]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'riku/linux-user-for-upstream' into staging
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
5d0d2467 41#include "dma.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
f0f72ffe 47#define SCSI_DMA_BUF_SIZE 131072
57575058 48#define SCSI_MAX_INQUIRY_LEN 256
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
a0e66a69 58 bool started;
c87c0672
AL		 59 struct iovec iov;
60 QEMUIOVector qiov;
a597e79c 61 BlockAcctCookie acct;
4c41d2ef 62} SCSIDiskReq;
a917d384 63
d52affa7 64struct SCSIDiskState
a917d384 65{
d52affa7 66 SCSIDevice qdev;
419e691f 67 uint32_t removable;
8a9c16f6 68 bool media_changed;
3c2f7c12 69 bool media_event;
4480de19 70 bool eject_request;
213189ab 71 QEMUBH *bh;
383b4d9b 72 char *version;
a0fef654 73 char *serial;
ece0d5e9 74 bool tray_open;
81b1008d 75 bool tray_locked;
2e5d83bb
PB		 76};
77
71544d30 78static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 79
ad2d30f7 80static void scsi_free_request(SCSIRequest *req)
4d611c9a 81{
ad2d30f7
PB		 82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83
7285477a
PB		 84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
86 }
4d611c9a
PB		 87}
88
b45ef674
PB		 89/* Helper function for command completion with sense. */
90static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 91{
02fa69b6
BS		 92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 96}
97
98/* Cancel a pending data transfer. */
5c6c0e51 99static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 100{
5c6c0e51
HR		 101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 if (r->req.aiocb) {
105 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 106
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
a917d384 111 }
5c6c0e51 112 r->req.aiocb = NULL;
a917d384
PB		 113}
114
43b978b9 115static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 116{
7285477a
PB		 117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118
119 if (!r->iov.iov_base) {
43b978b9 120 r->buflen = size;
44740c38 121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 122 }
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
126}
127
43b978b9
PB		 128static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129{
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
137 }
138}
139
140static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141{
142 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143
144 qemu_get_be64s(f, &r->sector);
145 qemu_get_be32s(f, &r->sector_count);
146 qemu_get_be32s(f, &r->buflen);
147 if (r->buflen) {
148 scsi_init_iovec(r, r->buflen);
149 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
150 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
151 }
152 }
153
154 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
155}
156
b77912a7 157static void scsi_flush_complete(void * opaque, int ret)
5d0d2467
PB		 158{
159 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
160 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161
162 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
163
80624c93 164 if (ret < 0) {
5d0d2467
PB		 165 if (scsi_handle_rw_error(r, -ret)) {
166 goto done;
167 }
168 }
169
5d0d2467
PB		 170 scsi_req_complete(&r->req, GOOD);
171
172done:
b8aba8d7
PB		 173 if (!r->req.io_canceled) {
174 scsi_req_unref(&r->req);
175 }
5d0d2467
PB		 176}
177
7e8c49c5
PB		 178static bool scsi_is_cmd_fua(SCSICommand *cmd)
179{
180 switch (cmd->buf[0]) {
181 case READ_10:
182 case READ_12:
183 case READ_16:
184 case WRITE_10:
185 case WRITE_12:
186 case WRITE_16:
187 return (cmd->buf[1] & 8) != 0;
188
7f64f8e2
PB		 189 case VERIFY_10:
190 case VERIFY_12:
191 case VERIFY_16:
7e8c49c5
PB		 192 case WRITE_VERIFY_10:
193 case WRITE_VERIFY_12:
194 case WRITE_VERIFY_16:
195 return true;
196
197 case READ_6:
198 case WRITE_6:
199 default:
200 return false;
201 }
202}
203
204static void scsi_write_do_fua(SCSIDiskReq *r)
205{
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
208 if (scsi_is_cmd_fua(&r->req.cmd)) {
209 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
210 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
211 return;
212 }
213
214 scsi_req_complete(&r->req, GOOD);
215 if (!r->req.io_canceled) {
216 scsi_req_unref(&r->req);
217 }
218}
219
b77912a7 220static void scsi_dma_complete(void *opaque, int ret)
a917d384 221{
4c41d2ef 222 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 224
7f64f8e2
PB		 225 if (r->req.aiocb != NULL) {
226 r->req.aiocb = NULL;
227 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
228 }
a597e79c 229
80624c93 230 if (ret < 0) {
71544d30 231 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 232 goto done;
5dba48a8 233 }
4d611c9a 234 }
5dba48a8 235
b77912a7
PB		 236 r->sector += r->sector_count;
237 r->sector_count = 0;
7e8c49c5
PB		 238 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
239 scsi_write_do_fua(r);
240 return;
241 } else {
242 scsi_req_complete(&r->req, GOOD);
243 }
c7bae6a7
PB		 244
245done:
246 if (!r->req.io_canceled) {
247 scsi_req_unref(&r->req);
248 }
4d611c9a
PB		 249}
250
b77912a7 251static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 252{
253 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 255 int n;
0a4ac106 256
b77912a7
PB		 257 if (r->req.aiocb != NULL) {
258 r->req.aiocb = NULL;
259 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
260 }
0a4ac106
PB		 261
262 if (ret < 0) {
71544d30 263 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 264 goto done;
0a4ac106
PB		 265 }
266 }
267
b77912a7
PB		 268 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
269
270 n = r->qiov.size / 512;
271 r->sector += n;
272 r->sector_count -= n;
273 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 274
275done:
276 if (!r->req.io_canceled) {
277 scsi_req_unref(&r->req);
278 }
0a4ac106 279}
5dba48a8 280
ac668426
PB		 281/* Actually issue a read to the block device. */
282static void scsi_do_read(void *opaque, int ret)
283{
284 SCSIDiskReq *r = opaque;
285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
286 uint32_t n;
287
288 if (r->req.aiocb != NULL) {
289 r->req.aiocb = NULL;
290 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
291 }
292
293 if (ret < 0) {
294 if (scsi_handle_rw_error(r, -ret)) {
295 goto done;
296 }
297 }
298
299 if (r->req.sg) {
300 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
301 r->req.resid -= r->req.sg->size;
302 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
303 scsi_dma_complete, r);
304 } else {
305 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
306 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
307 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
308 scsi_read_complete, r);
309 }
310
311done:
312 if (!r->req.io_canceled) {
313 scsi_req_unref(&r->req);
314 }
315}
316
5c6c0e51
HR		 317/* Read more data from scsi device into buffer. */
318static void scsi_read_data(SCSIRequest *req)
2e5d83bb 319{
5c6c0e51 320 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 322 bool first;
2e5d83bb 323
a917d384 324 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 325 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 326 r->sector_count = 0;
a0e66a69 327 r->started = true;
ab9adc88 328 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 329 return;
2e5d83bb 330 }
a917d384
PB		 331 DPRINTF("Read sector_count=%d\n", r->sector_count);
332 if (r->sector_count == 0) {
b45ef674
PB		 333 /* This also clears the sense buffer for REQUEST SENSE. */
334 scsi_req_complete(&r->req, GOOD);
a917d384 335 return;
2e5d83bb
PB		 336 }
337
6fa2c95f
SH		 338 /* No data transfer may already be in progress */
339 assert(r->req.aiocb == NULL);
340
c7bae6a7
PB		 341 /* The request is used as the AIO opaque value, so add a ref. */
342 scsi_req_ref(&r->req);
efb9ee02
HR		 343 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
344 DPRINTF("Data transfer direction invalid\n");
345 scsi_read_complete(r, -EINVAL);
346 return;
347 }
348
a1aff5bf
MA		 349 if (s->tray_open) {
350 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 351 return;
a1aff5bf 352 }
c7bae6a7 353
ac668426 354 first = !r->started;
a0e66a69 355 r->started = true;
ac668426
PB		 356 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
357 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
358 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
5d0d2467 359 } else {
ac668426 360 scsi_do_read(r, 0);
5d0d2467 361 }
2e5d83bb
PB		 362}
363
c7bae6a7
PB		 364/*
365 * scsi_handle_rw_error has two return values. 0 means that the error
366 * must be ignored, 1 means that the error has been processed and the
367 * caller should not do anything else for this request. Note that
368 * scsi_handle_rw_error always manages its reference counts, independent
369 * of the return value.
370 */
71544d30 371static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 372{
71544d30 373 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 375 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 376
380f640f 377 if (action == BLOCK_ERR_IGNORE) {
329c0a48 378 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 379 return 0;
380f640f 380 }
ea8a5d7f
AL		 381
382 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
383 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 384
329c0a48 385 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 386 vm_stop(RUN_STATE_IO_ERROR);
44740c38 387 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 388 scsi_req_retry(&r->req);
ea8a5d7f 389 } else {
efb9ee02 390 switch (error) {
7e218df5
PB		 391 case ENOMEDIUM:
392 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
393 break;
efb9ee02 394 case ENOMEM:
b45ef674 395 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 396 break;
397 case EINVAL:
b45ef674 398 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 399 break;
400 default:
b45ef674 401 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 402 break;
a1f0cce2 403 }
329c0a48 404 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 405 }
ea8a5d7f
AL		 406 return 1;
407}
408
4d611c9a
PB		 409static void scsi_write_complete(void * opaque, int ret)
410{
4c41d2ef 411 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 412 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 413 uint32_t n;
414
8e321cc6
PB		 415 if (r->req.aiocb != NULL) {
416 r->req.aiocb = NULL;
44740c38 417 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 418 }
a597e79c 419
80624c93 420 if (ret < 0) {
71544d30 421 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 422 goto done;
5dba48a8 423 }
4d611c9a
PB		 424 }
425
103b40f5 426 n = r->qiov.size / 512;
ea8a5d7f
AL		 427 r->sector += n;
428 r->sector_count -= n;
a917d384 429 if (r->sector_count == 0) {
7e8c49c5
PB		 430 scsi_write_do_fua(r);
431 return;
a917d384 432 } else {
43b978b9 433 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
103b40f5
PB		 434 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
435 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 436 }
c7bae6a7
PB		 437
438done:
439 if (!r->req.io_canceled) {
440 scsi_req_unref(&r->req);
441 }
4d611c9a
PB		 442}
443
42741212 444static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 445{
5c6c0e51 446 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 448 uint32_t n;
449
6fa2c95f
SH		 450 /* No data transfer may already be in progress */
451 assert(r->req.aiocb == NULL);
452
c7bae6a7
PB		 453 /* The request is used as the AIO opaque value, so add a ref. */
454 scsi_req_ref(&r->req);
efb9ee02
HR		 455 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
456 DPRINTF("Data transfer direction invalid\n");
457 scsi_write_complete(r, -EINVAL);
42741212 458 return;
efb9ee02
HR		 459 }
460
5d0d2467
PB		 461 if (!r->req.sg && !r->qiov.size) {
462 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 463 r->started = true;
5d0d2467
PB		 464 scsi_write_complete(r, 0);
465 return;
466 }
467 if (s->tray_open) {
468 scsi_write_complete(r, -ENOMEDIUM);
469 return;
470 }
471
7f64f8e2
PB		 472 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
473 r->req.cmd.buf[0] == VERIFY_16) {
474 if (r->req.sg) {
475 scsi_dma_complete(r, 0);
476 } else {
477 scsi_write_complete(r, 0);
478 }
479 return;
480 }
481
5d0d2467
PB		 482 if (r->req.sg) {
483 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
484 r->req.resid -= r->req.sg->size;
485 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
486 scsi_dma_complete, r);
487 } else {
488 n = r->qiov.size / 512;
44740c38
PB		 489 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
490 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 491 scsi_write_complete, r);
ea8a5d7f 492 }
a917d384 493}
2e5d83bb 494
a917d384 495/* Return a pointer to the data buffer. */
5c6c0e51 496static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 497{
5c6c0e51 498 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 499
3f4cb3d3 500 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 501}
502
0b06c059
GH		 503static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
504{
383b4d9b 505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 506 int buflen = 0;
507
508 if (req->cmd.buf[1] & 0x2) {
509 /* Command support data - optional, not implemented */
510 BADF("optional INQUIRY command support request not implemented\n");
511 return -1;
512 }
513
514 if (req->cmd.buf[1] & 0x1) {
515 /* Vital product data */
516 uint8_t page_code = req->cmd.buf[2];
517 if (req->cmd.xfer < 4) {
518 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
519 "less than 4\n", page_code, req->cmd.xfer);
520 return -1;
521 }
522
e39be482 523 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 524 outbuf[buflen++] = page_code ; // this page
525 outbuf[buflen++] = 0x00;
526
527 switch (page_code) {
528 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 529 {
530 int pages;
0b06c059
GH		 531 DPRINTF("Inquiry EVPD[Supported pages] "
532 "buffer size %zd\n", req->cmd.xfer);
39d98982 533 pages = buflen++;
0b06c059 534 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 535 if (s->serial) {
3e1c0c9a 536 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 537 }
0b06c059 538 outbuf[buflen++] = 0x83; // device identification
f37bd73b 539 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 540 outbuf[buflen++] = 0xb0; // block limits
541 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 542 }
543 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 544 break;
39d98982 545 }
0b06c059
GH		 546 case 0x80: /* Device serial number, optional */
547 {
3e1c0c9a 548 int l;
0b06c059 549
3e1c0c9a
HR		 550 if (!s->serial) {
551 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
552 return -1;
553 }
554
555 l = strlen(s->serial);
f01b5931 556 if (l > 20) {
0b06c059 557 l = 20;
f01b5931 558 }
0b06c059
GH		 559
560 DPRINTF("Inquiry EVPD[Serial number] "
561 "buffer size %zd\n", req->cmd.xfer);
562 outbuf[buflen++] = l;
a0fef654 563 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 564 buflen += l;
565 break;
566 }
567
568 case 0x83: /* Device identification page, mandatory */
569 {
fd930791
PB		 570 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
571 int max_len = s->serial ? 20 : 255 - 8;
572 int id_len = strlen(str);
0b06c059 573
f01b5931 574 if (id_len > max_len) {
0b06c059 575 id_len = max_len;
f01b5931 576 }
0b06c059
GH		 577 DPRINTF("Inquiry EVPD[Device identification] "
578 "buffer size %zd\n", req->cmd.xfer);
579
39d98982 580 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 581 outbuf[buflen++] = 0x2; // ASCII
582 outbuf[buflen++] = 0; // not officially assigned
583 outbuf[buflen++] = 0; // reserved
584 outbuf[buflen++] = id_len; // length of data following
585
fd930791 586 memcpy(outbuf+buflen, str, id_len);
0b06c059
GH		 587 buflen += id_len;
588 break;
589 }
ea3bd56f 590 case 0xb0: /* block limits */
ee3659e3 591 {
ea3bd56f
CH		 592 unsigned int unmap_sectors =
593 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 594 unsigned int min_io_size =
595 s->qdev.conf.min_io_size / s->qdev.blocksize;
596 unsigned int opt_io_size =
597 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 598
f37bd73b 599 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 600 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
601 page_code);
602 return -1;
603 }
ee3659e3
CH		 604 /* required VPD size with unmap support */
605 outbuf[3] = buflen = 0x3c;
606
607 memset(outbuf + 4, 0, buflen - 4);
608
609 /* optimal transfer length granularity */
610 outbuf[6] = (min_io_size >> 8) & 0xff;
611 outbuf[7] = min_io_size & 0xff;
612
613 /* optimal transfer length */
614 outbuf[12] = (opt_io_size >> 24) & 0xff;
615 outbuf[13] = (opt_io_size >> 16) & 0xff;
616 outbuf[14] = (opt_io_size >> 8) & 0xff;
617 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 618
619 /* optimal unmap granularity */
620 outbuf[28] = (unmap_sectors >> 24) & 0xff;
621 outbuf[29] = (unmap_sectors >> 16) & 0xff;
622 outbuf[30] = (unmap_sectors >> 8) & 0xff;
623 outbuf[31] = unmap_sectors & 0xff;
624 break;
625 }
626 case 0xb2: /* thin provisioning */
627 {
628 outbuf[3] = buflen = 8;
629 outbuf[4] = 0;
c9e4d828 630 outbuf[5] = 0x60; /* write_same 10/16 supported */
f644a290 631 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
ea3bd56f 632 outbuf[7] = 0;
ee3659e3
CH		 633 break;
634 }
0b06c059
GH		 635 default:
636 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
637 "buffer size %zd\n", page_code, req->cmd.xfer);
638 return -1;
639 }
640 /* done with EVPD */
641 return buflen;
642 }
643
644 /* Standard INQUIRY data */
645 if (req->cmd.buf[2] != 0) {
646 BADF("Error: Inquiry (STANDARD) page or code "
647 "is non-zero [%02X]\n", req->cmd.buf[2]);
648 return -1;
649 }
650
651 /* PAGE CODE == 0 */
652 if (req->cmd.xfer < 5) {
653 BADF("Error: Inquiry (STANDARD) buffer size %zd "
654 "is less than 5\n", req->cmd.xfer);
655 return -1;
656 }
657
0b06c059 658 buflen = req->cmd.xfer;
f01b5931 659 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 660 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 661 }
0b06c059
GH		 662 memset(outbuf, 0, buflen);
663
f37bd73b 664 outbuf[0] = s->qdev.type & 0x1f;
e39be482 665 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 666 if (s->qdev.type == TYPE_ROM) {
550fe6c6 667 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 668 } else {
550fe6c6 669 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 670 }
550fe6c6 671 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 672 memset(&outbuf[32], 0, 4);
552fee93 673 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 674 /*
675 * We claim conformance to SPC-3, which is required for guests
676 * to ask for modern features like READ CAPACITY(16) or the
677 * block characteristics VPD page by default. Not all of SPC-3
678 * is actually implemented, but we're good enough.
679 */
ee3659e3 680 outbuf[2] = 5;
0b06c059 681 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 682
683 if (buflen > 36) {
684 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
685 } else {
686 /* If the allocation length of CDB is too small,
687 the additional length is not adjusted */
688 outbuf[4] = 36 - 5;
689 }
690
0b06c059 691 /* Sync data transfer and TCQ. */
afd4030c 692 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 693 return buflen;
694}
695
430ee2f2
PB		 696static inline bool media_is_dvd(SCSIDiskState *s)
697{
698 uint64_t nb_sectors;
699 if (s->qdev.type != TYPE_ROM) {
700 return false;
701 }
44740c38 702 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 703 return false;
704 }
44740c38 705 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 706 return nb_sectors > CD_MAX_SECTORS;
707}
708
ceb792ef
PB		 709static inline bool media_is_cd(SCSIDiskState *s)
710{
711 uint64_t nb_sectors;
712 if (s->qdev.type != TYPE_ROM) {
713 return false;
714 }
44740c38 715 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 716 return false;
717 }
44740c38 718 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 719 return nb_sectors <= CD_MAX_SECTORS;
720}
721
b6c251ab
PB		 722static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
723 uint8_t *outbuf)
724{
ceb792ef
PB		 725 static const int rds_caps_size[5] = {
726 [0] = 2048 + 4,
727 [1] = 4 + 4,
728 [3] = 188 + 4,
729 [4] = 2048 + 4,
730 };
731
732 uint8_t media = r->req.cmd.buf[1];
733 uint8_t layer = r->req.cmd.buf[6];
734 uint8_t format = r->req.cmd.buf[7];
735 int size = -1;
736
737 if (s->qdev.type != TYPE_ROM) {
738 return -1;
739 }
740 if (media != 0) {
741 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
742 return -1;
743 }
744
745 if (format != 0xff) {
44740c38 746 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 747 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
748 return -1;
749 }
750 if (media_is_cd(s)) {
751 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
752 return -1;
753 }
754 if (format >= ARRAY_SIZE(rds_caps_size)) {
755 return -1;
756 }
757 size = rds_caps_size[format];
758 memset(outbuf, 0, size);
759 }
760
761 switch (format) {
762 case 0x00: {
763 /* Physical format information */
764 uint64_t nb_sectors;
765 if (layer != 0) {
766 goto fail;
767 }
44740c38 768 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 769
770 outbuf[4] = 1; /* DVD-ROM, part version 1 */
771 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
772 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
773 outbuf[7] = 0; /* default densities */
774
775 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
776 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
777 break;
778 }
779
780 case 0x01: /* DVD copyright information, all zeros */
781 break;
782
783 case 0x03: /* BCA information - invalid field for no BCA info */
784 return -1;
785
786 case 0x04: /* DVD disc manufacturing information, all zeros */
787 break;
788
789 case 0xff: { /* List capabilities */
790 int i;
791 size = 4;
792 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
793 if (!rds_caps_size[i]) {
794 continue;
795 }
796 outbuf[size] = i;
797 outbuf[size + 1] = 0x40; /* Not writable, readable */
798 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
799 size += 4;
800 }
801 break;
802 }
803
804 default:
805 return -1;
806 }
807
808 /* Size of buffer, not including 2 byte size field */
809 stw_be_p(outbuf, size - 2);
810 return size;
811
812fail:
b6c251ab
PB		 813 return -1;
814}
815
3c2f7c12 816static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 817{
3c2f7c12
PB		 818 uint8_t event_code, media_status;
819
820 media_status = 0;
821 if (s->tray_open) {
822 media_status = MS_TRAY_OPEN;
44740c38 823 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 824 media_status = MS_MEDIA_PRESENT;
825 }
826
827 /* Event notification descriptor */
828 event_code = MEC_NO_CHANGE;
4480de19
PB		 829 if (media_status != MS_TRAY_OPEN) {
830 if (s->media_event) {
831 event_code = MEC_NEW_MEDIA;
832 s->media_event = false;
833 } else if (s->eject_request) {
834 event_code = MEC_EJECT_REQUESTED;
835 s->eject_request = false;
836 }
3c2f7c12
PB		 837 }
838
839 outbuf[0] = event_code;
840 outbuf[1] = media_status;
841
842 /* These fields are reserved, just clear them. */
843 outbuf[2] = 0;
844 outbuf[3] = 0;
845 return 4;
846}
847
848static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
849 uint8_t *outbuf)
850{
851 int size;
852 uint8_t *buf = r->req.cmd.buf;
853 uint8_t notification_class_request = buf[4];
854 if (s->qdev.type != TYPE_ROM) {
855 return -1;
856 }
857 if ((buf[1] & 1) == 0) {
858 /* asynchronous */
859 return -1;
860 }
861
862 size = 4;
863 outbuf[0] = outbuf[1] = 0;
864 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
865 if (notification_class_request & (1 << GESN_MEDIA)) {
866 outbuf[2] = GESN_MEDIA;
867 size += scsi_event_status_media(s, &outbuf[size]);
868 } else {
869 outbuf[2] = 0x80;
870 }
871 stw_be_p(outbuf, size - 4);
872 return size;
b6c251ab
PB		 873}
874
430ee2f2 875static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 876{
430ee2f2
PB		 877 int current;
878
b6c251ab
PB		 879 if (s->qdev.type != TYPE_ROM) {
880 return -1;
881 }
430ee2f2
PB		 882 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
883 memset(outbuf, 0, 40);
884 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
885 stw_be_p(&outbuf[6], current);
886 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
887 outbuf[10] = 0x03; /* persistent, current */
888 outbuf[11] = 8; /* two profiles */
889 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
890 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
891 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
892 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
893 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
894 stw_be_p(&outbuf[20], 1);
895 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
896 outbuf[23] = 8;
897 stl_be_p(&outbuf[24], 1); /* SCSI */
898 outbuf[28] = 1; /* DBE = 1, mandatory */
899 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
900 stw_be_p(&outbuf[32], 3);
901 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
902 outbuf[35] = 4;
903 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
904 /* TODO: Random readable, CD read, DVD read, drive serial number,
905 power management */
906 return 40;
b6c251ab
PB		 907}
908
909static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
910{
911 if (s->qdev.type != TYPE_ROM) {
912 return -1;
913 }
914 memset(outbuf, 0, 8);
915 outbuf[5] = 1; /* CD-ROM */
916 return 8;
917}
918
cfc606da 919static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 920 int page_control)
ebddfcbe 921{
a8f4bbe2
PB		 922 static const int mode_sense_valid[0x3f] = {
923 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
924 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
925 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 926 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
927 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 928 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
929 };
930
44740c38 931 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 932 int cylinders, heads, secs;
cfc606da 933 uint8_t *p = *p_outbuf;
ebddfcbe 934
a8f4bbe2
PB		 935 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
936 return -1;
937 }
938
939 p[0] = page;
940
282ab04e
BK		 941 /*
942 * If Changeable Values are requested, a mask denoting those mode parameters
943 * that are changeable shall be returned. As we currently don't support
944 * parameter changes via MODE_SELECT all bits are returned set to zero.
945 * The buffer was already menset to zero by the caller of this function.
946 */
ebddfcbe 947 switch (page) {
67cc61e4 948 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 949 p[1] = 0x16;
282ab04e 950 if (page_control == 1) { /* Changeable Values */
cfc606da 951 break;
282ab04e 952 }
ebddfcbe 953 /* if a geometry hint is available, use it */
245d0049 954 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 955 p[2] = (cylinders >> 16) & 0xff;
956 p[3] = (cylinders >> 8) & 0xff;
957 p[4] = cylinders & 0xff;
958 p[5] = heads & 0xff;
959 /* Write precomp start cylinder, disabled */
960 p[6] = (cylinders >> 16) & 0xff;
961 p[7] = (cylinders >> 8) & 0xff;
962 p[8] = cylinders & 0xff;
963 /* Reduced current start cylinder, disabled */
964 p[9] = (cylinders >> 16) & 0xff;
965 p[10] = (cylinders >> 8) & 0xff;
966 p[11] = cylinders & 0xff;
967 /* Device step rate [ns], 200ns */
968 p[12] = 0;
969 p[13] = 200;
970 /* Landing zone cylinder */
971 p[14] = 0xff;
972 p[15] = 0xff;
973 p[16] = 0xff;
974 /* Medium rotation rate [rpm], 5400 rpm */
975 p[20] = (5400 >> 8) & 0xff;
976 p[21] = 5400 & 0xff;
cfc606da 977 break;
ebddfcbe 978
67cc61e4 979 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 980 p[1] = 0x1e;
282ab04e 981 if (page_control == 1) { /* Changeable Values */
cfc606da 982 break;
282ab04e 983 }
ebddfcbe
GH		 984 /* Transfer rate [kbit/s], 5Mbit/s */
985 p[2] = 5000 >> 8;
986 p[3] = 5000 & 0xff;
987 /* if a geometry hint is available, use it */
245d0049 988 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 989 p[4] = heads & 0xff;
990 p[5] = secs & 0xff;
69377307 991 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 992 p[8] = (cylinders >> 8) & 0xff;
993 p[9] = cylinders & 0xff;
994 /* Write precomp start cylinder, disabled */
995 p[10] = (cylinders >> 8) & 0xff;
996 p[11] = cylinders & 0xff;
997 /* Reduced current start cylinder, disabled */
998 p[12] = (cylinders >> 8) & 0xff;
999 p[13] = cylinders & 0xff;
1000 /* Device step rate [100us], 100us */
1001 p[14] = 0;
1002 p[15] = 1;
1003 /* Device step pulse width [us], 1us */
1004 p[16] = 1;
1005 /* Device head settle delay [100us], 100us */
1006 p[17] = 0;
1007 p[18] = 1;
1008 /* Motor on delay [0.1s], 0.1s */
1009 p[19] = 1;
1010 /* Motor off delay [0.1s], 0.1s */
1011 p[20] = 1;
1012 /* Medium rotation rate [rpm], 5400 rpm */
1013 p[28] = (5400 >> 8) & 0xff;
1014 p[29] = 5400 & 0xff;
cfc606da 1015 break;
ebddfcbe 1016
67cc61e4 1017 case MODE_PAGE_CACHING:
ebddfcbe
GH		 1018 p[0] = 8;
1019 p[1] = 0x12;
282ab04e 1020 if (page_control == 1) { /* Changeable Values */
cfc606da 1021 break;
282ab04e 1022 }
44740c38 1023 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 1024 p[2] = 4; /* WCE */
1025 }
cfc606da 1026 break;
ebddfcbe 1027
a07c7dcd
PB		 1028 case MODE_PAGE_R_W_ERROR:
1029 p[1] = 10;
1030 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1031 if (s->qdev.type == TYPE_ROM) {
1032 p[3] = 0x20; /* Read Retry Count */
1033 }
1034 break;
1035
1036 case MODE_PAGE_AUDIO_CTL:
1037 p[1] = 14;
1038 break;
1039
67cc61e4 1040 case MODE_PAGE_CAPABILITIES:
ebddfcbe 1041 p[1] = 0x14;
282ab04e 1042 if (page_control == 1) { /* Changeable Values */
cfc606da 1043 break;
282ab04e 1044 }
a07c7dcd
PB		 1045
1046 p[2] = 0x3b; /* CD-R & CD-RW read */
1047 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 1048 p[4] = 0x7f; /* Audio, composite, digital out,
1049 mode 2 form 1&2, multi session */
1050 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1051 RW corrected, C2 errors, ISRC,
1052 UPC, Bar code */
81b1008d 1053 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 1054 /* Locking supported, jumper present, eject, tray */
1055 p[7] = 0; /* no volume & mute control, no
1056 changer */
a07c7dcd 1057 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 1058 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 1059 p[10] = 2 >> 8; /* Two volume levels */
1060 p[11] = 2 & 0xff;
1061 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 1062 p[13] = 2048 & 0xff;
a07c7dcd 1063 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 1064 p[15] = (16 * 176) & 0xff;
a07c7dcd 1065 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 1066 p[19] = (16 * 176) & 0xff;
a07c7dcd 1067 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1068 p[21] = (16 * 176) & 0xff;
cfc606da 1069 break;
ebddfcbe
GH		 1070
1071 default:
cfc606da 1072 return -1;
ebddfcbe 1073 }
cfc606da
PB		 1074
1075 *p_outbuf += p[1] + 2;
1076 return p[1] + 2;
ebddfcbe
GH		 1077}
1078
cfc606da 1079static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1080{
cfc606da 1081 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1082 uint64_t nb_sectors;
e590ecbe
PB		 1083 bool dbd;
1084 int page, buflen, ret, page_control;
ebddfcbe 1085 uint8_t *p;
ce512ee1 1086 uint8_t dev_specific_param;
ebddfcbe 1087
e590ecbe 1088 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1089 page = r->req.cmd.buf[2] & 0x3f;
1090 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1091 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1092 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1093 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1094 p = outbuf;
1095
e590ecbe 1096 if (s->qdev.type == TYPE_DISK) {
6a2de0f2 1097 dev_specific_param = 0x10; /* DPOFUA */
e590ecbe
PB		 1098 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1099 dev_specific_param |= 0x80; /* Readonly. */
1100 }
ce512ee1 1101 } else {
e590ecbe
PB		 1102 /* MMC prescribes that CD/DVD drives have no block descriptors,
1103 * and defines no device-specific parameter. */
6a2de0f2 1104 dev_specific_param = 0x00;
e590ecbe 1105 dbd = true;
ce512ee1
BK		 1106 }
1107
cfc606da 1108 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1109 p[1] = 0; /* Default media type. */
1110 p[2] = dev_specific_param;
1111 p[3] = 0; /* Block descriptor length. */
1112 p += 4;
1113 } else { /* MODE_SENSE_10 */
1114 p[2] = 0; /* Default media type. */
1115 p[3] = dev_specific_param;
1116 p[6] = p[7] = 0; /* Block descriptor length. */
1117 p += 8;
ebddfcbe 1118 }
ebddfcbe 1119
44740c38 1120 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
e590ecbe 1121 if (!dbd && nb_sectors) {
cfc606da 1122 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1123 outbuf[3] = 8; /* Block descriptor length */
1124 } else { /* MODE_SENSE_10 */
1125 outbuf[7] = 8; /* Block descriptor length */
1126 }
69377307 1127 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1128 if (nb_sectors > 0xffffff) {
2488b740 1129 nb_sectors = 0;
f01b5931 1130 }
ebddfcbe
GH		 1131 p[0] = 0; /* media density code */
1132 p[1] = (nb_sectors >> 16) & 0xff;
1133 p[2] = (nb_sectors >> 8) & 0xff;
1134 p[3] = nb_sectors & 0xff;
1135 p[4] = 0; /* reserved */
1136 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1137 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1138 p[7] = 0;
1139 p += 8;
1140 }
1141
cfc606da
PB		 1142 if (page_control == 3) {
1143 /* Saved Values */
1144 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1145 return -1;
282ab04e
BK		 1146 }
1147
cfc606da
PB		 1148 if (page == 0x3f) {
1149 for (page = 0; page <= 0x3e; page++) {
1150 mode_sense_page(s, page, &p, page_control);
1151 }
1152 } else {
1153 ret = mode_sense_page(s, page, &p, page_control);
1154 if (ret == -1) {
1155 return -1;
1156 }
ebddfcbe
GH		 1157 }
1158
1159 buflen = p - outbuf;
ce512ee1
BK		 1160 /*
1161 * The mode data length field specifies the length in bytes of the
1162 * following data that is available to be transferred. The mode data
1163 * length does not include itself.
1164 */
cfc606da 1165 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1166 outbuf[0] = buflen - 1;
1167 } else { /* MODE_SENSE_10 */
1168 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1169 outbuf[1] = (buflen - 2) & 0xff;
1170 }
ebddfcbe
GH		 1171 return buflen;
1172}
1173
02880f43
GH		 1174static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1175{
1176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1177 int start_track, format, msf, toclen;
1178 uint64_t nb_sectors;
1179
1180 msf = req->cmd.buf[1] & 2;
1181 format = req->cmd.buf[2] & 0xf;
1182 start_track = req->cmd.buf[6];
44740c38 1183 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1184 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1185 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1186 switch (format) {
1187 case 0:
1188 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1189 break;
1190 case 1:
1191 /* multi session : only a single session defined */
1192 toclen = 12;
1193 memset(outbuf, 0, 12);
1194 outbuf[1] = 0x0a;
1195 outbuf[2] = 0x01;
1196 outbuf[3] = 0x01;
1197 break;
1198 case 2:
1199 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1200 break;
1201 default:
1202 return -1;
1203 }
02880f43
GH		 1204 return toclen;
1205}
1206
68bb01f3 1207static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1208{
1209 SCSIRequest *req = &r->req;
1210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1211 bool start = req->cmd.buf[4] & 1;
1212 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1213
1214 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1215 if (!start && !s->tray_open && s->tray_locked) {
1216 scsi_check_condition(r,
44740c38 1217 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1218 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1219 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1220 return -1;
fdec4404 1221 }
d88b1819
LC		 1222
1223 if (s->tray_open != !start) {
1224 bdrv_eject(s->qdev.conf.bs, !start);
1225 s->tray_open = !start;
1226 }
bfd52647 1227 }
68bb01f3 1228 return 0;
bfd52647
MA		 1229}
1230
7285477a 1231static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1232{
8af7a3ab 1233 SCSIRequest *req = &r->req;
e7e25e32 1234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1235 uint64_t nb_sectors;
7285477a 1236 uint8_t *outbuf;
aa5dbdc1
GH		 1237 int buflen = 0;
1238
7285477a
PB		 1239 if (!r->iov.iov_base) {
1240 /*
1241 * FIXME: we shouldn't return anything bigger than 4k, but the code
1242 * requires the buffer to be as big as req->cmd.xfer in several
1243 * places. So, do not allow CDBs with a very large ALLOCATION
1244 * LENGTH. The real fix would be to modify scsi_read_data and
1245 * dma_buf_read, so that they return data beyond the buflen
1246 * as all zeros.
1247 */
1248 if (req->cmd.xfer > 65536) {
1249 goto illegal_request;
1250 }
1251 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1252 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1253 }
1254
1255 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1256 switch (req->cmd.buf[0]) {
1257 case TEST_UNIT_READY:
9bcaf4fe 1258 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1259 break;
0b06c059
GH		 1260 case INQUIRY:
1261 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1262 if (buflen < 0) {
0b06c059 1263 goto illegal_request;
f01b5931 1264 }
5f71d32f 1265 break;
ebddfcbe
GH		 1266 case MODE_SENSE:
1267 case MODE_SENSE_10:
cfc606da 1268 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1269 if (buflen < 0) {
ebddfcbe 1270 goto illegal_request;
f01b5931 1271 }
ebddfcbe 1272 break;
02880f43
GH		 1273 case READ_TOC:
1274 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1275 if (buflen < 0) {
02880f43 1276 goto illegal_request;
f01b5931 1277 }
02880f43 1278 break;
3d53ba18 1279 case RESERVE:
f01b5931 1280 if (req->cmd.buf[1] & 1) {
3d53ba18 1281 goto illegal_request;
f01b5931 1282 }
3d53ba18
GH		 1283 break;
1284 case RESERVE_10:
f01b5931 1285 if (req->cmd.buf[1] & 3) {
3d53ba18 1286 goto illegal_request;
f01b5931 1287 }
3d53ba18
GH		 1288 break;
1289 case RELEASE:
f01b5931 1290 if (req->cmd.buf[1] & 1) {
3d53ba18 1291 goto illegal_request;
f01b5931 1292 }
3d53ba18
GH		 1293 break;
1294 case RELEASE_10:
f01b5931 1295 if (req->cmd.buf[1] & 3) {
3d53ba18 1296 goto illegal_request;
f01b5931 1297 }
3d53ba18 1298 break;
8d3628ff 1299 case START_STOP:
68bb01f3
MA		 1300 if (scsi_disk_emulate_start_stop(r) < 0) {
1301 return -1;
1302 }
5f71d32f 1303 break;
c68b9f34 1304 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1305 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1306 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1307 break;
5e30a07d 1308 case READ_CAPACITY_10:
e7e25e32 1309 /* The normal LEN field for this command is zero. */
5f71d32f 1310 memset(outbuf, 0, 8);
44740c38 1311 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1312 if (!nb_sectors) {
9bcaf4fe
PB		 1313 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1314 return -1;
f01b5931 1315 }
7cec78b6
PB		 1316 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1317 goto illegal_request;
1318 }
69377307 1319 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1320 /* Returned value is the address of the last sector. */
1321 nb_sectors--;
1322 /* Remember the new size for read/write sanity checking. */
7877903a 1323 s->qdev.max_lba = nb_sectors;
e7e25e32 1324 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1325 if (nb_sectors > UINT32_MAX) {
e7e25e32 1326 nb_sectors = UINT32_MAX;
f01b5931 1327 }
e7e25e32
GH		 1328 outbuf[0] = (nb_sectors >> 24) & 0xff;
1329 outbuf[1] = (nb_sectors >> 16) & 0xff;
1330 outbuf[2] = (nb_sectors >> 8) & 0xff;
1331 outbuf[3] = nb_sectors & 0xff;
1332 outbuf[4] = 0;
1333 outbuf[5] = 0;
69377307 1334 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1335 outbuf[7] = 0;
1336 buflen = 8;
5f71d32f 1337 break;
f3b338ef
PB		 1338 case REQUEST_SENSE:
1339 /* Just return "NO SENSE". */
1340 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1341 (req->cmd.buf[1] & 1) == 0);
1342 break;
b6c251ab
PB		 1343 case MECHANISM_STATUS:
1344 buflen = scsi_emulate_mechanism_status(s, outbuf);
1345 if (buflen < 0) {
1346 goto illegal_request;
1347 }
1348 break;
38215553 1349 case GET_CONFIGURATION:
430ee2f2 1350 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1351 if (buflen < 0) {
1352 goto illegal_request;
1353 }
1354 break;
1355 case GET_EVENT_STATUS_NOTIFICATION:
1356 buflen = scsi_get_event_status_notification(s, r, outbuf);
1357 if (buflen < 0) {
1358 goto illegal_request;
1359 }
1360 break;
1361 case READ_DVD_STRUCTURE:
1362 buflen = scsi_read_dvd_structure(s, r, outbuf);
1363 if (buflen < 0) {
1364 goto illegal_request;
1365 }
38215553 1366 break;
f6515262 1367 case SERVICE_ACTION_IN_16:
5dd90e2a 1368 /* Service Action In subcommands. */
f6515262 1369 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1370 DPRINTF("SAI READ CAPACITY(16)\n");
1371 memset(outbuf, 0, req->cmd.xfer);
44740c38 1372 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1373 if (!nb_sectors) {
9bcaf4fe
PB		 1374 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1375 return -1;
f01b5931 1376 }
7cec78b6
PB		 1377 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1378 goto illegal_request;
1379 }
69377307 1380 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1381 /* Returned value is the address of the last sector. */
1382 nb_sectors--;
1383 /* Remember the new size for read/write sanity checking. */
7877903a 1384 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1385 outbuf[0] = (nb_sectors >> 56) & 0xff;
1386 outbuf[1] = (nb_sectors >> 48) & 0xff;
1387 outbuf[2] = (nb_sectors >> 40) & 0xff;
1388 outbuf[3] = (nb_sectors >> 32) & 0xff;
1389 outbuf[4] = (nb_sectors >> 24) & 0xff;
1390 outbuf[5] = (nb_sectors >> 16) & 0xff;
1391 outbuf[6] = (nb_sectors >> 8) & 0xff;
1392 outbuf[7] = nb_sectors & 0xff;
1393 outbuf[8] = 0;
1394 outbuf[9] = 0;
69377307 1395 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1396 outbuf[11] = 0;
ee3659e3
CH		 1397 outbuf[12] = 0;
1398 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1399
1400 /* set TPE bit if the format supports discard */
1401 if (s->qdev.conf.discard_granularity) {
1402 outbuf[14] = 0x80;
1403 }
1404
5dd90e2a
GH		 1405 /* Protection, exponent and lowest lba field left blank. */
1406 buflen = req->cmd.xfer;
1407 break;
1408 }
1409 DPRINTF("Unsupported Service Action In\n");
1410 goto illegal_request;
aa5dbdc1 1411 default:
b45ef674 1412 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1413 return -1;
aa5dbdc1 1414 }
e2f0c49f 1415 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1416 return buflen;
1417
aa5dbdc1 1418illegal_request:
cfc606da
PB		 1419 if (r->req.status == -1) {
1420 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1421 }
8af7a3ab 1422 return -1;
aa5dbdc1
GH		 1423}
1424
2e5d83bb
PB		 1425/* Execute a scsi command. Returns the length of the data expected by the
1426 command. This will be Positive for data transfers from the device
1427 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1428 and zero if the command does not transfer any data. */
1429
5c6c0e51 1430static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1431{
5c6c0e51
HR		 1432 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1433 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1434 int32_t len;
a917d384 1435 uint8_t command;
aa5dbdc1 1436 int rc;
a917d384
PB		 1437
1438 command = buf[0];
653c1c3f 1439 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1440
2e5d83bb
PB		 1441#ifdef DEBUG_SCSI
1442 {
1443 int i;
2dd791b6 1444 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1445 printf(" 0x%02x", buf[i]);
1446 }
1447 printf("\n");
1448 }
1449#endif
aa5dbdc1 1450
9bcaf4fe
PB		 1451 switch (command) {
1452 case INQUIRY:
1453 case MODE_SENSE:
1454 case MODE_SENSE_10:
1455 case RESERVE:
1456 case RESERVE_10:
1457 case RELEASE:
1458 case RELEASE_10:
1459 case START_STOP:
1460 case ALLOW_MEDIUM_REMOVAL:
1461 case GET_CONFIGURATION:
1462 case GET_EVENT_STATUS_NOTIFICATION:
1463 case MECHANISM_STATUS:
1464 case REQUEST_SENSE:
1465 break;
1466
1467 default:
1468 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1469 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1470 return 0;
1471 }
1472 break;
1473 }
1474
a917d384 1475 switch (command) {
ebf46023 1476 case TEST_UNIT_READY:
0b06c059 1477 case INQUIRY:
ebddfcbe
GH		 1478 case MODE_SENSE:
1479 case MODE_SENSE_10:
3d53ba18
GH		 1480 case RESERVE:
1481 case RESERVE_10:
1482 case RELEASE:
1483 case RELEASE_10:
8d3628ff 1484 case START_STOP:
c68b9f34 1485 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1486 case READ_CAPACITY_10:
02880f43 1487 case READ_TOC:
b6c251ab 1488 case READ_DVD_STRUCTURE:
38215553 1489 case GET_CONFIGURATION:
b6c251ab
PB		 1490 case GET_EVENT_STATUS_NOTIFICATION:
1491 case MECHANISM_STATUS:
f6515262 1492 case SERVICE_ACTION_IN_16:
f3b338ef 1493 case REQUEST_SENSE:
7285477a 1494 rc = scsi_disk_emulate_command(r);
8af7a3ab 1495 if (rc < 0) {
0b06c059 1496 return 0;
aa5dbdc1 1497 }
8af7a3ab
KW		 1498
1499 r->iov.iov_len = rc;
0b06c059 1500 break;
0a4ac106 1501 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1502 /* The request is used as the AIO opaque value, so add a ref. */
1503 scsi_req_ref(&r->req);
44740c38
PB		 1504 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1505 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1506 return 0;
ebf46023
GH		 1507 case READ_6:
1508 case READ_10:
bd536cf3
GH		 1509 case READ_12:
1510 case READ_16:
5c6c0e51 1511 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1512 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1513 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1514 goto illegal_lba;
f01b5931 1515 }
69377307
PB		 1516 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1517 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1518 break;
7f64f8e2
PB		 1519 case VERIFY_10:
1520 case VERIFY_12:
1521 case VERIFY_16:
ebf46023
GH		 1522 case WRITE_6:
1523 case WRITE_10:
bd536cf3
GH		 1524 case WRITE_12:
1525 case WRITE_16:
5e30a07d 1526 case WRITE_VERIFY_10:
ebef0bbb
BK		 1527 case WRITE_VERIFY_12:
1528 case WRITE_VERIFY_16:
5c6c0e51 1529 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1530 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1531 (command & 0xe) == 0xe ? "And Verify " : "",
1532 r->req.cmd.lba, len);
7877903a 1533 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1534 goto illegal_lba;
f01b5931 1535 }
69377307
PB		 1536 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1537 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1538 break;
ebef0bbb 1539 case MODE_SELECT:
2dd791b6 1540 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1541 /* We don't support mode parameter changes.
1542 Allow the mode parameter header + block descriptors only. */
2dd791b6 1543 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1544 goto fail;
1545 }
1546 break;
1547 case MODE_SELECT_10:
2dd791b6 1548 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1549 /* We don't support mode parameter changes.
1550 Allow the mode parameter header + block descriptors only. */
2dd791b6 1551 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1552 goto fail;
1553 }
1554 break;
ebef0bbb 1555 case SEEK_10:
00a01ad4 1556 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1557 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1558 goto illegal_lba;
1559 }
ea3bd56f 1560 break;
c9e4d828 1561 case WRITE_SAME_10:
ea3bd56f 1562 case WRITE_SAME_16:
5c6c0e51 1563 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f 1564
c9e4d828 1565 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
ea3bd56f
CH		 1566 r->req.cmd.lba, len);
1567
7877903a 1568 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1569 goto illegal_lba;
1570 }
1571
1572 /*
1573 * We only support WRITE SAME with the unmap bit set for now.
1574 */
1575 if (!(buf[1] & 0x8)) {
1576 goto fail;
1577 }
1578
69377307
PB		 1579 rc = bdrv_discard(s->qdev.conf.bs,
1580 r->req.cmd.lba * (s->qdev.blocksize / 512),
1581 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1582 if (rc < 0) {
1583 /* XXX: better error code ?*/
1584 goto fail;
1585 }
1586
ebef0bbb 1587 break;
2e5d83bb 1588 default:
2dd791b6 1589 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1590 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1591 return 0;
2e5d83bb 1592 fail:
b45ef674 1593 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1594 return 0;
274fb0e1 1595 illegal_lba:
b45ef674 1596 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1597 return 0;
2e5d83bb 1598 }
c87c0672 1599 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1600 scsi_req_complete(&r->req, GOOD);
a917d384 1601 }
c87c0672 1602 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1603 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1604 return -len;
a917d384 1605 } else {
f01b5931 1606 if (!r->sector_count) {
a917d384 1607 r->sector_count = -1;
f01b5931 1608 }
efb9ee02 1609 return len;
2e5d83bb 1610 }
2e5d83bb
PB		 1611}
1612
e9447f35
JK		 1613static void scsi_disk_reset(DeviceState *dev)
1614{
1615 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1616 uint64_t nb_sectors;
1617
c7b48872 1618 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1619
44740c38 1620 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1621 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1622 if (nb_sectors) {
1623 nb_sectors--;
1624 }
7877903a 1625 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1626}
1627
1628static void scsi_destroy(SCSIDevice *dev)
1629{
1630 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1631
c7b48872 1632 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1633 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1634}
1635
7d4b4ba5 1636static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1637{
8a9c16f6
PB		 1638 SCSIDiskState *s = opaque;
1639
1640 /*
1641 * When a CD gets changed, we have to report an ejected state and
1642 * then a loaded state to guests so that they detect tray
1643 * open/close and media change events. Guests that do not use
1644 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1645 * states rely on this behavior.
1646 *
1647 * media_changed governs the state machine used for unit attention
1648 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1649 */
1650 s->media_changed = load;
1651 s->tray_open = !load;
1652 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1653 s->media_event = true;
4480de19
PB		 1654 s->eject_request = false;
1655}
1656
1657static void scsi_cd_eject_request_cb(void *opaque, bool force)
1658{
1659 SCSIDiskState *s = opaque;
1660
1661 s->eject_request = true;
1662 if (force) {
1663 s->tray_locked = false;
1664 }
2c6942fa
MA		 1665}
1666
e4def80b
MA		 1667static bool scsi_cd_is_tray_open(void *opaque)
1668{
1669 return ((SCSIDiskState *)opaque)->tray_open;
1670}
1671
f107639a
MA		 1672static bool scsi_cd_is_medium_locked(void *opaque)
1673{
1674 return ((SCSIDiskState *)opaque)->tray_locked;
1675}
1676
1677static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1678 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1679 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1680 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1681 .is_medium_locked = scsi_cd_is_medium_locked,
1682};
1683
8a9c16f6
PB		 1684static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1685{
1686 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1687 if (s->media_changed) {
1688 s->media_changed = false;
1689 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1690 }
1691}
1692
e39be482 1693static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1694{
d52affa7 1695 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1696 DriveInfo *dinfo;
2e5d83bb 1697
f8b6cc00 1698 if (!s->qdev.conf.bs) {
6a84cb1f 1699 error_report("drive property not set");
d52affa7
GH		 1700 return -1;
1701 }
1702
e39be482 1703 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1704 error_report("Device needs media, but drive is empty");
1705 return -1;
1706 }
1707
a0fef654 1708 if (!s->serial) {
f8b6cc00 1709 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1710 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1711 if (*dinfo->serial) {
7267c094 1712 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1713 }
a0fef654
MA		 1714 }
1715
552fee93 1716 if (!s->version) {
7267c094 1717 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1718 }
1719
44740c38 1720 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1721 error_report("unwanted /dev/sg*");
32bb404a
MA		 1722 return -1;
1723 }
1724
e39be482 1725 if (s->removable) {
44740c38 1726 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1727 }
44740c38 1728 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1729
44740c38 1730 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1731 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1732 return 0;
1733}
1734
b443ae67
MA		 1735static int scsi_hd_initfn(SCSIDevice *dev)
1736{
e39be482
PB		 1737 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1738 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1739 s->qdev.type = TYPE_DISK;
1740 return scsi_initfn(&s->qdev);
b443ae67
MA		 1741}
1742
1743static int scsi_cd_initfn(SCSIDevice *dev)
1744{
e39be482
PB		 1745 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1746 s->qdev.blocksize = 2048;
1747 s->qdev.type = TYPE_ROM;
1748 s->removable = true;
1749 return scsi_initfn(&s->qdev);
b443ae67
MA		 1750}
1751
1752static int scsi_disk_initfn(SCSIDevice *dev)
1753{
95b5edcd 1754 DriveInfo *dinfo;
b443ae67
MA		 1755
1756 if (!dev->conf.bs) {
e39be482 1757 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1758 }
1759
e39be482
PB		 1760 dinfo = drive_get_by_blockdev(dev->conf.bs);
1761 if (dinfo->media_cd) {
1762 return scsi_cd_initfn(dev);
1763 } else {
1764 return scsi_hd_initfn(dev);
1765 }
b443ae67
MA		 1766}
1767
adcf2754 1768static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1769 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1770 .free_req = scsi_free_request,
1771 .send_command = scsi_send_command,
1772 .read_data = scsi_read_data,
1773 .write_data = scsi_write_data,
1774 .cancel_io = scsi_cancel_io,
1775 .get_buf = scsi_get_buf,
43b978b9
PB		 1776 .load_request = scsi_disk_load_request,
1777 .save_request = scsi_disk_save_request,
8dbd4574
PB		 1778};
1779
63db0f0e
PB		 1780static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1781 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1782{
1783 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1784 SCSIRequest *req;
8dbd4574
PB		 1785
1786 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1787 return req;
1788}
1789
336a6915
PB		 1790#ifdef __linux__
1791static int get_device_type(SCSIDiskState *s)
1792{
1793 BlockDriverState *bdrv = s->qdev.conf.bs;
1794 uint8_t cmd[16];
1795 uint8_t buf[36];
1796 uint8_t sensebuf[8];
1797 sg_io_hdr_t io_header;
1798 int ret;
1799
1800 memset(cmd, 0, sizeof(cmd));
1801 memset(buf, 0, sizeof(buf));
1802 cmd[0] = INQUIRY;
1803 cmd[4] = sizeof(buf);
1804
1805 memset(&io_header, 0, sizeof(io_header));
1806 io_header.interface_id = 'S';
1807 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1808 io_header.dxfer_len = sizeof(buf);
1809 io_header.dxferp = buf;
1810 io_header.cmdp = cmd;
1811 io_header.cmd_len = sizeof(cmd);
1812 io_header.mx_sb_len = sizeof(sensebuf);
1813 io_header.sbp = sensebuf;
1814 io_header.timeout = 6000; /* XXX */
1815
1816 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1817 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1818 return -1;
1819 }
1820 s->qdev.type = buf[0];
1821 s->removable = (buf[1] & 0x80) != 0;
1822 return 0;
1823}
1824
1825static int scsi_block_initfn(SCSIDevice *dev)
1826{
1827 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1828 int sg_version;
1829 int rc;
1830
1831 if (!s->qdev.conf.bs) {
1832 error_report("scsi-block: drive property not set");
1833 return -1;
1834 }
1835
1836 /* check we are using a driver managing SG_IO (version 3 and after) */
1837 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1838 sg_version < 30000) {
1839 error_report("scsi-block: scsi generic interface too old");
1840 return -1;
1841 }
1842
1843 /* get device type from INQUIRY data */
1844 rc = get_device_type(s);
1845 if (rc < 0) {
1846 error_report("scsi-block: INQUIRY failed");
1847 return -1;
1848 }
1849
1850 /* Make a guess for the block size, we'll fix it when the guest sends.
1851 * READ CAPACITY. If they don't, they likely would assume these sizes
1852 * anyway. (TODO: check in /sys).
1853 */
1854 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1855 s->qdev.blocksize = 2048;
1856 } else {
1857 s->qdev.blocksize = 512;
1858 }
1859 return scsi_initfn(&s->qdev);
1860}
1861
1862static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1863 uint32_t lun, uint8_t *buf,
1864 void *hba_private)
1865{
1866 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1867
1868 switch (buf[0]) {
1869 case READ_6:
1870 case READ_10:
1871 case READ_12:
1872 case READ_16:
7f64f8e2
PB		 1873 case VERIFY_10:
1874 case VERIFY_12:
1875 case VERIFY_16:
336a6915
PB		 1876 case WRITE_6:
1877 case WRITE_10:
1878 case WRITE_12:
1879 case WRITE_16:
1880 case WRITE_VERIFY_10:
1881 case WRITE_VERIFY_12:
1882 case WRITE_VERIFY_16:
eaccf49e
PB		 1883 /* If we are not using O_DIRECT, we might read stale data from the
1884 * host cache if writes were made using other commands than these
1885 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1886 * O_DIRECT everything must go through SG_IO.
1887 */
1888 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1889 break;
1890 }
1891
33ebad12
PB		 1892 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1893 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1894 * And once you do these writes, reading from the block device is
1895 * unreliable, too. It is even possible that reads deliver random data
1896 * from the host page cache (this is probably a Linux bug).
1897 *
1898 * We might use scsi_disk_reqops as long as no writing commands are
1899 * seen, but performance usually isn't paramount on optical media. So,
1900 * just make scsi-block operate the same as scsi-generic for them.
1901 */
eaccf49e
PB		 1902 if (s->qdev.type == TYPE_ROM) {
1903 break;
1904 }
1905 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1906 hba_private);
336a6915
PB		 1907 }
1908
1909 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1910 hba_private);
1911}
1912#endif
1913
b443ae67
MA		 1914#define DEFINE_SCSI_DISK_PROPERTIES() \
1915 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1916 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1917 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1918
39bffca2
AL		 1919static Property scsi_hd_properties[] = {
1920 DEFINE_SCSI_DISK_PROPERTIES(),
1921 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1922 DEFINE_PROP_END_OF_LIST(),
1923};
1924
43b978b9
PB		 1925static const VMStateDescription vmstate_scsi_disk_state = {
1926 .name = "scsi-disk",
1927 .version_id = 1,
1928 .minimum_version_id = 1,
1929 .minimum_version_id_old = 1,
1930 .fields = (VMStateField[]) {
1931 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1932 VMSTATE_BOOL(media_changed, SCSIDiskState),
1933 VMSTATE_BOOL(media_event, SCSIDiskState),
1934 VMSTATE_BOOL(eject_request, SCSIDiskState),
1935 VMSTATE_BOOL(tray_open, SCSIDiskState),
1936 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1937 VMSTATE_END_OF_LIST()
1938 }
1939};
1940
b9eea3e6
AL		 1941static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1942{
39bffca2 1943 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1944 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1945
1946 sc->init = scsi_hd_initfn;
1947 sc->destroy = scsi_destroy;
1948 sc->alloc_req = scsi_new_request;
1949 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1950 dc->fw_name = "disk";
1951 dc->desc = "virtual SCSI disk";
1952 dc->reset = scsi_disk_reset;
1953 dc->props = scsi_hd_properties;
43b978b9 1954 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1955}
1956
39bffca2
AL		 1957static TypeInfo scsi_hd_info = {
1958 .name = "scsi-hd",
1959 .parent = TYPE_SCSI_DEVICE,
1960 .instance_size = sizeof(SCSIDiskState),
1961 .class_init = scsi_hd_class_initfn,
1962};
1963
1964static Property scsi_cd_properties[] = {
1965 DEFINE_SCSI_DISK_PROPERTIES(),
1966 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1967};
1968
1969static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1970{
39bffca2 1971 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1972 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1973
1974 sc->init = scsi_cd_initfn;
1975 sc->destroy = scsi_destroy;
1976 sc->alloc_req = scsi_new_request;
1977 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1978 dc->fw_name = "disk";
1979 dc->desc = "virtual SCSI CD-ROM";
1980 dc->reset = scsi_disk_reset;
1981 dc->props = scsi_cd_properties;
43b978b9 1982 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1983}
1984
39bffca2
AL		 1985static TypeInfo scsi_cd_info = {
1986 .name = "scsi-cd",
1987 .parent = TYPE_SCSI_DEVICE,
1988 .instance_size = sizeof(SCSIDiskState),
1989 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1990};
1991
336a6915 1992#ifdef __linux__
39bffca2
AL		 1993static Property scsi_block_properties[] = {
1994 DEFINE_SCSI_DISK_PROPERTIES(),
1995 DEFINE_PROP_END_OF_LIST(),
1996};
1997
b9eea3e6
AL		 1998static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1999{
39bffca2 2000 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2001 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2002
2003 sc->init = scsi_block_initfn;
2004 sc->destroy = scsi_destroy;
2005 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 2006 dc->fw_name = "disk";
2007 dc->desc = "SCSI block device passthrough";
2008 dc->reset = scsi_disk_reset;
2009 dc->props = scsi_block_properties;
43b978b9 2010 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2011}
2012
39bffca2
AL		 2013static TypeInfo scsi_block_info = {
2014 .name = "scsi-block",
2015 .parent = TYPE_SCSI_DEVICE,
2016 .instance_size = sizeof(SCSIDiskState),
2017 .class_init = scsi_block_class_initfn,
b9eea3e6 2018};
336a6915 2019#endif
b9eea3e6 2020
39bffca2
AL		 2021static Property scsi_disk_properties[] = {
2022 DEFINE_SCSI_DISK_PROPERTIES(),
2023 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
2024 DEFINE_PROP_END_OF_LIST(),
2025};
2026
b9eea3e6
AL		 2027static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2028{
39bffca2 2029 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2030 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2031
2032 sc->init = scsi_disk_initfn;
2033 sc->destroy = scsi_destroy;
2034 sc->alloc_req = scsi_new_request;
2035 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2036 dc->fw_name = "disk";
2037 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2038 dc->reset = scsi_disk_reset;
2039 dc->props = scsi_disk_properties;
43b978b9 2040 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2041}
2042
39bffca2
AL		 2043static TypeInfo scsi_disk_info = {
2044 .name = "scsi-disk",
2045 .parent = TYPE_SCSI_DEVICE,
2046 .instance_size = sizeof(SCSIDiskState),
2047 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 2048};
2049
83f7d43a 2050static void scsi_disk_register_types(void)
d52affa7 2051{
39bffca2
AL		 2052 type_register_static(&scsi_hd_info);
2053 type_register_static(&scsi_cd_info);
b9eea3e6 2054#ifdef __linux__
39bffca2 2055 type_register_static(&scsi_block_info);
b9eea3e6 2056#endif
39bffca2 2057 type_register_static(&scsi_disk_info);
8ccc2ace 2058}
83f7d43a
AF		 2059
2060type_init(scsi_disk_register_types)
Qemu copy for testing