]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi-generic: add migration support
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
5d0d2467 41#include "dma.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
f0f72ffe 47#define SCSI_DMA_BUF_SIZE 131072
57575058 48#define SCSI_MAX_INQUIRY_LEN 256
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
c87c0672
AL		 58 struct iovec iov;
59 QEMUIOVector qiov;
a597e79c 60 BlockAcctCookie acct;
4c41d2ef 61} SCSIDiskReq;
a917d384 62
d52affa7 63struct SCSIDiskState
a917d384 64{
d52affa7 65 SCSIDevice qdev;
419e691f 66 uint32_t removable;
8a9c16f6 67 bool media_changed;
3c2f7c12 68 bool media_event;
4480de19 69 bool eject_request;
213189ab 70 QEMUBH *bh;
383b4d9b 71 char *version;
a0fef654 72 char *serial;
ece0d5e9 73 bool tray_open;
81b1008d 74 bool tray_locked;
2e5d83bb
PB		 75};
76
71544d30 77static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 78
ad2d30f7 79static void scsi_free_request(SCSIRequest *req)
4d611c9a 80{
ad2d30f7
PB		 81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82
7285477a
PB		 83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
85 }
4d611c9a
PB		 86}
87
b45ef674
PB		 88/* Helper function for command completion with sense. */
89static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 90{
02fa69b6
BS		 91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 95}
96
97/* Cancel a pending data transfer. */
5c6c0e51 98static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 99{
5c6c0e51
HR		 100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 if (r->req.aiocb) {
104 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 105
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
a917d384 110 }
5c6c0e51 111 r->req.aiocb = NULL;
a917d384
PB		 112}
113
103b40f5
PB		 114static uint32_t scsi_init_iovec(SCSIDiskReq *r)
115{
7285477a
PB		 116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
117
118 if (!r->iov.iov_base) {
119 r->buflen = SCSI_DMA_BUF_SIZE;
44740c38 120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 121 }
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
125}
126
5d0d2467
PB		 127static void scsi_dma_complete(void *opaque, int ret)
128{
129 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
130 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
131
132 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
133
134 if (ret) {
135 if (scsi_handle_rw_error(r, -ret)) {
136 goto done;
137 }
138 }
139
140 r->sector += r->sector_count;
141 r->sector_count = 0;
142 scsi_req_complete(&r->req, GOOD);
143
144done:
145 scsi_req_unref(&r->req);
146}
147
a917d384
PB		 148static void scsi_read_complete(void * opaque, int ret)
149{
4c41d2ef 150 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 151 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 152 int n;
a917d384 153
8e321cc6
PB		 154 if (r->req.aiocb != NULL) {
155 r->req.aiocb = NULL;
44740c38 156 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 157 }
a597e79c 158
a917d384 159 if (ret) {
71544d30 160 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 161 goto done;
5dba48a8 162 }
4d611c9a 163 }
5dba48a8 164
103b40f5 165 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
a917d384 166
103b40f5 167 n = r->qiov.size / 512;
5dba48a8
KW		 168 r->sector += n;
169 r->sector_count -= n;
103b40f5 170 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 171
172done:
173 if (!r->req.io_canceled) {
174 scsi_req_unref(&r->req);
175 }
4d611c9a
PB		 176}
177
0a4ac106
PB		 178static void scsi_flush_complete(void * opaque, int ret)
179{
180 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
181 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
182
183 if (r->req.aiocb != NULL) {
184 r->req.aiocb = NULL;
44740c38 185 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0a4ac106
PB		 186 }
187
188 if (ret < 0) {
71544d30 189 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 190 goto done;
0a4ac106
PB		 191 }
192 }
193
194 scsi_req_complete(&r->req, GOOD);
c7bae6a7
PB		 195
196done:
197 if (!r->req.io_canceled) {
198 scsi_req_unref(&r->req);
199 }
0a4ac106 200}
5dba48a8 201
5c6c0e51
HR		 202/* Read more data from scsi device into buffer. */
203static void scsi_read_data(SCSIRequest *req)
2e5d83bb 204{
5c6c0e51 205 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 207 uint32_t n;
208
a917d384 209 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 210 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 211 r->sector_count = 0;
ab9adc88 212 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 213 return;
2e5d83bb 214 }
a917d384
PB		 215 DPRINTF("Read sector_count=%d\n", r->sector_count);
216 if (r->sector_count == 0) {
b45ef674
PB		 217 /* This also clears the sense buffer for REQUEST SENSE. */
218 scsi_req_complete(&r->req, GOOD);
a917d384 219 return;
2e5d83bb
PB		 220 }
221
6fa2c95f
SH		 222 /* No data transfer may already be in progress */
223 assert(r->req.aiocb == NULL);
224
c7bae6a7
PB		 225 /* The request is used as the AIO opaque value, so add a ref. */
226 scsi_req_ref(&r->req);
efb9ee02
HR		 227 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
228 DPRINTF("Data transfer direction invalid\n");
229 scsi_read_complete(r, -EINVAL);
230 return;
231 }
232
a1aff5bf
MA		 233 if (s->tray_open) {
234 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 235 return;
a1aff5bf 236 }
c7bae6a7 237
5d0d2467
PB		 238 if (r->req.sg) {
239 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
240 r->req.resid -= r->req.sg->size;
241 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
242 scsi_dma_complete, r);
243 } else {
244 n = scsi_init_iovec(r);
245 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
246 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
247 scsi_read_complete, r);
248 }
2e5d83bb
PB		 249}
250
c7bae6a7
PB		 251/*
252 * scsi_handle_rw_error has two return values. 0 means that the error
253 * must be ignored, 1 means that the error has been processed and the
254 * caller should not do anything else for this request. Note that
255 * scsi_handle_rw_error always manages its reference counts, independent
256 * of the return value.
257 */
71544d30 258static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 259{
71544d30 260 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 261 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 262 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 263
380f640f 264 if (action == BLOCK_ERR_IGNORE) {
44740c38 265 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 266 return 0;
380f640f 267 }
ea8a5d7f
AL		 268
269 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
270 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 271
44740c38 272 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 273 vm_stop(RUN_STATE_IO_ERROR);
44740c38 274 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 275 scsi_req_retry(&r->req);
ea8a5d7f 276 } else {
efb9ee02 277 switch (error) {
7e218df5
PB		 278 case ENOMEDIUM:
279 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
280 break;
efb9ee02 281 case ENOMEM:
b45ef674 282 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 283 break;
284 case EINVAL:
b45ef674 285 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 286 break;
287 default:
b45ef674 288 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 289 break;
a1f0cce2 290 }
44740c38 291 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 292 }
ea8a5d7f
AL		 293 return 1;
294}
295
4d611c9a
PB		 296static void scsi_write_complete(void * opaque, int ret)
297{
4c41d2ef 298 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 299 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 300 uint32_t n;
301
8e321cc6
PB		 302 if (r->req.aiocb != NULL) {
303 r->req.aiocb = NULL;
44740c38 304 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 305 }
a597e79c 306
4d611c9a 307 if (ret) {
71544d30 308 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 309 goto done;
5dba48a8 310 }
4d611c9a
PB		 311 }
312
103b40f5 313 n = r->qiov.size / 512;
ea8a5d7f
AL		 314 r->sector += n;
315 r->sector_count -= n;
a917d384 316 if (r->sector_count == 0) {
b45ef674 317 scsi_req_complete(&r->req, GOOD);
a917d384 318 } else {
103b40f5
PB		 319 scsi_init_iovec(r);
320 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
321 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 322 }
c7bae6a7
PB		 323
324done:
325 if (!r->req.io_canceled) {
326 scsi_req_unref(&r->req);
327 }
4d611c9a
PB		 328}
329
42741212 330static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 331{
5c6c0e51 332 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 334 uint32_t n;
335
6fa2c95f
SH		 336 /* No data transfer may already be in progress */
337 assert(r->req.aiocb == NULL);
338
c7bae6a7
PB		 339 /* The request is used as the AIO opaque value, so add a ref. */
340 scsi_req_ref(&r->req);
efb9ee02
HR		 341 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
342 DPRINTF("Data transfer direction invalid\n");
343 scsi_write_complete(r, -EINVAL);
42741212 344 return;
efb9ee02
HR		 345 }
346
5d0d2467
PB		 347 if (!r->req.sg && !r->qiov.size) {
348 /* Called for the first time. Ask the driver to send us more data. */
349 scsi_write_complete(r, 0);
350 return;
351 }
352 if (s->tray_open) {
353 scsi_write_complete(r, -ENOMEDIUM);
354 return;
355 }
356
357 if (r->req.sg) {
358 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
359 r->req.resid -= r->req.sg->size;
360 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
361 scsi_dma_complete, r);
362 } else {
363 n = r->qiov.size / 512;
44740c38
PB		 364 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
365 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 366 scsi_write_complete, r);
ea8a5d7f 367 }
a917d384 368}
2e5d83bb 369
a917d384 370/* Return a pointer to the data buffer. */
5c6c0e51 371static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 372{
5c6c0e51 373 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 374
3f4cb3d3 375 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 376}
377
0b06c059
GH		 378static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
379{
383b4d9b 380 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 381 int buflen = 0;
382
383 if (req->cmd.buf[1] & 0x2) {
384 /* Command support data - optional, not implemented */
385 BADF("optional INQUIRY command support request not implemented\n");
386 return -1;
387 }
388
389 if (req->cmd.buf[1] & 0x1) {
390 /* Vital product data */
391 uint8_t page_code = req->cmd.buf[2];
392 if (req->cmd.xfer < 4) {
393 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
394 "less than 4\n", page_code, req->cmd.xfer);
395 return -1;
396 }
397
e39be482 398 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 399 outbuf[buflen++] = page_code ; // this page
400 outbuf[buflen++] = 0x00;
401
402 switch (page_code) {
403 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 404 {
405 int pages;
0b06c059
GH		 406 DPRINTF("Inquiry EVPD[Supported pages] "
407 "buffer size %zd\n", req->cmd.xfer);
39d98982 408 pages = buflen++;
0b06c059 409 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 410 if (s->serial) {
3e1c0c9a 411 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 412 }
0b06c059 413 outbuf[buflen++] = 0x83; // device identification
f37bd73b 414 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 415 outbuf[buflen++] = 0xb0; // block limits
416 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 417 }
418 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 419 break;
39d98982 420 }
0b06c059
GH		 421 case 0x80: /* Device serial number, optional */
422 {
3e1c0c9a 423 int l;
0b06c059 424
3e1c0c9a
HR		 425 if (!s->serial) {
426 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
427 return -1;
428 }
429
430 l = strlen(s->serial);
f01b5931 431 if (l > 20) {
0b06c059 432 l = 20;
f01b5931 433 }
0b06c059
GH		 434
435 DPRINTF("Inquiry EVPD[Serial number] "
436 "buffer size %zd\n", req->cmd.xfer);
437 outbuf[buflen++] = l;
a0fef654 438 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 439 buflen += l;
440 break;
441 }
442
443 case 0x83: /* Device identification page, mandatory */
444 {
445 int max_len = 255 - 8;
44740c38 446 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
0b06c059 447
f01b5931 448 if (id_len > max_len) {
0b06c059 449 id_len = max_len;
f01b5931 450 }
0b06c059
GH		 451 DPRINTF("Inquiry EVPD[Device identification] "
452 "buffer size %zd\n", req->cmd.xfer);
453
39d98982 454 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 455 outbuf[buflen++] = 0x2; // ASCII
456 outbuf[buflen++] = 0; // not officially assigned
457 outbuf[buflen++] = 0; // reserved
458 outbuf[buflen++] = id_len; // length of data following
459
44740c38 460 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
0b06c059
GH		 461 buflen += id_len;
462 break;
463 }
ea3bd56f 464 case 0xb0: /* block limits */
ee3659e3 465 {
ea3bd56f
CH		 466 unsigned int unmap_sectors =
467 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 468 unsigned int min_io_size =
469 s->qdev.conf.min_io_size / s->qdev.blocksize;
470 unsigned int opt_io_size =
471 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 472
f37bd73b 473 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 474 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
475 page_code);
476 return -1;
477 }
ee3659e3
CH		 478 /* required VPD size with unmap support */
479 outbuf[3] = buflen = 0x3c;
480
481 memset(outbuf + 4, 0, buflen - 4);
482
483 /* optimal transfer length granularity */
484 outbuf[6] = (min_io_size >> 8) & 0xff;
485 outbuf[7] = min_io_size & 0xff;
486
487 /* optimal transfer length */
488 outbuf[12] = (opt_io_size >> 24) & 0xff;
489 outbuf[13] = (opt_io_size >> 16) & 0xff;
490 outbuf[14] = (opt_io_size >> 8) & 0xff;
491 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 492
493 /* optimal unmap granularity */
494 outbuf[28] = (unmap_sectors >> 24) & 0xff;
495 outbuf[29] = (unmap_sectors >> 16) & 0xff;
496 outbuf[30] = (unmap_sectors >> 8) & 0xff;
497 outbuf[31] = unmap_sectors & 0xff;
498 break;
499 }
500 case 0xb2: /* thin provisioning */
501 {
502 outbuf[3] = buflen = 8;
503 outbuf[4] = 0;
504 outbuf[5] = 0x40; /* write same with unmap supported */
505 outbuf[6] = 0;
506 outbuf[7] = 0;
ee3659e3
CH		 507 break;
508 }
0b06c059
GH		 509 default:
510 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
511 "buffer size %zd\n", page_code, req->cmd.xfer);
512 return -1;
513 }
514 /* done with EVPD */
515 return buflen;
516 }
517
518 /* Standard INQUIRY data */
519 if (req->cmd.buf[2] != 0) {
520 BADF("Error: Inquiry (STANDARD) page or code "
521 "is non-zero [%02X]\n", req->cmd.buf[2]);
522 return -1;
523 }
524
525 /* PAGE CODE == 0 */
526 if (req->cmd.xfer < 5) {
527 BADF("Error: Inquiry (STANDARD) buffer size %zd "
528 "is less than 5\n", req->cmd.xfer);
529 return -1;
530 }
531
0b06c059 532 buflen = req->cmd.xfer;
f01b5931 533 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 534 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 535 }
0b06c059
GH		 536 memset(outbuf, 0, buflen);
537
f37bd73b 538 outbuf[0] = s->qdev.type & 0x1f;
e39be482 539 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 540 if (s->qdev.type == TYPE_ROM) {
550fe6c6 541 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 542 } else {
550fe6c6 543 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 544 }
550fe6c6 545 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 546 memset(&outbuf[32], 0, 4);
552fee93 547 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 548 /*
549 * We claim conformance to SPC-3, which is required for guests
550 * to ask for modern features like READ CAPACITY(16) or the
551 * block characteristics VPD page by default. Not all of SPC-3
552 * is actually implemented, but we're good enough.
553 */
ee3659e3 554 outbuf[2] = 5;
0b06c059 555 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 556
557 if (buflen > 36) {
558 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
559 } else {
560 /* If the allocation length of CDB is too small,
561 the additional length is not adjusted */
562 outbuf[4] = 36 - 5;
563 }
564
0b06c059 565 /* Sync data transfer and TCQ. */
afd4030c 566 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 567 return buflen;
568}
569
430ee2f2
PB		 570static inline bool media_is_dvd(SCSIDiskState *s)
571{
572 uint64_t nb_sectors;
573 if (s->qdev.type != TYPE_ROM) {
574 return false;
575 }
44740c38 576 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 577 return false;
578 }
44740c38 579 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 580 return nb_sectors > CD_MAX_SECTORS;
581}
582
ceb792ef
PB		 583static inline bool media_is_cd(SCSIDiskState *s)
584{
585 uint64_t nb_sectors;
586 if (s->qdev.type != TYPE_ROM) {
587 return false;
588 }
44740c38 589 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 590 return false;
591 }
44740c38 592 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 593 return nb_sectors <= CD_MAX_SECTORS;
594}
595
b6c251ab
PB		 596static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
597 uint8_t *outbuf)
598{
ceb792ef
PB		 599 static const int rds_caps_size[5] = {
600 [0] = 2048 + 4,
601 [1] = 4 + 4,
602 [3] = 188 + 4,
603 [4] = 2048 + 4,
604 };
605
606 uint8_t media = r->req.cmd.buf[1];
607 uint8_t layer = r->req.cmd.buf[6];
608 uint8_t format = r->req.cmd.buf[7];
609 int size = -1;
610
611 if (s->qdev.type != TYPE_ROM) {
612 return -1;
613 }
614 if (media != 0) {
615 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
616 return -1;
617 }
618
619 if (format != 0xff) {
44740c38 620 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 621 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
622 return -1;
623 }
624 if (media_is_cd(s)) {
625 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
626 return -1;
627 }
628 if (format >= ARRAY_SIZE(rds_caps_size)) {
629 return -1;
630 }
631 size = rds_caps_size[format];
632 memset(outbuf, 0, size);
633 }
634
635 switch (format) {
636 case 0x00: {
637 /* Physical format information */
638 uint64_t nb_sectors;
639 if (layer != 0) {
640 goto fail;
641 }
44740c38 642 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 643
644 outbuf[4] = 1; /* DVD-ROM, part version 1 */
645 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
646 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
647 outbuf[7] = 0; /* default densities */
648
649 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
650 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
651 break;
652 }
653
654 case 0x01: /* DVD copyright information, all zeros */
655 break;
656
657 case 0x03: /* BCA information - invalid field for no BCA info */
658 return -1;
659
660 case 0x04: /* DVD disc manufacturing information, all zeros */
661 break;
662
663 case 0xff: { /* List capabilities */
664 int i;
665 size = 4;
666 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
667 if (!rds_caps_size[i]) {
668 continue;
669 }
670 outbuf[size] = i;
671 outbuf[size + 1] = 0x40; /* Not writable, readable */
672 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
673 size += 4;
674 }
675 break;
676 }
677
678 default:
679 return -1;
680 }
681
682 /* Size of buffer, not including 2 byte size field */
683 stw_be_p(outbuf, size - 2);
684 return size;
685
686fail:
b6c251ab
PB		 687 return -1;
688}
689
3c2f7c12 690static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 691{
3c2f7c12
PB		 692 uint8_t event_code, media_status;
693
694 media_status = 0;
695 if (s->tray_open) {
696 media_status = MS_TRAY_OPEN;
44740c38 697 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 698 media_status = MS_MEDIA_PRESENT;
699 }
700
701 /* Event notification descriptor */
702 event_code = MEC_NO_CHANGE;
4480de19
PB		 703 if (media_status != MS_TRAY_OPEN) {
704 if (s->media_event) {
705 event_code = MEC_NEW_MEDIA;
706 s->media_event = false;
707 } else if (s->eject_request) {
708 event_code = MEC_EJECT_REQUESTED;
709 s->eject_request = false;
710 }
3c2f7c12
PB		 711 }
712
713 outbuf[0] = event_code;
714 outbuf[1] = media_status;
715
716 /* These fields are reserved, just clear them. */
717 outbuf[2] = 0;
718 outbuf[3] = 0;
719 return 4;
720}
721
722static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
723 uint8_t *outbuf)
724{
725 int size;
726 uint8_t *buf = r->req.cmd.buf;
727 uint8_t notification_class_request = buf[4];
728 if (s->qdev.type != TYPE_ROM) {
729 return -1;
730 }
731 if ((buf[1] & 1) == 0) {
732 /* asynchronous */
733 return -1;
734 }
735
736 size = 4;
737 outbuf[0] = outbuf[1] = 0;
738 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
739 if (notification_class_request & (1 << GESN_MEDIA)) {
740 outbuf[2] = GESN_MEDIA;
741 size += scsi_event_status_media(s, &outbuf[size]);
742 } else {
743 outbuf[2] = 0x80;
744 }
745 stw_be_p(outbuf, size - 4);
746 return size;
b6c251ab
PB		 747}
748
430ee2f2 749static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 750{
430ee2f2
PB		 751 int current;
752
b6c251ab
PB		 753 if (s->qdev.type != TYPE_ROM) {
754 return -1;
755 }
430ee2f2
PB		 756 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
757 memset(outbuf, 0, 40);
758 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
759 stw_be_p(&outbuf[6], current);
760 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
761 outbuf[10] = 0x03; /* persistent, current */
762 outbuf[11] = 8; /* two profiles */
763 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
764 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
765 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
766 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
767 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
768 stw_be_p(&outbuf[20], 1);
769 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
770 outbuf[23] = 8;
771 stl_be_p(&outbuf[24], 1); /* SCSI */
772 outbuf[28] = 1; /* DBE = 1, mandatory */
773 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
774 stw_be_p(&outbuf[32], 3);
775 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
776 outbuf[35] = 4;
777 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
778 /* TODO: Random readable, CD read, DVD read, drive serial number,
779 power management */
780 return 40;
b6c251ab
PB		 781}
782
783static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
784{
785 if (s->qdev.type != TYPE_ROM) {
786 return -1;
787 }
788 memset(outbuf, 0, 8);
789 outbuf[5] = 1; /* CD-ROM */
790 return 8;
791}
792
cfc606da 793static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 794 int page_control)
ebddfcbe 795{
a8f4bbe2
PB		 796 static const int mode_sense_valid[0x3f] = {
797 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
798 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
799 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 800 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
801 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 802 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
803 };
804
44740c38 805 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 806 int cylinders, heads, secs;
cfc606da 807 uint8_t *p = *p_outbuf;
ebddfcbe 808
a8f4bbe2
PB		 809 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
810 return -1;
811 }
812
813 p[0] = page;
814
282ab04e
BK		 815 /*
816 * If Changeable Values are requested, a mask denoting those mode parameters
817 * that are changeable shall be returned. As we currently don't support
818 * parameter changes via MODE_SELECT all bits are returned set to zero.
819 * The buffer was already menset to zero by the caller of this function.
820 */
ebddfcbe 821 switch (page) {
67cc61e4 822 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 823 p[1] = 0x16;
282ab04e 824 if (page_control == 1) { /* Changeable Values */
cfc606da 825 break;
282ab04e 826 }
ebddfcbe 827 /* if a geometry hint is available, use it */
245d0049 828 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 829 p[2] = (cylinders >> 16) & 0xff;
830 p[3] = (cylinders >> 8) & 0xff;
831 p[4] = cylinders & 0xff;
832 p[5] = heads & 0xff;
833 /* Write precomp start cylinder, disabled */
834 p[6] = (cylinders >> 16) & 0xff;
835 p[7] = (cylinders >> 8) & 0xff;
836 p[8] = cylinders & 0xff;
837 /* Reduced current start cylinder, disabled */
838 p[9] = (cylinders >> 16) & 0xff;
839 p[10] = (cylinders >> 8) & 0xff;
840 p[11] = cylinders & 0xff;
841 /* Device step rate [ns], 200ns */
842 p[12] = 0;
843 p[13] = 200;
844 /* Landing zone cylinder */
845 p[14] = 0xff;
846 p[15] = 0xff;
847 p[16] = 0xff;
848 /* Medium rotation rate [rpm], 5400 rpm */
849 p[20] = (5400 >> 8) & 0xff;
850 p[21] = 5400 & 0xff;
cfc606da 851 break;
ebddfcbe 852
67cc61e4 853 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 854 p[1] = 0x1e;
282ab04e 855 if (page_control == 1) { /* Changeable Values */
cfc606da 856 break;
282ab04e 857 }
ebddfcbe
GH		 858 /* Transfer rate [kbit/s], 5Mbit/s */
859 p[2] = 5000 >> 8;
860 p[3] = 5000 & 0xff;
861 /* if a geometry hint is available, use it */
245d0049 862 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 863 p[4] = heads & 0xff;
864 p[5] = secs & 0xff;
69377307 865 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 866 p[8] = (cylinders >> 8) & 0xff;
867 p[9] = cylinders & 0xff;
868 /* Write precomp start cylinder, disabled */
869 p[10] = (cylinders >> 8) & 0xff;
870 p[11] = cylinders & 0xff;
871 /* Reduced current start cylinder, disabled */
872 p[12] = (cylinders >> 8) & 0xff;
873 p[13] = cylinders & 0xff;
874 /* Device step rate [100us], 100us */
875 p[14] = 0;
876 p[15] = 1;
877 /* Device step pulse width [us], 1us */
878 p[16] = 1;
879 /* Device head settle delay [100us], 100us */
880 p[17] = 0;
881 p[18] = 1;
882 /* Motor on delay [0.1s], 0.1s */
883 p[19] = 1;
884 /* Motor off delay [0.1s], 0.1s */
885 p[20] = 1;
886 /* Medium rotation rate [rpm], 5400 rpm */
887 p[28] = (5400 >> 8) & 0xff;
888 p[29] = 5400 & 0xff;
cfc606da 889 break;
ebddfcbe 890
67cc61e4 891 case MODE_PAGE_CACHING:
ebddfcbe
GH		 892 p[0] = 8;
893 p[1] = 0x12;
282ab04e 894 if (page_control == 1) { /* Changeable Values */
cfc606da 895 break;
282ab04e 896 }
44740c38 897 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 898 p[2] = 4; /* WCE */
899 }
cfc606da 900 break;
ebddfcbe 901
a07c7dcd
PB		 902 case MODE_PAGE_R_W_ERROR:
903 p[1] = 10;
904 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
905 if (s->qdev.type == TYPE_ROM) {
906 p[3] = 0x20; /* Read Retry Count */
907 }
908 break;
909
910 case MODE_PAGE_AUDIO_CTL:
911 p[1] = 14;
912 break;
913
67cc61e4 914 case MODE_PAGE_CAPABILITIES:
ebddfcbe 915 p[1] = 0x14;
282ab04e 916 if (page_control == 1) { /* Changeable Values */
cfc606da 917 break;
282ab04e 918 }
a07c7dcd
PB		 919
920 p[2] = 0x3b; /* CD-R & CD-RW read */
921 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 922 p[4] = 0x7f; /* Audio, composite, digital out,
923 mode 2 form 1&2, multi session */
924 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
925 RW corrected, C2 errors, ISRC,
926 UPC, Bar code */
81b1008d 927 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 928 /* Locking supported, jumper present, eject, tray */
929 p[7] = 0; /* no volume & mute control, no
930 changer */
a07c7dcd 931 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 932 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 933 p[10] = 2 >> 8; /* Two volume levels */
934 p[11] = 2 & 0xff;
935 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 936 p[13] = 2048 & 0xff;
a07c7dcd 937 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 938 p[15] = (16 * 176) & 0xff;
a07c7dcd 939 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 940 p[19] = (16 * 176) & 0xff;
a07c7dcd 941 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 942 p[21] = (16 * 176) & 0xff;
cfc606da 943 break;
ebddfcbe
GH		 944
945 default:
cfc606da 946 return -1;
ebddfcbe 947 }
cfc606da
PB		 948
949 *p_outbuf += p[1] + 2;
950 return p[1] + 2;
ebddfcbe
GH		 951}
952
cfc606da 953static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 954{
cfc606da 955 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 956 uint64_t nb_sectors;
cfc606da 957 int page, dbd, buflen, ret, page_control;
ebddfcbe 958 uint8_t *p;
ce512ee1 959 uint8_t dev_specific_param;
ebddfcbe 960
cfc606da
PB		 961 dbd = r->req.cmd.buf[1] & 0x8;
962 page = r->req.cmd.buf[2] & 0x3f;
963 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 964 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 965 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
966 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 967 p = outbuf;
968
44740c38 969 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 970 dev_specific_param = 0x80; /* Readonly. */
971 } else {
972 dev_specific_param = 0x00;
973 }
974
cfc606da 975 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 976 p[1] = 0; /* Default media type. */
977 p[2] = dev_specific_param;
978 p[3] = 0; /* Block descriptor length. */
979 p += 4;
980 } else { /* MODE_SENSE_10 */
981 p[2] = 0; /* Default media type. */
982 p[3] = dev_specific_param;
983 p[6] = p[7] = 0; /* Block descriptor length. */
984 p += 8;
ebddfcbe 985 }
ebddfcbe 986
0fd76ff4 987 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 988 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 989 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 990 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 991 outbuf[3] = 8; /* Block descriptor length */
992 } else { /* MODE_SENSE_10 */
993 outbuf[7] = 8; /* Block descriptor length */
994 }
69377307 995 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 996 if (nb_sectors > 0xffffff) {
2488b740 997 nb_sectors = 0;
f01b5931 998 }
ebddfcbe
GH		 999 p[0] = 0; /* media density code */
1000 p[1] = (nb_sectors >> 16) & 0xff;
1001 p[2] = (nb_sectors >> 8) & 0xff;
1002 p[3] = nb_sectors & 0xff;
1003 p[4] = 0; /* reserved */
1004 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1005 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1006 p[7] = 0;
1007 p += 8;
1008 }
1009
cfc606da
PB		 1010 if (page_control == 3) {
1011 /* Saved Values */
1012 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1013 return -1;
282ab04e
BK		 1014 }
1015
cfc606da
PB		 1016 if (page == 0x3f) {
1017 for (page = 0; page <= 0x3e; page++) {
1018 mode_sense_page(s, page, &p, page_control);
1019 }
1020 } else {
1021 ret = mode_sense_page(s, page, &p, page_control);
1022 if (ret == -1) {
1023 return -1;
1024 }
ebddfcbe
GH		 1025 }
1026
1027 buflen = p - outbuf;
ce512ee1
BK		 1028 /*
1029 * The mode data length field specifies the length in bytes of the
1030 * following data that is available to be transferred. The mode data
1031 * length does not include itself.
1032 */
cfc606da 1033 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1034 outbuf[0] = buflen - 1;
1035 } else { /* MODE_SENSE_10 */
1036 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1037 outbuf[1] = (buflen - 2) & 0xff;
1038 }
ebddfcbe
GH		 1039 return buflen;
1040}
1041
02880f43
GH		 1042static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1043{
1044 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1045 int start_track, format, msf, toclen;
1046 uint64_t nb_sectors;
1047
1048 msf = req->cmd.buf[1] & 2;
1049 format = req->cmd.buf[2] & 0xf;
1050 start_track = req->cmd.buf[6];
44740c38 1051 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1052 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1053 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1054 switch (format) {
1055 case 0:
1056 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1057 break;
1058 case 1:
1059 /* multi session : only a single session defined */
1060 toclen = 12;
1061 memset(outbuf, 0, 12);
1062 outbuf[1] = 0x0a;
1063 outbuf[2] = 0x01;
1064 outbuf[3] = 0x01;
1065 break;
1066 case 2:
1067 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1068 break;
1069 default:
1070 return -1;
1071 }
02880f43
GH		 1072 return toclen;
1073}
1074
68bb01f3 1075static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1076{
1077 SCSIRequest *req = &r->req;
1078 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1079 bool start = req->cmd.buf[4] & 1;
1080 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1081
1082 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1083 if (!start && !s->tray_open && s->tray_locked) {
1084 scsi_check_condition(r,
44740c38 1085 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1086 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1087 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1088 return -1;
fdec4404 1089 }
44740c38 1090 bdrv_eject(s->qdev.conf.bs, !start);
ece0d5e9 1091 s->tray_open = !start;
bfd52647 1092 }
68bb01f3 1093 return 0;
bfd52647
MA		 1094}
1095
7285477a 1096static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1097{
8af7a3ab 1098 SCSIRequest *req = &r->req;
e7e25e32 1099 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1100 uint64_t nb_sectors;
7285477a 1101 uint8_t *outbuf;
aa5dbdc1
GH		 1102 int buflen = 0;
1103
7285477a
PB		 1104 if (!r->iov.iov_base) {
1105 /*
1106 * FIXME: we shouldn't return anything bigger than 4k, but the code
1107 * requires the buffer to be as big as req->cmd.xfer in several
1108 * places. So, do not allow CDBs with a very large ALLOCATION
1109 * LENGTH. The real fix would be to modify scsi_read_data and
1110 * dma_buf_read, so that they return data beyond the buflen
1111 * as all zeros.
1112 */
1113 if (req->cmd.xfer > 65536) {
1114 goto illegal_request;
1115 }
1116 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1117 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1118 }
1119
1120 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1121 switch (req->cmd.buf[0]) {
1122 case TEST_UNIT_READY:
44740c38 1123 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
aa5dbdc1 1124 goto not_ready;
f01b5931 1125 }
5f71d32f 1126 break;
0b06c059
GH		 1127 case INQUIRY:
1128 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1129 if (buflen < 0) {
0b06c059 1130 goto illegal_request;
f01b5931 1131 }
5f71d32f 1132 break;
ebddfcbe
GH		 1133 case MODE_SENSE:
1134 case MODE_SENSE_10:
cfc606da 1135 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1136 if (buflen < 0) {
ebddfcbe 1137 goto illegal_request;
f01b5931 1138 }
ebddfcbe 1139 break;
02880f43
GH		 1140 case READ_TOC:
1141 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1142 if (buflen < 0) {
02880f43 1143 goto illegal_request;
f01b5931 1144 }
02880f43 1145 break;
3d53ba18 1146 case RESERVE:
f01b5931 1147 if (req->cmd.buf[1] & 1) {
3d53ba18 1148 goto illegal_request;
f01b5931 1149 }
3d53ba18
GH		 1150 break;
1151 case RESERVE_10:
f01b5931 1152 if (req->cmd.buf[1] & 3) {
3d53ba18 1153 goto illegal_request;
f01b5931 1154 }
3d53ba18
GH		 1155 break;
1156 case RELEASE:
f01b5931 1157 if (req->cmd.buf[1] & 1) {
3d53ba18 1158 goto illegal_request;
f01b5931 1159 }
3d53ba18
GH		 1160 break;
1161 case RELEASE_10:
f01b5931 1162 if (req->cmd.buf[1] & 3) {
3d53ba18 1163 goto illegal_request;
f01b5931 1164 }
3d53ba18 1165 break;
8d3628ff 1166 case START_STOP:
68bb01f3
MA		 1167 if (scsi_disk_emulate_start_stop(r) < 0) {
1168 return -1;
1169 }
5f71d32f 1170 break;
c68b9f34 1171 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1172 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1173 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1174 break;
5e30a07d 1175 case READ_CAPACITY_10:
e7e25e32 1176 /* The normal LEN field for this command is zero. */
5f71d32f 1177 memset(outbuf, 0, 8);
44740c38 1178 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1179 if (!nb_sectors) {
e7e25e32 1180 goto not_ready;
f01b5931 1181 }
7cec78b6
PB		 1182 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1183 goto illegal_request;
1184 }
69377307 1185 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1186 /* Returned value is the address of the last sector. */
1187 nb_sectors--;
1188 /* Remember the new size for read/write sanity checking. */
7877903a 1189 s->qdev.max_lba = nb_sectors;
e7e25e32 1190 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1191 if (nb_sectors > UINT32_MAX) {
e7e25e32 1192 nb_sectors = UINT32_MAX;
f01b5931 1193 }
e7e25e32
GH		 1194 outbuf[0] = (nb_sectors >> 24) & 0xff;
1195 outbuf[1] = (nb_sectors >> 16) & 0xff;
1196 outbuf[2] = (nb_sectors >> 8) & 0xff;
1197 outbuf[3] = nb_sectors & 0xff;
1198 outbuf[4] = 0;
1199 outbuf[5] = 0;
69377307 1200 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1201 outbuf[7] = 0;
1202 buflen = 8;
5f71d32f 1203 break;
f3b338ef
PB		 1204 case REQUEST_SENSE:
1205 /* Just return "NO SENSE". */
1206 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1207 (req->cmd.buf[1] & 1) == 0);
1208 break;
b6c251ab
PB		 1209 case MECHANISM_STATUS:
1210 buflen = scsi_emulate_mechanism_status(s, outbuf);
1211 if (buflen < 0) {
1212 goto illegal_request;
1213 }
1214 break;
38215553 1215 case GET_CONFIGURATION:
430ee2f2 1216 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1217 if (buflen < 0) {
1218 goto illegal_request;
1219 }
1220 break;
1221 case GET_EVENT_STATUS_NOTIFICATION:
1222 buflen = scsi_get_event_status_notification(s, r, outbuf);
1223 if (buflen < 0) {
1224 goto illegal_request;
1225 }
1226 break;
1227 case READ_DVD_STRUCTURE:
1228 buflen = scsi_read_dvd_structure(s, r, outbuf);
1229 if (buflen < 0) {
1230 goto illegal_request;
1231 }
38215553 1232 break;
f6515262 1233 case SERVICE_ACTION_IN_16:
5dd90e2a 1234 /* Service Action In subcommands. */
f6515262 1235 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1236 DPRINTF("SAI READ CAPACITY(16)\n");
1237 memset(outbuf, 0, req->cmd.xfer);
44740c38 1238 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1239 if (!nb_sectors) {
5dd90e2a 1240 goto not_ready;
f01b5931 1241 }
7cec78b6
PB		 1242 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1243 goto illegal_request;
1244 }
69377307 1245 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1246 /* Returned value is the address of the last sector. */
1247 nb_sectors--;
1248 /* Remember the new size for read/write sanity checking. */
7877903a 1249 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1250 outbuf[0] = (nb_sectors >> 56) & 0xff;
1251 outbuf[1] = (nb_sectors >> 48) & 0xff;
1252 outbuf[2] = (nb_sectors >> 40) & 0xff;
1253 outbuf[3] = (nb_sectors >> 32) & 0xff;
1254 outbuf[4] = (nb_sectors >> 24) & 0xff;
1255 outbuf[5] = (nb_sectors >> 16) & 0xff;
1256 outbuf[6] = (nb_sectors >> 8) & 0xff;
1257 outbuf[7] = nb_sectors & 0xff;
1258 outbuf[8] = 0;
1259 outbuf[9] = 0;
69377307 1260 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1261 outbuf[11] = 0;
ee3659e3
CH		 1262 outbuf[12] = 0;
1263 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1264
1265 /* set TPE bit if the format supports discard */
1266 if (s->qdev.conf.discard_granularity) {
1267 outbuf[14] = 0x80;
1268 }
1269
5dd90e2a
GH		 1270 /* Protection, exponent and lowest lba field left blank. */
1271 buflen = req->cmd.xfer;
1272 break;
1273 }
1274 DPRINTF("Unsupported Service Action In\n");
1275 goto illegal_request;
5e30a07d 1276 case VERIFY_10:
88f8a5ed 1277 break;
aa5dbdc1 1278 default:
b45ef674 1279 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1280 return -1;
aa5dbdc1 1281 }
e2f0c49f 1282 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1283 return buflen;
1284
1285not_ready:
44740c38 1286 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
b45ef674 1287 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
a1f0cce2 1288 } else {
b45ef674 1289 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
a1f0cce2 1290 }
8af7a3ab 1291 return -1;
aa5dbdc1
GH		 1292
1293illegal_request:
cfc606da
PB		 1294 if (r->req.status == -1) {
1295 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1296 }
8af7a3ab 1297 return -1;
aa5dbdc1
GH		 1298}
1299
2e5d83bb
PB		 1300/* Execute a scsi command. Returns the length of the data expected by the
1301 command. This will be Positive for data transfers from the device
1302 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1303 and zero if the command does not transfer any data. */
1304
5c6c0e51 1305static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1306{
5c6c0e51
HR		 1307 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1308 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1309 int32_t len;
a917d384 1310 uint8_t command;
aa5dbdc1 1311 int rc;
a917d384
PB		 1312
1313 command = buf[0];
653c1c3f 1314 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1315
2e5d83bb
PB		 1316#ifdef DEBUG_SCSI
1317 {
1318 int i;
2dd791b6 1319 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1320 printf(" 0x%02x", buf[i]);
1321 }
1322 printf("\n");
1323 }
1324#endif
aa5dbdc1 1325
a917d384 1326 switch (command) {
ebf46023 1327 case TEST_UNIT_READY:
0b06c059 1328 case INQUIRY:
ebddfcbe
GH		 1329 case MODE_SENSE:
1330 case MODE_SENSE_10:
3d53ba18
GH		 1331 case RESERVE:
1332 case RESERVE_10:
1333 case RELEASE:
1334 case RELEASE_10:
8d3628ff 1335 case START_STOP:
c68b9f34 1336 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1337 case READ_CAPACITY_10:
02880f43 1338 case READ_TOC:
b6c251ab 1339 case READ_DVD_STRUCTURE:
38215553 1340 case GET_CONFIGURATION:
b6c251ab
PB		 1341 case GET_EVENT_STATUS_NOTIFICATION:
1342 case MECHANISM_STATUS:
f6515262 1343 case SERVICE_ACTION_IN_16:
f3b338ef 1344 case REQUEST_SENSE:
5e30a07d 1345 case VERIFY_10:
7285477a 1346 rc = scsi_disk_emulate_command(r);
8af7a3ab 1347 if (rc < 0) {
0b06c059 1348 return 0;
aa5dbdc1 1349 }
8af7a3ab
KW		 1350
1351 r->iov.iov_len = rc;
0b06c059 1352 break;
0a4ac106 1353 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1354 /* The request is used as the AIO opaque value, so add a ref. */
1355 scsi_req_ref(&r->req);
44740c38
PB		 1356 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1357 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1358 return 0;
ebf46023
GH		 1359 case READ_6:
1360 case READ_10:
bd536cf3
GH		 1361 case READ_12:
1362 case READ_16:
5c6c0e51 1363 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1364 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1365 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1366 goto illegal_lba;
f01b5931 1367 }
69377307
PB		 1368 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1369 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1370 break;
ebf46023
GH		 1371 case WRITE_6:
1372 case WRITE_10:
bd536cf3
GH		 1373 case WRITE_12:
1374 case WRITE_16:
5e30a07d 1375 case WRITE_VERIFY_10:
ebef0bbb
BK		 1376 case WRITE_VERIFY_12:
1377 case WRITE_VERIFY_16:
5c6c0e51 1378 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1379 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1380 (command & 0xe) == 0xe ? "And Verify " : "",
1381 r->req.cmd.lba, len);
7877903a 1382 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1383 goto illegal_lba;
f01b5931 1384 }
69377307
PB		 1385 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1386 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1387 break;
ebef0bbb 1388 case MODE_SELECT:
2dd791b6 1389 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1390 /* We don't support mode parameter changes.
1391 Allow the mode parameter header + block descriptors only. */
2dd791b6 1392 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1393 goto fail;
1394 }
1395 break;
1396 case MODE_SELECT_10:
2dd791b6 1397 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1398 /* We don't support mode parameter changes.
1399 Allow the mode parameter header + block descriptors only. */
2dd791b6 1400 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1401 goto fail;
1402 }
1403 break;
ebef0bbb 1404 case SEEK_10:
00a01ad4 1405 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1406 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1407 goto illegal_lba;
1408 }
ea3bd56f
CH		 1409 break;
1410 case WRITE_SAME_16:
5c6c0e51 1411 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1412
1413 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1414 r->req.cmd.lba, len);
1415
7877903a 1416 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1417 goto illegal_lba;
1418 }
1419
1420 /*
1421 * We only support WRITE SAME with the unmap bit set for now.
1422 */
1423 if (!(buf[1] & 0x8)) {
1424 goto fail;
1425 }
1426
69377307
PB		 1427 rc = bdrv_discard(s->qdev.conf.bs,
1428 r->req.cmd.lba * (s->qdev.blocksize / 512),
1429 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1430 if (rc < 0) {
1431 /* XXX: better error code ?*/
1432 goto fail;
1433 }
1434
ebef0bbb 1435 break;
2e5d83bb 1436 default:
2dd791b6 1437 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1438 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1439 return 0;
2e5d83bb 1440 fail:
b45ef674 1441 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1442 return 0;
274fb0e1 1443 illegal_lba:
b45ef674 1444 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1445 return 0;
2e5d83bb 1446 }
c87c0672 1447 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1448 scsi_req_complete(&r->req, GOOD);
a917d384 1449 }
c87c0672 1450 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1451 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1452 return -len;
a917d384 1453 } else {
f01b5931 1454 if (!r->sector_count) {
a917d384 1455 r->sector_count = -1;
f01b5931 1456 }
efb9ee02 1457 return len;
2e5d83bb 1458 }
2e5d83bb
PB		 1459}
1460
e9447f35
JK		 1461static void scsi_disk_reset(DeviceState *dev)
1462{
1463 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1464 uint64_t nb_sectors;
1465
c7b48872 1466 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1467
44740c38 1468 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1469 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1470 if (nb_sectors) {
1471 nb_sectors--;
1472 }
7877903a 1473 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1474}
1475
1476static void scsi_destroy(SCSIDevice *dev)
1477{
1478 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1479
c7b48872 1480 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1481 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1482}
1483
7d4b4ba5 1484static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1485{
8a9c16f6
PB		 1486 SCSIDiskState *s = opaque;
1487
1488 /*
1489 * When a CD gets changed, we have to report an ejected state and
1490 * then a loaded state to guests so that they detect tray
1491 * open/close and media change events. Guests that do not use
1492 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1493 * states rely on this behavior.
1494 *
1495 * media_changed governs the state machine used for unit attention
1496 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1497 */
1498 s->media_changed = load;
1499 s->tray_open = !load;
1500 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1501 s->media_event = true;
4480de19
PB		 1502 s->eject_request = false;
1503}
1504
1505static void scsi_cd_eject_request_cb(void *opaque, bool force)
1506{
1507 SCSIDiskState *s = opaque;
1508
1509 s->eject_request = true;
1510 if (force) {
1511 s->tray_locked = false;
1512 }
2c6942fa
MA		 1513}
1514
e4def80b
MA		 1515static bool scsi_cd_is_tray_open(void *opaque)
1516{
1517 return ((SCSIDiskState *)opaque)->tray_open;
1518}
1519
f107639a
MA		 1520static bool scsi_cd_is_medium_locked(void *opaque)
1521{
1522 return ((SCSIDiskState *)opaque)->tray_locked;
1523}
1524
1525static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1526 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1527 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1528 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1529 .is_medium_locked = scsi_cd_is_medium_locked,
1530};
1531
8a9c16f6
PB		 1532static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1533{
1534 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1535 if (s->media_changed) {
1536 s->media_changed = false;
1537 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1538 }
1539}
1540
e39be482 1541static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1542{
d52affa7 1543 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1544 DriveInfo *dinfo;
2e5d83bb 1545
f8b6cc00 1546 if (!s->qdev.conf.bs) {
6a84cb1f 1547 error_report("drive property not set");
d52affa7
GH		 1548 return -1;
1549 }
1550
e39be482 1551 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1552 error_report("Device needs media, but drive is empty");
1553 return -1;
1554 }
1555
a0fef654 1556 if (!s->serial) {
f8b6cc00 1557 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1558 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1559 if (*dinfo->serial) {
7267c094 1560 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1561 }
a0fef654
MA		 1562 }
1563
552fee93 1564 if (!s->version) {
7267c094 1565 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1566 }
1567
44740c38 1568 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1569 error_report("unwanted /dev/sg*");
32bb404a
MA		 1570 return -1;
1571 }
1572
e39be482 1573 if (s->removable) {
44740c38 1574 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1575 }
44740c38 1576 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1577
44740c38 1578 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1579 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1580 return 0;
1581}
1582
b443ae67
MA		 1583static int scsi_hd_initfn(SCSIDevice *dev)
1584{
e39be482
PB		 1585 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1586 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1587 s->qdev.type = TYPE_DISK;
1588 return scsi_initfn(&s->qdev);
b443ae67
MA		 1589}
1590
1591static int scsi_cd_initfn(SCSIDevice *dev)
1592{
e39be482
PB		 1593 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1594 s->qdev.blocksize = 2048;
1595 s->qdev.type = TYPE_ROM;
1596 s->removable = true;
1597 return scsi_initfn(&s->qdev);
b443ae67
MA		 1598}
1599
1600static int scsi_disk_initfn(SCSIDevice *dev)
1601{
95b5edcd 1602 DriveInfo *dinfo;
b443ae67
MA		 1603
1604 if (!dev->conf.bs) {
e39be482 1605 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1606 }
1607
e39be482
PB		 1608 dinfo = drive_get_by_blockdev(dev->conf.bs);
1609 if (dinfo->media_cd) {
1610 return scsi_cd_initfn(dev);
1611 } else {
1612 return scsi_hd_initfn(dev);
1613 }
b443ae67
MA		 1614}
1615
adcf2754 1616static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1617 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1618 .free_req = scsi_free_request,
1619 .send_command = scsi_send_command,
1620 .read_data = scsi_read_data,
1621 .write_data = scsi_write_data,
1622 .cancel_io = scsi_cancel_io,
1623 .get_buf = scsi_get_buf,
8dbd4574
PB		 1624};
1625
63db0f0e
PB		 1626static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1627 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1628{
1629 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1630 SCSIRequest *req;
8dbd4574
PB		 1631
1632 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1633 return req;
1634}
1635
336a6915
PB		 1636#ifdef __linux__
1637static int get_device_type(SCSIDiskState *s)
1638{
1639 BlockDriverState *bdrv = s->qdev.conf.bs;
1640 uint8_t cmd[16];
1641 uint8_t buf[36];
1642 uint8_t sensebuf[8];
1643 sg_io_hdr_t io_header;
1644 int ret;
1645
1646 memset(cmd, 0, sizeof(cmd));
1647 memset(buf, 0, sizeof(buf));
1648 cmd[0] = INQUIRY;
1649 cmd[4] = sizeof(buf);
1650
1651 memset(&io_header, 0, sizeof(io_header));
1652 io_header.interface_id = 'S';
1653 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1654 io_header.dxfer_len = sizeof(buf);
1655 io_header.dxferp = buf;
1656 io_header.cmdp = cmd;
1657 io_header.cmd_len = sizeof(cmd);
1658 io_header.mx_sb_len = sizeof(sensebuf);
1659 io_header.sbp = sensebuf;
1660 io_header.timeout = 6000; /* XXX */
1661
1662 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1663 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1664 return -1;
1665 }
1666 s->qdev.type = buf[0];
1667 s->removable = (buf[1] & 0x80) != 0;
1668 return 0;
1669}
1670
1671static int scsi_block_initfn(SCSIDevice *dev)
1672{
1673 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1674 int sg_version;
1675 int rc;
1676
1677 if (!s->qdev.conf.bs) {
1678 error_report("scsi-block: drive property not set");
1679 return -1;
1680 }
1681
1682 /* check we are using a driver managing SG_IO (version 3 and after) */
1683 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1684 sg_version < 30000) {
1685 error_report("scsi-block: scsi generic interface too old");
1686 return -1;
1687 }
1688
1689 /* get device type from INQUIRY data */
1690 rc = get_device_type(s);
1691 if (rc < 0) {
1692 error_report("scsi-block: INQUIRY failed");
1693 return -1;
1694 }
1695
1696 /* Make a guess for the block size, we'll fix it when the guest sends.
1697 * READ CAPACITY. If they don't, they likely would assume these sizes
1698 * anyway. (TODO: check in /sys).
1699 */
1700 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1701 s->qdev.blocksize = 2048;
1702 } else {
1703 s->qdev.blocksize = 512;
1704 }
1705 return scsi_initfn(&s->qdev);
1706}
1707
1708static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1709 uint32_t lun, uint8_t *buf,
1710 void *hba_private)
1711{
1712 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1713
1714 switch (buf[0]) {
1715 case READ_6:
1716 case READ_10:
1717 case READ_12:
1718 case READ_16:
1719 case WRITE_6:
1720 case WRITE_10:
1721 case WRITE_12:
1722 case WRITE_16:
1723 case WRITE_VERIFY_10:
1724 case WRITE_VERIFY_12:
1725 case WRITE_VERIFY_16:
33ebad12
PB		 1726 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1727 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1728 * And once you do these writes, reading from the block device is
1729 * unreliable, too. It is even possible that reads deliver random data
1730 * from the host page cache (this is probably a Linux bug).
1731 *
1732 * We might use scsi_disk_reqops as long as no writing commands are
1733 * seen, but performance usually isn't paramount on optical media. So,
1734 * just make scsi-block operate the same as scsi-generic for them.
1735 */
1736 if (s->qdev.type != TYPE_ROM) {
1737 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1738 hba_private);
1739 }
336a6915
PB		 1740 }
1741
1742 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1743 hba_private);
1744}
1745#endif
1746
b443ae67
MA		 1747#define DEFINE_SCSI_DISK_PROPERTIES() \
1748 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1749 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1750 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1751
39bffca2
AL		 1752static Property scsi_hd_properties[] = {
1753 DEFINE_SCSI_DISK_PROPERTIES(),
1754 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1755 DEFINE_PROP_END_OF_LIST(),
1756};
1757
b9eea3e6
AL		 1758static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1759{
39bffca2 1760 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1761 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1762
1763 sc->init = scsi_hd_initfn;
1764 sc->destroy = scsi_destroy;
1765 sc->alloc_req = scsi_new_request;
1766 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1767 dc->fw_name = "disk";
1768 dc->desc = "virtual SCSI disk";
1769 dc->reset = scsi_disk_reset;
1770 dc->props = scsi_hd_properties;
b9eea3e6
AL		 1771}
1772
39bffca2
AL		 1773static TypeInfo scsi_hd_info = {
1774 .name = "scsi-hd",
1775 .parent = TYPE_SCSI_DEVICE,
1776 .instance_size = sizeof(SCSIDiskState),
1777 .class_init = scsi_hd_class_initfn,
1778};
1779
1780static Property scsi_cd_properties[] = {
1781 DEFINE_SCSI_DISK_PROPERTIES(),
1782 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1783};
1784
1785static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1786{
39bffca2 1787 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1788 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1789
1790 sc->init = scsi_cd_initfn;
1791 sc->destroy = scsi_destroy;
1792 sc->alloc_req = scsi_new_request;
1793 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1794 dc->fw_name = "disk";
1795 dc->desc = "virtual SCSI CD-ROM";
1796 dc->reset = scsi_disk_reset;
1797 dc->props = scsi_cd_properties;
b9eea3e6
AL		 1798}
1799
39bffca2
AL		 1800static TypeInfo scsi_cd_info = {
1801 .name = "scsi-cd",
1802 .parent = TYPE_SCSI_DEVICE,
1803 .instance_size = sizeof(SCSIDiskState),
1804 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1805};
1806
336a6915 1807#ifdef __linux__
39bffca2
AL		 1808static Property scsi_block_properties[] = {
1809 DEFINE_SCSI_DISK_PROPERTIES(),
1810 DEFINE_PROP_END_OF_LIST(),
1811};
1812
b9eea3e6
AL		 1813static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1814{
39bffca2 1815 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1816 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1817
1818 sc->init = scsi_block_initfn;
1819 sc->destroy = scsi_destroy;
1820 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 1821 dc->fw_name = "disk";
1822 dc->desc = "SCSI block device passthrough";
1823 dc->reset = scsi_disk_reset;
1824 dc->props = scsi_block_properties;
b9eea3e6
AL		 1825}
1826
39bffca2
AL		 1827static TypeInfo scsi_block_info = {
1828 .name = "scsi-block",
1829 .parent = TYPE_SCSI_DEVICE,
1830 .instance_size = sizeof(SCSIDiskState),
1831 .class_init = scsi_block_class_initfn,
b9eea3e6 1832};
336a6915 1833#endif
b9eea3e6 1834
39bffca2
AL		 1835static Property scsi_disk_properties[] = {
1836 DEFINE_SCSI_DISK_PROPERTIES(),
1837 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1838 DEFINE_PROP_END_OF_LIST(),
1839};
1840
b9eea3e6
AL		 1841static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1842{
39bffca2 1843 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1844 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1845
1846 sc->init = scsi_disk_initfn;
1847 sc->destroy = scsi_destroy;
1848 sc->alloc_req = scsi_new_request;
1849 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1850 dc->fw_name = "disk";
1851 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1852 dc->reset = scsi_disk_reset;
1853 dc->props = scsi_disk_properties;
b9eea3e6
AL		 1854}
1855
39bffca2
AL		 1856static TypeInfo scsi_disk_info = {
1857 .name = "scsi-disk",
1858 .parent = TYPE_SCSI_DEVICE,
1859 .instance_size = sizeof(SCSIDiskState),
1860 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 1861};
1862
83f7d43a 1863static void scsi_disk_register_types(void)
d52affa7 1864{
39bffca2
AL		 1865 type_register_static(&scsi_hd_info);
1866 type_register_static(&scsi_cd_info);
b9eea3e6 1867#ifdef __linux__
39bffca2 1868 type_register_static(&scsi_block_info);
b9eea3e6 1869#endif
39bffca2 1870 type_register_static(&scsi_disk_info);
8ccc2ace 1871}
83f7d43a
AF		 1872
1873type_init(scsi_disk_register_types)
Qemu copy for testing