]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qemu-img: info: show highest_alloc and num_free_bytes if exist (Uri Lublin)
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
a917d384
PB		 10 *
11 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
2e5d83bb
PB		 14 */
15
fa879c64
AL		 16#include <qemu-common.h>
17#include <sysemu.h>
2e5d83bb
PB		 18//#define DEBUG_SCSI
19
20#ifdef DEBUG_SCSI
21#define DPRINTF(fmt, args...) \
22do { printf("scsi-disk: " fmt , ##args); } while (0)
23#else
24#define DPRINTF(fmt, args...) do {} while(0)
25#endif
26
27#define BADF(fmt, args...) \
28do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0)
29
87ecb68b
PB		 30#include "qemu-common.h"
31#include "block.h"
32#include "scsi-disk.h"
2e5d83bb
PB		 33
34#define SENSE_NO_SENSE 0
1aacf348 35#define SENSE_NOT_READY 2
4d611c9a 36#define SENSE_HARDWARE_ERROR 4
2e5d83bb
PB		 37#define SENSE_ILLEGAL_REQUEST 5
38
22864256
BS		 39#define STATUS_GOOD 0
40#define STATUS_CHECK_CONDITION 2
41
f0f72ffe 42#define SCSI_DMA_BUF_SIZE 131072
57575058 43#define SCSI_MAX_INQUIRY_LEN 256
a917d384
PB		 44
45typedef struct SCSIRequest {
8ccc2ace 46 SCSIDeviceState *dev;
2e5d83bb 47 uint32_t tag;
2e5d83bb
PB		 48 /* ??? We should probably keep track of whether the data trasfer is
49 a read or a write. Currently we rely on the host getting it right. */
a917d384 50 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
2e5d83bb
PB		 51 int sector;
52 int sector_count;
a917d384 53 /* The amounnt of data in the buffer. */
2e5d83bb 54 int buf_len;
33f00271 55 uint8_t *dma_buf;
4d611c9a 56 BlockDriverAIOCB *aiocb;
a917d384
PB		 57 struct SCSIRequest *next;
58} SCSIRequest;
59
8ccc2ace 60struct SCSIDeviceState
a917d384
PB		 61{
62 BlockDriverState *bdrv;
63 SCSIRequest *requests;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
67 int sense;
68 int tcq;
4d611c9a
PB		 69 /* Completion functions may be called from either scsi_{read,write}_data
70 or from the AIO completion routines. */
2e5d83bb
PB		 71 scsi_completionfn completion;
72 void *opaque;
fa879c64 73 char drive_serial_str[21];
2e5d83bb
PB		 74};
75
a917d384
PB		 76/* Global pool of SCSIRequest structures. */
77static SCSIRequest *free_requests = NULL;
78
8ccc2ace 79static SCSIRequest *scsi_new_request(SCSIDeviceState *s, uint32_t tag)
2e5d83bb 80{
a917d384
PB		 81 SCSIRequest *r;
82
83 if (free_requests) {
84 r = free_requests;
85 free_requests = r->next;
86 } else {
87 r = qemu_malloc(sizeof(SCSIRequest));
33f00271 88 r->dma_buf = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
a917d384
PB		 89 }
90 r->dev = s;
91 r->tag = tag;
92 r->sector_count = 0;
93 r->buf_len = 0;
94 r->aiocb = NULL;
95
96 r->next = s->requests;
97 s->requests = r;
98 return r;
2e5d83bb
PB		 99}
100
a917d384 101static void scsi_remove_request(SCSIRequest *r)
4d611c9a 102{
a917d384 103 SCSIRequest *last;
8ccc2ace 104 SCSIDeviceState *s = r->dev;
a917d384
PB		 105
106 if (s->requests == r) {
107 s->requests = r->next;
108 } else {
109 last = s->requests;
110 while (last && last->next != r)
111 last = last->next;
112 if (last) {
113 last->next = r->next;
114 } else {
115 BADF("Orphaned request\n");
116 }
117 }
118 r->next = free_requests;
119 free_requests = r;
4d611c9a
PB		 120}
121
8ccc2ace 122static SCSIRequest *scsi_find_request(SCSIDeviceState *s, uint32_t tag)
4d611c9a 123{
a917d384 124 SCSIRequest *r;
4d611c9a 125
a917d384
PB		 126 r = s->requests;
127 while (r && r->tag != tag)
128 r = r->next;
4d611c9a 129
a917d384
PB		 130 return r;
131}
132
133/* Helper function for command completion. */
22864256 134static void scsi_command_complete(SCSIRequest *r, int status, int sense)
a917d384 135{
8ccc2ace 136 SCSIDeviceState *s = r->dev;
a917d384 137 uint32_t tag;
22864256 138 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
a917d384
PB		 139 s->sense = sense;
140 tag = r->tag;
141 scsi_remove_request(r);
22864256 142 s->completion(s->opaque, SCSI_REASON_DONE, tag, status);
4d611c9a
PB		 143}
144
145/* Cancel a pending data transfer. */
8ccc2ace 146static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
4d611c9a 147{
8ccc2ace 148 SCSIDeviceState *s = d->state;
a917d384
PB		 149 SCSIRequest *r;
150 DPRINTF("Cancel tag=0x%x\n", tag);
151 r = scsi_find_request(s, tag);
152 if (r) {
153 if (r->aiocb)
154 bdrv_aio_cancel(r->aiocb);
155 r->aiocb = NULL;
156 scsi_remove_request(r);
157 }
158}
159
160static void scsi_read_complete(void * opaque, int ret)
161{
162 SCSIRequest *r = (SCSIRequest *)opaque;
8ccc2ace 163 SCSIDeviceState *s = r->dev;
a917d384
PB		 164
165 if (ret) {
166 DPRINTF("IO error\n");
22864256
BS		 167 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, 0);
168 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
4d611c9a
PB		 169 return;
170 }
a917d384
PB		 171 DPRINTF("Data ready tag=0x%x len=%d\n", r->tag, r->buf_len);
172
173 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
4d611c9a
PB		 174}
175
a917d384 176/* Read more data from scsi device into buffer. */
8ccc2ace 177static void scsi_read_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 178{
8ccc2ace 179 SCSIDeviceState *s = d->state;
a917d384 180 SCSIRequest *r;
2e5d83bb
PB		 181 uint32_t n;
182
a917d384
PB		 183 r = scsi_find_request(s, tag);
184 if (!r) {
185 BADF("Bad read tag 0x%x\n", tag);
b1fa7164 186 /* ??? This is the wrong error. */
22864256 187 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
a917d384 188 return;
2e5d83bb 189 }
a917d384
PB		 190 if (r->sector_count == (uint32_t)-1) {
191 DPRINTF("Read buf_len=%d\n", r->buf_len);
192 r->sector_count = 0;
193 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, r->buf_len);
194 return;
2e5d83bb 195 }
a917d384
PB		 196 DPRINTF("Read sector_count=%d\n", r->sector_count);
197 if (r->sector_count == 0) {
22864256 198 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384 199 return;
2e5d83bb
PB		 200 }
201
a917d384
PB		 202 n = r->sector_count;
203 if (n > SCSI_DMA_BUF_SIZE / 512)
204 n = SCSI_DMA_BUF_SIZE / 512;
205
206 r->buf_len = n * 512;
207 r->aiocb = bdrv_aio_read(s->bdrv, r->sector, r->dma_buf, n,
208 scsi_read_complete, r);
209 if (r->aiocb == NULL)
22864256 210 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
a917d384
PB		 211 r->sector += n;
212 r->sector_count -= n;
2e5d83bb
PB		 213}
214
4d611c9a
PB		 215static void scsi_write_complete(void * opaque, int ret)
216{
a917d384 217 SCSIRequest *r = (SCSIRequest *)opaque;
8ccc2ace 218 SCSIDeviceState *s = r->dev;
a917d384 219 uint32_t len;
4d611c9a
PB		 220
221 if (ret) {
222 fprintf(stderr, "scsi-disc: IO write error\n");
223 exit(1);
224 }
225
a917d384
PB		 226 r->aiocb = NULL;
227 if (r->sector_count == 0) {
22864256 228 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384
PB		 229 } else {
230 len = r->sector_count * 512;
231 if (len > SCSI_DMA_BUF_SIZE) {
232 len = SCSI_DMA_BUF_SIZE;
233 }
234 r->buf_len = len;
235 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
236 s->completion(s->opaque, SCSI_REASON_DATA, r->tag, len);
4d611c9a 237 }
4d611c9a
PB		 238}
239
240/* Write data to a scsi device. Returns nonzero on failure.
241 The transfer may complete asynchronously. */
8ccc2ace 242static int scsi_write_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 243{
8ccc2ace 244 SCSIDeviceState *s = d->state;
a917d384 245 SCSIRequest *r;
2e5d83bb
PB		 246 uint32_t n;
247
a917d384
PB		 248 DPRINTF("Write data tag=0x%x\n", tag);
249 r = scsi_find_request(s, tag);
250 if (!r) {
251 BADF("Bad write tag 0x%x\n", tag);
22864256 252 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
2e5d83bb
PB		 253 return 1;
254 }
a917d384
PB		 255 if (r->aiocb)
256 BADF("Data transfer already in progress\n");
257 n = r->buf_len / 512;
258 if (n) {
259 r->aiocb = bdrv_aio_write(s->bdrv, r->sector, r->dma_buf, n,
260 scsi_write_complete, r);
261 if (r->aiocb == NULL)
22864256
BS		 262 scsi_command_complete(r, STATUS_CHECK_CONDITION,
263 SENSE_HARDWARE_ERROR);
a917d384
PB		 264 r->sector += n;
265 r->sector_count -= n;
266 } else {
267 /* Invoke completion routine to fetch data from host. */
268 scsi_write_complete(r, 0);
2e5d83bb
PB		 269 }
270
a917d384
PB		 271 return 0;
272}
2e5d83bb 273
a917d384 274/* Return a pointer to the data buffer. */
8ccc2ace 275static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
a917d384 276{
8ccc2ace 277 SCSIDeviceState *s = d->state;
a917d384 278 SCSIRequest *r;
2e5d83bb 279
a917d384
PB		 280 r = scsi_find_request(s, tag);
281 if (!r) {
282 BADF("Bad buffer tag 0x%x\n", tag);
283 return NULL;
4d611c9a 284 }
a917d384 285 return r->dma_buf;
2e5d83bb
PB		 286}
287
288/* Execute a scsi command. Returns the length of the data expected by the
289 command. This will be Positive for data transfers from the device
290 (eg. disk reads), negative for transfers to the device (eg. disk writes),
291 and zero if the command does not transfer any data. */
292
8ccc2ace
TS		 293static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
294 uint8_t *buf, int lun)
2e5d83bb 295{
8ccc2ace 296 SCSIDeviceState *s = d->state;
96b8f136 297 uint64_t nb_sectors;
2e5d83bb
PB		 298 uint32_t lba;
299 uint32_t len;
300 int cmdlen;
301 int is_write;
a917d384
PB		 302 uint8_t command;
303 uint8_t *outbuf;
304 SCSIRequest *r;
305
306 command = buf[0];
307 r = scsi_find_request(s, tag);
308 if (r) {
309 BADF("Tag 0x%x already in use\n", tag);
8ccc2ace 310 scsi_cancel_io(d, tag);
a917d384
PB		 311 }
312 /* ??? Tags are not unique for different luns. We only implement a
313 single lun, so this should not matter. */
314 r = scsi_new_request(s, tag);
315 outbuf = r->dma_buf;
2e5d83bb 316 is_write = 0;
a917d384
PB		 317 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
318 switch (command >> 5) {
2e5d83bb
PB		 319 case 0:
320 lba = buf[3] | (buf[2] << 8) | ((buf[1] & 0x1f) << 16);
321 len = buf[4];
322 cmdlen = 6;
323 break;
324 case 1:
325 case 2:
326 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
327 len = buf[8] | (buf[7] << 8);
328 cmdlen = 10;
329 break;
330 case 4:
331 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
332 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
333 cmdlen = 16;
334 break;
335 case 5:
336 lba = buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24);
337 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
338 cmdlen = 12;
339 break;
340 default:
a917d384 341 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 342 goto fail;
343 }
344#ifdef DEBUG_SCSI
345 {
346 int i;
347 for (i = 1; i < cmdlen; i++) {
348 printf(" 0x%02x", buf[i]);
349 }
350 printf("\n");
351 }
352#endif
0fc5c15a 353 if (lun || buf[1] >> 5) {
2e5d83bb 354 /* Only LUN 0 supported. */
0fc5c15a 355 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
22864256
BS		 356 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
357 goto fail;
2e5d83bb 358 }
a917d384 359 switch (command) {
2e5d83bb
PB		 360 case 0x0:
361 DPRINTF("Test Unit Ready\n");
362 break;
363 case 0x03:
364 DPRINTF("Request Sense (len %d)\n", len);
365 if (len < 4)
366 goto fail;
67cd24a8 367 memset(outbuf, 0, 4);
a917d384
PB		 368 outbuf[0] = 0xf0;
369 outbuf[1] = 0;
370 outbuf[2] = s->sense;
371 r->buf_len = 4;
2e5d83bb
PB		 372 break;
373 case 0x12:
7d8406be 374 DPRINTF("Inquiry (len %d)\n", len);
1d4db89c
AZ		 375 if (buf[1] & 0x2) {
376 /* Command support data - optional, not implemented */
377 BADF("optional INQUIRY command support request not implemented\n");
378 goto fail;
379 }
380 else if (buf[1] & 0x1) {
381 /* Vital product data */
382 uint8_t page_code = buf[2];
383 if (len < 4) {
384 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
385 "less than 4\n", page_code, len);
386 goto fail;
387 }
388
389 switch (page_code) {
390 case 0x00:
391 {
392 /* Supported page codes, mandatory */
393 DPRINTF("Inquiry EVPD[Supported pages] "
394 "buffer size %d\n", len);
395
396 r->buf_len = 0;
397
398 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
399 outbuf[r->buf_len++] = 5;
400 } else {
401 outbuf[r->buf_len++] = 0;
402 }
403
404 outbuf[r->buf_len++] = 0x00; // this page
405 outbuf[r->buf_len++] = 0x00;
406 outbuf[r->buf_len++] = 3; // number of pages
407 outbuf[r->buf_len++] = 0x00; // list of supported pages (this page)
408 outbuf[r->buf_len++] = 0x80; // unit serial number
409 outbuf[r->buf_len++] = 0x83; // device identification
410 }
411 break;
412 case 0x80:
413 {
fa879c64
AL		 414 int l;
415
1d4db89c
AZ		 416 /* Device serial number, optional */
417 if (len < 4) {
418 BADF("Error: EVPD[Serial number] Inquiry buffer "
419 "size %d too small, %d needed\n", len, 4);
420 goto fail;
421 }
422
423 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
fa879c64 424 l = MIN(len, strlen(s->drive_serial_str));
1d4db89c
AZ		 425
426 r->buf_len = 0;
427
428 /* Supported page codes */
429 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
430 outbuf[r->buf_len++] = 5;
431 } else {
432 outbuf[r->buf_len++] = 0;
433 }
434
435 outbuf[r->buf_len++] = 0x80; // this page
436 outbuf[r->buf_len++] = 0x00;
fa879c64
AL		 437 outbuf[r->buf_len++] = l;
438 memcpy(&outbuf[r->buf_len], s->drive_serial_str, l);
439 r->buf_len += l;
1d4db89c
AZ		 440 }
441
442 break;
443 case 0x83:
444 {
445 /* Device identification page, mandatory */
446 int max_len = 255 - 8;
447 int id_len = strlen(bdrv_get_device_name(s->bdrv));
448 if (id_len > max_len)
449 id_len = max_len;
450
451 DPRINTF("Inquiry EVPD[Device identification] "
452 "buffer size %d\n", len);
453 r->buf_len = 0;
454 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
455 outbuf[r->buf_len++] = 5;
456 } else {
457 outbuf[r->buf_len++] = 0;
458 }
459
460 outbuf[r->buf_len++] = 0x83; // this page
461 outbuf[r->buf_len++] = 0x00;
462 outbuf[r->buf_len++] = 3 + id_len;
463
464 outbuf[r->buf_len++] = 0x2; // ASCII
465 outbuf[r->buf_len++] = 0; // not officially assigned
466 outbuf[r->buf_len++] = 0; // reserved
467 outbuf[r->buf_len++] = id_len; // length of data following
468
469 memcpy(&outbuf[r->buf_len],
470 bdrv_get_device_name(s->bdrv), id_len);
471 r->buf_len += id_len;
472 }
473 break;
474 default:
475 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
476 "buffer size %d\n", page_code, len);
477 goto fail;
478 }
479 /* done with EVPD */
480 break;
481 }
482 else {
483 /* Standard INQUIRY data */
484 if (buf[2] != 0) {
485 BADF("Error: Inquiry (STANDARD) page or code "
486 "is non-zero [%02X]\n", buf[2]);
487 goto fail;
488 }
489
490 /* PAGE CODE == 0 */
491 if (len < 5) {
492 BADF("Error: Inquiry (STANDARD) buffer size %d "
493 "is less than 5\n", len);
494 goto fail;
495 }
496
497 if (len < 36) {
498 BADF("Error: Inquiry (STANDARD) buffer size %d "
499 "is less than 36 (TODO: only 5 required)\n", len);
500 }
2e5d83bb 501 }
57575058
AZ		 502
503 if(len > SCSI_MAX_INQUIRY_LEN)
504 len = SCSI_MAX_INQUIRY_LEN;
505
506 memset(outbuf, 0, len);
22864256
BS		 507
508 if (lun || buf[1] >> 5) {
509 outbuf[0] = 0x7f; /* LUN not supported */
510 } else if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
a917d384
PB		 511 outbuf[0] = 5;
512 outbuf[1] = 0x80;
513 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
2e5d83bb 514 } else {
a917d384
PB		 515 outbuf[0] = 0;
516 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
2e5d83bb 517 }
a917d384
PB		 518 memcpy(&outbuf[8], "QEMU ", 8);
519 memcpy(&outbuf[32], QEMU_VERSION, 4);
17acfe32
PB		 520 /* Identify device as SCSI-3 rev 1.
521 Some later commands are also implemented. */
a917d384
PB		 522 outbuf[2] = 3;
523 outbuf[3] = 2; /* Format 2 */
57575058 524 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
a917d384
PB		 525 /* Sync data transfer and TCQ. */
526 outbuf[7] = 0x10 | (s->tcq ? 0x02 : 0);
57575058 527 r->buf_len = len;
2e5d83bb
PB		 528 break;
529 case 0x16:
530 DPRINTF("Reserve(6)\n");
531 if (buf[1] & 1)
532 goto fail;
533 break;
534 case 0x17:
535 DPRINTF("Release(6)\n");
536 if (buf[1] & 1)
537 goto fail;
538 break;
539 case 0x1a:
7d8406be 540 case 0x5a:
17acfe32 541 {
a917d384 542 uint8_t *p;
17acfe32
PB		 543 int page;
544
545 page = buf[2] & 0x3f;
546 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
a917d384 547 p = outbuf;
17acfe32 548 memset(p, 0, 4);
a917d384
PB		 549 outbuf[1] = 0; /* Default media type. */
550 outbuf[3] = 0; /* Block descriptor length. */
17acfe32 551 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
a917d384 552 outbuf[2] = 0x80; /* Readonly. */
17acfe32
PB		 553 }
554 p += 4;
5e65a310
BS		 555 if (page == 4) {
556 int cylinders, heads, secs;
557
558 /* Rigid disk device geometry page. */
559 p[0] = 4;
560 p[1] = 0x16;
561 /* if a geometry hint is available, use it */
562 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
563 p[2] = (cylinders >> 16) & 0xff;
564 p[3] = (cylinders >> 8) & 0xff;
565 p[4] = cylinders & 0xff;
566 p[5] = heads & 0xff;
567 /* Write precomp start cylinder, disabled */
568 p[6] = (cylinders >> 16) & 0xff;
569 p[7] = (cylinders >> 8) & 0xff;
570 p[8] = cylinders & 0xff;
571 /* Reduced current start cylinder, disabled */
572 p[9] = (cylinders >> 16) & 0xff;
573 p[10] = (cylinders >> 8) & 0xff;
574 p[11] = cylinders & 0xff;
575 /* Device step rate [ns], 200ns */
576 p[12] = 0;
577 p[13] = 200;
578 /* Landing zone cylinder */
579 p[14] = 0xff;
580 p[15] = 0xff;
581 p[16] = 0xff;
582 /* Medium rotation rate [rpm], 5400 rpm */
583 p[20] = (5400 >> 8) & 0xff;
584 p[21] = 5400 & 0xff;
585 p += 0x16;
586 } else if (page == 5) {
587 int cylinders, heads, secs;
588
589 /* Flexible disk device geometry page. */
590 p[0] = 5;
591 p[1] = 0x1e;
592 /* Transfer rate [kbit/s], 5Mbit/s */
593 p[2] = 5000 >> 8;
594 p[3] = 5000 & 0xff;
595 /* if a geometry hint is available, use it */
596 bdrv_get_geometry_hint(s->bdrv, &cylinders, &heads, &secs);
597 p[4] = heads & 0xff;
598 p[5] = secs & 0xff;
599 p[6] = s->cluster_size * 2;
600 p[8] = (cylinders >> 8) & 0xff;
601 p[9] = cylinders & 0xff;
602 /* Write precomp start cylinder, disabled */
603 p[10] = (cylinders >> 8) & 0xff;
604 p[11] = cylinders & 0xff;
605 /* Reduced current start cylinder, disabled */
606 p[12] = (cylinders >> 8) & 0xff;
607 p[13] = cylinders & 0xff;
608 /* Device step rate [100us], 100us */
609 p[14] = 0;
610 p[15] = 1;
611 /* Device step pulse width [us], 1us */
612 p[16] = 1;
613 /* Device head settle delay [100us], 100us */
614 p[17] = 0;
615 p[18] = 1;
616 /* Motor on delay [0.1s], 0.1s */
617 p[19] = 1;
618 /* Motor off delay [0.1s], 0.1s */
619 p[20] = 1;
620 /* Medium rotation rate [rpm], 5400 rpm */
621 p[28] = (5400 >> 8) & 0xff;
622 p[29] = 5400 & 0xff;
623 p += 0x1e;
624 } else if ((page == 8 || page == 0x3f)) {
17acfe32 625 /* Caching page. */
67cd24a8 626 memset(p,0,20);
17acfe32
PB		 627 p[0] = 8;
628 p[1] = 0x12;
629 p[2] = 4; /* WCE */
67cd24a8 630 p += 20;
17acfe32
PB		 631 }
632 if ((page == 0x3f || page == 0x2a)
633 && (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM)) {
634 /* CD Capabilities and Mechanical Status page. */
635 p[0] = 0x2a;
636 p[1] = 0x14;
637 p[2] = 3; // CD-R & CD-RW read
638 p[3] = 0; // Writing not supported
639 p[4] = 0x7f; /* Audio, composite, digital out,
640 mode 2 form 1&2, multi session */
641 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
642 RW corrected, C2 errors, ISRC,
643 UPC, Bar code */
644 p[6] = 0x2d | (bdrv_is_locked(s->bdrv)? 2 : 0);
645 /* Locking supported, jumper present, eject, tray */
646 p[7] = 0; /* no volume & mute control, no
647 changer */
648 p[8] = (50 * 176) >> 8; // 50x read speed
649 p[9] = (50 * 176) & 0xff;
650 p[10] = 0 >> 8; // No volume
651 p[11] = 0 & 0xff;
652 p[12] = 2048 >> 8; // 2M buffer
653 p[13] = 2048 & 0xff;
654 p[14] = (16 * 176) >> 8; // 16x read speed current
655 p[15] = (16 * 176) & 0xff;
656 p[18] = (16 * 176) >> 8; // 16x write speed
657 p[19] = (16 * 176) & 0xff;
658 p[20] = (16 * 176) >> 8; // 16x write speed current
659 p[21] = (16 * 176) & 0xff;
67cd24a8 660 p += 22;
17acfe32 661 }
a917d384
PB		 662 r->buf_len = p - outbuf;
663 outbuf[0] = r->buf_len - 4;
664 if (r->buf_len > len)
665 r->buf_len = len;
7d8406be 666 }
17acfe32
PB		 667 break;
668 case 0x1b:
669 DPRINTF("Start Stop Unit\n");
670 break;
671 case 0x1e:
672 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
673 bdrv_set_locked(s->bdrv, buf[4] & 1);
2e5d83bb
PB		 674 break;
675 case 0x25:
676 DPRINTF("Read Capacity\n");
677 /* The normal LEN field for this command is zero. */
a917d384 678 memset(outbuf, 0, 8);
2e5d83bb 679 bdrv_get_geometry(s->bdrv, &nb_sectors);
51c1ebb1
PB		 680 /* Returned value is the address of the last sector. */
681 if (nb_sectors) {
682 nb_sectors--;
a917d384
PB		 683 outbuf[0] = (nb_sectors >> 24) & 0xff;
684 outbuf[1] = (nb_sectors >> 16) & 0xff;
685 outbuf[2] = (nb_sectors >> 8) & 0xff;
686 outbuf[3] = nb_sectors & 0xff;
687 outbuf[4] = 0;
688 outbuf[5] = 0;
689 outbuf[6] = s->cluster_size * 2;
690 outbuf[7] = 0;
691 r->buf_len = 8;
51c1ebb1 692 } else {
22864256 693 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
35f1df84 694 return 0;
51c1ebb1 695 }
2e5d83bb
PB		 696 break;
697 case 0x08:
698 case 0x28:
699 DPRINTF("Read (sector %d, count %d)\n", lba, len);
a917d384
PB		 700 r->sector = lba * s->cluster_size;
701 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 702 break;
703 case 0x0a:
704 case 0x2a:
705 DPRINTF("Write (sector %d, count %d)\n", lba, len);
a917d384
PB		 706 r->sector = lba * s->cluster_size;
707 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 708 is_write = 1;
709 break;
7d8406be 710 case 0x35:
e91c8a77 711 DPRINTF("Synchronise cache (sector %d, count %d)\n", lba, len);
7a6cba61 712 bdrv_flush(s->bdrv);
7d8406be 713 break;
2e5d83bb
PB		 714 case 0x43:
715 {
7c22dd52 716 int start_track, format, msf, toclen;
2e5d83bb
PB		 717
718 msf = buf[1] & 2;
719 format = buf[2] & 0xf;
720 start_track = buf[6];
721 bdrv_get_geometry(s->bdrv, &nb_sectors);
722 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
723 switch(format) {
724 case 0:
a917d384 725 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
2e5d83bb
PB		 726 break;
727 case 1:
728 /* multi session : only a single session defined */
7c22dd52 729 toclen = 12;
a917d384
PB		 730 memset(outbuf, 0, 12);
731 outbuf[1] = 0x0a;
732 outbuf[2] = 0x01;
733 outbuf[3] = 0x01;
2e5d83bb
PB		 734 break;
735 case 2:
a917d384 736 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
2e5d83bb
PB		 737 break;
738 default:
7c22dd52
PB		 739 goto error_cmd;
740 }
741 if (toclen > 0) {
742 if (len > toclen)
743 len = toclen;
a917d384 744 r->buf_len = len;
7c22dd52 745 break;
2e5d83bb 746 }
7c22dd52
PB		 747 error_cmd:
748 DPRINTF("Read TOC error\n");
749 goto fail;
2e5d83bb 750 }
17acfe32
PB		 751 case 0x46:
752 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
a917d384 753 memset(outbuf, 0, 8);
1235fc06 754 /* ??? This should probably return much more information. For now
17acfe32 755 just return the basic header indicating the CD-ROM profile. */
a917d384
PB		 756 outbuf[7] = 8; // CD-ROM
757 r->buf_len = 8;
17acfe32 758 break;
2e5d83bb
PB		 759 case 0x56:
760 DPRINTF("Reserve(10)\n");
761 if (buf[1] & 3)
762 goto fail;
763 break;
764 case 0x57:
765 DPRINTF("Release(10)\n");
766 if (buf[1] & 3)
767 goto fail;
768 break;
769 case 0xa0:
770 DPRINTF("Report LUNs (len %d)\n", len);
771 if (len < 16)
772 goto fail;
a917d384
PB		 773 memset(outbuf, 0, 16);
774 outbuf[3] = 8;
775 r->buf_len = 16;
2e5d83bb 776 break;
22864256
BS		 777 case 0x2f:
778 DPRINTF("Verify (sector %d, count %d)\n", lba, len);
779 break;
2e5d83bb
PB		 780 default:
781 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
782 fail:
22864256 783 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
2e5d83bb
PB		 784 return 0;
785 }
a917d384 786 if (r->sector_count == 0 && r->buf_len == 0) {
22864256 787 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
a917d384
PB		 788 }
789 len = r->sector_count * 512 + r->buf_len;
790 if (is_write) {
791 return -len;
792 } else {
793 if (!r->sector_count)
794 r->sector_count = -1;
795 return len;
2e5d83bb 796 }
2e5d83bb
PB		 797}
798
8ccc2ace 799static void scsi_destroy(SCSIDevice *d)
2e5d83bb 800{
8ccc2ace
TS		 801 qemu_free(d->state);
802 qemu_free(d);
2e5d83bb
PB		 803}
804
8ccc2ace
TS		 805SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, int tcq,
806 scsi_completionfn completion, void *opaque)
2e5d83bb 807{
8ccc2ace
TS		 808 SCSIDevice *d;
809 SCSIDeviceState *s;
2e5d83bb 810
8ccc2ace 811 s = (SCSIDeviceState *)qemu_mallocz(sizeof(SCSIDeviceState));
2e5d83bb 812 s->bdrv = bdrv;
a917d384 813 s->tcq = tcq;
2e5d83bb
PB		 814 s->completion = completion;
815 s->opaque = opaque;
816 if (bdrv_get_type_hint(s->bdrv) == BDRV_TYPE_CDROM) {
7c22dd52 817 s->cluster_size = 4;
2e5d83bb 818 } else {
7c22dd52 819 s->cluster_size = 1;
2e5d83bb 820 }
fa879c64
AL		 821 strncpy(s->drive_serial_str, drive_get_serial(s->bdrv),
822 sizeof(s->drive_serial_str));
823 if (strlen(s->drive_serial_str) == 0)
00766a4e 824 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
8ccc2ace
TS		 825 d = (SCSIDevice *)qemu_mallocz(sizeof(SCSIDevice));
826 d->state = s;
827 d->destroy = scsi_destroy;
828 d->send_command = scsi_send_command;
829 d->read_data = scsi_read_data;
830 d->write_data = scsi_write_data;
831 d->cancel_io = scsi_cancel_io;
832 d->get_buf = scsi_get_buf;
2e5d83bb 833
8ccc2ace
TS		 834 return d;
835}
Qemu copy for testing