]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi: introduce scsi_req_cancel
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb
PB		 14 *
15 * This code is licenced under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
5dba48a8
KW		 44#define SCSI_REQ_STATUS_RETRY 0x01
45#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46#define SCSI_REQ_STATUS_RETRY_READ 0x00
47#define SCSI_REQ_STATUS_RETRY_WRITE 0x02
78ced65e 48#define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
ea8a5d7f 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
a6d96eb7
HR		 52typedef struct SCSISense {
53 uint8_t key;
54} SCSISense;
55
4c41d2ef
GH		 56typedef struct SCSIDiskReq {
57 SCSIRequest req;
e035b43d 58 /* ??? We should probably keep track of whether the data transfer is
2e5d83bb 59 a read or a write. Currently we rely on the host getting it right. */
a917d384 60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 61 uint64_t sector;
62 uint32_t sector_count;
c87c0672
AL		 63 struct iovec iov;
64 QEMUIOVector qiov;
ea8a5d7f 65 uint32_t status;
4c41d2ef 66} SCSIDiskReq;
a917d384 67
b443ae67
MA		 68typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
69
d52affa7 70struct SCSIDiskState
a917d384 71{
d52affa7 72 SCSIDevice qdev;
428c149b 73 BlockDriverState *bs;
a917d384
PB		 74 /* The qemu block layer uses a fixed 512 byte sector size.
75 This is the number of 512 byte blocks in a single scsi sector. */
76 int cluster_size;
419e691f 77 uint32_t removable;
274fb0e1 78 uint64_t max_lba;
213189ab 79 QEMUBH *bh;
383b4d9b 80 char *version;
a0fef654 81 char *serial;
a6d96eb7 82 SCSISense sense;
b443ae67 83 SCSIDriveKind drive_kind;
2e5d83bb
PB		 84};
85
5dba48a8 86static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78ced65e 87static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
5dba48a8 88
5c6c0e51 89static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
72aef731 90 uint32_t lun)
2e5d83bb 91{
5c6c0e51 92 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
89b08ae1 93 SCSIRequest *req;
4c41d2ef 94 SCSIDiskReq *r;
a917d384 95
72aef731 96 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
89b08ae1 97 r = DO_UPCAST(SCSIDiskReq, req, req);
72aef731 98 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
5c6c0e51 99 return req;
2e5d83bb
PB		 100}
101
ad2d30f7 102static void scsi_free_request(SCSIRequest *req)
4d611c9a 103{
ad2d30f7
PB		 104 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
105
f8a83245 106 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 107}
108
a6d96eb7 109static void scsi_disk_clear_sense(SCSIDiskState *s)
ed3a34a3 110{
a6d96eb7
HR		 111 memset(&s->sense, 0, sizeof(s->sense));
112}
113
114static void scsi_disk_set_sense(SCSIDiskState *s, uint8_t key)
115{
116 s->sense.key = key;
117}
118
119static void scsi_req_set_status(SCSIDiskReq *r, int status, int sense_code)
120{
121 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
122
123 r->req.status = status;
124 scsi_disk_set_sense(s, sense_code);
ed3a34a3
GH		 125}
126
a917d384 127/* Helper function for command completion. */
4c41d2ef 128static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
a917d384 129{
4c41d2ef
GH		 130 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
131 r->req.tag, status, sense);
a6d96eb7 132 scsi_req_set_status(r, status, sense);
ed3a34a3 133 scsi_req_complete(&r->req);
4d611c9a
PB		 134}
135
136/* Cancel a pending data transfer. */
5c6c0e51 137static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 138{
5c6c0e51
HR		 139 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
140
141 DPRINTF("Cancel tag=0x%x\n", req->tag);
142 if (r->req.aiocb) {
143 bdrv_aio_cancel(r->req.aiocb);
a917d384 144 }
5c6c0e51 145 r->req.aiocb = NULL;
a917d384
PB		 146}
147
148static void scsi_read_complete(void * opaque, int ret)
149{
4c41d2ef 150 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5dba48a8 151 int n;
a917d384 152
3e94cb02
JK		 153 r->req.aiocb = NULL;
154
a917d384 155 if (ret) {
5dba48a8
KW		 156 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
157 return;
158 }
4d611c9a 159 }
5dba48a8 160
aa2b1e89 161 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 162
5dba48a8
KW		 163 n = r->iov.iov_len / 512;
164 r->sector += n;
165 r->sector_count -= n;
ab9adc88 166 scsi_req_data(&r->req, r->iov.iov_len);
4d611c9a
PB		 167}
168
5dba48a8 169
5c6c0e51
HR		 170/* Read more data from scsi device into buffer. */
171static void scsi_read_data(SCSIRequest *req)
2e5d83bb 172{
5c6c0e51 173 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 175 uint32_t n;
176
a917d384 177 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 178 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 179 r->sector_count = 0;
ab9adc88 180 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 181 return;
2e5d83bb 182 }
a917d384
PB		 183 DPRINTF("Read sector_count=%d\n", r->sector_count);
184 if (r->sector_count == 0) {
0d65e1f8 185 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 186 return;
2e5d83bb
PB		 187 }
188
6fa2c95f
SH		 189 /* No data transfer may already be in progress */
190 assert(r->req.aiocb == NULL);
191
a917d384
PB		 192 n = r->sector_count;
193 if (n > SCSI_DMA_BUF_SIZE / 512)
194 n = SCSI_DMA_BUF_SIZE / 512;
195
c87c0672
AL		 196 r->iov.iov_len = n * 512;
197 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 198 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 199 scsi_read_complete, r);
d33ea50a
KW		 200 if (r->req.aiocb == NULL) {
201 scsi_read_complete(r, -EIO);
202 }
2e5d83bb
PB		 203}
204
5dba48a8
KW		 205static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
206{
207 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
4c41d2ef 208 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 209 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
ea8a5d7f 210
380f640f 211 if (action == BLOCK_ERR_IGNORE) {
5dba48a8 212 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 213 return 0;
380f640f 214 }
ea8a5d7f
AL		 215
216 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
217 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8
KW		 218
219 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
220 r->status |= SCSI_REQ_STATUS_RETRY | type;
221
222 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
e07bbac5 223 vm_stop(VMSTOP_DISKFULL);
ea8a5d7f 224 } else {
5dba48a8 225 if (type == SCSI_REQ_STATUS_RETRY_READ) {
ab9adc88 226 scsi_req_data(&r->req, 0);
5dba48a8 227 }
0d65e1f8
GH		 228 scsi_command_complete(r, CHECK_CONDITION,
229 HARDWARE_ERROR);
5dba48a8 230 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f
AL		 231 }
232
233 return 1;
234}
235
4d611c9a
PB		 236static void scsi_write_complete(void * opaque, int ret)
237{
4c41d2ef 238 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 239 uint32_t len;
ea8a5d7f
AL		 240 uint32_t n;
241
4c41d2ef 242 r->req.aiocb = NULL;
4d611c9a
PB		 243
244 if (ret) {
5dba48a8 245 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
ea8a5d7f 246 return;
5dba48a8 247 }
4d611c9a
PB		 248 }
249
c87c0672 250 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 251 r->sector += n;
252 r->sector_count -= n;
a917d384 253 if (r->sector_count == 0) {
0d65e1f8 254 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384
PB		 255 } else {
256 len = r->sector_count * 512;
257 if (len > SCSI_DMA_BUF_SIZE) {
258 len = SCSI_DMA_BUF_SIZE;
259 }
c87c0672 260 r->iov.iov_len = len;
4c41d2ef 261 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
ab9adc88 262 scsi_req_data(&r->req, len);
4d611c9a 263 }
4d611c9a
PB		 264}
265
5c6c0e51 266static int scsi_write_data(SCSIRequest *req)
ea8a5d7f 267{
5c6c0e51 268 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 270 uint32_t n;
271
6fa2c95f
SH		 272 /* No data transfer may already be in progress */
273 assert(r->req.aiocb == NULL);
274
c87c0672 275 n = r->iov.iov_len / 512;
ea8a5d7f 276 if (n) {
c87c0672 277 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 278 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 279 scsi_write_complete, r);
d33ea50a
KW		 280 if (r->req.aiocb == NULL) {
281 scsi_write_complete(r, -EIO);
282 }
ea8a5d7f
AL		 283 } else {
284 /* Invoke completion routine to fetch data from host. */
285 scsi_write_complete(r, 0);
286 }
2e5d83bb 287
a917d384
PB		 288 return 0;
289}
2e5d83bb 290
213189ab 291static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 292{
d52affa7 293 SCSIDiskState *s = opaque;
9af99d98
GH		 294 SCSIRequest *req;
295 SCSIDiskReq *r;
213189ab
MA		 296
297 qemu_bh_delete(s->bh);
298 s->bh = NULL;
ea8a5d7f 299
9af99d98
GH		 300 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
301 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f 302 if (r->status & SCSI_REQ_STATUS_RETRY) {
5dba48a8 303 int status = r->status;
78ced65e
KW		 304 int ret;
305
5dba48a8
KW		 306 r->status &=
307 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
308
309 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
310 case SCSI_REQ_STATUS_RETRY_READ:
5c6c0e51 311 scsi_read_data(&r->req);
5dba48a8
KW		 312 break;
313 case SCSI_REQ_STATUS_RETRY_WRITE:
5c6c0e51 314 scsi_write_data(&r->req);
5dba48a8 315 break;
78ced65e
KW		 316 case SCSI_REQ_STATUS_RETRY_FLUSH:
317 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
318 if (ret == 0) {
319 scsi_command_complete(r, GOOD, NO_SENSE);
320 }
5dba48a8 321 }
ea8a5d7f 322 }
ea8a5d7f
AL		 323 }
324}
325
213189ab
MA		 326static void scsi_dma_restart_cb(void *opaque, int running, int reason)
327{
d52affa7 328 SCSIDiskState *s = opaque;
213189ab
MA		 329
330 if (!running)
331 return;
332
333 if (!s->bh) {
334 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
335 qemu_bh_schedule(s->bh);
336 }
337}
338
a917d384 339/* Return a pointer to the data buffer. */
5c6c0e51 340static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 341{
5c6c0e51 342 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 343
3f4cb3d3 344 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 345}
346
0b06c059
GH		 347static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
348{
383b4d9b 349 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 350 int buflen = 0;
351
352 if (req->cmd.buf[1] & 0x2) {
353 /* Command support data - optional, not implemented */
354 BADF("optional INQUIRY command support request not implemented\n");
355 return -1;
356 }
357
358 if (req->cmd.buf[1] & 0x1) {
359 /* Vital product data */
360 uint8_t page_code = req->cmd.buf[2];
361 if (req->cmd.xfer < 4) {
362 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
363 "less than 4\n", page_code, req->cmd.xfer);
364 return -1;
365 }
366
b443ae67 367 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 368 outbuf[buflen++] = 5;
369 } else {
370 outbuf[buflen++] = 0;
371 }
372 outbuf[buflen++] = page_code ; // this page
373 outbuf[buflen++] = 0x00;
374
375 switch (page_code) {
376 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 377 {
378 int pages;
0b06c059
GH		 379 DPRINTF("Inquiry EVPD[Supported pages] "
380 "buffer size %zd\n", req->cmd.xfer);
39d98982 381 pages = buflen++;
0b06c059
GH		 382 outbuf[buflen++] = 0x00; // list of supported pages (this page)
383 outbuf[buflen++] = 0x80; // unit serial number
384 outbuf[buflen++] = 0x83; // device identification
b443ae67 385 if (s->drive_kind == SCSI_HD) {
ea3bd56f
CH		 386 outbuf[buflen++] = 0xb0; // block limits
387 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 388 }
389 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 390 break;
39d98982 391 }
0b06c059
GH		 392 case 0x80: /* Device serial number, optional */
393 {
a0fef654 394 int l = strlen(s->serial);
0b06c059
GH		 395
396 if (l > req->cmd.xfer)
397 l = req->cmd.xfer;
398 if (l > 20)
399 l = 20;
400
401 DPRINTF("Inquiry EVPD[Serial number] "
402 "buffer size %zd\n", req->cmd.xfer);
403 outbuf[buflen++] = l;
a0fef654 404 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 405 buflen += l;
406 break;
407 }
408
409 case 0x83: /* Device identification page, mandatory */
410 {
411 int max_len = 255 - 8;
428c149b 412 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 413
414 if (id_len > max_len)
415 id_len = max_len;
416 DPRINTF("Inquiry EVPD[Device identification] "
417 "buffer size %zd\n", req->cmd.xfer);
418
39d98982 419 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 420 outbuf[buflen++] = 0x2; // ASCII
421 outbuf[buflen++] = 0; // not officially assigned
422 outbuf[buflen++] = 0; // reserved
423 outbuf[buflen++] = id_len; // length of data following
424
428c149b 425 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 426 buflen += id_len;
427 break;
428 }
ea3bd56f 429 case 0xb0: /* block limits */
ee3659e3 430 {
ea3bd56f
CH		 431 unsigned int unmap_sectors =
432 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 433 unsigned int min_io_size =
434 s->qdev.conf.min_io_size / s->qdev.blocksize;
435 unsigned int opt_io_size =
436 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 437
b443ae67 438 if (s->drive_kind == SCSI_CD) {
39d98982
HR		 439 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
440 page_code);
441 return -1;
442 }
ee3659e3
CH		 443 /* required VPD size with unmap support */
444 outbuf[3] = buflen = 0x3c;
445
446 memset(outbuf + 4, 0, buflen - 4);
447
448 /* optimal transfer length granularity */
449 outbuf[6] = (min_io_size >> 8) & 0xff;
450 outbuf[7] = min_io_size & 0xff;
451
452 /* optimal transfer length */
453 outbuf[12] = (opt_io_size >> 24) & 0xff;
454 outbuf[13] = (opt_io_size >> 16) & 0xff;
455 outbuf[14] = (opt_io_size >> 8) & 0xff;
456 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 457
458 /* optimal unmap granularity */
459 outbuf[28] = (unmap_sectors >> 24) & 0xff;
460 outbuf[29] = (unmap_sectors >> 16) & 0xff;
461 outbuf[30] = (unmap_sectors >> 8) & 0xff;
462 outbuf[31] = unmap_sectors & 0xff;
463 break;
464 }
465 case 0xb2: /* thin provisioning */
466 {
467 outbuf[3] = buflen = 8;
468 outbuf[4] = 0;
469 outbuf[5] = 0x40; /* write same with unmap supported */
470 outbuf[6] = 0;
471 outbuf[7] = 0;
ee3659e3
CH		 472 break;
473 }
0b06c059
GH		 474 default:
475 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
476 "buffer size %zd\n", page_code, req->cmd.xfer);
477 return -1;
478 }
479 /* done with EVPD */
480 return buflen;
481 }
482
483 /* Standard INQUIRY data */
484 if (req->cmd.buf[2] != 0) {
485 BADF("Error: Inquiry (STANDARD) page or code "
486 "is non-zero [%02X]\n", req->cmd.buf[2]);
487 return -1;
488 }
489
490 /* PAGE CODE == 0 */
491 if (req->cmd.xfer < 5) {
492 BADF("Error: Inquiry (STANDARD) buffer size %zd "
493 "is less than 5\n", req->cmd.xfer);
494 return -1;
495 }
496
0b06c059
GH		 497 buflen = req->cmd.xfer;
498 if (buflen > SCSI_MAX_INQUIRY_LEN)
499 buflen = SCSI_MAX_INQUIRY_LEN;
500
501 memset(outbuf, 0, buflen);
502
503 if (req->lun || req->cmd.buf[1] >> 5) {
504 outbuf[0] = 0x7f; /* LUN not supported */
505 return buflen;
506 }
507
b443ae67 508 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 509 outbuf[0] = 5;
510 outbuf[1] = 0x80;
550fe6c6 511 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059
GH		 512 } else {
513 outbuf[0] = 0;
419e691f 514 outbuf[1] = s->removable ? 0x80 : 0;
550fe6c6 515 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 516 }
550fe6c6 517 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 518 memset(&outbuf[32], 0, 4);
552fee93 519 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 520 /*
521 * We claim conformance to SPC-3, which is required for guests
522 * to ask for modern features like READ CAPACITY(16) or the
523 * block characteristics VPD page by default. Not all of SPC-3
524 * is actually implemented, but we're good enough.
525 */
ee3659e3 526 outbuf[2] = 5;
0b06c059 527 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 528
529 if (buflen > 36) {
530 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
531 } else {
532 /* If the allocation length of CDB is too small,
533 the additional length is not adjusted */
534 outbuf[4] = 36 - 5;
535 }
536
0b06c059
GH		 537 /* Sync data transfer and TCQ. */
538 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
539 return buflen;
540}
541
282ab04e
BK		 542static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
543 int page_control)
ebddfcbe
GH		 544{
545 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
428c149b 546 BlockDriverState *bdrv = s->bs;
ebddfcbe
GH		 547 int cylinders, heads, secs;
548
282ab04e
BK		 549 /*
550 * If Changeable Values are requested, a mask denoting those mode parameters
551 * that are changeable shall be returned. As we currently don't support
552 * parameter changes via MODE_SELECT all bits are returned set to zero.
553 * The buffer was already menset to zero by the caller of this function.
554 */
ebddfcbe
GH		 555 switch (page) {
556 case 4: /* Rigid disk device geometry page. */
557 p[0] = 4;
558 p[1] = 0x16;
282ab04e
BK		 559 if (page_control == 1) { /* Changeable Values */
560 return p[1] + 2;
561 }
ebddfcbe
GH		 562 /* if a geometry hint is available, use it */
563 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
564 p[2] = (cylinders >> 16) & 0xff;
565 p[3] = (cylinders >> 8) & 0xff;
566 p[4] = cylinders & 0xff;
567 p[5] = heads & 0xff;
568 /* Write precomp start cylinder, disabled */
569 p[6] = (cylinders >> 16) & 0xff;
570 p[7] = (cylinders >> 8) & 0xff;
571 p[8] = cylinders & 0xff;
572 /* Reduced current start cylinder, disabled */
573 p[9] = (cylinders >> 16) & 0xff;
574 p[10] = (cylinders >> 8) & 0xff;
575 p[11] = cylinders & 0xff;
576 /* Device step rate [ns], 200ns */
577 p[12] = 0;
578 p[13] = 200;
579 /* Landing zone cylinder */
580 p[14] = 0xff;
581 p[15] = 0xff;
582 p[16] = 0xff;
583 /* Medium rotation rate [rpm], 5400 rpm */
584 p[20] = (5400 >> 8) & 0xff;
585 p[21] = 5400 & 0xff;
282ab04e 586 return p[1] + 2;
ebddfcbe
GH		 587
588 case 5: /* Flexible disk device geometry page. */
589 p[0] = 5;
590 p[1] = 0x1e;
282ab04e
BK		 591 if (page_control == 1) { /* Changeable Values */
592 return p[1] + 2;
593 }
ebddfcbe
GH		 594 /* Transfer rate [kbit/s], 5Mbit/s */
595 p[2] = 5000 >> 8;
596 p[3] = 5000 & 0xff;
597 /* if a geometry hint is available, use it */
598 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
599 p[4] = heads & 0xff;
600 p[5] = secs & 0xff;
601 p[6] = s->cluster_size * 2;
602 p[8] = (cylinders >> 8) & 0xff;
603 p[9] = cylinders & 0xff;
604 /* Write precomp start cylinder, disabled */
605 p[10] = (cylinders >> 8) & 0xff;
606 p[11] = cylinders & 0xff;
607 /* Reduced current start cylinder, disabled */
608 p[12] = (cylinders >> 8) & 0xff;
609 p[13] = cylinders & 0xff;
610 /* Device step rate [100us], 100us */
611 p[14] = 0;
612 p[15] = 1;
613 /* Device step pulse width [us], 1us */
614 p[16] = 1;
615 /* Device head settle delay [100us], 100us */
616 p[17] = 0;
617 p[18] = 1;
618 /* Motor on delay [0.1s], 0.1s */
619 p[19] = 1;
620 /* Motor off delay [0.1s], 0.1s */
621 p[20] = 1;
622 /* Medium rotation rate [rpm], 5400 rpm */
623 p[28] = (5400 >> 8) & 0xff;
624 p[29] = 5400 & 0xff;
282ab04e 625 return p[1] + 2;
ebddfcbe
GH		 626
627 case 8: /* Caching page. */
628 p[0] = 8;
629 p[1] = 0x12;
282ab04e
BK		 630 if (page_control == 1) { /* Changeable Values */
631 return p[1] + 2;
632 }
428c149b 633 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 634 p[2] = 4; /* WCE */
635 }
282ab04e 636 return p[1] + 2;
ebddfcbe
GH		 637
638 case 0x2a: /* CD Capabilities and Mechanical Status page. */
b443ae67 639 if (s->drive_kind != SCSI_CD)
ebddfcbe
GH		 640 return 0;
641 p[0] = 0x2a;
642 p[1] = 0x14;
282ab04e
BK		 643 if (page_control == 1) { /* Changeable Values */
644 return p[1] + 2;
645 }
ebddfcbe
GH		 646 p[2] = 3; // CD-R & CD-RW read
647 p[3] = 0; // Writing not supported
648 p[4] = 0x7f; /* Audio, composite, digital out,
649 mode 2 form 1&2, multi session */
650 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
651 RW corrected, C2 errors, ISRC,
652 UPC, Bar code */
428c149b 653 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
ebddfcbe
GH		 654 /* Locking supported, jumper present, eject, tray */
655 p[7] = 0; /* no volume & mute control, no
656 changer */
657 p[8] = (50 * 176) >> 8; // 50x read speed
658 p[9] = (50 * 176) & 0xff;
659 p[10] = 0 >> 8; // No volume
660 p[11] = 0 & 0xff;
661 p[12] = 2048 >> 8; // 2M buffer
662 p[13] = 2048 & 0xff;
663 p[14] = (16 * 176) >> 8; // 16x read speed current
664 p[15] = (16 * 176) & 0xff;
665 p[18] = (16 * 176) >> 8; // 16x write speed
666 p[19] = (16 * 176) & 0xff;
667 p[20] = (16 * 176) >> 8; // 16x write speed current
668 p[21] = (16 * 176) & 0xff;
282ab04e 669 return p[1] + 2;
ebddfcbe
GH		 670
671 default:
672 return 0;
673 }
674}
675
676static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
677{
678 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ebddfcbe 679 uint64_t nb_sectors;
282ab04e 680 int page, dbd, buflen, page_control;
ebddfcbe 681 uint8_t *p;
ce512ee1 682 uint8_t dev_specific_param;
ebddfcbe
GH		 683
684 dbd = req->cmd.buf[1] & 0x8;
685 page = req->cmd.buf[2] & 0x3f;
282ab04e 686 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
aa2b1e89
BK		 687 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
688 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
ebddfcbe
GH		 689 memset(outbuf, 0, req->cmd.xfer);
690 p = outbuf;
691
0056dcc1 692 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 693 dev_specific_param = 0x80; /* Readonly. */
694 } else {
695 dev_specific_param = 0x00;
696 }
697
698 if (req->cmd.buf[0] == MODE_SENSE) {
699 p[1] = 0; /* Default media type. */
700 p[2] = dev_specific_param;
701 p[3] = 0; /* Block descriptor length. */
702 p += 4;
703 } else { /* MODE_SENSE_10 */
704 p[2] = 0; /* Default media type. */
705 p[3] = dev_specific_param;
706 p[6] = p[7] = 0; /* Block descriptor length. */
707 p += 8;
ebddfcbe 708 }
ebddfcbe 709
428c149b 710 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 711 if (!dbd && nb_sectors) {
ce512ee1
BK		 712 if (req->cmd.buf[0] == MODE_SENSE) {
713 outbuf[3] = 8; /* Block descriptor length */
714 } else { /* MODE_SENSE_10 */
715 outbuf[7] = 8; /* Block descriptor length */
716 }
ebddfcbe 717 nb_sectors /= s->cluster_size;
ebddfcbe 718 if (nb_sectors > 0xffffff)
2488b740 719 nb_sectors = 0;
ebddfcbe
GH		 720 p[0] = 0; /* media density code */
721 p[1] = (nb_sectors >> 16) & 0xff;
722 p[2] = (nb_sectors >> 8) & 0xff;
723 p[3] = nb_sectors & 0xff;
724 p[4] = 0; /* reserved */
725 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
726 p[6] = s->cluster_size * 2;
727 p[7] = 0;
728 p += 8;
729 }
730
282ab04e
BK		 731 if (page_control == 3) { /* Saved Values */
732 return -1; /* ILLEGAL_REQUEST */
733 }
734
ebddfcbe
GH		 735 switch (page) {
736 case 0x04:
737 case 0x05:
738 case 0x08:
739 case 0x2a:
282ab04e 740 p += mode_sense_page(req, page, p, page_control);
ebddfcbe
GH		 741 break;
742 case 0x3f:
282ab04e
BK		 743 p += mode_sense_page(req, 0x08, p, page_control);
744 p += mode_sense_page(req, 0x2a, p, page_control);
ebddfcbe 745 break;
a9c17b2b
BK		 746 default:
747 return -1; /* ILLEGAL_REQUEST */
ebddfcbe
GH		 748 }
749
750 buflen = p - outbuf;
ce512ee1
BK		 751 /*
752 * The mode data length field specifies the length in bytes of the
753 * following data that is available to be transferred. The mode data
754 * length does not include itself.
755 */
756 if (req->cmd.buf[0] == MODE_SENSE) {
757 outbuf[0] = buflen - 1;
758 } else { /* MODE_SENSE_10 */
759 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
760 outbuf[1] = (buflen - 2) & 0xff;
761 }
ebddfcbe
GH		 762 if (buflen > req->cmd.xfer)
763 buflen = req->cmd.xfer;
764 return buflen;
765}
766
02880f43
GH		 767static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
768{
769 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 770 int start_track, format, msf, toclen;
771 uint64_t nb_sectors;
772
773 msf = req->cmd.buf[1] & 2;
774 format = req->cmd.buf[2] & 0xf;
775 start_track = req->cmd.buf[6];
428c149b 776 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 777 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
778 nb_sectors /= s->cluster_size;
779 switch (format) {
780 case 0:
781 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
782 break;
783 case 1:
784 /* multi session : only a single session defined */
785 toclen = 12;
786 memset(outbuf, 0, 12);
787 outbuf[1] = 0x0a;
788 outbuf[2] = 0x01;
789 outbuf[3] = 0x01;
790 break;
791 case 2:
792 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
793 break;
794 default:
795 return -1;
796 }
797 if (toclen > req->cmd.xfer)
798 toclen = req->cmd.xfer;
799 return toclen;
800}
801
8af7a3ab 802static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
aa5dbdc1 803{
8af7a3ab 804 SCSIRequest *req = &r->req;
e7e25e32 805 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 806 uint64_t nb_sectors;
aa5dbdc1 807 int buflen = 0;
78ced65e 808 int ret;
aa5dbdc1
GH		 809
810 switch (req->cmd.buf[0]) {
811 case TEST_UNIT_READY:
428c149b 812 if (!bdrv_is_inserted(s->bs))
aa5dbdc1
GH		 813 goto not_ready;
814 break;
51ad87c9
GH		 815 case REQUEST_SENSE:
816 if (req->cmd.xfer < 4)
817 goto illegal_request;
818 memset(outbuf, 0, 4);
819 buflen = 4;
a6d96eb7 820 if (s->sense.key == NOT_READY && req->cmd.xfer >= 18) {
51ad87c9
GH		 821 memset(outbuf, 0, 18);
822 buflen = 18;
823 outbuf[7] = 10;
824 /* asc 0x3a, ascq 0: Medium not present */
825 outbuf[12] = 0x3a;
826 outbuf[13] = 0;
827 }
828 outbuf[0] = 0xf0;
829 outbuf[1] = 0;
a6d96eb7
HR		 830 outbuf[2] = s->sense.key;
831 scsi_disk_clear_sense(s);
51ad87c9 832 break;
0b06c059
GH		 833 case INQUIRY:
834 buflen = scsi_disk_emulate_inquiry(req, outbuf);
835 if (buflen < 0)
836 goto illegal_request;
837 break;
ebddfcbe
GH		 838 case MODE_SENSE:
839 case MODE_SENSE_10:
840 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
841 if (buflen < 0)
842 goto illegal_request;
843 break;
02880f43
GH		 844 case READ_TOC:
845 buflen = scsi_disk_emulate_read_toc(req, outbuf);
846 if (buflen < 0)
847 goto illegal_request;
848 break;
3d53ba18
GH		 849 case RESERVE:
850 if (req->cmd.buf[1] & 1)
851 goto illegal_request;
852 break;
853 case RESERVE_10:
854 if (req->cmd.buf[1] & 3)
855 goto illegal_request;
856 break;
857 case RELEASE:
858 if (req->cmd.buf[1] & 1)
859 goto illegal_request;
860 break;
861 case RELEASE_10:
862 if (req->cmd.buf[1] & 3)
863 goto illegal_request;
864 break;
8d3628ff 865 case START_STOP:
b443ae67 866 if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
8d3628ff 867 /* load/eject medium */
428c149b 868 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
8d3628ff
GH		 869 }
870 break;
c68b9f34 871 case ALLOW_MEDIUM_REMOVAL:
428c149b 872 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
c68b9f34 873 break;
e7e25e32
GH		 874 case READ_CAPACITY:
875 /* The normal LEN field for this command is zero. */
876 memset(outbuf, 0, 8);
428c149b 877 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 878 if (!nb_sectors)
879 goto not_ready;
880 nb_sectors /= s->cluster_size;
881 /* Returned value is the address of the last sector. */
882 nb_sectors--;
883 /* Remember the new size for read/write sanity checking. */
884 s->max_lba = nb_sectors;
885 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
886 if (nb_sectors > UINT32_MAX)
887 nb_sectors = UINT32_MAX;
888 outbuf[0] = (nb_sectors >> 24) & 0xff;
889 outbuf[1] = (nb_sectors >> 16) & 0xff;
890 outbuf[2] = (nb_sectors >> 8) & 0xff;
891 outbuf[3] = nb_sectors & 0xff;
892 outbuf[4] = 0;
893 outbuf[5] = 0;
894 outbuf[6] = s->cluster_size * 2;
895 outbuf[7] = 0;
896 buflen = 8;
897 break;
fc903943 898 case SYNCHRONIZE_CACHE:
78ced65e
KW		 899 ret = bdrv_flush(s->bs);
900 if (ret < 0) {
901 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
902 return -1;
903 }
904 }
fc903943 905 break;
38215553
GH		 906 case GET_CONFIGURATION:
907 memset(outbuf, 0, 8);
908 /* ??? This should probably return much more information. For now
909 just return the basic header indicating the CD-ROM profile. */
910 outbuf[7] = 8; // CD-ROM
911 buflen = 8;
912 break;
5dd90e2a
GH		 913 case SERVICE_ACTION_IN:
914 /* Service Action In subcommands. */
915 if ((req->cmd.buf[1] & 31) == 0x10) {
916 DPRINTF("SAI READ CAPACITY(16)\n");
917 memset(outbuf, 0, req->cmd.xfer);
428c149b 918 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 919 if (!nb_sectors)
920 goto not_ready;
921 nb_sectors /= s->cluster_size;
922 /* Returned value is the address of the last sector. */
923 nb_sectors--;
924 /* Remember the new size for read/write sanity checking. */
925 s->max_lba = nb_sectors;
926 outbuf[0] = (nb_sectors >> 56) & 0xff;
927 outbuf[1] = (nb_sectors >> 48) & 0xff;
928 outbuf[2] = (nb_sectors >> 40) & 0xff;
929 outbuf[3] = (nb_sectors >> 32) & 0xff;
930 outbuf[4] = (nb_sectors >> 24) & 0xff;
931 outbuf[5] = (nb_sectors >> 16) & 0xff;
932 outbuf[6] = (nb_sectors >> 8) & 0xff;
933 outbuf[7] = nb_sectors & 0xff;
934 outbuf[8] = 0;
935 outbuf[9] = 0;
936 outbuf[10] = s->cluster_size * 2;
937 outbuf[11] = 0;
ee3659e3
CH		 938 outbuf[12] = 0;
939 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 940
941 /* set TPE bit if the format supports discard */
942 if (s->qdev.conf.discard_granularity) {
943 outbuf[14] = 0x80;
944 }
945
5dd90e2a
GH		 946 /* Protection, exponent and lowest lba field left blank. */
947 buflen = req->cmd.xfer;
948 break;
949 }
950 DPRINTF("Unsupported Service Action In\n");
951 goto illegal_request;
39ec9a50
GH		 952 case REPORT_LUNS:
953 if (req->cmd.xfer < 16)
954 goto illegal_request;
955 memset(outbuf, 0, 16);
956 outbuf[3] = 8;
957 buflen = 16;
958 break;
88f8a5ed
GH		 959 case VERIFY:
960 break;
ebef0bbb
BK		 961 case REZERO_UNIT:
962 DPRINTF("Rezero Unit\n");
963 if (!bdrv_is_inserted(s->bs)) {
964 goto not_ready;
965 }
966 break;
aa5dbdc1
GH		 967 default:
968 goto illegal_request;
969 }
a6d96eb7 970 scsi_req_set_status(r, GOOD, NO_SENSE);
aa5dbdc1
GH		 971 return buflen;
972
973not_ready:
8af7a3ab
KW		 974 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
975 return -1;
aa5dbdc1
GH		 976
977illegal_request:
8af7a3ab
KW		 978 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
979 return -1;
aa5dbdc1
GH		 980}
981
2e5d83bb
PB		 982/* Execute a scsi command. Returns the length of the data expected by the
983 command. This will be Positive for data transfers from the device
984 (eg. disk reads), negative for transfers to the device (eg. disk writes),
985 and zero if the command does not transfer any data. */
986
5c6c0e51 987static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 988{
5c6c0e51
HR		 989 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
990 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 991 int32_t len;
2e5d83bb 992 int is_write;
a917d384
PB		 993 uint8_t command;
994 uint8_t *outbuf;
aa5dbdc1 995 int rc;
a917d384 996
5c6c0e51 997 scsi_req_enqueue(req);
a917d384 998 command = buf[0];
3f4cb3d3 999 outbuf = (uint8_t *)r->iov.iov_base;
2e5d83bb 1000 is_write = 0;
a917d384 1001 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2dd791b6
HR		 1002
1003 if (scsi_req_parse(&r->req, buf) != 0) {
a917d384 1004 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 1005 goto fail;
1006 }
1007#ifdef DEBUG_SCSI
1008 {
1009 int i;
2dd791b6 1010 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1011 printf(" 0x%02x", buf[i]);
1012 }
1013 printf("\n");
1014 }
1015#endif
aa5dbdc1 1016
5c6c0e51 1017 if (req->lun || buf[1] >> 5) {
2e5d83bb 1018 /* Only LUN 0 supported. */
5c6c0e51 1019 DPRINTF("Unimplemented LUN %d\n", req->lun ? req->lun : buf[1] >> 5);
ebf46023 1020 if (command != REQUEST_SENSE && command != INQUIRY)
22864256 1021 goto fail;
2e5d83bb 1022 }
a917d384 1023 switch (command) {
ebf46023 1024 case TEST_UNIT_READY:
51ad87c9 1025 case REQUEST_SENSE:
0b06c059 1026 case INQUIRY:
ebddfcbe
GH		 1027 case MODE_SENSE:
1028 case MODE_SENSE_10:
3d53ba18
GH		 1029 case RESERVE:
1030 case RESERVE_10:
1031 case RELEASE:
1032 case RELEASE_10:
8d3628ff 1033 case START_STOP:
c68b9f34 1034 case ALLOW_MEDIUM_REMOVAL:
e7e25e32 1035 case READ_CAPACITY:
fc903943 1036 case SYNCHRONIZE_CACHE:
02880f43 1037 case READ_TOC:
38215553 1038 case GET_CONFIGURATION:
5dd90e2a 1039 case SERVICE_ACTION_IN:
39ec9a50 1040 case REPORT_LUNS:
88f8a5ed 1041 case VERIFY:
ebef0bbb 1042 case REZERO_UNIT:
8af7a3ab
KW		 1043 rc = scsi_disk_emulate_command(r, outbuf);
1044 if (rc < 0) {
0b06c059 1045 return 0;
aa5dbdc1 1046 }
8af7a3ab
KW		 1047
1048 r->iov.iov_len = rc;
0b06c059 1049 break;
ebf46023
GH		 1050 case READ_6:
1051 case READ_10:
bd536cf3
GH		 1052 case READ_12:
1053 case READ_16:
5c6c0e51 1054 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6
HR		 1055 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1056 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1057 goto illegal_lba;
2dd791b6 1058 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1059 r->sector_count = len * s->cluster_size;
2e5d83bb 1060 break;
ebf46023
GH		 1061 case WRITE_6:
1062 case WRITE_10:
bd536cf3
GH		 1063 case WRITE_12:
1064 case WRITE_16:
ebef0bbb
BK		 1065 case WRITE_VERIFY:
1066 case WRITE_VERIFY_12:
1067 case WRITE_VERIFY_16:
5c6c0e51 1068 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1069 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1070 (command & 0xe) == 0xe ? "And Verify " : "",
1071 r->req.cmd.lba, len);
1072 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1073 goto illegal_lba;
2dd791b6 1074 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1075 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 1076 is_write = 1;
1077 break;
ebef0bbb 1078 case MODE_SELECT:
2dd791b6 1079 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1080 /* We don't support mode parameter changes.
1081 Allow the mode parameter header + block descriptors only. */
2dd791b6 1082 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1083 goto fail;
1084 }
1085 break;
1086 case MODE_SELECT_10:
2dd791b6 1087 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1088 /* We don't support mode parameter changes.
1089 Allow the mode parameter header + block descriptors only. */
2dd791b6 1090 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1091 goto fail;
1092 }
1093 break;
1094 case SEEK_6:
1095 case SEEK_10:
2dd791b6
HR		 1096 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1097 r->req.cmd.lba);
1098 if (r->req.cmd.lba > s->max_lba) {
ebef0bbb
BK		 1099 goto illegal_lba;
1100 }
ea3bd56f
CH		 1101 break;
1102 case WRITE_SAME_16:
5c6c0e51 1103 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1104
1105 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1106 r->req.cmd.lba, len);
1107
1108 if (r->req.cmd.lba > s->max_lba) {
1109 goto illegal_lba;
1110 }
1111
1112 /*
1113 * We only support WRITE SAME with the unmap bit set for now.
1114 */
1115 if (!(buf[1] & 0x8)) {
1116 goto fail;
1117 }
1118
1119 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1120 len * s->cluster_size);
1121 if (rc < 0) {
1122 /* XXX: better error code ?*/
1123 goto fail;
1124 }
1125
ebef0bbb 1126 break;
2e5d83bb 1127 default:
2dd791b6 1128 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
2e5d83bb 1129 fail:
0d65e1f8 1130 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
2dd791b6 1131 return 0;
274fb0e1 1132 illegal_lba:
0d65e1f8 1133 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
274fb0e1 1134 return 0;
2e5d83bb 1135 }
c87c0672 1136 if (r->sector_count == 0 && r->iov.iov_len == 0) {
0d65e1f8 1137 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 1138 }
c87c0672 1139 len = r->sector_count * 512 + r->iov.iov_len;
a917d384 1140 if (is_write) {
ad2d30f7 1141 len = -len;
a917d384
PB		 1142 } else {
1143 if (!r->sector_count)
1144 r->sector_count = -1;
2e5d83bb 1145 }
ad2d30f7 1146 return len;
2e5d83bb
PB		 1147}
1148
e9447f35
JK		 1149static void scsi_disk_reset(DeviceState *dev)
1150{
1151 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1152 uint64_t nb_sectors;
1153
c557e889 1154 scsi_device_purge_requests(&s->qdev);
e9447f35
JK		 1155
1156 bdrv_get_geometry(s->bs, &nb_sectors);
1157 nb_sectors /= s->cluster_size;
1158 if (nb_sectors) {
1159 nb_sectors--;
1160 }
1161 s->max_lba = nb_sectors;
1162}
1163
1164static void scsi_destroy(SCSIDevice *dev)
1165{
1166 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1167
c557e889 1168 scsi_device_purge_requests(&s->qdev);
f8b6cc00 1169 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1170}
1171
b443ae67 1172static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
2e5d83bb 1173{
d52affa7 1174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1175 DriveInfo *dinfo;
2e5d83bb 1176
f8b6cc00 1177 if (!s->qdev.conf.bs) {
1ecda02b 1178 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1179 return -1;
1180 }
f8b6cc00 1181 s->bs = s->qdev.conf.bs;
b443ae67 1182 s->drive_kind = kind;
d52affa7 1183
b443ae67 1184 if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
98f28ad7
MA		 1185 error_report("Device needs media, but drive is empty");
1186 return -1;
1187 }
1188
a0fef654 1189 if (!s->serial) {
f8b6cc00
MA		 1190 /* try to fall back to value set with legacy -drive serial=... */
1191 dinfo = drive_get_by_blockdev(s->bs);
1192 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
a0fef654
MA		 1193 }
1194
552fee93
MA		 1195 if (!s->version) {
1196 s->version = qemu_strdup(QEMU_VERSION);
1197 }
1198
32bb404a 1199 if (bdrv_is_sg(s->bs)) {
1ecda02b 1200 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1201 return -1;
1202 }
1203
b443ae67 1204 if (kind == SCSI_CD) {
8cfacf07 1205 s->qdev.blocksize = 2048;
2e5d83bb 1206 } else {
8cfacf07 1207 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2e5d83bb 1208 }
8cfacf07 1209 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1210 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1211
91376656 1212 s->qdev.type = TYPE_DISK;
ea8a5d7f 1213 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
b443ae67 1214 bdrv_set_removable(s->bs, kind == SCSI_CD);
1ca4d09a 1215 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
d52affa7
GH		 1216 return 0;
1217}
1218
b443ae67
MA		 1219static int scsi_hd_initfn(SCSIDevice *dev)
1220{
1221 return scsi_initfn(dev, SCSI_HD);
1222}
1223
1224static int scsi_cd_initfn(SCSIDevice *dev)
1225{
1226 return scsi_initfn(dev, SCSI_CD);
1227}
1228
1229static int scsi_disk_initfn(SCSIDevice *dev)
1230{
1231 SCSIDriveKind kind;
95b5edcd 1232 DriveInfo *dinfo;
b443ae67
MA		 1233
1234 if (!dev->conf.bs) {
1235 kind = SCSI_HD; /* will die in scsi_initfn() */
1236 } else {
95b5edcd
MA		 1237 dinfo = drive_get_by_blockdev(dev->conf.bs);
1238 kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
b443ae67
MA		 1239 }
1240
1241 return scsi_initfn(dev, kind);
1242}
1243
1244#define DEFINE_SCSI_DISK_PROPERTIES() \
1245 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1246 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1247 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1248
1249static SCSIDeviceInfo scsi_disk_info[] = {
1250 {
1251 .qdev.name = "scsi-hd",
1252 .qdev.fw_name = "disk",
1253 .qdev.desc = "virtual SCSI disk",
1254 .qdev.size = sizeof(SCSIDiskState),
1255 .qdev.reset = scsi_disk_reset,
1256 .init = scsi_hd_initfn,
1257 .destroy = scsi_destroy,
5c6c0e51 1258 .alloc_req = scsi_new_request,
ad2d30f7 1259 .free_req = scsi_free_request,
b443ae67
MA		 1260 .send_command = scsi_send_command,
1261 .read_data = scsi_read_data,
1262 .write_data = scsi_write_data,
1263 .cancel_io = scsi_cancel_io,
1264 .get_buf = scsi_get_buf,
1265 .qdev.props = (Property[]) {
1266 DEFINE_SCSI_DISK_PROPERTIES(),
1267 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1268 DEFINE_PROP_END_OF_LIST(),
1269 }
1270 },{
1271 .qdev.name = "scsi-cd",
1272 .qdev.fw_name = "disk",
1273 .qdev.desc = "virtual SCSI CD-ROM",
1274 .qdev.size = sizeof(SCSIDiskState),
1275 .qdev.reset = scsi_disk_reset,
1276 .init = scsi_cd_initfn,
1277 .destroy = scsi_destroy,
5c6c0e51 1278 .alloc_req = scsi_new_request,
ad2d30f7 1279 .free_req = scsi_free_request,
b443ae67
MA		 1280 .send_command = scsi_send_command,
1281 .read_data = scsi_read_data,
1282 .write_data = scsi_write_data,
1283 .cancel_io = scsi_cancel_io,
1284 .get_buf = scsi_get_buf,
1285 .qdev.props = (Property[]) {
1286 DEFINE_SCSI_DISK_PROPERTIES(),
1287 DEFINE_PROP_END_OF_LIST(),
1288 },
1289 },{
1290 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1291 .qdev.fw_name = "disk",
1292 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1293 .qdev.size = sizeof(SCSIDiskState),
1294 .qdev.reset = scsi_disk_reset,
1295 .init = scsi_disk_initfn,
1296 .destroy = scsi_destroy,
5c6c0e51 1297 .alloc_req = scsi_new_request,
ad2d30f7 1298 .free_req = scsi_free_request,
b443ae67
MA		 1299 .send_command = scsi_send_command,
1300 .read_data = scsi_read_data,
1301 .write_data = scsi_write_data,
1302 .cancel_io = scsi_cancel_io,
1303 .get_buf = scsi_get_buf,
1304 .qdev.props = (Property[]) {
1305 DEFINE_SCSI_DISK_PROPERTIES(),
1306 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1307 DEFINE_PROP_END_OF_LIST(),
1308 }
1309 }
d52affa7
GH		 1310};
1311
1312static void scsi_disk_register_devices(void)
1313{
b443ae67
MA		 1314 int i;
1315
1316 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1317 scsi_qdev_register(&scsi_disk_info[i]);
1318 }
8ccc2ace 1319}
d52affa7 1320device_init(scsi_disk_register_devices)
Qemu copy for testing