]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove unnecessary #includes from block-nbd.c
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
a917d384
PB		 10 *
11 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
2e5d83bb
PB		 14 */
15
16//#define DEBUG_SCSI
17
18#ifdef DEBUG_SCSI
19#define DPRINTF(fmt, args...) \
20do { printf("scsi-disk: " fmt , ##args); } while (0)
21#else
22#define DPRINTF(fmt, args...) do {} while(0)
23#endif
24
25#define BADF(fmt, args...) \
26do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
27
87ecb68b
PB		 28#include "qemu-common.h"
29#include "block.h"
30#include "scsi-disk.h"
2e5d83bb
PB		 31
32#define SENSE_NO_SENSE 0
1aacf348 33#define SENSE_NOT_READY 2
4d611c9a 34#define SENSE_HARDWARE_ERROR 4
2e5d83bb
PB		 35#define SENSE_ILLEGAL_REQUEST 5
36
a917d384
PB		 37#define SCSI_DMA_BUF_SIZE 65536
38
39typedef struct SCSIRequest {
8ccc2ace 40 SCSIDeviceState *dev;
2e5d83bb 41 uint32_t tag;
2e5d83bb
PB		 42 /* ??? We should probably keep track of whether the data trasfer is
43 a read or a write. Currently we rely on the host getting it right. */
a917d384 44 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
2e5d83bb
PB		 45 int sector;
46 int sector_count;
a917d384 47 /* The amounnt of data in the buffer. */
2e5d83bb 48 int buf_len;
33f00271 49 uint8_t *dma_buf;
4d611c9a 50 BlockDriverAIOCB *aiocb;
a917d384
PB		 51 struct SCSIRequest *next;
52} SCSIRequest;
53
8ccc2ace 54struct SCSIDeviceState
a917d384
PB		 55{
56 BlockDriverState *bdrv;
57 SCSIRequest *requests;
58 /* The qemu block layer uses a fixed 512 byte sector size.
59 This is the number of 512 byte blocks in a single scsi sector. */
60 int cluster_size;
61 int sense;
62 int tcq;
4d611c9a
PB		 63 /* Completion functions may be called from either scsi_{read,write}_data
64 or from the AIO completion routines. */
2e5d83bb
PB		 65 scsi_completionfn completion;
66 void *opaque;
67};
68
a917d384
PB		 69/* Global pool of SCSIRequest structures. */
70static SCSIRequest *free_requests = NULL;
71
8ccc2ace 72static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
2e5d83bb 73{
a917d384
PB		 74 SCSIRequest *r;
75
76 if (free_requests) {
77 r = free_requests;
78 free_requests = r->next;
79 } else {
80 r = qemu_malloc(sizeof(SCSIRequest));
33f00271 81 r->dma_buf = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
a917d384
PB		 82 }
83 r->dev = s;
84 r->tag = tag;
85 r->sector_count = 0;
86 r->buf_len = 0;
87 r->aiocb = NULL;
88
89 r->next = s->requests;
90 s->requests = r;
91 return r;
2e5d83bb
PB		 92}
93
a917d384 94static void scsi_remove_request(SCSIRequest *r)
4d611c9a 95{
a917d384 96 SCSIRequest *last;
8ccc2ace 97 SCSIDeviceState *s = r->dev;
a917d384
PB		 98
99 if (s->requests == r) {
100 s->requests = r->next;
101 } else {
102 last = s->requests;
103 while (last && last->next != r)
104 last = last->next;
105 if (last) {
106 last->next = r->next;
107 } else {
108 BADF("Orphaned request\n");
109 }
110 }
111 r->next = free_requests;
112 free_requests = r;
4d611c9a
PB		 113}
114
8ccc2ace 115static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
4d611c9a 116{
a917d384 117 SCSIRequest *r;
4d611c9a 118
a917d384
PB		 119 r = s->requests;
120 while (r && r->tag != tag)
121 r = r->next;
4d611c9a 122
a917d384
PB		 123 return r;
124}
125
126/* Helper function for command completion. */
b1fa7164 127static void scsi_command_complete(SCSIRequest *r, int sense)
a917d384 128{
8ccc2ace 129 SCSIDeviceState *s = r->dev;
a917d384
PB		 130 uint32_t tag;
131 DPRINTF("Command complete tag=0x%x sense=%d\n", r->tag, sense);
132 s->sense = sense;
133 tag = r->tag;
134 scsi_remove_request(r);
b1fa7164 135 s->completion(s->opaque, SCSI_REASON_DONE, tag, sense);
4d611c9a
PB		 136}
137
138/* Cancel a pending data transfer. */
8ccc2ace 139static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
4d611c9a 140{
8ccc2ace 141 SCSIDeviceState *s = d->state;
a917d384
PB		 142 SCSIRequest *r;
143 DPRINTF("Cancel tag=0x%x\n", tag);
144 r = scsi_find_request(s, tag);
145 if (r) {
146 if (r->aiocb)
147 bdrv_aio_cancel(r->aiocb);
148 r->aiocb = NULL;
149 scsi_remove_request(r);
150 }
151}
152
153static void scsi_read_complete(void * opaque, int ret)
154{
155 SCSIRequest *r = (SCSIRequest *)opaque;
8ccc2ace 156 SCSIDeviceState *s = r->dev;
a917d384
PB		 157
158 if (ret) {
159 DPRINTF("IO error\n");
b1fa7164 160 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
4d611c9a
PB		 161 return;
162 }
a917d384
PB		 163 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len);
164
165 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
4d611c9a
PB		 166}
167
a917d384 168/* Read more data from scsi device into buffer. */
8ccc2ace 169static void scsi_read_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 170{
8ccc2ace 171 SCSIDeviceState *s = d->state;
a917d384 172 SCSIRequest *r;
2e5d83bb
PB		 173 uint32_t n;
174
a917d384
PB		 175 r = scsi_find_request(s, tag);
176 if (!r) {
177 BADF("Bad read tag 0x%x\n", tag);
b1fa7164
BS		 178 /* ??? This is the wrong error. */
179 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
a917d384 180 return;
2e5d83bb 181 }
a917d384
PB		 182 if (r->sector_count == (uint32_t)-1) {
183 DPRINTF("Read buf_len=%d\n", r->buf_len);
184 r->sector_count = 0;
185 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
186 return;
2e5d83bb 187 }
a917d384
PB		 188 DPRINTF("Read sector_count=%d\n", r->sector_count);
189 if (r->sector_count == 0) {
b1fa7164 190 scsi_command_complete(r, SENSE_NO_SENSE);
a917d384 191 return;
2e5d83bb
PB		 192 }
193
a917d384
PB		 194 n = r->sector_count;
195 if (n > SCSI_DMA_BUF_SIZE / 512)
196 n = SCSI_DMA_BUF_SIZE / 512;
197
198 r->buf_len = n * 512;
199 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n,
200 scsi_read_complete, r);
201 if (r->aiocb == NULL)
b1fa7164 202 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
a917d384
PB		 203 r->sector += n;
204 r->sector_count -= n;
2e5d83bb
PB		 205}
206
4d611c9a
PB		 207static void scsi_write_complete(void * opaque, int ret)
208{
a917d384 209 SCSIRequest *r = (SCSIRequest *)opaque;
8ccc2ace 210 SCSIDeviceState *s = r->dev;
a917d384 211 uint32_t len;
4d611c9a
PB		 212
213 if (ret) {
214 fprintf(stderr, "scsi-disc: IO write error\n");
215 exit(1);
216 }
217
a917d384
PB		 218 r->aiocb = NULL;
219 if (r->sector_count == 0) {
b1fa7164 220 scsi_command_complete(r, SENSE_NO_SENSE);
a917d384
PB		 221 } else {
222 len = r->sector_count * 512;
223 if (len > SCSI_DMA_BUF_SIZE) {
224 len = SCSI_DMA_BUF_SIZE;
225 }
226 r->buf_len = len;
227 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
228 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
4d611c9a 229 }
4d611c9a
PB		 230}
231
232/* Write data to a scsi device. Returns nonzero on failure.
233 The transfer may complete asynchronously. */
8ccc2ace 234static int scsi_write_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 235{
8ccc2ace 236 SCSIDeviceState *s = d->state;
a917d384 237 SCSIRequest *r;
2e5d83bb
PB		 238 uint32_t n;
239
a917d384
PB		 240 DPRINTF("Write data tag=0x%x\n", tag);
241 r = scsi_find_request(s, tag);
242 if (!r) {
243 BADF("Bad write tag 0x%x\n", tag);
b1fa7164 244 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
2e5d83bb
PB		 245 return 1;
246 }
a917d384
PB		 247 if (r->aiocb)
248 BADF("Data transfer already in progress\n");
249 n = r->buf_len / 512;
250 if (n) {
251 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n,
252 scsi_write_complete, r);
253 if (r->aiocb == NULL)
b1fa7164 254 scsi_command_complete(r, SENSE_HARDWARE_ERROR);
a917d384
PB		 255 r->sector += n;
256 r->sector_count -= n;
257 } else {
258 /* Invoke completion routine to fetch data from host. */
259 scsi_write_complete(r, 0);
2e5d83bb
PB		 260 }
261
a917d384
PB		 262 return 0;
263}
2e5d83bb 264
a917d384 265/* Return a pointer to the data buffer. */
8ccc2ace 266static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
a917d384 267{
8ccc2ace 268 SCSIDeviceState *s = d->state;
a917d384 269 SCSIRequest *r;
2e5d83bb 270
a917d384
PB		 271 r = scsi_find_request(s, tag);
272 if (!r) {
273 BADF("Bad buffer tag 0x%x\n", tag);
274 return NULL;
4d611c9a 275 }
a917d384 276 return r->dma_buf;
2e5d83bb
PB		 277}
278
279/* Execute a scsi command. Returns the length of the data expected by the
280 command. This will be Positive for data transfers from the device
281 (eg. disk reads), negative for transfers to the device (eg. disk writes),
282 and zero if the command does not transfer any data. */
283
8ccc2ace
TS		 284static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
285 uint8_t *buf, int lun)
2e5d83bb 286{
8ccc2ace 287 SCSIDeviceState *s = d->state;
96b8f136 288 uint64_t nb_sectors;
2e5d83bb
PB		 289 uint32_t lba;
290 uint32_t len;
291 int cmdlen;
292 int is_write;
a917d384
PB		 293 uint8_t command;
294 uint8_t *outbuf;
295 SCSIRequest *r;
296
297 command = buf[0];
298 r = scsi_find_request(s, tag);
299 if (r) {
300 BADF("Tag 0x%x already in use\n", tag);
8ccc2ace 301 scsi_cancel_io(d, tag);
a917d384
PB		 302 }
303 /* ??? Tags are not unique for different luns. We only implement a
304 single lun, so this should not matter. */
305 r = scsi_new_request(s, tag);
306 outbuf = r->dma_buf;
2e5d83bb 307 is_write = 0;
a917d384
PB		 308 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
309 switch (command >> 5) {
2e5d83bb
PB		 310 case 0:
311 lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16);
312 len = buf[4];
313 cmdlen = 6;
314 break;
315 case 1:
316 case 2:
317 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
318 len = buf[8] | (buf[7] << 8);
319 cmdlen = 10;
320 break;
321 case 4:
322 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
323 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
324 cmdlen = 16;
325 break;
326 case 5:
327 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
328 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
329 cmdlen = 12;
330 break;
331 default:
a917d384 332 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 333 goto fail;
334 }
335#ifdef DEBUG_SCSI
336 {
337 int i;
338 for (i = 1; i < cmdlen; i++) {
339 printf(" 0x%02x", buf[i]);
340 }
341 printf("\n");
342 }
343#endif
0fc5c15a 344 if (lun || buf[1] >> 5) {
2e5d83bb 345 /* Only LUN 0 supported. */
0fc5c15a 346 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
2e5d83bb
PB		 347 goto fail;
348 }
a917d384 349 switch (command) {
2e5d83bb
PB		 350 case 0x0:
351 DPRINTF("Test Unit Ready\n");
352 break;
353 case 0x03:
354 DPRINTF("Request Sense (len %d)\n", len);
355 if (len < 4)
356 goto fail;
67cd24a8 357 memset(outbuf, 0, 4);
a917d384
PB		 358 outbuf[0] = 0xf0;
359 outbuf[1] = 0;
360 outbuf[2] = s->sense;
361 r->buf_len = 4;
2e5d83bb
PB		 362 break;
363 case 0x12:
7d8406be 364 DPRINTF("Inquiry (len %d)\n", len);
1d4db89c
AZ		 365 if (buf[1] & 0x2) {
366 /* Command support data - optional, not implemented */
367 BADF("optional INQUIRY command support request not implemented\n");
368 goto fail;
369 }
370 else if (buf[1] & 0x1) {
371 /* Vital product data */
372 uint8_t page_code = buf[2];
373 if (len < 4) {
374 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
375 "less than 4\n", page_code, len);
376 goto fail;
377 }
378
379 switch (page_code) {
380 case 0x00:
381 {
382 /* Supported page codes, mandatory */
383 DPRINTF("Inquiry EVPD[Supported pages] "
384 "buffer size %d\n", len);
385
386 r->buf_len = 0;
387
388 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
389 outbuf[r->buf_len++] = 5;
390 } else {
391 outbuf[r->buf_len++] = 0;
392 }
393
394 outbuf[r->buf_len++] = 0x00; // this page
395 outbuf[r->buf_len++] = 0x00;
396 outbuf[r->buf_len++] = 3; // number of pages
397 outbuf[r->buf_len++] = 0x00; // list of supported pages (this page)
398 outbuf[r->buf_len++] = 0x80; // unit serial number
399 outbuf[r->buf_len++] = 0x83; // device identification
400 }
401 break;
402 case 0x80:
403 {
404 /* Device serial number, optional */
405 if (len < 4) {
406 BADF("Error: EVPD[Serial number] Inquiry buffer "
407 "size %d too small, %d needed\n", len, 4);
408 goto fail;
409 }
410
411 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
412
413 r->buf_len = 0;
414
415 /* Supported page codes */
416 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
417 outbuf[r->buf_len++] = 5;
418 } else {
419 outbuf[r->buf_len++] = 0;
420 }
421
422 outbuf[r->buf_len++] = 0x80; // this page
423 outbuf[r->buf_len++] = 0x00;
424 outbuf[r->buf_len++] = 0x01; // 1 byte data follow
425
426 outbuf[r->buf_len++] = '0'; // 1 byte data follow
427 }
428
429 break;
430 case 0x83:
431 {
432 /* Device identification page, mandatory */
433 int max_len = 255 - 8;
434 int id_len = strlen(bdrv_get_device_name(s->bdrv));
435 if (id_len > max_len)
436 id_len = max_len;
437
438 DPRINTF("Inquiry EVPD[Device identification] "
439 "buffer size %d\n", len);
440 r->buf_len = 0;
441 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
442 outbuf[r->buf_len++] = 5;
443 } else {
444 outbuf[r->buf_len++] = 0;
445 }
446
447 outbuf[r->buf_len++] = 0x83; // this page
448 outbuf[r->buf_len++] = 0x00;
449 outbuf[r->buf_len++] = 3 + id_len;
450
451 outbuf[r->buf_len++] = 0x2; // ASCII
452 outbuf[r->buf_len++] = 0; // not officially assigned
453 outbuf[r->buf_len++] = 0; // reserved
454 outbuf[r->buf_len++] = id_len; // length of data following
455
456 memcpy(&outbuf[r->buf_len],
457 bdrv_get_device_name(s->bdrv), id_len);
458 r->buf_len += id_len;
459 }
460 break;
461 default:
462 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
463 "buffer size %d\n", page_code, len);
464 goto fail;
465 }
466 /* done with EVPD */
467 break;
468 }
469 else {
470 /* Standard INQUIRY data */
471 if (buf[2] != 0) {
472 BADF("Error: Inquiry (STANDARD) page or code "
473 "is non-zero [%02X]\n", buf[2]);
474 goto fail;
475 }
476
477 /* PAGE CODE == 0 */
478 if (len < 5) {
479 BADF("Error: Inquiry (STANDARD) buffer size %d "
480 "is less than 5\n", len);
481 goto fail;
482 }
483
484 if (len < 36) {
485 BADF("Error: Inquiry (STANDARD) buffer size %d "
486 "is less than 36 (TODO: only 5 required)\n", len);
487 }
2e5d83bb 488 }
a917d384 489 memset(outbuf, 0, 36);
2e5d83bb 490 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
a917d384
PB		 491 outbuf[0] = 5;
492 outbuf[1] = 0x80;
493 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
2e5d83bb 494 } else {
a917d384
PB		 495 outbuf[0] = 0;
496 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
2e5d83bb 497 }
a917d384
PB		 498 memcpy(&outbuf[8], "QEMU ", 8);
499 memcpy(&outbuf[32], QEMU_VERSION, 4);
17acfe32
PB		 500 /* Identify device as SCSI-3 rev 1.
501 Some later commands are also implemented. */
a917d384
PB		 502 outbuf[2] = 3;
503 outbuf[3] = 2; /* Format 2 */
67cd24a8 504 outbuf[4] = 31;
a917d384
PB		 505 /* Sync data transfer and TCQ. */
506 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
507 r->buf_len = 36;
2e5d83bb
PB		 508 break;
509 case 0x16:
510 DPRINTF("Reserve(6)\n");
511 if (buf[1] & 1)
512 goto fail;
513 break;
514 case 0x17:
515 DPRINTF("Release(6)\n");
516 if (buf[1] & 1)
517 goto fail;
518 break;
519 case 0x1a:
7d8406be 520 case 0x5a:
17acfe32 521 {
a917d384 522 uint8_t *p;
17acfe32
PB		 523 int page;
524
525 page = buf[2] & 0x3f;
526 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
a917d384 527 p = outbuf;
17acfe32 528 memset(p, 0, 4);
a917d384
PB		 529 outbuf[1] = 0; /* Default media type. */
530 outbuf[3] = 0; /* Block descriptor length. */
17acfe32 531 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
a917d384 532 outbuf[2] = 0x80; /* Readonly. */
17acfe32
PB		 533 }
534 p += 4;
5e65a310
BS		 535 if (page == 4) {
536 int cylinders, heads, secs;
537
538 /* Rigid disk device geometry page. */
539 p[0] = 4;
540 p[1] = 0x16;
541 /* if a geometry hint is available, use it */
542 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
543 p[2] = (cylinders >> 16) & 0xff;
544 p[3] = (cylinders >> 8) & 0xff;
545 p[4] = cylinders & 0xff;
546 p[5] = heads & 0xff;
547 /* Write precomp start cylinder, disabled */
548 p[6] = (cylinders >> 16) & 0xff;
549 p[7] = (cylinders >> 8) & 0xff;
550 p[8] = cylinders & 0xff;
551 /* Reduced current start cylinder, disabled */
552 p[9] = (cylinders >> 16) & 0xff;
553 p[10] = (cylinders >> 8) & 0xff;
554 p[11] = cylinders & 0xff;
555 /* Device step rate [ns], 200ns */
556 p[12] = 0;
557 p[13] = 200;
558 /* Landing zone cylinder */
559 p[14] = 0xff;
560 p[15] = 0xff;
561 p[16] = 0xff;
562 /* Medium rotation rate [rpm], 5400 rpm */
563 p[20] = (5400 >> 8) & 0xff;
564 p[21] = 5400 & 0xff;
565 p += 0x16;
566 } else if (page == 5) {
567 int cylinders, heads, secs;
568
569 /* Flexible disk device geometry page. */
570 p[0] = 5;
571 p[1] = 0x1e;
572 /* Transfer rate [kbit/s], 5Mbit/s */
573 p[2] = 5000 >> 8;
574 p[3] = 5000 & 0xff;
575 /* if a geometry hint is available, use it */
576 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
577 p[4] = heads & 0xff;
578 p[5] = secs & 0xff;
579 p[6] = s->cluster_size * 2;
580 p[8] = (cylinders >> 8) & 0xff;
581 p[9] = cylinders & 0xff;
582 /* Write precomp start cylinder, disabled */
583 p[10] = (cylinders >> 8) & 0xff;
584 p[11] = cylinders & 0xff;
585 /* Reduced current start cylinder, disabled */
586 p[12] = (cylinders >> 8) & 0xff;
587 p[13] = cylinders & 0xff;
588 /* Device step rate [100us], 100us */
589 p[14] = 0;
590 p[15] = 1;
591 /* Device step pulse width [us], 1us */
592 p[16] = 1;
593 /* Device head settle delay [100us], 100us */
594 p[17] = 0;
595 p[18] = 1;
596 /* Motor on delay [0.1s], 0.1s */
597 p[19] = 1;
598 /* Motor off delay [0.1s], 0.1s */
599 p[20] = 1;
600 /* Medium rotation rate [rpm], 5400 rpm */
601 p[28] = (5400 >> 8) & 0xff;
602 p[29] = 5400 & 0xff;
603 p += 0x1e;
604 } else if ((page == 8 || page == 0x3f)) {
17acfe32 605 /* Caching page. */
67cd24a8 606 memset(p,0,20);
17acfe32
PB		 607 p[0] = 8;
608 p[1] = 0x12;
609 p[2] = 4; /* WCE */
67cd24a8 610 p += 20;
17acfe32
PB		 611 }
612 if ((page == 0x3f || page == 0x2a)
613 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
614 /* CD Capabilities and Mechanical Status page. */
615 p[0] = 0x2a;
616 p[1] = 0x14;
617 p[2] = 3; // CD-R & CD-RW read
618 p[3] = 0; // Writing not supported
619 p[4] = 0x7f; /* Audio, composite, digital out,
620 mode 2 form 1&2, multi session */
621 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
622 RW corrected, C2 errors, ISRC,
623 UPC, Bar code */
624 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
625 /* Locking supported, jumper present, eject, tray */
626 p[7] = 0; /* no volume & mute control, no
627 changer */
628 p[8] = (50 * 176) >> 8; // 50x read speed
629 p[9] = (50 * 176) & 0xff;
630 p[10] = 0 >> 8; // No volume
631 p[11] = 0 & 0xff;
632 p[12] = 2048 >> 8; // 2M buffer
633 p[13] = 2048 & 0xff;
634 p[14] = (16 * 176) >> 8; // 16x read speed current
635 p[15] = (16 * 176) & 0xff;
636 p[18] = (16 * 176) >> 8; // 16x write speed
637 p[19] = (16 * 176) & 0xff;
638 p[20] = (16 * 176) >> 8; // 16x write speed current
639 p[21] = (16 * 176) & 0xff;
67cd24a8 640 p += 22;
17acfe32 641 }
a917d384
PB		 642 r->buf_len = p - outbuf;
643 outbuf[0] = r->buf_len - 4;
644 if (r->buf_len > len)
645 r->buf_len = len;
7d8406be 646 }
17acfe32
PB		 647 break;
648 case 0x1b:
649 DPRINTF("Start Stop Unit\n");
650 break;
651 case 0x1e:
652 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
653 bdrv_set_locked(s->bdrv, buf[4] & 1);
2e5d83bb
PB		 654 break;
655 case 0x25:
656 DPRINTF("Read Capacity\n");
657 /* The normal LEN field for this command is zero. */
a917d384 658 memset(outbuf, 0, 8);
2e5d83bb 659 bdrv_get_geometry(s->bdrv, &nb_sectors);
51c1ebb1
PB		 660 /* Returned value is the address of the last sector. */
661 if (nb_sectors) {
662 nb_sectors--;
a917d384
PB		 663 outbuf[0] = (nb_sectors >> 24) & 0xff;
664 outbuf[1] = (nb_sectors >> 16) & 0xff;
665 outbuf[2] = (nb_sectors >> 8) & 0xff;
666 outbuf[3] = nb_sectors & 0xff;
667 outbuf[4] = 0;
668 outbuf[5] = 0;
669 outbuf[6] = s->cluster_size * 2;
670 outbuf[7] = 0;
671 r->buf_len = 8;
51c1ebb1 672 } else {
b1fa7164 673 scsi_command_complete(r, SENSE_NOT_READY);
35f1df84 674 return 0;
51c1ebb1 675 }
2e5d83bb
PB		 676 break;
677 case 0x08:
678 case 0x28:
679 DPRINTF("Read (sector %d, count %d)\n", lba, len);
a917d384
PB		 680 r->sector = lba * s->cluster_size;
681 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 682 break;
683 case 0x0a:
684 case 0x2a:
685 DPRINTF("Write (sector %d, count %d)\n", lba, len);
a917d384
PB		 686 r->sector = lba * s->cluster_size;
687 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 688 is_write = 1;
689 break;
7d8406be 690 case 0x35:
e91c8a77 691 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba, len);
7a6cba61 692 bdrv_flush(s->bdrv);
7d8406be 693 break;
2e5d83bb
PB		 694 case 0x43:
695 {
7c22dd52 696 int start_track, format, msf, toclen;
2e5d83bb
PB		 697
698 msf = buf[1] & 2;
699 format = buf[2] & 0xf;
700 start_track = buf[6];
701 bdrv_get_geometry(s->bdrv, &nb_sectors);
702 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
703 switch(format) {
704 case 0:
a917d384 705 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
2e5d83bb
PB		 706 break;
707 case 1:
708 /* multi session : only a single session defined */
7c22dd52 709 toclen = 12;
a917d384
PB		 710 memset(outbuf, 0, 12);
711 outbuf[1] = 0x0a;
712 outbuf[2] = 0x01;
713 outbuf[3] = 0x01;
2e5d83bb
PB		 714 break;
715 case 2:
a917d384 716 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
2e5d83bb
PB		 717 break;
718 default:
7c22dd52
PB		 719 goto error_cmd;
720 }
721 if (toclen > 0) {
722 if (len > toclen)
723 len = toclen;
a917d384 724 r->buf_len = len;
7c22dd52 725 break;
2e5d83bb 726 }
7c22dd52
PB		 727 error_cmd:
728 DPRINTF("Read TOC error\n");
729 goto fail;
2e5d83bb 730 }
17acfe32
PB		 731 case 0x46:
732 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
a917d384 733 memset(outbuf, 0, 8);
1235fc06 734 /* ??? This should probably return much more information. For now
17acfe32 735 just return the basic header indicating the CD-ROM profile. */
a917d384
PB		 736 outbuf[7] = 8; // CD-ROM
737 r->buf_len = 8;
17acfe32 738 break;
2e5d83bb
PB		 739 case 0x56:
740 DPRINTF("Reserve(10)\n");
741 if (buf[1] & 3)
742 goto fail;
743 break;
744 case 0x57:
745 DPRINTF("Release(10)\n");
746 if (buf[1] & 3)
747 goto fail;
748 break;
749 case 0xa0:
750 DPRINTF("Report LUNs (len %d)\n", len);
751 if (len < 16)
752 goto fail;
a917d384
PB		 753 memset(outbuf, 0, 16);
754 outbuf[3] = 8;
755 r->buf_len = 16;
2e5d83bb
PB		 756 break;
757 default:
758 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
759 fail:
b1fa7164 760 scsi_command_complete(r, SENSE_ILLEGAL_REQUEST);
2e5d83bb
PB		 761 return 0;
762 }
a917d384 763 if (r->sector_count == 0 && r->buf_len == 0) {
b1fa7164 764 scsi_command_complete(r, SENSE_NO_SENSE);
a917d384
PB		 765 }
766 len = r->sector_count * 512 + r->buf_len;
767 if (is_write) {
768 return -len;
769 } else {
770 if (!r->sector_count)
771 r->sector_count = -1;
772 return len;
2e5d83bb 773 }
2e5d83bb
PB		 774}
775
8ccc2ace 776static void scsi_destroy(SCSIDevice *d)
2e5d83bb 777{
8ccc2ace
TS		 778 qemu_free(d->state);
779 qemu_free(d);
2e5d83bb
PB		 780}
781
8ccc2ace
TS		 782SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
783 scsi_completionfn completion, void *opaque)
2e5d83bb 784{
8ccc2ace
TS		 785 SCSIDevice *d;
786 SCSIDeviceState *s;
2e5d83bb 787
8ccc2ace 788 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
2e5d83bb 789 s->bdrv = bdrv;
a917d384 790 s->tcq = tcq;
2e5d83bb
PB		 791 s->completion = completion;
792 s->opaque = opaque;
793 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
7c22dd52 794 s->cluster_size = 4;
2e5d83bb 795 } else {
7c22dd52 796 s->cluster_size = 1;
2e5d83bb
PB		 797 }
798
8ccc2ace
TS		 799 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
800 d->state = s;
801 d->destroy = scsi_destroy;
802 d->send_command = scsi_send_command;
803 d->read_data = scsi_read_data;
804 d->write_data = scsi_write_data;
805 d->cancel_io = scsi_cancel_io;
806 d->get_buf = scsi_get_buf;
2e5d83bb 807
8ccc2ace
TS		 808 return d;
809}
Qemu copy for testing