]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
correctly check ppr priority during interrupt injection]
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb
PB		 14 *
15 * This code is licenced under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
5dba48a8
KW		 44#define SCSI_REQ_STATUS_RETRY 0x01
45#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46#define SCSI_REQ_STATUS_RETRY_READ 0x00
47#define SCSI_REQ_STATUS_RETRY_WRITE 0x02
78ced65e 48#define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
ea8a5d7f 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
a6d96eb7
HR		 52typedef struct SCSISense {
53 uint8_t key;
54} SCSISense;
55
4c41d2ef
GH		 56typedef struct SCSIDiskReq {
57 SCSIRequest req;
e035b43d 58 /* ??? We should probably keep track of whether the data transfer is
2e5d83bb 59 a read or a write. Currently we rely on the host getting it right. */
a917d384 60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 61 uint64_t sector;
62 uint32_t sector_count;
c87c0672
AL		 63 struct iovec iov;
64 QEMUIOVector qiov;
ea8a5d7f 65 uint32_t status;
4c41d2ef 66} SCSIDiskReq;
a917d384 67
d52affa7 68struct SCSIDiskState
a917d384 69{
d52affa7 70 SCSIDevice qdev;
428c149b 71 BlockDriverState *bs;
a917d384
PB		 72 /* The qemu block layer uses a fixed 512 byte sector size.
73 This is the number of 512 byte blocks in a single scsi sector. */
74 int cluster_size;
419e691f 75 uint32_t removable;
274fb0e1 76 uint64_t max_lba;
213189ab 77 QEMUBH *bh;
383b4d9b 78 char *version;
a0fef654 79 char *serial;
a6d96eb7 80 SCSISense sense;
2e5d83bb
PB		 81};
82
5dba48a8 83static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78ced65e 84static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
5dba48a8 85
72aef731
CH		 86static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
87 uint32_t lun)
2e5d83bb 88{
89b08ae1 89 SCSIRequest *req;
4c41d2ef 90 SCSIDiskReq *r;
a917d384 91
72aef731 92 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
89b08ae1 93 r = DO_UPCAST(SCSIDiskReq, req, req);
72aef731 94 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
a917d384 95 return r;
2e5d83bb
PB		 96}
97
4c41d2ef 98static void scsi_remove_request(SCSIDiskReq *r)
4d611c9a 99{
f8a83245 100 qemu_vfree(r->iov.iov_base);
89b08ae1 101 scsi_req_free(&r->req);
4d611c9a
PB		 102}
103
4c41d2ef 104static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
4d611c9a 105{
89b08ae1 106 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
a917d384
PB		 107}
108
a6d96eb7 109static void scsi_disk_clear_sense(SCSIDiskState *s)
ed3a34a3 110{
a6d96eb7
HR		 111 memset(&s->sense, 0, sizeof(s->sense));
112}
113
114static void scsi_disk_set_sense(SCSIDiskState *s, uint8_t key)
115{
116 s->sense.key = key;
117}
118
119static void scsi_req_set_status(SCSIDiskReq *r, int status, int sense_code)
120{
121 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
122
123 r->req.status = status;
124 scsi_disk_set_sense(s, sense_code);
ed3a34a3
GH		 125}
126
a917d384 127/* Helper function for command completion. */
4c41d2ef 128static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
a917d384 129{
4c41d2ef
GH		 130 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
131 r->req.tag, status, sense);
a6d96eb7 132 scsi_req_set_status(r, status, sense);
ed3a34a3 133 scsi_req_complete(&r->req);
89b08ae1 134 scsi_remove_request(r);
4d611c9a
PB		 135}
136
137/* Cancel a pending data transfer. */
8ccc2ace 138static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
4d611c9a 139{
d52affa7 140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 141 SCSIDiskReq *r;
a917d384
PB		 142 DPRINTF("Cancel tag=0x%x\n", tag);
143 r = scsi_find_request(s, tag);
144 if (r) {
4c41d2ef
GH		 145 if (r->req.aiocb)
146 bdrv_aio_cancel(r->req.aiocb);
147 r->req.aiocb = NULL;
a917d384
PB		 148 scsi_remove_request(r);
149 }
150}
151
152static void scsi_read_complete(void * opaque, int ret)
153{
4c41d2ef 154 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5dba48a8 155 int n;
a917d384 156
3e94cb02
JK		 157 r->req.aiocb = NULL;
158
a917d384 159 if (ret) {
5dba48a8
KW		 160 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
161 return;
162 }
4d611c9a 163 }
5dba48a8 164
aa2b1e89 165 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 166
5dba48a8
KW		 167 n = r->iov.iov_len / 512;
168 r->sector += n;
169 r->sector_count -= n;
4c41d2ef 170 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
4d611c9a
PB		 171}
172
5dba48a8
KW		 173
174static void scsi_read_request(SCSIDiskReq *r)
2e5d83bb 175{
5dba48a8 176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 177 uint32_t n;
178
a917d384 179 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 180 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 181 r->sector_count = 0;
4c41d2ef 182 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
a917d384 183 return;
2e5d83bb 184 }
a917d384
PB		 185 DPRINTF("Read sector_count=%d\n", r->sector_count);
186 if (r->sector_count == 0) {
0d65e1f8 187 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 188 return;
2e5d83bb
PB		 189 }
190
6fa2c95f
SH		 191 /* No data transfer may already be in progress */
192 assert(r->req.aiocb == NULL);
193
a917d384
PB		 194 n = r->sector_count;
195 if (n > SCSI_DMA_BUF_SIZE / 512)
196 n = SCSI_DMA_BUF_SIZE / 512;
197
c87c0672
AL		 198 r->iov.iov_len = n * 512;
199 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 200 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 201 scsi_read_complete, r);
d33ea50a
KW		 202 if (r->req.aiocb == NULL) {
203 scsi_read_complete(r, -EIO);
204 }
2e5d83bb
PB		 205}
206
5dba48a8
KW		 207/* Read more data from scsi device into buffer. */
208static void scsi_read_data(SCSIDevice *d, uint32_t tag)
ea8a5d7f 209{
5dba48a8
KW		 210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
211 SCSIDiskReq *r;
212
213 r = scsi_find_request(s, tag);
214 if (!r) {
215 BADF("Bad read tag 0x%x\n", tag);
216 /* ??? This is the wrong error. */
217 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
218 return;
219 }
220
5dba48a8
KW		 221 scsi_read_request(r);
222}
223
224static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
225{
226 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
4c41d2ef 227 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 228 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
ea8a5d7f 229
380f640f 230 if (action == BLOCK_ERR_IGNORE) {
5dba48a8 231 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 232 return 0;
380f640f 233 }
ea8a5d7f
AL		 234
235 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
236 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8
KW		 237
238 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
239 r->status |= SCSI_REQ_STATUS_RETRY | type;
240
241 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
554a310b 242 vm_stop(0);
ea8a5d7f 243 } else {
5dba48a8
KW		 244 if (type == SCSI_REQ_STATUS_RETRY_READ) {
245 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
246 }
0d65e1f8
GH		 247 scsi_command_complete(r, CHECK_CONDITION,
248 HARDWARE_ERROR);
5dba48a8 249 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f
AL		 250 }
251
252 return 1;
253}
254
4d611c9a
PB		 255static void scsi_write_complete(void * opaque, int ret)
256{
4c41d2ef 257 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 258 uint32_t len;
ea8a5d7f
AL		 259 uint32_t n;
260
4c41d2ef 261 r->req.aiocb = NULL;
4d611c9a
PB		 262
263 if (ret) {
5dba48a8 264 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
ea8a5d7f 265 return;
5dba48a8 266 }
4d611c9a
PB		 267 }
268
c87c0672 269 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 270 r->sector += n;
271 r->sector_count -= n;
a917d384 272 if (r->sector_count == 0) {
0d65e1f8 273 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384
PB		 274 } else {
275 len = r->sector_count * 512;
276 if (len > SCSI_DMA_BUF_SIZE) {
277 len = SCSI_DMA_BUF_SIZE;
278 }
c87c0672 279 r->iov.iov_len = len;
4c41d2ef
GH		 280 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
281 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
4d611c9a 282 }
4d611c9a
PB		 283}
284
4c41d2ef 285static void scsi_write_request(SCSIDiskReq *r)
ea8a5d7f 286{
4c41d2ef 287 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 288 uint32_t n;
289
6fa2c95f
SH		 290 /* No data transfer may already be in progress */
291 assert(r->req.aiocb == NULL);
292
c87c0672 293 n = r->iov.iov_len / 512;
ea8a5d7f 294 if (n) {
c87c0672 295 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 296 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 297 scsi_write_complete, r);
d33ea50a
KW		 298 if (r->req.aiocb == NULL) {
299 scsi_write_complete(r, -EIO);
300 }
ea8a5d7f
AL		 301 } else {
302 /* Invoke completion routine to fetch data from host. */
303 scsi_write_complete(r, 0);
304 }
305}
306
4d611c9a
PB		 307/* Write data to a scsi device. Returns nonzero on failure.
308 The transfer may complete asynchronously. */
8ccc2ace 309static int scsi_write_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 310{
d52affa7 311 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 312 SCSIDiskReq *r;
2e5d83bb 313
a917d384
PB		 314 DPRINTF("Write data tag=0x%x\n", tag);
315 r = scsi_find_request(s, tag);
316 if (!r) {
317 BADF("Bad write tag 0x%x\n", tag);
0d65e1f8 318 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
2e5d83bb
PB		 319 return 1;
320 }
ea8a5d7f 321
ea8a5d7f 322 scsi_write_request(r);
2e5d83bb 323
a917d384
PB		 324 return 0;
325}
2e5d83bb 326
213189ab 327static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 328{
d52affa7 329 SCSIDiskState *s = opaque;
9af99d98
GH		 330 SCSIRequest *req;
331 SCSIDiskReq *r;
213189ab
MA		 332
333 qemu_bh_delete(s->bh);
334 s->bh = NULL;
ea8a5d7f 335
9af99d98
GH		 336 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
337 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f 338 if (r->status & SCSI_REQ_STATUS_RETRY) {
5dba48a8 339 int status = r->status;
78ced65e
KW		 340 int ret;
341
5dba48a8
KW		 342 r->status &=
343 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
344
345 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
346 case SCSI_REQ_STATUS_RETRY_READ:
347 scsi_read_request(r);
348 break;
349 case SCSI_REQ_STATUS_RETRY_WRITE:
350 scsi_write_request(r);
351 break;
78ced65e
KW		 352 case SCSI_REQ_STATUS_RETRY_FLUSH:
353 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
354 if (ret == 0) {
355 scsi_command_complete(r, GOOD, NO_SENSE);
356 }
5dba48a8 357 }
ea8a5d7f 358 }
ea8a5d7f
AL		 359 }
360}
361
213189ab
MA		 362static void scsi_dma_restart_cb(void *opaque, int running, int reason)
363{
d52affa7 364 SCSIDiskState *s = opaque;
213189ab
MA		 365
366 if (!running)
367 return;
368
369 if (!s->bh) {
370 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
371 qemu_bh_schedule(s->bh);
372 }
373}
374
a917d384 375/* Return a pointer to the data buffer. */
8ccc2ace 376static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
a917d384 377{
d52affa7 378 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 379 SCSIDiskReq *r;
2e5d83bb 380
a917d384
PB		 381 r = scsi_find_request(s, tag);
382 if (!r) {
383 BADF("Bad buffer tag 0x%x\n", tag);
384 return NULL;
4d611c9a 385 }
3f4cb3d3 386 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 387}
388
0b06c059
GH		 389static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
390{
383b4d9b 391 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 392 int buflen = 0;
393
394 if (req->cmd.buf[1] & 0x2) {
395 /* Command support data - optional, not implemented */
396 BADF("optional INQUIRY command support request not implemented\n");
397 return -1;
398 }
399
400 if (req->cmd.buf[1] & 0x1) {
401 /* Vital product data */
402 uint8_t page_code = req->cmd.buf[2];
403 if (req->cmd.xfer < 4) {
404 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
405 "less than 4\n", page_code, req->cmd.xfer);
406 return -1;
407 }
408
428c149b 409 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
0b06c059
GH		 410 outbuf[buflen++] = 5;
411 } else {
412 outbuf[buflen++] = 0;
413 }
414 outbuf[buflen++] = page_code ; // this page
415 outbuf[buflen++] = 0x00;
416
417 switch (page_code) {
418 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 419 {
420 int pages;
0b06c059
GH		 421 DPRINTF("Inquiry EVPD[Supported pages] "
422 "buffer size %zd\n", req->cmd.xfer);
39d98982 423 pages = buflen++;
0b06c059
GH		 424 outbuf[buflen++] = 0x00; // list of supported pages (this page)
425 outbuf[buflen++] = 0x80; // unit serial number
426 outbuf[buflen++] = 0x83; // device identification
39d98982 427 if (bdrv_get_type_hint(s->bs) != BDRV_TYPE_CDROM) {
ea3bd56f
CH		 428 outbuf[buflen++] = 0xb0; // block limits
429 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 430 }
431 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 432 break;
39d98982 433 }
0b06c059
GH		 434 case 0x80: /* Device serial number, optional */
435 {
a0fef654 436 int l = strlen(s->serial);
0b06c059
GH		 437
438 if (l > req->cmd.xfer)
439 l = req->cmd.xfer;
440 if (l > 20)
441 l = 20;
442
443 DPRINTF("Inquiry EVPD[Serial number] "
444 "buffer size %zd\n", req->cmd.xfer);
445 outbuf[buflen++] = l;
a0fef654 446 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 447 buflen += l;
448 break;
449 }
450
451 case 0x83: /* Device identification page, mandatory */
452 {
453 int max_len = 255 - 8;
428c149b 454 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 455
456 if (id_len > max_len)
457 id_len = max_len;
458 DPRINTF("Inquiry EVPD[Device identification] "
459 "buffer size %zd\n", req->cmd.xfer);
460
39d98982 461 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 462 outbuf[buflen++] = 0x2; // ASCII
463 outbuf[buflen++] = 0; // not officially assigned
464 outbuf[buflen++] = 0; // reserved
465 outbuf[buflen++] = id_len; // length of data following
466
428c149b 467 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 468 buflen += id_len;
469 break;
470 }
ea3bd56f 471 case 0xb0: /* block limits */
ee3659e3 472 {
ea3bd56f
CH		 473 unsigned int unmap_sectors =
474 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 475 unsigned int min_io_size =
476 s->qdev.conf.min_io_size / s->qdev.blocksize;
477 unsigned int opt_io_size =
478 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 479
39d98982
HR		 480 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
481 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
482 page_code);
483 return -1;
484 }
ee3659e3
CH		 485 /* required VPD size with unmap support */
486 outbuf[3] = buflen = 0x3c;
487
488 memset(outbuf + 4, 0, buflen - 4);
489
490 /* optimal transfer length granularity */
491 outbuf[6] = (min_io_size >> 8) & 0xff;
492 outbuf[7] = min_io_size & 0xff;
493
494 /* optimal transfer length */
495 outbuf[12] = (opt_io_size >> 24) & 0xff;
496 outbuf[13] = (opt_io_size >> 16) & 0xff;
497 outbuf[14] = (opt_io_size >> 8) & 0xff;
498 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 499
500 /* optimal unmap granularity */
501 outbuf[28] = (unmap_sectors >> 24) & 0xff;
502 outbuf[29] = (unmap_sectors >> 16) & 0xff;
503 outbuf[30] = (unmap_sectors >> 8) & 0xff;
504 outbuf[31] = unmap_sectors & 0xff;
505 break;
506 }
507 case 0xb2: /* thin provisioning */
508 {
509 outbuf[3] = buflen = 8;
510 outbuf[4] = 0;
511 outbuf[5] = 0x40; /* write same with unmap supported */
512 outbuf[6] = 0;
513 outbuf[7] = 0;
ee3659e3
CH		 514 break;
515 }
0b06c059
GH		 516 default:
517 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
518 "buffer size %zd\n", page_code, req->cmd.xfer);
519 return -1;
520 }
521 /* done with EVPD */
522 return buflen;
523 }
524
525 /* Standard INQUIRY data */
526 if (req->cmd.buf[2] != 0) {
527 BADF("Error: Inquiry (STANDARD) page or code "
528 "is non-zero [%02X]\n", req->cmd.buf[2]);
529 return -1;
530 }
531
532 /* PAGE CODE == 0 */
533 if (req->cmd.xfer < 5) {
534 BADF("Error: Inquiry (STANDARD) buffer size %zd "
535 "is less than 5\n", req->cmd.xfer);
536 return -1;
537 }
538
0b06c059
GH		 539 buflen = req->cmd.xfer;
540 if (buflen > SCSI_MAX_INQUIRY_LEN)
541 buflen = SCSI_MAX_INQUIRY_LEN;
542
543 memset(outbuf, 0, buflen);
544
545 if (req->lun || req->cmd.buf[1] >> 5) {
546 outbuf[0] = 0x7f; /* LUN not supported */
547 return buflen;
548 }
549
428c149b 550 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
0b06c059
GH		 551 outbuf[0] = 5;
552 outbuf[1] = 0x80;
550fe6c6 553 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059
GH		 554 } else {
555 outbuf[0] = 0;
419e691f 556 outbuf[1] = s->removable ? 0x80 : 0;
550fe6c6 557 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 558 }
550fe6c6 559 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 560 memset(&outbuf[32], 0, 4);
552fee93 561 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 562 /*
563 * We claim conformance to SPC-3, which is required for guests
564 * to ask for modern features like READ CAPACITY(16) or the
565 * block characteristics VPD page by default. Not all of SPC-3
566 * is actually implemented, but we're good enough.
567 */
ee3659e3 568 outbuf[2] = 5;
0b06c059 569 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 570
571 if (buflen > 36) {
572 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
573 } else {
574 /* If the allocation length of CDB is too small,
575 the additional length is not adjusted */
576 outbuf[4] = 36 - 5;
577 }
578
0b06c059
GH		 579 /* Sync data transfer and TCQ. */
580 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
581 return buflen;
582}
583
282ab04e
BK		 584static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
585 int page_control)
ebddfcbe
GH		 586{
587 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
428c149b 588 BlockDriverState *bdrv = s->bs;
ebddfcbe
GH		 589 int cylinders, heads, secs;
590
282ab04e
BK		 591 /*
592 * If Changeable Values are requested, a mask denoting those mode parameters
593 * that are changeable shall be returned. As we currently don't support
594 * parameter changes via MODE_SELECT all bits are returned set to zero.
595 * The buffer was already menset to zero by the caller of this function.
596 */
ebddfcbe
GH		 597 switch (page) {
598 case 4: /* Rigid disk device geometry page. */
599 p[0] = 4;
600 p[1] = 0x16;
282ab04e
BK		 601 if (page_control == 1) { /* Changeable Values */
602 return p[1] + 2;
603 }
ebddfcbe
GH		 604 /* if a geometry hint is available, use it */
605 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
606 p[2] = (cylinders >> 16) & 0xff;
607 p[3] = (cylinders >> 8) & 0xff;
608 p[4] = cylinders & 0xff;
609 p[5] = heads & 0xff;
610 /* Write precomp start cylinder, disabled */
611 p[6] = (cylinders >> 16) & 0xff;
612 p[7] = (cylinders >> 8) & 0xff;
613 p[8] = cylinders & 0xff;
614 /* Reduced current start cylinder, disabled */
615 p[9] = (cylinders >> 16) & 0xff;
616 p[10] = (cylinders >> 8) & 0xff;
617 p[11] = cylinders & 0xff;
618 /* Device step rate [ns], 200ns */
619 p[12] = 0;
620 p[13] = 200;
621 /* Landing zone cylinder */
622 p[14] = 0xff;
623 p[15] = 0xff;
624 p[16] = 0xff;
625 /* Medium rotation rate [rpm], 5400 rpm */
626 p[20] = (5400 >> 8) & 0xff;
627 p[21] = 5400 & 0xff;
282ab04e 628 return p[1] + 2;
ebddfcbe
GH		 629
630 case 5: /* Flexible disk device geometry page. */
631 p[0] = 5;
632 p[1] = 0x1e;
282ab04e
BK		 633 if (page_control == 1) { /* Changeable Values */
634 return p[1] + 2;
635 }
ebddfcbe
GH		 636 /* Transfer rate [kbit/s], 5Mbit/s */
637 p[2] = 5000 >> 8;
638 p[3] = 5000 & 0xff;
639 /* if a geometry hint is available, use it */
640 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
641 p[4] = heads & 0xff;
642 p[5] = secs & 0xff;
643 p[6] = s->cluster_size * 2;
644 p[8] = (cylinders >> 8) & 0xff;
645 p[9] = cylinders & 0xff;
646 /* Write precomp start cylinder, disabled */
647 p[10] = (cylinders >> 8) & 0xff;
648 p[11] = cylinders & 0xff;
649 /* Reduced current start cylinder, disabled */
650 p[12] = (cylinders >> 8) & 0xff;
651 p[13] = cylinders & 0xff;
652 /* Device step rate [100us], 100us */
653 p[14] = 0;
654 p[15] = 1;
655 /* Device step pulse width [us], 1us */
656 p[16] = 1;
657 /* Device head settle delay [100us], 100us */
658 p[17] = 0;
659 p[18] = 1;
660 /* Motor on delay [0.1s], 0.1s */
661 p[19] = 1;
662 /* Motor off delay [0.1s], 0.1s */
663 p[20] = 1;
664 /* Medium rotation rate [rpm], 5400 rpm */
665 p[28] = (5400 >> 8) & 0xff;
666 p[29] = 5400 & 0xff;
282ab04e 667 return p[1] + 2;
ebddfcbe
GH		 668
669 case 8: /* Caching page. */
670 p[0] = 8;
671 p[1] = 0x12;
282ab04e
BK		 672 if (page_control == 1) { /* Changeable Values */
673 return p[1] + 2;
674 }
428c149b 675 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 676 p[2] = 4; /* WCE */
677 }
282ab04e 678 return p[1] + 2;
ebddfcbe
GH		 679
680 case 0x2a: /* CD Capabilities and Mechanical Status page. */
681 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
682 return 0;
683 p[0] = 0x2a;
684 p[1] = 0x14;
282ab04e
BK		 685 if (page_control == 1) { /* Changeable Values */
686 return p[1] + 2;
687 }
ebddfcbe
GH		 688 p[2] = 3; // CD-R & CD-RW read
689 p[3] = 0; // Writing not supported
690 p[4] = 0x7f; /* Audio, composite, digital out,
691 mode 2 form 1&2, multi session */
692 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
693 RW corrected, C2 errors, ISRC,
694 UPC, Bar code */
428c149b 695 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
ebddfcbe
GH		 696 /* Locking supported, jumper present, eject, tray */
697 p[7] = 0; /* no volume & mute control, no
698 changer */
699 p[8] = (50 * 176) >> 8; // 50x read speed
700 p[9] = (50 * 176) & 0xff;
701 p[10] = 0 >> 8; // No volume
702 p[11] = 0 & 0xff;
703 p[12] = 2048 >> 8; // 2M buffer
704 p[13] = 2048 & 0xff;
705 p[14] = (16 * 176) >> 8; // 16x read speed current
706 p[15] = (16 * 176) & 0xff;
707 p[18] = (16 * 176) >> 8; // 16x write speed
708 p[19] = (16 * 176) & 0xff;
709 p[20] = (16 * 176) >> 8; // 16x write speed current
710 p[21] = (16 * 176) & 0xff;
282ab04e 711 return p[1] + 2;
ebddfcbe
GH		 712
713 default:
714 return 0;
715 }
716}
717
718static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
719{
720 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ebddfcbe 721 uint64_t nb_sectors;
282ab04e 722 int page, dbd, buflen, page_control;
ebddfcbe 723 uint8_t *p;
ce512ee1 724 uint8_t dev_specific_param;
ebddfcbe
GH		 725
726 dbd = req->cmd.buf[1] & 0x8;
727 page = req->cmd.buf[2] & 0x3f;
282ab04e 728 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
aa2b1e89
BK		 729 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
730 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
ebddfcbe
GH		 731 memset(outbuf, 0, req->cmd.xfer);
732 p = outbuf;
733
0056dcc1 734 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 735 dev_specific_param = 0x80; /* Readonly. */
736 } else {
737 dev_specific_param = 0x00;
738 }
739
740 if (req->cmd.buf[0] == MODE_SENSE) {
741 p[1] = 0; /* Default media type. */
742 p[2] = dev_specific_param;
743 p[3] = 0; /* Block descriptor length. */
744 p += 4;
745 } else { /* MODE_SENSE_10 */
746 p[2] = 0; /* Default media type. */
747 p[3] = dev_specific_param;
748 p[6] = p[7] = 0; /* Block descriptor length. */
749 p += 8;
ebddfcbe 750 }
ebddfcbe 751
428c149b 752 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 753 if (!dbd && nb_sectors) {
ce512ee1
BK		 754 if (req->cmd.buf[0] == MODE_SENSE) {
755 outbuf[3] = 8; /* Block descriptor length */
756 } else { /* MODE_SENSE_10 */
757 outbuf[7] = 8; /* Block descriptor length */
758 }
ebddfcbe 759 nb_sectors /= s->cluster_size;
ebddfcbe 760 if (nb_sectors > 0xffffff)
2488b740 761 nb_sectors = 0;
ebddfcbe
GH		 762 p[0] = 0; /* media density code */
763 p[1] = (nb_sectors >> 16) & 0xff;
764 p[2] = (nb_sectors >> 8) & 0xff;
765 p[3] = nb_sectors & 0xff;
766 p[4] = 0; /* reserved */
767 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
768 p[6] = s->cluster_size * 2;
769 p[7] = 0;
770 p += 8;
771 }
772
282ab04e
BK		 773 if (page_control == 3) { /* Saved Values */
774 return -1; /* ILLEGAL_REQUEST */
775 }
776
ebddfcbe
GH		 777 switch (page) {
778 case 0x04:
779 case 0x05:
780 case 0x08:
781 case 0x2a:
282ab04e 782 p += mode_sense_page(req, page, p, page_control);
ebddfcbe
GH		 783 break;
784 case 0x3f:
282ab04e
BK		 785 p += mode_sense_page(req, 0x08, p, page_control);
786 p += mode_sense_page(req, 0x2a, p, page_control);
ebddfcbe 787 break;
a9c17b2b
BK		 788 default:
789 return -1; /* ILLEGAL_REQUEST */
ebddfcbe
GH		 790 }
791
792 buflen = p - outbuf;
ce512ee1
BK		 793 /*
794 * The mode data length field specifies the length in bytes of the
795 * following data that is available to be transferred. The mode data
796 * length does not include itself.
797 */
798 if (req->cmd.buf[0] == MODE_SENSE) {
799 outbuf[0] = buflen - 1;
800 } else { /* MODE_SENSE_10 */
801 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
802 outbuf[1] = (buflen - 2) & 0xff;
803 }
ebddfcbe
GH		 804 if (buflen > req->cmd.xfer)
805 buflen = req->cmd.xfer;
806 return buflen;
807}
808
02880f43
GH		 809static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
810{
811 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 812 int start_track, format, msf, toclen;
813 uint64_t nb_sectors;
814
815 msf = req->cmd.buf[1] & 2;
816 format = req->cmd.buf[2] & 0xf;
817 start_track = req->cmd.buf[6];
428c149b 818 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 819 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
820 nb_sectors /= s->cluster_size;
821 switch (format) {
822 case 0:
823 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
824 break;
825 case 1:
826 /* multi session : only a single session defined */
827 toclen = 12;
828 memset(outbuf, 0, 12);
829 outbuf[1] = 0x0a;
830 outbuf[2] = 0x01;
831 outbuf[3] = 0x01;
832 break;
833 case 2:
834 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
835 break;
836 default:
837 return -1;
838 }
839 if (toclen > req->cmd.xfer)
840 toclen = req->cmd.xfer;
841 return toclen;
842}
843
8af7a3ab 844static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
aa5dbdc1 845{
8af7a3ab 846 SCSIRequest *req = &r->req;
e7e25e32 847 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 848 uint64_t nb_sectors;
aa5dbdc1 849 int buflen = 0;
78ced65e 850 int ret;
aa5dbdc1
GH		 851
852 switch (req->cmd.buf[0]) {
853 case TEST_UNIT_READY:
428c149b 854 if (!bdrv_is_inserted(s->bs))
aa5dbdc1
GH		 855 goto not_ready;
856 break;
51ad87c9
GH		 857 case REQUEST_SENSE:
858 if (req->cmd.xfer < 4)
859 goto illegal_request;
860 memset(outbuf, 0, 4);
861 buflen = 4;
a6d96eb7 862 if (s->sense.key == NOT_READY && req->cmd.xfer >= 18) {
51ad87c9
GH		 863 memset(outbuf, 0, 18);
864 buflen = 18;
865 outbuf[7] = 10;
866 /* asc 0x3a, ascq 0: Medium not present */
867 outbuf[12] = 0x3a;
868 outbuf[13] = 0;
869 }
870 outbuf[0] = 0xf0;
871 outbuf[1] = 0;
a6d96eb7
HR		 872 outbuf[2] = s->sense.key;
873 scsi_disk_clear_sense(s);
51ad87c9 874 break;
0b06c059
GH		 875 case INQUIRY:
876 buflen = scsi_disk_emulate_inquiry(req, outbuf);
877 if (buflen < 0)
878 goto illegal_request;
879 break;
ebddfcbe
GH		 880 case MODE_SENSE:
881 case MODE_SENSE_10:
882 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
883 if (buflen < 0)
884 goto illegal_request;
885 break;
02880f43
GH		 886 case READ_TOC:
887 buflen = scsi_disk_emulate_read_toc(req, outbuf);
888 if (buflen < 0)
889 goto illegal_request;
890 break;
3d53ba18
GH		 891 case RESERVE:
892 if (req->cmd.buf[1] & 1)
893 goto illegal_request;
894 break;
895 case RESERVE_10:
896 if (req->cmd.buf[1] & 3)
897 goto illegal_request;
898 break;
899 case RELEASE:
900 if (req->cmd.buf[1] & 1)
901 goto illegal_request;
902 break;
903 case RELEASE_10:
904 if (req->cmd.buf[1] & 3)
905 goto illegal_request;
906 break;
8d3628ff 907 case START_STOP:
428c149b 908 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
8d3628ff 909 /* load/eject medium */
428c149b 910 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
8d3628ff
GH		 911 }
912 break;
c68b9f34 913 case ALLOW_MEDIUM_REMOVAL:
428c149b 914 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
c68b9f34 915 break;
e7e25e32
GH		 916 case READ_CAPACITY:
917 /* The normal LEN field for this command is zero. */
918 memset(outbuf, 0, 8);
428c149b 919 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 920 if (!nb_sectors)
921 goto not_ready;
922 nb_sectors /= s->cluster_size;
923 /* Returned value is the address of the last sector. */
924 nb_sectors--;
925 /* Remember the new size for read/write sanity checking. */
926 s->max_lba = nb_sectors;
927 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
928 if (nb_sectors > UINT32_MAX)
929 nb_sectors = UINT32_MAX;
930 outbuf[0] = (nb_sectors >> 24) & 0xff;
931 outbuf[1] = (nb_sectors >> 16) & 0xff;
932 outbuf[2] = (nb_sectors >> 8) & 0xff;
933 outbuf[3] = nb_sectors & 0xff;
934 outbuf[4] = 0;
935 outbuf[5] = 0;
936 outbuf[6] = s->cluster_size * 2;
937 outbuf[7] = 0;
938 buflen = 8;
939 break;
fc903943 940 case SYNCHRONIZE_CACHE:
78ced65e
KW		 941 ret = bdrv_flush(s->bs);
942 if (ret < 0) {
943 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
944 return -1;
945 }
946 }
fc903943 947 break;
38215553
GH		 948 case GET_CONFIGURATION:
949 memset(outbuf, 0, 8);
950 /* ??? This should probably return much more information. For now
951 just return the basic header indicating the CD-ROM profile. */
952 outbuf[7] = 8; // CD-ROM
953 buflen = 8;
954 break;
5dd90e2a
GH		 955 case SERVICE_ACTION_IN:
956 /* Service Action In subcommands. */
957 if ((req->cmd.buf[1] & 31) == 0x10) {
958 DPRINTF("SAI READ CAPACITY(16)\n");
959 memset(outbuf, 0, req->cmd.xfer);
428c149b 960 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 961 if (!nb_sectors)
962 goto not_ready;
963 nb_sectors /= s->cluster_size;
964 /* Returned value is the address of the last sector. */
965 nb_sectors--;
966 /* Remember the new size for read/write sanity checking. */
967 s->max_lba = nb_sectors;
968 outbuf[0] = (nb_sectors >> 56) & 0xff;
969 outbuf[1] = (nb_sectors >> 48) & 0xff;
970 outbuf[2] = (nb_sectors >> 40) & 0xff;
971 outbuf[3] = (nb_sectors >> 32) & 0xff;
972 outbuf[4] = (nb_sectors >> 24) & 0xff;
973 outbuf[5] = (nb_sectors >> 16) & 0xff;
974 outbuf[6] = (nb_sectors >> 8) & 0xff;
975 outbuf[7] = nb_sectors & 0xff;
976 outbuf[8] = 0;
977 outbuf[9] = 0;
978 outbuf[10] = s->cluster_size * 2;
979 outbuf[11] = 0;
ee3659e3
CH		 980 outbuf[12] = 0;
981 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 982
983 /* set TPE bit if the format supports discard */
984 if (s->qdev.conf.discard_granularity) {
985 outbuf[14] = 0x80;
986 }
987
5dd90e2a
GH		 988 /* Protection, exponent and lowest lba field left blank. */
989 buflen = req->cmd.xfer;
990 break;
991 }
992 DPRINTF("Unsupported Service Action In\n");
993 goto illegal_request;
39ec9a50
GH		 994 case REPORT_LUNS:
995 if (req->cmd.xfer < 16)
996 goto illegal_request;
997 memset(outbuf, 0, 16);
998 outbuf[3] = 8;
999 buflen = 16;
1000 break;
88f8a5ed
GH		 1001 case VERIFY:
1002 break;
ebef0bbb
BK		 1003 case REZERO_UNIT:
1004 DPRINTF("Rezero Unit\n");
1005 if (!bdrv_is_inserted(s->bs)) {
1006 goto not_ready;
1007 }
1008 break;
aa5dbdc1
GH		 1009 default:
1010 goto illegal_request;
1011 }
a6d96eb7 1012 scsi_req_set_status(r, GOOD, NO_SENSE);
aa5dbdc1
GH		 1013 return buflen;
1014
1015not_ready:
8af7a3ab
KW		 1016 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
1017 return -1;
aa5dbdc1
GH		 1018
1019illegal_request:
8af7a3ab
KW		 1020 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1021 return -1;
aa5dbdc1
GH		 1022}
1023
2e5d83bb
PB		 1024/* Execute a scsi command. Returns the length of the data expected by the
1025 command. This will be Positive for data transfers from the device
1026 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1027 and zero if the command does not transfer any data. */
1028
8ccc2ace
TS		 1029static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
1030 uint8_t *buf, int lun)
2e5d83bb 1031{
d52affa7 1032 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2e5d83bb 1033 uint32_t len;
2e5d83bb 1034 int is_write;
a917d384
PB		 1035 uint8_t command;
1036 uint8_t *outbuf;
4c41d2ef 1037 SCSIDiskReq *r;
aa5dbdc1 1038 int rc;
a917d384
PB		 1039
1040 command = buf[0];
1041 r = scsi_find_request(s, tag);
1042 if (r) {
1043 BADF("Tag 0x%x already in use\n", tag);
8ccc2ace 1044 scsi_cancel_io(d, tag);
a917d384
PB		 1045 }
1046 /* ??? Tags are not unique for different luns. We only implement a
1047 single lun, so this should not matter. */
72aef731 1048 r = scsi_new_request(s, tag, lun);
3f4cb3d3 1049 outbuf = (uint8_t *)r->iov.iov_base;
2e5d83bb 1050 is_write = 0;
a917d384 1051 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2dd791b6
HR		 1052
1053 if (scsi_req_parse(&r->req, buf) != 0) {
a917d384 1054 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 1055 goto fail;
1056 }
1057#ifdef DEBUG_SCSI
1058 {
1059 int i;
2dd791b6 1060 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1061 printf(" 0x%02x", buf[i]);
1062 }
1063 printf("\n");
1064 }
1065#endif
aa5dbdc1 1066
0fc5c15a 1067 if (lun || buf[1] >> 5) {
2e5d83bb 1068 /* Only LUN 0 supported. */
0fc5c15a 1069 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
ebf46023 1070 if (command != REQUEST_SENSE && command != INQUIRY)
22864256 1071 goto fail;
2e5d83bb 1072 }
a917d384 1073 switch (command) {
ebf46023 1074 case TEST_UNIT_READY:
51ad87c9 1075 case REQUEST_SENSE:
0b06c059 1076 case INQUIRY:
ebddfcbe
GH		 1077 case MODE_SENSE:
1078 case MODE_SENSE_10:
3d53ba18
GH		 1079 case RESERVE:
1080 case RESERVE_10:
1081 case RELEASE:
1082 case RELEASE_10:
8d3628ff 1083 case START_STOP:
c68b9f34 1084 case ALLOW_MEDIUM_REMOVAL:
e7e25e32 1085 case READ_CAPACITY:
fc903943 1086 case SYNCHRONIZE_CACHE:
02880f43 1087 case READ_TOC:
38215553 1088 case GET_CONFIGURATION:
5dd90e2a 1089 case SERVICE_ACTION_IN:
39ec9a50 1090 case REPORT_LUNS:
88f8a5ed 1091 case VERIFY:
ebef0bbb 1092 case REZERO_UNIT:
8af7a3ab
KW		 1093 rc = scsi_disk_emulate_command(r, outbuf);
1094 if (rc < 0) {
0b06c059 1095 return 0;
aa5dbdc1 1096 }
8af7a3ab
KW		 1097
1098 r->iov.iov_len = rc;
0b06c059 1099 break;
ebf46023
GH		 1100 case READ_6:
1101 case READ_10:
bd536cf3
GH		 1102 case READ_12:
1103 case READ_16:
2dd791b6
HR		 1104 len = r->req.cmd.xfer / d->blocksize;
1105 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1106 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1107 goto illegal_lba;
2dd791b6 1108 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1109 r->sector_count = len * s->cluster_size;
2e5d83bb 1110 break;
ebf46023
GH		 1111 case WRITE_6:
1112 case WRITE_10:
bd536cf3
GH		 1113 case WRITE_12:
1114 case WRITE_16:
ebef0bbb
BK		 1115 case WRITE_VERIFY:
1116 case WRITE_VERIFY_12:
1117 case WRITE_VERIFY_16:
2dd791b6 1118 len = r->req.cmd.xfer / d->blocksize;
ebef0bbb 1119 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1120 (command & 0xe) == 0xe ? "And Verify " : "",
1121 r->req.cmd.lba, len);
1122 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1123 goto illegal_lba;
2dd791b6 1124 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1125 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 1126 is_write = 1;
1127 break;
ebef0bbb 1128 case MODE_SELECT:
2dd791b6 1129 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1130 /* We don't support mode parameter changes.
1131 Allow the mode parameter header + block descriptors only. */
2dd791b6 1132 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1133 goto fail;
1134 }
1135 break;
1136 case MODE_SELECT_10:
2dd791b6 1137 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1138 /* We don't support mode parameter changes.
1139 Allow the mode parameter header + block descriptors only. */
2dd791b6 1140 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1141 goto fail;
1142 }
1143 break;
1144 case SEEK_6:
1145 case SEEK_10:
2dd791b6
HR		 1146 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1147 r->req.cmd.lba);
1148 if (r->req.cmd.lba > s->max_lba) {
ebef0bbb
BK		 1149 goto illegal_lba;
1150 }
ea3bd56f
CH		 1151 break;
1152 case WRITE_SAME_16:
1153 len = r->req.cmd.xfer / d->blocksize;
1154
1155 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1156 r->req.cmd.lba, len);
1157
1158 if (r->req.cmd.lba > s->max_lba) {
1159 goto illegal_lba;
1160 }
1161
1162 /*
1163 * We only support WRITE SAME with the unmap bit set for now.
1164 */
1165 if (!(buf[1] & 0x8)) {
1166 goto fail;
1167 }
1168
1169 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1170 len * s->cluster_size);
1171 if (rc < 0) {
1172 /* XXX: better error code ?*/
1173 goto fail;
1174 }
1175
ebef0bbb 1176 break;
2e5d83bb 1177 default:
2dd791b6 1178 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
2e5d83bb 1179 fail:
0d65e1f8 1180 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
2dd791b6 1181 return 0;
274fb0e1 1182 illegal_lba:
0d65e1f8 1183 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
274fb0e1 1184 return 0;
2e5d83bb 1185 }
c87c0672 1186 if (r->sector_count == 0 && r->iov.iov_len == 0) {
0d65e1f8 1187 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 1188 }
c87c0672 1189 len = r->sector_count * 512 + r->iov.iov_len;
a917d384
PB		 1190 if (is_write) {
1191 return -len;
1192 } else {
1193 if (!r->sector_count)
1194 r->sector_count = -1;
1195 return len;
2e5d83bb 1196 }
2e5d83bb
PB		 1197}
1198
e9447f35 1199static void scsi_disk_purge_requests(SCSIDiskState *s)
56a14938 1200{
9af99d98 1201 SCSIDiskReq *r;
56a14938 1202
9af99d98
GH		 1203 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1204 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
e9447f35
JK		 1205 if (r->req.aiocb) {
1206 bdrv_aio_cancel(r->req.aiocb);
1207 }
9af99d98
GH		 1208 scsi_remove_request(r);
1209 }
e9447f35
JK		 1210}
1211
1212static void scsi_disk_reset(DeviceState *dev)
1213{
1214 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1215 uint64_t nb_sectors;
1216
1217 scsi_disk_purge_requests(s);
1218
1219 bdrv_get_geometry(s->bs, &nb_sectors);
1220 nb_sectors /= s->cluster_size;
1221 if (nb_sectors) {
1222 nb_sectors--;
1223 }
1224 s->max_lba = nb_sectors;
1225}
1226
1227static void scsi_destroy(SCSIDevice *dev)
1228{
1229 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1230
1231 scsi_disk_purge_requests(s);
f8b6cc00 1232 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1233}
1234
d52affa7 1235static int scsi_disk_initfn(SCSIDevice *dev)
2e5d83bb 1236{
d52affa7 1237 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
7d0d6950 1238 int is_cd;
f8b6cc00 1239 DriveInfo *dinfo;
2e5d83bb 1240
f8b6cc00 1241 if (!s->qdev.conf.bs) {
1ecda02b 1242 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1243 return -1;
1244 }
f8b6cc00 1245 s->bs = s->qdev.conf.bs;
7d0d6950 1246 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
d52affa7 1247
98f28ad7
MA		 1248 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1249 error_report("Device needs media, but drive is empty");
1250 return -1;
1251 }
1252
a0fef654 1253 if (!s->serial) {
f8b6cc00
MA		 1254 /* try to fall back to value set with legacy -drive serial=... */
1255 dinfo = drive_get_by_blockdev(s->bs);
1256 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
a0fef654
MA		 1257 }
1258
552fee93
MA		 1259 if (!s->version) {
1260 s->version = qemu_strdup(QEMU_VERSION);
1261 }
1262
32bb404a 1263 if (bdrv_is_sg(s->bs)) {
1ecda02b 1264 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1265 return -1;
1266 }
1267
7d0d6950 1268 if (is_cd) {
8cfacf07 1269 s->qdev.blocksize = 2048;
2e5d83bb 1270 } else {
8cfacf07 1271 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2e5d83bb 1272 }
8cfacf07 1273 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1274 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1275
91376656 1276 s->qdev.type = TYPE_DISK;
ea8a5d7f 1277 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
7d0d6950 1278 bdrv_set_removable(s->bs, is_cd);
1ca4d09a 1279 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
d52affa7
GH		 1280 return 0;
1281}
1282
1283static SCSIDeviceInfo scsi_disk_info = {
1284 .qdev.name = "scsi-disk",
779206de 1285 .qdev.fw_name = "disk",
d52affa7
GH		 1286 .qdev.desc = "virtual scsi disk or cdrom",
1287 .qdev.size = sizeof(SCSIDiskState),
e9447f35 1288 .qdev.reset = scsi_disk_reset,
d52affa7 1289 .init = scsi_disk_initfn,
56a14938 1290 .destroy = scsi_destroy,
d52affa7
GH		 1291 .send_command = scsi_send_command,
1292 .read_data = scsi_read_data,
1293 .write_data = scsi_write_data,
1294 .cancel_io = scsi_cancel_io,
1295 .get_buf = scsi_get_buf,
1296 .qdev.props = (Property[]) {
428c149b 1297 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
383b4d9b 1298 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
a0fef654 1299 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
419e691f 1300 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
d52affa7
GH		 1301 DEFINE_PROP_END_OF_LIST(),
1302 },
1303};
1304
1305static void scsi_disk_register_devices(void)
1306{
1307 scsi_qdev_register(&scsi_disk_info);
8ccc2ace 1308}
d52affa7 1309device_init(scsi_disk_register_devices)
Qemu copy for testing