]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
PPC: Fix TLB invalidation bug within the PPC interrupt handler.
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
5d0d2467 41#include "dma.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
f0f72ffe 47#define SCSI_DMA_BUF_SIZE 131072
57575058 48#define SCSI_MAX_INQUIRY_LEN 256
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
c87c0672
AL		 58 struct iovec iov;
59 QEMUIOVector qiov;
a597e79c 60 BlockAcctCookie acct;
4c41d2ef 61} SCSIDiskReq;
a917d384 62
d52affa7 63struct SCSIDiskState
a917d384 64{
d52affa7 65 SCSIDevice qdev;
419e691f 66 uint32_t removable;
8a9c16f6 67 bool media_changed;
3c2f7c12 68 bool media_event;
4480de19 69 bool eject_request;
213189ab 70 QEMUBH *bh;
383b4d9b 71 char *version;
a0fef654 72 char *serial;
ece0d5e9 73 bool tray_open;
81b1008d 74 bool tray_locked;
2e5d83bb
PB		 75};
76
71544d30 77static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 78
ad2d30f7 79static void scsi_free_request(SCSIRequest *req)
4d611c9a 80{
ad2d30f7
PB		 81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82
7285477a
PB		 83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
85 }
4d611c9a
PB		 86}
87
b45ef674
PB		 88/* Helper function for command completion with sense. */
89static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 90{
02fa69b6
BS		 91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 95}
96
97/* Cancel a pending data transfer. */
5c6c0e51 98static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 99{
5c6c0e51
HR		 100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 if (r->req.aiocb) {
104 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 105
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
a917d384 110 }
5c6c0e51 111 r->req.aiocb = NULL;
a917d384
PB		 112}
113
43b978b9 114static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 115{
7285477a
PB		 116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
117
118 if (!r->iov.iov_base) {
43b978b9 119 r->buflen = size;
44740c38 120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 121 }
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
125}
126
43b978b9
PB		 127static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
128{
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
130
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
136 }
137}
138
139static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
140{
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
146 if (r->buflen) {
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
150 }
151 }
152
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
154}
155
5d0d2467
PB		 156static void scsi_dma_complete(void *opaque, int ret)
157{
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
162
163 if (ret) {
164 if (scsi_handle_rw_error(r, -ret)) {
165 goto done;
166 }
167 }
168
169 r->sector += r->sector_count;
170 r->sector_count = 0;
171 scsi_req_complete(&r->req, GOOD);
172
173done:
174 scsi_req_unref(&r->req);
175}
176
a917d384
PB		 177static void scsi_read_complete(void * opaque, int ret)
178{
4c41d2ef 179 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 180 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 181 int n;
a917d384 182
8e321cc6
PB		 183 if (r->req.aiocb != NULL) {
184 r->req.aiocb = NULL;
44740c38 185 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 186 }
a597e79c 187
a917d384 188 if (ret) {
71544d30 189 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 190 goto done;
5dba48a8 191 }
4d611c9a 192 }
5dba48a8 193
103b40f5 194 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
a917d384 195
103b40f5 196 n = r->qiov.size / 512;
5dba48a8
KW		 197 r->sector += n;
198 r->sector_count -= n;
103b40f5 199 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 200
201done:
202 if (!r->req.io_canceled) {
203 scsi_req_unref(&r->req);
204 }
4d611c9a
PB		 205}
206
0a4ac106
PB		 207static void scsi_flush_complete(void * opaque, int ret)
208{
209 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
211
212 if (r->req.aiocb != NULL) {
213 r->req.aiocb = NULL;
44740c38 214 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0a4ac106
PB		 215 }
216
217 if (ret < 0) {
71544d30 218 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 219 goto done;
0a4ac106
PB		 220 }
221 }
222
223 scsi_req_complete(&r->req, GOOD);
c7bae6a7
PB		 224
225done:
226 if (!r->req.io_canceled) {
227 scsi_req_unref(&r->req);
228 }
0a4ac106 229}
5dba48a8 230
5c6c0e51
HR		 231/* Read more data from scsi device into buffer. */
232static void scsi_read_data(SCSIRequest *req)
2e5d83bb 233{
5c6c0e51 234 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 236 uint32_t n;
237
a917d384 238 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 239 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 240 r->sector_count = 0;
ab9adc88 241 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 242 return;
2e5d83bb 243 }
a917d384
PB		 244 DPRINTF("Read sector_count=%d\n", r->sector_count);
245 if (r->sector_count == 0) {
b45ef674
PB		 246 /* This also clears the sense buffer for REQUEST SENSE. */
247 scsi_req_complete(&r->req, GOOD);
a917d384 248 return;
2e5d83bb
PB		 249 }
250
6fa2c95f
SH		 251 /* No data transfer may already be in progress */
252 assert(r->req.aiocb == NULL);
253
c7bae6a7
PB		 254 /* The request is used as the AIO opaque value, so add a ref. */
255 scsi_req_ref(&r->req);
efb9ee02
HR		 256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
257 DPRINTF("Data transfer direction invalid\n");
258 scsi_read_complete(r, -EINVAL);
259 return;
260 }
261
a1aff5bf
MA		 262 if (s->tray_open) {
263 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 264 return;
a1aff5bf 265 }
c7bae6a7 266
5d0d2467
PB		 267 if (r->req.sg) {
268 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
269 r->req.resid -= r->req.sg->size;
270 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
271 scsi_dma_complete, r);
272 } else {
43b978b9 273 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
5d0d2467
PB		 274 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
275 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
276 scsi_read_complete, r);
277 }
2e5d83bb
PB		 278}
279
c7bae6a7
PB		 280/*
281 * scsi_handle_rw_error has two return values. 0 means that the error
282 * must be ignored, 1 means that the error has been processed and the
283 * caller should not do anything else for this request. Note that
284 * scsi_handle_rw_error always manages its reference counts, independent
285 * of the return value.
286 */
71544d30 287static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 288{
71544d30 289 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 291 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 292
380f640f 293 if (action == BLOCK_ERR_IGNORE) {
329c0a48 294 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 295 return 0;
380f640f 296 }
ea8a5d7f
AL		 297
298 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
299 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 300
329c0a48 301 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 302 vm_stop(RUN_STATE_IO_ERROR);
44740c38 303 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 304 scsi_req_retry(&r->req);
ea8a5d7f 305 } else {
efb9ee02 306 switch (error) {
7e218df5
PB		 307 case ENOMEDIUM:
308 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
309 break;
efb9ee02 310 case ENOMEM:
b45ef674 311 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 312 break;
313 case EINVAL:
b45ef674 314 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 315 break;
316 default:
b45ef674 317 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 318 break;
a1f0cce2 319 }
329c0a48 320 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 321 }
ea8a5d7f
AL		 322 return 1;
323}
324
4d611c9a
PB		 325static void scsi_write_complete(void * opaque, int ret)
326{
4c41d2ef 327 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 329 uint32_t n;
330
8e321cc6
PB		 331 if (r->req.aiocb != NULL) {
332 r->req.aiocb = NULL;
44740c38 333 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 334 }
a597e79c 335
4d611c9a 336 if (ret) {
71544d30 337 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 338 goto done;
5dba48a8 339 }
4d611c9a
PB		 340 }
341
103b40f5 342 n = r->qiov.size / 512;
ea8a5d7f
AL		 343 r->sector += n;
344 r->sector_count -= n;
a917d384 345 if (r->sector_count == 0) {
b45ef674 346 scsi_req_complete(&r->req, GOOD);
a917d384 347 } else {
43b978b9 348 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
103b40f5
PB		 349 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
350 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 351 }
c7bae6a7
PB		 352
353done:
354 if (!r->req.io_canceled) {
355 scsi_req_unref(&r->req);
356 }
4d611c9a
PB		 357}
358
42741212 359static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 360{
5c6c0e51 361 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 362 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 363 uint32_t n;
364
6fa2c95f
SH		 365 /* No data transfer may already be in progress */
366 assert(r->req.aiocb == NULL);
367
c7bae6a7
PB		 368 /* The request is used as the AIO opaque value, so add a ref. */
369 scsi_req_ref(&r->req);
efb9ee02
HR		 370 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
371 DPRINTF("Data transfer direction invalid\n");
372 scsi_write_complete(r, -EINVAL);
42741212 373 return;
efb9ee02
HR		 374 }
375
5d0d2467
PB		 376 if (!r->req.sg && !r->qiov.size) {
377 /* Called for the first time. Ask the driver to send us more data. */
378 scsi_write_complete(r, 0);
379 return;
380 }
381 if (s->tray_open) {
382 scsi_write_complete(r, -ENOMEDIUM);
383 return;
384 }
385
386 if (r->req.sg) {
387 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
388 r->req.resid -= r->req.sg->size;
389 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
390 scsi_dma_complete, r);
391 } else {
392 n = r->qiov.size / 512;
44740c38
PB		 393 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
394 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 395 scsi_write_complete, r);
ea8a5d7f 396 }
a917d384 397}
2e5d83bb 398
a917d384 399/* Return a pointer to the data buffer. */
5c6c0e51 400static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 401{
5c6c0e51 402 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 403
3f4cb3d3 404 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 405}
406
0b06c059
GH		 407static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
408{
383b4d9b 409 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 410 int buflen = 0;
411
412 if (req->cmd.buf[1] & 0x2) {
413 /* Command support data - optional, not implemented */
414 BADF("optional INQUIRY command support request not implemented\n");
415 return -1;
416 }
417
418 if (req->cmd.buf[1] & 0x1) {
419 /* Vital product data */
420 uint8_t page_code = req->cmd.buf[2];
421 if (req->cmd.xfer < 4) {
422 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
423 "less than 4\n", page_code, req->cmd.xfer);
424 return -1;
425 }
426
e39be482 427 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 428 outbuf[buflen++] = page_code ; // this page
429 outbuf[buflen++] = 0x00;
430
431 switch (page_code) {
432 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 433 {
434 int pages;
0b06c059
GH		 435 DPRINTF("Inquiry EVPD[Supported pages] "
436 "buffer size %zd\n", req->cmd.xfer);
39d98982 437 pages = buflen++;
0b06c059 438 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 439 if (s->serial) {
3e1c0c9a 440 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 441 }
0b06c059 442 outbuf[buflen++] = 0x83; // device identification
f37bd73b 443 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 444 outbuf[buflen++] = 0xb0; // block limits
445 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 446 }
447 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 448 break;
39d98982 449 }
0b06c059
GH		 450 case 0x80: /* Device serial number, optional */
451 {
3e1c0c9a 452 int l;
0b06c059 453
3e1c0c9a
HR		 454 if (!s->serial) {
455 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
456 return -1;
457 }
458
459 l = strlen(s->serial);
f01b5931 460 if (l > 20) {
0b06c059 461 l = 20;
f01b5931 462 }
0b06c059
GH		 463
464 DPRINTF("Inquiry EVPD[Serial number] "
465 "buffer size %zd\n", req->cmd.xfer);
466 outbuf[buflen++] = l;
a0fef654 467 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 468 buflen += l;
469 break;
470 }
471
472 case 0x83: /* Device identification page, mandatory */
473 {
fd930791
PB		 474 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
475 int max_len = s->serial ? 20 : 255 - 8;
476 int id_len = strlen(str);
0b06c059 477
f01b5931 478 if (id_len > max_len) {
0b06c059 479 id_len = max_len;
f01b5931 480 }
0b06c059
GH		 481 DPRINTF("Inquiry EVPD[Device identification] "
482 "buffer size %zd\n", req->cmd.xfer);
483
39d98982 484 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 485 outbuf[buflen++] = 0x2; // ASCII
486 outbuf[buflen++] = 0; // not officially assigned
487 outbuf[buflen++] = 0; // reserved
488 outbuf[buflen++] = id_len; // length of data following
489
fd930791 490 memcpy(outbuf+buflen, str, id_len);
0b06c059
GH		 491 buflen += id_len;
492 break;
493 }
ea3bd56f 494 case 0xb0: /* block limits */
ee3659e3 495 {
ea3bd56f
CH		 496 unsigned int unmap_sectors =
497 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 498 unsigned int min_io_size =
499 s->qdev.conf.min_io_size / s->qdev.blocksize;
500 unsigned int opt_io_size =
501 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 502
f37bd73b 503 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 504 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
505 page_code);
506 return -1;
507 }
ee3659e3
CH		 508 /* required VPD size with unmap support */
509 outbuf[3] = buflen = 0x3c;
510
511 memset(outbuf + 4, 0, buflen - 4);
512
513 /* optimal transfer length granularity */
514 outbuf[6] = (min_io_size >> 8) & 0xff;
515 outbuf[7] = min_io_size & 0xff;
516
517 /* optimal transfer length */
518 outbuf[12] = (opt_io_size >> 24) & 0xff;
519 outbuf[13] = (opt_io_size >> 16) & 0xff;
520 outbuf[14] = (opt_io_size >> 8) & 0xff;
521 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 522
523 /* optimal unmap granularity */
524 outbuf[28] = (unmap_sectors >> 24) & 0xff;
525 outbuf[29] = (unmap_sectors >> 16) & 0xff;
526 outbuf[30] = (unmap_sectors >> 8) & 0xff;
527 outbuf[31] = unmap_sectors & 0xff;
528 break;
529 }
530 case 0xb2: /* thin provisioning */
531 {
532 outbuf[3] = buflen = 8;
533 outbuf[4] = 0;
534 outbuf[5] = 0x40; /* write same with unmap supported */
535 outbuf[6] = 0;
536 outbuf[7] = 0;
ee3659e3
CH		 537 break;
538 }
0b06c059
GH		 539 default:
540 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
541 "buffer size %zd\n", page_code, req->cmd.xfer);
542 return -1;
543 }
544 /* done with EVPD */
545 return buflen;
546 }
547
548 /* Standard INQUIRY data */
549 if (req->cmd.buf[2] != 0) {
550 BADF("Error: Inquiry (STANDARD) page or code "
551 "is non-zero [%02X]\n", req->cmd.buf[2]);
552 return -1;
553 }
554
555 /* PAGE CODE == 0 */
556 if (req->cmd.xfer < 5) {
557 BADF("Error: Inquiry (STANDARD) buffer size %zd "
558 "is less than 5\n", req->cmd.xfer);
559 return -1;
560 }
561
0b06c059 562 buflen = req->cmd.xfer;
f01b5931 563 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 564 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 565 }
0b06c059
GH		 566 memset(outbuf, 0, buflen);
567
f37bd73b 568 outbuf[0] = s->qdev.type & 0x1f;
e39be482 569 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 570 if (s->qdev.type == TYPE_ROM) {
550fe6c6 571 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 572 } else {
550fe6c6 573 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 574 }
550fe6c6 575 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 576 memset(&outbuf[32], 0, 4);
552fee93 577 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 578 /*
579 * We claim conformance to SPC-3, which is required for guests
580 * to ask for modern features like READ CAPACITY(16) or the
581 * block characteristics VPD page by default. Not all of SPC-3
582 * is actually implemented, but we're good enough.
583 */
ee3659e3 584 outbuf[2] = 5;
0b06c059 585 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 586
587 if (buflen > 36) {
588 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
589 } else {
590 /* If the allocation length of CDB is too small,
591 the additional length is not adjusted */
592 outbuf[4] = 36 - 5;
593 }
594
0b06c059 595 /* Sync data transfer and TCQ. */
afd4030c 596 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 597 return buflen;
598}
599
430ee2f2
PB		 600static inline bool media_is_dvd(SCSIDiskState *s)
601{
602 uint64_t nb_sectors;
603 if (s->qdev.type != TYPE_ROM) {
604 return false;
605 }
44740c38 606 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 607 return false;
608 }
44740c38 609 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 610 return nb_sectors > CD_MAX_SECTORS;
611}
612
ceb792ef
PB		 613static inline bool media_is_cd(SCSIDiskState *s)
614{
615 uint64_t nb_sectors;
616 if (s->qdev.type != TYPE_ROM) {
617 return false;
618 }
44740c38 619 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 620 return false;
621 }
44740c38 622 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 623 return nb_sectors <= CD_MAX_SECTORS;
624}
625
b6c251ab
PB		 626static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
627 uint8_t *outbuf)
628{
ceb792ef
PB		 629 static const int rds_caps_size[5] = {
630 [0] = 2048 + 4,
631 [1] = 4 + 4,
632 [3] = 188 + 4,
633 [4] = 2048 + 4,
634 };
635
636 uint8_t media = r->req.cmd.buf[1];
637 uint8_t layer = r->req.cmd.buf[6];
638 uint8_t format = r->req.cmd.buf[7];
639 int size = -1;
640
641 if (s->qdev.type != TYPE_ROM) {
642 return -1;
643 }
644 if (media != 0) {
645 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
646 return -1;
647 }
648
649 if (format != 0xff) {
44740c38 650 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 651 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
652 return -1;
653 }
654 if (media_is_cd(s)) {
655 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
656 return -1;
657 }
658 if (format >= ARRAY_SIZE(rds_caps_size)) {
659 return -1;
660 }
661 size = rds_caps_size[format];
662 memset(outbuf, 0, size);
663 }
664
665 switch (format) {
666 case 0x00: {
667 /* Physical format information */
668 uint64_t nb_sectors;
669 if (layer != 0) {
670 goto fail;
671 }
44740c38 672 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 673
674 outbuf[4] = 1; /* DVD-ROM, part version 1 */
675 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
676 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
677 outbuf[7] = 0; /* default densities */
678
679 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
680 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
681 break;
682 }
683
684 case 0x01: /* DVD copyright information, all zeros */
685 break;
686
687 case 0x03: /* BCA information - invalid field for no BCA info */
688 return -1;
689
690 case 0x04: /* DVD disc manufacturing information, all zeros */
691 break;
692
693 case 0xff: { /* List capabilities */
694 int i;
695 size = 4;
696 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
697 if (!rds_caps_size[i]) {
698 continue;
699 }
700 outbuf[size] = i;
701 outbuf[size + 1] = 0x40; /* Not writable, readable */
702 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
703 size += 4;
704 }
705 break;
706 }
707
708 default:
709 return -1;
710 }
711
712 /* Size of buffer, not including 2 byte size field */
713 stw_be_p(outbuf, size - 2);
714 return size;
715
716fail:
b6c251ab
PB		 717 return -1;
718}
719
3c2f7c12 720static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 721{
3c2f7c12
PB		 722 uint8_t event_code, media_status;
723
724 media_status = 0;
725 if (s->tray_open) {
726 media_status = MS_TRAY_OPEN;
44740c38 727 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 728 media_status = MS_MEDIA_PRESENT;
729 }
730
731 /* Event notification descriptor */
732 event_code = MEC_NO_CHANGE;
4480de19
PB		 733 if (media_status != MS_TRAY_OPEN) {
734 if (s->media_event) {
735 event_code = MEC_NEW_MEDIA;
736 s->media_event = false;
737 } else if (s->eject_request) {
738 event_code = MEC_EJECT_REQUESTED;
739 s->eject_request = false;
740 }
3c2f7c12
PB		 741 }
742
743 outbuf[0] = event_code;
744 outbuf[1] = media_status;
745
746 /* These fields are reserved, just clear them. */
747 outbuf[2] = 0;
748 outbuf[3] = 0;
749 return 4;
750}
751
752static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
753 uint8_t *outbuf)
754{
755 int size;
756 uint8_t *buf = r->req.cmd.buf;
757 uint8_t notification_class_request = buf[4];
758 if (s->qdev.type != TYPE_ROM) {
759 return -1;
760 }
761 if ((buf[1] & 1) == 0) {
762 /* asynchronous */
763 return -1;
764 }
765
766 size = 4;
767 outbuf[0] = outbuf[1] = 0;
768 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
769 if (notification_class_request & (1 << GESN_MEDIA)) {
770 outbuf[2] = GESN_MEDIA;
771 size += scsi_event_status_media(s, &outbuf[size]);
772 } else {
773 outbuf[2] = 0x80;
774 }
775 stw_be_p(outbuf, size - 4);
776 return size;
b6c251ab
PB		 777}
778
430ee2f2 779static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 780{
430ee2f2
PB		 781 int current;
782
b6c251ab
PB		 783 if (s->qdev.type != TYPE_ROM) {
784 return -1;
785 }
430ee2f2
PB		 786 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
787 memset(outbuf, 0, 40);
788 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
789 stw_be_p(&outbuf[6], current);
790 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
791 outbuf[10] = 0x03; /* persistent, current */
792 outbuf[11] = 8; /* two profiles */
793 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
794 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
795 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
796 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
797 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
798 stw_be_p(&outbuf[20], 1);
799 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
800 outbuf[23] = 8;
801 stl_be_p(&outbuf[24], 1); /* SCSI */
802 outbuf[28] = 1; /* DBE = 1, mandatory */
803 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
804 stw_be_p(&outbuf[32], 3);
805 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
806 outbuf[35] = 4;
807 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
808 /* TODO: Random readable, CD read, DVD read, drive serial number,
809 power management */
810 return 40;
b6c251ab
PB		 811}
812
813static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
814{
815 if (s->qdev.type != TYPE_ROM) {
816 return -1;
817 }
818 memset(outbuf, 0, 8);
819 outbuf[5] = 1; /* CD-ROM */
820 return 8;
821}
822
cfc606da 823static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 824 int page_control)
ebddfcbe 825{
a8f4bbe2
PB		 826 static const int mode_sense_valid[0x3f] = {
827 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
828 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
829 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 830 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
831 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 832 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
833 };
834
44740c38 835 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 836 int cylinders, heads, secs;
cfc606da 837 uint8_t *p = *p_outbuf;
ebddfcbe 838
a8f4bbe2
PB		 839 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
840 return -1;
841 }
842
843 p[0] = page;
844
282ab04e
BK		 845 /*
846 * If Changeable Values are requested, a mask denoting those mode parameters
847 * that are changeable shall be returned. As we currently don't support
848 * parameter changes via MODE_SELECT all bits are returned set to zero.
849 * The buffer was already menset to zero by the caller of this function.
850 */
ebddfcbe 851 switch (page) {
67cc61e4 852 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 853 p[1] = 0x16;
282ab04e 854 if (page_control == 1) { /* Changeable Values */
cfc606da 855 break;
282ab04e 856 }
ebddfcbe 857 /* if a geometry hint is available, use it */
245d0049 858 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 859 p[2] = (cylinders >> 16) & 0xff;
860 p[3] = (cylinders >> 8) & 0xff;
861 p[4] = cylinders & 0xff;
862 p[5] = heads & 0xff;
863 /* Write precomp start cylinder, disabled */
864 p[6] = (cylinders >> 16) & 0xff;
865 p[7] = (cylinders >> 8) & 0xff;
866 p[8] = cylinders & 0xff;
867 /* Reduced current start cylinder, disabled */
868 p[9] = (cylinders >> 16) & 0xff;
869 p[10] = (cylinders >> 8) & 0xff;
870 p[11] = cylinders & 0xff;
871 /* Device step rate [ns], 200ns */
872 p[12] = 0;
873 p[13] = 200;
874 /* Landing zone cylinder */
875 p[14] = 0xff;
876 p[15] = 0xff;
877 p[16] = 0xff;
878 /* Medium rotation rate [rpm], 5400 rpm */
879 p[20] = (5400 >> 8) & 0xff;
880 p[21] = 5400 & 0xff;
cfc606da 881 break;
ebddfcbe 882
67cc61e4 883 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 884 p[1] = 0x1e;
282ab04e 885 if (page_control == 1) { /* Changeable Values */
cfc606da 886 break;
282ab04e 887 }
ebddfcbe
GH		 888 /* Transfer rate [kbit/s], 5Mbit/s */
889 p[2] = 5000 >> 8;
890 p[3] = 5000 & 0xff;
891 /* if a geometry hint is available, use it */
245d0049 892 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 893 p[4] = heads & 0xff;
894 p[5] = secs & 0xff;
69377307 895 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 896 p[8] = (cylinders >> 8) & 0xff;
897 p[9] = cylinders & 0xff;
898 /* Write precomp start cylinder, disabled */
899 p[10] = (cylinders >> 8) & 0xff;
900 p[11] = cylinders & 0xff;
901 /* Reduced current start cylinder, disabled */
902 p[12] = (cylinders >> 8) & 0xff;
903 p[13] = cylinders & 0xff;
904 /* Device step rate [100us], 100us */
905 p[14] = 0;
906 p[15] = 1;
907 /* Device step pulse width [us], 1us */
908 p[16] = 1;
909 /* Device head settle delay [100us], 100us */
910 p[17] = 0;
911 p[18] = 1;
912 /* Motor on delay [0.1s], 0.1s */
913 p[19] = 1;
914 /* Motor off delay [0.1s], 0.1s */
915 p[20] = 1;
916 /* Medium rotation rate [rpm], 5400 rpm */
917 p[28] = (5400 >> 8) & 0xff;
918 p[29] = 5400 & 0xff;
cfc606da 919 break;
ebddfcbe 920
67cc61e4 921 case MODE_PAGE_CACHING:
ebddfcbe
GH		 922 p[0] = 8;
923 p[1] = 0x12;
282ab04e 924 if (page_control == 1) { /* Changeable Values */
cfc606da 925 break;
282ab04e 926 }
44740c38 927 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 928 p[2] = 4; /* WCE */
929 }
cfc606da 930 break;
ebddfcbe 931
a07c7dcd
PB		 932 case MODE_PAGE_R_W_ERROR:
933 p[1] = 10;
934 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
935 if (s->qdev.type == TYPE_ROM) {
936 p[3] = 0x20; /* Read Retry Count */
937 }
938 break;
939
940 case MODE_PAGE_AUDIO_CTL:
941 p[1] = 14;
942 break;
943
67cc61e4 944 case MODE_PAGE_CAPABILITIES:
ebddfcbe 945 p[1] = 0x14;
282ab04e 946 if (page_control == 1) { /* Changeable Values */
cfc606da 947 break;
282ab04e 948 }
a07c7dcd
PB		 949
950 p[2] = 0x3b; /* CD-R & CD-RW read */
951 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 952 p[4] = 0x7f; /* Audio, composite, digital out,
953 mode 2 form 1&2, multi session */
954 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
955 RW corrected, C2 errors, ISRC,
956 UPC, Bar code */
81b1008d 957 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 958 /* Locking supported, jumper present, eject, tray */
959 p[7] = 0; /* no volume & mute control, no
960 changer */
a07c7dcd 961 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 962 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 963 p[10] = 2 >> 8; /* Two volume levels */
964 p[11] = 2 & 0xff;
965 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 966 p[13] = 2048 & 0xff;
a07c7dcd 967 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 968 p[15] = (16 * 176) & 0xff;
a07c7dcd 969 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 970 p[19] = (16 * 176) & 0xff;
a07c7dcd 971 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 972 p[21] = (16 * 176) & 0xff;
cfc606da 973 break;
ebddfcbe
GH		 974
975 default:
cfc606da 976 return -1;
ebddfcbe 977 }
cfc606da
PB		 978
979 *p_outbuf += p[1] + 2;
980 return p[1] + 2;
ebddfcbe
GH		 981}
982
cfc606da 983static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 984{
cfc606da 985 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 986 uint64_t nb_sectors;
cfc606da 987 int page, dbd, buflen, ret, page_control;
ebddfcbe 988 uint8_t *p;
ce512ee1 989 uint8_t dev_specific_param;
ebddfcbe 990
cfc606da
PB		 991 dbd = r->req.cmd.buf[1] & 0x8;
992 page = r->req.cmd.buf[2] & 0x3f;
993 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 994 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 995 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
996 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 997 p = outbuf;
998
44740c38 999 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 1000 dev_specific_param = 0x80; /* Readonly. */
1001 } else {
1002 dev_specific_param = 0x00;
1003 }
1004
cfc606da 1005 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1006 p[1] = 0; /* Default media type. */
1007 p[2] = dev_specific_param;
1008 p[3] = 0; /* Block descriptor length. */
1009 p += 4;
1010 } else { /* MODE_SENSE_10 */
1011 p[2] = 0; /* Default media type. */
1012 p[3] = dev_specific_param;
1013 p[6] = p[7] = 0; /* Block descriptor length. */
1014 p += 8;
ebddfcbe 1015 }
ebddfcbe 1016
0fd76ff4 1017 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 1018 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 1019 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 1020 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1021 outbuf[3] = 8; /* Block descriptor length */
1022 } else { /* MODE_SENSE_10 */
1023 outbuf[7] = 8; /* Block descriptor length */
1024 }
69377307 1025 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1026 if (nb_sectors > 0xffffff) {
2488b740 1027 nb_sectors = 0;
f01b5931 1028 }
ebddfcbe
GH		 1029 p[0] = 0; /* media density code */
1030 p[1] = (nb_sectors >> 16) & 0xff;
1031 p[2] = (nb_sectors >> 8) & 0xff;
1032 p[3] = nb_sectors & 0xff;
1033 p[4] = 0; /* reserved */
1034 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1035 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1036 p[7] = 0;
1037 p += 8;
1038 }
1039
cfc606da
PB		 1040 if (page_control == 3) {
1041 /* Saved Values */
1042 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1043 return -1;
282ab04e
BK		 1044 }
1045
cfc606da
PB		 1046 if (page == 0x3f) {
1047 for (page = 0; page <= 0x3e; page++) {
1048 mode_sense_page(s, page, &p, page_control);
1049 }
1050 } else {
1051 ret = mode_sense_page(s, page, &p, page_control);
1052 if (ret == -1) {
1053 return -1;
1054 }
ebddfcbe
GH		 1055 }
1056
1057 buflen = p - outbuf;
ce512ee1
BK		 1058 /*
1059 * The mode data length field specifies the length in bytes of the
1060 * following data that is available to be transferred. The mode data
1061 * length does not include itself.
1062 */
cfc606da 1063 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1064 outbuf[0] = buflen - 1;
1065 } else { /* MODE_SENSE_10 */
1066 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1067 outbuf[1] = (buflen - 2) & 0xff;
1068 }
ebddfcbe
GH		 1069 return buflen;
1070}
1071
02880f43
GH		 1072static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1073{
1074 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1075 int start_track, format, msf, toclen;
1076 uint64_t nb_sectors;
1077
1078 msf = req->cmd.buf[1] & 2;
1079 format = req->cmd.buf[2] & 0xf;
1080 start_track = req->cmd.buf[6];
44740c38 1081 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1082 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1083 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1084 switch (format) {
1085 case 0:
1086 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1087 break;
1088 case 1:
1089 /* multi session : only a single session defined */
1090 toclen = 12;
1091 memset(outbuf, 0, 12);
1092 outbuf[1] = 0x0a;
1093 outbuf[2] = 0x01;
1094 outbuf[3] = 0x01;
1095 break;
1096 case 2:
1097 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1098 break;
1099 default:
1100 return -1;
1101 }
02880f43
GH		 1102 return toclen;
1103}
1104
68bb01f3 1105static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1106{
1107 SCSIRequest *req = &r->req;
1108 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1109 bool start = req->cmd.buf[4] & 1;
1110 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1111
1112 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1113 if (!start && !s->tray_open && s->tray_locked) {
1114 scsi_check_condition(r,
44740c38 1115 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1116 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1117 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1118 return -1;
fdec4404 1119 }
d88b1819
LC		 1120
1121 if (s->tray_open != !start) {
1122 bdrv_eject(s->qdev.conf.bs, !start);
1123 s->tray_open = !start;
1124 }
bfd52647 1125 }
68bb01f3 1126 return 0;
bfd52647
MA		 1127}
1128
7285477a 1129static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1130{
8af7a3ab 1131 SCSIRequest *req = &r->req;
e7e25e32 1132 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1133 uint64_t nb_sectors;
7285477a 1134 uint8_t *outbuf;
aa5dbdc1
GH		 1135 int buflen = 0;
1136
7285477a
PB		 1137 if (!r->iov.iov_base) {
1138 /*
1139 * FIXME: we shouldn't return anything bigger than 4k, but the code
1140 * requires the buffer to be as big as req->cmd.xfer in several
1141 * places. So, do not allow CDBs with a very large ALLOCATION
1142 * LENGTH. The real fix would be to modify scsi_read_data and
1143 * dma_buf_read, so that they return data beyond the buflen
1144 * as all zeros.
1145 */
1146 if (req->cmd.xfer > 65536) {
1147 goto illegal_request;
1148 }
1149 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1150 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1151 }
1152
1153 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1154 switch (req->cmd.buf[0]) {
1155 case TEST_UNIT_READY:
9bcaf4fe 1156 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1157 break;
0b06c059
GH		 1158 case INQUIRY:
1159 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1160 if (buflen < 0) {
0b06c059 1161 goto illegal_request;
f01b5931 1162 }
5f71d32f 1163 break;
ebddfcbe
GH		 1164 case MODE_SENSE:
1165 case MODE_SENSE_10:
cfc606da 1166 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1167 if (buflen < 0) {
ebddfcbe 1168 goto illegal_request;
f01b5931 1169 }
ebddfcbe 1170 break;
02880f43
GH		 1171 case READ_TOC:
1172 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1173 if (buflen < 0) {
02880f43 1174 goto illegal_request;
f01b5931 1175 }
02880f43 1176 break;
3d53ba18 1177 case RESERVE:
f01b5931 1178 if (req->cmd.buf[1] & 1) {
3d53ba18 1179 goto illegal_request;
f01b5931 1180 }
3d53ba18
GH		 1181 break;
1182 case RESERVE_10:
f01b5931 1183 if (req->cmd.buf[1] & 3) {
3d53ba18 1184 goto illegal_request;
f01b5931 1185 }
3d53ba18
GH		 1186 break;
1187 case RELEASE:
f01b5931 1188 if (req->cmd.buf[1] & 1) {
3d53ba18 1189 goto illegal_request;
f01b5931 1190 }
3d53ba18
GH		 1191 break;
1192 case RELEASE_10:
f01b5931 1193 if (req->cmd.buf[1] & 3) {
3d53ba18 1194 goto illegal_request;
f01b5931 1195 }
3d53ba18 1196 break;
8d3628ff 1197 case START_STOP:
68bb01f3
MA		 1198 if (scsi_disk_emulate_start_stop(r) < 0) {
1199 return -1;
1200 }
5f71d32f 1201 break;
c68b9f34 1202 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1203 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1204 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1205 break;
5e30a07d 1206 case READ_CAPACITY_10:
e7e25e32 1207 /* The normal LEN field for this command is zero. */
5f71d32f 1208 memset(outbuf, 0, 8);
44740c38 1209 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1210 if (!nb_sectors) {
9bcaf4fe
PB		 1211 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1212 return -1;
f01b5931 1213 }
7cec78b6
PB		 1214 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1215 goto illegal_request;
1216 }
69377307 1217 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1218 /* Returned value is the address of the last sector. */
1219 nb_sectors--;
1220 /* Remember the new size for read/write sanity checking. */
7877903a 1221 s->qdev.max_lba = nb_sectors;
e7e25e32 1222 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1223 if (nb_sectors > UINT32_MAX) {
e7e25e32 1224 nb_sectors = UINT32_MAX;
f01b5931 1225 }
e7e25e32
GH		 1226 outbuf[0] = (nb_sectors >> 24) & 0xff;
1227 outbuf[1] = (nb_sectors >> 16) & 0xff;
1228 outbuf[2] = (nb_sectors >> 8) & 0xff;
1229 outbuf[3] = nb_sectors & 0xff;
1230 outbuf[4] = 0;
1231 outbuf[5] = 0;
69377307 1232 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1233 outbuf[7] = 0;
1234 buflen = 8;
5f71d32f 1235 break;
f3b338ef
PB		 1236 case REQUEST_SENSE:
1237 /* Just return "NO SENSE". */
1238 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1239 (req->cmd.buf[1] & 1) == 0);
1240 break;
b6c251ab
PB		 1241 case MECHANISM_STATUS:
1242 buflen = scsi_emulate_mechanism_status(s, outbuf);
1243 if (buflen < 0) {
1244 goto illegal_request;
1245 }
1246 break;
38215553 1247 case GET_CONFIGURATION:
430ee2f2 1248 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1249 if (buflen < 0) {
1250 goto illegal_request;
1251 }
1252 break;
1253 case GET_EVENT_STATUS_NOTIFICATION:
1254 buflen = scsi_get_event_status_notification(s, r, outbuf);
1255 if (buflen < 0) {
1256 goto illegal_request;
1257 }
1258 break;
1259 case READ_DVD_STRUCTURE:
1260 buflen = scsi_read_dvd_structure(s, r, outbuf);
1261 if (buflen < 0) {
1262 goto illegal_request;
1263 }
38215553 1264 break;
f6515262 1265 case SERVICE_ACTION_IN_16:
5dd90e2a 1266 /* Service Action In subcommands. */
f6515262 1267 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1268 DPRINTF("SAI READ CAPACITY(16)\n");
1269 memset(outbuf, 0, req->cmd.xfer);
44740c38 1270 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1271 if (!nb_sectors) {
9bcaf4fe
PB		 1272 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1273 return -1;
f01b5931 1274 }
7cec78b6
PB		 1275 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1276 goto illegal_request;
1277 }
69377307 1278 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1279 /* Returned value is the address of the last sector. */
1280 nb_sectors--;
1281 /* Remember the new size for read/write sanity checking. */
7877903a 1282 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1283 outbuf[0] = (nb_sectors >> 56) & 0xff;
1284 outbuf[1] = (nb_sectors >> 48) & 0xff;
1285 outbuf[2] = (nb_sectors >> 40) & 0xff;
1286 outbuf[3] = (nb_sectors >> 32) & 0xff;
1287 outbuf[4] = (nb_sectors >> 24) & 0xff;
1288 outbuf[5] = (nb_sectors >> 16) & 0xff;
1289 outbuf[6] = (nb_sectors >> 8) & 0xff;
1290 outbuf[7] = nb_sectors & 0xff;
1291 outbuf[8] = 0;
1292 outbuf[9] = 0;
69377307 1293 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1294 outbuf[11] = 0;
ee3659e3
CH		 1295 outbuf[12] = 0;
1296 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1297
1298 /* set TPE bit if the format supports discard */
1299 if (s->qdev.conf.discard_granularity) {
1300 outbuf[14] = 0x80;
1301 }
1302
5dd90e2a
GH		 1303 /* Protection, exponent and lowest lba field left blank. */
1304 buflen = req->cmd.xfer;
1305 break;
1306 }
1307 DPRINTF("Unsupported Service Action In\n");
1308 goto illegal_request;
5e30a07d 1309 case VERIFY_10:
88f8a5ed 1310 break;
aa5dbdc1 1311 default:
b45ef674 1312 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1313 return -1;
aa5dbdc1 1314 }
e2f0c49f 1315 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1316 return buflen;
1317
aa5dbdc1 1318illegal_request:
cfc606da
PB		 1319 if (r->req.status == -1) {
1320 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1321 }
8af7a3ab 1322 return -1;
aa5dbdc1
GH		 1323}
1324
2e5d83bb
PB		 1325/* Execute a scsi command. Returns the length of the data expected by the
1326 command. This will be Positive for data transfers from the device
1327 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1328 and zero if the command does not transfer any data. */
1329
5c6c0e51 1330static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1331{
5c6c0e51
HR		 1332 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1334 int32_t len;
a917d384 1335 uint8_t command;
aa5dbdc1 1336 int rc;
a917d384
PB		 1337
1338 command = buf[0];
653c1c3f 1339 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1340
2e5d83bb
PB		 1341#ifdef DEBUG_SCSI
1342 {
1343 int i;
2dd791b6 1344 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1345 printf(" 0x%02x", buf[i]);
1346 }
1347 printf("\n");
1348 }
1349#endif
aa5dbdc1 1350
9bcaf4fe
PB		 1351 switch (command) {
1352 case INQUIRY:
1353 case MODE_SENSE:
1354 case MODE_SENSE_10:
1355 case RESERVE:
1356 case RESERVE_10:
1357 case RELEASE:
1358 case RELEASE_10:
1359 case START_STOP:
1360 case ALLOW_MEDIUM_REMOVAL:
1361 case GET_CONFIGURATION:
1362 case GET_EVENT_STATUS_NOTIFICATION:
1363 case MECHANISM_STATUS:
1364 case REQUEST_SENSE:
1365 break;
1366
1367 default:
1368 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1369 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1370 return 0;
1371 }
1372 break;
1373 }
1374
a917d384 1375 switch (command) {
ebf46023 1376 case TEST_UNIT_READY:
0b06c059 1377 case INQUIRY:
ebddfcbe
GH		 1378 case MODE_SENSE:
1379 case MODE_SENSE_10:
3d53ba18
GH		 1380 case RESERVE:
1381 case RESERVE_10:
1382 case RELEASE:
1383 case RELEASE_10:
8d3628ff 1384 case START_STOP:
c68b9f34 1385 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1386 case READ_CAPACITY_10:
02880f43 1387 case READ_TOC:
b6c251ab 1388 case READ_DVD_STRUCTURE:
38215553 1389 case GET_CONFIGURATION:
b6c251ab
PB		 1390 case GET_EVENT_STATUS_NOTIFICATION:
1391 case MECHANISM_STATUS:
f6515262 1392 case SERVICE_ACTION_IN_16:
f3b338ef 1393 case REQUEST_SENSE:
5e30a07d 1394 case VERIFY_10:
7285477a 1395 rc = scsi_disk_emulate_command(r);
8af7a3ab 1396 if (rc < 0) {
0b06c059 1397 return 0;
aa5dbdc1 1398 }
8af7a3ab
KW		 1399
1400 r->iov.iov_len = rc;
0b06c059 1401 break;
0a4ac106 1402 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1403 /* The request is used as the AIO opaque value, so add a ref. */
1404 scsi_req_ref(&r->req);
44740c38
PB		 1405 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1406 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1407 return 0;
ebf46023
GH		 1408 case READ_6:
1409 case READ_10:
bd536cf3
GH		 1410 case READ_12:
1411 case READ_16:
5c6c0e51 1412 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1413 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1414 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1415 goto illegal_lba;
f01b5931 1416 }
69377307
PB		 1417 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1418 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1419 break;
ebf46023
GH		 1420 case WRITE_6:
1421 case WRITE_10:
bd536cf3
GH		 1422 case WRITE_12:
1423 case WRITE_16:
5e30a07d 1424 case WRITE_VERIFY_10:
ebef0bbb
BK		 1425 case WRITE_VERIFY_12:
1426 case WRITE_VERIFY_16:
5c6c0e51 1427 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1428 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1429 (command & 0xe) == 0xe ? "And Verify " : "",
1430 r->req.cmd.lba, len);
7877903a 1431 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1432 goto illegal_lba;
f01b5931 1433 }
69377307
PB		 1434 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1435 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1436 break;
ebef0bbb 1437 case MODE_SELECT:
2dd791b6 1438 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1439 /* We don't support mode parameter changes.
1440 Allow the mode parameter header + block descriptors only. */
2dd791b6 1441 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1442 goto fail;
1443 }
1444 break;
1445 case MODE_SELECT_10:
2dd791b6 1446 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1447 /* We don't support mode parameter changes.
1448 Allow the mode parameter header + block descriptors only. */
2dd791b6 1449 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1450 goto fail;
1451 }
1452 break;
ebef0bbb 1453 case SEEK_10:
00a01ad4 1454 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1455 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1456 goto illegal_lba;
1457 }
ea3bd56f
CH		 1458 break;
1459 case WRITE_SAME_16:
5c6c0e51 1460 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1461
1462 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1463 r->req.cmd.lba, len);
1464
7877903a 1465 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1466 goto illegal_lba;
1467 }
1468
1469 /*
1470 * We only support WRITE SAME with the unmap bit set for now.
1471 */
1472 if (!(buf[1] & 0x8)) {
1473 goto fail;
1474 }
1475
69377307
PB		 1476 rc = bdrv_discard(s->qdev.conf.bs,
1477 r->req.cmd.lba * (s->qdev.blocksize / 512),
1478 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1479 if (rc < 0) {
1480 /* XXX: better error code ?*/
1481 goto fail;
1482 }
1483
ebef0bbb 1484 break;
2e5d83bb 1485 default:
2dd791b6 1486 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1487 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1488 return 0;
2e5d83bb 1489 fail:
b45ef674 1490 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1491 return 0;
274fb0e1 1492 illegal_lba:
b45ef674 1493 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1494 return 0;
2e5d83bb 1495 }
c87c0672 1496 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1497 scsi_req_complete(&r->req, GOOD);
a917d384 1498 }
c87c0672 1499 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1500 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1501 return -len;
a917d384 1502 } else {
f01b5931 1503 if (!r->sector_count) {
a917d384 1504 r->sector_count = -1;
f01b5931 1505 }
efb9ee02 1506 return len;
2e5d83bb 1507 }
2e5d83bb
PB		 1508}
1509
e9447f35
JK		 1510static void scsi_disk_reset(DeviceState *dev)
1511{
1512 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1513 uint64_t nb_sectors;
1514
c7b48872 1515 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1516
44740c38 1517 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1518 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1519 if (nb_sectors) {
1520 nb_sectors--;
1521 }
7877903a 1522 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1523}
1524
1525static void scsi_destroy(SCSIDevice *dev)
1526{
1527 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1528
c7b48872 1529 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1530 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1531}
1532
7d4b4ba5 1533static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1534{
8a9c16f6
PB		 1535 SCSIDiskState *s = opaque;
1536
1537 /*
1538 * When a CD gets changed, we have to report an ejected state and
1539 * then a loaded state to guests so that they detect tray
1540 * open/close and media change events. Guests that do not use
1541 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1542 * states rely on this behavior.
1543 *
1544 * media_changed governs the state machine used for unit attention
1545 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1546 */
1547 s->media_changed = load;
1548 s->tray_open = !load;
1549 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1550 s->media_event = true;
4480de19
PB		 1551 s->eject_request = false;
1552}
1553
1554static void scsi_cd_eject_request_cb(void *opaque, bool force)
1555{
1556 SCSIDiskState *s = opaque;
1557
1558 s->eject_request = true;
1559 if (force) {
1560 s->tray_locked = false;
1561 }
2c6942fa
MA		 1562}
1563
e4def80b
MA		 1564static bool scsi_cd_is_tray_open(void *opaque)
1565{
1566 return ((SCSIDiskState *)opaque)->tray_open;
1567}
1568
f107639a
MA		 1569static bool scsi_cd_is_medium_locked(void *opaque)
1570{
1571 return ((SCSIDiskState *)opaque)->tray_locked;
1572}
1573
1574static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1575 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1576 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1577 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1578 .is_medium_locked = scsi_cd_is_medium_locked,
1579};
1580
8a9c16f6
PB		 1581static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1582{
1583 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1584 if (s->media_changed) {
1585 s->media_changed = false;
1586 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1587 }
1588}
1589
e39be482 1590static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1591{
d52affa7 1592 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1593 DriveInfo *dinfo;
2e5d83bb 1594
f8b6cc00 1595 if (!s->qdev.conf.bs) {
6a84cb1f 1596 error_report("drive property not set");
d52affa7
GH		 1597 return -1;
1598 }
1599
e39be482 1600 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1601 error_report("Device needs media, but drive is empty");
1602 return -1;
1603 }
1604
a0fef654 1605 if (!s->serial) {
f8b6cc00 1606 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1607 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1608 if (*dinfo->serial) {
7267c094 1609 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1610 }
a0fef654
MA		 1611 }
1612
552fee93 1613 if (!s->version) {
7267c094 1614 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1615 }
1616
44740c38 1617 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1618 error_report("unwanted /dev/sg*");
32bb404a
MA		 1619 return -1;
1620 }
1621
e39be482 1622 if (s->removable) {
44740c38 1623 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1624 }
44740c38 1625 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1626
44740c38 1627 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1628 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1629 return 0;
1630}
1631
b443ae67
MA		 1632static int scsi_hd_initfn(SCSIDevice *dev)
1633{
e39be482
PB		 1634 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1635 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1636 s->qdev.type = TYPE_DISK;
1637 return scsi_initfn(&s->qdev);
b443ae67
MA		 1638}
1639
1640static int scsi_cd_initfn(SCSIDevice *dev)
1641{
e39be482
PB		 1642 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1643 s->qdev.blocksize = 2048;
1644 s->qdev.type = TYPE_ROM;
1645 s->removable = true;
1646 return scsi_initfn(&s->qdev);
b443ae67
MA		 1647}
1648
1649static int scsi_disk_initfn(SCSIDevice *dev)
1650{
95b5edcd 1651 DriveInfo *dinfo;
b443ae67
MA		 1652
1653 if (!dev->conf.bs) {
e39be482 1654 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1655 }
1656
e39be482
PB		 1657 dinfo = drive_get_by_blockdev(dev->conf.bs);
1658 if (dinfo->media_cd) {
1659 return scsi_cd_initfn(dev);
1660 } else {
1661 return scsi_hd_initfn(dev);
1662 }
b443ae67
MA		 1663}
1664
adcf2754 1665static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1666 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1667 .free_req = scsi_free_request,
1668 .send_command = scsi_send_command,
1669 .read_data = scsi_read_data,
1670 .write_data = scsi_write_data,
1671 .cancel_io = scsi_cancel_io,
1672 .get_buf = scsi_get_buf,
43b978b9
PB		 1673 .load_request = scsi_disk_load_request,
1674 .save_request = scsi_disk_save_request,
8dbd4574
PB		 1675};
1676
63db0f0e
PB		 1677static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1678 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1679{
1680 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1681 SCSIRequest *req;
8dbd4574
PB		 1682
1683 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1684 return req;
1685}
1686
336a6915
PB		 1687#ifdef __linux__
1688static int get_device_type(SCSIDiskState *s)
1689{
1690 BlockDriverState *bdrv = s->qdev.conf.bs;
1691 uint8_t cmd[16];
1692 uint8_t buf[36];
1693 uint8_t sensebuf[8];
1694 sg_io_hdr_t io_header;
1695 int ret;
1696
1697 memset(cmd, 0, sizeof(cmd));
1698 memset(buf, 0, sizeof(buf));
1699 cmd[0] = INQUIRY;
1700 cmd[4] = sizeof(buf);
1701
1702 memset(&io_header, 0, sizeof(io_header));
1703 io_header.interface_id = 'S';
1704 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1705 io_header.dxfer_len = sizeof(buf);
1706 io_header.dxferp = buf;
1707 io_header.cmdp = cmd;
1708 io_header.cmd_len = sizeof(cmd);
1709 io_header.mx_sb_len = sizeof(sensebuf);
1710 io_header.sbp = sensebuf;
1711 io_header.timeout = 6000; /* XXX */
1712
1713 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1714 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1715 return -1;
1716 }
1717 s->qdev.type = buf[0];
1718 s->removable = (buf[1] & 0x80) != 0;
1719 return 0;
1720}
1721
1722static int scsi_block_initfn(SCSIDevice *dev)
1723{
1724 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1725 int sg_version;
1726 int rc;
1727
1728 if (!s->qdev.conf.bs) {
1729 error_report("scsi-block: drive property not set");
1730 return -1;
1731 }
1732
1733 /* check we are using a driver managing SG_IO (version 3 and after) */
1734 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1735 sg_version < 30000) {
1736 error_report("scsi-block: scsi generic interface too old");
1737 return -1;
1738 }
1739
1740 /* get device type from INQUIRY data */
1741 rc = get_device_type(s);
1742 if (rc < 0) {
1743 error_report("scsi-block: INQUIRY failed");
1744 return -1;
1745 }
1746
1747 /* Make a guess for the block size, we'll fix it when the guest sends.
1748 * READ CAPACITY. If they don't, they likely would assume these sizes
1749 * anyway. (TODO: check in /sys).
1750 */
1751 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1752 s->qdev.blocksize = 2048;
1753 } else {
1754 s->qdev.blocksize = 512;
1755 }
1756 return scsi_initfn(&s->qdev);
1757}
1758
1759static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1760 uint32_t lun, uint8_t *buf,
1761 void *hba_private)
1762{
1763 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1764
1765 switch (buf[0]) {
1766 case READ_6:
1767 case READ_10:
1768 case READ_12:
1769 case READ_16:
1770 case WRITE_6:
1771 case WRITE_10:
1772 case WRITE_12:
1773 case WRITE_16:
1774 case WRITE_VERIFY_10:
1775 case WRITE_VERIFY_12:
1776 case WRITE_VERIFY_16:
eaccf49e
PB		 1777 /* If we are not using O_DIRECT, we might read stale data from the
1778 * host cache if writes were made using other commands than these
1779 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1780 * O_DIRECT everything must go through SG_IO.
1781 */
1782 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1783 break;
1784 }
1785
33ebad12
PB		 1786 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1787 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1788 * And once you do these writes, reading from the block device is
1789 * unreliable, too. It is even possible that reads deliver random data
1790 * from the host page cache (this is probably a Linux bug).
1791 *
1792 * We might use scsi_disk_reqops as long as no writing commands are
1793 * seen, but performance usually isn't paramount on optical media. So,
1794 * just make scsi-block operate the same as scsi-generic for them.
1795 */
eaccf49e
PB		 1796 if (s->qdev.type == TYPE_ROM) {
1797 break;
1798 }
1799 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1800 hba_private);
336a6915
PB		 1801 }
1802
1803 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1804 hba_private);
1805}
1806#endif
1807
b443ae67
MA		 1808#define DEFINE_SCSI_DISK_PROPERTIES() \
1809 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1810 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1811 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1812
39bffca2
AL		 1813static Property scsi_hd_properties[] = {
1814 DEFINE_SCSI_DISK_PROPERTIES(),
1815 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1816 DEFINE_PROP_END_OF_LIST(),
1817};
1818
43b978b9
PB		 1819static const VMStateDescription vmstate_scsi_disk_state = {
1820 .name = "scsi-disk",
1821 .version_id = 1,
1822 .minimum_version_id = 1,
1823 .minimum_version_id_old = 1,
1824 .fields = (VMStateField[]) {
1825 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1826 VMSTATE_BOOL(media_changed, SCSIDiskState),
1827 VMSTATE_BOOL(media_event, SCSIDiskState),
1828 VMSTATE_BOOL(eject_request, SCSIDiskState),
1829 VMSTATE_BOOL(tray_open, SCSIDiskState),
1830 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1831 VMSTATE_END_OF_LIST()
1832 }
1833};
1834
b9eea3e6
AL		 1835static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1836{
39bffca2 1837 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1838 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1839
1840 sc->init = scsi_hd_initfn;
1841 sc->destroy = scsi_destroy;
1842 sc->alloc_req = scsi_new_request;
1843 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1844 dc->fw_name = "disk";
1845 dc->desc = "virtual SCSI disk";
1846 dc->reset = scsi_disk_reset;
1847 dc->props = scsi_hd_properties;
43b978b9 1848 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1849}
1850
39bffca2
AL		 1851static TypeInfo scsi_hd_info = {
1852 .name = "scsi-hd",
1853 .parent = TYPE_SCSI_DEVICE,
1854 .instance_size = sizeof(SCSIDiskState),
1855 .class_init = scsi_hd_class_initfn,
1856};
1857
1858static Property scsi_cd_properties[] = {
1859 DEFINE_SCSI_DISK_PROPERTIES(),
1860 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1861};
1862
1863static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1864{
39bffca2 1865 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1866 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1867
1868 sc->init = scsi_cd_initfn;
1869 sc->destroy = scsi_destroy;
1870 sc->alloc_req = scsi_new_request;
1871 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1872 dc->fw_name = "disk";
1873 dc->desc = "virtual SCSI CD-ROM";
1874 dc->reset = scsi_disk_reset;
1875 dc->props = scsi_cd_properties;
43b978b9 1876 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1877}
1878
39bffca2
AL		 1879static TypeInfo scsi_cd_info = {
1880 .name = "scsi-cd",
1881 .parent = TYPE_SCSI_DEVICE,
1882 .instance_size = sizeof(SCSIDiskState),
1883 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1884};
1885
336a6915 1886#ifdef __linux__
39bffca2
AL		 1887static Property scsi_block_properties[] = {
1888 DEFINE_SCSI_DISK_PROPERTIES(),
1889 DEFINE_PROP_END_OF_LIST(),
1890};
1891
b9eea3e6
AL		 1892static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1893{
39bffca2 1894 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1895 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1896
1897 sc->init = scsi_block_initfn;
1898 sc->destroy = scsi_destroy;
1899 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 1900 dc->fw_name = "disk";
1901 dc->desc = "SCSI block device passthrough";
1902 dc->reset = scsi_disk_reset;
1903 dc->props = scsi_block_properties;
43b978b9 1904 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1905}
1906
39bffca2
AL		 1907static TypeInfo scsi_block_info = {
1908 .name = "scsi-block",
1909 .parent = TYPE_SCSI_DEVICE,
1910 .instance_size = sizeof(SCSIDiskState),
1911 .class_init = scsi_block_class_initfn,
b9eea3e6 1912};
336a6915 1913#endif
b9eea3e6 1914
39bffca2
AL		 1915static Property scsi_disk_properties[] = {
1916 DEFINE_SCSI_DISK_PROPERTIES(),
1917 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1918 DEFINE_PROP_END_OF_LIST(),
1919};
1920
b9eea3e6
AL		 1921static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1922{
39bffca2 1923 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1924 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1925
1926 sc->init = scsi_disk_initfn;
1927 sc->destroy = scsi_destroy;
1928 sc->alloc_req = scsi_new_request;
1929 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1930 dc->fw_name = "disk";
1931 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1932 dc->reset = scsi_disk_reset;
1933 dc->props = scsi_disk_properties;
43b978b9 1934 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1935}
1936
39bffca2
AL		 1937static TypeInfo scsi_disk_info = {
1938 .name = "scsi-disk",
1939 .parent = TYPE_SCSI_DEVICE,
1940 .instance_size = sizeof(SCSIDiskState),
1941 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 1942};
1943
83f7d43a 1944static void scsi_disk_register_types(void)
d52affa7 1945{
39bffca2
AL		 1946 type_register_static(&scsi_hd_info);
1947 type_register_static(&scsi_cd_info);
b9eea3e6 1948#ifdef __linux__
39bffca2 1949 type_register_static(&scsi_block_info);
b9eea3e6 1950#endif
39bffca2 1951 type_register_static(&scsi_disk_info);
8ccc2ace 1952}
83f7d43a
AF		 1953
1954type_init(scsi_disk_register_types)
Qemu copy for testing