]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi: add support for FUA on writes
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
5d0d2467 41#include "dma.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
f0f72ffe 47#define SCSI_DMA_BUF_SIZE 131072
57575058 48#define SCSI_MAX_INQUIRY_LEN 256
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
c87c0672
AL		 58 struct iovec iov;
59 QEMUIOVector qiov;
a597e79c 60 BlockAcctCookie acct;
4c41d2ef 61} SCSIDiskReq;
a917d384 62
d52affa7 63struct SCSIDiskState
a917d384 64{
d52affa7 65 SCSIDevice qdev;
419e691f 66 uint32_t removable;
8a9c16f6 67 bool media_changed;
3c2f7c12 68 bool media_event;
4480de19 69 bool eject_request;
213189ab 70 QEMUBH *bh;
383b4d9b 71 char *version;
a0fef654 72 char *serial;
ece0d5e9 73 bool tray_open;
81b1008d 74 bool tray_locked;
2e5d83bb
PB		 75};
76
71544d30 77static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 78
ad2d30f7 79static void scsi_free_request(SCSIRequest *req)
4d611c9a 80{
ad2d30f7
PB		 81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82
7285477a
PB		 83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
85 }
4d611c9a
PB		 86}
87
b45ef674
PB		 88/* Helper function for command completion with sense. */
89static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 90{
02fa69b6
BS		 91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 95}
96
97/* Cancel a pending data transfer. */
5c6c0e51 98static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 99{
5c6c0e51
HR		 100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 if (r->req.aiocb) {
104 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 105
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
a917d384 110 }
5c6c0e51 111 r->req.aiocb = NULL;
a917d384
PB		 112}
113
43b978b9 114static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 115{
7285477a
PB		 116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
117
118 if (!r->iov.iov_base) {
43b978b9 119 r->buflen = size;
44740c38 120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 121 }
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
125}
126
43b978b9
PB		 127static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
128{
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
130
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
136 }
137}
138
139static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
140{
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
146 if (r->buflen) {
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
150 }
151 }
152
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
154}
155
b77912a7 156static void scsi_flush_complete(void * opaque, int ret)
5d0d2467
PB		 157{
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
162
80624c93 163 if (ret < 0) {
5d0d2467
PB		 164 if (scsi_handle_rw_error(r, -ret)) {
165 goto done;
166 }
167 }
168
5d0d2467
PB		 169 scsi_req_complete(&r->req, GOOD);
170
171done:
b8aba8d7
PB		 172 if (!r->req.io_canceled) {
173 scsi_req_unref(&r->req);
174 }
5d0d2467
PB		 175}
176
7e8c49c5
PB		 177static bool scsi_is_cmd_fua(SCSICommand *cmd)
178{
179 switch (cmd->buf[0]) {
180 case READ_10:
181 case READ_12:
182 case READ_16:
183 case WRITE_10:
184 case WRITE_12:
185 case WRITE_16:
186 return (cmd->buf[1] & 8) != 0;
187
188 case WRITE_VERIFY_10:
189 case WRITE_VERIFY_12:
190 case WRITE_VERIFY_16:
191 return true;
192
193 case READ_6:
194 case WRITE_6:
195 default:
196 return false;
197 }
198}
199
200static void scsi_write_do_fua(SCSIDiskReq *r)
201{
202 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
203
204 if (scsi_is_cmd_fua(&r->req.cmd)) {
205 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
206 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
207 return;
208 }
209
210 scsi_req_complete(&r->req, GOOD);
211 if (!r->req.io_canceled) {
212 scsi_req_unref(&r->req);
213 }
214}
215
b77912a7 216static void scsi_dma_complete(void *opaque, int ret)
a917d384 217{
4c41d2ef 218 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 220
b77912a7 221 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
a597e79c 222
80624c93 223 if (ret < 0) {
71544d30 224 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 225 goto done;
5dba48a8 226 }
4d611c9a 227 }
5dba48a8 228
b77912a7
PB		 229 r->sector += r->sector_count;
230 r->sector_count = 0;
7e8c49c5
PB		 231 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
232 scsi_write_do_fua(r);
233 return;
234 } else {
235 scsi_req_complete(&r->req, GOOD);
236 }
c7bae6a7
PB		 237
238done:
239 if (!r->req.io_canceled) {
240 scsi_req_unref(&r->req);
241 }
4d611c9a
PB		 242}
243
b77912a7 244static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 245{
246 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
247 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 248 int n;
0a4ac106 249
b77912a7
PB		 250 if (r->req.aiocb != NULL) {
251 r->req.aiocb = NULL;
252 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
253 }
0a4ac106
PB		 254
255 if (ret < 0) {
71544d30 256 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 257 goto done;
0a4ac106
PB		 258 }
259 }
260
b77912a7
PB		 261 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
262
263 n = r->qiov.size / 512;
264 r->sector += n;
265 r->sector_count -= n;
266 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 267
268done:
269 if (!r->req.io_canceled) {
270 scsi_req_unref(&r->req);
271 }
0a4ac106 272}
5dba48a8 273
5c6c0e51
HR		 274/* Read more data from scsi device into buffer. */
275static void scsi_read_data(SCSIRequest *req)
2e5d83bb 276{
5c6c0e51 277 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 278 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 279 uint32_t n;
280
a917d384 281 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 282 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 283 r->sector_count = 0;
ab9adc88 284 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 285 return;
2e5d83bb 286 }
a917d384
PB		 287 DPRINTF("Read sector_count=%d\n", r->sector_count);
288 if (r->sector_count == 0) {
b45ef674
PB		 289 /* This also clears the sense buffer for REQUEST SENSE. */
290 scsi_req_complete(&r->req, GOOD);
a917d384 291 return;
2e5d83bb
PB		 292 }
293
6fa2c95f
SH		 294 /* No data transfer may already be in progress */
295 assert(r->req.aiocb == NULL);
296
c7bae6a7
PB		 297 /* The request is used as the AIO opaque value, so add a ref. */
298 scsi_req_ref(&r->req);
efb9ee02
HR		 299 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
300 DPRINTF("Data transfer direction invalid\n");
301 scsi_read_complete(r, -EINVAL);
302 return;
303 }
304
a1aff5bf
MA		 305 if (s->tray_open) {
306 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 307 return;
a1aff5bf 308 }
c7bae6a7 309
5d0d2467
PB		 310 if (r->req.sg) {
311 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
312 r->req.resid -= r->req.sg->size;
313 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
314 scsi_dma_complete, r);
315 } else {
43b978b9 316 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
5d0d2467
PB		 317 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
318 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
319 scsi_read_complete, r);
320 }
2e5d83bb
PB		 321}
322
c7bae6a7
PB		 323/*
324 * scsi_handle_rw_error has two return values. 0 means that the error
325 * must be ignored, 1 means that the error has been processed and the
326 * caller should not do anything else for this request. Note that
327 * scsi_handle_rw_error always manages its reference counts, independent
328 * of the return value.
329 */
71544d30 330static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 331{
71544d30 332 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 334 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 335
380f640f 336 if (action == BLOCK_ERR_IGNORE) {
329c0a48 337 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 338 return 0;
380f640f 339 }
ea8a5d7f
AL		 340
341 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
342 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 343
329c0a48 344 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 345 vm_stop(RUN_STATE_IO_ERROR);
44740c38 346 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 347 scsi_req_retry(&r->req);
ea8a5d7f 348 } else {
efb9ee02 349 switch (error) {
7e218df5
PB		 350 case ENOMEDIUM:
351 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
352 break;
efb9ee02 353 case ENOMEM:
b45ef674 354 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 355 break;
356 case EINVAL:
b45ef674 357 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 358 break;
359 default:
b45ef674 360 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 361 break;
a1f0cce2 362 }
329c0a48 363 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 364 }
ea8a5d7f
AL		 365 return 1;
366}
367
4d611c9a
PB		 368static void scsi_write_complete(void * opaque, int ret)
369{
4c41d2ef 370 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 371 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 372 uint32_t n;
373
8e321cc6
PB		 374 if (r->req.aiocb != NULL) {
375 r->req.aiocb = NULL;
44740c38 376 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 377 }
a597e79c 378
80624c93 379 if (ret < 0) {
71544d30 380 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 381 goto done;
5dba48a8 382 }
4d611c9a
PB		 383 }
384
103b40f5 385 n = r->qiov.size / 512;
ea8a5d7f
AL		 386 r->sector += n;
387 r->sector_count -= n;
a917d384 388 if (r->sector_count == 0) {
7e8c49c5
PB		 389 scsi_write_do_fua(r);
390 return;
a917d384 391 } else {
43b978b9 392 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
103b40f5
PB		 393 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
394 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 395 }
c7bae6a7
PB		 396
397done:
398 if (!r->req.io_canceled) {
399 scsi_req_unref(&r->req);
400 }
4d611c9a
PB		 401}
402
42741212 403static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 404{
5c6c0e51 405 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 406 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 407 uint32_t n;
408
6fa2c95f
SH		 409 /* No data transfer may already be in progress */
410 assert(r->req.aiocb == NULL);
411
c7bae6a7
PB		 412 /* The request is used as the AIO opaque value, so add a ref. */
413 scsi_req_ref(&r->req);
efb9ee02
HR		 414 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
415 DPRINTF("Data transfer direction invalid\n");
416 scsi_write_complete(r, -EINVAL);
42741212 417 return;
efb9ee02
HR		 418 }
419
5d0d2467
PB		 420 if (!r->req.sg && !r->qiov.size) {
421 /* Called for the first time. Ask the driver to send us more data. */
422 scsi_write_complete(r, 0);
423 return;
424 }
425 if (s->tray_open) {
426 scsi_write_complete(r, -ENOMEDIUM);
427 return;
428 }
429
430 if (r->req.sg) {
431 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
432 r->req.resid -= r->req.sg->size;
433 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
434 scsi_dma_complete, r);
435 } else {
436 n = r->qiov.size / 512;
44740c38
PB		 437 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
438 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 439 scsi_write_complete, r);
ea8a5d7f 440 }
a917d384 441}
2e5d83bb 442
a917d384 443/* Return a pointer to the data buffer. */
5c6c0e51 444static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 445{
5c6c0e51 446 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 447
3f4cb3d3 448 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 449}
450
0b06c059
GH		 451static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
452{
383b4d9b 453 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 454 int buflen = 0;
455
456 if (req->cmd.buf[1] & 0x2) {
457 /* Command support data - optional, not implemented */
458 BADF("optional INQUIRY command support request not implemented\n");
459 return -1;
460 }
461
462 if (req->cmd.buf[1] & 0x1) {
463 /* Vital product data */
464 uint8_t page_code = req->cmd.buf[2];
465 if (req->cmd.xfer < 4) {
466 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
467 "less than 4\n", page_code, req->cmd.xfer);
468 return -1;
469 }
470
e39be482 471 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 472 outbuf[buflen++] = page_code ; // this page
473 outbuf[buflen++] = 0x00;
474
475 switch (page_code) {
476 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 477 {
478 int pages;
0b06c059
GH		 479 DPRINTF("Inquiry EVPD[Supported pages] "
480 "buffer size %zd\n", req->cmd.xfer);
39d98982 481 pages = buflen++;
0b06c059 482 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 483 if (s->serial) {
3e1c0c9a 484 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 485 }
0b06c059 486 outbuf[buflen++] = 0x83; // device identification
f37bd73b 487 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 488 outbuf[buflen++] = 0xb0; // block limits
489 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 490 }
491 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 492 break;
39d98982 493 }
0b06c059
GH		 494 case 0x80: /* Device serial number, optional */
495 {
3e1c0c9a 496 int l;
0b06c059 497
3e1c0c9a
HR		 498 if (!s->serial) {
499 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
500 return -1;
501 }
502
503 l = strlen(s->serial);
f01b5931 504 if (l > 20) {
0b06c059 505 l = 20;
f01b5931 506 }
0b06c059
GH		 507
508 DPRINTF("Inquiry EVPD[Serial number] "
509 "buffer size %zd\n", req->cmd.xfer);
510 outbuf[buflen++] = l;
a0fef654 511 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 512 buflen += l;
513 break;
514 }
515
516 case 0x83: /* Device identification page, mandatory */
517 {
fd930791
PB		 518 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
519 int max_len = s->serial ? 20 : 255 - 8;
520 int id_len = strlen(str);
0b06c059 521
f01b5931 522 if (id_len > max_len) {
0b06c059 523 id_len = max_len;
f01b5931 524 }
0b06c059
GH		 525 DPRINTF("Inquiry EVPD[Device identification] "
526 "buffer size %zd\n", req->cmd.xfer);
527
39d98982 528 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 529 outbuf[buflen++] = 0x2; // ASCII
530 outbuf[buflen++] = 0; // not officially assigned
531 outbuf[buflen++] = 0; // reserved
532 outbuf[buflen++] = id_len; // length of data following
533
fd930791 534 memcpy(outbuf+buflen, str, id_len);
0b06c059
GH		 535 buflen += id_len;
536 break;
537 }
ea3bd56f 538 case 0xb0: /* block limits */
ee3659e3 539 {
ea3bd56f
CH		 540 unsigned int unmap_sectors =
541 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 542 unsigned int min_io_size =
543 s->qdev.conf.min_io_size / s->qdev.blocksize;
544 unsigned int opt_io_size =
545 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 546
f37bd73b 547 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 548 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
549 page_code);
550 return -1;
551 }
ee3659e3
CH		 552 /* required VPD size with unmap support */
553 outbuf[3] = buflen = 0x3c;
554
555 memset(outbuf + 4, 0, buflen - 4);
556
557 /* optimal transfer length granularity */
558 outbuf[6] = (min_io_size >> 8) & 0xff;
559 outbuf[7] = min_io_size & 0xff;
560
561 /* optimal transfer length */
562 outbuf[12] = (opt_io_size >> 24) & 0xff;
563 outbuf[13] = (opt_io_size >> 16) & 0xff;
564 outbuf[14] = (opt_io_size >> 8) & 0xff;
565 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 566
567 /* optimal unmap granularity */
568 outbuf[28] = (unmap_sectors >> 24) & 0xff;
569 outbuf[29] = (unmap_sectors >> 16) & 0xff;
570 outbuf[30] = (unmap_sectors >> 8) & 0xff;
571 outbuf[31] = unmap_sectors & 0xff;
572 break;
573 }
574 case 0xb2: /* thin provisioning */
575 {
576 outbuf[3] = buflen = 8;
577 outbuf[4] = 0;
578 outbuf[5] = 0x40; /* write same with unmap supported */
579 outbuf[6] = 0;
580 outbuf[7] = 0;
ee3659e3
CH		 581 break;
582 }
0b06c059
GH		 583 default:
584 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
585 "buffer size %zd\n", page_code, req->cmd.xfer);
586 return -1;
587 }
588 /* done with EVPD */
589 return buflen;
590 }
591
592 /* Standard INQUIRY data */
593 if (req->cmd.buf[2] != 0) {
594 BADF("Error: Inquiry (STANDARD) page or code "
595 "is non-zero [%02X]\n", req->cmd.buf[2]);
596 return -1;
597 }
598
599 /* PAGE CODE == 0 */
600 if (req->cmd.xfer < 5) {
601 BADF("Error: Inquiry (STANDARD) buffer size %zd "
602 "is less than 5\n", req->cmd.xfer);
603 return -1;
604 }
605
0b06c059 606 buflen = req->cmd.xfer;
f01b5931 607 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 608 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 609 }
0b06c059
GH		 610 memset(outbuf, 0, buflen);
611
f37bd73b 612 outbuf[0] = s->qdev.type & 0x1f;
e39be482 613 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 614 if (s->qdev.type == TYPE_ROM) {
550fe6c6 615 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 616 } else {
550fe6c6 617 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 618 }
550fe6c6 619 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 620 memset(&outbuf[32], 0, 4);
552fee93 621 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 622 /*
623 * We claim conformance to SPC-3, which is required for guests
624 * to ask for modern features like READ CAPACITY(16) or the
625 * block characteristics VPD page by default. Not all of SPC-3
626 * is actually implemented, but we're good enough.
627 */
ee3659e3 628 outbuf[2] = 5;
0b06c059 629 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 630
631 if (buflen > 36) {
632 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
633 } else {
634 /* If the allocation length of CDB is too small,
635 the additional length is not adjusted */
636 outbuf[4] = 36 - 5;
637 }
638
0b06c059 639 /* Sync data transfer and TCQ. */
afd4030c 640 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 641 return buflen;
642}
643
430ee2f2
PB		 644static inline bool media_is_dvd(SCSIDiskState *s)
645{
646 uint64_t nb_sectors;
647 if (s->qdev.type != TYPE_ROM) {
648 return false;
649 }
44740c38 650 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 651 return false;
652 }
44740c38 653 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 654 return nb_sectors > CD_MAX_SECTORS;
655}
656
ceb792ef
PB		 657static inline bool media_is_cd(SCSIDiskState *s)
658{
659 uint64_t nb_sectors;
660 if (s->qdev.type != TYPE_ROM) {
661 return false;
662 }
44740c38 663 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 664 return false;
665 }
44740c38 666 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 667 return nb_sectors <= CD_MAX_SECTORS;
668}
669
b6c251ab
PB		 670static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
671 uint8_t *outbuf)
672{
ceb792ef
PB		 673 static const int rds_caps_size[5] = {
674 [0] = 2048 + 4,
675 [1] = 4 + 4,
676 [3] = 188 + 4,
677 [4] = 2048 + 4,
678 };
679
680 uint8_t media = r->req.cmd.buf[1];
681 uint8_t layer = r->req.cmd.buf[6];
682 uint8_t format = r->req.cmd.buf[7];
683 int size = -1;
684
685 if (s->qdev.type != TYPE_ROM) {
686 return -1;
687 }
688 if (media != 0) {
689 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
690 return -1;
691 }
692
693 if (format != 0xff) {
44740c38 694 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 695 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
696 return -1;
697 }
698 if (media_is_cd(s)) {
699 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
700 return -1;
701 }
702 if (format >= ARRAY_SIZE(rds_caps_size)) {
703 return -1;
704 }
705 size = rds_caps_size[format];
706 memset(outbuf, 0, size);
707 }
708
709 switch (format) {
710 case 0x00: {
711 /* Physical format information */
712 uint64_t nb_sectors;
713 if (layer != 0) {
714 goto fail;
715 }
44740c38 716 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 717
718 outbuf[4] = 1; /* DVD-ROM, part version 1 */
719 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
720 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
721 outbuf[7] = 0; /* default densities */
722
723 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
724 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
725 break;
726 }
727
728 case 0x01: /* DVD copyright information, all zeros */
729 break;
730
731 case 0x03: /* BCA information - invalid field for no BCA info */
732 return -1;
733
734 case 0x04: /* DVD disc manufacturing information, all zeros */
735 break;
736
737 case 0xff: { /* List capabilities */
738 int i;
739 size = 4;
740 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
741 if (!rds_caps_size[i]) {
742 continue;
743 }
744 outbuf[size] = i;
745 outbuf[size + 1] = 0x40; /* Not writable, readable */
746 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
747 size += 4;
748 }
749 break;
750 }
751
752 default:
753 return -1;
754 }
755
756 /* Size of buffer, not including 2 byte size field */
757 stw_be_p(outbuf, size - 2);
758 return size;
759
760fail:
b6c251ab
PB		 761 return -1;
762}
763
3c2f7c12 764static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 765{
3c2f7c12
PB		 766 uint8_t event_code, media_status;
767
768 media_status = 0;
769 if (s->tray_open) {
770 media_status = MS_TRAY_OPEN;
44740c38 771 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 772 media_status = MS_MEDIA_PRESENT;
773 }
774
775 /* Event notification descriptor */
776 event_code = MEC_NO_CHANGE;
4480de19
PB		 777 if (media_status != MS_TRAY_OPEN) {
778 if (s->media_event) {
779 event_code = MEC_NEW_MEDIA;
780 s->media_event = false;
781 } else if (s->eject_request) {
782 event_code = MEC_EJECT_REQUESTED;
783 s->eject_request = false;
784 }
3c2f7c12
PB		 785 }
786
787 outbuf[0] = event_code;
788 outbuf[1] = media_status;
789
790 /* These fields are reserved, just clear them. */
791 outbuf[2] = 0;
792 outbuf[3] = 0;
793 return 4;
794}
795
796static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
797 uint8_t *outbuf)
798{
799 int size;
800 uint8_t *buf = r->req.cmd.buf;
801 uint8_t notification_class_request = buf[4];
802 if (s->qdev.type != TYPE_ROM) {
803 return -1;
804 }
805 if ((buf[1] & 1) == 0) {
806 /* asynchronous */
807 return -1;
808 }
809
810 size = 4;
811 outbuf[0] = outbuf[1] = 0;
812 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
813 if (notification_class_request & (1 << GESN_MEDIA)) {
814 outbuf[2] = GESN_MEDIA;
815 size += scsi_event_status_media(s, &outbuf[size]);
816 } else {
817 outbuf[2] = 0x80;
818 }
819 stw_be_p(outbuf, size - 4);
820 return size;
b6c251ab
PB		 821}
822
430ee2f2 823static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 824{
430ee2f2
PB		 825 int current;
826
b6c251ab
PB		 827 if (s->qdev.type != TYPE_ROM) {
828 return -1;
829 }
430ee2f2
PB		 830 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
831 memset(outbuf, 0, 40);
832 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
833 stw_be_p(&outbuf[6], current);
834 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
835 outbuf[10] = 0x03; /* persistent, current */
836 outbuf[11] = 8; /* two profiles */
837 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
838 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
839 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
840 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
841 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
842 stw_be_p(&outbuf[20], 1);
843 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
844 outbuf[23] = 8;
845 stl_be_p(&outbuf[24], 1); /* SCSI */
846 outbuf[28] = 1; /* DBE = 1, mandatory */
847 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
848 stw_be_p(&outbuf[32], 3);
849 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
850 outbuf[35] = 4;
851 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
852 /* TODO: Random readable, CD read, DVD read, drive serial number,
853 power management */
854 return 40;
b6c251ab
PB		 855}
856
857static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
858{
859 if (s->qdev.type != TYPE_ROM) {
860 return -1;
861 }
862 memset(outbuf, 0, 8);
863 outbuf[5] = 1; /* CD-ROM */
864 return 8;
865}
866
cfc606da 867static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 868 int page_control)
ebddfcbe 869{
a8f4bbe2
PB		 870 static const int mode_sense_valid[0x3f] = {
871 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
872 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
873 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 874 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
875 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 876 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
877 };
878
44740c38 879 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 880 int cylinders, heads, secs;
cfc606da 881 uint8_t *p = *p_outbuf;
ebddfcbe 882
a8f4bbe2
PB		 883 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
884 return -1;
885 }
886
887 p[0] = page;
888
282ab04e
BK		 889 /*
890 * If Changeable Values are requested, a mask denoting those mode parameters
891 * that are changeable shall be returned. As we currently don't support
892 * parameter changes via MODE_SELECT all bits are returned set to zero.
893 * The buffer was already menset to zero by the caller of this function.
894 */
ebddfcbe 895 switch (page) {
67cc61e4 896 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 897 p[1] = 0x16;
282ab04e 898 if (page_control == 1) { /* Changeable Values */
cfc606da 899 break;
282ab04e 900 }
ebddfcbe 901 /* if a geometry hint is available, use it */
245d0049 902 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 903 p[2] = (cylinders >> 16) & 0xff;
904 p[3] = (cylinders >> 8) & 0xff;
905 p[4] = cylinders & 0xff;
906 p[5] = heads & 0xff;
907 /* Write precomp start cylinder, disabled */
908 p[6] = (cylinders >> 16) & 0xff;
909 p[7] = (cylinders >> 8) & 0xff;
910 p[8] = cylinders & 0xff;
911 /* Reduced current start cylinder, disabled */
912 p[9] = (cylinders >> 16) & 0xff;
913 p[10] = (cylinders >> 8) & 0xff;
914 p[11] = cylinders & 0xff;
915 /* Device step rate [ns], 200ns */
916 p[12] = 0;
917 p[13] = 200;
918 /* Landing zone cylinder */
919 p[14] = 0xff;
920 p[15] = 0xff;
921 p[16] = 0xff;
922 /* Medium rotation rate [rpm], 5400 rpm */
923 p[20] = (5400 >> 8) & 0xff;
924 p[21] = 5400 & 0xff;
cfc606da 925 break;
ebddfcbe 926
67cc61e4 927 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 928 p[1] = 0x1e;
282ab04e 929 if (page_control == 1) { /* Changeable Values */
cfc606da 930 break;
282ab04e 931 }
ebddfcbe
GH		 932 /* Transfer rate [kbit/s], 5Mbit/s */
933 p[2] = 5000 >> 8;
934 p[3] = 5000 & 0xff;
935 /* if a geometry hint is available, use it */
245d0049 936 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 937 p[4] = heads & 0xff;
938 p[5] = secs & 0xff;
69377307 939 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 940 p[8] = (cylinders >> 8) & 0xff;
941 p[9] = cylinders & 0xff;
942 /* Write precomp start cylinder, disabled */
943 p[10] = (cylinders >> 8) & 0xff;
944 p[11] = cylinders & 0xff;
945 /* Reduced current start cylinder, disabled */
946 p[12] = (cylinders >> 8) & 0xff;
947 p[13] = cylinders & 0xff;
948 /* Device step rate [100us], 100us */
949 p[14] = 0;
950 p[15] = 1;
951 /* Device step pulse width [us], 1us */
952 p[16] = 1;
953 /* Device head settle delay [100us], 100us */
954 p[17] = 0;
955 p[18] = 1;
956 /* Motor on delay [0.1s], 0.1s */
957 p[19] = 1;
958 /* Motor off delay [0.1s], 0.1s */
959 p[20] = 1;
960 /* Medium rotation rate [rpm], 5400 rpm */
961 p[28] = (5400 >> 8) & 0xff;
962 p[29] = 5400 & 0xff;
cfc606da 963 break;
ebddfcbe 964
67cc61e4 965 case MODE_PAGE_CACHING:
ebddfcbe
GH		 966 p[0] = 8;
967 p[1] = 0x12;
282ab04e 968 if (page_control == 1) { /* Changeable Values */
cfc606da 969 break;
282ab04e 970 }
44740c38 971 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 972 p[2] = 4; /* WCE */
973 }
cfc606da 974 break;
ebddfcbe 975
a07c7dcd
PB		 976 case MODE_PAGE_R_W_ERROR:
977 p[1] = 10;
978 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
979 if (s->qdev.type == TYPE_ROM) {
980 p[3] = 0x20; /* Read Retry Count */
981 }
982 break;
983
984 case MODE_PAGE_AUDIO_CTL:
985 p[1] = 14;
986 break;
987
67cc61e4 988 case MODE_PAGE_CAPABILITIES:
ebddfcbe 989 p[1] = 0x14;
282ab04e 990 if (page_control == 1) { /* Changeable Values */
cfc606da 991 break;
282ab04e 992 }
a07c7dcd
PB		 993
994 p[2] = 0x3b; /* CD-R & CD-RW read */
995 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 996 p[4] = 0x7f; /* Audio, composite, digital out,
997 mode 2 form 1&2, multi session */
998 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
999 RW corrected, C2 errors, ISRC,
1000 UPC, Bar code */
81b1008d 1001 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 1002 /* Locking supported, jumper present, eject, tray */
1003 p[7] = 0; /* no volume & mute control, no
1004 changer */
a07c7dcd 1005 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 1006 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 1007 p[10] = 2 >> 8; /* Two volume levels */
1008 p[11] = 2 & 0xff;
1009 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 1010 p[13] = 2048 & 0xff;
a07c7dcd 1011 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 1012 p[15] = (16 * 176) & 0xff;
a07c7dcd 1013 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 1014 p[19] = (16 * 176) & 0xff;
a07c7dcd 1015 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1016 p[21] = (16 * 176) & 0xff;
cfc606da 1017 break;
ebddfcbe
GH		 1018
1019 default:
cfc606da 1020 return -1;
ebddfcbe 1021 }
cfc606da
PB		 1022
1023 *p_outbuf += p[1] + 2;
1024 return p[1] + 2;
ebddfcbe
GH		 1025}
1026
cfc606da 1027static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1028{
cfc606da 1029 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1030 uint64_t nb_sectors;
cfc606da 1031 int page, dbd, buflen, ret, page_control;
ebddfcbe 1032 uint8_t *p;
ce512ee1 1033 uint8_t dev_specific_param;
ebddfcbe 1034
cfc606da
PB		 1035 dbd = r->req.cmd.buf[1] & 0x8;
1036 page = r->req.cmd.buf[2] & 0x3f;
1037 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1038 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1039 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1040 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1041 p = outbuf;
1042
44740c38 1043 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 1044 dev_specific_param = 0x80; /* Readonly. */
1045 } else {
1046 dev_specific_param = 0x00;
1047 }
1048
cfc606da 1049 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1050 p[1] = 0; /* Default media type. */
1051 p[2] = dev_specific_param;
1052 p[3] = 0; /* Block descriptor length. */
1053 p += 4;
1054 } else { /* MODE_SENSE_10 */
1055 p[2] = 0; /* Default media type. */
1056 p[3] = dev_specific_param;
1057 p[6] = p[7] = 0; /* Block descriptor length. */
1058 p += 8;
ebddfcbe 1059 }
ebddfcbe 1060
0fd76ff4 1061 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 1062 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 1063 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 1064 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1065 outbuf[3] = 8; /* Block descriptor length */
1066 } else { /* MODE_SENSE_10 */
1067 outbuf[7] = 8; /* Block descriptor length */
1068 }
69377307 1069 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1070 if (nb_sectors > 0xffffff) {
2488b740 1071 nb_sectors = 0;
f01b5931 1072 }
ebddfcbe
GH		 1073 p[0] = 0; /* media density code */
1074 p[1] = (nb_sectors >> 16) & 0xff;
1075 p[2] = (nb_sectors >> 8) & 0xff;
1076 p[3] = nb_sectors & 0xff;
1077 p[4] = 0; /* reserved */
1078 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1079 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1080 p[7] = 0;
1081 p += 8;
1082 }
1083
cfc606da
PB		 1084 if (page_control == 3) {
1085 /* Saved Values */
1086 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1087 return -1;
282ab04e
BK		 1088 }
1089
cfc606da
PB		 1090 if (page == 0x3f) {
1091 for (page = 0; page <= 0x3e; page++) {
1092 mode_sense_page(s, page, &p, page_control);
1093 }
1094 } else {
1095 ret = mode_sense_page(s, page, &p, page_control);
1096 if (ret == -1) {
1097 return -1;
1098 }
ebddfcbe
GH		 1099 }
1100
1101 buflen = p - outbuf;
ce512ee1
BK		 1102 /*
1103 * The mode data length field specifies the length in bytes of the
1104 * following data that is available to be transferred. The mode data
1105 * length does not include itself.
1106 */
cfc606da 1107 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1108 outbuf[0] = buflen - 1;
1109 } else { /* MODE_SENSE_10 */
1110 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1111 outbuf[1] = (buflen - 2) & 0xff;
1112 }
ebddfcbe
GH		 1113 return buflen;
1114}
1115
02880f43
GH		 1116static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1117{
1118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1119 int start_track, format, msf, toclen;
1120 uint64_t nb_sectors;
1121
1122 msf = req->cmd.buf[1] & 2;
1123 format = req->cmd.buf[2] & 0xf;
1124 start_track = req->cmd.buf[6];
44740c38 1125 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1126 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1127 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1128 switch (format) {
1129 case 0:
1130 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1131 break;
1132 case 1:
1133 /* multi session : only a single session defined */
1134 toclen = 12;
1135 memset(outbuf, 0, 12);
1136 outbuf[1] = 0x0a;
1137 outbuf[2] = 0x01;
1138 outbuf[3] = 0x01;
1139 break;
1140 case 2:
1141 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1142 break;
1143 default:
1144 return -1;
1145 }
02880f43
GH		 1146 return toclen;
1147}
1148
68bb01f3 1149static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1150{
1151 SCSIRequest *req = &r->req;
1152 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1153 bool start = req->cmd.buf[4] & 1;
1154 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1155
1156 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1157 if (!start && !s->tray_open && s->tray_locked) {
1158 scsi_check_condition(r,
44740c38 1159 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1160 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1161 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1162 return -1;
fdec4404 1163 }
d88b1819
LC		 1164
1165 if (s->tray_open != !start) {
1166 bdrv_eject(s->qdev.conf.bs, !start);
1167 s->tray_open = !start;
1168 }
bfd52647 1169 }
68bb01f3 1170 return 0;
bfd52647
MA		 1171}
1172
7285477a 1173static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1174{
8af7a3ab 1175 SCSIRequest *req = &r->req;
e7e25e32 1176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1177 uint64_t nb_sectors;
7285477a 1178 uint8_t *outbuf;
aa5dbdc1
GH		 1179 int buflen = 0;
1180
7285477a
PB		 1181 if (!r->iov.iov_base) {
1182 /*
1183 * FIXME: we shouldn't return anything bigger than 4k, but the code
1184 * requires the buffer to be as big as req->cmd.xfer in several
1185 * places. So, do not allow CDBs with a very large ALLOCATION
1186 * LENGTH. The real fix would be to modify scsi_read_data and
1187 * dma_buf_read, so that they return data beyond the buflen
1188 * as all zeros.
1189 */
1190 if (req->cmd.xfer > 65536) {
1191 goto illegal_request;
1192 }
1193 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1194 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1195 }
1196
1197 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1198 switch (req->cmd.buf[0]) {
1199 case TEST_UNIT_READY:
9bcaf4fe 1200 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1201 break;
0b06c059
GH		 1202 case INQUIRY:
1203 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1204 if (buflen < 0) {
0b06c059 1205 goto illegal_request;
f01b5931 1206 }
5f71d32f 1207 break;
ebddfcbe
GH		 1208 case MODE_SENSE:
1209 case MODE_SENSE_10:
cfc606da 1210 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1211 if (buflen < 0) {
ebddfcbe 1212 goto illegal_request;
f01b5931 1213 }
ebddfcbe 1214 break;
02880f43
GH		 1215 case READ_TOC:
1216 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1217 if (buflen < 0) {
02880f43 1218 goto illegal_request;
f01b5931 1219 }
02880f43 1220 break;
3d53ba18 1221 case RESERVE:
f01b5931 1222 if (req->cmd.buf[1] & 1) {
3d53ba18 1223 goto illegal_request;
f01b5931 1224 }
3d53ba18
GH		 1225 break;
1226 case RESERVE_10:
f01b5931 1227 if (req->cmd.buf[1] & 3) {
3d53ba18 1228 goto illegal_request;
f01b5931 1229 }
3d53ba18
GH		 1230 break;
1231 case RELEASE:
f01b5931 1232 if (req->cmd.buf[1] & 1) {
3d53ba18 1233 goto illegal_request;
f01b5931 1234 }
3d53ba18
GH		 1235 break;
1236 case RELEASE_10:
f01b5931 1237 if (req->cmd.buf[1] & 3) {
3d53ba18 1238 goto illegal_request;
f01b5931 1239 }
3d53ba18 1240 break;
8d3628ff 1241 case START_STOP:
68bb01f3
MA		 1242 if (scsi_disk_emulate_start_stop(r) < 0) {
1243 return -1;
1244 }
5f71d32f 1245 break;
c68b9f34 1246 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1247 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1248 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1249 break;
5e30a07d 1250 case READ_CAPACITY_10:
e7e25e32 1251 /* The normal LEN field for this command is zero. */
5f71d32f 1252 memset(outbuf, 0, 8);
44740c38 1253 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1254 if (!nb_sectors) {
9bcaf4fe
PB		 1255 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1256 return -1;
f01b5931 1257 }
7cec78b6
PB		 1258 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1259 goto illegal_request;
1260 }
69377307 1261 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1262 /* Returned value is the address of the last sector. */
1263 nb_sectors--;
1264 /* Remember the new size for read/write sanity checking. */
7877903a 1265 s->qdev.max_lba = nb_sectors;
e7e25e32 1266 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1267 if (nb_sectors > UINT32_MAX) {
e7e25e32 1268 nb_sectors = UINT32_MAX;
f01b5931 1269 }
e7e25e32
GH		 1270 outbuf[0] = (nb_sectors >> 24) & 0xff;
1271 outbuf[1] = (nb_sectors >> 16) & 0xff;
1272 outbuf[2] = (nb_sectors >> 8) & 0xff;
1273 outbuf[3] = nb_sectors & 0xff;
1274 outbuf[4] = 0;
1275 outbuf[5] = 0;
69377307 1276 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1277 outbuf[7] = 0;
1278 buflen = 8;
5f71d32f 1279 break;
f3b338ef
PB		 1280 case REQUEST_SENSE:
1281 /* Just return "NO SENSE". */
1282 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1283 (req->cmd.buf[1] & 1) == 0);
1284 break;
b6c251ab
PB		 1285 case MECHANISM_STATUS:
1286 buflen = scsi_emulate_mechanism_status(s, outbuf);
1287 if (buflen < 0) {
1288 goto illegal_request;
1289 }
1290 break;
38215553 1291 case GET_CONFIGURATION:
430ee2f2 1292 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1293 if (buflen < 0) {
1294 goto illegal_request;
1295 }
1296 break;
1297 case GET_EVENT_STATUS_NOTIFICATION:
1298 buflen = scsi_get_event_status_notification(s, r, outbuf);
1299 if (buflen < 0) {
1300 goto illegal_request;
1301 }
1302 break;
1303 case READ_DVD_STRUCTURE:
1304 buflen = scsi_read_dvd_structure(s, r, outbuf);
1305 if (buflen < 0) {
1306 goto illegal_request;
1307 }
38215553 1308 break;
f6515262 1309 case SERVICE_ACTION_IN_16:
5dd90e2a 1310 /* Service Action In subcommands. */
f6515262 1311 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1312 DPRINTF("SAI READ CAPACITY(16)\n");
1313 memset(outbuf, 0, req->cmd.xfer);
44740c38 1314 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1315 if (!nb_sectors) {
9bcaf4fe
PB		 1316 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1317 return -1;
f01b5931 1318 }
7cec78b6
PB		 1319 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1320 goto illegal_request;
1321 }
69377307 1322 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1323 /* Returned value is the address of the last sector. */
1324 nb_sectors--;
1325 /* Remember the new size for read/write sanity checking. */
7877903a 1326 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1327 outbuf[0] = (nb_sectors >> 56) & 0xff;
1328 outbuf[1] = (nb_sectors >> 48) & 0xff;
1329 outbuf[2] = (nb_sectors >> 40) & 0xff;
1330 outbuf[3] = (nb_sectors >> 32) & 0xff;
1331 outbuf[4] = (nb_sectors >> 24) & 0xff;
1332 outbuf[5] = (nb_sectors >> 16) & 0xff;
1333 outbuf[6] = (nb_sectors >> 8) & 0xff;
1334 outbuf[7] = nb_sectors & 0xff;
1335 outbuf[8] = 0;
1336 outbuf[9] = 0;
69377307 1337 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1338 outbuf[11] = 0;
ee3659e3
CH		 1339 outbuf[12] = 0;
1340 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1341
1342 /* set TPE bit if the format supports discard */
1343 if (s->qdev.conf.discard_granularity) {
1344 outbuf[14] = 0x80;
1345 }
1346
5dd90e2a
GH		 1347 /* Protection, exponent and lowest lba field left blank. */
1348 buflen = req->cmd.xfer;
1349 break;
1350 }
1351 DPRINTF("Unsupported Service Action In\n");
1352 goto illegal_request;
5e30a07d 1353 case VERIFY_10:
88f8a5ed 1354 break;
aa5dbdc1 1355 default:
b45ef674 1356 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1357 return -1;
aa5dbdc1 1358 }
e2f0c49f 1359 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1360 return buflen;
1361
aa5dbdc1 1362illegal_request:
cfc606da
PB		 1363 if (r->req.status == -1) {
1364 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1365 }
8af7a3ab 1366 return -1;
aa5dbdc1
GH		 1367}
1368
2e5d83bb
PB		 1369/* Execute a scsi command. Returns the length of the data expected by the
1370 command. This will be Positive for data transfers from the device
1371 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1372 and zero if the command does not transfer any data. */
1373
5c6c0e51 1374static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1375{
5c6c0e51
HR		 1376 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1377 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1378 int32_t len;
a917d384 1379 uint8_t command;
aa5dbdc1 1380 int rc;
a917d384
PB		 1381
1382 command = buf[0];
653c1c3f 1383 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1384
2e5d83bb
PB		 1385#ifdef DEBUG_SCSI
1386 {
1387 int i;
2dd791b6 1388 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1389 printf(" 0x%02x", buf[i]);
1390 }
1391 printf("\n");
1392 }
1393#endif
aa5dbdc1 1394
9bcaf4fe
PB		 1395 switch (command) {
1396 case INQUIRY:
1397 case MODE_SENSE:
1398 case MODE_SENSE_10:
1399 case RESERVE:
1400 case RESERVE_10:
1401 case RELEASE:
1402 case RELEASE_10:
1403 case START_STOP:
1404 case ALLOW_MEDIUM_REMOVAL:
1405 case GET_CONFIGURATION:
1406 case GET_EVENT_STATUS_NOTIFICATION:
1407 case MECHANISM_STATUS:
1408 case REQUEST_SENSE:
1409 break;
1410
1411 default:
1412 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1413 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1414 return 0;
1415 }
1416 break;
1417 }
1418
a917d384 1419 switch (command) {
ebf46023 1420 case TEST_UNIT_READY:
0b06c059 1421 case INQUIRY:
ebddfcbe
GH		 1422 case MODE_SENSE:
1423 case MODE_SENSE_10:
3d53ba18
GH		 1424 case RESERVE:
1425 case RESERVE_10:
1426 case RELEASE:
1427 case RELEASE_10:
8d3628ff 1428 case START_STOP:
c68b9f34 1429 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1430 case READ_CAPACITY_10:
02880f43 1431 case READ_TOC:
b6c251ab 1432 case READ_DVD_STRUCTURE:
38215553 1433 case GET_CONFIGURATION:
b6c251ab
PB		 1434 case GET_EVENT_STATUS_NOTIFICATION:
1435 case MECHANISM_STATUS:
f6515262 1436 case SERVICE_ACTION_IN_16:
f3b338ef 1437 case REQUEST_SENSE:
5e30a07d 1438 case VERIFY_10:
7285477a 1439 rc = scsi_disk_emulate_command(r);
8af7a3ab 1440 if (rc < 0) {
0b06c059 1441 return 0;
aa5dbdc1 1442 }
8af7a3ab
KW		 1443
1444 r->iov.iov_len = rc;
0b06c059 1445 break;
0a4ac106 1446 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1447 /* The request is used as the AIO opaque value, so add a ref. */
1448 scsi_req_ref(&r->req);
44740c38
PB		 1449 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1450 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1451 return 0;
ebf46023
GH		 1452 case READ_6:
1453 case READ_10:
bd536cf3
GH		 1454 case READ_12:
1455 case READ_16:
5c6c0e51 1456 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1457 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1458 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1459 goto illegal_lba;
f01b5931 1460 }
69377307
PB		 1461 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1462 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1463 break;
ebf46023
GH		 1464 case WRITE_6:
1465 case WRITE_10:
bd536cf3
GH		 1466 case WRITE_12:
1467 case WRITE_16:
5e30a07d 1468 case WRITE_VERIFY_10:
ebef0bbb
BK		 1469 case WRITE_VERIFY_12:
1470 case WRITE_VERIFY_16:
5c6c0e51 1471 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1472 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1473 (command & 0xe) == 0xe ? "And Verify " : "",
1474 r->req.cmd.lba, len);
7877903a 1475 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1476 goto illegal_lba;
f01b5931 1477 }
69377307
PB		 1478 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1479 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1480 break;
ebef0bbb 1481 case MODE_SELECT:
2dd791b6 1482 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1483 /* We don't support mode parameter changes.
1484 Allow the mode parameter header + block descriptors only. */
2dd791b6 1485 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1486 goto fail;
1487 }
1488 break;
1489 case MODE_SELECT_10:
2dd791b6 1490 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1491 /* We don't support mode parameter changes.
1492 Allow the mode parameter header + block descriptors only. */
2dd791b6 1493 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1494 goto fail;
1495 }
1496 break;
ebef0bbb 1497 case SEEK_10:
00a01ad4 1498 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1499 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1500 goto illegal_lba;
1501 }
ea3bd56f
CH		 1502 break;
1503 case WRITE_SAME_16:
5c6c0e51 1504 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1505
1506 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1507 r->req.cmd.lba, len);
1508
7877903a 1509 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1510 goto illegal_lba;
1511 }
1512
1513 /*
1514 * We only support WRITE SAME with the unmap bit set for now.
1515 */
1516 if (!(buf[1] & 0x8)) {
1517 goto fail;
1518 }
1519
69377307
PB		 1520 rc = bdrv_discard(s->qdev.conf.bs,
1521 r->req.cmd.lba * (s->qdev.blocksize / 512),
1522 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1523 if (rc < 0) {
1524 /* XXX: better error code ?*/
1525 goto fail;
1526 }
1527
ebef0bbb 1528 break;
2e5d83bb 1529 default:
2dd791b6 1530 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1531 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1532 return 0;
2e5d83bb 1533 fail:
b45ef674 1534 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1535 return 0;
274fb0e1 1536 illegal_lba:
b45ef674 1537 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1538 return 0;
2e5d83bb 1539 }
c87c0672 1540 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1541 scsi_req_complete(&r->req, GOOD);
a917d384 1542 }
c87c0672 1543 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1544 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1545 return -len;
a917d384 1546 } else {
f01b5931 1547 if (!r->sector_count) {
a917d384 1548 r->sector_count = -1;
f01b5931 1549 }
efb9ee02 1550 return len;
2e5d83bb 1551 }
2e5d83bb
PB		 1552}
1553
e9447f35
JK		 1554static void scsi_disk_reset(DeviceState *dev)
1555{
1556 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1557 uint64_t nb_sectors;
1558
c7b48872 1559 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1560
44740c38 1561 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1562 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1563 if (nb_sectors) {
1564 nb_sectors--;
1565 }
7877903a 1566 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1567}
1568
1569static void scsi_destroy(SCSIDevice *dev)
1570{
1571 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1572
c7b48872 1573 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1574 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1575}
1576
7d4b4ba5 1577static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1578{
8a9c16f6
PB		 1579 SCSIDiskState *s = opaque;
1580
1581 /*
1582 * When a CD gets changed, we have to report an ejected state and
1583 * then a loaded state to guests so that they detect tray
1584 * open/close and media change events. Guests that do not use
1585 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1586 * states rely on this behavior.
1587 *
1588 * media_changed governs the state machine used for unit attention
1589 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1590 */
1591 s->media_changed = load;
1592 s->tray_open = !load;
1593 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1594 s->media_event = true;
4480de19
PB		 1595 s->eject_request = false;
1596}
1597
1598static void scsi_cd_eject_request_cb(void *opaque, bool force)
1599{
1600 SCSIDiskState *s = opaque;
1601
1602 s->eject_request = true;
1603 if (force) {
1604 s->tray_locked = false;
1605 }
2c6942fa
MA		 1606}
1607
e4def80b
MA		 1608static bool scsi_cd_is_tray_open(void *opaque)
1609{
1610 return ((SCSIDiskState *)opaque)->tray_open;
1611}
1612
f107639a
MA		 1613static bool scsi_cd_is_medium_locked(void *opaque)
1614{
1615 return ((SCSIDiskState *)opaque)->tray_locked;
1616}
1617
1618static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1619 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1620 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1621 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1622 .is_medium_locked = scsi_cd_is_medium_locked,
1623};
1624
8a9c16f6
PB		 1625static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1626{
1627 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1628 if (s->media_changed) {
1629 s->media_changed = false;
1630 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1631 }
1632}
1633
e39be482 1634static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1635{
d52affa7 1636 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1637 DriveInfo *dinfo;
2e5d83bb 1638
f8b6cc00 1639 if (!s->qdev.conf.bs) {
6a84cb1f 1640 error_report("drive property not set");
d52affa7
GH		 1641 return -1;
1642 }
1643
e39be482 1644 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1645 error_report("Device needs media, but drive is empty");
1646 return -1;
1647 }
1648
a0fef654 1649 if (!s->serial) {
f8b6cc00 1650 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1651 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1652 if (*dinfo->serial) {
7267c094 1653 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1654 }
a0fef654
MA		 1655 }
1656
552fee93 1657 if (!s->version) {
7267c094 1658 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1659 }
1660
44740c38 1661 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1662 error_report("unwanted /dev/sg*");
32bb404a
MA		 1663 return -1;
1664 }
1665
e39be482 1666 if (s->removable) {
44740c38 1667 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1668 }
44740c38 1669 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1670
44740c38 1671 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1672 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1673 return 0;
1674}
1675
b443ae67
MA		 1676static int scsi_hd_initfn(SCSIDevice *dev)
1677{
e39be482
PB		 1678 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1679 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1680 s->qdev.type = TYPE_DISK;
1681 return scsi_initfn(&s->qdev);
b443ae67
MA		 1682}
1683
1684static int scsi_cd_initfn(SCSIDevice *dev)
1685{
e39be482
PB		 1686 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1687 s->qdev.blocksize = 2048;
1688 s->qdev.type = TYPE_ROM;
1689 s->removable = true;
1690 return scsi_initfn(&s->qdev);
b443ae67
MA		 1691}
1692
1693static int scsi_disk_initfn(SCSIDevice *dev)
1694{
95b5edcd 1695 DriveInfo *dinfo;
b443ae67
MA		 1696
1697 if (!dev->conf.bs) {
e39be482 1698 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1699 }
1700
e39be482
PB		 1701 dinfo = drive_get_by_blockdev(dev->conf.bs);
1702 if (dinfo->media_cd) {
1703 return scsi_cd_initfn(dev);
1704 } else {
1705 return scsi_hd_initfn(dev);
1706 }
b443ae67
MA		 1707}
1708
adcf2754 1709static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1710 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1711 .free_req = scsi_free_request,
1712 .send_command = scsi_send_command,
1713 .read_data = scsi_read_data,
1714 .write_data = scsi_write_data,
1715 .cancel_io = scsi_cancel_io,
1716 .get_buf = scsi_get_buf,
43b978b9
PB		 1717 .load_request = scsi_disk_load_request,
1718 .save_request = scsi_disk_save_request,
8dbd4574
PB		 1719};
1720
63db0f0e
PB		 1721static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1722 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1723{
1724 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1725 SCSIRequest *req;
8dbd4574
PB		 1726
1727 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1728 return req;
1729}
1730
336a6915
PB		 1731#ifdef __linux__
1732static int get_device_type(SCSIDiskState *s)
1733{
1734 BlockDriverState *bdrv = s->qdev.conf.bs;
1735 uint8_t cmd[16];
1736 uint8_t buf[36];
1737 uint8_t sensebuf[8];
1738 sg_io_hdr_t io_header;
1739 int ret;
1740
1741 memset(cmd, 0, sizeof(cmd));
1742 memset(buf, 0, sizeof(buf));
1743 cmd[0] = INQUIRY;
1744 cmd[4] = sizeof(buf);
1745
1746 memset(&io_header, 0, sizeof(io_header));
1747 io_header.interface_id = 'S';
1748 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1749 io_header.dxfer_len = sizeof(buf);
1750 io_header.dxferp = buf;
1751 io_header.cmdp = cmd;
1752 io_header.cmd_len = sizeof(cmd);
1753 io_header.mx_sb_len = sizeof(sensebuf);
1754 io_header.sbp = sensebuf;
1755 io_header.timeout = 6000; /* XXX */
1756
1757 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1758 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1759 return -1;
1760 }
1761 s->qdev.type = buf[0];
1762 s->removable = (buf[1] & 0x80) != 0;
1763 return 0;
1764}
1765
1766static int scsi_block_initfn(SCSIDevice *dev)
1767{
1768 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1769 int sg_version;
1770 int rc;
1771
1772 if (!s->qdev.conf.bs) {
1773 error_report("scsi-block: drive property not set");
1774 return -1;
1775 }
1776
1777 /* check we are using a driver managing SG_IO (version 3 and after) */
1778 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1779 sg_version < 30000) {
1780 error_report("scsi-block: scsi generic interface too old");
1781 return -1;
1782 }
1783
1784 /* get device type from INQUIRY data */
1785 rc = get_device_type(s);
1786 if (rc < 0) {
1787 error_report("scsi-block: INQUIRY failed");
1788 return -1;
1789 }
1790
1791 /* Make a guess for the block size, we'll fix it when the guest sends.
1792 * READ CAPACITY. If they don't, they likely would assume these sizes
1793 * anyway. (TODO: check in /sys).
1794 */
1795 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1796 s->qdev.blocksize = 2048;
1797 } else {
1798 s->qdev.blocksize = 512;
1799 }
1800 return scsi_initfn(&s->qdev);
1801}
1802
1803static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1804 uint32_t lun, uint8_t *buf,
1805 void *hba_private)
1806{
1807 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1808
1809 switch (buf[0]) {
1810 case READ_6:
1811 case READ_10:
1812 case READ_12:
1813 case READ_16:
1814 case WRITE_6:
1815 case WRITE_10:
1816 case WRITE_12:
1817 case WRITE_16:
1818 case WRITE_VERIFY_10:
1819 case WRITE_VERIFY_12:
1820 case WRITE_VERIFY_16:
eaccf49e
PB		 1821 /* If we are not using O_DIRECT, we might read stale data from the
1822 * host cache if writes were made using other commands than these
1823 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1824 * O_DIRECT everything must go through SG_IO.
1825 */
1826 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1827 break;
1828 }
1829
33ebad12
PB		 1830 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1831 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1832 * And once you do these writes, reading from the block device is
1833 * unreliable, too. It is even possible that reads deliver random data
1834 * from the host page cache (this is probably a Linux bug).
1835 *
1836 * We might use scsi_disk_reqops as long as no writing commands are
1837 * seen, but performance usually isn't paramount on optical media. So,
1838 * just make scsi-block operate the same as scsi-generic for them.
1839 */
eaccf49e
PB		 1840 if (s->qdev.type == TYPE_ROM) {
1841 break;
1842 }
1843 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1844 hba_private);
336a6915
PB		 1845 }
1846
1847 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1848 hba_private);
1849}
1850#endif
1851
b443ae67
MA		 1852#define DEFINE_SCSI_DISK_PROPERTIES() \
1853 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1854 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1855 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1856
39bffca2
AL		 1857static Property scsi_hd_properties[] = {
1858 DEFINE_SCSI_DISK_PROPERTIES(),
1859 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1860 DEFINE_PROP_END_OF_LIST(),
1861};
1862
43b978b9
PB		 1863static const VMStateDescription vmstate_scsi_disk_state = {
1864 .name = "scsi-disk",
1865 .version_id = 1,
1866 .minimum_version_id = 1,
1867 .minimum_version_id_old = 1,
1868 .fields = (VMStateField[]) {
1869 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1870 VMSTATE_BOOL(media_changed, SCSIDiskState),
1871 VMSTATE_BOOL(media_event, SCSIDiskState),
1872 VMSTATE_BOOL(eject_request, SCSIDiskState),
1873 VMSTATE_BOOL(tray_open, SCSIDiskState),
1874 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1875 VMSTATE_END_OF_LIST()
1876 }
1877};
1878
b9eea3e6
AL		 1879static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1880{
39bffca2 1881 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1882 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1883
1884 sc->init = scsi_hd_initfn;
1885 sc->destroy = scsi_destroy;
1886 sc->alloc_req = scsi_new_request;
1887 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1888 dc->fw_name = "disk";
1889 dc->desc = "virtual SCSI disk";
1890 dc->reset = scsi_disk_reset;
1891 dc->props = scsi_hd_properties;
43b978b9 1892 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1893}
1894
39bffca2
AL		 1895static TypeInfo scsi_hd_info = {
1896 .name = "scsi-hd",
1897 .parent = TYPE_SCSI_DEVICE,
1898 .instance_size = sizeof(SCSIDiskState),
1899 .class_init = scsi_hd_class_initfn,
1900};
1901
1902static Property scsi_cd_properties[] = {
1903 DEFINE_SCSI_DISK_PROPERTIES(),
1904 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1905};
1906
1907static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1908{
39bffca2 1909 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1910 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1911
1912 sc->init = scsi_cd_initfn;
1913 sc->destroy = scsi_destroy;
1914 sc->alloc_req = scsi_new_request;
1915 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1916 dc->fw_name = "disk";
1917 dc->desc = "virtual SCSI CD-ROM";
1918 dc->reset = scsi_disk_reset;
1919 dc->props = scsi_cd_properties;
43b978b9 1920 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1921}
1922
39bffca2
AL		 1923static TypeInfo scsi_cd_info = {
1924 .name = "scsi-cd",
1925 .parent = TYPE_SCSI_DEVICE,
1926 .instance_size = sizeof(SCSIDiskState),
1927 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1928};
1929
336a6915 1930#ifdef __linux__
39bffca2
AL		 1931static Property scsi_block_properties[] = {
1932 DEFINE_SCSI_DISK_PROPERTIES(),
1933 DEFINE_PROP_END_OF_LIST(),
1934};
1935
b9eea3e6
AL		 1936static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1937{
39bffca2 1938 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1939 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1940
1941 sc->init = scsi_block_initfn;
1942 sc->destroy = scsi_destroy;
1943 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 1944 dc->fw_name = "disk";
1945 dc->desc = "SCSI block device passthrough";
1946 dc->reset = scsi_disk_reset;
1947 dc->props = scsi_block_properties;
43b978b9 1948 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1949}
1950
39bffca2
AL		 1951static TypeInfo scsi_block_info = {
1952 .name = "scsi-block",
1953 .parent = TYPE_SCSI_DEVICE,
1954 .instance_size = sizeof(SCSIDiskState),
1955 .class_init = scsi_block_class_initfn,
b9eea3e6 1956};
336a6915 1957#endif
b9eea3e6 1958
39bffca2
AL		 1959static Property scsi_disk_properties[] = {
1960 DEFINE_SCSI_DISK_PROPERTIES(),
1961 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1962 DEFINE_PROP_END_OF_LIST(),
1963};
1964
b9eea3e6
AL		 1965static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1966{
39bffca2 1967 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1968 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1969
1970 sc->init = scsi_disk_initfn;
1971 sc->destroy = scsi_destroy;
1972 sc->alloc_req = scsi_new_request;
1973 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1974 dc->fw_name = "disk";
1975 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1976 dc->reset = scsi_disk_reset;
1977 dc->props = scsi_disk_properties;
43b978b9 1978 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1979}
1980
39bffca2
AL		 1981static TypeInfo scsi_disk_info = {
1982 .name = "scsi-disk",
1983 .parent = TYPE_SCSI_DEVICE,
1984 .instance_size = sizeof(SCSIDiskState),
1985 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 1986};
1987
83f7d43a 1988static void scsi_disk_register_types(void)
d52affa7 1989{
39bffca2
AL		 1990 type_register_static(&scsi_hd_info);
1991 type_register_static(&scsi_cd_info);
b9eea3e6 1992#ifdef __linux__
39bffca2 1993 type_register_static(&scsi_block_info);
b9eea3e6 1994#endif
39bffca2 1995 type_register_static(&scsi_disk_info);
8ccc2ace 1996}
83f7d43a
AF		 1997
1998type_init(scsi_disk_register_types)
Qemu copy for testing