]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: add MemoryRegionOps::valid.accepts
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
22864256 41
336a6915
PB		 42#ifdef __linux
43#include <scsi/sg.h>
44#endif
45
f0f72ffe 46#define SCSI_DMA_BUF_SIZE 131072
57575058 47#define SCSI_MAX_INQUIRY_LEN 256
a917d384 48
d52affa7
GH		 49typedef struct SCSIDiskState SCSIDiskState;
50
4c41d2ef
GH		 51typedef struct SCSIDiskReq {
52 SCSIRequest req;
a917d384 53 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 54 uint64_t sector;
55 uint32_t sector_count;
7285477a 56 uint32_t buflen;
c87c0672
AL		 57 struct iovec iov;
58 QEMUIOVector qiov;
a597e79c 59 BlockAcctCookie acct;
4c41d2ef 60} SCSIDiskReq;
a917d384 61
d52affa7 62struct SCSIDiskState
a917d384 63{
d52affa7 64 SCSIDevice qdev;
419e691f 65 uint32_t removable;
8a9c16f6 66 bool media_changed;
3c2f7c12 67 bool media_event;
4480de19 68 bool eject_request;
213189ab 69 QEMUBH *bh;
383b4d9b 70 char *version;
a0fef654 71 char *serial;
ece0d5e9 72 bool tray_open;
81b1008d 73 bool tray_locked;
2e5d83bb
PB		 74};
75
71544d30 76static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 77
ad2d30f7 78static void scsi_free_request(SCSIRequest *req)
4d611c9a 79{
ad2d30f7
PB		 80 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
81
7285477a
PB		 82 if (r->iov.iov_base) {
83 qemu_vfree(r->iov.iov_base);
84 }
4d611c9a
PB		 85}
86
b45ef674
PB		 87/* Helper function for command completion with sense. */
88static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 89{
02fa69b6
BS		 90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 92 scsi_req_build_sense(&r->req, sense);
93 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 94}
95
96/* Cancel a pending data transfer. */
5c6c0e51 97static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 98{
5c6c0e51
HR		 99 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
100
101 DPRINTF("Cancel tag=0x%x\n", req->tag);
102 if (r->req.aiocb) {
103 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 104
105 /* This reference was left in by scsi_*_data. We take ownership of
106 * it the moment scsi_req_cancel is called, independent of whether
107 * bdrv_aio_cancel completes the request or not. */
108 scsi_req_unref(&r->req);
a917d384 109 }
5c6c0e51 110 r->req.aiocb = NULL;
a917d384
PB		 111}
112
103b40f5
PB		 113static uint32_t scsi_init_iovec(SCSIDiskReq *r)
114{
7285477a
PB		 115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
116
117 if (!r->iov.iov_base) {
118 r->buflen = SCSI_DMA_BUF_SIZE;
44740c38 119 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 120 }
121 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 122 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
123 return r->qiov.size / 512;
124}
125
a917d384
PB		 126static void scsi_read_complete(void * opaque, int ret)
127{
4c41d2ef 128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 130 int n;
a917d384 131
8e321cc6
PB		 132 if (r->req.aiocb != NULL) {
133 r->req.aiocb = NULL;
44740c38 134 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 135 }
a597e79c 136
a917d384 137 if (ret) {
71544d30 138 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 139 goto done;
5dba48a8 140 }
4d611c9a 141 }
5dba48a8 142
103b40f5 143 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
a917d384 144
103b40f5 145 n = r->qiov.size / 512;
5dba48a8
KW		 146 r->sector += n;
147 r->sector_count -= n;
103b40f5 148 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 149
150done:
151 if (!r->req.io_canceled) {
152 scsi_req_unref(&r->req);
153 }
4d611c9a
PB		 154}
155
0a4ac106
PB		 156static void scsi_flush_complete(void * opaque, int ret)
157{
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 if (r->req.aiocb != NULL) {
162 r->req.aiocb = NULL;
44740c38 163 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0a4ac106
PB		 164 }
165
166 if (ret < 0) {
71544d30 167 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 168 goto done;
0a4ac106
PB		 169 }
170 }
171
172 scsi_req_complete(&r->req, GOOD);
c7bae6a7
PB		 173
174done:
175 if (!r->req.io_canceled) {
176 scsi_req_unref(&r->req);
177 }
0a4ac106 178}
5dba48a8 179
5c6c0e51
HR		 180/* Read more data from scsi device into buffer. */
181static void scsi_read_data(SCSIRequest *req)
2e5d83bb 182{
5c6c0e51 183 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 185 uint32_t n;
186
a917d384 187 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 188 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 189 r->sector_count = 0;
ab9adc88 190 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 191 return;
2e5d83bb 192 }
a917d384
PB		 193 DPRINTF("Read sector_count=%d\n", r->sector_count);
194 if (r->sector_count == 0) {
b45ef674
PB		 195 /* This also clears the sense buffer for REQUEST SENSE. */
196 scsi_req_complete(&r->req, GOOD);
a917d384 197 return;
2e5d83bb
PB		 198 }
199
6fa2c95f
SH		 200 /* No data transfer may already be in progress */
201 assert(r->req.aiocb == NULL);
202
c7bae6a7
PB		 203 /* The request is used as the AIO opaque value, so add a ref. */
204 scsi_req_ref(&r->req);
efb9ee02
HR		 205 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
206 DPRINTF("Data transfer direction invalid\n");
207 scsi_read_complete(r, -EINVAL);
208 return;
209 }
210
a1aff5bf
MA		 211 if (s->tray_open) {
212 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 213 return;
a1aff5bf 214 }
c7bae6a7 215
103b40f5 216 n = scsi_init_iovec(r);
44740c38
PB		 217 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
218 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
c87c0672 219 scsi_read_complete, r);
d33ea50a
KW		 220 if (r->req.aiocb == NULL) {
221 scsi_read_complete(r, -EIO);
222 }
2e5d83bb
PB		 223}
224
c7bae6a7
PB		 225/*
226 * scsi_handle_rw_error has two return values. 0 means that the error
227 * must be ignored, 1 means that the error has been processed and the
228 * caller should not do anything else for this request. Note that
229 * scsi_handle_rw_error always manages its reference counts, independent
230 * of the return value.
231 */
71544d30 232static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 233{
71544d30 234 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 236 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 237
380f640f 238 if (action == BLOCK_ERR_IGNORE) {
44740c38 239 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 240 return 0;
380f640f 241 }
ea8a5d7f
AL		 242
243 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
244 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 245
44740c38 246 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 247 vm_stop(RUN_STATE_IO_ERROR);
44740c38 248 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 249 scsi_req_retry(&r->req);
ea8a5d7f 250 } else {
efb9ee02 251 switch (error) {
7e218df5
PB		 252 case ENOMEDIUM:
253 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
254 break;
efb9ee02 255 case ENOMEM:
b45ef674 256 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 257 break;
258 case EINVAL:
b45ef674 259 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 260 break;
261 default:
b45ef674 262 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 263 break;
a1f0cce2 264 }
44740c38 265 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 266 }
ea8a5d7f
AL		 267 return 1;
268}
269
4d611c9a
PB		 270static void scsi_write_complete(void * opaque, int ret)
271{
4c41d2ef 272 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 273 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 274 uint32_t n;
275
8e321cc6
PB		 276 if (r->req.aiocb != NULL) {
277 r->req.aiocb = NULL;
44740c38 278 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 279 }
a597e79c 280
4d611c9a 281 if (ret) {
71544d30 282 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 283 goto done;
5dba48a8 284 }
4d611c9a
PB		 285 }
286
103b40f5 287 n = r->qiov.size / 512;
ea8a5d7f
AL		 288 r->sector += n;
289 r->sector_count -= n;
a917d384 290 if (r->sector_count == 0) {
b45ef674 291 scsi_req_complete(&r->req, GOOD);
a917d384 292 } else {
103b40f5
PB		 293 scsi_init_iovec(r);
294 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
295 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 296 }
c7bae6a7
PB		 297
298done:
299 if (!r->req.io_canceled) {
300 scsi_req_unref(&r->req);
301 }
4d611c9a
PB		 302}
303
42741212 304static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 305{
5c6c0e51 306 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 307 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 308 uint32_t n;
309
6fa2c95f
SH		 310 /* No data transfer may already be in progress */
311 assert(r->req.aiocb == NULL);
312
c7bae6a7
PB		 313 /* The request is used as the AIO opaque value, so add a ref. */
314 scsi_req_ref(&r->req);
efb9ee02
HR		 315 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
316 DPRINTF("Data transfer direction invalid\n");
317 scsi_write_complete(r, -EINVAL);
42741212 318 return;
efb9ee02
HR		 319 }
320
103b40f5 321 n = r->qiov.size / 512;
ea8a5d7f 322 if (n) {
a1aff5bf
MA		 323 if (s->tray_open) {
324 scsi_write_complete(r, -ENOMEDIUM);
c7bae6a7 325 return;
a1aff5bf 326 }
44740c38
PB		 327 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
328 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 329 scsi_write_complete, r);
d33ea50a 330 if (r->req.aiocb == NULL) {
a1f0cce2 331 scsi_write_complete(r, -ENOMEM);
d33ea50a 332 }
ea8a5d7f 333 } else {
103b40f5 334 /* Called for the first time. Ask the driver to send us more data. */
ea8a5d7f
AL		 335 scsi_write_complete(r, 0);
336 }
a917d384 337}
2e5d83bb 338
a917d384 339/* Return a pointer to the data buffer. */
5c6c0e51 340static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 341{
5c6c0e51 342 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 343
3f4cb3d3 344 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 345}
346
0b06c059
GH		 347static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
348{
383b4d9b 349 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 350 int buflen = 0;
351
352 if (req->cmd.buf[1] & 0x2) {
353 /* Command support data - optional, not implemented */
354 BADF("optional INQUIRY command support request not implemented\n");
355 return -1;
356 }
357
358 if (req->cmd.buf[1] & 0x1) {
359 /* Vital product data */
360 uint8_t page_code = req->cmd.buf[2];
361 if (req->cmd.xfer < 4) {
362 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
363 "less than 4\n", page_code, req->cmd.xfer);
364 return -1;
365 }
366
e39be482 367 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 368 outbuf[buflen++] = page_code ; // this page
369 outbuf[buflen++] = 0x00;
370
371 switch (page_code) {
372 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 373 {
374 int pages;
0b06c059
GH		 375 DPRINTF("Inquiry EVPD[Supported pages] "
376 "buffer size %zd\n", req->cmd.xfer);
39d98982 377 pages = buflen++;
0b06c059 378 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 379 if (s->serial) {
3e1c0c9a 380 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 381 }
0b06c059 382 outbuf[buflen++] = 0x83; // device identification
f37bd73b 383 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 384 outbuf[buflen++] = 0xb0; // block limits
385 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 386 }
387 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 388 break;
39d98982 389 }
0b06c059
GH		 390 case 0x80: /* Device serial number, optional */
391 {
3e1c0c9a 392 int l;
0b06c059 393
3e1c0c9a
HR		 394 if (!s->serial) {
395 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
396 return -1;
397 }
398
399 l = strlen(s->serial);
f01b5931 400 if (l > req->cmd.xfer) {
0b06c059 401 l = req->cmd.xfer;
f01b5931
PB		 402 }
403 if (l > 20) {
0b06c059 404 l = 20;
f01b5931 405 }
0b06c059
GH		 406
407 DPRINTF("Inquiry EVPD[Serial number] "
408 "buffer size %zd\n", req->cmd.xfer);
409 outbuf[buflen++] = l;
a0fef654 410 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 411 buflen += l;
412 break;
413 }
414
415 case 0x83: /* Device identification page, mandatory */
416 {
417 int max_len = 255 - 8;
44740c38 418 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
0b06c059 419
f01b5931 420 if (id_len > max_len) {
0b06c059 421 id_len = max_len;
f01b5931 422 }
0b06c059
GH		 423 DPRINTF("Inquiry EVPD[Device identification] "
424 "buffer size %zd\n", req->cmd.xfer);
425
39d98982 426 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 427 outbuf[buflen++] = 0x2; // ASCII
428 outbuf[buflen++] = 0; // not officially assigned
429 outbuf[buflen++] = 0; // reserved
430 outbuf[buflen++] = id_len; // length of data following
431
44740c38 432 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
0b06c059
GH		 433 buflen += id_len;
434 break;
435 }
ea3bd56f 436 case 0xb0: /* block limits */
ee3659e3 437 {
ea3bd56f
CH		 438 unsigned int unmap_sectors =
439 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 440 unsigned int min_io_size =
441 s->qdev.conf.min_io_size / s->qdev.blocksize;
442 unsigned int opt_io_size =
443 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 444
f37bd73b 445 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 446 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
447 page_code);
448 return -1;
449 }
ee3659e3
CH		 450 /* required VPD size with unmap support */
451 outbuf[3] = buflen = 0x3c;
452
453 memset(outbuf + 4, 0, buflen - 4);
454
455 /* optimal transfer length granularity */
456 outbuf[6] = (min_io_size >> 8) & 0xff;
457 outbuf[7] = min_io_size & 0xff;
458
459 /* optimal transfer length */
460 outbuf[12] = (opt_io_size >> 24) & 0xff;
461 outbuf[13] = (opt_io_size >> 16) & 0xff;
462 outbuf[14] = (opt_io_size >> 8) & 0xff;
463 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 464
465 /* optimal unmap granularity */
466 outbuf[28] = (unmap_sectors >> 24) & 0xff;
467 outbuf[29] = (unmap_sectors >> 16) & 0xff;
468 outbuf[30] = (unmap_sectors >> 8) & 0xff;
469 outbuf[31] = unmap_sectors & 0xff;
470 break;
471 }
472 case 0xb2: /* thin provisioning */
473 {
474 outbuf[3] = buflen = 8;
475 outbuf[4] = 0;
476 outbuf[5] = 0x40; /* write same with unmap supported */
477 outbuf[6] = 0;
478 outbuf[7] = 0;
ee3659e3
CH		 479 break;
480 }
0b06c059
GH		 481 default:
482 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
483 "buffer size %zd\n", page_code, req->cmd.xfer);
484 return -1;
485 }
486 /* done with EVPD */
487 return buflen;
488 }
489
490 /* Standard INQUIRY data */
491 if (req->cmd.buf[2] != 0) {
492 BADF("Error: Inquiry (STANDARD) page or code "
493 "is non-zero [%02X]\n", req->cmd.buf[2]);
494 return -1;
495 }
496
497 /* PAGE CODE == 0 */
498 if (req->cmd.xfer < 5) {
499 BADF("Error: Inquiry (STANDARD) buffer size %zd "
500 "is less than 5\n", req->cmd.xfer);
501 return -1;
502 }
503
0b06c059 504 buflen = req->cmd.xfer;
f01b5931 505 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 506 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 507 }
0b06c059
GH		 508 memset(outbuf, 0, buflen);
509
f37bd73b 510 outbuf[0] = s->qdev.type & 0x1f;
e39be482 511 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 512 if (s->qdev.type == TYPE_ROM) {
550fe6c6 513 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 514 } else {
550fe6c6 515 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 516 }
550fe6c6 517 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 518 memset(&outbuf[32], 0, 4);
552fee93 519 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 520 /*
521 * We claim conformance to SPC-3, which is required for guests
522 * to ask for modern features like READ CAPACITY(16) or the
523 * block characteristics VPD page by default. Not all of SPC-3
524 * is actually implemented, but we're good enough.
525 */
ee3659e3 526 outbuf[2] = 5;
0b06c059 527 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 528
529 if (buflen > 36) {
530 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
531 } else {
532 /* If the allocation length of CDB is too small,
533 the additional length is not adjusted */
534 outbuf[4] = 36 - 5;
535 }
536
0b06c059 537 /* Sync data transfer and TCQ. */
afd4030c 538 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 539 return buflen;
540}
541
430ee2f2
PB		 542static inline bool media_is_dvd(SCSIDiskState *s)
543{
544 uint64_t nb_sectors;
545 if (s->qdev.type != TYPE_ROM) {
546 return false;
547 }
44740c38 548 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 549 return false;
550 }
44740c38 551 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 552 return nb_sectors > CD_MAX_SECTORS;
553}
554
ceb792ef
PB		 555static inline bool media_is_cd(SCSIDiskState *s)
556{
557 uint64_t nb_sectors;
558 if (s->qdev.type != TYPE_ROM) {
559 return false;
560 }
44740c38 561 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 562 return false;
563 }
44740c38 564 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 565 return nb_sectors <= CD_MAX_SECTORS;
566}
567
b6c251ab
PB		 568static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
569 uint8_t *outbuf)
570{
ceb792ef
PB		 571 static const int rds_caps_size[5] = {
572 [0] = 2048 + 4,
573 [1] = 4 + 4,
574 [3] = 188 + 4,
575 [4] = 2048 + 4,
576 };
577
578 uint8_t media = r->req.cmd.buf[1];
579 uint8_t layer = r->req.cmd.buf[6];
580 uint8_t format = r->req.cmd.buf[7];
581 int size = -1;
582
583 if (s->qdev.type != TYPE_ROM) {
584 return -1;
585 }
586 if (media != 0) {
587 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
588 return -1;
589 }
590
591 if (format != 0xff) {
44740c38 592 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 593 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
594 return -1;
595 }
596 if (media_is_cd(s)) {
597 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
598 return -1;
599 }
600 if (format >= ARRAY_SIZE(rds_caps_size)) {
601 return -1;
602 }
603 size = rds_caps_size[format];
604 memset(outbuf, 0, size);
605 }
606
607 switch (format) {
608 case 0x00: {
609 /* Physical format information */
610 uint64_t nb_sectors;
611 if (layer != 0) {
612 goto fail;
613 }
44740c38 614 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 615
616 outbuf[4] = 1; /* DVD-ROM, part version 1 */
617 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
618 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
619 outbuf[7] = 0; /* default densities */
620
621 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
622 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
623 break;
624 }
625
626 case 0x01: /* DVD copyright information, all zeros */
627 break;
628
629 case 0x03: /* BCA information - invalid field for no BCA info */
630 return -1;
631
632 case 0x04: /* DVD disc manufacturing information, all zeros */
633 break;
634
635 case 0xff: { /* List capabilities */
636 int i;
637 size = 4;
638 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
639 if (!rds_caps_size[i]) {
640 continue;
641 }
642 outbuf[size] = i;
643 outbuf[size + 1] = 0x40; /* Not writable, readable */
644 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
645 size += 4;
646 }
647 break;
648 }
649
650 default:
651 return -1;
652 }
653
654 /* Size of buffer, not including 2 byte size field */
655 stw_be_p(outbuf, size - 2);
656 return size;
657
658fail:
b6c251ab
PB		 659 return -1;
660}
661
3c2f7c12 662static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 663{
3c2f7c12
PB		 664 uint8_t event_code, media_status;
665
666 media_status = 0;
667 if (s->tray_open) {
668 media_status = MS_TRAY_OPEN;
44740c38 669 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 670 media_status = MS_MEDIA_PRESENT;
671 }
672
673 /* Event notification descriptor */
674 event_code = MEC_NO_CHANGE;
4480de19
PB		 675 if (media_status != MS_TRAY_OPEN) {
676 if (s->media_event) {
677 event_code = MEC_NEW_MEDIA;
678 s->media_event = false;
679 } else if (s->eject_request) {
680 event_code = MEC_EJECT_REQUESTED;
681 s->eject_request = false;
682 }
3c2f7c12
PB		 683 }
684
685 outbuf[0] = event_code;
686 outbuf[1] = media_status;
687
688 /* These fields are reserved, just clear them. */
689 outbuf[2] = 0;
690 outbuf[3] = 0;
691 return 4;
692}
693
694static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
695 uint8_t *outbuf)
696{
697 int size;
698 uint8_t *buf = r->req.cmd.buf;
699 uint8_t notification_class_request = buf[4];
700 if (s->qdev.type != TYPE_ROM) {
701 return -1;
702 }
703 if ((buf[1] & 1) == 0) {
704 /* asynchronous */
705 return -1;
706 }
707
708 size = 4;
709 outbuf[0] = outbuf[1] = 0;
710 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
711 if (notification_class_request & (1 << GESN_MEDIA)) {
712 outbuf[2] = GESN_MEDIA;
713 size += scsi_event_status_media(s, &outbuf[size]);
714 } else {
715 outbuf[2] = 0x80;
716 }
717 stw_be_p(outbuf, size - 4);
718 return size;
b6c251ab
PB		 719}
720
430ee2f2 721static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 722{
430ee2f2
PB		 723 int current;
724
b6c251ab
PB		 725 if (s->qdev.type != TYPE_ROM) {
726 return -1;
727 }
430ee2f2
PB		 728 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
729 memset(outbuf, 0, 40);
730 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
731 stw_be_p(&outbuf[6], current);
732 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
733 outbuf[10] = 0x03; /* persistent, current */
734 outbuf[11] = 8; /* two profiles */
735 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
736 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
737 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
738 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
739 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
740 stw_be_p(&outbuf[20], 1);
741 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
742 outbuf[23] = 8;
743 stl_be_p(&outbuf[24], 1); /* SCSI */
744 outbuf[28] = 1; /* DBE = 1, mandatory */
745 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
746 stw_be_p(&outbuf[32], 3);
747 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
748 outbuf[35] = 4;
749 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
750 /* TODO: Random readable, CD read, DVD read, drive serial number,
751 power management */
752 return 40;
b6c251ab
PB		 753}
754
755static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
756{
757 if (s->qdev.type != TYPE_ROM) {
758 return -1;
759 }
760 memset(outbuf, 0, 8);
761 outbuf[5] = 1; /* CD-ROM */
762 return 8;
763}
764
cfc606da 765static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 766 int page_control)
ebddfcbe 767{
a8f4bbe2
PB		 768 static const int mode_sense_valid[0x3f] = {
769 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
770 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
771 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 772 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
773 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 774 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
775 };
776
44740c38 777 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 778 int cylinders, heads, secs;
cfc606da 779 uint8_t *p = *p_outbuf;
ebddfcbe 780
a8f4bbe2
PB		 781 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
782 return -1;
783 }
784
785 p[0] = page;
786
282ab04e
BK		 787 /*
788 * If Changeable Values are requested, a mask denoting those mode parameters
789 * that are changeable shall be returned. As we currently don't support
790 * parameter changes via MODE_SELECT all bits are returned set to zero.
791 * The buffer was already menset to zero by the caller of this function.
792 */
ebddfcbe 793 switch (page) {
67cc61e4 794 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 795 p[1] = 0x16;
282ab04e 796 if (page_control == 1) { /* Changeable Values */
cfc606da 797 break;
282ab04e 798 }
ebddfcbe 799 /* if a geometry hint is available, use it */
245d0049 800 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 801 p[2] = (cylinders >> 16) & 0xff;
802 p[3] = (cylinders >> 8) & 0xff;
803 p[4] = cylinders & 0xff;
804 p[5] = heads & 0xff;
805 /* Write precomp start cylinder, disabled */
806 p[6] = (cylinders >> 16) & 0xff;
807 p[7] = (cylinders >> 8) & 0xff;
808 p[8] = cylinders & 0xff;
809 /* Reduced current start cylinder, disabled */
810 p[9] = (cylinders >> 16) & 0xff;
811 p[10] = (cylinders >> 8) & 0xff;
812 p[11] = cylinders & 0xff;
813 /* Device step rate [ns], 200ns */
814 p[12] = 0;
815 p[13] = 200;
816 /* Landing zone cylinder */
817 p[14] = 0xff;
818 p[15] = 0xff;
819 p[16] = 0xff;
820 /* Medium rotation rate [rpm], 5400 rpm */
821 p[20] = (5400 >> 8) & 0xff;
822 p[21] = 5400 & 0xff;
cfc606da 823 break;
ebddfcbe 824
67cc61e4 825 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 826 p[1] = 0x1e;
282ab04e 827 if (page_control == 1) { /* Changeable Values */
cfc606da 828 break;
282ab04e 829 }
ebddfcbe
GH		 830 /* Transfer rate [kbit/s], 5Mbit/s */
831 p[2] = 5000 >> 8;
832 p[3] = 5000 & 0xff;
833 /* if a geometry hint is available, use it */
245d0049 834 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 835 p[4] = heads & 0xff;
836 p[5] = secs & 0xff;
69377307 837 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 838 p[8] = (cylinders >> 8) & 0xff;
839 p[9] = cylinders & 0xff;
840 /* Write precomp start cylinder, disabled */
841 p[10] = (cylinders >> 8) & 0xff;
842 p[11] = cylinders & 0xff;
843 /* Reduced current start cylinder, disabled */
844 p[12] = (cylinders >> 8) & 0xff;
845 p[13] = cylinders & 0xff;
846 /* Device step rate [100us], 100us */
847 p[14] = 0;
848 p[15] = 1;
849 /* Device step pulse width [us], 1us */
850 p[16] = 1;
851 /* Device head settle delay [100us], 100us */
852 p[17] = 0;
853 p[18] = 1;
854 /* Motor on delay [0.1s], 0.1s */
855 p[19] = 1;
856 /* Motor off delay [0.1s], 0.1s */
857 p[20] = 1;
858 /* Medium rotation rate [rpm], 5400 rpm */
859 p[28] = (5400 >> 8) & 0xff;
860 p[29] = 5400 & 0xff;
cfc606da 861 break;
ebddfcbe 862
67cc61e4 863 case MODE_PAGE_CACHING:
ebddfcbe
GH		 864 p[0] = 8;
865 p[1] = 0x12;
282ab04e 866 if (page_control == 1) { /* Changeable Values */
cfc606da 867 break;
282ab04e 868 }
44740c38 869 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 870 p[2] = 4; /* WCE */
871 }
cfc606da 872 break;
ebddfcbe 873
a07c7dcd
PB		 874 case MODE_PAGE_R_W_ERROR:
875 p[1] = 10;
876 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
877 if (s->qdev.type == TYPE_ROM) {
878 p[3] = 0x20; /* Read Retry Count */
879 }
880 break;
881
882 case MODE_PAGE_AUDIO_CTL:
883 p[1] = 14;
884 break;
885
67cc61e4 886 case MODE_PAGE_CAPABILITIES:
ebddfcbe 887 p[1] = 0x14;
282ab04e 888 if (page_control == 1) { /* Changeable Values */
cfc606da 889 break;
282ab04e 890 }
a07c7dcd
PB		 891
892 p[2] = 0x3b; /* CD-R & CD-RW read */
893 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 894 p[4] = 0x7f; /* Audio, composite, digital out,
895 mode 2 form 1&2, multi session */
896 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
897 RW corrected, C2 errors, ISRC,
898 UPC, Bar code */
81b1008d 899 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 900 /* Locking supported, jumper present, eject, tray */
901 p[7] = 0; /* no volume & mute control, no
902 changer */
a07c7dcd 903 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 904 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 905 p[10] = 2 >> 8; /* Two volume levels */
906 p[11] = 2 & 0xff;
907 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 908 p[13] = 2048 & 0xff;
a07c7dcd 909 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 910 p[15] = (16 * 176) & 0xff;
a07c7dcd 911 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 912 p[19] = (16 * 176) & 0xff;
a07c7dcd 913 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 914 p[21] = (16 * 176) & 0xff;
cfc606da 915 break;
ebddfcbe
GH		 916
917 default:
cfc606da 918 return -1;
ebddfcbe 919 }
cfc606da
PB		 920
921 *p_outbuf += p[1] + 2;
922 return p[1] + 2;
ebddfcbe
GH		 923}
924
cfc606da 925static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 926{
cfc606da 927 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 928 uint64_t nb_sectors;
cfc606da 929 int page, dbd, buflen, ret, page_control;
ebddfcbe 930 uint8_t *p;
ce512ee1 931 uint8_t dev_specific_param;
ebddfcbe 932
cfc606da
PB		 933 dbd = r->req.cmd.buf[1] & 0x8;
934 page = r->req.cmd.buf[2] & 0x3f;
935 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 936 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 937 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
938 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 939 p = outbuf;
940
44740c38 941 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 942 dev_specific_param = 0x80; /* Readonly. */
943 } else {
944 dev_specific_param = 0x00;
945 }
946
cfc606da 947 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 948 p[1] = 0; /* Default media type. */
949 p[2] = dev_specific_param;
950 p[3] = 0; /* Block descriptor length. */
951 p += 4;
952 } else { /* MODE_SENSE_10 */
953 p[2] = 0; /* Default media type. */
954 p[3] = dev_specific_param;
955 p[6] = p[7] = 0; /* Block descriptor length. */
956 p += 8;
ebddfcbe 957 }
ebddfcbe 958
0fd76ff4 959 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 960 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 961 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 962 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 963 outbuf[3] = 8; /* Block descriptor length */
964 } else { /* MODE_SENSE_10 */
965 outbuf[7] = 8; /* Block descriptor length */
966 }
69377307 967 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 968 if (nb_sectors > 0xffffff) {
2488b740 969 nb_sectors = 0;
f01b5931 970 }
ebddfcbe
GH		 971 p[0] = 0; /* media density code */
972 p[1] = (nb_sectors >> 16) & 0xff;
973 p[2] = (nb_sectors >> 8) & 0xff;
974 p[3] = nb_sectors & 0xff;
975 p[4] = 0; /* reserved */
976 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 977 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 978 p[7] = 0;
979 p += 8;
980 }
981
cfc606da
PB		 982 if (page_control == 3) {
983 /* Saved Values */
984 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
985 return -1;
282ab04e
BK		 986 }
987
cfc606da
PB		 988 if (page == 0x3f) {
989 for (page = 0; page <= 0x3e; page++) {
990 mode_sense_page(s, page, &p, page_control);
991 }
992 } else {
993 ret = mode_sense_page(s, page, &p, page_control);
994 if (ret == -1) {
995 return -1;
996 }
ebddfcbe
GH		 997 }
998
999 buflen = p - outbuf;
ce512ee1
BK		 1000 /*
1001 * The mode data length field specifies the length in bytes of the
1002 * following data that is available to be transferred. The mode data
1003 * length does not include itself.
1004 */
cfc606da 1005 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1006 outbuf[0] = buflen - 1;
1007 } else { /* MODE_SENSE_10 */
1008 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1009 outbuf[1] = (buflen - 2) & 0xff;
1010 }
f01b5931 1011 if (buflen > r->req.cmd.xfer) {
cfc606da 1012 buflen = r->req.cmd.xfer;
f01b5931 1013 }
ebddfcbe
GH		 1014 return buflen;
1015}
1016
02880f43
GH		 1017static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1018{
1019 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1020 int start_track, format, msf, toclen;
1021 uint64_t nb_sectors;
1022
1023 msf = req->cmd.buf[1] & 2;
1024 format = req->cmd.buf[2] & 0xf;
1025 start_track = req->cmd.buf[6];
44740c38 1026 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1027 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1028 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1029 switch (format) {
1030 case 0:
1031 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1032 break;
1033 case 1:
1034 /* multi session : only a single session defined */
1035 toclen = 12;
1036 memset(outbuf, 0, 12);
1037 outbuf[1] = 0x0a;
1038 outbuf[2] = 0x01;
1039 outbuf[3] = 0x01;
1040 break;
1041 case 2:
1042 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1043 break;
1044 default:
1045 return -1;
1046 }
f01b5931 1047 if (toclen > req->cmd.xfer) {
02880f43 1048 toclen = req->cmd.xfer;
f01b5931 1049 }
02880f43
GH		 1050 return toclen;
1051}
1052
68bb01f3 1053static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1054{
1055 SCSIRequest *req = &r->req;
1056 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1057 bool start = req->cmd.buf[4] & 1;
1058 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1059
1060 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1061 if (!start && !s->tray_open && s->tray_locked) {
1062 scsi_check_condition(r,
44740c38 1063 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1064 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1065 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1066 return -1;
fdec4404 1067 }
44740c38 1068 bdrv_eject(s->qdev.conf.bs, !start);
ece0d5e9 1069 s->tray_open = !start;
bfd52647 1070 }
68bb01f3 1071 return 0;
bfd52647
MA		 1072}
1073
7285477a 1074static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1075{
8af7a3ab 1076 SCSIRequest *req = &r->req;
e7e25e32 1077 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1078 uint64_t nb_sectors;
7285477a 1079 uint8_t *outbuf;
aa5dbdc1
GH		 1080 int buflen = 0;
1081
7285477a
PB		 1082 if (!r->iov.iov_base) {
1083 /*
1084 * FIXME: we shouldn't return anything bigger than 4k, but the code
1085 * requires the buffer to be as big as req->cmd.xfer in several
1086 * places. So, do not allow CDBs with a very large ALLOCATION
1087 * LENGTH. The real fix would be to modify scsi_read_data and
1088 * dma_buf_read, so that they return data beyond the buflen
1089 * as all zeros.
1090 */
1091 if (req->cmd.xfer > 65536) {
1092 goto illegal_request;
1093 }
1094 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1095 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1096 }
1097
1098 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1099 switch (req->cmd.buf[0]) {
1100 case TEST_UNIT_READY:
44740c38 1101 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
aa5dbdc1 1102 goto not_ready;
f01b5931 1103 }
5f71d32f 1104 break;
0b06c059
GH		 1105 case INQUIRY:
1106 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1107 if (buflen < 0) {
0b06c059 1108 goto illegal_request;
f01b5931 1109 }
5f71d32f 1110 break;
ebddfcbe
GH		 1111 case MODE_SENSE:
1112 case MODE_SENSE_10:
cfc606da 1113 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1114 if (buflen < 0) {
ebddfcbe 1115 goto illegal_request;
f01b5931 1116 }
ebddfcbe 1117 break;
02880f43
GH		 1118 case READ_TOC:
1119 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1120 if (buflen < 0) {
02880f43 1121 goto illegal_request;
f01b5931 1122 }
02880f43 1123 break;
3d53ba18 1124 case RESERVE:
f01b5931 1125 if (req->cmd.buf[1] & 1) {
3d53ba18 1126 goto illegal_request;
f01b5931 1127 }
3d53ba18
GH		 1128 break;
1129 case RESERVE_10:
f01b5931 1130 if (req->cmd.buf[1] & 3) {
3d53ba18 1131 goto illegal_request;
f01b5931 1132 }
3d53ba18
GH		 1133 break;
1134 case RELEASE:
f01b5931 1135 if (req->cmd.buf[1] & 1) {
3d53ba18 1136 goto illegal_request;
f01b5931 1137 }
3d53ba18
GH		 1138 break;
1139 case RELEASE_10:
f01b5931 1140 if (req->cmd.buf[1] & 3) {
3d53ba18 1141 goto illegal_request;
f01b5931 1142 }
3d53ba18 1143 break;
8d3628ff 1144 case START_STOP:
68bb01f3
MA		 1145 if (scsi_disk_emulate_start_stop(r) < 0) {
1146 return -1;
1147 }
5f71d32f 1148 break;
c68b9f34 1149 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1150 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1151 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1152 break;
5e30a07d 1153 case READ_CAPACITY_10:
e7e25e32 1154 /* The normal LEN field for this command is zero. */
5f71d32f 1155 memset(outbuf, 0, 8);
44740c38 1156 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1157 if (!nb_sectors) {
e7e25e32 1158 goto not_ready;
f01b5931 1159 }
7cec78b6
PB		 1160 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1161 goto illegal_request;
1162 }
69377307 1163 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1164 /* Returned value is the address of the last sector. */
1165 nb_sectors--;
1166 /* Remember the new size for read/write sanity checking. */
7877903a 1167 s->qdev.max_lba = nb_sectors;
e7e25e32 1168 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1169 if (nb_sectors > UINT32_MAX) {
e7e25e32 1170 nb_sectors = UINT32_MAX;
f01b5931 1171 }
e7e25e32
GH		 1172 outbuf[0] = (nb_sectors >> 24) & 0xff;
1173 outbuf[1] = (nb_sectors >> 16) & 0xff;
1174 outbuf[2] = (nb_sectors >> 8) & 0xff;
1175 outbuf[3] = nb_sectors & 0xff;
1176 outbuf[4] = 0;
1177 outbuf[5] = 0;
69377307 1178 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1179 outbuf[7] = 0;
1180 buflen = 8;
5f71d32f 1181 break;
f3b338ef
PB		 1182 case REQUEST_SENSE:
1183 /* Just return "NO SENSE". */
1184 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1185 (req->cmd.buf[1] & 1) == 0);
1186 break;
b6c251ab
PB		 1187 case MECHANISM_STATUS:
1188 buflen = scsi_emulate_mechanism_status(s, outbuf);
1189 if (buflen < 0) {
1190 goto illegal_request;
1191 }
1192 break;
38215553 1193 case GET_CONFIGURATION:
430ee2f2 1194 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1195 if (buflen < 0) {
1196 goto illegal_request;
1197 }
1198 break;
1199 case GET_EVENT_STATUS_NOTIFICATION:
1200 buflen = scsi_get_event_status_notification(s, r, outbuf);
1201 if (buflen < 0) {
1202 goto illegal_request;
1203 }
1204 break;
1205 case READ_DVD_STRUCTURE:
1206 buflen = scsi_read_dvd_structure(s, r, outbuf);
1207 if (buflen < 0) {
1208 goto illegal_request;
1209 }
38215553 1210 break;
f6515262 1211 case SERVICE_ACTION_IN_16:
5dd90e2a 1212 /* Service Action In subcommands. */
f6515262 1213 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1214 DPRINTF("SAI READ CAPACITY(16)\n");
1215 memset(outbuf, 0, req->cmd.xfer);
44740c38 1216 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1217 if (!nb_sectors) {
5dd90e2a 1218 goto not_ready;
f01b5931 1219 }
7cec78b6
PB		 1220 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1221 goto illegal_request;
1222 }
69377307 1223 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1224 /* Returned value is the address of the last sector. */
1225 nb_sectors--;
1226 /* Remember the new size for read/write sanity checking. */
7877903a 1227 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1228 outbuf[0] = (nb_sectors >> 56) & 0xff;
1229 outbuf[1] = (nb_sectors >> 48) & 0xff;
1230 outbuf[2] = (nb_sectors >> 40) & 0xff;
1231 outbuf[3] = (nb_sectors >> 32) & 0xff;
1232 outbuf[4] = (nb_sectors >> 24) & 0xff;
1233 outbuf[5] = (nb_sectors >> 16) & 0xff;
1234 outbuf[6] = (nb_sectors >> 8) & 0xff;
1235 outbuf[7] = nb_sectors & 0xff;
1236 outbuf[8] = 0;
1237 outbuf[9] = 0;
69377307 1238 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1239 outbuf[11] = 0;
ee3659e3
CH		 1240 outbuf[12] = 0;
1241 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1242
1243 /* set TPE bit if the format supports discard */
1244 if (s->qdev.conf.discard_granularity) {
1245 outbuf[14] = 0x80;
1246 }
1247
5dd90e2a
GH		 1248 /* Protection, exponent and lowest lba field left blank. */
1249 buflen = req->cmd.xfer;
1250 break;
1251 }
1252 DPRINTF("Unsupported Service Action In\n");
1253 goto illegal_request;
5e30a07d 1254 case VERIFY_10:
88f8a5ed 1255 break;
aa5dbdc1 1256 default:
b45ef674 1257 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1258 return -1;
aa5dbdc1 1259 }
aa5dbdc1
GH		 1260 return buflen;
1261
1262not_ready:
44740c38 1263 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
b45ef674 1264 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
a1f0cce2 1265 } else {
b45ef674 1266 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
a1f0cce2 1267 }
8af7a3ab 1268 return -1;
aa5dbdc1
GH		 1269
1270illegal_request:
cfc606da
PB		 1271 if (r->req.status == -1) {
1272 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1273 }
8af7a3ab 1274 return -1;
aa5dbdc1
GH		 1275}
1276
2e5d83bb
PB		 1277/* Execute a scsi command. Returns the length of the data expected by the
1278 command. This will be Positive for data transfers from the device
1279 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1280 and zero if the command does not transfer any data. */
1281
5c6c0e51 1282static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1283{
5c6c0e51
HR		 1284 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1286 int32_t len;
a917d384 1287 uint8_t command;
aa5dbdc1 1288 int rc;
a917d384
PB		 1289
1290 command = buf[0];
653c1c3f 1291 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1292
2e5d83bb
PB		 1293#ifdef DEBUG_SCSI
1294 {
1295 int i;
2dd791b6 1296 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1297 printf(" 0x%02x", buf[i]);
1298 }
1299 printf("\n");
1300 }
1301#endif
aa5dbdc1 1302
a917d384 1303 switch (command) {
ebf46023 1304 case TEST_UNIT_READY:
0b06c059 1305 case INQUIRY:
ebddfcbe
GH		 1306 case MODE_SENSE:
1307 case MODE_SENSE_10:
3d53ba18
GH		 1308 case RESERVE:
1309 case RESERVE_10:
1310 case RELEASE:
1311 case RELEASE_10:
8d3628ff 1312 case START_STOP:
c68b9f34 1313 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1314 case READ_CAPACITY_10:
02880f43 1315 case READ_TOC:
b6c251ab 1316 case READ_DVD_STRUCTURE:
38215553 1317 case GET_CONFIGURATION:
b6c251ab
PB		 1318 case GET_EVENT_STATUS_NOTIFICATION:
1319 case MECHANISM_STATUS:
f6515262 1320 case SERVICE_ACTION_IN_16:
f3b338ef 1321 case REQUEST_SENSE:
5e30a07d 1322 case VERIFY_10:
7285477a 1323 rc = scsi_disk_emulate_command(r);
8af7a3ab 1324 if (rc < 0) {
0b06c059 1325 return 0;
aa5dbdc1 1326 }
8af7a3ab
KW		 1327
1328 r->iov.iov_len = rc;
0b06c059 1329 break;
0a4ac106 1330 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1331 /* The request is used as the AIO opaque value, so add a ref. */
1332 scsi_req_ref(&r->req);
44740c38
PB		 1333 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1334 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106
PB		 1335 if (r->req.aiocb == NULL) {
1336 scsi_flush_complete(r, -EIO);
1337 }
1338 return 0;
ebf46023
GH		 1339 case READ_6:
1340 case READ_10:
bd536cf3
GH		 1341 case READ_12:
1342 case READ_16:
5c6c0e51 1343 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1344 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1345 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1346 goto illegal_lba;
f01b5931 1347 }
69377307
PB		 1348 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1349 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1350 break;
ebf46023
GH		 1351 case WRITE_6:
1352 case WRITE_10:
bd536cf3
GH		 1353 case WRITE_12:
1354 case WRITE_16:
5e30a07d 1355 case WRITE_VERIFY_10:
ebef0bbb
BK		 1356 case WRITE_VERIFY_12:
1357 case WRITE_VERIFY_16:
5c6c0e51 1358 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1359 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1360 (command & 0xe) == 0xe ? "And Verify " : "",
1361 r->req.cmd.lba, len);
7877903a 1362 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1363 goto illegal_lba;
f01b5931 1364 }
69377307
PB		 1365 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1366 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1367 break;
ebef0bbb 1368 case MODE_SELECT:
2dd791b6 1369 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1370 /* We don't support mode parameter changes.
1371 Allow the mode parameter header + block descriptors only. */
2dd791b6 1372 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1373 goto fail;
1374 }
1375 break;
1376 case MODE_SELECT_10:
2dd791b6 1377 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1378 /* We don't support mode parameter changes.
1379 Allow the mode parameter header + block descriptors only. */
2dd791b6 1380 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1381 goto fail;
1382 }
1383 break;
ebef0bbb 1384 case SEEK_10:
00a01ad4 1385 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1386 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1387 goto illegal_lba;
1388 }
ea3bd56f
CH		 1389 break;
1390 case WRITE_SAME_16:
5c6c0e51 1391 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1392
1393 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1394 r->req.cmd.lba, len);
1395
7877903a 1396 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1397 goto illegal_lba;
1398 }
1399
1400 /*
1401 * We only support WRITE SAME with the unmap bit set for now.
1402 */
1403 if (!(buf[1] & 0x8)) {
1404 goto fail;
1405 }
1406
69377307
PB		 1407 rc = bdrv_discard(s->qdev.conf.bs,
1408 r->req.cmd.lba * (s->qdev.blocksize / 512),
1409 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1410 if (rc < 0) {
1411 /* XXX: better error code ?*/
1412 goto fail;
1413 }
1414
ebef0bbb 1415 break;
2e5d83bb 1416 default:
2dd791b6 1417 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1418 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1419 return 0;
2e5d83bb 1420 fail:
b45ef674 1421 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1422 return 0;
274fb0e1 1423 illegal_lba:
b45ef674 1424 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1425 return 0;
2e5d83bb 1426 }
c87c0672 1427 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1428 scsi_req_complete(&r->req, GOOD);
a917d384 1429 }
c87c0672 1430 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1431 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1432 return -len;
a917d384 1433 } else {
f01b5931 1434 if (!r->sector_count) {
a917d384 1435 r->sector_count = -1;
f01b5931 1436 }
efb9ee02 1437 return len;
2e5d83bb 1438 }
2e5d83bb
PB		 1439}
1440
e9447f35
JK		 1441static void scsi_disk_reset(DeviceState *dev)
1442{
1443 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1444 uint64_t nb_sectors;
1445
c7b48872 1446 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1447
44740c38 1448 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1449 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1450 if (nb_sectors) {
1451 nb_sectors--;
1452 }
7877903a 1453 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1454}
1455
1456static void scsi_destroy(SCSIDevice *dev)
1457{
1458 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1459
c7b48872 1460 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1461 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1462}
1463
7d4b4ba5 1464static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1465{
8a9c16f6
PB		 1466 SCSIDiskState *s = opaque;
1467
1468 /*
1469 * When a CD gets changed, we have to report an ejected state and
1470 * then a loaded state to guests so that they detect tray
1471 * open/close and media change events. Guests that do not use
1472 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1473 * states rely on this behavior.
1474 *
1475 * media_changed governs the state machine used for unit attention
1476 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1477 */
1478 s->media_changed = load;
1479 s->tray_open = !load;
1480 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1481 s->media_event = true;
4480de19
PB		 1482 s->eject_request = false;
1483}
1484
1485static void scsi_cd_eject_request_cb(void *opaque, bool force)
1486{
1487 SCSIDiskState *s = opaque;
1488
1489 s->eject_request = true;
1490 if (force) {
1491 s->tray_locked = false;
1492 }
2c6942fa
MA		 1493}
1494
e4def80b
MA		 1495static bool scsi_cd_is_tray_open(void *opaque)
1496{
1497 return ((SCSIDiskState *)opaque)->tray_open;
1498}
1499
f107639a
MA		 1500static bool scsi_cd_is_medium_locked(void *opaque)
1501{
1502 return ((SCSIDiskState *)opaque)->tray_locked;
1503}
1504
1505static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1506 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1507 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1508 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1509 .is_medium_locked = scsi_cd_is_medium_locked,
1510};
1511
8a9c16f6
PB		 1512static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1513{
1514 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1515 if (s->media_changed) {
1516 s->media_changed = false;
1517 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1518 }
1519}
1520
e39be482 1521static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1522{
d52affa7 1523 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1524 DriveInfo *dinfo;
2e5d83bb 1525
f8b6cc00 1526 if (!s->qdev.conf.bs) {
1ecda02b 1527 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1528 return -1;
1529 }
1530
e39be482 1531 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1532 error_report("Device needs media, but drive is empty");
1533 return -1;
1534 }
1535
a0fef654 1536 if (!s->serial) {
f8b6cc00 1537 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1538 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1539 if (*dinfo->serial) {
7267c094 1540 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1541 }
a0fef654
MA		 1542 }
1543
552fee93 1544 if (!s->version) {
7267c094 1545 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1546 }
1547
44740c38 1548 if (bdrv_is_sg(s->qdev.conf.bs)) {
1ecda02b 1549 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1550 return -1;
1551 }
1552
e39be482 1553 if (s->removable) {
44740c38 1554 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1555 }
44740c38 1556 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1557
44740c38 1558 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1559 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1560 return 0;
1561}
1562
b443ae67
MA		 1563static int scsi_hd_initfn(SCSIDevice *dev)
1564{
e39be482
PB		 1565 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1566 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1567 s->qdev.type = TYPE_DISK;
1568 return scsi_initfn(&s->qdev);
b443ae67
MA		 1569}
1570
1571static int scsi_cd_initfn(SCSIDevice *dev)
1572{
e39be482
PB		 1573 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1574 s->qdev.blocksize = 2048;
1575 s->qdev.type = TYPE_ROM;
1576 s->removable = true;
1577 return scsi_initfn(&s->qdev);
b443ae67
MA		 1578}
1579
1580static int scsi_disk_initfn(SCSIDevice *dev)
1581{
95b5edcd 1582 DriveInfo *dinfo;
b443ae67
MA		 1583
1584 if (!dev->conf.bs) {
e39be482 1585 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1586 }
1587
e39be482
PB		 1588 dinfo = drive_get_by_blockdev(dev->conf.bs);
1589 if (dinfo->media_cd) {
1590 return scsi_cd_initfn(dev);
1591 } else {
1592 return scsi_hd_initfn(dev);
1593 }
b443ae67
MA		 1594}
1595
adcf2754 1596static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1597 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1598 .free_req = scsi_free_request,
1599 .send_command = scsi_send_command,
1600 .read_data = scsi_read_data,
1601 .write_data = scsi_write_data,
1602 .cancel_io = scsi_cancel_io,
1603 .get_buf = scsi_get_buf,
8dbd4574
PB		 1604};
1605
63db0f0e
PB		 1606static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1607 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1608{
1609 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1610 SCSIRequest *req;
8dbd4574
PB		 1611
1612 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1613 return req;
1614}
1615
336a6915
PB		 1616#ifdef __linux__
1617static int get_device_type(SCSIDiskState *s)
1618{
1619 BlockDriverState *bdrv = s->qdev.conf.bs;
1620 uint8_t cmd[16];
1621 uint8_t buf[36];
1622 uint8_t sensebuf[8];
1623 sg_io_hdr_t io_header;
1624 int ret;
1625
1626 memset(cmd, 0, sizeof(cmd));
1627 memset(buf, 0, sizeof(buf));
1628 cmd[0] = INQUIRY;
1629 cmd[4] = sizeof(buf);
1630
1631 memset(&io_header, 0, sizeof(io_header));
1632 io_header.interface_id = 'S';
1633 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1634 io_header.dxfer_len = sizeof(buf);
1635 io_header.dxferp = buf;
1636 io_header.cmdp = cmd;
1637 io_header.cmd_len = sizeof(cmd);
1638 io_header.mx_sb_len = sizeof(sensebuf);
1639 io_header.sbp = sensebuf;
1640 io_header.timeout = 6000; /* XXX */
1641
1642 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1643 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1644 return -1;
1645 }
1646 s->qdev.type = buf[0];
1647 s->removable = (buf[1] & 0x80) != 0;
1648 return 0;
1649}
1650
1651static int scsi_block_initfn(SCSIDevice *dev)
1652{
1653 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1654 int sg_version;
1655 int rc;
1656
1657 if (!s->qdev.conf.bs) {
1658 error_report("scsi-block: drive property not set");
1659 return -1;
1660 }
1661
1662 /* check we are using a driver managing SG_IO (version 3 and after) */
1663 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1664 sg_version < 30000) {
1665 error_report("scsi-block: scsi generic interface too old");
1666 return -1;
1667 }
1668
1669 /* get device type from INQUIRY data */
1670 rc = get_device_type(s);
1671 if (rc < 0) {
1672 error_report("scsi-block: INQUIRY failed");
1673 return -1;
1674 }
1675
1676 /* Make a guess for the block size, we'll fix it when the guest sends.
1677 * READ CAPACITY. If they don't, they likely would assume these sizes
1678 * anyway. (TODO: check in /sys).
1679 */
1680 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1681 s->qdev.blocksize = 2048;
1682 } else {
1683 s->qdev.blocksize = 512;
1684 }
1685 return scsi_initfn(&s->qdev);
1686}
1687
1688static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1689 uint32_t lun, uint8_t *buf,
1690 void *hba_private)
1691{
1692 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1693
1694 switch (buf[0]) {
1695 case READ_6:
1696 case READ_10:
1697 case READ_12:
1698 case READ_16:
1699 case WRITE_6:
1700 case WRITE_10:
1701 case WRITE_12:
1702 case WRITE_16:
1703 case WRITE_VERIFY_10:
1704 case WRITE_VERIFY_12:
1705 case WRITE_VERIFY_16:
33ebad12
PB		 1706 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1707 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1708 * And once you do these writes, reading from the block device is
1709 * unreliable, too. It is even possible that reads deliver random data
1710 * from the host page cache (this is probably a Linux bug).
1711 *
1712 * We might use scsi_disk_reqops as long as no writing commands are
1713 * seen, but performance usually isn't paramount on optical media. So,
1714 * just make scsi-block operate the same as scsi-generic for them.
1715 */
1716 if (s->qdev.type != TYPE_ROM) {
1717 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1718 hba_private);
1719 }
336a6915
PB		 1720 }
1721
1722 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1723 hba_private);
1724}
1725#endif
1726
b443ae67
MA		 1727#define DEFINE_SCSI_DISK_PROPERTIES() \
1728 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1729 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1730 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1731
1732static SCSIDeviceInfo scsi_disk_info[] = {
1733 {
1734 .qdev.name = "scsi-hd",
1735 .qdev.fw_name = "disk",
1736 .qdev.desc = "virtual SCSI disk",
1737 .qdev.size = sizeof(SCSIDiskState),
1738 .qdev.reset = scsi_disk_reset,
1739 .init = scsi_hd_initfn,
1740 .destroy = scsi_destroy,
5c6c0e51 1741 .alloc_req = scsi_new_request,
8a9c16f6 1742 .unit_attention_reported = scsi_disk_unit_attention_reported,
b443ae67
MA		 1743 .qdev.props = (Property[]) {
1744 DEFINE_SCSI_DISK_PROPERTIES(),
1745 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1746 DEFINE_PROP_END_OF_LIST(),
1747 }
1748 },{
1749 .qdev.name = "scsi-cd",
1750 .qdev.fw_name = "disk",
1751 .qdev.desc = "virtual SCSI CD-ROM",
1752 .qdev.size = sizeof(SCSIDiskState),
1753 .qdev.reset = scsi_disk_reset,
1754 .init = scsi_cd_initfn,
1755 .destroy = scsi_destroy,
5c6c0e51 1756 .alloc_req = scsi_new_request,
8a9c16f6 1757 .unit_attention_reported = scsi_disk_unit_attention_reported,
b443ae67
MA		 1758 .qdev.props = (Property[]) {
1759 DEFINE_SCSI_DISK_PROPERTIES(),
1760 DEFINE_PROP_END_OF_LIST(),
1761 },
336a6915
PB		 1762#ifdef __linux__
1763 },{
1764 .qdev.name = "scsi-block",
1765 .qdev.fw_name = "disk",
1766 .qdev.desc = "SCSI block device passthrough",
1767 .qdev.size = sizeof(SCSIDiskState),
1768 .qdev.reset = scsi_disk_reset,
1769 .init = scsi_block_initfn,
1770 .destroy = scsi_destroy,
1771 .alloc_req = scsi_block_new_request,
1772 .qdev.props = (Property[]) {
1773 DEFINE_SCSI_DISK_PROPERTIES(),
1774 DEFINE_PROP_END_OF_LIST(),
1775 },
1776#endif
b443ae67
MA		 1777 },{
1778 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1779 .qdev.fw_name = "disk",
1780 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1781 .qdev.size = sizeof(SCSIDiskState),
1782 .qdev.reset = scsi_disk_reset,
1783 .init = scsi_disk_initfn,
1784 .destroy = scsi_destroy,
5c6c0e51 1785 .alloc_req = scsi_new_request,
8a9c16f6 1786 .unit_attention_reported = scsi_disk_unit_attention_reported,
b443ae67
MA		 1787 .qdev.props = (Property[]) {
1788 DEFINE_SCSI_DISK_PROPERTIES(),
1789 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1790 DEFINE_PROP_END_OF_LIST(),
1791 }
1792 }
d52affa7
GH		 1793};
1794
1795static void scsi_disk_register_devices(void)
1796{
b443ae67
MA		 1797 int i;
1798
1799 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1800 scsi_qdev_register(&scsi_disk_info[i]);
1801 }
8ccc2ace 1802}
d52affa7 1803device_init(scsi_disk_register_devices)
Qemu copy for testing