]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi: introduce scsi_req_get_buf
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb
PB		 14 *
15 * This code is licenced under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
5dba48a8
KW		 44#define SCSI_REQ_STATUS_RETRY 0x01
45#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46#define SCSI_REQ_STATUS_RETRY_READ 0x00
47#define SCSI_REQ_STATUS_RETRY_WRITE 0x02
78ced65e 48#define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
ea8a5d7f 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
e035b43d 54 /* ??? We should probably keep track of whether the data transfer is
2e5d83bb 55 a read or a write. Currently we rely on the host getting it right. */
a917d384 56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 57 uint64_t sector;
58 uint32_t sector_count;
c87c0672
AL		 59 struct iovec iov;
60 QEMUIOVector qiov;
ea8a5d7f 61 uint32_t status;
4c41d2ef 62} SCSIDiskReq;
a917d384 63
b443ae67
MA		 64typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
65
d52affa7 66struct SCSIDiskState
a917d384 67{
d52affa7 68 SCSIDevice qdev;
428c149b 69 BlockDriverState *bs;
a917d384
PB		 70 /* The qemu block layer uses a fixed 512 byte sector size.
71 This is the number of 512 byte blocks in a single scsi sector. */
72 int cluster_size;
419e691f 73 uint32_t removable;
274fb0e1 74 uint64_t max_lba;
213189ab 75 QEMUBH *bh;
383b4d9b 76 char *version;
a0fef654 77 char *serial;
a6d96eb7 78 SCSISense sense;
b443ae67 79 SCSIDriveKind drive_kind;
2e5d83bb
PB		 80};
81
5dba48a8 82static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78ced65e 83static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
5dba48a8 84
5c6c0e51 85static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
72aef731 86 uint32_t lun)
2e5d83bb 87{
5c6c0e51 88 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
89b08ae1 89 SCSIRequest *req;
4c41d2ef 90 SCSIDiskReq *r;
a917d384 91
72aef731 92 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
89b08ae1 93 r = DO_UPCAST(SCSIDiskReq, req, req);
72aef731 94 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
5c6c0e51 95 return req;
2e5d83bb
PB		 96}
97
ad2d30f7 98static void scsi_free_request(SCSIRequest *req)
4d611c9a 99{
ad2d30f7
PB		 100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101
f8a83245 102 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 103}
104
a6d96eb7 105static void scsi_disk_clear_sense(SCSIDiskState *s)
ed3a34a3 106{
a6d96eb7
HR		 107 memset(&s->sense, 0, sizeof(s->sense));
108}
109
a1f0cce2 110static void scsi_req_set_status(SCSIDiskReq *r, int status, SCSISense sense)
a6d96eb7
HR		 111{
112 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
113
114 r->req.status = status;
a1f0cce2 115 s->sense = sense;
ed3a34a3
GH		 116}
117
a917d384 118/* Helper function for command completion. */
a1f0cce2 119static void scsi_command_complete(SCSIDiskReq *r, int status, SCSISense sense)
a917d384 120{
a1f0cce2
HR		 121 DPRINTF("Command complete tag=0x%x status=%d sense=%d/%d/%d\n",
122 r->req.tag, status, sense.key, sense.asc, sense.ascq);
a6d96eb7 123 scsi_req_set_status(r, status, sense);
ed3a34a3 124 scsi_req_complete(&r->req);
4d611c9a
PB		 125}
126
127/* Cancel a pending data transfer. */
5c6c0e51 128static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 129{
5c6c0e51
HR		 130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131
132 DPRINTF("Cancel tag=0x%x\n", req->tag);
133 if (r->req.aiocb) {
134 bdrv_aio_cancel(r->req.aiocb);
a917d384 135 }
5c6c0e51 136 r->req.aiocb = NULL;
a917d384
PB		 137}
138
139static void scsi_read_complete(void * opaque, int ret)
140{
4c41d2ef 141 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5dba48a8 142 int n;
a917d384 143
3e94cb02
JK		 144 r->req.aiocb = NULL;
145
a917d384 146 if (ret) {
5dba48a8
KW		 147 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
148 return;
149 }
4d611c9a 150 }
5dba48a8 151
aa2b1e89 152 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 153
5dba48a8
KW		 154 n = r->iov.iov_len / 512;
155 r->sector += n;
156 r->sector_count -= n;
ab9adc88 157 scsi_req_data(&r->req, r->iov.iov_len);
4d611c9a
PB		 158}
159
5dba48a8 160
5c6c0e51
HR		 161/* Read more data from scsi device into buffer. */
162static void scsi_read_data(SCSIRequest *req)
2e5d83bb 163{
5c6c0e51 164 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 165 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 166 uint32_t n;
167
a917d384 168 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 169 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 170 r->sector_count = 0;
ab9adc88 171 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 172 return;
2e5d83bb 173 }
a917d384
PB		 174 DPRINTF("Read sector_count=%d\n", r->sector_count);
175 if (r->sector_count == 0) {
a1f0cce2 176 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384 177 return;
2e5d83bb
PB		 178 }
179
6fa2c95f
SH		 180 /* No data transfer may already be in progress */
181 assert(r->req.aiocb == NULL);
182
a917d384
PB		 183 n = r->sector_count;
184 if (n > SCSI_DMA_BUF_SIZE / 512)
185 n = SCSI_DMA_BUF_SIZE / 512;
186
c87c0672
AL		 187 r->iov.iov_len = n * 512;
188 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 189 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 190 scsi_read_complete, r);
d33ea50a
KW		 191 if (r->req.aiocb == NULL) {
192 scsi_read_complete(r, -EIO);
193 }
2e5d83bb
PB		 194}
195
5dba48a8
KW		 196static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
197{
198 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
4c41d2ef 199 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 200 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
ea8a5d7f 201
380f640f 202 if (action == BLOCK_ERR_IGNORE) {
5dba48a8 203 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 204 return 0;
380f640f 205 }
ea8a5d7f
AL		 206
207 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
208 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8
KW		 209
210 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
211 r->status |= SCSI_REQ_STATUS_RETRY | type;
212
213 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
e07bbac5 214 vm_stop(VMSTOP_DISKFULL);
ea8a5d7f 215 } else {
5dba48a8 216 if (type == SCSI_REQ_STATUS_RETRY_READ) {
ab9adc88 217 scsi_req_data(&r->req, 0);
5dba48a8 218 }
a1f0cce2
HR		 219 if (error == ENOMEM) {
220 scsi_command_complete(r, CHECK_CONDITION,
221 SENSE_CODE(TARGET_FAILURE));
222 } else {
223 scsi_command_complete(r, CHECK_CONDITION,
224 SENSE_CODE(IO_ERROR));
225 }
5dba48a8 226 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f
AL		 227 }
228
229 return 1;
230}
231
4d611c9a
PB		 232static void scsi_write_complete(void * opaque, int ret)
233{
4c41d2ef 234 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 235 uint32_t len;
ea8a5d7f
AL		 236 uint32_t n;
237
4c41d2ef 238 r->req.aiocb = NULL;
4d611c9a
PB		 239
240 if (ret) {
5dba48a8 241 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
ea8a5d7f 242 return;
5dba48a8 243 }
4d611c9a
PB		 244 }
245
c87c0672 246 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 247 r->sector += n;
248 r->sector_count -= n;
a917d384 249 if (r->sector_count == 0) {
a1f0cce2 250 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384
PB		 251 } else {
252 len = r->sector_count * 512;
253 if (len > SCSI_DMA_BUF_SIZE) {
254 len = SCSI_DMA_BUF_SIZE;
255 }
c87c0672 256 r->iov.iov_len = len;
4c41d2ef 257 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
ab9adc88 258 scsi_req_data(&r->req, len);
4d611c9a 259 }
4d611c9a
PB		 260}
261
5c6c0e51 262static int scsi_write_data(SCSIRequest *req)
ea8a5d7f 263{
5c6c0e51 264 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 265 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 266 uint32_t n;
267
6fa2c95f
SH		 268 /* No data transfer may already be in progress */
269 assert(r->req.aiocb == NULL);
270
c87c0672 271 n = r->iov.iov_len / 512;
ea8a5d7f 272 if (n) {
c87c0672 273 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 274 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 275 scsi_write_complete, r);
d33ea50a 276 if (r->req.aiocb == NULL) {
a1f0cce2 277 scsi_write_complete(r, -ENOMEM);
d33ea50a 278 }
ea8a5d7f
AL		 279 } else {
280 /* Invoke completion routine to fetch data from host. */
281 scsi_write_complete(r, 0);
282 }
2e5d83bb 283
a917d384
PB		 284 return 0;
285}
2e5d83bb 286
213189ab 287static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 288{
d52affa7 289 SCSIDiskState *s = opaque;
9af99d98
GH		 290 SCSIRequest *req;
291 SCSIDiskReq *r;
213189ab
MA		 292
293 qemu_bh_delete(s->bh);
294 s->bh = NULL;
ea8a5d7f 295
9af99d98
GH		 296 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
297 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f 298 if (r->status & SCSI_REQ_STATUS_RETRY) {
5dba48a8 299 int status = r->status;
78ced65e
KW		 300 int ret;
301
5dba48a8
KW		 302 r->status &=
303 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
304
305 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
306 case SCSI_REQ_STATUS_RETRY_READ:
5c6c0e51 307 scsi_read_data(&r->req);
5dba48a8
KW		 308 break;
309 case SCSI_REQ_STATUS_RETRY_WRITE:
5c6c0e51 310 scsi_write_data(&r->req);
5dba48a8 311 break;
78ced65e
KW		 312 case SCSI_REQ_STATUS_RETRY_FLUSH:
313 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
314 if (ret == 0) {
a1f0cce2 315 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
78ced65e 316 }
5dba48a8 317 }
ea8a5d7f 318 }
ea8a5d7f
AL		 319 }
320}
321
213189ab
MA		 322static void scsi_dma_restart_cb(void *opaque, int running, int reason)
323{
d52affa7 324 SCSIDiskState *s = opaque;
213189ab
MA		 325
326 if (!running)
327 return;
328
329 if (!s->bh) {
330 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
331 qemu_bh_schedule(s->bh);
332 }
333}
334
a917d384 335/* Return a pointer to the data buffer. */
5c6c0e51 336static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 337{
5c6c0e51 338 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 339
3f4cb3d3 340 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 341}
342
0b06c059
GH		 343static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
344{
383b4d9b 345 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 346 int buflen = 0;
347
348 if (req->cmd.buf[1] & 0x2) {
349 /* Command support data - optional, not implemented */
350 BADF("optional INQUIRY command support request not implemented\n");
351 return -1;
352 }
353
354 if (req->cmd.buf[1] & 0x1) {
355 /* Vital product data */
356 uint8_t page_code = req->cmd.buf[2];
357 if (req->cmd.xfer < 4) {
358 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
359 "less than 4\n", page_code, req->cmd.xfer);
360 return -1;
361 }
362
b443ae67 363 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 364 outbuf[buflen++] = 5;
365 } else {
366 outbuf[buflen++] = 0;
367 }
368 outbuf[buflen++] = page_code ; // this page
369 outbuf[buflen++] = 0x00;
370
371 switch (page_code) {
372 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 373 {
374 int pages;
0b06c059
GH		 375 DPRINTF("Inquiry EVPD[Supported pages] "
376 "buffer size %zd\n", req->cmd.xfer);
39d98982 377 pages = buflen++;
0b06c059
GH		 378 outbuf[buflen++] = 0x00; // list of supported pages (this page)
379 outbuf[buflen++] = 0x80; // unit serial number
380 outbuf[buflen++] = 0x83; // device identification
b443ae67 381 if (s->drive_kind == SCSI_HD) {
ea3bd56f
CH		 382 outbuf[buflen++] = 0xb0; // block limits
383 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 384 }
385 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 386 break;
39d98982 387 }
0b06c059
GH		 388 case 0x80: /* Device serial number, optional */
389 {
a0fef654 390 int l = strlen(s->serial);
0b06c059
GH		 391
392 if (l > req->cmd.xfer)
393 l = req->cmd.xfer;
394 if (l > 20)
395 l = 20;
396
397 DPRINTF("Inquiry EVPD[Serial number] "
398 "buffer size %zd\n", req->cmd.xfer);
399 outbuf[buflen++] = l;
a0fef654 400 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 401 buflen += l;
402 break;
403 }
404
405 case 0x83: /* Device identification page, mandatory */
406 {
407 int max_len = 255 - 8;
428c149b 408 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 409
410 if (id_len > max_len)
411 id_len = max_len;
412 DPRINTF("Inquiry EVPD[Device identification] "
413 "buffer size %zd\n", req->cmd.xfer);
414
39d98982 415 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 416 outbuf[buflen++] = 0x2; // ASCII
417 outbuf[buflen++] = 0; // not officially assigned
418 outbuf[buflen++] = 0; // reserved
419 outbuf[buflen++] = id_len; // length of data following
420
428c149b 421 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 422 buflen += id_len;
423 break;
424 }
ea3bd56f 425 case 0xb0: /* block limits */
ee3659e3 426 {
ea3bd56f
CH		 427 unsigned int unmap_sectors =
428 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 429 unsigned int min_io_size =
430 s->qdev.conf.min_io_size / s->qdev.blocksize;
431 unsigned int opt_io_size =
432 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 433
b443ae67 434 if (s->drive_kind == SCSI_CD) {
39d98982
HR		 435 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
436 page_code);
437 return -1;
438 }
ee3659e3
CH		 439 /* required VPD size with unmap support */
440 outbuf[3] = buflen = 0x3c;
441
442 memset(outbuf + 4, 0, buflen - 4);
443
444 /* optimal transfer length granularity */
445 outbuf[6] = (min_io_size >> 8) & 0xff;
446 outbuf[7] = min_io_size & 0xff;
447
448 /* optimal transfer length */
449 outbuf[12] = (opt_io_size >> 24) & 0xff;
450 outbuf[13] = (opt_io_size >> 16) & 0xff;
451 outbuf[14] = (opt_io_size >> 8) & 0xff;
452 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 453
454 /* optimal unmap granularity */
455 outbuf[28] = (unmap_sectors >> 24) & 0xff;
456 outbuf[29] = (unmap_sectors >> 16) & 0xff;
457 outbuf[30] = (unmap_sectors >> 8) & 0xff;
458 outbuf[31] = unmap_sectors & 0xff;
459 break;
460 }
461 case 0xb2: /* thin provisioning */
462 {
463 outbuf[3] = buflen = 8;
464 outbuf[4] = 0;
465 outbuf[5] = 0x40; /* write same with unmap supported */
466 outbuf[6] = 0;
467 outbuf[7] = 0;
ee3659e3
CH		 468 break;
469 }
0b06c059
GH		 470 default:
471 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
472 "buffer size %zd\n", page_code, req->cmd.xfer);
473 return -1;
474 }
475 /* done with EVPD */
476 return buflen;
477 }
478
479 /* Standard INQUIRY data */
480 if (req->cmd.buf[2] != 0) {
481 BADF("Error: Inquiry (STANDARD) page or code "
482 "is non-zero [%02X]\n", req->cmd.buf[2]);
483 return -1;
484 }
485
486 /* PAGE CODE == 0 */
487 if (req->cmd.xfer < 5) {
488 BADF("Error: Inquiry (STANDARD) buffer size %zd "
489 "is less than 5\n", req->cmd.xfer);
490 return -1;
491 }
492
0b06c059
GH		 493 buflen = req->cmd.xfer;
494 if (buflen > SCSI_MAX_INQUIRY_LEN)
495 buflen = SCSI_MAX_INQUIRY_LEN;
496
497 memset(outbuf, 0, buflen);
498
499 if (req->lun || req->cmd.buf[1] >> 5) {
500 outbuf[0] = 0x7f; /* LUN not supported */
501 return buflen;
502 }
503
b443ae67 504 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 505 outbuf[0] = 5;
506 outbuf[1] = 0x80;
550fe6c6 507 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059
GH		 508 } else {
509 outbuf[0] = 0;
419e691f 510 outbuf[1] = s->removable ? 0x80 : 0;
550fe6c6 511 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 512 }
550fe6c6 513 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 514 memset(&outbuf[32], 0, 4);
552fee93 515 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 516 /*
517 * We claim conformance to SPC-3, which is required for guests
518 * to ask for modern features like READ CAPACITY(16) or the
519 * block characteristics VPD page by default. Not all of SPC-3
520 * is actually implemented, but we're good enough.
521 */
ee3659e3 522 outbuf[2] = 5;
0b06c059 523 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 524
525 if (buflen > 36) {
526 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
527 } else {
528 /* If the allocation length of CDB is too small,
529 the additional length is not adjusted */
530 outbuf[4] = 36 - 5;
531 }
532
0b06c059
GH		 533 /* Sync data transfer and TCQ. */
534 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
535 return buflen;
536}
537
282ab04e
BK		 538static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
539 int page_control)
ebddfcbe
GH		 540{
541 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
428c149b 542 BlockDriverState *bdrv = s->bs;
ebddfcbe
GH		 543 int cylinders, heads, secs;
544
282ab04e
BK		 545 /*
546 * If Changeable Values are requested, a mask denoting those mode parameters
547 * that are changeable shall be returned. As we currently don't support
548 * parameter changes via MODE_SELECT all bits are returned set to zero.
549 * The buffer was already menset to zero by the caller of this function.
550 */
ebddfcbe
GH		 551 switch (page) {
552 case 4: /* Rigid disk device geometry page. */
553 p[0] = 4;
554 p[1] = 0x16;
282ab04e
BK		 555 if (page_control == 1) { /* Changeable Values */
556 return p[1] + 2;
557 }
ebddfcbe
GH		 558 /* if a geometry hint is available, use it */
559 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
560 p[2] = (cylinders >> 16) & 0xff;
561 p[3] = (cylinders >> 8) & 0xff;
562 p[4] = cylinders & 0xff;
563 p[5] = heads & 0xff;
564 /* Write precomp start cylinder, disabled */
565 p[6] = (cylinders >> 16) & 0xff;
566 p[7] = (cylinders >> 8) & 0xff;
567 p[8] = cylinders & 0xff;
568 /* Reduced current start cylinder, disabled */
569 p[9] = (cylinders >> 16) & 0xff;
570 p[10] = (cylinders >> 8) & 0xff;
571 p[11] = cylinders & 0xff;
572 /* Device step rate [ns], 200ns */
573 p[12] = 0;
574 p[13] = 200;
575 /* Landing zone cylinder */
576 p[14] = 0xff;
577 p[15] = 0xff;
578 p[16] = 0xff;
579 /* Medium rotation rate [rpm], 5400 rpm */
580 p[20] = (5400 >> 8) & 0xff;
581 p[21] = 5400 & 0xff;
282ab04e 582 return p[1] + 2;
ebddfcbe
GH		 583
584 case 5: /* Flexible disk device geometry page. */
585 p[0] = 5;
586 p[1] = 0x1e;
282ab04e
BK		 587 if (page_control == 1) { /* Changeable Values */
588 return p[1] + 2;
589 }
ebddfcbe
GH		 590 /* Transfer rate [kbit/s], 5Mbit/s */
591 p[2] = 5000 >> 8;
592 p[3] = 5000 & 0xff;
593 /* if a geometry hint is available, use it */
594 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
595 p[4] = heads & 0xff;
596 p[5] = secs & 0xff;
597 p[6] = s->cluster_size * 2;
598 p[8] = (cylinders >> 8) & 0xff;
599 p[9] = cylinders & 0xff;
600 /* Write precomp start cylinder, disabled */
601 p[10] = (cylinders >> 8) & 0xff;
602 p[11] = cylinders & 0xff;
603 /* Reduced current start cylinder, disabled */
604 p[12] = (cylinders >> 8) & 0xff;
605 p[13] = cylinders & 0xff;
606 /* Device step rate [100us], 100us */
607 p[14] = 0;
608 p[15] = 1;
609 /* Device step pulse width [us], 1us */
610 p[16] = 1;
611 /* Device head settle delay [100us], 100us */
612 p[17] = 0;
613 p[18] = 1;
614 /* Motor on delay [0.1s], 0.1s */
615 p[19] = 1;
616 /* Motor off delay [0.1s], 0.1s */
617 p[20] = 1;
618 /* Medium rotation rate [rpm], 5400 rpm */
619 p[28] = (5400 >> 8) & 0xff;
620 p[29] = 5400 & 0xff;
282ab04e 621 return p[1] + 2;
ebddfcbe
GH		 622
623 case 8: /* Caching page. */
624 p[0] = 8;
625 p[1] = 0x12;
282ab04e
BK		 626 if (page_control == 1) { /* Changeable Values */
627 return p[1] + 2;
628 }
428c149b 629 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 630 p[2] = 4; /* WCE */
631 }
282ab04e 632 return p[1] + 2;
ebddfcbe
GH		 633
634 case 0x2a: /* CD Capabilities and Mechanical Status page. */
b443ae67 635 if (s->drive_kind != SCSI_CD)
ebddfcbe
GH		 636 return 0;
637 p[0] = 0x2a;
638 p[1] = 0x14;
282ab04e
BK		 639 if (page_control == 1) { /* Changeable Values */
640 return p[1] + 2;
641 }
ebddfcbe
GH		 642 p[2] = 3; // CD-R & CD-RW read
643 p[3] = 0; // Writing not supported
644 p[4] = 0x7f; /* Audio, composite, digital out,
645 mode 2 form 1&2, multi session */
646 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
647 RW corrected, C2 errors, ISRC,
648 UPC, Bar code */
428c149b 649 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
ebddfcbe
GH		 650 /* Locking supported, jumper present, eject, tray */
651 p[7] = 0; /* no volume & mute control, no
652 changer */
653 p[8] = (50 * 176) >> 8; // 50x read speed
654 p[9] = (50 * 176) & 0xff;
655 p[10] = 0 >> 8; // No volume
656 p[11] = 0 & 0xff;
657 p[12] = 2048 >> 8; // 2M buffer
658 p[13] = 2048 & 0xff;
659 p[14] = (16 * 176) >> 8; // 16x read speed current
660 p[15] = (16 * 176) & 0xff;
661 p[18] = (16 * 176) >> 8; // 16x write speed
662 p[19] = (16 * 176) & 0xff;
663 p[20] = (16 * 176) >> 8; // 16x write speed current
664 p[21] = (16 * 176) & 0xff;
282ab04e 665 return p[1] + 2;
ebddfcbe
GH		 666
667 default:
668 return 0;
669 }
670}
671
672static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
673{
674 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ebddfcbe 675 uint64_t nb_sectors;
282ab04e 676 int page, dbd, buflen, page_control;
ebddfcbe 677 uint8_t *p;
ce512ee1 678 uint8_t dev_specific_param;
ebddfcbe
GH		 679
680 dbd = req->cmd.buf[1] & 0x8;
681 page = req->cmd.buf[2] & 0x3f;
282ab04e 682 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
aa2b1e89
BK		 683 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
684 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
ebddfcbe
GH		 685 memset(outbuf, 0, req->cmd.xfer);
686 p = outbuf;
687
0056dcc1 688 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 689 dev_specific_param = 0x80; /* Readonly. */
690 } else {
691 dev_specific_param = 0x00;
692 }
693
694 if (req->cmd.buf[0] == MODE_SENSE) {
695 p[1] = 0; /* Default media type. */
696 p[2] = dev_specific_param;
697 p[3] = 0; /* Block descriptor length. */
698 p += 4;
699 } else { /* MODE_SENSE_10 */
700 p[2] = 0; /* Default media type. */
701 p[3] = dev_specific_param;
702 p[6] = p[7] = 0; /* Block descriptor length. */
703 p += 8;
ebddfcbe 704 }
ebddfcbe 705
428c149b 706 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 707 if (!dbd && nb_sectors) {
ce512ee1
BK		 708 if (req->cmd.buf[0] == MODE_SENSE) {
709 outbuf[3] = 8; /* Block descriptor length */
710 } else { /* MODE_SENSE_10 */
711 outbuf[7] = 8; /* Block descriptor length */
712 }
ebddfcbe 713 nb_sectors /= s->cluster_size;
ebddfcbe 714 if (nb_sectors > 0xffffff)
2488b740 715 nb_sectors = 0;
ebddfcbe
GH		 716 p[0] = 0; /* media density code */
717 p[1] = (nb_sectors >> 16) & 0xff;
718 p[2] = (nb_sectors >> 8) & 0xff;
719 p[3] = nb_sectors & 0xff;
720 p[4] = 0; /* reserved */
721 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
722 p[6] = s->cluster_size * 2;
723 p[7] = 0;
724 p += 8;
725 }
726
282ab04e
BK		 727 if (page_control == 3) { /* Saved Values */
728 return -1; /* ILLEGAL_REQUEST */
729 }
730
ebddfcbe
GH		 731 switch (page) {
732 case 0x04:
733 case 0x05:
734 case 0x08:
735 case 0x2a:
282ab04e 736 p += mode_sense_page(req, page, p, page_control);
ebddfcbe
GH		 737 break;
738 case 0x3f:
282ab04e
BK		 739 p += mode_sense_page(req, 0x08, p, page_control);
740 p += mode_sense_page(req, 0x2a, p, page_control);
ebddfcbe 741 break;
a9c17b2b
BK		 742 default:
743 return -1; /* ILLEGAL_REQUEST */
ebddfcbe
GH		 744 }
745
746 buflen = p - outbuf;
ce512ee1
BK		 747 /*
748 * The mode data length field specifies the length in bytes of the
749 * following data that is available to be transferred. The mode data
750 * length does not include itself.
751 */
752 if (req->cmd.buf[0] == MODE_SENSE) {
753 outbuf[0] = buflen - 1;
754 } else { /* MODE_SENSE_10 */
755 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
756 outbuf[1] = (buflen - 2) & 0xff;
757 }
ebddfcbe
GH		 758 if (buflen > req->cmd.xfer)
759 buflen = req->cmd.xfer;
760 return buflen;
761}
762
02880f43
GH		 763static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
764{
765 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 766 int start_track, format, msf, toclen;
767 uint64_t nb_sectors;
768
769 msf = req->cmd.buf[1] & 2;
770 format = req->cmd.buf[2] & 0xf;
771 start_track = req->cmd.buf[6];
428c149b 772 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 773 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
774 nb_sectors /= s->cluster_size;
775 switch (format) {
776 case 0:
777 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
778 break;
779 case 1:
780 /* multi session : only a single session defined */
781 toclen = 12;
782 memset(outbuf, 0, 12);
783 outbuf[1] = 0x0a;
784 outbuf[2] = 0x01;
785 outbuf[3] = 0x01;
786 break;
787 case 2:
788 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
789 break;
790 default:
791 return -1;
792 }
793 if (toclen > req->cmd.xfer)
794 toclen = req->cmd.xfer;
795 return toclen;
796}
797
8af7a3ab 798static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
aa5dbdc1 799{
8af7a3ab 800 SCSIRequest *req = &r->req;
e7e25e32 801 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 802 uint64_t nb_sectors;
aa5dbdc1 803 int buflen = 0;
78ced65e 804 int ret;
aa5dbdc1
GH		 805
806 switch (req->cmd.buf[0]) {
807 case TEST_UNIT_READY:
428c149b 808 if (!bdrv_is_inserted(s->bs))
aa5dbdc1
GH		 809 goto not_ready;
810 break;
51ad87c9
GH		 811 case REQUEST_SENSE:
812 if (req->cmd.xfer < 4)
813 goto illegal_request;
a1f0cce2
HR		 814 buflen = scsi_build_sense(s->sense, outbuf, req->cmd.xfer,
815 req->cmd.xfer > 13);
a6d96eb7 816 scsi_disk_clear_sense(s);
51ad87c9 817 break;
0b06c059
GH		 818 case INQUIRY:
819 buflen = scsi_disk_emulate_inquiry(req, outbuf);
820 if (buflen < 0)
821 goto illegal_request;
822 break;
ebddfcbe
GH		 823 case MODE_SENSE:
824 case MODE_SENSE_10:
825 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
826 if (buflen < 0)
827 goto illegal_request;
828 break;
02880f43
GH		 829 case READ_TOC:
830 buflen = scsi_disk_emulate_read_toc(req, outbuf);
831 if (buflen < 0)
832 goto illegal_request;
833 break;
3d53ba18
GH		 834 case RESERVE:
835 if (req->cmd.buf[1] & 1)
836 goto illegal_request;
837 break;
838 case RESERVE_10:
839 if (req->cmd.buf[1] & 3)
840 goto illegal_request;
841 break;
842 case RELEASE:
843 if (req->cmd.buf[1] & 1)
844 goto illegal_request;
845 break;
846 case RELEASE_10:
847 if (req->cmd.buf[1] & 3)
848 goto illegal_request;
849 break;
8d3628ff 850 case START_STOP:
b443ae67 851 if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
8d3628ff 852 /* load/eject medium */
428c149b 853 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
8d3628ff
GH		 854 }
855 break;
c68b9f34 856 case ALLOW_MEDIUM_REMOVAL:
428c149b 857 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
c68b9f34 858 break;
e7e25e32
GH		 859 case READ_CAPACITY:
860 /* The normal LEN field for this command is zero. */
861 memset(outbuf, 0, 8);
428c149b 862 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 863 if (!nb_sectors)
864 goto not_ready;
865 nb_sectors /= s->cluster_size;
866 /* Returned value is the address of the last sector. */
867 nb_sectors--;
868 /* Remember the new size for read/write sanity checking. */
869 s->max_lba = nb_sectors;
870 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
871 if (nb_sectors > UINT32_MAX)
872 nb_sectors = UINT32_MAX;
873 outbuf[0] = (nb_sectors >> 24) & 0xff;
874 outbuf[1] = (nb_sectors >> 16) & 0xff;
875 outbuf[2] = (nb_sectors >> 8) & 0xff;
876 outbuf[3] = nb_sectors & 0xff;
877 outbuf[4] = 0;
878 outbuf[5] = 0;
879 outbuf[6] = s->cluster_size * 2;
880 outbuf[7] = 0;
881 buflen = 8;
882 break;
fc903943 883 case SYNCHRONIZE_CACHE:
78ced65e
KW		 884 ret = bdrv_flush(s->bs);
885 if (ret < 0) {
886 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
887 return -1;
888 }
889 }
fc903943 890 break;
38215553
GH		 891 case GET_CONFIGURATION:
892 memset(outbuf, 0, 8);
893 /* ??? This should probably return much more information. For now
894 just return the basic header indicating the CD-ROM profile. */
895 outbuf[7] = 8; // CD-ROM
896 buflen = 8;
897 break;
5dd90e2a
GH		 898 case SERVICE_ACTION_IN:
899 /* Service Action In subcommands. */
900 if ((req->cmd.buf[1] & 31) == 0x10) {
901 DPRINTF("SAI READ CAPACITY(16)\n");
902 memset(outbuf, 0, req->cmd.xfer);
428c149b 903 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 904 if (!nb_sectors)
905 goto not_ready;
906 nb_sectors /= s->cluster_size;
907 /* Returned value is the address of the last sector. */
908 nb_sectors--;
909 /* Remember the new size for read/write sanity checking. */
910 s->max_lba = nb_sectors;
911 outbuf[0] = (nb_sectors >> 56) & 0xff;
912 outbuf[1] = (nb_sectors >> 48) & 0xff;
913 outbuf[2] = (nb_sectors >> 40) & 0xff;
914 outbuf[3] = (nb_sectors >> 32) & 0xff;
915 outbuf[4] = (nb_sectors >> 24) & 0xff;
916 outbuf[5] = (nb_sectors >> 16) & 0xff;
917 outbuf[6] = (nb_sectors >> 8) & 0xff;
918 outbuf[7] = nb_sectors & 0xff;
919 outbuf[8] = 0;
920 outbuf[9] = 0;
921 outbuf[10] = s->cluster_size * 2;
922 outbuf[11] = 0;
ee3659e3
CH		 923 outbuf[12] = 0;
924 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 925
926 /* set TPE bit if the format supports discard */
927 if (s->qdev.conf.discard_granularity) {
928 outbuf[14] = 0x80;
929 }
930
5dd90e2a
GH		 931 /* Protection, exponent and lowest lba field left blank. */
932 buflen = req->cmd.xfer;
933 break;
934 }
935 DPRINTF("Unsupported Service Action In\n");
936 goto illegal_request;
39ec9a50
GH		 937 case REPORT_LUNS:
938 if (req->cmd.xfer < 16)
939 goto illegal_request;
940 memset(outbuf, 0, 16);
941 outbuf[3] = 8;
942 buflen = 16;
943 break;
88f8a5ed
GH		 944 case VERIFY:
945 break;
ebef0bbb
BK		 946 case REZERO_UNIT:
947 DPRINTF("Rezero Unit\n");
948 if (!bdrv_is_inserted(s->bs)) {
949 goto not_ready;
950 }
951 break;
aa5dbdc1 952 default:
a1f0cce2
HR		 953 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
954 return -1;
aa5dbdc1 955 }
a1f0cce2 956 scsi_req_set_status(r, GOOD, SENSE_CODE(NO_SENSE));
aa5dbdc1
GH		 957 return buflen;
958
959not_ready:
a1f0cce2
HR		 960 if (!bdrv_is_inserted(s->bs)) {
961 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(NO_MEDIUM));
962 } else {
963 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LUN_NOT_READY));
964 }
8af7a3ab 965 return -1;
aa5dbdc1
GH		 966
967illegal_request:
a1f0cce2 968 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
8af7a3ab 969 return -1;
aa5dbdc1
GH		 970}
971
2e5d83bb
PB		 972/* Execute a scsi command. Returns the length of the data expected by the
973 command. This will be Positive for data transfers from the device
974 (eg. disk reads), negative for transfers to the device (eg. disk writes),
975 and zero if the command does not transfer any data. */
976
5c6c0e51 977static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 978{
5c6c0e51
HR		 979 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
980 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 981 int32_t len;
2e5d83bb 982 int is_write;
a917d384
PB		 983 uint8_t command;
984 uint8_t *outbuf;
aa5dbdc1 985 int rc;
a917d384
PB		 986
987 command = buf[0];
3f4cb3d3 988 outbuf = (uint8_t *)r->iov.iov_base;
2e5d83bb 989 is_write = 0;
a917d384 990 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2dd791b6
HR		 991
992 if (scsi_req_parse(&r->req, buf) != 0) {
a917d384 993 BADF("Unsupported command length, command %x\n", command);
a1f0cce2
HR		 994 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
995 return 0;
2e5d83bb
PB		 996 }
997#ifdef DEBUG_SCSI
998 {
999 int i;
2dd791b6 1000 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1001 printf(" 0x%02x", buf[i]);
1002 }
1003 printf("\n");
1004 }
1005#endif
aa5dbdc1 1006
5c6c0e51 1007 if (req->lun || buf[1] >> 5) {
2e5d83bb 1008 /* Only LUN 0 supported. */
5c6c0e51 1009 DPRINTF("Unimplemented LUN %d\n", req->lun ? req->lun : buf[1] >> 5);
a1f0cce2
HR		 1010 if (command != REQUEST_SENSE && command != INQUIRY) {
1011 scsi_command_complete(r, CHECK_CONDITION,
1012 SENSE_CODE(LUN_NOT_SUPPORTED));
1013 return 0;
1014 }
2e5d83bb 1015 }
a917d384 1016 switch (command) {
ebf46023 1017 case TEST_UNIT_READY:
51ad87c9 1018 case REQUEST_SENSE:
0b06c059 1019 case INQUIRY:
ebddfcbe
GH		 1020 case MODE_SENSE:
1021 case MODE_SENSE_10:
3d53ba18
GH		 1022 case RESERVE:
1023 case RESERVE_10:
1024 case RELEASE:
1025 case RELEASE_10:
8d3628ff 1026 case START_STOP:
c68b9f34 1027 case ALLOW_MEDIUM_REMOVAL:
e7e25e32 1028 case READ_CAPACITY:
fc903943 1029 case SYNCHRONIZE_CACHE:
02880f43 1030 case READ_TOC:
38215553 1031 case GET_CONFIGURATION:
5dd90e2a 1032 case SERVICE_ACTION_IN:
39ec9a50 1033 case REPORT_LUNS:
88f8a5ed 1034 case VERIFY:
ebef0bbb 1035 case REZERO_UNIT:
8af7a3ab
KW		 1036 rc = scsi_disk_emulate_command(r, outbuf);
1037 if (rc < 0) {
0b06c059 1038 return 0;
aa5dbdc1 1039 }
8af7a3ab
KW		 1040
1041 r->iov.iov_len = rc;
0b06c059 1042 break;
ebf46023
GH		 1043 case READ_6:
1044 case READ_10:
bd536cf3
GH		 1045 case READ_12:
1046 case READ_16:
5c6c0e51 1047 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6
HR		 1048 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1049 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1050 goto illegal_lba;
2dd791b6 1051 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1052 r->sector_count = len * s->cluster_size;
2e5d83bb 1053 break;
ebf46023
GH		 1054 case WRITE_6:
1055 case WRITE_10:
bd536cf3
GH		 1056 case WRITE_12:
1057 case WRITE_16:
ebef0bbb
BK		 1058 case WRITE_VERIFY:
1059 case WRITE_VERIFY_12:
1060 case WRITE_VERIFY_16:
5c6c0e51 1061 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1062 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1063 (command & 0xe) == 0xe ? "And Verify " : "",
1064 r->req.cmd.lba, len);
1065 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1066 goto illegal_lba;
2dd791b6 1067 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1068 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 1069 is_write = 1;
1070 break;
ebef0bbb 1071 case MODE_SELECT:
2dd791b6 1072 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1073 /* We don't support mode parameter changes.
1074 Allow the mode parameter header + block descriptors only. */
2dd791b6 1075 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1076 goto fail;
1077 }
1078 break;
1079 case MODE_SELECT_10:
2dd791b6 1080 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1081 /* We don't support mode parameter changes.
1082 Allow the mode parameter header + block descriptors only. */
2dd791b6 1083 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1084 goto fail;
1085 }
1086 break;
1087 case SEEK_6:
1088 case SEEK_10:
2dd791b6
HR		 1089 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1090 r->req.cmd.lba);
1091 if (r->req.cmd.lba > s->max_lba) {
ebef0bbb
BK		 1092 goto illegal_lba;
1093 }
ea3bd56f
CH		 1094 break;
1095 case WRITE_SAME_16:
5c6c0e51 1096 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1097
1098 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1099 r->req.cmd.lba, len);
1100
1101 if (r->req.cmd.lba > s->max_lba) {
1102 goto illegal_lba;
1103 }
1104
1105 /*
1106 * We only support WRITE SAME with the unmap bit set for now.
1107 */
1108 if (!(buf[1] & 0x8)) {
1109 goto fail;
1110 }
1111
1112 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1113 len * s->cluster_size);
1114 if (rc < 0) {
1115 /* XXX: better error code ?*/
1116 goto fail;
1117 }
1118
ebef0bbb 1119 break;
2e5d83bb 1120 default:
2dd791b6 1121 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
a1f0cce2
HR		 1122 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_OPCODE));
1123 return 0;
2e5d83bb 1124 fail:
a1f0cce2 1125 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(INVALID_FIELD));
2dd791b6 1126 return 0;
274fb0e1 1127 illegal_lba:
a1f0cce2 1128 scsi_command_complete(r, CHECK_CONDITION, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1129 return 0;
2e5d83bb 1130 }
c87c0672 1131 if (r->sector_count == 0 && r->iov.iov_len == 0) {
a1f0cce2 1132 scsi_command_complete(r, GOOD, SENSE_CODE(NO_SENSE));
a917d384 1133 }
c87c0672 1134 len = r->sector_count * 512 + r->iov.iov_len;
a917d384 1135 if (is_write) {
ad2d30f7 1136 len = -len;
a917d384
PB		 1137 } else {
1138 if (!r->sector_count)
1139 r->sector_count = -1;
2e5d83bb 1140 }
ad2d30f7 1141 return len;
2e5d83bb
PB		 1142}
1143
e9447f35
JK		 1144static void scsi_disk_reset(DeviceState *dev)
1145{
1146 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1147 uint64_t nb_sectors;
1148
c557e889 1149 scsi_device_purge_requests(&s->qdev);
e9447f35
JK		 1150
1151 bdrv_get_geometry(s->bs, &nb_sectors);
1152 nb_sectors /= s->cluster_size;
1153 if (nb_sectors) {
1154 nb_sectors--;
1155 }
1156 s->max_lba = nb_sectors;
1157}
1158
1159static void scsi_destroy(SCSIDevice *dev)
1160{
1161 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1162
c557e889 1163 scsi_device_purge_requests(&s->qdev);
f8b6cc00 1164 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1165}
1166
b443ae67 1167static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
2e5d83bb 1168{
d52affa7 1169 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1170 DriveInfo *dinfo;
2e5d83bb 1171
f8b6cc00 1172 if (!s->qdev.conf.bs) {
1ecda02b 1173 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1174 return -1;
1175 }
f8b6cc00 1176 s->bs = s->qdev.conf.bs;
b443ae67 1177 s->drive_kind = kind;
d52affa7 1178
b443ae67 1179 if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
98f28ad7
MA		 1180 error_report("Device needs media, but drive is empty");
1181 return -1;
1182 }
1183
a0fef654 1184 if (!s->serial) {
f8b6cc00
MA		 1185 /* try to fall back to value set with legacy -drive serial=... */
1186 dinfo = drive_get_by_blockdev(s->bs);
1187 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
a0fef654
MA		 1188 }
1189
552fee93
MA		 1190 if (!s->version) {
1191 s->version = qemu_strdup(QEMU_VERSION);
1192 }
1193
32bb404a 1194 if (bdrv_is_sg(s->bs)) {
1ecda02b 1195 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1196 return -1;
1197 }
1198
b443ae67 1199 if (kind == SCSI_CD) {
8cfacf07 1200 s->qdev.blocksize = 2048;
2e5d83bb 1201 } else {
8cfacf07 1202 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2e5d83bb 1203 }
8cfacf07 1204 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1205 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1206
91376656 1207 s->qdev.type = TYPE_DISK;
ea8a5d7f 1208 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
b443ae67 1209 bdrv_set_removable(s->bs, kind == SCSI_CD);
1ca4d09a 1210 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
d52affa7
GH		 1211 return 0;
1212}
1213
b443ae67
MA		 1214static int scsi_hd_initfn(SCSIDevice *dev)
1215{
1216 return scsi_initfn(dev, SCSI_HD);
1217}
1218
1219static int scsi_cd_initfn(SCSIDevice *dev)
1220{
1221 return scsi_initfn(dev, SCSI_CD);
1222}
1223
1224static int scsi_disk_initfn(SCSIDevice *dev)
1225{
1226 SCSIDriveKind kind;
95b5edcd 1227 DriveInfo *dinfo;
b443ae67
MA		 1228
1229 if (!dev->conf.bs) {
1230 kind = SCSI_HD; /* will die in scsi_initfn() */
1231 } else {
95b5edcd
MA		 1232 dinfo = drive_get_by_blockdev(dev->conf.bs);
1233 kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
b443ae67
MA		 1234 }
1235
1236 return scsi_initfn(dev, kind);
1237}
1238
1239#define DEFINE_SCSI_DISK_PROPERTIES() \
1240 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1241 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1242 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1243
1244static SCSIDeviceInfo scsi_disk_info[] = {
1245 {
1246 .qdev.name = "scsi-hd",
1247 .qdev.fw_name = "disk",
1248 .qdev.desc = "virtual SCSI disk",
1249 .qdev.size = sizeof(SCSIDiskState),
1250 .qdev.reset = scsi_disk_reset,
1251 .init = scsi_hd_initfn,
1252 .destroy = scsi_destroy,
5c6c0e51 1253 .alloc_req = scsi_new_request,
ad2d30f7 1254 .free_req = scsi_free_request,
b443ae67
MA		 1255 .send_command = scsi_send_command,
1256 .read_data = scsi_read_data,
1257 .write_data = scsi_write_data,
1258 .cancel_io = scsi_cancel_io,
1259 .get_buf = scsi_get_buf,
1260 .qdev.props = (Property[]) {
1261 DEFINE_SCSI_DISK_PROPERTIES(),
1262 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1263 DEFINE_PROP_END_OF_LIST(),
1264 }
1265 },{
1266 .qdev.name = "scsi-cd",
1267 .qdev.fw_name = "disk",
1268 .qdev.desc = "virtual SCSI CD-ROM",
1269 .qdev.size = sizeof(SCSIDiskState),
1270 .qdev.reset = scsi_disk_reset,
1271 .init = scsi_cd_initfn,
1272 .destroy = scsi_destroy,
5c6c0e51 1273 .alloc_req = scsi_new_request,
ad2d30f7 1274 .free_req = scsi_free_request,
b443ae67
MA		 1275 .send_command = scsi_send_command,
1276 .read_data = scsi_read_data,
1277 .write_data = scsi_write_data,
1278 .cancel_io = scsi_cancel_io,
1279 .get_buf = scsi_get_buf,
1280 .qdev.props = (Property[]) {
1281 DEFINE_SCSI_DISK_PROPERTIES(),
1282 DEFINE_PROP_END_OF_LIST(),
1283 },
1284 },{
1285 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1286 .qdev.fw_name = "disk",
1287 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1288 .qdev.size = sizeof(SCSIDiskState),
1289 .qdev.reset = scsi_disk_reset,
1290 .init = scsi_disk_initfn,
1291 .destroy = scsi_destroy,
5c6c0e51 1292 .alloc_req = scsi_new_request,
ad2d30f7 1293 .free_req = scsi_free_request,
b443ae67
MA		 1294 .send_command = scsi_send_command,
1295 .read_data = scsi_read_data,
1296 .write_data = scsi_write_data,
1297 .cancel_io = scsi_cancel_io,
1298 .get_buf = scsi_get_buf,
1299 .qdev.props = (Property[]) {
1300 DEFINE_SCSI_DISK_PROPERTIES(),
1301 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1302 DEFINE_PROP_END_OF_LIST(),
1303 }
1304 }
d52affa7
GH		 1305};
1306
1307static void scsi_disk_register_devices(void)
1308{
b443ae67
MA		 1309 int i;
1310
1311 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1312 scsi_qdev_register(&scsi_disk_info[i]);
1313 }
8ccc2ace 1314}
d52affa7 1315device_init(scsi_disk_register_devices)
Qemu copy for testing