsi_req_set_status(SCSIDiskReq *r, int status, SCSISense sense)
a6d96eb7
HR		 109{
110 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
111
112 r->req.status = status;
a1f0cce2 113 s->sense = sense;
ed3a34a3
GH		 114}
115
a917d384 116/* Helper function for command completion. */
a1f0cce2 117static void scsi_command_complete(SCSIDiskReq *r, int status, SCSISense sense)
a917d384 118{
a1f0cce2
HR		 119 DPRINTF("Command complete tag=0x%x status=%d sense=%d/%d/%d\n",
120 r->req.tag, status, sense.key, sense.asc, sense.ascq);
a6d96eb7 121 scsi_req_set_status(r, status, sense);
ed3a34a3 122 scsi_req_complete(&r->req);
4d611c9a
PB		 123}
124
125/* Cancel a pending data transfer. */
5c6c0e51 126static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 127{
5c6c0e51
HR		 128 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
129
130 DPRINTF("Cancel tag=0x%x\n", req->tag);
131 if (r->req.aiocb) {
132 bdrv_aio_cancel(r->req.aiocb);
a917d384 133 }
5c6c0e51 134 r->req.aiocb = NULL;
a917d384
PB		 135}
136
137static void scsi_read_complete(void * opaque, int ret)
138{
4c41d2ef 139 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5dba48a8 140 int n;
a917d384 141
3e94cb02
JK		 142 r->req.aiocb = NULL;
143
a917d384 144 if (ret) {
5dba48a8
KW		 145 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
146 return;
147 }
4d611c9a 148 }
5dba48a8 149
aa2b1e89 150 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 151
5dba48a8
KW		 152 n = r->iov.iov_len / 512;
153 r->sector += n;
154 r->sector_count -= n;
ab9adc88 155 scsi_req_data(&r->req, r->iov.iov_len);
4d611c9a
PB		 156}
157
5dba48a8 158
5c6c0e51
HR		 159/* Read more data from scsi device into buffer. */
160static void scsi_read_data(SCSIRequest *req)
2e5d83bb 161{
5c6c0e51 162 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 163 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 164 uint32_t n;
165
a917d384 166 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 167 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 168 r->sector_count = 0;
ab9adc88 169 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 170 return;
2e5d83bb 171 }
a917d384
PB		 172 DPRINTF("Read sector_count=%d\n", r->sector_count);
173 if (r->sector_count == 0) {
a1f0cce2 174 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384 175 return;
2e5d83bb
PB		 176 }
177
6fa2c95f
SH		 178 /* No data transfer may already be in progress */
179 assert(r->req.aiocb == NULL);
180
efb9ee02
HR		 181 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
182 DPRINTF("Data transfer direction invalid\n");
183 scsi_read_complete(r, -EINVAL);
184 return;
185 }
186
a917d384
PB		 187 n = r->sector_count;
188 if (n > SCSI_DMA_BUF_SIZE / 512)
189 n = SCSI_DMA_BUF_SIZE / 512;
190
c87c0672
AL		 191 r->iov.iov_len = n * 512;
192 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 193 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 194 scsi_read_complete, r);
d33ea50a
KW		 195 if (r->req.aiocb == NULL) {
196 scsi_read_complete(r, -EIO);
197 }
2e5d83bb
PB		 198}
199
5dba48a8
KW		 200static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
201{
202 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
4c41d2ef 203 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 204 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
ea8a5d7f 205
380f640f 206 if (action == BLOCK_ERR_IGNORE) {
5dba48a8 207 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 208 return 0;
380f640f 209 }
ea8a5d7f
AL		 210
211 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
212 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8
KW		 213
214 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
215 r->status |= SCSI_REQ_STATUS_RETRY | type;
216
217 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
e07bbac5 218 vm_stop(VMSTOP_DISKFULL);
ea8a5d7f 219 } else {
5dba48a8 220 if (type == SCSI_REQ_STATUS_RETRY_READ) {
ab9adc88 221 scsi_req_data(&r->req, 0);
5dba48a8 222 }
efb9ee02
HR		 223 switch (error) {
224 case ENOMEM:
a1f0cce2
HR		 225 scsi_command_complete(r, CHECK_CONDITION,
226 SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 227 break;
228 case EINVAL:
229 scsi_command_complete(r, CHECK_CONDITION,
230 SENSE_CODE(INVALID_FIELD));
231 break;
232 default:
a1f0cce2
HR		 233 scsi_command_complete(r, CHECK_CONDITION,
234 SENSE_CODE(IO_ERROR));
efb9ee02 235 break;
a1f0cce2 236 }
5dba48a8 237 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 238 }
ea8a5d7f
AL		 239 return 1;
240}
241
4d611c9a
PB		 242static void scsi_write_complete(void * opaque, int ret)
243{
4c41d2ef 244 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 245 uint32_t len;
ea8a5d7f
AL		 246 uint32_t n;
247
4c41d2ef 248 r->req.aiocb = NULL;
4d611c9a
PB		 249
250 if (ret) {
5dba48a8 251 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
ea8a5d7f 252 return;
5dba48a8 253 }
4d611c9a
PB		 254 }
255
c87c0672 256 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 257 r->sector += n;
258 r->sector_count -= n;
a917d384 259 if (r->sector_count == 0) {
a1f0cce2 260 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384
PB		 261 } else {
262 len = r->sector_count * 512;
263 if (len > SCSI_DMA_BUF_SIZE) {
264 len = SCSI_DMA_BUF_SIZE;
265 }
c87c0672 266 r->iov.iov_len = len;
4c41d2ef 267 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
ab9adc88 268 scsi_req_data(&r->req, len);
4d611c9a 269 }
4d611c9a
PB		 270}
271
42741212 272static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 273{
5c6c0e51 274 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 275 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 276 uint32_t n;
277
6fa2c95f
SH		 278 /* No data transfer may already be in progress */
279 assert(r->req.aiocb == NULL);
280
efb9ee02
HR		 281 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
282 DPRINTF("Data transfer direction invalid\n");
283 scsi_write_complete(r, -EINVAL);
42741212 284 return;
efb9ee02
HR		 285 }
286
c87c0672 287 n = r->iov.iov_len / 512;
ea8a5d7f 288 if (n) {
c87c0672 289 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 290 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 291 scsi_write_complete, r);
d33ea50a 292 if (r->req.aiocb == NULL) {
a1f0cce2 293 scsi_write_complete(r, -ENOMEM);
d33ea50a 294 }
ea8a5d7f
AL		 295 } else {
296 /* Invoke completion routine to fetch data from host. */
297 scsi_write_complete(r, 0);
298 }
a917d384 299}
2e5d83bb 300
213189ab 301static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 302{
d52affa7 303 SCSIDiskState *s = opaque;
9af99d98
GH		 304 SCSIRequest *req;
305 SCSIDiskReq *r;
213189ab
MA		 306
307 qemu_bh_delete(s->bh);
308 s->bh = NULL;
ea8a5d7f 309
9af99d98
GH		 310 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
311 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f 312 if (r->status & SCSI_REQ_STATUS_RETRY) {
5dba48a8 313 int status = r->status;
78ced65e
KW		 314 int ret;
315
5dba48a8
KW		 316 r->status &=
317 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
318
319 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
320 case SCSI_REQ_STATUS_RETRY_READ:
5c6c0e51 321 scsi_read_data(&r->req);
5dba48a8
KW		 322 break;
323 case SCSI_REQ_STATUS_RETRY_WRITE:
5c6c0e51 324 scsi_write_data(&r->req);
5dba48a8 325 break;
78ced65e
KW		 326 case SCSI_REQ_STATUS_RETRY_FLUSH:
327 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
328 if (ret == 0) {
a1f0cce2 329 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
78ced65e 330 }
5dba48a8 331 }
ea8a5d7f 332 }
ea8a5d7f
AL		 333 }
334}
335
213189ab
MA		 336static void scsi_dma_restart_cb(void *opaque, int running, int reason)
337{
d52affa7 338 SCSIDiskState *s = opaque;
213189ab
MA		 339
340 if (!running)
341 return;
342
343 if (!s->bh) {
344 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
345 qemu_bh_schedule(s->bh);
346 }
347}
348
a917d384 349/* Return a pointer to the data buffer. */
5c6c0e51 350static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 351{
5c6c0e51 352 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 353
3f4cb3d3 354 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 355}
356
74382217
HR		 357/* Copy sense information into the provided buffer */
358static int scsi_get_sense(SCSIRequest *req, uint8_t *outbuf, int len)
359{
360 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
361
362 return scsi_build_sense(s->sense, outbuf, len, len > 14);
363}
364
0b06c059
GH		 365static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
366{
383b4d9b 367 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 368 int buflen = 0;
369
370 if (req->cmd.buf[1] & 0x2) {
371 /* Command support data - optional, not implemented */
372 BADF("optional INQUIRY command support request not implemented\n");
373 return -1;
374 }
375
376 if (req->cmd.buf[1] & 0x1) {
377 /* Vital product data */
378 uint8_t page_code = req->cmd.buf[2];
379 if (req->cmd.xfer < 4) {
380 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
381 "less than 4\n", page_code, req->cmd.xfer);
382 return -1;
383 }
384
b443ae67 385 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 386 outbuf[buflen++] = 5;
387 } else {
388 outbuf[buflen++] = 0;
389 }
390 outbuf[buflen++] = page_code ; // this page
391 outbuf[buflen++] = 0x00;
392
393 switch (page_code) {
394 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 395 {
396 int pages;
0b06c059
GH		 397 DPRINTF("Inquiry EVPD[Supported pages] "
398 "buffer size %zd\n", req->cmd.xfer);
39d98982 399 pages = buflen++;
0b06c059 400 outbuf[buflen++] = 0x00; // list of supported pages (this page)
3e1c0c9a
HR		 401 if (s->serial)
402 outbuf[buflen++] = 0x80; // unit serial number
0b06c059 403 outbuf[buflen++] = 0x83; // device identification
b443ae67 404 if (s->drive_kind == SCSI_HD) {
ea3bd56f
CH		 405 outbuf[buflen++] = 0xb0; // block limits
406 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 407 }
408 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 409 break;
39d98982 410 }
0b06c059
GH		 411 case 0x80: /* Device serial number, optional */
412 {
3e1c0c9a 413 int l;
0b06c059 414
3e1c0c9a
HR		 415 if (!s->serial) {
416 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
417 return -1;
418 }
419
420 l = strlen(s->serial);
0b06c059
GH		 421 if (l > req->cmd.xfer)
422 l = req->cmd.xfer;
423 if (l > 20)
424 l = 20;
425
426 DPRINTF("Inquiry EVPD[Serial number] "
427 "buffer size %zd\n", req->cmd.xfer);
428 outbuf[buflen++] = l;
a0fef654 429 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 430 buflen += l;
431 break;
432 }
433
434 case 0x83: /* Device identification page, mandatory */
435 {
436 int max_len = 255 - 8;
428c149b 437 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 438
439 if (id_len > max_len)
440 id_len = max_len;
441 DPRINTF("Inquiry EVPD[Device identification] "
442 "buffer size %zd\n", req->cmd.xfer);
443
39d98982 444 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 445 outbuf[buflen++] = 0x2; // ASCII
446 outbuf[buflen++] = 0; // not officially assigned
447 outbuf[buflen++] = 0; // reserved
448 outbuf[buflen++] = id_len; // length of data following
449
428c149b 450 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 451 buflen += id_len;
452 break;
453 }
ea3bd56f 454 case 0xb0: /* block limits */
ee3659e3 455 {
ea3bd56f
CH		 456 unsigned int unmap_sectors =
457 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 458 unsigned int min_io_size =
459 s->qdev.conf.min_io_size / s->qdev.blocksize;
460 unsigned int opt_io_size =
461 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 462
b443ae67 463 if (s->drive_kind == SCSI_CD) {
39d98982
HR		 464 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
465 page_code);
466 return -1;
467 }
ee3659e3
CH		 468 /* required VPD size with unmap support */
469 outbuf[3] = buflen = 0x3c;
470
471 memset(outbuf + 4, 0, buflen - 4);
472
473 /* optimal transfer length granularity */
474 outbuf[6] = (min_io_size >> 8) & 0xff;
475 outbuf[7] = min_io_size & 0xff;
476
477 /* optimal transfer length */
478 outbuf[12] = (opt_io_size >> 24) & 0xff;
479 outbuf[13] = (opt_io_size >> 16) & 0xff;
480 outbuf[14] = (opt_io_size >> 8) & 0xff;
481 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 482
483 /* optimal unmap granularity */
484 outbuf[28] = (unmap_sectors >> 24) & 0xff;
485 outbuf[29] = (unmap_sectors >> 16) & 0xff;
486 outbuf[30] = (unmap_sectors >> 8) & 0xff;
487 outbuf[31] = unmap_sectors & 0xff;
488 break;
489 }
490 case 0xb2: /* thin provisioning */
491 {
492 outbuf[3] = buflen = 8;
493 outbuf[4] = 0;
494 outbuf[5] = 0x40; /* write same with unmap supported */
495 outbuf[6] = 0;
496 outbuf[7] = 0;
ee3659e3
CH		 497 break;
498 }
0b06c059
GH		 499 default:
500 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
501 "buffer size %zd\n", page_code, req->cmd.xfer);
502 return -1;
503 }
504 /* done with EVPD */
505 return buflen;
506 }
507
508 /* Standard INQUIRY data */
509 if (req->cmd.buf[2] != 0) {
510 BADF("Error: Inquiry (STANDARD) page or code "
511 "is non-zero [%02X]\n", req->cmd.buf[2]);
512 return -1;
513 }
514
515 /* PAGE CODE == 0 */
516 if (req->cmd.xfer < 5) {
517 BADF("Error: Inquiry (STANDARD) buffer size %zd "
518 "is less than 5\n", req->cmd.xfer);
519 return -1;
520 }
521
0b06c059
GH		 522 buflen = req->cmd.xfer;
523 if (buflen > SCSI_MAX_INQUIRY_LEN)
524 buflen = SCSI_MAX_INQUIRY_LEN;
525
526 memset(outbuf, 0, buflen);
527
1455084e 528 if (req->lun) {
0b06c059
GH		 529 outbuf[0] = 0x7f; /* LUN not supported */
530 return buflen;
531 }
532
b443ae67 533 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 534 outbuf[0] = 5;
535 outbuf[1] = 0x80;
550fe6c6 536 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059
GH		 537 } else {
538 outbuf[0] = 0;
419e691f 539 outbuf[1] = s->removable ? 0x80 : 0;
550fe6c6 540 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 541 }
550fe6c6 542 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 543 memset(&outbuf[32], 0, 4);
552fee93 544 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 545 /*
546 * We claim conformance to SPC-3, which is required for guests
547 * to ask for modern features like READ CAPACITY(16) or the
548 * block characteristics VPD page by default. Not all of SPC-3
549 * is actually implemented, but we're good enough.
550 */
ee3659e3 551 outbuf[2] = 5;
0b06c059 552 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 553
554 if (buflen > 36) {
555 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
556 } else {
557 /* If the allocation length of CDB is too small,
558 the additional length is not adjusted */
559 outbuf[4] = 36 - 5;
560 }
561
0b06c059
GH		 562 /* Sync data transfer and TCQ. */
563 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
564 return buflen;
565}
566
282ab04e
BK		 567static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
568 int page_control)
ebddfcbe
GH		 569{
570 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
428c149b 571 BlockDriverState *bdrv = s->bs;
ebddfcbe
GH		 572 int cylinders, heads, secs;
573
282ab04e
BK		 574 /*
575 * If Changeable Values are requested, a mask denoting those mode parameters
576 * that are changeable shall be returned. As we currently don't support
577 * parameter changes via MODE_SELECT all bits are returned set to zero.
578 * The buffer was already menset to zero by the caller of this function.
579 */
ebddfcbe
GH		 580 switch (page) {
581 case 4: /* Rigid disk device geometry page. */
582 p[0] = 4;
583 p[1] = 0x16;
282ab04e
BK		 584 if (page_control == 1) { /* Changeable Values */
585 return p[1] + 2;
586 }
ebddfcbe
GH		 587 /* if a geometry hint is available, use it */
588 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
589 p[2] = (cylinders >> 16) & 0xff;
590 p[3] = (cylinders >> 8) & 0xff;
591 p[4] = cylinders & 0xff;
592 p[5] = heads & 0xff;
593 /* Write precomp start cylinder, disabled */
594 p[6] = (cylinders >> 16) & 0xff;
595 p[7] = (cylinders >> 8) & 0xff;
596 p[8] = cylinders & 0xff;
597 /* Reduced current start cylinder, disabled */
598 p[9] = (cylinders >> 16) & 0xff;
599 p[10] = (cylinders >> 8) & 0xff;
600 p[11] = cylinders & 0xff;
601 /* Device step rate [ns], 200ns */
602 p[12] = 0;
603 p[13] = 200;
604 /* Landing zone cylinder */
605 p[14] = 0xff;
606 p[15] = 0xff;
607 p[16] = 0xff;
608 /* Medium rotation rate [rpm], 5400 rpm */
609 p[20] = (5400 >> 8) & 0xff;
610 p[21] = 5400 & 0xff;
282ab04e 611 return p[1] + 2;
ebddfcbe
GH		 612
613 case 5: /* Flexible disk device geometry page. */
614 p[0] = 5;
615 p[1] = 0x1e;
282ab04e
BK		 616 if (page_control == 1) { /* Changeable Values */
617 return p[1] + 2;
618 }
ebddfcbe
GH		 619 /* Transfer rate [kbit/s], 5Mbit/s */
620 p[2] = 5000 >> 8;
621 p[3] = 5000 & 0xff;
622 /* if a geometry hint is available, use it */
623 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
624 p[4] = heads & 0xff;
625 p[5] = secs & 0xff;
626 p[6] = s->cluster_size * 2;
627 p[8] = (cylinders >> 8) & 0xff;
628 p[9] = cylinders & 0xff;
629 /* Write precomp start cylinder, disabled */
630 p[10] = (cylinders >> 8) & 0xff;
631 p[11] = cylinders & 0xff;
632 /* Reduced current start cylinder, disabled */
633 p[12] = (cylinders >> 8) & 0xff;
634 p[13] = cylinders & 0xff;
635 /* Device step rate [100us], 100us */
636 p[14] = 0;
637 p[15] = 1;
638 /* Device step pulse width [us], 1us */
639 p[16] = 1;
640 /* Device head settle delay [100us], 100us */
641 p[17] = 0;
642 p[18] = 1;
643 /* Motor on delay [0.1s], 0.1s */
644 p[19] = 1;
645 /* Motor off delay [0.1s], 0.1s */
646 p[20] = 1;
647 /* Medium rotation rate [rpm], 5400 rpm */
648 p[28] = (5400 >> 8) & 0xff;
649 p[29] = 5400 & 0xff;
282ab04e 650 return p[1] + 2;
ebddfcbe
GH		 651
652 case 8: /* Caching page. */
653 p[0] = 8;
654 p[1] = 0x12;
282ab04e
BK		 655 if (page_control == 1) { /* Changeable Values */
656 return p[1] + 2;
657 }
428c149b 658 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 659 p[2] = 4; /* WCE */
660 }
282ab04e 661 return p[1] + 2;
ebddfcbe
GH		 662
663 case 0x2a: /* CD Capabilities and Mechanical Status page. */
b443ae67 664 if (s->drive_kind != SCSI_CD)
ebddfcbe
GH		 665 return 0;
666 p[0] = 0x2a;
667 p[1] = 0x14;
282ab04e
BK		 668 if (page_control == 1) { /* Changeable Values */
669 return p[1] + 2;
670 }
ebddfcbe
GH		 671 p[2] = 3; // CD-R & CD-RW read
672 p[3] = 0; // Writing not supported
673 p[4] = 0x7f; /* Audio, composite, digital out,
674 mode 2 form 1&2, multi session */
675 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
676 RW corrected, C2 errors, ISRC,
677 UPC, Bar code */
428c149b 678 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
ebddfcbe
GH		 679 /* Locking supported, jumper present, eject, tray */
680 p[7] = 0; /* no volume & mute control, no
681 changer */
682 p[8] = (50 * 176) >> 8; // 50x read speed
683 p[9] = (50 * 176) & 0xff;
684 p[10] = 0 >> 8; // No volume
685 p[11] = 0 & 0xff;
686 p[12] = 2048 >> 8; // 2M buffer
687 p[13] = 2048 & 0xff;
688 p[14] = (16 * 176) >> 8; // 16x read speed current
689 p[15] = (16 * 176) & 0xff;
690 p[18] = (16 * 176) >> 8; // 16x write speed
691 p[19] = (16 * 176) & 0xff;
692 p[20] = (16 * 176) >> 8; // 16x write speed current
693 p[21] = (16 * 176) & 0xff;
282ab04e 694 return p[1] + 2;
ebddfcbe
GH		 695
696 default:
697 return 0;
698 }
699}
700
701static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
702{
703 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ebddfcbe 704 uint64_t nb_sectors;
282ab04e 705 int page, dbd, buflen, page_control;
ebddfcbe 706 uint8_t *p;
ce512ee1 707 uint8_t dev_specific_param;
ebddfcbe
GH		 708
709 dbd = req->cmd.buf[1] & 0x8;
710 page = req->cmd.buf[2] & 0x3f;
282ab04e 711 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
aa2b1e89
BK		 712 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
713 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
ebddfcbe
GH		 714 memset(outbuf, 0, req->cmd.xfer);
715 p = outbuf;
716
0056dcc1 717 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 718 dev_specific_param = 0x80; /* Readonly. */
719 } else {
720 dev_specific_param = 0x00;
721 }
722
723 if (req->cmd.buf[0] == MODE_SENSE) {
724 p[1] = 0; /* Default media type. */
725 p[2] = dev_specific_param;
726 p[3] = 0; /* Block descriptor length. */
727 p += 4;
728 } else { /* MODE_SENSE_10 */
729 p[2] = 0; /* Default media type. */
730 p[3] = dev_specific_param;
731 p[6] = p[7] = 0; /* Block descriptor length. */
732 p += 8;
ebddfcbe 733 }
ebddfcbe 734
428c149b 735 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 736 if (!dbd && nb_sectors) {
ce512ee1
BK		 737 if (req->cmd.buf[0] == MODE_SENSE) {
738 outbuf[3] = 8; /* Block descriptor length */
739 } else { /* MODE_SENSE_10 */
740 outbuf[7] = 8; /* Block descriptor length */
741 }
ebddfcbe 742 nb_sectors /= s->cluster_size;
ebddfcbe 743 if (nb_sectors > 0xffffff)
2488b740 744 nb_sectors = 0;
ebddfcbe
GH		 745 p[0] = 0; /* media density code */
746 p[1] = (nb_sectors >> 16) & 0xff;
747 p[2] = (nb_sectors >> 8) & 0xff;
748 p[3] = nb_sectors & 0xff;
749 p[4] = 0; /* reserved */
750 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
751 p[6] = s->cluster_size * 2;
752 p[7] = 0;
753 p += 8;
754 }
755
282ab04e
BK		 756 if (page_control == 3) { /* Saved Values */
757 return -1; /* ILLEGAL_REQUEST */
758 }
759
ebddfcbe
GH		 760 switch (page) {
761 case 0x04:
762 case 0x05:
763 case 0x08:
764 case 0x2a:
282ab04e 765 p += mode_sense_page(req, page, p, page_control);
ebddfcbe
GH		 766 break;
767 case 0x3f:
282ab04e
BK		 768 p += mode_sense_page(req, 0x08, p, page_control);
769 p += mode_sense_page(req, 0x2a, p, page_control);
ebddfcbe 770 break;
a9c17b2b
BK		 771 default:
772 return -1; /* ILLEGAL_REQUEST */
ebddfcbe
GH		 773 }
774
775 buflen = p - outbuf;
ce512ee1
BK		 776 /*
777 * The mode data length field specifies the length in bytes of the
778 * following data that is available to be transferred. The mode data
779 * length does not include itself.
780 */
781 if (req->cmd.buf[0] == MODE_SENSE) {
782 outbuf[0] = buflen - 1;
783 } else { /* MODE_SENSE_10 */
784 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
785 outbuf[1] = (buflen - 2) & 0xff;
786 }
ebddfcbe
GH		 787 if (buflen > req->cmd.xfer)
788 buflen = req->cmd.xfer;
789 return buflen;
790}
791
02880f43
GH		 792static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
793{
794 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 795 int start_track, format, msf, toclen;
796 uint64_t nb_sectors;
797
798 msf = req->cmd.buf[1] & 2;
799 format = req->cmd.buf[2] & 0xf;
800 start_track = req->cmd.buf[6];
428c149b 801 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 802 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
803 nb_sectors /= s->cluster_size;
804 switch (format) {
805 case 0:
806 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
807 break;
808 case 1:
809 /* multi session : only a single session defined */
810 toclen = 12;
811 memset(outbuf, 0, 12);
812 outbuf[1] = 0x0a;
813 outbuf[2] = 0x01;
814 outbuf[3] = 0x01;
815 break;
816 case 2:
817 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
818 break;
819 default:
820 return -1;
821 }
822 if (toclen > req->cmd.xfer)
823 toclen = req->cmd.xfer;
824 return toclen;
825}
826
8af7a3ab 827static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
aa5dbdc1 828{
8af7a3ab 829 SCSIRequest *req = &r->req;
e7e25e32 830 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 831 uint64_t nb_sectors;
aa5dbdc1 832 int buflen = 0;
78ced65e 833 int ret;
aa5dbdc1
GH		 834
835 switch (req->cmd.buf[0]) {
836 case TEST_UNIT_READY:
428c149b 837 if (!bdrv_is_inserted(s->bs))
aa5dbdc1
GH		 838 goto not_ready;
839 break;
51ad87c9
GH		 840 case REQUEST_SENSE:
841 if (req->cmd.xfer < 4)
842 goto illegal_request;
a1f0cce2
HR		 843 buflen = scsi_build_sense(s->sense, outbuf, req->cmd.xfer,
844 req->cmd.xfer > 13);
a6d96eb7 845 scsi_disk_clear_sense(s);
51ad87c9 846 break;
0b06c059
GH		 847 case INQUIRY:
848 buflen = scsi_disk_emulate_inquiry(req, outbuf);
849 if (buflen < 0)
850 goto illegal_request;
851 break;
ebddfcbe
GH		 852 case MODE_SENSE:
853 case MODE_SENSE_10:
854 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
855 if (buflen < 0)
856 goto illegal_request;
857 break;
02880f43
GH		 858 case READ_TOC:
859 buflen = scsi_disk_emulate_read_toc(req, outbuf);
860 if (buflen < 0)
861 goto illegal_request;
862 break;
3d53ba18
GH		 863 case RESERVE:
864 if (req->cmd.buf[1] & 1)
865 goto illegal_request;
866 break;
867 case RESERVE_10:
868 if (req->cmd.buf[1] & 3)
869 goto illegal_request;
870 break;
871 case RELEASE:
872 if (req->cmd.buf[1] & 1)
873 goto illegal_request;
874 break;
875 case RELEASE_10:
876 if (req->cmd.buf[1] & 3)
877 goto illegal_request;
878 break;
8d3628ff 879 case START_STOP:
b443ae67 880 if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
8d3628ff 881 /* load/eject medium */
428c149b 882 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
8d3628ff
GH		 883 }
884 break;
c68b9f34 885 case ALLOW_MEDIUM_REMOVAL:
428c149b 886 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
c68b9f34 887 break;
e7e25e32
GH		 888 case READ_CAPACITY:
889 /* The normal LEN field for this command is zero. */
890 memset(outbuf, 0, 8);
428c149b 891 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 892 if (!nb_sectors)
893 goto not_ready;
894 nb_sectors /= s->cluster_size;
895 /* Returned value is the address of the last sector. */
896 nb_sectors--;
897 /* Remember the new size for read/write sanity checking. */
898 s->max_lba = nb_sectors;
899 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
900 if (nb_sectors > UINT32_MAX)
901 nb_sectors = UINT32_MAX;
902 outbuf[0] = (nb_sectors >> 24) & 0xff;
903 outbuf[1] = (nb_sectors >> 16) & 0xff;
904 outbuf[2] = (nb_sectors >> 8) & 0xff;
905 outbuf[3] = nb_sectors & 0xff;
906 outbuf[4] = 0;
907 outbuf[5] = 0;
908 outbuf[6] = s->cluster_size * 2;
909 outbuf[7] = 0;
910 buflen = 8;
911 break;
fc903943 912 case SYNCHRONIZE_CACHE:
78ced65e
KW		 913 ret = bdrv_flush(s->bs);
914 if (ret < 0) {
915 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
916 return -1;
917 }
918 }
fc903943 919 break;
38215553
GH		 920 case GET_CONFIGURATION:
921 memset(outbuf, 0, 8);
922 /* ??? This should probably return much more information. For now
923 just return the basic header indicating the CD-ROM profile. */
924 outbuf[7] = 8; // CD-ROM
925 buflen = 8;
926 break;
5dd90e2a
GH		 927 case SERVICE_ACTION_IN:
928 /* Service Action In subcommands. */
929 if ((req->cmd.buf[1] & 31) == 0x10) {
930 DPRINTF("SAI READ CAPACITY(16)\n");
931 memset(outbuf, 0, req->cmd.xfer);
428c149b 932 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 933 if (!nb_sectors)
934 goto not_ready;
935 nb_sectors /= s->cluster_size;
936 /* Returned value is the address of the last sector. */
937 nb_sectors--;
938 /* Remember the new size for read/write sanity checking. */
939 s->max_lba = nb_sectors;
940 outbuf[0] = (nb_sectors >> 56) & 0xff;
941 outbuf[1] = (nb_sectors >> 48) & 0xff;
942 outbuf[2] = (nb_sectors >> 40) & 0xff;
943 outbuf[3] = (nb_sectors >> 32) & 0xff;
944 outbuf[4] = (nb_sectors >> 24) & 0xff;
945 outbuf[5] = (nb_sectors >> 16) & 0xff;
946 outbuf[6] = (nb_sectors >> 8) & 0xff;
947 outbuf[7] = nb_sectors & 0xff;
948 outbuf[8] = 0;
949 outbuf[9] = 0;
950 outbuf[10] = s->cluster_size * 2;
951 outbuf[11] = 0;
ee3659e3
CH		 952 outbuf[12] = 0;
953 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 954
955 /* set TPE bit if the format supports discard */
956 if (s->qdev.conf.discard_granularity) {
957 outbuf[14] = 0x80;
958 }
959
5dd90e2a
GH		 960 /* Protection, exponent and lowest lba field left blank. */
961 buflen = req->cmd.xfer;
962 break;
963 }
964 DPRINTF("Unsupported Service Action In\n");
965 goto illegal_request;
39ec9a50
GH		 966 case REPORT_LUNS:
967 if (req->cmd.xfer < 16)
968 goto illegal_request;
969 memset(outbuf, 0, 16);
970 outbuf[3] = 8;
971 buflen = 16;
972 break;
88f8a5ed
GH		 973 case VERIFY:
974 break;
ebef0bbb
BK		 975 case REZERO_UNIT:
976 DPRINTF("Rezero Unit\n");
977 if (!bdrv_is_inserted(s->bs)) {
978 goto not_ready;
979 }
980 break;
aa5dbdc1 981 default:
a1f0cce2
HR		 982 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
983 return -1;
aa5dbdc1 984 }
a1f0cce2 985 scsi_req_set_status(r, GOOD, SENSE_CODE(NO_SENSE));
aa5dbdc1
GH		 986 return buflen;
987
988not_ready:
a1f0cce2
HR		 989 if (!bdrv_is_inserted(s->bs)) {
990 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(NO_MEDIUM));
991 } else {
992 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LUN_NOT_READY));
993 }
8af7a3ab 994 return -1;
aa5dbdc1
GH		 995
996illegal_request:
a1f0cce2 997 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
8af7a3ab 998 return -1;
aa5dbdc1
GH		 999}
1000
2e5d83bb
PB		 1001/* Execute a scsi command. Returns the length of the data expected by the
1002 command. This will be Positive for data transfers from the device
1003 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1004 and zero if the command does not transfer any data. */
1005
5c6c0e51 1006static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1007{
5c6c0e51
HR		 1008 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1009 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1010 int32_t len;
a917d384
PB		 1011 uint8_t command;
1012 uint8_t *outbuf;
aa5dbdc1 1013 int rc;
a917d384
PB		 1014
1015 command = buf[0];
3f4cb3d3 1016 outbuf = (uint8_t *)r->iov.iov_base;
653c1c3f 1017 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6
HR		 1018
1019 if (scsi_req_parse(&r->req, buf) != 0) {
a917d384 1020 BADF("Unsupported command length, command %x\n", command);
a1f0cce2
HR		 1021 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1022 return 0;
2e5d83bb
PB		 1023 }
1024#ifdef DEBUG_SCSI
1025 {
1026 int i;
2dd791b6 1027 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1028 printf(" 0x%02x", buf[i]);
1029 }
1030 printf("\n");
1031 }
1032#endif
aa5dbdc1 1033
1455084e 1034 if (req->lun) {
2e5d83bb 1035 /* Only LUN 0 supported. */
1455084e 1036 DPRINTF("Unimplemented LUN %d\n", req->lun);
a1f0cce2
HR		 1037 if (command != REQUEST_SENSE && command != INQUIRY) {
1038 scsi_command_complete(r, CHECK_CONDITION,
1039 SENSE_CODE(LUN_NOT_SUPPORTED));
1040 return 0;
1041 }
2e5d83bb 1042 }
a917d384 1043 switch (command) {
ebf46023 1044 case TEST_UNIT_READY:
51ad87c9 1045 case REQUEST_SENSE:
0b06c059 1046 case INQUIRY:
ebddfcbe
GH		 1047 case MODE_SENSE:
1048 case MODE_SENSE_10:
3d53ba18
GH		 1049 case RESERVE:
1050 case RESERVE_10:
1051 case RELEASE:
1052 case RELEASE_10:
8d3628ff 1053 case START_STOP:
c68b9f34 1054 case ALLOW_MEDIUM_REMOVAL:
e7e25e32 1055 case READ_CAPACITY:
fc903943 1056 case SYNCHRONIZE_CACHE:
02880f43 1057 case READ_TOC:
38215553 1058 case GET_CONFIGURATION:
5dd90e2a 1059 case SERVICE_ACTION_IN:
39ec9a50 1060 case REPORT_LUNS:
88f8a5ed 1061 case VERIFY:
ebef0bbb 1062 case REZERO_UNIT:
8af7a3ab
KW		 1063 rc = scsi_disk_emulate_command(r, outbuf);
1064 if (rc < 0) {
0b06c059 1065 return 0;
aa5dbdc1 1066 }
8af7a3ab
KW		 1067
1068 r->iov.iov_len = rc;
0b06c059 1069 break;
ebf46023
GH		 1070 case READ_6:
1071 case READ_10:
bd536cf3
GH		 1072 case READ_12:
1073 case READ_16:
5c6c0e51 1074 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6
HR		 1075 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1076 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1077 goto illegal_lba;
2dd791b6 1078 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1079 r->sector_count = len * s->cluster_size;
2e5d83bb 1080 break;
ebf46023
GH		 1081 case WRITE_6:
1082 case WRITE_10:
bd536cf3
GH		 1083 case WRITE_12:
1084 case WRITE_16:
ebef0bbb
BK		 1085 case WRITE_VERIFY:
1086 case WRITE_VERIFY_12:
1087 case WRITE_VERIFY_16:
5c6c0e51 1088 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1089 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1090 (command & 0xe) == 0xe ? "And Verify " : "",
1091 r->req.cmd.lba, len);
1092 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1093 goto illegal_lba;
2dd791b6 1094 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1095 r->sector_count = len * s->cluster_size;
2e5d83bb 1096 break;
ebef0bbb 1097 case MODE_SELECT:
2dd791b6 1098 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1099 /* We don't support mode parameter changes.
1100 Allow the mode parameter header + block descriptors only. */
2dd791b6 1101 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1102 goto fail;
1103 }
1104 break;
1105 case MODE_SELECT_10:
2dd791b6 1106 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1107 /* We don't support mode parameter changes.
1108 Allow the mode parameter header + block descriptors only. */
2dd791b6 1109 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1110 goto fail;
1111 }
1112 break;
1113 case SEEK_6:
1114 case SEEK_10:
2dd791b6
HR		 1115 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1116 r->req.cmd.lba);
1117 if (r->req.cmd.lba > s->max_lba) {
ebef0bbb
BK		 1118 goto illegal_lba;
1119 }
ea3bd56f
CH		 1120 break;
1121 case WRITE_SAME_16:
5c6c0e51 1122 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1123
1124 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1125 r->req.cmd.lba, len);
1126
1127 if (r->req.cmd.lba > s->max_lba) {
1128 goto illegal_lba;
1129 }
1130
1131 /*
1132 * We only support WRITE SAME with the unmap bit set for now.
1133 */
1134 if (!(buf[1] & 0x8)) {
1135 goto fail;
1136 }
1137
1138 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1139 len * s->cluster_size);
1140 if (rc < 0) {
1141 /* XXX: better error code ?*/
1142 goto fail;
1143 }
1144
ebef0bbb 1145 break;
2e5d83bb 1146 default:
2dd791b6 1147 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
a1f0cce2
HR		 1148 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1149 return 0;
2e5d83bb 1150 fail:
a1f0cce2 1151 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
2dd791b6 1152 return 0;
274fb0e1 1153 illegal_lba:
a1f0cce2 1154 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1155 return 0;
2e5d83bb 1156 }
c87c0672 1157 if (r->sector_count == 0 && r->iov.iov_len == 0) {
a1f0cce2 1158 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384 1159 }
c87c0672 1160 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1161 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1162 return -len;
a917d384
PB		 1163 } else {
1164 if (!r->sector_count)
1165 r->sector_count = -1;
efb9ee02 1166 return len;
2e5d83bb 1167 }
2e5d83bb
PB		 1168}
1169
e9447f35
JK		 1170static void scsi_disk_reset(DeviceState *dev)
1171{
1172 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1173 uint64_t nb_sectors;
1174
c557e889 1175 scsi_device_purge_requests(&s->qdev);
e9447f35
JK		 1176
1177 bdrv_get_geometry(s->bs, &nb_sectors);
1178 nb_sectors /= s->cluster_size;
1179 if (nb_sectors) {
1180 nb_sectors--;
1181 }
1182 s->max_lba = nb_sectors;
1183}
1184
1185static void scsi_destroy(SCSIDevice *dev)
1186{
1187 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1188
c557e889 1189 scsi_device_purge_requests(&s->qdev);
f8b6cc00 1190 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1191}
1192
b443ae67 1193static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
2e5d83bb 1194{
d52affa7 1195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1196 DriveInfo *dinfo;
2e5d83bb 1197
f8b6cc00 1198 if (!s->qdev.conf.bs) {
1ecda02b 1199 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1200 return -1;
1201 }
f8b6cc00 1202 s->bs = s->qdev.conf.bs;
b443ae67 1203 s->drive_kind = kind;
d52affa7 1204
b443ae67 1205 if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
98f28ad7
MA		 1206 error_report("Device needs media, but drive is empty");
1207 return -1;
1208 }
1209
a0fef654 1210 if (!s->serial) {
f8b6cc00
MA		 1211 /* try to fall back to value set with legacy -drive serial=... */
1212 dinfo = drive_get_by_blockdev(s->bs);
3e1c0c9a
HR		 1213 if (*dinfo->serial) {
1214 s->serial = qemu_strdup(dinfo->serial);
1215 }
a0fef654
MA		 1216 }
1217
552fee93
MA		 1218 if (!s->version) {
1219 s->version = qemu_strdup(QEMU_VERSION);
1220 }
1221
32bb404a 1222 if (bdrv_is_sg(s->bs)) {
1ecda02b 1223 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1224 return -1;
1225 }
1226
b443ae67 1227 if (kind == SCSI_CD) {
8cfacf07 1228 s->qdev.blocksize = 2048;
2e5d83bb 1229 } else {
8cfacf07 1230 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2e5d83bb 1231 }
8cfacf07 1232 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1233 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1234
91376656 1235 s->qdev.type = TYPE_DISK;
ea8a5d7f 1236 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
b443ae67 1237 bdrv_set_removable(s->bs, kind == SCSI_CD);
1ca4d09a 1238 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
d52affa7
GH		 1239 return 0;
1240}
1241
b443ae67
MA		 1242static int scsi_hd_initfn(SCSIDevice *dev)
1243{
1244 return scsi_initfn(dev, SCSI_HD);
1245}
1246
1247static int scsi_cd_initfn(SCSIDevice *dev)
1248{
1249 return scsi_initfn(dev, SCSI_CD);
1250}
1251
1252static int scsi_disk_initfn(SCSIDevice *dev)
1253{
1254 SCSIDriveKind kind;
95b5edcd 1255 DriveInfo *dinfo;
b443ae67
MA		 1256
1257 if (!dev->conf.bs) {
1258 kind = SCSI_HD; /* will die in scsi_initfn() */
1259 } else {
95b5edcd
MA		 1260 dinfo = drive_get_by_blockdev(dev->conf.bs);
1261 kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
b443ae67
MA		 1262 }
1263
1264 return scsi_initfn(dev, kind);
1265}
1266
1267#define DEFINE_SCSI_DISK_PROPERTIES() \
1268 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1269 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1270 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1271
1272static SCSIDeviceInfo scsi_disk_info[] = {
1273 {
1274 .qdev.name = "scsi-hd",
1275 .qdev.fw_name = "disk",
1276 .qdev.desc = "virtual SCSI disk",
1277 .qdev.size = sizeof(SCSIDiskState),
1278 .qdev.reset = scsi_disk_reset,
1279 .init = scsi_hd_initfn,
1280 .destroy = scsi_destroy,
5c6c0e51 1281 .alloc_req = scsi_new_request,
ad2d30f7 1282 .free_req = scsi_free_request,
b443ae67
MA		 1283 .send_command = scsi_send_command,
1284 .read_data = scsi_read_data,
1285 .write_data = scsi_write_data,
1286 .cancel_io = scsi_cancel_io,
1287 .get_buf = scsi_get_buf,
74382217 1288 .get_sense = scsi_get_sense,
b443ae67
MA		 1289 .qdev.props = (Property[]) {
1290 DEFINE_SCSI_DISK_PROPERTIES(),
1291 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1292 DEFINE_PROP_END_OF_LIST(),
1293 }
1294 },{
1295 .qdev.name = "scsi-cd",
1296 .qdev.fw_name = "disk",
1297 .qdev.desc = "virtual SCSI CD-ROM",
1298 .qdev.size = sizeof(SCSIDiskState),
1299 .qdev.reset = scsi_disk_reset,
1300 .init = scsi_cd_initfn,
1301 .destroy = scsi_destroy,
5c6c0e51 1302 .alloc_req = scsi_new_request,
ad2d30f7 1303 .free_req = scsi_free_request,
b443ae67
MA		 1304 .send_command = scsi_send_command,
1305 .read_data = scsi_read_data,
1306 .write_data = scsi_write_data,
1307 .cancel_io = scsi_cancel_io,
1308 .get_buf = scsi_get_buf,
74382217 1309 .get_sense = scsi_get_sense,
b443ae67
MA		 1310 .qdev.props = (Property[]) {
1311 DEFINE_SCSI_DISK_PROPERTIES(),
1312 DEFINE_PROP_END_OF_LIST(),
1313 },
1314 },{
1315 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1316 .qdev.fw_name = "disk",
1317 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1318 .qdev.size = sizeof(SCSIDiskState),
1319 .qdev.reset = scsi_disk_reset,
1320 .init = scsi_disk_initfn,
1321 .destroy = scsi_destroy,
5c6c0e51 1322 .alloc_req = scsi_new_request,
ad2d30f7 1323 .free_req = scsi_free_request,
b443ae67
MA		 1324 .send_command = scsi_send_command,
1325 .read_data = scsi_read_data,
1326 .write_data = scsi_write_data,
1327 .cancel_io = scsi_cancel_io,
1328 .get_buf = scsi_get_buf,
74382217 1329 .get_sense = scsi_get_sense,
b443ae67
MA		 1330 .qdev.props = (Property[]) {
1331 DEFINE_SCSI_DISK_PROPERTIES(),
1332 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1333 DEFINE_PROP_END_OF_LIST(),
1334 }
1335 }
d52affa7
GH		 1336};
1337
1338static void scsi_disk_register_devices(void)
1339{
b443ae67
MA		 1340 int i;
1341
1342 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1343 scsi_qdev_register(&scsi_disk_info[i]);
1344 }
8ccc2ace 1345}
d52affa7 1346device_init(scsi_disk_register_devices)
Qemu copy for testing