]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qxl: interface_get_command: fix reported mode
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb
PB		 14 *
15 * This code is licenced under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
5dba48a8
KW		 44#define SCSI_REQ_STATUS_RETRY 0x01
45#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46#define SCSI_REQ_STATUS_RETRY_READ 0x00
47#define SCSI_REQ_STATUS_RETRY_WRITE 0x02
78ced65e 48#define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
ea8a5d7f 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
c87c0672
AL		 57 struct iovec iov;
58 QEMUIOVector qiov;
ea8a5d7f 59 uint32_t status;
4c41d2ef 60} SCSIDiskReq;
a917d384 61
b443ae67
MA		 62typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
63
d52affa7 64struct SCSIDiskState
a917d384 65{
d52affa7 66 SCSIDevice qdev;
428c149b 67 BlockDriverState *bs;
a917d384
PB		 68 /* The qemu block layer uses a fixed 512 byte sector size.
69 This is the number of 512 byte blocks in a single scsi sector. */
70 int cluster_size;
419e691f 71 uint32_t removable;
274fb0e1 72 uint64_t max_lba;
213189ab 73 QEMUBH *bh;
383b4d9b 74 char *version;
a0fef654 75 char *serial;
a6d96eb7 76 SCSISense sense;
b443ae67 77 SCSIDriveKind drive_kind;
2e5d83bb
PB		 78};
79
5dba48a8 80static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78ced65e 81static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
5dba48a8 82
5c6c0e51 83static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
72aef731 84 uint32_t lun)
2e5d83bb 85{
5c6c0e51 86 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
89b08ae1 87 SCSIRequest *req;
4c41d2ef 88 SCSIDiskReq *r;
a917d384 89
72aef731 90 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
89b08ae1 91 r = DO_UPCAST(SCSIDiskReq, req, req);
72aef731 92 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
5c6c0e51 93 return req;
2e5d83bb
PB		 94}
95
ad2d30f7 96static void scsi_free_request(SCSIRequest *req)
4d611c9a 97{
ad2d30f7
PB		 98 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
99
f8a83245 100 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 101}
102
a6d96eb7 103static void scsi_disk_clear_sense(SCSIDiskState *s)
ed3a34a3 104{
a6d96eb7
HR		 105 memset(&s->sense, 0, sizeof(s->sense));
106}
107
a1f0cce2 108static void scsi_req_set_status(SCSIDiskReq *r, int status, SCSISense sense)
a6d96eb7
HR		 109{
110 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
111
112 r->req.status = status;
a1f0cce2 113 s->sense = sense;
ed3a34a3
GH		 114}
115
a917d384 116/* Helper function for command completion. */
a1f0cce2 117static void scsi_command_complete(SCSIDiskReq *r, int status, SCSISense sense)
a917d384 118{
a1f0cce2
HR		 119 DPRINTF("Command complete tag=0x%x status=%d sense=%d/%d/%d\n",
120 r->req.tag, status, sense.key, sense.asc, sense.ascq);
a6d96eb7 121 scsi_req_set_status(r, status, sense);
ed3a34a3 122 scsi_req_complete(&r->req);
4d611c9a
PB		 123}
124
125/* Cancel a pending data transfer. */
5c6c0e51 126static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 127{
5c6c0e51
HR		 128 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
129
130 DPRINTF("Cancel tag=0x%x\n", req->tag);
131 if (r->req.aiocb) {
132 bdrv_aio_cancel(r->req.aiocb);
a917d384 133 }
5c6c0e51 134 r->req.aiocb = NULL;
a917d384
PB		 135}
136
137static void scsi_read_complete(void * opaque, int ret)
138{
4c41d2ef 139 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5dba48a8 140 int n;
a917d384 141
3e94cb02
JK		 142 r->req.aiocb = NULL;
143
a917d384 144 if (ret) {
5dba48a8
KW		 145 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
146 return;
147 }
4d611c9a 148 }
5dba48a8 149
aa2b1e89 150 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 151
5dba48a8
KW		 152 n = r->iov.iov_len / 512;
153 r->sector += n;
154 r->sector_count -= n;
ab9adc88 155 scsi_req_data(&r->req, r->iov.iov_len);
4d611c9a
PB		 156}
157
5dba48a8 158
5c6c0e51
HR		 159/* Read more data from scsi device into buffer. */
160static void scsi_read_data(SCSIRequest *req)
2e5d83bb 161{
5c6c0e51 162 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 163 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 164 uint32_t n;
165
a917d384 166 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 167 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 168 r->sector_count = 0;
ab9adc88 169 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 170 return;
2e5d83bb 171 }
a917d384
PB		 172 DPRINTF("Read sector_count=%d\n", r->sector_count);
173 if (r->sector_count == 0) {
a1f0cce2 174 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384 175 return;
2e5d83bb
PB		 176 }
177
6fa2c95f
SH		 178 /* No data transfer may already be in progress */
179 assert(r->req.aiocb == NULL);
180
efb9ee02
HR		 181 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
182 DPRINTF("Data transfer direction invalid\n");
183 scsi_read_complete(r, -EINVAL);
184 return;
185 }
186
a917d384
PB		 187 n = r->sector_count;
188 if (n > SCSI_DMA_BUF_SIZE / 512)
189 n = SCSI_DMA_BUF_SIZE / 512;
190
c87c0672
AL		 191 r->iov.iov_len = n * 512;
192 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 193 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 194 scsi_read_complete, r);
d33ea50a
KW		 195 if (r->req.aiocb == NULL) {
196 scsi_read_complete(r, -EIO);
197 }
2e5d83bb
PB		 198}
199
5dba48a8
KW		 200static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
201{
202 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
4c41d2ef 203 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 204 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
ea8a5d7f 205
380f640f 206 if (action == BLOCK_ERR_IGNORE) {
5dba48a8 207 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 208 return 0;
380f640f 209 }
ea8a5d7f
AL		 210
211 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
212 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8
KW		 213
214 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
215 r->status |= SCSI_REQ_STATUS_RETRY | type;
216
217 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
e07bbac5 218 vm_stop(VMSTOP_DISKFULL);
ea8a5d7f 219 } else {
5dba48a8 220 if (type == SCSI_REQ_STATUS_RETRY_READ) {
ab9adc88 221 scsi_req_data(&r->req, 0);
5dba48a8 222 }
efb9ee02
HR		 223 switch (error) {
224 case ENOMEM:
a1f0cce2
HR		 225 scsi_command_complete(r, CHECK_CONDITION,
226 SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 227 break;
228 case EINVAL:
229 scsi_command_complete(r, CHECK_CONDITION,
230 SENSE_CODE(INVALID_FIELD));
231 break;
232 default:
a1f0cce2
HR		 233 scsi_command_complete(r, CHECK_CONDITION,
234 SENSE_CODE(IO_ERROR));
efb9ee02 235 break;
a1f0cce2 236 }
5dba48a8 237 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 238 }
ea8a5d7f
AL		 239 return 1;
240}
241
4d611c9a
PB		 242static void scsi_write_complete(void * opaque, int ret)
243{
4c41d2ef 244 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 245 uint32_t len;
ea8a5d7f
AL		 246 uint32_t n;
247
4c41d2ef 248 r->req.aiocb = NULL;
4d611c9a
PB		 249
250 if (ret) {
5dba48a8 251 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
ea8a5d7f 252 return;
5dba48a8 253 }
4d611c9a
PB		 254 }
255
c87c0672 256 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 257 r->sector += n;
258 r->sector_count -= n;
a917d384 259 if (r->sector_count == 0) {
a1f0cce2 260 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384
PB		 261 } else {
262 len = r->sector_count * 512;
263 if (len > SCSI_DMA_BUF_SIZE) {
264 len = SCSI_DMA_BUF_SIZE;
265 }
c87c0672 266 r->iov.iov_len = len;
4c41d2ef 267 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
ab9adc88 268 scsi_req_data(&r->req, len);
4d611c9a 269 }
4d611c9a
PB		 270}
271
42741212 272static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 273{
5c6c0e51 274 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 275 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 276 uint32_t n;
277
6fa2c95f
SH		 278 /* No data transfer may already be in progress */
279 assert(r->req.aiocb == NULL);
280
efb9ee02
HR		 281 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
282 DPRINTF("Data transfer direction invalid\n");
283 scsi_write_complete(r, -EINVAL);
42741212 284 return;
efb9ee02
HR		 285 }
286
c87c0672 287 n = r->iov.iov_len / 512;
ea8a5d7f 288 if (n) {
c87c0672 289 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 290 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 291 scsi_write_complete, r);
d33ea50a 292 if (r->req.aiocb == NULL) {
a1f0cce2 293 scsi_write_complete(r, -ENOMEM);
d33ea50a 294 }
ea8a5d7f
AL		 295 } else {
296 /* Invoke completion routine to fetch data from host. */
297 scsi_write_complete(r, 0);
298 }
a917d384 299}
2e5d83bb 300
213189ab 301static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 302{
d52affa7 303 SCSIDiskState *s = opaque;
9af99d98
GH		 304 SCSIRequest *req;
305 SCSIDiskReq *r;
213189ab
MA		 306
307 qemu_bh_delete(s->bh);
308 s->bh = NULL;
ea8a5d7f 309
9af99d98
GH		 310 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
311 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f 312 if (r->status & SCSI_REQ_STATUS_RETRY) {
5dba48a8 313 int status = r->status;
78ced65e
KW		 314 int ret;
315
5dba48a8
KW		 316 r->status &=
317 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
318
319 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
320 case SCSI_REQ_STATUS_RETRY_READ:
5c6c0e51 321 scsi_read_data(&r->req);
5dba48a8
KW		 322 break;
323 case SCSI_REQ_STATUS_RETRY_WRITE:
5c6c0e51 324 scsi_write_data(&r->req);
5dba48a8 325 break;
78ced65e
KW		 326 case SCSI_REQ_STATUS_RETRY_FLUSH:
327 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
328 if (ret == 0) {
a1f0cce2 329 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
78ced65e 330 }
5dba48a8 331 }
ea8a5d7f 332 }
ea8a5d7f
AL		 333 }
334}
335
213189ab
MA		 336static void scsi_dma_restart_cb(void *opaque, int running, int reason)
337{
d52affa7 338 SCSIDiskState *s = opaque;
213189ab
MA		 339
340 if (!running)
341 return;
342
343 if (!s->bh) {
344 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
345 qemu_bh_schedule(s->bh);
346 }
347}
348
a917d384 349/* Return a pointer to the data buffer. */
5c6c0e51 350static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 351{
5c6c0e51 352 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 353
3f4cb3d3 354 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 355}
356
74382217
HR		 357/* Copy sense information into the provided buffer */
358static int scsi_get_sense(SCSIRequest *req, uint8_t *outbuf, int len)
359{
360 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
361
362 return scsi_build_sense(s->sense, outbuf, len, len > 14);
363}
364
0b06c059
GH		 365static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
366{
383b4d9b 367 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 368 int buflen = 0;
369
370 if (req->cmd.buf[1] & 0x2) {
371 /* Command support data - optional, not implemented */
372 BADF("optional INQUIRY command support request not implemented\n");
373 return -1;
374 }
375
376 if (req->cmd.buf[1] & 0x1) {
377 /* Vital product data */
378 uint8_t page_code = req->cmd.buf[2];
379 if (req->cmd.xfer < 4) {
380 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
381 "less than 4\n", page_code, req->cmd.xfer);
382 return -1;
383 }
384
b443ae67 385 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 386 outbuf[buflen++] = 5;
387 } else {
388 outbuf[buflen++] = 0;
389 }
390 outbuf[buflen++] = page_code ; // this page
391 outbuf[buflen++] = 0x00;
392
393 switch (page_code) {
394 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 395 {
396 int pages;
0b06c059
GH		 397 DPRINTF("Inquiry EVPD[Supported pages] "
398 "buffer size %zd\n", req->cmd.xfer);
39d98982 399 pages = buflen++;
0b06c059
GH		 400 outbuf[buflen++] = 0x00; // list of supported pages (this page)
401 outbuf[buflen++] = 0x80; // unit serial number
402 outbuf[buflen++] = 0x83; // device identification
b443ae67 403 if (s->drive_kind == SCSI_HD) {
ea3bd56f
CH		 404 outbuf[buflen++] = 0xb0; // block limits
405 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 406 }
407 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 408 break;
39d98982 409 }
0b06c059
GH		 410 case 0x80: /* Device serial number, optional */
411 {
a0fef654 412 int l = strlen(s->serial);
0b06c059
GH		 413
414 if (l > req->cmd.xfer)
415 l = req->cmd.xfer;
416 if (l > 20)
417 l = 20;
418
419 DPRINTF("Inquiry EVPD[Serial number] "
420 "buffer size %zd\n", req->cmd.xfer);
421 outbuf[buflen++] = l;
a0fef654 422 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 423 buflen += l;
424 break;
425 }
426
427 case 0x83: /* Device identification page, mandatory */
428 {
429 int max_len = 255 - 8;
428c149b 430 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 431
432 if (id_len > max_len)
433 id_len = max_len;
434 DPRINTF("Inquiry EVPD[Device identification] "
435 "buffer size %zd\n", req->cmd.xfer);
436
39d98982 437 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 438 outbuf[buflen++] = 0x2; // ASCII
439 outbuf[buflen++] = 0; // not officially assigned
440 outbuf[buflen++] = 0; // reserved
441 outbuf[buflen++] = id_len; // length of data following
442
428c149b 443 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 444 buflen += id_len;
445 break;
446 }
ea3bd56f 447 case 0xb0: /* block limits */
ee3659e3 448 {
ea3bd56f
CH		 449 unsigned int unmap_sectors =
450 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 451 unsigned int min_io_size =
452 s->qdev.conf.min_io_size / s->qdev.blocksize;
453 unsigned int opt_io_size =
454 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 455
b443ae67 456 if (s->drive_kind == SCSI_CD) {
39d98982
HR		 457 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
458 page_code);
459 return -1;
460 }
ee3659e3
CH		 461 /* required VPD size with unmap support */
462 outbuf[3] = buflen = 0x3c;
463
464 memset(outbuf + 4, 0, buflen - 4);
465
466 /* optimal transfer length granularity */
467 outbuf[6] = (min_io_size >> 8) & 0xff;
468 outbuf[7] = min_io_size & 0xff;
469
470 /* optimal transfer length */
471 outbuf[12] = (opt_io_size >> 24) & 0xff;
472 outbuf[13] = (opt_io_size >> 16) & 0xff;
473 outbuf[14] = (opt_io_size >> 8) & 0xff;
474 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 475
476 /* optimal unmap granularity */
477 outbuf[28] = (unmap_sectors >> 24) & 0xff;
478 outbuf[29] = (unmap_sectors >> 16) & 0xff;
479 outbuf[30] = (unmap_sectors >> 8) & 0xff;
480 outbuf[31] = unmap_sectors & 0xff;
481 break;
482 }
483 case 0xb2: /* thin provisioning */
484 {
485 outbuf[3] = buflen = 8;
486 outbuf[4] = 0;
487 outbuf[5] = 0x40; /* write same with unmap supported */
488 outbuf[6] = 0;
489 outbuf[7] = 0;
ee3659e3
CH		 490 break;
491 }
0b06c059
GH		 492 default:
493 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
494 "buffer size %zd\n", page_code, req->cmd.xfer);
495 return -1;
496 }
497 /* done with EVPD */
498 return buflen;
499 }
500
501 /* Standard INQUIRY data */
502 if (req->cmd.buf[2] != 0) {
503 BADF("Error: Inquiry (STANDARD) page or code "
504 "is non-zero [%02X]\n", req->cmd.buf[2]);
505 return -1;
506 }
507
508 /* PAGE CODE == 0 */
509 if (req->cmd.xfer < 5) {
510 BADF("Error: Inquiry (STANDARD) buffer size %zd "
511 "is less than 5\n", req->cmd.xfer);
512 return -1;
513 }
514
0b06c059
GH		 515 buflen = req->cmd.xfer;
516 if (buflen > SCSI_MAX_INQUIRY_LEN)
517 buflen = SCSI_MAX_INQUIRY_LEN;
518
519 memset(outbuf, 0, buflen);
520
1455084e 521 if (req->lun) {
0b06c059
GH		 522 outbuf[0] = 0x7f; /* LUN not supported */
523 return buflen;
524 }
525
b443ae67 526 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 527 outbuf[0] = 5;
528 outbuf[1] = 0x80;
550fe6c6 529 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059
GH		 530 } else {
531 outbuf[0] = 0;
419e691f 532 outbuf[1] = s->removable ? 0x80 : 0;
550fe6c6 533 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 534 }
550fe6c6 535 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 536 memset(&outbuf[32], 0, 4);
552fee93 537 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 538 /*
539 * We claim conformance to SPC-3, which is required for guests
540 * to ask for modern features like READ CAPACITY(16) or the
541 * block characteristics VPD page by default. Not all of SPC-3
542 * is actually implemented, but we're good enough.
543 */
ee3659e3 544 outbuf[2] = 5;
0b06c059 545 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 546
547 if (buflen > 36) {
548 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
549 } else {
550 /* If the allocation length of CDB is too small,
551 the additional length is not adjusted */
552 outbuf[4] = 36 - 5;
553 }
554
0b06c059
GH		 555 /* Sync data transfer and TCQ. */
556 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
557 return buflen;
558}
559
282ab04e
BK		 560static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
561 int page_control)
ebddfcbe
GH		 562{
563 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
428c149b 564 BlockDriverState *bdrv = s->bs;
ebddfcbe
GH		 565 int cylinders, heads, secs;
566
282ab04e
BK		 567 /*
568 * If Changeable Values are requested, a mask denoting those mode parameters
569 * that are changeable shall be returned. As we currently don't support
570 * parameter changes via MODE_SELECT all bits are returned set to zero.
571 * The buffer was already menset to zero by the caller of this function.
572 */
ebddfcbe
GH		 573 switch (page) {
574 case 4: /* Rigid disk device geometry page. */
575 p[0] = 4;
576 p[1] = 0x16;
282ab04e
BK		 577 if (page_control == 1) { /* Changeable Values */
578 return p[1] + 2;
579 }
ebddfcbe
GH		 580 /* if a geometry hint is available, use it */
581 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
582 p[2] = (cylinders >> 16) & 0xff;
583 p[3] = (cylinders >> 8) & 0xff;
584 p[4] = cylinders & 0xff;
585 p[5] = heads & 0xff;
586 /* Write precomp start cylinder, disabled */
587 p[6] = (cylinders >> 16) & 0xff;
588 p[7] = (cylinders >> 8) & 0xff;
589 p[8] = cylinders & 0xff;
590 /* Reduced current start cylinder, disabled */
591 p[9] = (cylinders >> 16) & 0xff;
592 p[10] = (cylinders >> 8) & 0xff;
593 p[11] = cylinders & 0xff;
594 /* Device step rate [ns], 200ns */
595 p[12] = 0;
596 p[13] = 200;
597 /* Landing zone cylinder */
598 p[14] = 0xff;
599 p[15] = 0xff;
600 p[16] = 0xff;
601 /* Medium rotation rate [rpm], 5400 rpm */
602 p[20] = (5400 >> 8) & 0xff;
603 p[21] = 5400 & 0xff;
282ab04e 604 return p[1] + 2;
ebddfcbe
GH		 605
606 case 5: /* Flexible disk device geometry page. */
607 p[0] = 5;
608 p[1] = 0x1e;
282ab04e
BK		 609 if (page_control == 1) { /* Changeable Values */
610 return p[1] + 2;
611 }
ebddfcbe
GH		 612 /* Transfer rate [kbit/s], 5Mbit/s */
613 p[2] = 5000 >> 8;
614 p[3] = 5000 & 0xff;
615 /* if a geometry hint is available, use it */
616 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
617 p[4] = heads & 0xff;
618 p[5] = secs & 0xff;
619 p[6] = s->cluster_size * 2;
620 p[8] = (cylinders >> 8) & 0xff;
621 p[9] = cylinders & 0xff;
622 /* Write precomp start cylinder, disabled */
623 p[10] = (cylinders >> 8) & 0xff;
624 p[11] = cylinders & 0xff;
625 /* Reduced current start cylinder, disabled */
626 p[12] = (cylinders >> 8) & 0xff;
627 p[13] = cylinders & 0xff;
628 /* Device step rate [100us], 100us */
629 p[14] = 0;
630 p[15] = 1;
631 /* Device step pulse width [us], 1us */
632 p[16] = 1;
633 /* Device head settle delay [100us], 100us */
634 p[17] = 0;
635 p[18] = 1;
636 /* Motor on delay [0.1s], 0.1s */
637 p[19] = 1;
638 /* Motor off delay [0.1s], 0.1s */
639 p[20] = 1;
640 /* Medium rotation rate [rpm], 5400 rpm */
641 p[28] = (5400 >> 8) & 0xff;
642 p[29] = 5400 & 0xff;
282ab04e 643 return p[1] + 2;
ebddfcbe
GH		 644
645 case 8: /* Caching page. */
646 p[0] = 8;
647 p[1] = 0x12;
282ab04e
BK		 648 if (page_control == 1) { /* Changeable Values */
649 return p[1] + 2;
650 }
428c149b 651 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 652 p[2] = 4; /* WCE */
653 }
282ab04e 654 return p[1] + 2;
ebddfcbe
GH		 655
656 case 0x2a: /* CD Capabilities and Mechanical Status page. */
b443ae67 657 if (s->drive_kind != SCSI_CD)
ebddfcbe
GH		 658 return 0;
659 p[0] = 0x2a;
660 p[1] = 0x14;
282ab04e
BK		 661 if (page_control == 1) { /* Changeable Values */
662 return p[1] + 2;
663 }
ebddfcbe
GH		 664 p[2] = 3; // CD-R & CD-RW read
665 p[3] = 0; // Writing not supported
666 p[4] = 0x7f; /* Audio, composite, digital out,
667 mode 2 form 1&2, multi session */
668 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
669 RW corrected, C2 errors, ISRC,
670 UPC, Bar code */
428c149b 671 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
ebddfcbe
GH		 672 /* Locking supported, jumper present, eject, tray */
673 p[7] = 0; /* no volume & mute control, no
674 changer */
675 p[8] = (50 * 176) >> 8; // 50x read speed
676 p[9] = (50 * 176) & 0xff;
677 p[10] = 0 >> 8; // No volume
678 p[11] = 0 & 0xff;
679 p[12] = 2048 >> 8; // 2M buffer
680 p[13] = 2048 & 0xff;
681 p[14] = (16 * 176) >> 8; // 16x read speed current
682 p[15] = (16 * 176) & 0xff;
683 p[18] = (16 * 176) >> 8; // 16x write speed
684 p[19] = (16 * 176) & 0xff;
685 p[20] = (16 * 176) >> 8; // 16x write speed current
686 p[21] = (16 * 176) & 0xff;
282ab04e 687 return p[1] + 2;
ebddfcbe
GH		 688
689 default:
690 return 0;
691 }
692}
693
694static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
695{
696 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ebddfcbe 697 uint64_t nb_sectors;
282ab04e 698 int page, dbd, buflen, page_control;
ebddfcbe 699 uint8_t *p;
ce512ee1 700 uint8_t dev_specific_param;
ebddfcbe
GH		 701
702 dbd = req->cmd.buf[1] & 0x8;
703 page = req->cmd.buf[2] & 0x3f;
282ab04e 704 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
aa2b1e89
BK		 705 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
706 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
ebddfcbe
GH		 707 memset(outbuf, 0, req->cmd.xfer);
708 p = outbuf;
709
0056dcc1 710 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 711 dev_specific_param = 0x80; /* Readonly. */
712 } else {
713 dev_specific_param = 0x00;
714 }
715
716 if (req->cmd.buf[0] == MODE_SENSE) {
717 p[1] = 0; /* Default media type. */
718 p[2] = dev_specific_param;
719 p[3] = 0; /* Block descriptor length. */
720 p += 4;
721 } else { /* MODE_SENSE_10 */
722 p[2] = 0; /* Default media type. */
723 p[3] = dev_specific_param;
724 p[6] = p[7] = 0; /* Block descriptor length. */
725 p += 8;
ebddfcbe 726 }
ebddfcbe 727
428c149b 728 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 729 if (!dbd && nb_sectors) {
ce512ee1
BK		 730 if (req->cmd.buf[0] == MODE_SENSE) {
731 outbuf[3] = 8; /* Block descriptor length */
732 } else { /* MODE_SENSE_10 */
733 outbuf[7] = 8; /* Block descriptor length */
734 }
ebddfcbe 735 nb_sectors /= s->cluster_size;
ebddfcbe 736 if (nb_sectors > 0xffffff)
2488b740 737 nb_sectors = 0;
ebddfcbe
GH		 738 p[0] = 0; /* media density code */
739 p[1] = (nb_sectors >> 16) & 0xff;
740 p[2] = (nb_sectors >> 8) & 0xff;
741 p[3] = nb_sectors & 0xff;
742 p[4] = 0; /* reserved */
743 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
744 p[6] = s->cluster_size * 2;
745 p[7] = 0;
746 p += 8;
747 }
748
282ab04e
BK		 749 if (page_control == 3) { /* Saved Values */
750 return -1; /* ILLEGAL_REQUEST */
751 }
752
ebddfcbe
GH		 753 switch (page) {
754 case 0x04:
755 case 0x05:
756 case 0x08:
757 case 0x2a:
282ab04e 758 p += mode_sense_page(req, page, p, page_control);
ebddfcbe
GH		 759 break;
760 case 0x3f:
282ab04e
BK		 761 p += mode_sense_page(req, 0x08, p, page_control);
762 p += mode_sense_page(req, 0x2a, p, page_control);
ebddfcbe 763 break;
a9c17b2b
BK		 764 default:
765 return -1; /* ILLEGAL_REQUEST */
ebddfcbe
GH		 766 }
767
768 buflen = p - outbuf;
ce512ee1
BK		 769 /*
770 * The mode data length field specifies the length in bytes of the
771 * following data that is available to be transferred. The mode data
772 * length does not include itself.
773 */
774 if (req->cmd.buf[0] == MODE_SENSE) {
775 outbuf[0] = buflen - 1;
776 } else { /* MODE_SENSE_10 */
777 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
778 outbuf[1] = (buflen - 2) & 0xff;
779 }
ebddfcbe
GH		 780 if (buflen > req->cmd.xfer)
781 buflen = req->cmd.xfer;
782 return buflen;
783}
784
02880f43
GH		 785static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
786{
787 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 788 int start_track, format, msf, toclen;
789 uint64_t nb_sectors;
790
791 msf = req->cmd.buf[1] & 2;
792 format = req->cmd.buf[2] & 0xf;
793 start_track = req->cmd.buf[6];
428c149b 794 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 795 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
796 nb_sectors /= s->cluster_size;
797 switch (format) {
798 case 0:
799 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
800 break;
801 case 1:
802 /* multi session : only a single session defined */
803 toclen = 12;
804 memset(outbuf, 0, 12);
805 outbuf[1] = 0x0a;
806 outbuf[2] = 0x01;
807 outbuf[3] = 0x01;
808 break;
809 case 2:
810 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
811 break;
812 default:
813 return -1;
814 }
815 if (toclen > req->cmd.xfer)
816 toclen = req->cmd.xfer;
817 return toclen;
818}
819
8af7a3ab 820static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
aa5dbdc1 821{
8af7a3ab 822 SCSIRequest *req = &r->req;
e7e25e32 823 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 824 uint64_t nb_sectors;
aa5dbdc1 825 int buflen = 0;
78ced65e 826 int ret;
aa5dbdc1
GH		 827
828 switch (req->cmd.buf[0]) {
829 case TEST_UNIT_READY:
428c149b 830 if (!bdrv_is_inserted(s->bs))
aa5dbdc1
GH		 831 goto not_ready;
832 break;
51ad87c9
GH		 833 case REQUEST_SENSE:
834 if (req->cmd.xfer < 4)
835 goto illegal_request;
a1f0cce2
HR		 836 buflen = scsi_build_sense(s->sense, outbuf, req->cmd.xfer,
837 req->cmd.xfer > 13);
a6d96eb7 838 scsi_disk_clear_sense(s);
51ad87c9 839 break;
0b06c059
GH		 840 case INQUIRY:
841 buflen = scsi_disk_emulate_inquiry(req, outbuf);
842 if (buflen < 0)
843 goto illegal_request;
844 break;
ebddfcbe
GH		 845 case MODE_SENSE:
846 case MODE_SENSE_10:
847 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
848 if (buflen < 0)
849 goto illegal_request;
850 break;
02880f43
GH		 851 case READ_TOC:
852 buflen = scsi_disk_emulate_read_toc(req, outbuf);
853 if (buflen < 0)
854 goto illegal_request;
855 break;
3d53ba18
GH		 856 case RESERVE:
857 if (req->cmd.buf[1] & 1)
858 goto illegal_request;
859 break;
860 case RESERVE_10:
861 if (req->cmd.buf[1] & 3)
862 goto illegal_request;
863 break;
864 case RELEASE:
865 if (req->cmd.buf[1] & 1)
866 goto illegal_request;
867 break;
868 case RELEASE_10:
869 if (req->cmd.buf[1] & 3)
870 goto illegal_request;
871 break;
8d3628ff 872 case START_STOP:
b443ae67 873 if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
8d3628ff 874 /* load/eject medium */
428c149b 875 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
8d3628ff
GH		 876 }
877 break;
c68b9f34 878 case ALLOW_MEDIUM_REMOVAL:
428c149b 879 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
c68b9f34 880 break;
e7e25e32
GH		 881 case READ_CAPACITY:
882 /* The normal LEN field for this command is zero. */
883 memset(outbuf, 0, 8);
428c149b 884 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 885 if (!nb_sectors)
886 goto not_ready;
887 nb_sectors /= s->cluster_size;
888 /* Returned value is the address of the last sector. */
889 nb_sectors--;
890 /* Remember the new size for read/write sanity checking. */
891 s->max_lba = nb_sectors;
892 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
893 if (nb_sectors > UINT32_MAX)
894 nb_sectors = UINT32_MAX;
895 outbuf[0] = (nb_sectors >> 24) & 0xff;
896 outbuf[1] = (nb_sectors >> 16) & 0xff;
897 outbuf[2] = (nb_sectors >> 8) & 0xff;
898 outbuf[3] = nb_sectors & 0xff;
899 outbuf[4] = 0;
900 outbuf[5] = 0;
901 outbuf[6] = s->cluster_size * 2;
902 outbuf[7] = 0;
903 buflen = 8;
904 break;
fc903943 905 case SYNCHRONIZE_CACHE:
78ced65e
KW		 906 ret = bdrv_flush(s->bs);
907 if (ret < 0) {
908 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
909 return -1;
910 }
911 }
fc903943 912 break;
38215553
GH		 913 case GET_CONFIGURATION:
914 memset(outbuf, 0, 8);
915 /* ??? This should probably return much more information. For now
916 just return the basic header indicating the CD-ROM profile. */
917 outbuf[7] = 8; // CD-ROM
918 buflen = 8;
919 break;
5dd90e2a
GH		 920 case SERVICE_ACTION_IN:
921 /* Service Action In subcommands. */
922 if ((req->cmd.buf[1] & 31) == 0x10) {
923 DPRINTF("SAI READ CAPACITY(16)\n");
924 memset(outbuf, 0, req->cmd.xfer);
428c149b 925 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 926 if (!nb_sectors)
927 goto not_ready;
928 nb_sectors /= s->cluster_size;
929 /* Returned value is the address of the last sector. */
930 nb_sectors--;
931 /* Remember the new size for read/write sanity checking. */
932 s->max_lba = nb_sectors;
933 outbuf[0] = (nb_sectors >> 56) & 0xff;
934 outbuf[1] = (nb_sectors >> 48) & 0xff;
935 outbuf[2] = (nb_sectors >> 40) & 0xff;
936 outbuf[3] = (nb_sectors >> 32) & 0xff;
937 outbuf[4] = (nb_sectors >> 24) & 0xff;
938 outbuf[5] = (nb_sectors >> 16) & 0xff;
939 outbuf[6] = (nb_sectors >> 8) & 0xff;
940 outbuf[7] = nb_sectors & 0xff;
941 outbuf[8] = 0;
942 outbuf[9] = 0;
943 outbuf[10] = s->cluster_size * 2;
944 outbuf[11] = 0;
ee3659e3
CH		 945 outbuf[12] = 0;
946 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 947
948 /* set TPE bit if the format supports discard */
949 if (s->qdev.conf.discard_granularity) {
950 outbuf[14] = 0x80;
951 }
952
5dd90e2a
GH		 953 /* Protection, exponent and lowest lba field left blank. */
954 buflen = req->cmd.xfer;
955 break;
956 }
957 DPRINTF("Unsupported Service Action In\n");
958 goto illegal_request;
39ec9a50
GH		 959 case REPORT_LUNS:
960 if (req->cmd.xfer < 16)
961 goto illegal_request;
962 memset(outbuf, 0, 16);
963 outbuf[3] = 8;
964 buflen = 16;
965 break;
88f8a5ed
GH		 966 case VERIFY:
967 break;
ebef0bbb
BK		 968 case REZERO_UNIT:
969 DPRINTF("Rezero Unit\n");
970 if (!bdrv_is_inserted(s->bs)) {
971 goto not_ready;
972 }
973 break;
aa5dbdc1 974 default:
a1f0cce2
HR		 975 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
976 return -1;
aa5dbdc1 977 }
a1f0cce2 978 scsi_req_set_status(r, GOOD, SENSE_CODE(NO_SENSE));
aa5dbdc1
GH		 979 return buflen;
980
981not_ready:
a1f0cce2
HR		 982 if (!bdrv_is_inserted(s->bs)) {
983 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(NO_MEDIUM));
984 } else {
985 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LUN_NOT_READY));
986 }
8af7a3ab 987 return -1;
aa5dbdc1
GH		 988
989illegal_request:
a1f0cce2 990 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
8af7a3ab 991 return -1;
aa5dbdc1
GH		 992}
993
2e5d83bb
PB		 994/* Execute a scsi command. Returns the length of the data expected by the
995 command. This will be Positive for data transfers from the device
996 (eg. disk reads), negative for transfers to the device (eg. disk writes),
997 and zero if the command does not transfer any data. */
998
5c6c0e51 999static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1000{
5c6c0e51
HR		 1001 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1002 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1003 int32_t len;
a917d384
PB		 1004 uint8_t command;
1005 uint8_t *outbuf;
aa5dbdc1 1006 int rc;
a917d384
PB		 1007
1008 command = buf[0];
3f4cb3d3 1009 outbuf = (uint8_t *)r->iov.iov_base;
a917d384 1010 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2dd791b6
HR		 1011
1012 if (scsi_req_parse(&r->req, buf) != 0) {
a917d384 1013 BADF("Unsupported command length, command %x\n", command);
a1f0cce2
HR		 1014 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1015 return 0;
2e5d83bb
PB		 1016 }
1017#ifdef DEBUG_SCSI
1018 {
1019 int i;
2dd791b6 1020 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1021 printf(" 0x%02x", buf[i]);
1022 }
1023 printf("\n");
1024 }
1025#endif
aa5dbdc1 1026
1455084e 1027 if (req->lun) {
2e5d83bb 1028 /* Only LUN 0 supported. */
1455084e 1029 DPRINTF("Unimplemented LUN %d\n", req->lun);
a1f0cce2
HR		 1030 if (command != REQUEST_SENSE && command != INQUIRY) {
1031 scsi_command_complete(r, CHECK_CONDITION,
1032 SENSE_CODE(LUN_NOT_SUPPORTED));
1033 return 0;
1034 }
2e5d83bb 1035 }
a917d384 1036 switch (command) {
ebf46023 1037 case TEST_UNIT_READY:
51ad87c9 1038 case REQUEST_SENSE:
0b06c059 1039 case INQUIRY:
ebddfcbe
GH		 1040 case MODE_SENSE:
1041 case MODE_SENSE_10:
3d53ba18
GH		 1042 case RESERVE:
1043 case RESERVE_10:
1044 case RELEASE:
1045 case RELEASE_10:
8d3628ff 1046 case START_STOP:
c68b9f34 1047 case ALLOW_MEDIUM_REMOVAL:
e7e25e32 1048 case READ_CAPACITY:
fc903943 1049 case SYNCHRONIZE_CACHE:
02880f43 1050 case READ_TOC:
38215553 1051 case GET_CONFIGURATION:
5dd90e2a 1052 case SERVICE_ACTION_IN:
39ec9a50 1053 case REPORT_LUNS:
88f8a5ed 1054 case VERIFY:
ebef0bbb 1055 case REZERO_UNIT:
8af7a3ab
KW		 1056 rc = scsi_disk_emulate_command(r, outbuf);
1057 if (rc < 0) {
0b06c059 1058 return 0;
aa5dbdc1 1059 }
8af7a3ab
KW		 1060
1061 r->iov.iov_len = rc;
0b06c059 1062 break;
ebf46023
GH		 1063 case READ_6:
1064 case READ_10:
bd536cf3
GH		 1065 case READ_12:
1066 case READ_16:
5c6c0e51 1067 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6
HR		 1068 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1069 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1070 goto illegal_lba;
2dd791b6 1071 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1072 r->sector_count = len * s->cluster_size;
2e5d83bb 1073 break;
ebf46023
GH		 1074 case WRITE_6:
1075 case WRITE_10:
bd536cf3
GH		 1076 case WRITE_12:
1077 case WRITE_16:
ebef0bbb
BK		 1078 case WRITE_VERIFY:
1079 case WRITE_VERIFY_12:
1080 case WRITE_VERIFY_16:
5c6c0e51 1081 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1082 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1083 (command & 0xe) == 0xe ? "And Verify " : "",
1084 r->req.cmd.lba, len);
1085 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1086 goto illegal_lba;
2dd791b6 1087 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1088 r->sector_count = len * s->cluster_size;
2e5d83bb 1089 break;
ebef0bbb 1090 case MODE_SELECT:
2dd791b6 1091 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1092 /* We don't support mode parameter changes.
1093 Allow the mode parameter header + block descriptors only. */
2dd791b6 1094 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1095 goto fail;
1096 }
1097 break;
1098 case MODE_SELECT_10:
2dd791b6 1099 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1100 /* We don't support mode parameter changes.
1101 Allow the mode parameter header + block descriptors only. */
2dd791b6 1102 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1103 goto fail;
1104 }
1105 break;
1106 case SEEK_6:
1107 case SEEK_10:
2dd791b6
HR		 1108 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1109 r->req.cmd.lba);
1110 if (r->req.cmd.lba > s->max_lba) {
ebef0bbb
BK		 1111 goto illegal_lba;
1112 }
ea3bd56f
CH		 1113 break;
1114 case WRITE_SAME_16:
5c6c0e51 1115 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1116
1117 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1118 r->req.cmd.lba, len);
1119
1120 if (r->req.cmd.lba > s->max_lba) {
1121 goto illegal_lba;
1122 }
1123
1124 /*
1125 * We only support WRITE SAME with the unmap bit set for now.
1126 */
1127 if (!(buf[1] & 0x8)) {
1128 goto fail;
1129 }
1130
1131 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1132 len * s->cluster_size);
1133 if (rc < 0) {
1134 /* XXX: better error code ?*/
1135 goto fail;
1136 }
1137
ebef0bbb 1138 break;
2e5d83bb 1139 default:
2dd791b6 1140 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
a1f0cce2
HR		 1141 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1142 return 0;
2e5d83bb 1143 fail:
a1f0cce2 1144 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
2dd791b6 1145 return 0;
274fb0e1 1146 illegal_lba:
a1f0cce2 1147 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1148 return 0;
2e5d83bb 1149 }
c87c0672 1150 if (r->sector_count == 0 && r->iov.iov_len == 0) {
a1f0cce2 1151 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384 1152 }
c87c0672 1153 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1154 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1155 return -len;
a917d384
PB		 1156 } else {
1157 if (!r->sector_count)
1158 r->sector_count = -1;
efb9ee02 1159 return len;
2e5d83bb 1160 }
2e5d83bb
PB		 1161}
1162
e9447f35
JK		 1163static void scsi_disk_reset(DeviceState *dev)
1164{
1165 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1166 uint64_t nb_sectors;
1167
c557e889 1168 scsi_device_purge_requests(&s->qdev);
e9447f35
JK		 1169
1170 bdrv_get_geometry(s->bs, &nb_sectors);
1171 nb_sectors /= s->cluster_size;
1172 if (nb_sectors) {
1173 nb_sectors--;
1174 }
1175 s->max_lba = nb_sectors;
1176}
1177
1178static void scsi_destroy(SCSIDevice *dev)
1179{
1180 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1181
c557e889 1182 scsi_device_purge_requests(&s->qdev);
f8b6cc00 1183 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1184}
1185
b443ae67 1186static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
2e5d83bb 1187{
d52affa7 1188 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1189 DriveInfo *dinfo;
2e5d83bb 1190
f8b6cc00 1191 if (!s->qdev.conf.bs) {
1ecda02b 1192 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1193 return -1;
1194 }
f8b6cc00 1195 s->bs = s->qdev.conf.bs;
b443ae67 1196 s->drive_kind = kind;
d52affa7 1197
b443ae67 1198 if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
98f28ad7
MA		 1199 error_report("Device needs media, but drive is empty");
1200 return -1;
1201 }
1202
a0fef654 1203 if (!s->serial) {
f8b6cc00
MA		 1204 /* try to fall back to value set with legacy -drive serial=... */
1205 dinfo = drive_get_by_blockdev(s->bs);
1206 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
a0fef654
MA		 1207 }
1208
552fee93
MA		 1209 if (!s->version) {
1210 s->version = qemu_strdup(QEMU_VERSION);
1211 }
1212
32bb404a 1213 if (bdrv_is_sg(s->bs)) {
1ecda02b 1214 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1215 return -1;
1216 }
1217
b443ae67 1218 if (kind == SCSI_CD) {
8cfacf07 1219 s->qdev.blocksize = 2048;
2e5d83bb 1220 } else {
8cfacf07 1221 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2e5d83bb 1222 }
8cfacf07 1223 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1224 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1225
91376656 1226 s->qdev.type = TYPE_DISK;
ea8a5d7f 1227 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
b443ae67 1228 bdrv_set_removable(s->bs, kind == SCSI_CD);
1ca4d09a 1229 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
d52affa7
GH		 1230 return 0;
1231}
1232
b443ae67
MA		 1233static int scsi_hd_initfn(SCSIDevice *dev)
1234{
1235 return scsi_initfn(dev, SCSI_HD);
1236}
1237
1238static int scsi_cd_initfn(SCSIDevice *dev)
1239{
1240 return scsi_initfn(dev, SCSI_CD);
1241}
1242
1243static int scsi_disk_initfn(SCSIDevice *dev)
1244{
1245 SCSIDriveKind kind;
95b5edcd 1246 DriveInfo *dinfo;
b443ae67
MA		 1247
1248 if (!dev->conf.bs) {
1249 kind = SCSI_HD; /* will die in scsi_initfn() */
1250 } else {
95b5edcd
MA		 1251 dinfo = drive_get_by_blockdev(dev->conf.bs);
1252 kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
b443ae67
MA		 1253 }
1254
1255 return scsi_initfn(dev, kind);
1256}
1257
1258#define DEFINE_SCSI_DISK_PROPERTIES() \
1259 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1260 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1261 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1262
1263static SCSIDeviceInfo scsi_disk_info[] = {
1264 {
1265 .qdev.name = "scsi-hd",
1266 .qdev.fw_name = "disk",
1267 .qdev.desc = "virtual SCSI disk",
1268 .qdev.size = sizeof(SCSIDiskState),
1269 .qdev.reset = scsi_disk_reset,
1270 .init = scsi_hd_initfn,
1271 .destroy = scsi_destroy,
5c6c0e51 1272 .alloc_req = scsi_new_request,
ad2d30f7 1273 .free_req = scsi_free_request,
b443ae67
MA		 1274 .send_command = scsi_send_command,
1275 .read_data = scsi_read_data,
1276 .write_data = scsi_write_data,
1277 .cancel_io = scsi_cancel_io,
1278 .get_buf = scsi_get_buf,
74382217 1279 .get_sense = scsi_get_sense,
b443ae67
MA		 1280 .qdev.props = (Property[]) {
1281 DEFINE_SCSI_DISK_PROPERTIES(),
1282 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1283 DEFINE_PROP_END_OF_LIST(),
1284 }
1285 },{
1286 .qdev.name = "scsi-cd",
1287 .qdev.fw_name = "disk",
1288 .qdev.desc = "virtual SCSI CD-ROM",
1289 .qdev.size = sizeof(SCSIDiskState),
1290 .qdev.reset = scsi_disk_reset,
1291 .init = scsi_cd_initfn,
1292 .destroy = scsi_destroy,
5c6c0e51 1293 .alloc_req = scsi_new_request,
ad2d30f7 1294 .free_req = scsi_free_request,
b443ae67
MA		 1295 .send_command = scsi_send_command,
1296 .read_data = scsi_read_data,
1297 .write_data = scsi_write_data,
1298 .cancel_io = scsi_cancel_io,
1299 .get_buf = scsi_get_buf,
74382217 1300 .get_sense = scsi_get_sense,
b443ae67
MA		 1301 .qdev.props = (Property[]) {
1302 DEFINE_SCSI_DISK_PROPERTIES(),
1303 DEFINE_PROP_END_OF_LIST(),
1304 },
1305 },{
1306 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1307 .qdev.fw_name = "disk",
1308 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1309 .qdev.size = sizeof(SCSIDiskState),
1310 .qdev.reset = scsi_disk_reset,
1311 .init = scsi_disk_initfn,
1312 .destroy = scsi_destroy,
5c6c0e51 1313 .alloc_req = scsi_new_request,
ad2d30f7 1314 .free_req = scsi_free_request,
b443ae67
MA		 1315 .send_command = scsi_send_command,
1316 .read_data = scsi_read_data,
1317 .write_data = scsi_write_data,
1318 .cancel_io = scsi_cancel_io,
1319 .get_buf = scsi_get_buf,
74382217 1320 .get_sense = scsi_get_sense,
b443ae67
MA		 1321 .qdev.props = (Property[]) {
1322 DEFINE_SCSI_DISK_PROPERTIES(),
1323 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1324 DEFINE_PROP_END_OF_LIST(),
1325 }
1326 }
d52affa7
GH		 1327};
1328
1329static void scsi_disk_register_devices(void)
1330{
b443ae67
MA		 1331 int i;
1332
1333 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1334 scsi_qdev_register(&scsi_disk_info[i]);
1335 }
8ccc2ace 1336}
d52affa7 1337device_init(scsi_disk_register_devices)
Qemu copy for testing