]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote branch 'mst/for_anthony' into staging
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb
PB		 14 *
15 * This code is licenced under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
ea8a5d7f
AL		 44#define SCSI_REQ_STATUS_RETRY 0x01
45
d52affa7
GH		 46typedef struct SCSIDiskState SCSIDiskState;
47
4c41d2ef
GH		 48typedef struct SCSIDiskReq {
49 SCSIRequest req;
e035b43d 50 /* ??? We should probably keep track of whether the data transfer is
2e5d83bb 51 a read or a write. Currently we rely on the host getting it right. */
a917d384 52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 53 uint64_t sector;
54 uint32_t sector_count;
c87c0672
AL		 55 struct iovec iov;
56 QEMUIOVector qiov;
ea8a5d7f 57 uint32_t status;
4c41d2ef 58} SCSIDiskReq;
a917d384 59
d52affa7 60struct SCSIDiskState
a917d384 61{
d52affa7 62 SCSIDevice qdev;
428c149b 63 BlockDriverState *bs;
a917d384
PB		 64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
274fb0e1 67 uint64_t max_lba;
213189ab 68 QEMUBH *bh;
383b4d9b 69 char *version;
a0fef654 70 char *serial;
2e5d83bb
PB		 71};
72
72aef731
CH		 73static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
74 uint32_t lun)
2e5d83bb 75{
89b08ae1 76 SCSIRequest *req;
4c41d2ef 77 SCSIDiskReq *r;
a917d384 78
72aef731 79 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
89b08ae1 80 r = DO_UPCAST(SCSIDiskReq, req, req);
72aef731 81 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
a917d384 82 return r;
2e5d83bb
PB		 83}
84
4c41d2ef 85static void scsi_remove_request(SCSIDiskReq *r)
4d611c9a 86{
f8a83245 87 qemu_vfree(r->iov.iov_base);
89b08ae1 88 scsi_req_free(&r->req);
4d611c9a
PB		 89}
90
4c41d2ef 91static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
4d611c9a 92{
89b08ae1 93 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
a917d384
PB		 94}
95
ed3a34a3
GH		 96static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
97{
98 req->status = status;
99 scsi_dev_set_sense(req->dev, sense_code);
100}
101
a917d384 102/* Helper function for command completion. */
4c41d2ef 103static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
a917d384 104{
4c41d2ef
GH		 105 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
106 r->req.tag, status, sense);
ed3a34a3
GH		 107 scsi_req_set_status(&r->req, status, sense);
108 scsi_req_complete(&r->req);
89b08ae1 109 scsi_remove_request(r);
4d611c9a
PB		 110}
111
112/* Cancel a pending data transfer. */
8ccc2ace 113static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
4d611c9a 114{
d52affa7 115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 116 SCSIDiskReq *r;
a917d384
PB		 117 DPRINTF("Cancel tag=0x%x\n", tag);
118 r = scsi_find_request(s, tag);
119 if (r) {
4c41d2ef
GH		 120 if (r->req.aiocb)
121 bdrv_aio_cancel(r->req.aiocb);
122 r->req.aiocb = NULL;
a917d384
PB		 123 scsi_remove_request(r);
124 }
125}
126
127static void scsi_read_complete(void * opaque, int ret)
128{
4c41d2ef 129 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 130
3e94cb02
JK		 131 r->req.aiocb = NULL;
132
a917d384
PB		 133 if (ret) {
134 DPRINTF("IO error\n");
4c41d2ef 135 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
0d65e1f8 136 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
4d611c9a
PB		 137 return;
138 }
aa2b1e89 139 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 140
4c41d2ef 141 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
4d611c9a
PB		 142}
143
a917d384 144/* Read more data from scsi device into buffer. */
8ccc2ace 145static void scsi_read_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 146{
d52affa7 147 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 148 SCSIDiskReq *r;
2e5d83bb
PB		 149 uint32_t n;
150
a917d384
PB		 151 r = scsi_find_request(s, tag);
152 if (!r) {
153 BADF("Bad read tag 0x%x\n", tag);
b1fa7164 154 /* ??? This is the wrong error. */
0d65e1f8 155 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
a917d384 156 return;
2e5d83bb 157 }
a917d384 158 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 159 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 160 r->sector_count = 0;
4c41d2ef 161 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
a917d384 162 return;
2e5d83bb 163 }
a917d384
PB		 164 DPRINTF("Read sector_count=%d\n", r->sector_count);
165 if (r->sector_count == 0) {
0d65e1f8 166 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 167 return;
2e5d83bb
PB		 168 }
169
a917d384
PB		 170 n = r->sector_count;
171 if (n > SCSI_DMA_BUF_SIZE / 512)
172 n = SCSI_DMA_BUF_SIZE / 512;
173
c87c0672
AL		 174 r->iov.iov_len = n * 512;
175 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 176 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 177 scsi_read_complete, r);
4c41d2ef 178 if (r->req.aiocb == NULL)
0d65e1f8 179 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
a917d384
PB		 180 r->sector += n;
181 r->sector_count -= n;
2e5d83bb
PB		 182}
183
4c41d2ef 184static int scsi_handle_write_error(SCSIDiskReq *r, int error)
ea8a5d7f 185{
4c41d2ef 186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
abd7f68d 187 BlockErrorAction action = bdrv_get_on_error(s->bs, 0);
ea8a5d7f 188
380f640f 189 if (action == BLOCK_ERR_IGNORE) {
428c149b 190 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
ea8a5d7f 191 return 0;
380f640f 192 }
ea8a5d7f
AL		 193
194 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
195 || action == BLOCK_ERR_STOP_ANY) {
196 r->status |= SCSI_REQ_STATUS_RETRY;
428c149b 197 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
554a310b 198 vm_stop(0);
ea8a5d7f 199 } else {
0d65e1f8
GH		 200 scsi_command_complete(r, CHECK_CONDITION,
201 HARDWARE_ERROR);
428c149b 202 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
ea8a5d7f
AL		 203 }
204
205 return 1;
206}
207
4d611c9a
PB		 208static void scsi_write_complete(void * opaque, int ret)
209{
4c41d2ef 210 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 211 uint32_t len;
ea8a5d7f
AL		 212 uint32_t n;
213
4c41d2ef 214 r->req.aiocb = NULL;
4d611c9a
PB		 215
216 if (ret) {
ea8a5d7f
AL		 217 if (scsi_handle_write_error(r, -ret))
218 return;
4d611c9a
PB		 219 }
220
c87c0672 221 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 222 r->sector += n;
223 r->sector_count -= n;
a917d384 224 if (r->sector_count == 0) {
0d65e1f8 225 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384
PB		 226 } else {
227 len = r->sector_count * 512;
228 if (len > SCSI_DMA_BUF_SIZE) {
229 len = SCSI_DMA_BUF_SIZE;
230 }
c87c0672 231 r->iov.iov_len = len;
4c41d2ef
GH		 232 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
233 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
4d611c9a 234 }
4d611c9a
PB		 235}
236
4c41d2ef 237static void scsi_write_request(SCSIDiskReq *r)
ea8a5d7f 238{
4c41d2ef 239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 240 uint32_t n;
241
c87c0672 242 n = r->iov.iov_len / 512;
ea8a5d7f 243 if (n) {
c87c0672 244 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 245 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 246 scsi_write_complete, r);
4c41d2ef 247 if (r->req.aiocb == NULL)
0d65e1f8
GH		 248 scsi_command_complete(r, CHECK_CONDITION,
249 HARDWARE_ERROR);
ea8a5d7f
AL		 250 } else {
251 /* Invoke completion routine to fetch data from host. */
252 scsi_write_complete(r, 0);
253 }
254}
255
4d611c9a
PB		 256/* Write data to a scsi device. Returns nonzero on failure.
257 The transfer may complete asynchronously. */
8ccc2ace 258static int scsi_write_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 259{
d52affa7 260 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 261 SCSIDiskReq *r;
2e5d83bb 262
a917d384
PB		 263 DPRINTF("Write data tag=0x%x\n", tag);
264 r = scsi_find_request(s, tag);
265 if (!r) {
266 BADF("Bad write tag 0x%x\n", tag);
0d65e1f8 267 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
2e5d83bb
PB		 268 return 1;
269 }
ea8a5d7f 270
4c41d2ef 271 if (r->req.aiocb)
a917d384 272 BADF("Data transfer already in progress\n");
ea8a5d7f
AL		 273
274 scsi_write_request(r);
2e5d83bb 275
a917d384
PB		 276 return 0;
277}
2e5d83bb 278
213189ab 279static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 280{
d52affa7 281 SCSIDiskState *s = opaque;
9af99d98
GH		 282 SCSIRequest *req;
283 SCSIDiskReq *r;
213189ab
MA		 284
285 qemu_bh_delete(s->bh);
286 s->bh = NULL;
ea8a5d7f 287
9af99d98
GH		 288 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
289 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f
AL		 290 if (r->status & SCSI_REQ_STATUS_RETRY) {
291 r->status &= ~SCSI_REQ_STATUS_RETRY;
292 scsi_write_request(r);
293 }
ea8a5d7f
AL		 294 }
295}
296
213189ab
MA		 297static void scsi_dma_restart_cb(void *opaque, int running, int reason)
298{
d52affa7 299 SCSIDiskState *s = opaque;
213189ab
MA		 300
301 if (!running)
302 return;
303
304 if (!s->bh) {
305 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
306 qemu_bh_schedule(s->bh);
307 }
308}
309
a917d384 310/* Return a pointer to the data buffer. */
8ccc2ace 311static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
a917d384 312{
d52affa7 313 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 314 SCSIDiskReq *r;
2e5d83bb 315
a917d384
PB		 316 r = scsi_find_request(s, tag);
317 if (!r) {
318 BADF("Bad buffer tag 0x%x\n", tag);
319 return NULL;
4d611c9a 320 }
3f4cb3d3 321 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 322}
323
0b06c059
GH		 324static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
325{
383b4d9b 326 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 327 int buflen = 0;
328
329 if (req->cmd.buf[1] & 0x2) {
330 /* Command support data - optional, not implemented */
331 BADF("optional INQUIRY command support request not implemented\n");
332 return -1;
333 }
334
335 if (req->cmd.buf[1] & 0x1) {
336 /* Vital product data */
337 uint8_t page_code = req->cmd.buf[2];
338 if (req->cmd.xfer < 4) {
339 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
340 "less than 4\n", page_code, req->cmd.xfer);
341 return -1;
342 }
343
428c149b 344 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
0b06c059
GH		 345 outbuf[buflen++] = 5;
346 } else {
347 outbuf[buflen++] = 0;
348 }
349 outbuf[buflen++] = page_code ; // this page
350 outbuf[buflen++] = 0x00;
351
352 switch (page_code) {
353 case 0x00: /* Supported page codes, mandatory */
354 DPRINTF("Inquiry EVPD[Supported pages] "
355 "buffer size %zd\n", req->cmd.xfer);
ee3659e3 356 outbuf[buflen++] = 4; // number of pages
0b06c059
GH		 357 outbuf[buflen++] = 0x00; // list of supported pages (this page)
358 outbuf[buflen++] = 0x80; // unit serial number
359 outbuf[buflen++] = 0x83; // device identification
ee3659e3 360 outbuf[buflen++] = 0xb0; // block device characteristics
0b06c059
GH		 361 break;
362
363 case 0x80: /* Device serial number, optional */
364 {
a0fef654 365 int l = strlen(s->serial);
0b06c059
GH		 366
367 if (l > req->cmd.xfer)
368 l = req->cmd.xfer;
369 if (l > 20)
370 l = 20;
371
372 DPRINTF("Inquiry EVPD[Serial number] "
373 "buffer size %zd\n", req->cmd.xfer);
374 outbuf[buflen++] = l;
a0fef654 375 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 376 buflen += l;
377 break;
378 }
379
380 case 0x83: /* Device identification page, mandatory */
381 {
382 int max_len = 255 - 8;
428c149b 383 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 384
385 if (id_len > max_len)
386 id_len = max_len;
387 DPRINTF("Inquiry EVPD[Device identification] "
388 "buffer size %zd\n", req->cmd.xfer);
389
390 outbuf[buflen++] = 3 + id_len;
391 outbuf[buflen++] = 0x2; // ASCII
392 outbuf[buflen++] = 0; // not officially assigned
393 outbuf[buflen++] = 0; // reserved
394 outbuf[buflen++] = id_len; // length of data following
395
428c149b 396 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 397 buflen += id_len;
398 break;
399 }
ee3659e3
CH		 400 case 0xb0: /* block device characteristics */
401 {
8cfacf07
CH		 402 unsigned int min_io_size =
403 s->qdev.conf.min_io_size / s->qdev.blocksize;
404 unsigned int opt_io_size =
405 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3
CH		 406
407 /* required VPD size with unmap support */
408 outbuf[3] = buflen = 0x3c;
409
410 memset(outbuf + 4, 0, buflen - 4);
411
412 /* optimal transfer length granularity */
413 outbuf[6] = (min_io_size >> 8) & 0xff;
414 outbuf[7] = min_io_size & 0xff;
415
416 /* optimal transfer length */
417 outbuf[12] = (opt_io_size >> 24) & 0xff;
418 outbuf[13] = (opt_io_size >> 16) & 0xff;
419 outbuf[14] = (opt_io_size >> 8) & 0xff;
420 outbuf[15] = opt_io_size & 0xff;
421 break;
422 }
0b06c059
GH		 423 default:
424 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
425 "buffer size %zd\n", page_code, req->cmd.xfer);
426 return -1;
427 }
428 /* done with EVPD */
429 return buflen;
430 }
431
432 /* Standard INQUIRY data */
433 if (req->cmd.buf[2] != 0) {
434 BADF("Error: Inquiry (STANDARD) page or code "
435 "is non-zero [%02X]\n", req->cmd.buf[2]);
436 return -1;
437 }
438
439 /* PAGE CODE == 0 */
440 if (req->cmd.xfer < 5) {
441 BADF("Error: Inquiry (STANDARD) buffer size %zd "
442 "is less than 5\n", req->cmd.xfer);
443 return -1;
444 }
445
0b06c059
GH		 446 buflen = req->cmd.xfer;
447 if (buflen > SCSI_MAX_INQUIRY_LEN)
448 buflen = SCSI_MAX_INQUIRY_LEN;
449
450 memset(outbuf, 0, buflen);
451
452 if (req->lun || req->cmd.buf[1] >> 5) {
453 outbuf[0] = 0x7f; /* LUN not supported */
454 return buflen;
455 }
456
428c149b 457 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
0b06c059
GH		 458 outbuf[0] = 5;
459 outbuf[1] = 0x80;
550fe6c6 460 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059
GH		 461 } else {
462 outbuf[0] = 0;
550fe6c6 463 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 464 }
550fe6c6 465 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 466 memset(&outbuf[32], 0, 4);
552fee93 467 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 468 /*
469 * We claim conformance to SPC-3, which is required for guests
470 * to ask for modern features like READ CAPACITY(16) or the
471 * block characteristics VPD page by default. Not all of SPC-3
472 * is actually implemented, but we're good enough.
473 */
ee3659e3 474 outbuf[2] = 5;
0b06c059 475 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 476
477 if (buflen > 36) {
478 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
479 } else {
480 /* If the allocation length of CDB is too small,
481 the additional length is not adjusted */
482 outbuf[4] = 36 - 5;
483 }
484
0b06c059
GH		 485 /* Sync data transfer and TCQ. */
486 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
487 return buflen;
488}
489
282ab04e
BK		 490static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
491 int page_control)
ebddfcbe
GH		 492{
493 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
428c149b 494 BlockDriverState *bdrv = s->bs;
ebddfcbe
GH		 495 int cylinders, heads, secs;
496
282ab04e
BK		 497 /*
498 * If Changeable Values are requested, a mask denoting those mode parameters
499 * that are changeable shall be returned. As we currently don't support
500 * parameter changes via MODE_SELECT all bits are returned set to zero.
501 * The buffer was already menset to zero by the caller of this function.
502 */
ebddfcbe
GH		 503 switch (page) {
504 case 4: /* Rigid disk device geometry page. */
505 p[0] = 4;
506 p[1] = 0x16;
282ab04e
BK		 507 if (page_control == 1) { /* Changeable Values */
508 return p[1] + 2;
509 }
ebddfcbe
GH		 510 /* if a geometry hint is available, use it */
511 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
512 p[2] = (cylinders >> 16) & 0xff;
513 p[3] = (cylinders >> 8) & 0xff;
514 p[4] = cylinders & 0xff;
515 p[5] = heads & 0xff;
516 /* Write precomp start cylinder, disabled */
517 p[6] = (cylinders >> 16) & 0xff;
518 p[7] = (cylinders >> 8) & 0xff;
519 p[8] = cylinders & 0xff;
520 /* Reduced current start cylinder, disabled */
521 p[9] = (cylinders >> 16) & 0xff;
522 p[10] = (cylinders >> 8) & 0xff;
523 p[11] = cylinders & 0xff;
524 /* Device step rate [ns], 200ns */
525 p[12] = 0;
526 p[13] = 200;
527 /* Landing zone cylinder */
528 p[14] = 0xff;
529 p[15] = 0xff;
530 p[16] = 0xff;
531 /* Medium rotation rate [rpm], 5400 rpm */
532 p[20] = (5400 >> 8) & 0xff;
533 p[21] = 5400 & 0xff;
282ab04e 534 return p[1] + 2;
ebddfcbe
GH		 535
536 case 5: /* Flexible disk device geometry page. */
537 p[0] = 5;
538 p[1] = 0x1e;
282ab04e
BK		 539 if (page_control == 1) { /* Changeable Values */
540 return p[1] + 2;
541 }
ebddfcbe
GH		 542 /* Transfer rate [kbit/s], 5Mbit/s */
543 p[2] = 5000 >> 8;
544 p[3] = 5000 & 0xff;
545 /* if a geometry hint is available, use it */
546 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
547 p[4] = heads & 0xff;
548 p[5] = secs & 0xff;
549 p[6] = s->cluster_size * 2;
550 p[8] = (cylinders >> 8) & 0xff;
551 p[9] = cylinders & 0xff;
552 /* Write precomp start cylinder, disabled */
553 p[10] = (cylinders >> 8) & 0xff;
554 p[11] = cylinders & 0xff;
555 /* Reduced current start cylinder, disabled */
556 p[12] = (cylinders >> 8) & 0xff;
557 p[13] = cylinders & 0xff;
558 /* Device step rate [100us], 100us */
559 p[14] = 0;
560 p[15] = 1;
561 /* Device step pulse width [us], 1us */
562 p[16] = 1;
563 /* Device head settle delay [100us], 100us */
564 p[17] = 0;
565 p[18] = 1;
566 /* Motor on delay [0.1s], 0.1s */
567 p[19] = 1;
568 /* Motor off delay [0.1s], 0.1s */
569 p[20] = 1;
570 /* Medium rotation rate [rpm], 5400 rpm */
571 p[28] = (5400 >> 8) & 0xff;
572 p[29] = 5400 & 0xff;
282ab04e 573 return p[1] + 2;
ebddfcbe
GH		 574
575 case 8: /* Caching page. */
576 p[0] = 8;
577 p[1] = 0x12;
282ab04e
BK		 578 if (page_control == 1) { /* Changeable Values */
579 return p[1] + 2;
580 }
428c149b 581 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 582 p[2] = 4; /* WCE */
583 }
282ab04e 584 return p[1] + 2;
ebddfcbe
GH		 585
586 case 0x2a: /* CD Capabilities and Mechanical Status page. */
587 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
588 return 0;
589 p[0] = 0x2a;
590 p[1] = 0x14;
282ab04e
BK		 591 if (page_control == 1) { /* Changeable Values */
592 return p[1] + 2;
593 }
ebddfcbe
GH		 594 p[2] = 3; // CD-R & CD-RW read
595 p[3] = 0; // Writing not supported
596 p[4] = 0x7f; /* Audio, composite, digital out,
597 mode 2 form 1&2, multi session */
598 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
599 RW corrected, C2 errors, ISRC,
600 UPC, Bar code */
428c149b 601 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
ebddfcbe
GH		 602 /* Locking supported, jumper present, eject, tray */
603 p[7] = 0; /* no volume & mute control, no
604 changer */
605 p[8] = (50 * 176) >> 8; // 50x read speed
606 p[9] = (50 * 176) & 0xff;
607 p[10] = 0 >> 8; // No volume
608 p[11] = 0 & 0xff;
609 p[12] = 2048 >> 8; // 2M buffer
610 p[13] = 2048 & 0xff;
611 p[14] = (16 * 176) >> 8; // 16x read speed current
612 p[15] = (16 * 176) & 0xff;
613 p[18] = (16 * 176) >> 8; // 16x write speed
614 p[19] = (16 * 176) & 0xff;
615 p[20] = (16 * 176) >> 8; // 16x write speed current
616 p[21] = (16 * 176) & 0xff;
282ab04e 617 return p[1] + 2;
ebddfcbe
GH		 618
619 default:
620 return 0;
621 }
622}
623
624static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
625{
626 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ebddfcbe 627 uint64_t nb_sectors;
282ab04e 628 int page, dbd, buflen, page_control;
ebddfcbe 629 uint8_t *p;
ce512ee1 630 uint8_t dev_specific_param;
ebddfcbe
GH		 631
632 dbd = req->cmd.buf[1] & 0x8;
633 page = req->cmd.buf[2] & 0x3f;
282ab04e 634 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
aa2b1e89
BK		 635 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
636 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
ebddfcbe
GH		 637 memset(outbuf, 0, req->cmd.xfer);
638 p = outbuf;
639
0056dcc1 640 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 641 dev_specific_param = 0x80; /* Readonly. */
642 } else {
643 dev_specific_param = 0x00;
644 }
645
646 if (req->cmd.buf[0] == MODE_SENSE) {
647 p[1] = 0; /* Default media type. */
648 p[2] = dev_specific_param;
649 p[3] = 0; /* Block descriptor length. */
650 p += 4;
651 } else { /* MODE_SENSE_10 */
652 p[2] = 0; /* Default media type. */
653 p[3] = dev_specific_param;
654 p[6] = p[7] = 0; /* Block descriptor length. */
655 p += 8;
ebddfcbe 656 }
ebddfcbe 657
428c149b 658 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 659 if (!dbd && nb_sectors) {
ce512ee1
BK		 660 if (req->cmd.buf[0] == MODE_SENSE) {
661 outbuf[3] = 8; /* Block descriptor length */
662 } else { /* MODE_SENSE_10 */
663 outbuf[7] = 8; /* Block descriptor length */
664 }
ebddfcbe 665 nb_sectors /= s->cluster_size;
ebddfcbe 666 if (nb_sectors > 0xffffff)
2488b740 667 nb_sectors = 0;
ebddfcbe
GH		 668 p[0] = 0; /* media density code */
669 p[1] = (nb_sectors >> 16) & 0xff;
670 p[2] = (nb_sectors >> 8) & 0xff;
671 p[3] = nb_sectors & 0xff;
672 p[4] = 0; /* reserved */
673 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
674 p[6] = s->cluster_size * 2;
675 p[7] = 0;
676 p += 8;
677 }
678
282ab04e
BK		 679 if (page_control == 3) { /* Saved Values */
680 return -1; /* ILLEGAL_REQUEST */
681 }
682
ebddfcbe
GH		 683 switch (page) {
684 case 0x04:
685 case 0x05:
686 case 0x08:
687 case 0x2a:
282ab04e 688 p += mode_sense_page(req, page, p, page_control);
ebddfcbe
GH		 689 break;
690 case 0x3f:
282ab04e
BK		 691 p += mode_sense_page(req, 0x08, p, page_control);
692 p += mode_sense_page(req, 0x2a, p, page_control);
ebddfcbe 693 break;
a9c17b2b
BK		 694 default:
695 return -1; /* ILLEGAL_REQUEST */
ebddfcbe
GH		 696 }
697
698 buflen = p - outbuf;
ce512ee1
BK		 699 /*
700 * The mode data length field specifies the length in bytes of the
701 * following data that is available to be transferred. The mode data
702 * length does not include itself.
703 */
704 if (req->cmd.buf[0] == MODE_SENSE) {
705 outbuf[0] = buflen - 1;
706 } else { /* MODE_SENSE_10 */
707 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
708 outbuf[1] = (buflen - 2) & 0xff;
709 }
ebddfcbe
GH		 710 if (buflen > req->cmd.xfer)
711 buflen = req->cmd.xfer;
712 return buflen;
713}
714
02880f43
GH		 715static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
716{
717 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 718 int start_track, format, msf, toclen;
719 uint64_t nb_sectors;
720
721 msf = req->cmd.buf[1] & 2;
722 format = req->cmd.buf[2] & 0xf;
723 start_track = req->cmd.buf[6];
428c149b 724 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 725 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
726 nb_sectors /= s->cluster_size;
727 switch (format) {
728 case 0:
729 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
730 break;
731 case 1:
732 /* multi session : only a single session defined */
733 toclen = 12;
734 memset(outbuf, 0, 12);
735 outbuf[1] = 0x0a;
736 outbuf[2] = 0x01;
737 outbuf[3] = 0x01;
738 break;
739 case 2:
740 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
741 break;
742 default:
743 return -1;
744 }
745 if (toclen > req->cmd.xfer)
746 toclen = req->cmd.xfer;
747 return toclen;
748}
749
aa5dbdc1
GH		 750static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
751{
e7e25e32 752 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 753 uint64_t nb_sectors;
aa5dbdc1
GH		 754 int buflen = 0;
755
756 switch (req->cmd.buf[0]) {
757 case TEST_UNIT_READY:
428c149b 758 if (!bdrv_is_inserted(s->bs))
aa5dbdc1
GH		 759 goto not_ready;
760 break;
51ad87c9
GH		 761 case REQUEST_SENSE:
762 if (req->cmd.xfer < 4)
763 goto illegal_request;
764 memset(outbuf, 0, 4);
765 buflen = 4;
766 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
767 memset(outbuf, 0, 18);
768 buflen = 18;
769 outbuf[7] = 10;
770 /* asc 0x3a, ascq 0: Medium not present */
771 outbuf[12] = 0x3a;
772 outbuf[13] = 0;
773 }
774 outbuf[0] = 0xf0;
775 outbuf[1] = 0;
776 outbuf[2] = req->dev->sense.key;
777 scsi_dev_clear_sense(req->dev);
778 break;
0b06c059
GH		 779 case INQUIRY:
780 buflen = scsi_disk_emulate_inquiry(req, outbuf);
781 if (buflen < 0)
782 goto illegal_request;
783 break;
ebddfcbe
GH		 784 case MODE_SENSE:
785 case MODE_SENSE_10:
786 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
787 if (buflen < 0)
788 goto illegal_request;
789 break;
02880f43
GH		 790 case READ_TOC:
791 buflen = scsi_disk_emulate_read_toc(req, outbuf);
792 if (buflen < 0)
793 goto illegal_request;
794 break;
3d53ba18
GH		 795 case RESERVE:
796 if (req->cmd.buf[1] & 1)
797 goto illegal_request;
798 break;
799 case RESERVE_10:
800 if (req->cmd.buf[1] & 3)
801 goto illegal_request;
802 break;
803 case RELEASE:
804 if (req->cmd.buf[1] & 1)
805 goto illegal_request;
806 break;
807 case RELEASE_10:
808 if (req->cmd.buf[1] & 3)
809 goto illegal_request;
810 break;
8d3628ff 811 case START_STOP:
428c149b 812 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
8d3628ff 813 /* load/eject medium */
428c149b 814 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
8d3628ff
GH		 815 }
816 break;
c68b9f34 817 case ALLOW_MEDIUM_REMOVAL:
428c149b 818 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
c68b9f34 819 break;
e7e25e32
GH		 820 case READ_CAPACITY:
821 /* The normal LEN field for this command is zero. */
822 memset(outbuf, 0, 8);
428c149b 823 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 824 if (!nb_sectors)
825 goto not_ready;
826 nb_sectors /= s->cluster_size;
827 /* Returned value is the address of the last sector. */
828 nb_sectors--;
829 /* Remember the new size for read/write sanity checking. */
830 s->max_lba = nb_sectors;
831 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
832 if (nb_sectors > UINT32_MAX)
833 nb_sectors = UINT32_MAX;
834 outbuf[0] = (nb_sectors >> 24) & 0xff;
835 outbuf[1] = (nb_sectors >> 16) & 0xff;
836 outbuf[2] = (nb_sectors >> 8) & 0xff;
837 outbuf[3] = nb_sectors & 0xff;
838 outbuf[4] = 0;
839 outbuf[5] = 0;
840 outbuf[6] = s->cluster_size * 2;
841 outbuf[7] = 0;
842 buflen = 8;
843 break;
fc903943 844 case SYNCHRONIZE_CACHE:
428c149b 845 bdrv_flush(s->bs);
fc903943 846 break;
38215553
GH		 847 case GET_CONFIGURATION:
848 memset(outbuf, 0, 8);
849 /* ??? This should probably return much more information. For now
850 just return the basic header indicating the CD-ROM profile. */
851 outbuf[7] = 8; // CD-ROM
852 buflen = 8;
853 break;
5dd90e2a
GH		 854 case SERVICE_ACTION_IN:
855 /* Service Action In subcommands. */
856 if ((req->cmd.buf[1] & 31) == 0x10) {
857 DPRINTF("SAI READ CAPACITY(16)\n");
858 memset(outbuf, 0, req->cmd.xfer);
428c149b 859 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 860 if (!nb_sectors)
861 goto not_ready;
862 nb_sectors /= s->cluster_size;
863 /* Returned value is the address of the last sector. */
864 nb_sectors--;
865 /* Remember the new size for read/write sanity checking. */
866 s->max_lba = nb_sectors;
867 outbuf[0] = (nb_sectors >> 56) & 0xff;
868 outbuf[1] = (nb_sectors >> 48) & 0xff;
869 outbuf[2] = (nb_sectors >> 40) & 0xff;
870 outbuf[3] = (nb_sectors >> 32) & 0xff;
871 outbuf[4] = (nb_sectors >> 24) & 0xff;
872 outbuf[5] = (nb_sectors >> 16) & 0xff;
873 outbuf[6] = (nb_sectors >> 8) & 0xff;
874 outbuf[7] = nb_sectors & 0xff;
875 outbuf[8] = 0;
876 outbuf[9] = 0;
877 outbuf[10] = s->cluster_size * 2;
878 outbuf[11] = 0;
ee3659e3
CH		 879 outbuf[12] = 0;
880 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
5dd90e2a
GH		 881 /* Protection, exponent and lowest lba field left blank. */
882 buflen = req->cmd.xfer;
883 break;
884 }
885 DPRINTF("Unsupported Service Action In\n");
886 goto illegal_request;
39ec9a50
GH		 887 case REPORT_LUNS:
888 if (req->cmd.xfer < 16)
889 goto illegal_request;
890 memset(outbuf, 0, 16);
891 outbuf[3] = 8;
892 buflen = 16;
893 break;
88f8a5ed
GH		 894 case VERIFY:
895 break;
ebef0bbb
BK		 896 case REZERO_UNIT:
897 DPRINTF("Rezero Unit\n");
898 if (!bdrv_is_inserted(s->bs)) {
899 goto not_ready;
900 }
901 break;
aa5dbdc1
GH		 902 default:
903 goto illegal_request;
904 }
905 scsi_req_set_status(req, GOOD, NO_SENSE);
906 return buflen;
907
908not_ready:
909 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
910 return 0;
911
912illegal_request:
913 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
914 return 0;
915}
916
2e5d83bb
PB		 917/* Execute a scsi command. Returns the length of the data expected by the
918 command. This will be Positive for data transfers from the device
919 (eg. disk reads), negative for transfers to the device (eg. disk writes),
920 and zero if the command does not transfer any data. */
921
8ccc2ace
TS		 922static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
923 uint8_t *buf, int lun)
2e5d83bb 924{
d52affa7 925 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
86106e59 926 uint64_t lba;
2e5d83bb
PB		 927 uint32_t len;
928 int cmdlen;
929 int is_write;
a917d384
PB		 930 uint8_t command;
931 uint8_t *outbuf;
4c41d2ef 932 SCSIDiskReq *r;
aa5dbdc1 933 int rc;
a917d384
PB		 934
935 command = buf[0];
936 r = scsi_find_request(s, tag);
937 if (r) {
938 BADF("Tag 0x%x already in use\n", tag);
8ccc2ace 939 scsi_cancel_io(d, tag);
a917d384
PB		 940 }
941 /* ??? Tags are not unique for different luns. We only implement a
942 single lun, so this should not matter. */
72aef731 943 r = scsi_new_request(s, tag, lun);
3f4cb3d3 944 outbuf = (uint8_t *)r->iov.iov_base;
2e5d83bb 945 is_write = 0;
a917d384
PB		 946 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
947 switch (command >> 5) {
2e5d83bb 948 case 0:
86106e59
AL		 949 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
950 (((uint64_t) buf[1] & 0x1f) << 16);
2e5d83bb
PB		 951 len = buf[4];
952 cmdlen = 6;
953 break;
954 case 1:
955 case 2:
86106e59
AL		 956 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
957 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
2e5d83bb
PB		 958 len = buf[8] | (buf[7] << 8);
959 cmdlen = 10;
960 break;
961 case 4:
86106e59
AL		 962 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
963 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
964 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
965 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
2e5d83bb
PB		 966 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
967 cmdlen = 16;
968 break;
969 case 5:
86106e59
AL		 970 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
971 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
2e5d83bb
PB		 972 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
973 cmdlen = 12;
974 break;
975 default:
a917d384 976 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 977 goto fail;
978 }
979#ifdef DEBUG_SCSI
980 {
981 int i;
982 for (i = 1; i < cmdlen; i++) {
983 printf(" 0x%02x", buf[i]);
984 }
985 printf("\n");
986 }
987#endif
aa5dbdc1
GH		 988
989 if (scsi_req_parse(&r->req, buf) != 0) {
990 BADF("Unsupported command length, command %x\n", command);
991 goto fail;
992 }
993 assert(r->req.cmd.len == cmdlen);
994 assert(r->req.cmd.lba == lba);
995
0fc5c15a 996 if (lun || buf[1] >> 5) {
2e5d83bb 997 /* Only LUN 0 supported. */
0fc5c15a 998 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
ebf46023 999 if (command != REQUEST_SENSE && command != INQUIRY)
22864256 1000 goto fail;
2e5d83bb 1001 }
a917d384 1002 switch (command) {
ebf46023 1003 case TEST_UNIT_READY:
51ad87c9 1004 case REQUEST_SENSE:
0b06c059 1005 case INQUIRY:
ebddfcbe
GH		 1006 case MODE_SENSE:
1007 case MODE_SENSE_10:
3d53ba18
GH		 1008 case RESERVE:
1009 case RESERVE_10:
1010 case RELEASE:
1011 case RELEASE_10:
8d3628ff 1012 case START_STOP:
c68b9f34 1013 case ALLOW_MEDIUM_REMOVAL:
e7e25e32 1014 case READ_CAPACITY:
fc903943 1015 case SYNCHRONIZE_CACHE:
02880f43 1016 case READ_TOC:
38215553 1017 case GET_CONFIGURATION:
5dd90e2a 1018 case SERVICE_ACTION_IN:
39ec9a50 1019 case REPORT_LUNS:
88f8a5ed 1020 case VERIFY:
ebef0bbb 1021 case REZERO_UNIT:
aa5dbdc1
GH		 1022 rc = scsi_disk_emulate_command(&r->req, outbuf);
1023 if (rc > 0) {
1024 r->iov.iov_len = rc;
1025 } else {
1026 scsi_req_complete(&r->req);
1027 scsi_remove_request(r);
0b06c059 1028 return 0;
aa5dbdc1 1029 }
0b06c059 1030 break;
ebf46023
GH		 1031 case READ_6:
1032 case READ_10:
bd536cf3
GH		 1033 case READ_12:
1034 case READ_16:
0bf9e31a 1035 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
274fb0e1
AL		 1036 if (lba > s->max_lba)
1037 goto illegal_lba;
a917d384
PB		 1038 r->sector = lba * s->cluster_size;
1039 r->sector_count = len * s->cluster_size;
2e5d83bb 1040 break;
ebf46023
GH		 1041 case WRITE_6:
1042 case WRITE_10:
bd536cf3
GH		 1043 case WRITE_12:
1044 case WRITE_16:
ebef0bbb
BK		 1045 case WRITE_VERIFY:
1046 case WRITE_VERIFY_12:
1047 case WRITE_VERIFY_16:
1048 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1049 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
274fb0e1
AL		 1050 if (lba > s->max_lba)
1051 goto illegal_lba;
a917d384
PB		 1052 r->sector = lba * s->cluster_size;
1053 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 1054 is_write = 1;
1055 break;
ebef0bbb
BK		 1056 case MODE_SELECT:
1057 DPRINTF("Mode Select(6) (len %d)\n", len);
1058 /* We don't support mode parameter changes.
1059 Allow the mode parameter header + block descriptors only. */
1060 if (len > 12) {
1061 goto fail;
1062 }
1063 break;
1064 case MODE_SELECT_10:
1065 DPRINTF("Mode Select(10) (len %d)\n", len);
1066 /* We don't support mode parameter changes.
1067 Allow the mode parameter header + block descriptors only. */
1068 if (len > 16) {
1069 goto fail;
1070 }
1071 break;
1072 case SEEK_6:
1073 case SEEK_10:
1074 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1075 if (lba > s->max_lba) {
1076 goto illegal_lba;
1077 }
1078 break;
2e5d83bb
PB		 1079 default:
1080 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1081 fail:
0d65e1f8 1082 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
2e5d83bb 1083 return 0;
274fb0e1 1084 illegal_lba:
0d65e1f8 1085 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
274fb0e1 1086 return 0;
2e5d83bb 1087 }
c87c0672 1088 if (r->sector_count == 0 && r->iov.iov_len == 0) {
0d65e1f8 1089 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 1090 }
c87c0672 1091 len = r->sector_count * 512 + r->iov.iov_len;
a917d384
PB		 1092 if (is_write) {
1093 return -len;
1094 } else {
1095 if (!r->sector_count)
1096 r->sector_count = -1;
1097 return len;
2e5d83bb 1098 }
2e5d83bb
PB		 1099}
1100
e9447f35 1101static void scsi_disk_purge_requests(SCSIDiskState *s)
56a14938 1102{
9af99d98 1103 SCSIDiskReq *r;
56a14938 1104
9af99d98
GH		 1105 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1106 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
e9447f35
JK		 1107 if (r->req.aiocb) {
1108 bdrv_aio_cancel(r->req.aiocb);
1109 }
9af99d98
GH		 1110 scsi_remove_request(r);
1111 }
e9447f35
JK		 1112}
1113
1114static void scsi_disk_reset(DeviceState *dev)
1115{
1116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1117 uint64_t nb_sectors;
1118
1119 scsi_disk_purge_requests(s);
1120
1121 bdrv_get_geometry(s->bs, &nb_sectors);
1122 nb_sectors /= s->cluster_size;
1123 if (nb_sectors) {
1124 nb_sectors--;
1125 }
1126 s->max_lba = nb_sectors;
1127}
1128
1129static void scsi_destroy(SCSIDevice *dev)
1130{
1131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1132
1133 scsi_disk_purge_requests(s);
f8b6cc00 1134 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1135}
1136
d52affa7 1137static int scsi_disk_initfn(SCSIDevice *dev)
2e5d83bb 1138{
d52affa7 1139 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
7d0d6950 1140 int is_cd;
f8b6cc00 1141 DriveInfo *dinfo;
2e5d83bb 1142
f8b6cc00 1143 if (!s->qdev.conf.bs) {
1ecda02b 1144 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1145 return -1;
1146 }
f8b6cc00 1147 s->bs = s->qdev.conf.bs;
7d0d6950 1148 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
d52affa7 1149
98f28ad7
MA		 1150 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1151 error_report("Device needs media, but drive is empty");
1152 return -1;
1153 }
1154
620f862e
MA		 1155 if (bdrv_get_on_error(s->bs, 1) != BLOCK_ERR_REPORT) {
1156 error_report("Device doesn't support drive option rerror");
1157 return -1;
1158 }
1159
a0fef654 1160 if (!s->serial) {
f8b6cc00
MA		 1161 /* try to fall back to value set with legacy -drive serial=... */
1162 dinfo = drive_get_by_blockdev(s->bs);
1163 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
a0fef654
MA		 1164 }
1165
552fee93
MA		 1166 if (!s->version) {
1167 s->version = qemu_strdup(QEMU_VERSION);
1168 }
1169
32bb404a 1170 if (bdrv_is_sg(s->bs)) {
1ecda02b 1171 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1172 return -1;
1173 }
1174
7d0d6950 1175 if (is_cd) {
8cfacf07 1176 s->qdev.blocksize = 2048;
2e5d83bb 1177 } else {
8cfacf07 1178 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2e5d83bb 1179 }
8cfacf07 1180 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1181 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1182
91376656 1183 s->qdev.type = TYPE_DISK;
ea8a5d7f 1184 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
7d0d6950 1185 bdrv_set_removable(s->bs, is_cd);
d52affa7
GH		 1186 return 0;
1187}
1188
1189static SCSIDeviceInfo scsi_disk_info = {
1190 .qdev.name = "scsi-disk",
1191 .qdev.desc = "virtual scsi disk or cdrom",
1192 .qdev.size = sizeof(SCSIDiskState),
e9447f35 1193 .qdev.reset = scsi_disk_reset,
d52affa7 1194 .init = scsi_disk_initfn,
56a14938 1195 .destroy = scsi_destroy,
d52affa7
GH		 1196 .send_command = scsi_send_command,
1197 .read_data = scsi_read_data,
1198 .write_data = scsi_write_data,
1199 .cancel_io = scsi_cancel_io,
1200 .get_buf = scsi_get_buf,
1201 .qdev.props = (Property[]) {
428c149b 1202 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
383b4d9b 1203 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
a0fef654 1204 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
d52affa7
GH		 1205 DEFINE_PROP_END_OF_LIST(),
1206 },
1207};
1208
1209static void scsi_disk_register_devices(void)
1210{
1211 scsi_qdev_register(&scsi_disk_info);
8ccc2ace 1212}
d52affa7 1213device_init(scsi_disk_register_devices)
Qemu copy for testing