]> git.proxmox.com Git - mirror_qemu.git/blame - hw/scsi-disk.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add monitor_get_fd() command for fetching named fds
[mirror_qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
a917d384
PB		 10 *
11 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
2e5d83bb
PB		 14 */
15
fa879c64
AL		 16#include <qemu-common.h>
17#include <sysemu.h>
2e5d83bb
PB		 18//#define DEBUG_SCSI
19
20#ifdef DEBUG_SCSI
001faf32
BS		 21#define DPRINTF(fmt, ...) \
22do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 23#else
001faf32 24#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 25#endif
26
001faf32
BS		 27#define BADF(fmt, ...) \
28do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 29
87ecb68b
PB		 30#include "qemu-common.h"
31#include "block.h"
32#include "scsi-disk.h"
2e5d83bb
PB		 33
34#define SENSE_NO_SENSE 0
1aacf348 35#define SENSE_NOT_READY 2
4d611c9a 36#define SENSE_HARDWARE_ERROR 4
2e5d83bb
PB		 37#define SENSE_ILLEGAL_REQUEST 5
38
22864256
BS		 39#define STATUS_GOOD 0
40#define STATUS_CHECK_CONDITION 2
41
f0f72ffe 42#define SCSI_DMA_BUF_SIZE 131072
57575058 43#define SCSI_MAX_INQUIRY_LEN 256
a917d384 44
ea8a5d7f
AL		 45#define SCSI_REQ_STATUS_RETRY 0x01
46
a917d384 47typedef struct SCSIRequest {
8ccc2ace 48 SCSIDeviceState *dev;
2e5d83bb 49 uint32_t tag;
e035b43d 50 /* ??? We should probably keep track of whether the data transfer is
2e5d83bb 51 a read or a write. Currently we rely on the host getting it right. */
a917d384 52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 53 uint64_t sector;
54 uint32_t sector_count;
c87c0672
AL		 55 struct iovec iov;
56 QEMUIOVector qiov;
4d611c9a 57 BlockDriverAIOCB *aiocb;
a917d384 58 struct SCSIRequest *next;
ea8a5d7f 59 uint32_t status;
a917d384
PB		 60} SCSIRequest;
61
8ccc2ace 62struct SCSIDeviceState
a917d384
PB		 63{
64 BlockDriverState *bdrv;
65 SCSIRequest *requests;
66 /* The qemu block layer uses a fixed 512 byte sector size.
67 This is the number of 512 byte blocks in a single scsi sector. */
68 int cluster_size;
274fb0e1 69 uint64_t max_lba;
a917d384
PB		 70 int sense;
71 int tcq;
4d611c9a
PB		 72 /* Completion functions may be called from either scsi_{read,write}_data
73 or from the AIO completion routines. */
2e5d83bb
PB		 74 scsi_completionfn completion;
75 void *opaque;
fa879c64 76 char drive_serial_str[21];
2e5d83bb
PB		 77};
78
a917d384
PB		 79/* Global pool of SCSIRequest structures. */
80static SCSIRequest *free_requests = NULL;
81
8ccc2ace 82static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
2e5d83bb 83{
a917d384
PB		 84 SCSIRequest *r;
85
86 if (free_requests) {
87 r = free_requests;
88 free_requests = r->next;
89 } else {
90 r = qemu_malloc(sizeof(SCSIRequest));
c87c0672 91 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
a917d384
PB		 92 }
93 r->dev = s;
94 r->tag = tag;
95 r->sector_count = 0;
c87c0672 96 r->iov.iov_len = 0;
a917d384 97 r->aiocb = NULL;
ea8a5d7f 98 r->status = 0;
a917d384
PB		 99
100 r->next = s->requests;
101 s->requests = r;
102 return r;
2e5d83bb
PB		 103}
104
a917d384 105static void scsi_remove_request(SCSIRequest *r)
4d611c9a 106{
a917d384 107 SCSIRequest *last;
8ccc2ace 108 SCSIDeviceState *s = r->dev;
a917d384
PB		 109
110 if (s->requests == r) {
111 s->requests = r->next;
112 } else {
113 last = s->requests;
114 while (last && last->next != r)
115 last = last->next;
116 if (last) {
117 last->next = r->next;
118 } else {
119 BADF("Orphaned request\n");
120 }
121 }
122 r->next = free_requests;
123 free_requests = r;
4d611c9a
PB		 124}
125
8ccc2ace 126static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
4d611c9a 127{
a917d384 128 SCSIRequest *r;
4d611c9a 129
a917d384
PB		 130 r = s->requests;
131 while (r && r->tag != tag)
132 r = r->next;
4d611c9a 133
a917d384
PB		 134 return r;
135}
136
137/* Helper function for command completion. */
22864256 138static void scsi_command_complete(SCSIRequest *r, int status, int sense)
a917d384 139{
8ccc2ace 140 SCSIDeviceState *s = r->dev;
a917d384 141 uint32_t tag;
22864256 142 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
a917d384
PB		 143 s->sense = sense;
144 tag = r->tag;
145 scsi_remove_request(r);
22864256 146 s->completion(s->opaque, SCSI_REASON_DONE, tag, status);
4d611c9a
PB		 147}
148
149/* Cancel a pending data transfer. */
8ccc2ace 150static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
4d611c9a 151{
8ccc2ace 152 SCSIDeviceState *s = d->state;
a917d384
PB		 153 SCSIRequest *r;
154 DPRINTF("Cancel tag=0x%x\n", tag);
155 r = scsi_find_request(s, tag);
156 if (r) {
157 if (r->aiocb)
158 bdrv_aio_cancel(r->aiocb);
159 r->aiocb = NULL;
160 scsi_remove_request(r);
161 }
162}
163
164static void scsi_read_complete(void * opaque, int ret)
165{
166 SCSIRequest *r = (SCSIRequest *)opaque;
8ccc2ace 167 SCSIDeviceState *s = r->dev;
a917d384
PB		 168
169 if (ret) {
170 DPRINTF("IO error\n");
22864256
BS		 171 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 0);
172 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
4d611c9a
PB		 173 return;
174 }
0bf9e31a 175 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->tag, r->iov.iov_len);
a917d384 176
c87c0672 177 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
4d611c9a
PB		 178}
179
a917d384 180/* Read more data from scsi device into buffer. */
8ccc2ace 181static void scsi_read_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 182{
8ccc2ace 183 SCSIDeviceState *s = d->state;
a917d384 184 SCSIRequest *r;
2e5d83bb
PB		 185 uint32_t n;
186
a917d384
PB		 187 r = scsi_find_request(s, tag);
188 if (!r) {
189 BADF("Bad read tag 0x%x\n", tag);
b1fa7164 190 /* ??? This is the wrong error. */
22864256 191 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
a917d384 192 return;
2e5d83bb 193 }
a917d384 194 if (r->sector_count == (uint32_t)-1) {
0bf9e31a 195 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
a917d384 196 r->sector_count = 0;
c87c0672 197 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
a917d384 198 return;
2e5d83bb 199 }
a917d384
PB		 200 DPRINTF("Read sector_count=%d\n", r->sector_count);
201 if (r->sector_count == 0) {
22864256 202 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384 203 return;
2e5d83bb
PB		 204 }
205
a917d384
PB		 206 n = r->sector_count;
207 if (n > SCSI_DMA_BUF_SIZE / 512)
208 n = SCSI_DMA_BUF_SIZE / 512;
209
c87c0672
AL		 210 r->iov.iov_len = n * 512;
211 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
212 r->aiocb = bdrv_aio_readv(s->bdrv, r->sector, &r->qiov, n,
213 scsi_read_complete, r);
a917d384 214 if (r->aiocb == NULL)
22864256 215 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
a917d384
PB		 216 r->sector += n;
217 r->sector_count -= n;
2e5d83bb
PB		 218}
219
ea8a5d7f
AL		 220static int scsi_handle_write_error(SCSIRequest *r, int error)
221{
222 BlockInterfaceErrorAction action = drive_get_onerror(r->dev->bdrv);
223
224 if (action == BLOCK_ERR_IGNORE)
225 return 0;
226
227 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
228 || action == BLOCK_ERR_STOP_ANY) {
229 r->status |= SCSI_REQ_STATUS_RETRY;
230 vm_stop(0);
231 } else {
232 scsi_command_complete(r, STATUS_CHECK_CONDITION,
233 SENSE_HARDWARE_ERROR);
234 }
235
236 return 1;
237}
238
4d611c9a
PB		 239static void scsi_write_complete(void * opaque, int ret)
240{
a917d384 241 SCSIRequest *r = (SCSIRequest *)opaque;
8ccc2ace 242 SCSIDeviceState *s = r->dev;
a917d384 243 uint32_t len;
ea8a5d7f
AL		 244 uint32_t n;
245
246 r->aiocb = NULL;
4d611c9a
PB		 247
248 if (ret) {
ea8a5d7f
AL		 249 if (scsi_handle_write_error(r, -ret))
250 return;
4d611c9a
PB		 251 }
252
c87c0672 253 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 254 r->sector += n;
255 r->sector_count -= n;
a917d384 256 if (r->sector_count == 0) {
22864256 257 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384
PB		 258 } else {
259 len = r->sector_count * 512;
260 if (len > SCSI_DMA_BUF_SIZE) {
261 len = SCSI_DMA_BUF_SIZE;
262 }
c87c0672 263 r->iov.iov_len = len;
a917d384
PB		 264 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
265 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
4d611c9a 266 }
4d611c9a
PB		 267}
268
ea8a5d7f
AL		 269static void scsi_write_request(SCSIRequest *r)
270{
271 SCSIDeviceState *s = r->dev;
272 uint32_t n;
273
c87c0672 274 n = r->iov.iov_len / 512;
ea8a5d7f 275 if (n) {
c87c0672
AL		 276 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
277 r->aiocb = bdrv_aio_writev(s->bdrv, r->sector, &r->qiov, n,
278 scsi_write_complete, r);
ea8a5d7f
AL		 279 if (r->aiocb == NULL)
280 scsi_command_complete(r, STATUS_CHECK_CONDITION,
281 SENSE_HARDWARE_ERROR);
282 } else {
283 /* Invoke completion routine to fetch data from host. */
284 scsi_write_complete(r, 0);
285 }
286}
287
4d611c9a
PB		 288/* Write data to a scsi device. Returns nonzero on failure.
289 The transfer may complete asynchronously. */
8ccc2ace 290static int scsi_write_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 291{
8ccc2ace 292 SCSIDeviceState *s = d->state;
a917d384 293 SCSIRequest *r;
2e5d83bb 294
a917d384
PB		 295 DPRINTF("Write data tag=0x%x\n", tag);
296 r = scsi_find_request(s, tag);
297 if (!r) {
298 BADF("Bad write tag 0x%x\n", tag);
22864256 299 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
2e5d83bb
PB		 300 return 1;
301 }
ea8a5d7f 302
a917d384
PB		 303 if (r->aiocb)
304 BADF("Data transfer already in progress\n");
ea8a5d7f
AL		 305
306 scsi_write_request(r);
2e5d83bb 307
a917d384
PB		 308 return 0;
309}
2e5d83bb 310
ea8a5d7f
AL		 311static void scsi_dma_restart_cb(void *opaque, int running, int reason)
312{
313 SCSIDeviceState *s = opaque;
314 SCSIRequest *r = s->requests;
315 if (!running)
316 return;
317
318 while (r) {
319 if (r->status & SCSI_REQ_STATUS_RETRY) {
320 r->status &= ~SCSI_REQ_STATUS_RETRY;
321 scsi_write_request(r);
322 }
323 r = r->next;
324 }
325}
326
a917d384 327/* Return a pointer to the data buffer. */
8ccc2ace 328static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
a917d384 329{
8ccc2ace 330 SCSIDeviceState *s = d->state;
a917d384 331 SCSIRequest *r;
2e5d83bb 332
a917d384
PB		 333 r = scsi_find_request(s, tag);
334 if (!r) {
335 BADF("Bad buffer tag 0x%x\n", tag);
336 return NULL;
4d611c9a 337 }
3f4cb3d3 338 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 339}
340
341/* Execute a scsi command. Returns the length of the data expected by the
342 command. This will be Positive for data transfers from the device
343 (eg. disk reads), negative for transfers to the device (eg. disk writes),
344 and zero if the command does not transfer any data. */
345
8ccc2ace
TS		 346static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
347 uint8_t *buf, int lun)
2e5d83bb 348{
8ccc2ace 349 SCSIDeviceState *s = d->state;
96b8f136 350 uint64_t nb_sectors;
86106e59 351 uint64_t lba;
2e5d83bb
PB		 352 uint32_t len;
353 int cmdlen;
354 int is_write;
a917d384
PB		 355 uint8_t command;
356 uint8_t *outbuf;
357 SCSIRequest *r;
358
359 command = buf[0];
360 r = scsi_find_request(s, tag);
361 if (r) {
362 BADF("Tag 0x%x already in use\n", tag);
8ccc2ace 363 scsi_cancel_io(d, tag);
a917d384
PB		 364 }
365 /* ??? Tags are not unique for different luns. We only implement a
366 single lun, so this should not matter. */
367 r = scsi_new_request(s, tag);
3f4cb3d3 368 outbuf = (uint8_t *)r->iov.iov_base;
2e5d83bb 369 is_write = 0;
a917d384
PB		 370 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
371 switch (command >> 5) {
2e5d83bb 372 case 0:
86106e59
AL		 373 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
374 (((uint64_t) buf[1] & 0x1f) << 16);
2e5d83bb
PB		 375 len = buf[4];
376 cmdlen = 6;
377 break;
378 case 1:
379 case 2:
86106e59
AL		 380 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
381 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
2e5d83bb
PB		 382 len = buf[8] | (buf[7] << 8);
383 cmdlen = 10;
384 break;
385 case 4:
86106e59
AL		 386 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
387 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
388 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
389 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
2e5d83bb
PB		 390 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
391 cmdlen = 16;
392 break;
393 case 5:
86106e59
AL		 394 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
395 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
2e5d83bb
PB		 396 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
397 cmdlen = 12;
398 break;
399 default:
a917d384 400 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 401 goto fail;
402 }
403#ifdef DEBUG_SCSI
404 {
405 int i;
406 for (i = 1; i < cmdlen; i++) {
407 printf(" 0x%02x", buf[i]);
408 }
409 printf("\n");
410 }
411#endif
0fc5c15a 412 if (lun || buf[1] >> 5) {
2e5d83bb 413 /* Only LUN 0 supported. */
0fc5c15a 414 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
22864256
BS		 415 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
416 goto fail;
2e5d83bb 417 }
a917d384 418 switch (command) {
2e5d83bb
PB		 419 case 0x0:
420 DPRINTF("Test Unit Ready\n");
58a2c436
BS		 421 if (!bdrv_is_inserted(s->bdrv))
422 goto notready;
2e5d83bb
PB		 423 break;
424 case 0x03:
425 DPRINTF("Request Sense (len %d)\n", len);
426 if (len < 4)
427 goto fail;
67cd24a8 428 memset(outbuf, 0, 4);
c87c0672 429 r->iov.iov_len = 4;
ed6a9b30
BS		 430 if (s->sense == SENSE_NOT_READY && len >= 18) {
431 memset(outbuf, 0, 18);
c87c0672 432 r->iov.iov_len = 18;
ed6a9b30
BS		 433 outbuf[7] = 10;
434 /* asc 0x3a, ascq 0: Medium not present */
435 outbuf[12] = 0x3a;
436 outbuf[13] = 0;
437 }
a917d384
PB		 438 outbuf[0] = 0xf0;
439 outbuf[1] = 0;
440 outbuf[2] = s->sense;
2e5d83bb
PB		 441 break;
442 case 0x12:
7d8406be 443 DPRINTF("Inquiry (len %d)\n", len);
1d4db89c
AZ		 444 if (buf[1] & 0x2) {
445 /* Command support data - optional, not implemented */
446 BADF("optional INQUIRY command support request not implemented\n");
447 goto fail;
448 }
449 else if (buf[1] & 0x1) {
450 /* Vital product data */
451 uint8_t page_code = buf[2];
452 if (len < 4) {
453 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
454 "less than 4\n", page_code, len);
455 goto fail;
456 }
457
458 switch (page_code) {
459 case 0x00:
460 {
461 /* Supported page codes, mandatory */
462 DPRINTF("Inquiry EVPD[Supported pages] "
463 "buffer size %d\n", len);
464
c87c0672 465 r->iov.iov_len = 0;
1d4db89c
AZ		 466
467 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
c87c0672 468 outbuf[r->iov.iov_len++] = 5;
1d4db89c 469 } else {
c87c0672 470 outbuf[r->iov.iov_len++] = 0;
1d4db89c
AZ		 471 }
472
c87c0672
AL		 473 outbuf[r->iov.iov_len++] = 0x00; // this page
474 outbuf[r->iov.iov_len++] = 0x00;
475 outbuf[r->iov.iov_len++] = 3; // number of pages
476 outbuf[r->iov.iov_len++] = 0x00; // list of supported pages (this page)
477 outbuf[r->iov.iov_len++] = 0x80; // unit serial number
478 outbuf[r->iov.iov_len++] = 0x83; // device identification
1d4db89c
AZ		 479 }
480 break;
481 case 0x80:
482 {
fa879c64
AL		 483 int l;
484
1d4db89c
AZ		 485 /* Device serial number, optional */
486 if (len < 4) {
487 BADF("Error: EVPD[Serial number] Inquiry buffer "
488 "size %d too small, %d needed\n", len, 4);
489 goto fail;
490 }
491
492 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
fa879c64 493 l = MIN(len, strlen(s->drive_serial_str));
1d4db89c 494
c87c0672 495 r->iov.iov_len = 0;
1d4db89c
AZ		 496
497 /* Supported page codes */
498 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
c87c0672 499 outbuf[r->iov.iov_len++] = 5;
1d4db89c 500 } else {
c87c0672 501 outbuf[r->iov.iov_len++] = 0;
1d4db89c
AZ		 502 }
503
c87c0672
AL		 504 outbuf[r->iov.iov_len++] = 0x80; // this page
505 outbuf[r->iov.iov_len++] = 0x00;
506 outbuf[r->iov.iov_len++] = l;
507 memcpy(&outbuf[r->iov.iov_len], s->drive_serial_str, l);
508 r->iov.iov_len += l;
1d4db89c
AZ		 509 }
510
511 break;
512 case 0x83:
513 {
514 /* Device identification page, mandatory */
515 int max_len = 255 - 8;
516 int id_len = strlen(bdrv_get_device_name(s->bdrv));
517 if (id_len > max_len)
518 id_len = max_len;
519
520 DPRINTF("Inquiry EVPD[Device identification] "
521 "buffer size %d\n", len);
c87c0672 522 r->iov.iov_len = 0;
1d4db89c 523 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
c87c0672 524 outbuf[r->iov.iov_len++] = 5;
1d4db89c 525 } else {
c87c0672 526 outbuf[r->iov.iov_len++] = 0;
1d4db89c
AZ		 527 }
528
c87c0672
AL		 529 outbuf[r->iov.iov_len++] = 0x83; // this page
530 outbuf[r->iov.iov_len++] = 0x00;
531 outbuf[r->iov.iov_len++] = 3 + id_len;
1d4db89c 532
c87c0672
AL		 533 outbuf[r->iov.iov_len++] = 0x2; // ASCII
534 outbuf[r->iov.iov_len++] = 0; // not officially assigned
535 outbuf[r->iov.iov_len++] = 0; // reserved
536 outbuf[r->iov.iov_len++] = id_len; // length of data following
1d4db89c 537
c87c0672 538 memcpy(&outbuf[r->iov.iov_len],
1d4db89c 539 bdrv_get_device_name(s->bdrv), id_len);
c87c0672 540 r->iov.iov_len += id_len;
1d4db89c
AZ		 541 }
542 break;
543 default:
544 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
545 "buffer size %d\n", page_code, len);
546 goto fail;
547 }
548 /* done with EVPD */
549 break;
550 }
551 else {
552 /* Standard INQUIRY data */
553 if (buf[2] != 0) {
554 BADF("Error: Inquiry (STANDARD) page or code "
555 "is non-zero [%02X]\n", buf[2]);
556 goto fail;
557 }
558
559 /* PAGE CODE == 0 */
560 if (len < 5) {
561 BADF("Error: Inquiry (STANDARD) buffer size %d "
562 "is less than 5\n", len);
563 goto fail;
564 }
565
566 if (len < 36) {
567 BADF("Error: Inquiry (STANDARD) buffer size %d "
568 "is less than 36 (TODO: only 5 required)\n", len);
569 }
2e5d83bb 570 }
57575058
AZ		 571
572 if(len > SCSI_MAX_INQUIRY_LEN)
573 len = SCSI_MAX_INQUIRY_LEN;
574
575 memset(outbuf, 0, len);
22864256
BS		 576
577 if (lun || buf[1] >> 5) {
578 outbuf[0] = 0x7f; /* LUN not supported */
579 } else if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
a917d384
PB		 580 outbuf[0] = 5;
581 outbuf[1] = 0x80;
582 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
2e5d83bb 583 } else {
a917d384
PB		 584 outbuf[0] = 0;
585 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
2e5d83bb 586 }
a917d384
PB		 587 memcpy(&outbuf[8], "QEMU ", 8);
588 memcpy(&outbuf[32], QEMU_VERSION, 4);
17acfe32
PB		 589 /* Identify device as SCSI-3 rev 1.
590 Some later commands are also implemented. */
a917d384
PB		 591 outbuf[2] = 3;
592 outbuf[3] = 2; /* Format 2 */
57575058 593 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
a917d384
PB		 594 /* Sync data transfer and TCQ. */
595 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
c87c0672 596 r->iov.iov_len = len;
2e5d83bb
PB		 597 break;
598 case 0x16:
599 DPRINTF("Reserve(6)\n");
600 if (buf[1] & 1)
601 goto fail;
602 break;
603 case 0x17:
604 DPRINTF("Release(6)\n");
605 if (buf[1] & 1)
606 goto fail;
607 break;
608 case 0x1a:
7d8406be 609 case 0x5a:
17acfe32 610 {
a917d384 611 uint8_t *p;
17acfe32
PB		 612 int page;
613
614 page = buf[2] & 0x3f;
615 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
a917d384 616 p = outbuf;
17acfe32 617 memset(p, 0, 4);
a917d384
PB		 618 outbuf[1] = 0; /* Default media type. */
619 outbuf[3] = 0; /* Block descriptor length. */
17acfe32 620 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
a917d384 621 outbuf[2] = 0x80; /* Readonly. */
17acfe32
PB		 622 }
623 p += 4;
5e65a310
BS		 624 if (page == 4) {
625 int cylinders, heads, secs;
626
627 /* Rigid disk device geometry page. */
628 p[0] = 4;
629 p[1] = 0x16;
630 /* if a geometry hint is available, use it */
631 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
632 p[2] = (cylinders >> 16) & 0xff;
633 p[3] = (cylinders >> 8) & 0xff;
634 p[4] = cylinders & 0xff;
635 p[5] = heads & 0xff;
636 /* Write precomp start cylinder, disabled */
637 p[6] = (cylinders >> 16) & 0xff;
638 p[7] = (cylinders >> 8) & 0xff;
639 p[8] = cylinders & 0xff;
640 /* Reduced current start cylinder, disabled */
641 p[9] = (cylinders >> 16) & 0xff;
642 p[10] = (cylinders >> 8) & 0xff;
643 p[11] = cylinders & 0xff;
644 /* Device step rate [ns], 200ns */
645 p[12] = 0;
646 p[13] = 200;
647 /* Landing zone cylinder */
648 p[14] = 0xff;
649 p[15] = 0xff;
650 p[16] = 0xff;
651 /* Medium rotation rate [rpm], 5400 rpm */
652 p[20] = (5400 >> 8) & 0xff;
653 p[21] = 5400 & 0xff;
654 p += 0x16;
655 } else if (page == 5) {
656 int cylinders, heads, secs;
657
658 /* Flexible disk device geometry page. */
659 p[0] = 5;
660 p[1] = 0x1e;
661 /* Transfer rate [kbit/s], 5Mbit/s */
662 p[2] = 5000 >> 8;
663 p[3] = 5000 & 0xff;
664 /* if a geometry hint is available, use it */
665 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
666 p[4] = heads & 0xff;
667 p[5] = secs & 0xff;
668 p[6] = s->cluster_size * 2;
669 p[8] = (cylinders >> 8) & 0xff;
670 p[9] = cylinders & 0xff;
671 /* Write precomp start cylinder, disabled */
672 p[10] = (cylinders >> 8) & 0xff;
673 p[11] = cylinders & 0xff;
674 /* Reduced current start cylinder, disabled */
675 p[12] = (cylinders >> 8) & 0xff;
676 p[13] = cylinders & 0xff;
677 /* Device step rate [100us], 100us */
678 p[14] = 0;
679 p[15] = 1;
680 /* Device step pulse width [us], 1us */
681 p[16] = 1;
682 /* Device head settle delay [100us], 100us */
683 p[17] = 0;
684 p[18] = 1;
685 /* Motor on delay [0.1s], 0.1s */
686 p[19] = 1;
687 /* Motor off delay [0.1s], 0.1s */
688 p[20] = 1;
689 /* Medium rotation rate [rpm], 5400 rpm */
690 p[28] = (5400 >> 8) & 0xff;
691 p[29] = 5400 & 0xff;
692 p += 0x1e;
693 } else if ((page == 8 || page == 0x3f)) {
17acfe32 694 /* Caching page. */
67cd24a8 695 memset(p,0,20);
17acfe32
PB		 696 p[0] = 8;
697 p[1] = 0x12;
698 p[2] = 4; /* WCE */
67cd24a8 699 p += 20;
17acfe32
PB		 700 }
701 if ((page == 0x3f || page == 0x2a)
702 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
703 /* CD Capabilities and Mechanical Status page. */
704 p[0] = 0x2a;
705 p[1] = 0x14;
706 p[2] = 3; // CD-R & CD-RW read
707 p[3] = 0; // Writing not supported
708 p[4] = 0x7f; /* Audio, composite, digital out,
709 mode 2 form 1&2, multi session */
710 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
711 RW corrected, C2 errors, ISRC,
712 UPC, Bar code */
713 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
714 /* Locking supported, jumper present, eject, tray */
715 p[7] = 0; /* no volume & mute control, no
716 changer */
717 p[8] = (50 * 176) >> 8; // 50x read speed
718 p[9] = (50 * 176) & 0xff;
719 p[10] = 0 >> 8; // No volume
720 p[11] = 0 & 0xff;
721 p[12] = 2048 >> 8; // 2M buffer
722 p[13] = 2048 & 0xff;
723 p[14] = (16 * 176) >> 8; // 16x read speed current
724 p[15] = (16 * 176) & 0xff;
725 p[18] = (16 * 176) >> 8; // 16x write speed
726 p[19] = (16 * 176) & 0xff;
727 p[20] = (16 * 176) >> 8; // 16x write speed current
728 p[21] = (16 * 176) & 0xff;
67cd24a8 729 p += 22;
17acfe32 730 }
c87c0672
AL		 731 r->iov.iov_len = p - outbuf;
732 outbuf[0] = r->iov.iov_len - 4;
733 if (r->iov.iov_len > len)
734 r->iov.iov_len = len;
7d8406be 735 }
17acfe32
PB		 736 break;
737 case 0x1b:
738 DPRINTF("Start Stop Unit\n");
b2056c16
BS		 739 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM &&
740 (buf[4] & 2))
741 /* load/eject medium */
742 bdrv_eject(s->bdrv, !(buf[4] & 1));
17acfe32
PB		 743 break;
744 case 0x1e:
745 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
746 bdrv_set_locked(s->bdrv, buf[4] & 1);
2e5d83bb
PB		 747 break;
748 case 0x25:
749 DPRINTF("Read Capacity\n");
750 /* The normal LEN field for this command is zero. */
a917d384 751 memset(outbuf, 0, 8);
2e5d83bb 752 bdrv_get_geometry(s->bdrv, &nb_sectors);
c1c0438c 753 nb_sectors /= s->cluster_size;
51c1ebb1
PB		 754 /* Returned value is the address of the last sector. */
755 if (nb_sectors) {
756 nb_sectors--;
274fb0e1
AL		 757 /* Remember the new size for read/write sanity checking. */
758 s->max_lba = nb_sectors;
e035b43d
AL		 759 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
760 if (nb_sectors > UINT32_MAX)
761 nb_sectors = UINT32_MAX;
a917d384
PB		 762 outbuf[0] = (nb_sectors >> 24) & 0xff;
763 outbuf[1] = (nb_sectors >> 16) & 0xff;
764 outbuf[2] = (nb_sectors >> 8) & 0xff;
765 outbuf[3] = nb_sectors & 0xff;
766 outbuf[4] = 0;
767 outbuf[5] = 0;
768 outbuf[6] = s->cluster_size * 2;
769 outbuf[7] = 0;
c87c0672 770 r->iov.iov_len = 8;
51c1ebb1 771 } else {
58a2c436 772 notready:
22864256 773 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
35f1df84 774 return 0;
51c1ebb1 775 }
2e5d83bb
PB		 776 break;
777 case 0x08:
778 case 0x28:
86106e59 779 case 0x88:
0bf9e31a 780 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
274fb0e1
AL		 781 if (lba > s->max_lba)
782 goto illegal_lba;
a917d384
PB		 783 r->sector = lba * s->cluster_size;
784 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 785 break;
786 case 0x0a:
787 case 0x2a:
86106e59 788 case 0x8a:
0bf9e31a 789 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
274fb0e1
AL		 790 if (lba > s->max_lba)
791 goto illegal_lba;
a917d384
PB		 792 r->sector = lba * s->cluster_size;
793 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 794 is_write = 1;
795 break;
7d8406be 796 case 0x35:
0bf9e31a 797 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
7a6cba61 798 bdrv_flush(s->bdrv);
7d8406be 799 break;
2e5d83bb
PB		 800 case 0x43:
801 {
7c22dd52 802 int start_track, format, msf, toclen;
2e5d83bb
PB		 803
804 msf = buf[1] & 2;
805 format = buf[2] & 0xf;
806 start_track = buf[6];
807 bdrv_get_geometry(s->bdrv, &nb_sectors);
808 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
ee16b24a 809 nb_sectors /= s->cluster_size;
2e5d83bb
PB		 810 switch(format) {
811 case 0:
a917d384 812 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
2e5d83bb
PB		 813 break;
814 case 1:
815 /* multi session : only a single session defined */
7c22dd52 816 toclen = 12;
a917d384
PB		 817 memset(outbuf, 0, 12);
818 outbuf[1] = 0x0a;
819 outbuf[2] = 0x01;
820 outbuf[3] = 0x01;
2e5d83bb
PB		 821 break;
822 case 2:
a917d384 823 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
2e5d83bb
PB		 824 break;
825 default:
7c22dd52
PB		 826 goto error_cmd;
827 }
828 if (toclen > 0) {
829 if (len > toclen)
830 len = toclen;
c87c0672 831 r->iov.iov_len = len;
7c22dd52 832 break;
2e5d83bb 833 }
7c22dd52
PB		 834 error_cmd:
835 DPRINTF("Read TOC error\n");
836 goto fail;
2e5d83bb 837 }
17acfe32
PB		 838 case 0x46:
839 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
a917d384 840 memset(outbuf, 0, 8);
1235fc06 841 /* ??? This should probably return much more information. For now
17acfe32 842 just return the basic header indicating the CD-ROM profile. */
a917d384 843 outbuf[7] = 8; // CD-ROM
c87c0672 844 r->iov.iov_len = 8;
17acfe32 845 break;
2e5d83bb
PB		 846 case 0x56:
847 DPRINTF("Reserve(10)\n");
848 if (buf[1] & 3)
849 goto fail;
850 break;
851 case 0x57:
852 DPRINTF("Release(10)\n");
853 if (buf[1] & 3)
854 goto fail;
855 break;
86106e59
AL		 856 case 0x9e:
857 /* Service Action In subcommands. */
858 if ((buf[1] & 31) == 0x10) {
859 DPRINTF("SAI READ CAPACITY(16)\n");
860 memset(outbuf, 0, len);
861 bdrv_get_geometry(s->bdrv, &nb_sectors);
c1c0438c 862 nb_sectors /= s->cluster_size;
86106e59
AL		 863 /* Returned value is the address of the last sector. */
864 if (nb_sectors) {
865 nb_sectors--;
274fb0e1
AL		 866 /* Remember the new size for read/write sanity checking. */
867 s->max_lba = nb_sectors;
86106e59
AL		 868 outbuf[0] = (nb_sectors >> 56) & 0xff;
869 outbuf[1] = (nb_sectors >> 48) & 0xff;
870 outbuf[2] = (nb_sectors >> 40) & 0xff;
871 outbuf[3] = (nb_sectors >> 32) & 0xff;
872 outbuf[4] = (nb_sectors >> 24) & 0xff;
873 outbuf[5] = (nb_sectors >> 16) & 0xff;
874 outbuf[6] = (nb_sectors >> 8) & 0xff;
875 outbuf[7] = nb_sectors & 0xff;
876 outbuf[8] = 0;
877 outbuf[9] = 0;
878 outbuf[10] = s->cluster_size * 2;
879 outbuf[11] = 0;
880 /* Protection, exponent and lowest lba field left blank. */
c87c0672 881 r->iov.iov_len = len;
86106e59
AL		 882 } else {
883 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
884 return 0;
885 }
886 break;
887 }
888 DPRINTF("Unsupported Service Action In\n");
889 goto fail;
2e5d83bb
PB		 890 case 0xa0:
891 DPRINTF("Report LUNs (len %d)\n", len);
892 if (len < 16)
893 goto fail;
a917d384
PB		 894 memset(outbuf, 0, 16);
895 outbuf[3] = 8;
c87c0672 896 r->iov.iov_len = 16;
2e5d83bb 897 break;
22864256 898 case 0x2f:
0bf9e31a 899 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
22864256 900 break;
2e5d83bb
PB		 901 default:
902 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
903 fail:
22864256 904 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
2e5d83bb 905 return 0;
274fb0e1
AL		 906 illegal_lba:
907 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
908 return 0;
2e5d83bb 909 }
c87c0672 910 if (r->sector_count == 0 && r->iov.iov_len == 0) {
22864256 911 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384 912 }
c87c0672 913 len = r->sector_count * 512 + r->iov.iov_len;
a917d384
PB		 914 if (is_write) {
915 return -len;
916 } else {
917 if (!r->sector_count)
918 r->sector_count = -1;
919 return len;
2e5d83bb 920 }
2e5d83bb
PB		 921}
922
8ccc2ace 923static void scsi_destroy(SCSIDevice *d)
2e5d83bb 924{
8ccc2ace
TS		 925 qemu_free(d->state);
926 qemu_free(d);
2e5d83bb
PB		 927}
928
8ccc2ace
TS		 929SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
930 scsi_completionfn completion, void *opaque)
2e5d83bb 931{
8ccc2ace
TS		 932 SCSIDevice *d;
933 SCSIDeviceState *s;
274fb0e1 934 uint64_t nb_sectors;
2e5d83bb 935
8ccc2ace 936 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
2e5d83bb 937 s->bdrv = bdrv;
a917d384 938 s->tcq = tcq;
2e5d83bb
PB		 939 s->completion = completion;
940 s->opaque = opaque;
941 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
7c22dd52 942 s->cluster_size = 4;
2e5d83bb 943 } else {
7c22dd52 944 s->cluster_size = 1;
2e5d83bb 945 }
274fb0e1
AL		 946 bdrv_get_geometry(s->bdrv, &nb_sectors);
947 nb_sectors /= s->cluster_size;
948 if (nb_sectors)
949 nb_sectors--;
950 s->max_lba = nb_sectors;
fa879c64
AL		 951 strncpy(s->drive_serial_str, drive_get_serial(s->bdrv),
952 sizeof(s->drive_serial_str));
953 if (strlen(s->drive_serial_str) == 0)
00766a4e 954 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
ea8a5d7f 955 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
8ccc2ace
TS		 956 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
957 d->state = s;
958 d->destroy = scsi_destroy;
959 d->send_command = scsi_send_command;
960 d->read_data = scsi_read_data;
961 d->write_data = scsi_write_data;
962 d->cancel_io = scsi_cancel_io;
963 d->get_buf = scsi_get_buf;
2e5d83bb 964
8ccc2ace
TS		 965 return d;
966}
QEMU mirror