]> git.proxmox.com Git - mirror_qemu.git/blame - hw/scsi-disk.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
blockdev: Store -drive option media in DriveInfo
[mirror_qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb
PB		 14 *
15 * This code is licenced under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
5dba48a8
KW		 44#define SCSI_REQ_STATUS_RETRY 0x01
45#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46#define SCSI_REQ_STATUS_RETRY_READ 0x00
47#define SCSI_REQ_STATUS_RETRY_WRITE 0x02
78ced65e 48#define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
ea8a5d7f 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
a6d96eb7
HR		 52typedef struct SCSISense {
53 uint8_t key;
54} SCSISense;
55
4c41d2ef
GH		 56typedef struct SCSIDiskReq {
57 SCSIRequest req;
e035b43d 58 /* ??? We should probably keep track of whether the data transfer is
2e5d83bb 59 a read or a write. Currently we rely on the host getting it right. */
a917d384 60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 61 uint64_t sector;
62 uint32_t sector_count;
c87c0672
AL		 63 struct iovec iov;
64 QEMUIOVector qiov;
ea8a5d7f 65 uint32_t status;
4c41d2ef 66} SCSIDiskReq;
a917d384 67
b443ae67
MA		 68typedef enum { SCSI_HD, SCSI_CD } SCSIDriveKind;
69
d52affa7 70struct SCSIDiskState
a917d384 71{
d52affa7 72 SCSIDevice qdev;
428c149b 73 BlockDriverState *bs;
a917d384
PB		 74 /* The qemu block layer uses a fixed 512 byte sector size.
75 This is the number of 512 byte blocks in a single scsi sector. */
76 int cluster_size;
419e691f 77 uint32_t removable;
274fb0e1 78 uint64_t max_lba;
213189ab 79 QEMUBH *bh;
383b4d9b 80 char *version;
a0fef654 81 char *serial;
a6d96eb7 82 SCSISense sense;
b443ae67 83 SCSIDriveKind drive_kind;
2e5d83bb
PB		 84};
85
5dba48a8 86static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78ced65e 87static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
5dba48a8 88
72aef731
CH		 89static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
90 uint32_t lun)
2e5d83bb 91{
89b08ae1 92 SCSIRequest *req;
4c41d2ef 93 SCSIDiskReq *r;
a917d384 94
72aef731 95 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
89b08ae1 96 r = DO_UPCAST(SCSIDiskReq, req, req);
72aef731 97 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
a917d384 98 return r;
2e5d83bb
PB		 99}
100
4c41d2ef 101static void scsi_remove_request(SCSIDiskReq *r)
4d611c9a 102{
f8a83245 103 qemu_vfree(r->iov.iov_base);
89b08ae1 104 scsi_req_free(&r->req);
4d611c9a
PB		 105}
106
4c41d2ef 107static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
4d611c9a 108{
89b08ae1 109 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
a917d384
PB		 110}
111
a6d96eb7 112static void scsi_disk_clear_sense(SCSIDiskState *s)
ed3a34a3 113{
a6d96eb7
HR		 114 memset(&s->sense, 0, sizeof(s->sense));
115}
116
117static void scsi_disk_set_sense(SCSIDiskState *s, uint8_t key)
118{
119 s->sense.key = key;
120}
121
122static void scsi_req_set_status(SCSIDiskReq *r, int status, int sense_code)
123{
124 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
125
126 r->req.status = status;
127 scsi_disk_set_sense(s, sense_code);
ed3a34a3
GH		 128}
129
a917d384 130/* Helper function for command completion. */
4c41d2ef 131static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
a917d384 132{
4c41d2ef
GH		 133 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
134 r->req.tag, status, sense);
a6d96eb7 135 scsi_req_set_status(r, status, sense);
ed3a34a3 136 scsi_req_complete(&r->req);
89b08ae1 137 scsi_remove_request(r);
4d611c9a
PB		 138}
139
140/* Cancel a pending data transfer. */
8ccc2ace 141static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
4d611c9a 142{
d52affa7 143 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 144 SCSIDiskReq *r;
a917d384
PB		 145 DPRINTF("Cancel tag=0x%x\n", tag);
146 r = scsi_find_request(s, tag);
147 if (r) {
4c41d2ef
GH		 148 if (r->req.aiocb)
149 bdrv_aio_cancel(r->req.aiocb);
150 r->req.aiocb = NULL;
a917d384
PB		 151 scsi_remove_request(r);
152 }
153}
154
155static void scsi_read_complete(void * opaque, int ret)
156{
4c41d2ef 157 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5dba48a8 158 int n;
a917d384 159
3e94cb02
JK		 160 r->req.aiocb = NULL;
161
a917d384 162 if (ret) {
5dba48a8
KW		 163 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
164 return;
165 }
4d611c9a 166 }
5dba48a8 167
aa2b1e89 168 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 169
5dba48a8
KW		 170 n = r->iov.iov_len / 512;
171 r->sector += n;
172 r->sector_count -= n;
4c41d2ef 173 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
4d611c9a
PB		 174}
175
5dba48a8
KW		 176
177static void scsi_read_request(SCSIDiskReq *r)
2e5d83bb 178{
5dba48a8 179 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 180 uint32_t n;
181
a917d384 182 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 183 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 184 r->sector_count = 0;
4c41d2ef 185 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
a917d384 186 return;
2e5d83bb 187 }
a917d384
PB		 188 DPRINTF("Read sector_count=%d\n", r->sector_count);
189 if (r->sector_count == 0) {
0d65e1f8 190 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 191 return;
2e5d83bb
PB		 192 }
193
6fa2c95f
SH		 194 /* No data transfer may already be in progress */
195 assert(r->req.aiocb == NULL);
196
a917d384
PB		 197 n = r->sector_count;
198 if (n > SCSI_DMA_BUF_SIZE / 512)
199 n = SCSI_DMA_BUF_SIZE / 512;
200
c87c0672
AL		 201 r->iov.iov_len = n * 512;
202 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 203 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 204 scsi_read_complete, r);
d33ea50a
KW		 205 if (r->req.aiocb == NULL) {
206 scsi_read_complete(r, -EIO);
207 }
2e5d83bb
PB		 208}
209
5dba48a8
KW		 210/* Read more data from scsi device into buffer. */
211static void scsi_read_data(SCSIDevice *d, uint32_t tag)
ea8a5d7f 212{
5dba48a8
KW		 213 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
214 SCSIDiskReq *r;
215
216 r = scsi_find_request(s, tag);
217 if (!r) {
218 BADF("Bad read tag 0x%x\n", tag);
219 /* ??? This is the wrong error. */
220 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
221 return;
222 }
223
5dba48a8
KW		 224 scsi_read_request(r);
225}
226
227static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
228{
229 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
4c41d2ef 230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 231 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
ea8a5d7f 232
380f640f 233 if (action == BLOCK_ERR_IGNORE) {
5dba48a8 234 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 235 return 0;
380f640f 236 }
ea8a5d7f
AL		 237
238 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
239 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8
KW		 240
241 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
242 r->status |= SCSI_REQ_STATUS_RETRY | type;
243
244 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
e07bbac5 245 vm_stop(VMSTOP_DISKFULL);
ea8a5d7f 246 } else {
5dba48a8
KW		 247 if (type == SCSI_REQ_STATUS_RETRY_READ) {
248 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
249 }
0d65e1f8
GH		 250 scsi_command_complete(r, CHECK_CONDITION,
251 HARDWARE_ERROR);
5dba48a8 252 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f
AL		 253 }
254
255 return 1;
256}
257
4d611c9a
PB		 258static void scsi_write_complete(void * opaque, int ret)
259{
4c41d2ef 260 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 261 uint32_t len;
ea8a5d7f
AL		 262 uint32_t n;
263
4c41d2ef 264 r->req.aiocb = NULL;
4d611c9a
PB		 265
266 if (ret) {
5dba48a8 267 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
ea8a5d7f 268 return;
5dba48a8 269 }
4d611c9a
PB		 270 }
271
c87c0672 272 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 273 r->sector += n;
274 r->sector_count -= n;
a917d384 275 if (r->sector_count == 0) {
0d65e1f8 276 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384
PB		 277 } else {
278 len = r->sector_count * 512;
279 if (len > SCSI_DMA_BUF_SIZE) {
280 len = SCSI_DMA_BUF_SIZE;
281 }
c87c0672 282 r->iov.iov_len = len;
4c41d2ef
GH		 283 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
284 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
4d611c9a 285 }
4d611c9a
PB		 286}
287
4c41d2ef 288static void scsi_write_request(SCSIDiskReq *r)
ea8a5d7f 289{
4c41d2ef 290 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 291 uint32_t n;
292
6fa2c95f
SH		 293 /* No data transfer may already be in progress */
294 assert(r->req.aiocb == NULL);
295
c87c0672 296 n = r->iov.iov_len / 512;
ea8a5d7f 297 if (n) {
c87c0672 298 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 299 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 300 scsi_write_complete, r);
d33ea50a
KW		 301 if (r->req.aiocb == NULL) {
302 scsi_write_complete(r, -EIO);
303 }
ea8a5d7f
AL		 304 } else {
305 /* Invoke completion routine to fetch data from host. */
306 scsi_write_complete(r, 0);
307 }
308}
309
4d611c9a
PB		 310/* Write data to a scsi device. Returns nonzero on failure.
311 The transfer may complete asynchronously. */
8ccc2ace 312static int scsi_write_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 313{
d52affa7 314 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 315 SCSIDiskReq *r;
2e5d83bb 316
a917d384
PB		 317 DPRINTF("Write data tag=0x%x\n", tag);
318 r = scsi_find_request(s, tag);
319 if (!r) {
320 BADF("Bad write tag 0x%x\n", tag);
0d65e1f8 321 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
2e5d83bb
PB		 322 return 1;
323 }
ea8a5d7f 324
ea8a5d7f 325 scsi_write_request(r);
2e5d83bb 326
a917d384
PB		 327 return 0;
328}
2e5d83bb 329
213189ab 330static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 331{
d52affa7 332 SCSIDiskState *s = opaque;
9af99d98
GH		 333 SCSIRequest *req;
334 SCSIDiskReq *r;
213189ab
MA		 335
336 qemu_bh_delete(s->bh);
337 s->bh = NULL;
ea8a5d7f 338
9af99d98
GH		 339 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
340 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f 341 if (r->status & SCSI_REQ_STATUS_RETRY) {
5dba48a8 342 int status = r->status;
78ced65e
KW		 343 int ret;
344
5dba48a8
KW		 345 r->status &=
346 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
347
348 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
349 case SCSI_REQ_STATUS_RETRY_READ:
350 scsi_read_request(r);
351 break;
352 case SCSI_REQ_STATUS_RETRY_WRITE:
353 scsi_write_request(r);
354 break;
78ced65e
KW		 355 case SCSI_REQ_STATUS_RETRY_FLUSH:
356 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
357 if (ret == 0) {
358 scsi_command_complete(r, GOOD, NO_SENSE);
359 }
5dba48a8 360 }
ea8a5d7f 361 }
ea8a5d7f
AL		 362 }
363}
364
213189ab
MA		 365static void scsi_dma_restart_cb(void *opaque, int running, int reason)
366{
d52affa7 367 SCSIDiskState *s = opaque;
213189ab
MA		 368
369 if (!running)
370 return;
371
372 if (!s->bh) {
373 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
374 qemu_bh_schedule(s->bh);
375 }
376}
377
a917d384 378/* Return a pointer to the data buffer. */
8ccc2ace 379static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
a917d384 380{
d52affa7 381 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 382 SCSIDiskReq *r;
2e5d83bb 383
a917d384
PB		 384 r = scsi_find_request(s, tag);
385 if (!r) {
386 BADF("Bad buffer tag 0x%x\n", tag);
387 return NULL;
4d611c9a 388 }
3f4cb3d3 389 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 390}
391
0b06c059
GH		 392static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
393{
383b4d9b 394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 395 int buflen = 0;
396
397 if (req->cmd.buf[1] & 0x2) {
398 /* Command support data - optional, not implemented */
399 BADF("optional INQUIRY command support request not implemented\n");
400 return -1;
401 }
402
403 if (req->cmd.buf[1] & 0x1) {
404 /* Vital product data */
405 uint8_t page_code = req->cmd.buf[2];
406 if (req->cmd.xfer < 4) {
407 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
408 "less than 4\n", page_code, req->cmd.xfer);
409 return -1;
410 }
411
b443ae67 412 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 413 outbuf[buflen++] = 5;
414 } else {
415 outbuf[buflen++] = 0;
416 }
417 outbuf[buflen++] = page_code ; // this page
418 outbuf[buflen++] = 0x00;
419
420 switch (page_code) {
421 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 422 {
423 int pages;
0b06c059
GH		 424 DPRINTF("Inquiry EVPD[Supported pages] "
425 "buffer size %zd\n", req->cmd.xfer);
39d98982 426 pages = buflen++;
0b06c059
GH		 427 outbuf[buflen++] = 0x00; // list of supported pages (this page)
428 outbuf[buflen++] = 0x80; // unit serial number
429 outbuf[buflen++] = 0x83; // device identification
b443ae67 430 if (s->drive_kind == SCSI_HD) {
ea3bd56f
CH		 431 outbuf[buflen++] = 0xb0; // block limits
432 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 433 }
434 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 435 break;
39d98982 436 }
0b06c059
GH		 437 case 0x80: /* Device serial number, optional */
438 {
a0fef654 439 int l = strlen(s->serial);
0b06c059
GH		 440
441 if (l > req->cmd.xfer)
442 l = req->cmd.xfer;
443 if (l > 20)
444 l = 20;
445
446 DPRINTF("Inquiry EVPD[Serial number] "
447 "buffer size %zd\n", req->cmd.xfer);
448 outbuf[buflen++] = l;
a0fef654 449 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 450 buflen += l;
451 break;
452 }
453
454 case 0x83: /* Device identification page, mandatory */
455 {
456 int max_len = 255 - 8;
428c149b 457 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 458
459 if (id_len > max_len)
460 id_len = max_len;
461 DPRINTF("Inquiry EVPD[Device identification] "
462 "buffer size %zd\n", req->cmd.xfer);
463
39d98982 464 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 465 outbuf[buflen++] = 0x2; // ASCII
466 outbuf[buflen++] = 0; // not officially assigned
467 outbuf[buflen++] = 0; // reserved
468 outbuf[buflen++] = id_len; // length of data following
469
428c149b 470 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 471 buflen += id_len;
472 break;
473 }
ea3bd56f 474 case 0xb0: /* block limits */
ee3659e3 475 {
ea3bd56f
CH		 476 unsigned int unmap_sectors =
477 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 478 unsigned int min_io_size =
479 s->qdev.conf.min_io_size / s->qdev.blocksize;
480 unsigned int opt_io_size =
481 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 482
b443ae67 483 if (s->drive_kind == SCSI_CD) {
39d98982
HR		 484 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
485 page_code);
486 return -1;
487 }
ee3659e3
CH		 488 /* required VPD size with unmap support */
489 outbuf[3] = buflen = 0x3c;
490
491 memset(outbuf + 4, 0, buflen - 4);
492
493 /* optimal transfer length granularity */
494 outbuf[6] = (min_io_size >> 8) & 0xff;
495 outbuf[7] = min_io_size & 0xff;
496
497 /* optimal transfer length */
498 outbuf[12] = (opt_io_size >> 24) & 0xff;
499 outbuf[13] = (opt_io_size >> 16) & 0xff;
500 outbuf[14] = (opt_io_size >> 8) & 0xff;
501 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 502
503 /* optimal unmap granularity */
504 outbuf[28] = (unmap_sectors >> 24) & 0xff;
505 outbuf[29] = (unmap_sectors >> 16) & 0xff;
506 outbuf[30] = (unmap_sectors >> 8) & 0xff;
507 outbuf[31] = unmap_sectors & 0xff;
508 break;
509 }
510 case 0xb2: /* thin provisioning */
511 {
512 outbuf[3] = buflen = 8;
513 outbuf[4] = 0;
514 outbuf[5] = 0x40; /* write same with unmap supported */
515 outbuf[6] = 0;
516 outbuf[7] = 0;
ee3659e3
CH		 517 break;
518 }
0b06c059
GH		 519 default:
520 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
521 "buffer size %zd\n", page_code, req->cmd.xfer);
522 return -1;
523 }
524 /* done with EVPD */
525 return buflen;
526 }
527
528 /* Standard INQUIRY data */
529 if (req->cmd.buf[2] != 0) {
530 BADF("Error: Inquiry (STANDARD) page or code "
531 "is non-zero [%02X]\n", req->cmd.buf[2]);
532 return -1;
533 }
534
535 /* PAGE CODE == 0 */
536 if (req->cmd.xfer < 5) {
537 BADF("Error: Inquiry (STANDARD) buffer size %zd "
538 "is less than 5\n", req->cmd.xfer);
539 return -1;
540 }
541
0b06c059
GH		 542 buflen = req->cmd.xfer;
543 if (buflen > SCSI_MAX_INQUIRY_LEN)
544 buflen = SCSI_MAX_INQUIRY_LEN;
545
546 memset(outbuf, 0, buflen);
547
548 if (req->lun || req->cmd.buf[1] >> 5) {
549 outbuf[0] = 0x7f; /* LUN not supported */
550 return buflen;
551 }
552
b443ae67 553 if (s->drive_kind == SCSI_CD) {
0b06c059
GH		 554 outbuf[0] = 5;
555 outbuf[1] = 0x80;
550fe6c6 556 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059
GH		 557 } else {
558 outbuf[0] = 0;
419e691f 559 outbuf[1] = s->removable ? 0x80 : 0;
550fe6c6 560 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 561 }
550fe6c6 562 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 563 memset(&outbuf[32], 0, 4);
552fee93 564 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 565 /*
566 * We claim conformance to SPC-3, which is required for guests
567 * to ask for modern features like READ CAPACITY(16) or the
568 * block characteristics VPD page by default. Not all of SPC-3
569 * is actually implemented, but we're good enough.
570 */
ee3659e3 571 outbuf[2] = 5;
0b06c059 572 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 573
574 if (buflen > 36) {
575 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
576 } else {
577 /* If the allocation length of CDB is too small,
578 the additional length is not adjusted */
579 outbuf[4] = 36 - 5;
580 }
581
0b06c059
GH		 582 /* Sync data transfer and TCQ. */
583 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
584 return buflen;
585}
586
282ab04e
BK		 587static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
588 int page_control)
ebddfcbe
GH		 589{
590 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
428c149b 591 BlockDriverState *bdrv = s->bs;
ebddfcbe
GH		 592 int cylinders, heads, secs;
593
282ab04e
BK		 594 /*
595 * If Changeable Values are requested, a mask denoting those mode parameters
596 * that are changeable shall be returned. As we currently don't support
597 * parameter changes via MODE_SELECT all bits are returned set to zero.
598 * The buffer was already menset to zero by the caller of this function.
599 */
ebddfcbe
GH		 600 switch (page) {
601 case 4: /* Rigid disk device geometry page. */
602 p[0] = 4;
603 p[1] = 0x16;
282ab04e
BK		 604 if (page_control == 1) { /* Changeable Values */
605 return p[1] + 2;
606 }
ebddfcbe
GH		 607 /* if a geometry hint is available, use it */
608 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
609 p[2] = (cylinders >> 16) & 0xff;
610 p[3] = (cylinders >> 8) & 0xff;
611 p[4] = cylinders & 0xff;
612 p[5] = heads & 0xff;
613 /* Write precomp start cylinder, disabled */
614 p[6] = (cylinders >> 16) & 0xff;
615 p[7] = (cylinders >> 8) & 0xff;
616 p[8] = cylinders & 0xff;
617 /* Reduced current start cylinder, disabled */
618 p[9] = (cylinders >> 16) & 0xff;
619 p[10] = (cylinders >> 8) & 0xff;
620 p[11] = cylinders & 0xff;
621 /* Device step rate [ns], 200ns */
622 p[12] = 0;
623 p[13] = 200;
624 /* Landing zone cylinder */
625 p[14] = 0xff;
626 p[15] = 0xff;
627 p[16] = 0xff;
628 /* Medium rotation rate [rpm], 5400 rpm */
629 p[20] = (5400 >> 8) & 0xff;
630 p[21] = 5400 & 0xff;
282ab04e 631 return p[1] + 2;
ebddfcbe
GH		 632
633 case 5: /* Flexible disk device geometry page. */
634 p[0] = 5;
635 p[1] = 0x1e;
282ab04e
BK		 636 if (page_control == 1) { /* Changeable Values */
637 return p[1] + 2;
638 }
ebddfcbe
GH		 639 /* Transfer rate [kbit/s], 5Mbit/s */
640 p[2] = 5000 >> 8;
641 p[3] = 5000 & 0xff;
642 /* if a geometry hint is available, use it */
643 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
644 p[4] = heads & 0xff;
645 p[5] = secs & 0xff;
646 p[6] = s->cluster_size * 2;
647 p[8] = (cylinders >> 8) & 0xff;
648 p[9] = cylinders & 0xff;
649 /* Write precomp start cylinder, disabled */
650 p[10] = (cylinders >> 8) & 0xff;
651 p[11] = cylinders & 0xff;
652 /* Reduced current start cylinder, disabled */
653 p[12] = (cylinders >> 8) & 0xff;
654 p[13] = cylinders & 0xff;
655 /* Device step rate [100us], 100us */
656 p[14] = 0;
657 p[15] = 1;
658 /* Device step pulse width [us], 1us */
659 p[16] = 1;
660 /* Device head settle delay [100us], 100us */
661 p[17] = 0;
662 p[18] = 1;
663 /* Motor on delay [0.1s], 0.1s */
664 p[19] = 1;
665 /* Motor off delay [0.1s], 0.1s */
666 p[20] = 1;
667 /* Medium rotation rate [rpm], 5400 rpm */
668 p[28] = (5400 >> 8) & 0xff;
669 p[29] = 5400 & 0xff;
282ab04e 670 return p[1] + 2;
ebddfcbe
GH		 671
672 case 8: /* Caching page. */
673 p[0] = 8;
674 p[1] = 0x12;
282ab04e
BK		 675 if (page_control == 1) { /* Changeable Values */
676 return p[1] + 2;
677 }
428c149b 678 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 679 p[2] = 4; /* WCE */
680 }
282ab04e 681 return p[1] + 2;
ebddfcbe
GH		 682
683 case 0x2a: /* CD Capabilities and Mechanical Status page. */
b443ae67 684 if (s->drive_kind != SCSI_CD)
ebddfcbe
GH		 685 return 0;
686 p[0] = 0x2a;
687 p[1] = 0x14;
282ab04e
BK		 688 if (page_control == 1) { /* Changeable Values */
689 return p[1] + 2;
690 }
ebddfcbe
GH		 691 p[2] = 3; // CD-R & CD-RW read
692 p[3] = 0; // Writing not supported
693 p[4] = 0x7f; /* Audio, composite, digital out,
694 mode 2 form 1&2, multi session */
695 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
696 RW corrected, C2 errors, ISRC,
697 UPC, Bar code */
428c149b 698 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
ebddfcbe
GH		 699 /* Locking supported, jumper present, eject, tray */
700 p[7] = 0; /* no volume & mute control, no
701 changer */
702 p[8] = (50 * 176) >> 8; // 50x read speed
703 p[9] = (50 * 176) & 0xff;
704 p[10] = 0 >> 8; // No volume
705 p[11] = 0 & 0xff;
706 p[12] = 2048 >> 8; // 2M buffer
707 p[13] = 2048 & 0xff;
708 p[14] = (16 * 176) >> 8; // 16x read speed current
709 p[15] = (16 * 176) & 0xff;
710 p[18] = (16 * 176) >> 8; // 16x write speed
711 p[19] = (16 * 176) & 0xff;
712 p[20] = (16 * 176) >> 8; // 16x write speed current
713 p[21] = (16 * 176) & 0xff;
282ab04e 714 return p[1] + 2;
ebddfcbe
GH		 715
716 default:
717 return 0;
718 }
719}
720
721static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
722{
723 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ebddfcbe 724 uint64_t nb_sectors;
282ab04e 725 int page, dbd, buflen, page_control;
ebddfcbe 726 uint8_t *p;
ce512ee1 727 uint8_t dev_specific_param;
ebddfcbe
GH		 728
729 dbd = req->cmd.buf[1] & 0x8;
730 page = req->cmd.buf[2] & 0x3f;
282ab04e 731 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
aa2b1e89
BK		 732 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
733 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
ebddfcbe
GH		 734 memset(outbuf, 0, req->cmd.xfer);
735 p = outbuf;
736
0056dcc1 737 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 738 dev_specific_param = 0x80; /* Readonly. */
739 } else {
740 dev_specific_param = 0x00;
741 }
742
743 if (req->cmd.buf[0] == MODE_SENSE) {
744 p[1] = 0; /* Default media type. */
745 p[2] = dev_specific_param;
746 p[3] = 0; /* Block descriptor length. */
747 p += 4;
748 } else { /* MODE_SENSE_10 */
749 p[2] = 0; /* Default media type. */
750 p[3] = dev_specific_param;
751 p[6] = p[7] = 0; /* Block descriptor length. */
752 p += 8;
ebddfcbe 753 }
ebddfcbe 754
428c149b 755 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 756 if (!dbd && nb_sectors) {
ce512ee1
BK		 757 if (req->cmd.buf[0] == MODE_SENSE) {
758 outbuf[3] = 8; /* Block descriptor length */
759 } else { /* MODE_SENSE_10 */
760 outbuf[7] = 8; /* Block descriptor length */
761 }
ebddfcbe 762 nb_sectors /= s->cluster_size;
ebddfcbe 763 if (nb_sectors > 0xffffff)
2488b740 764 nb_sectors = 0;
ebddfcbe
GH		 765 p[0] = 0; /* media density code */
766 p[1] = (nb_sectors >> 16) & 0xff;
767 p[2] = (nb_sectors >> 8) & 0xff;
768 p[3] = nb_sectors & 0xff;
769 p[4] = 0; /* reserved */
770 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
771 p[6] = s->cluster_size * 2;
772 p[7] = 0;
773 p += 8;
774 }
775
282ab04e
BK		 776 if (page_control == 3) { /* Saved Values */
777 return -1; /* ILLEGAL_REQUEST */
778 }
779
ebddfcbe
GH		 780 switch (page) {
781 case 0x04:
782 case 0x05:
783 case 0x08:
784 case 0x2a:
282ab04e 785 p += mode_sense_page(req, page, p, page_control);
ebddfcbe
GH		 786 break;
787 case 0x3f:
282ab04e
BK		 788 p += mode_sense_page(req, 0x08, p, page_control);
789 p += mode_sense_page(req, 0x2a, p, page_control);
ebddfcbe 790 break;
a9c17b2b
BK		 791 default:
792 return -1; /* ILLEGAL_REQUEST */
ebddfcbe
GH		 793 }
794
795 buflen = p - outbuf;
ce512ee1
BK		 796 /*
797 * The mode data length field specifies the length in bytes of the
798 * following data that is available to be transferred. The mode data
799 * length does not include itself.
800 */
801 if (req->cmd.buf[0] == MODE_SENSE) {
802 outbuf[0] = buflen - 1;
803 } else { /* MODE_SENSE_10 */
804 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
805 outbuf[1] = (buflen - 2) & 0xff;
806 }
ebddfcbe
GH		 807 if (buflen > req->cmd.xfer)
808 buflen = req->cmd.xfer;
809 return buflen;
810}
811
02880f43
GH		 812static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
813{
814 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 815 int start_track, format, msf, toclen;
816 uint64_t nb_sectors;
817
818 msf = req->cmd.buf[1] & 2;
819 format = req->cmd.buf[2] & 0xf;
820 start_track = req->cmd.buf[6];
428c149b 821 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 822 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
823 nb_sectors /= s->cluster_size;
824 switch (format) {
825 case 0:
826 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
827 break;
828 case 1:
829 /* multi session : only a single session defined */
830 toclen = 12;
831 memset(outbuf, 0, 12);
832 outbuf[1] = 0x0a;
833 outbuf[2] = 0x01;
834 outbuf[3] = 0x01;
835 break;
836 case 2:
837 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
838 break;
839 default:
840 return -1;
841 }
842 if (toclen > req->cmd.xfer)
843 toclen = req->cmd.xfer;
844 return toclen;
845}
846
8af7a3ab 847static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
aa5dbdc1 848{
8af7a3ab 849 SCSIRequest *req = &r->req;
e7e25e32 850 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 851 uint64_t nb_sectors;
aa5dbdc1 852 int buflen = 0;
78ced65e 853 int ret;
aa5dbdc1
GH		 854
855 switch (req->cmd.buf[0]) {
856 case TEST_UNIT_READY:
428c149b 857 if (!bdrv_is_inserted(s->bs))
aa5dbdc1
GH		 858 goto not_ready;
859 break;
51ad87c9
GH		 860 case REQUEST_SENSE:
861 if (req->cmd.xfer < 4)
862 goto illegal_request;
863 memset(outbuf, 0, 4);
864 buflen = 4;
a6d96eb7 865 if (s->sense.key == NOT_READY && req->cmd.xfer >= 18) {
51ad87c9
GH		 866 memset(outbuf, 0, 18);
867 buflen = 18;
868 outbuf[7] = 10;
869 /* asc 0x3a, ascq 0: Medium not present */
870 outbuf[12] = 0x3a;
871 outbuf[13] = 0;
872 }
873 outbuf[0] = 0xf0;
874 outbuf[1] = 0;
a6d96eb7
HR		 875 outbuf[2] = s->sense.key;
876 scsi_disk_clear_sense(s);
51ad87c9 877 break;
0b06c059
GH		 878 case INQUIRY:
879 buflen = scsi_disk_emulate_inquiry(req, outbuf);
880 if (buflen < 0)
881 goto illegal_request;
882 break;
ebddfcbe
GH		 883 case MODE_SENSE:
884 case MODE_SENSE_10:
885 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
886 if (buflen < 0)
887 goto illegal_request;
888 break;
02880f43
GH		 889 case READ_TOC:
890 buflen = scsi_disk_emulate_read_toc(req, outbuf);
891 if (buflen < 0)
892 goto illegal_request;
893 break;
3d53ba18
GH		 894 case RESERVE:
895 if (req->cmd.buf[1] & 1)
896 goto illegal_request;
897 break;
898 case RESERVE_10:
899 if (req->cmd.buf[1] & 3)
900 goto illegal_request;
901 break;
902 case RELEASE:
903 if (req->cmd.buf[1] & 1)
904 goto illegal_request;
905 break;
906 case RELEASE_10:
907 if (req->cmd.buf[1] & 3)
908 goto illegal_request;
909 break;
8d3628ff 910 case START_STOP:
b443ae67 911 if (s->drive_kind == SCSI_CD && (req->cmd.buf[4] & 2)) {
8d3628ff 912 /* load/eject medium */
428c149b 913 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
8d3628ff
GH		 914 }
915 break;
c68b9f34 916 case ALLOW_MEDIUM_REMOVAL:
428c149b 917 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
c68b9f34 918 break;
e7e25e32
GH		 919 case READ_CAPACITY:
920 /* The normal LEN field for this command is zero. */
921 memset(outbuf, 0, 8);
428c149b 922 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 923 if (!nb_sectors)
924 goto not_ready;
925 nb_sectors /= s->cluster_size;
926 /* Returned value is the address of the last sector. */
927 nb_sectors--;
928 /* Remember the new size for read/write sanity checking. */
929 s->max_lba = nb_sectors;
930 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
931 if (nb_sectors > UINT32_MAX)
932 nb_sectors = UINT32_MAX;
933 outbuf[0] = (nb_sectors >> 24) & 0xff;
934 outbuf[1] = (nb_sectors >> 16) & 0xff;
935 outbuf[2] = (nb_sectors >> 8) & 0xff;
936 outbuf[3] = nb_sectors & 0xff;
937 outbuf[4] = 0;
938 outbuf[5] = 0;
939 outbuf[6] = s->cluster_size * 2;
940 outbuf[7] = 0;
941 buflen = 8;
942 break;
fc903943 943 case SYNCHRONIZE_CACHE:
78ced65e
KW		 944 ret = bdrv_flush(s->bs);
945 if (ret < 0) {
946 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
947 return -1;
948 }
949 }
fc903943 950 break;
38215553
GH		 951 case GET_CONFIGURATION:
952 memset(outbuf, 0, 8);
953 /* ??? This should probably return much more information. For now
954 just return the basic header indicating the CD-ROM profile. */
955 outbuf[7] = 8; // CD-ROM
956 buflen = 8;
957 break;
5dd90e2a
GH		 958 case SERVICE_ACTION_IN:
959 /* Service Action In subcommands. */
960 if ((req->cmd.buf[1] & 31) == 0x10) {
961 DPRINTF("SAI READ CAPACITY(16)\n");
962 memset(outbuf, 0, req->cmd.xfer);
428c149b 963 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 964 if (!nb_sectors)
965 goto not_ready;
966 nb_sectors /= s->cluster_size;
967 /* Returned value is the address of the last sector. */
968 nb_sectors--;
969 /* Remember the new size for read/write sanity checking. */
970 s->max_lba = nb_sectors;
971 outbuf[0] = (nb_sectors >> 56) & 0xff;
972 outbuf[1] = (nb_sectors >> 48) & 0xff;
973 outbuf[2] = (nb_sectors >> 40) & 0xff;
974 outbuf[3] = (nb_sectors >> 32) & 0xff;
975 outbuf[4] = (nb_sectors >> 24) & 0xff;
976 outbuf[5] = (nb_sectors >> 16) & 0xff;
977 outbuf[6] = (nb_sectors >> 8) & 0xff;
978 outbuf[7] = nb_sectors & 0xff;
979 outbuf[8] = 0;
980 outbuf[9] = 0;
981 outbuf[10] = s->cluster_size * 2;
982 outbuf[11] = 0;
ee3659e3
CH		 983 outbuf[12] = 0;
984 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 985
986 /* set TPE bit if the format supports discard */
987 if (s->qdev.conf.discard_granularity) {
988 outbuf[14] = 0x80;
989 }
990
5dd90e2a
GH		 991 /* Protection, exponent and lowest lba field left blank. */
992 buflen = req->cmd.xfer;
993 break;
994 }
995 DPRINTF("Unsupported Service Action In\n");
996 goto illegal_request;
39ec9a50
GH		 997 case REPORT_LUNS:
998 if (req->cmd.xfer < 16)
999 goto illegal_request;
1000 memset(outbuf, 0, 16);
1001 outbuf[3] = 8;
1002 buflen = 16;
1003 break;
88f8a5ed
GH		 1004 case VERIFY:
1005 break;
ebef0bbb
BK		 1006 case REZERO_UNIT:
1007 DPRINTF("Rezero Unit\n");
1008 if (!bdrv_is_inserted(s->bs)) {
1009 goto not_ready;
1010 }
1011 break;
aa5dbdc1
GH		 1012 default:
1013 goto illegal_request;
1014 }
a6d96eb7 1015 scsi_req_set_status(r, GOOD, NO_SENSE);
aa5dbdc1
GH		 1016 return buflen;
1017
1018not_ready:
8af7a3ab
KW		 1019 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
1020 return -1;
aa5dbdc1
GH		 1021
1022illegal_request:
8af7a3ab
KW		 1023 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1024 return -1;
aa5dbdc1
GH		 1025}
1026
2e5d83bb
PB		 1027/* Execute a scsi command. Returns the length of the data expected by the
1028 command. This will be Positive for data transfers from the device
1029 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1030 and zero if the command does not transfer any data. */
1031
8ccc2ace
TS		 1032static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
1033 uint8_t *buf, int lun)
2e5d83bb 1034{
d52affa7 1035 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2e5d83bb 1036 uint32_t len;
2e5d83bb 1037 int is_write;
a917d384
PB		 1038 uint8_t command;
1039 uint8_t *outbuf;
4c41d2ef 1040 SCSIDiskReq *r;
aa5dbdc1 1041 int rc;
a917d384
PB		 1042
1043 command = buf[0];
1044 r = scsi_find_request(s, tag);
1045 if (r) {
1046 BADF("Tag 0x%x already in use\n", tag);
8ccc2ace 1047 scsi_cancel_io(d, tag);
a917d384
PB		 1048 }
1049 /* ??? Tags are not unique for different luns. We only implement a
1050 single lun, so this should not matter. */
72aef731 1051 r = scsi_new_request(s, tag, lun);
3f4cb3d3 1052 outbuf = (uint8_t *)r->iov.iov_base;
2e5d83bb 1053 is_write = 0;
a917d384 1054 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2dd791b6
HR		 1055
1056 if (scsi_req_parse(&r->req, buf) != 0) {
a917d384 1057 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 1058 goto fail;
1059 }
1060#ifdef DEBUG_SCSI
1061 {
1062 int i;
2dd791b6 1063 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1064 printf(" 0x%02x", buf[i]);
1065 }
1066 printf("\n");
1067 }
1068#endif
aa5dbdc1 1069
0fc5c15a 1070 if (lun || buf[1] >> 5) {
2e5d83bb 1071 /* Only LUN 0 supported. */
0fc5c15a 1072 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
ebf46023 1073 if (command != REQUEST_SENSE && command != INQUIRY)
22864256 1074 goto fail;
2e5d83bb 1075 }
a917d384 1076 switch (command) {
ebf46023 1077 case TEST_UNIT_READY:
51ad87c9 1078 case REQUEST_SENSE:
0b06c059 1079 case INQUIRY:
ebddfcbe
GH		 1080 case MODE_SENSE:
1081 case MODE_SENSE_10:
3d53ba18
GH		 1082 case RESERVE:
1083 case RESERVE_10:
1084 case RELEASE:
1085 case RELEASE_10:
8d3628ff 1086 case START_STOP:
c68b9f34 1087 case ALLOW_MEDIUM_REMOVAL:
e7e25e32 1088 case READ_CAPACITY:
fc903943 1089 case SYNCHRONIZE_CACHE:
02880f43 1090 case READ_TOC:
38215553 1091 case GET_CONFIGURATION:
5dd90e2a 1092 case SERVICE_ACTION_IN:
39ec9a50 1093 case REPORT_LUNS:
88f8a5ed 1094 case VERIFY:
ebef0bbb 1095 case REZERO_UNIT:
8af7a3ab
KW		 1096 rc = scsi_disk_emulate_command(r, outbuf);
1097 if (rc < 0) {
0b06c059 1098 return 0;
aa5dbdc1 1099 }
8af7a3ab
KW		 1100
1101 r->iov.iov_len = rc;
0b06c059 1102 break;
ebf46023
GH		 1103 case READ_6:
1104 case READ_10:
bd536cf3
GH		 1105 case READ_12:
1106 case READ_16:
2dd791b6
HR		 1107 len = r->req.cmd.xfer / d->blocksize;
1108 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1109 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1110 goto illegal_lba;
2dd791b6 1111 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1112 r->sector_count = len * s->cluster_size;
2e5d83bb 1113 break;
ebf46023
GH		 1114 case WRITE_6:
1115 case WRITE_10:
bd536cf3
GH		 1116 case WRITE_12:
1117 case WRITE_16:
ebef0bbb
BK		 1118 case WRITE_VERIFY:
1119 case WRITE_VERIFY_12:
1120 case WRITE_VERIFY_16:
2dd791b6 1121 len = r->req.cmd.xfer / d->blocksize;
ebef0bbb 1122 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1123 (command & 0xe) == 0xe ? "And Verify " : "",
1124 r->req.cmd.lba, len);
1125 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1126 goto illegal_lba;
2dd791b6 1127 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1128 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 1129 is_write = 1;
1130 break;
ebef0bbb 1131 case MODE_SELECT:
2dd791b6 1132 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1133 /* We don't support mode parameter changes.
1134 Allow the mode parameter header + block descriptors only. */
2dd791b6 1135 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1136 goto fail;
1137 }
1138 break;
1139 case MODE_SELECT_10:
2dd791b6 1140 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1141 /* We don't support mode parameter changes.
1142 Allow the mode parameter header + block descriptors only. */
2dd791b6 1143 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1144 goto fail;
1145 }
1146 break;
1147 case SEEK_6:
1148 case SEEK_10:
2dd791b6
HR		 1149 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1150 r->req.cmd.lba);
1151 if (r->req.cmd.lba > s->max_lba) {
ebef0bbb
BK		 1152 goto illegal_lba;
1153 }
ea3bd56f
CH		 1154 break;
1155 case WRITE_SAME_16:
1156 len = r->req.cmd.xfer / d->blocksize;
1157
1158 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1159 r->req.cmd.lba, len);
1160
1161 if (r->req.cmd.lba > s->max_lba) {
1162 goto illegal_lba;
1163 }
1164
1165 /*
1166 * We only support WRITE SAME with the unmap bit set for now.
1167 */
1168 if (!(buf[1] & 0x8)) {
1169 goto fail;
1170 }
1171
1172 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1173 len * s->cluster_size);
1174 if (rc < 0) {
1175 /* XXX: better error code ?*/
1176 goto fail;
1177 }
1178
ebef0bbb 1179 break;
2e5d83bb 1180 default:
2dd791b6 1181 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
2e5d83bb 1182 fail:
0d65e1f8 1183 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
2dd791b6 1184 return 0;
274fb0e1 1185 illegal_lba:
0d65e1f8 1186 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
274fb0e1 1187 return 0;
2e5d83bb 1188 }
c87c0672 1189 if (r->sector_count == 0 && r->iov.iov_len == 0) {
0d65e1f8 1190 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 1191 }
c87c0672 1192 len = r->sector_count * 512 + r->iov.iov_len;
a917d384
PB		 1193 if (is_write) {
1194 return -len;
1195 } else {
1196 if (!r->sector_count)
1197 r->sector_count = -1;
1198 return len;
2e5d83bb 1199 }
2e5d83bb
PB		 1200}
1201
e9447f35 1202static void scsi_disk_purge_requests(SCSIDiskState *s)
56a14938 1203{
9af99d98 1204 SCSIDiskReq *r;
56a14938 1205
9af99d98
GH		 1206 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1207 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
e9447f35
JK		 1208 if (r->req.aiocb) {
1209 bdrv_aio_cancel(r->req.aiocb);
1210 }
9af99d98
GH		 1211 scsi_remove_request(r);
1212 }
e9447f35
JK		 1213}
1214
1215static void scsi_disk_reset(DeviceState *dev)
1216{
1217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1218 uint64_t nb_sectors;
1219
1220 scsi_disk_purge_requests(s);
1221
1222 bdrv_get_geometry(s->bs, &nb_sectors);
1223 nb_sectors /= s->cluster_size;
1224 if (nb_sectors) {
1225 nb_sectors--;
1226 }
1227 s->max_lba = nb_sectors;
1228}
1229
1230static void scsi_destroy(SCSIDevice *dev)
1231{
1232 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1233
1234 scsi_disk_purge_requests(s);
f8b6cc00 1235 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1236}
1237
b443ae67 1238static int scsi_initfn(SCSIDevice *dev, SCSIDriveKind kind)
2e5d83bb 1239{
d52affa7 1240 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1241 DriveInfo *dinfo;
2e5d83bb 1242
f8b6cc00 1243 if (!s->qdev.conf.bs) {
1ecda02b 1244 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1245 return -1;
1246 }
f8b6cc00 1247 s->bs = s->qdev.conf.bs;
b443ae67 1248 s->drive_kind = kind;
d52affa7 1249
b443ae67 1250 if (kind == SCSI_HD && !bdrv_is_inserted(s->bs)) {
98f28ad7
MA		 1251 error_report("Device needs media, but drive is empty");
1252 return -1;
1253 }
1254
a0fef654 1255 if (!s->serial) {
f8b6cc00
MA		 1256 /* try to fall back to value set with legacy -drive serial=... */
1257 dinfo = drive_get_by_blockdev(s->bs);
1258 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
a0fef654
MA		 1259 }
1260
552fee93
MA		 1261 if (!s->version) {
1262 s->version = qemu_strdup(QEMU_VERSION);
1263 }
1264
32bb404a 1265 if (bdrv_is_sg(s->bs)) {
1ecda02b 1266 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1267 return -1;
1268 }
1269
b443ae67 1270 if (kind == SCSI_CD) {
8cfacf07 1271 s->qdev.blocksize = 2048;
2e5d83bb 1272 } else {
8cfacf07 1273 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2e5d83bb 1274 }
8cfacf07 1275 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1276 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1277
91376656 1278 s->qdev.type = TYPE_DISK;
ea8a5d7f 1279 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
b443ae67 1280 bdrv_set_removable(s->bs, kind == SCSI_CD);
1ca4d09a 1281 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
d52affa7
GH		 1282 return 0;
1283}
1284
b443ae67
MA		 1285static int scsi_hd_initfn(SCSIDevice *dev)
1286{
1287 return scsi_initfn(dev, SCSI_HD);
1288}
1289
1290static int scsi_cd_initfn(SCSIDevice *dev)
1291{
1292 return scsi_initfn(dev, SCSI_CD);
1293}
1294
1295static int scsi_disk_initfn(SCSIDevice *dev)
1296{
1297 SCSIDriveKind kind;
95b5edcd 1298 DriveInfo *dinfo;
b443ae67
MA		 1299
1300 if (!dev->conf.bs) {
1301 kind = SCSI_HD; /* will die in scsi_initfn() */
1302 } else {
95b5edcd
MA		 1303 dinfo = drive_get_by_blockdev(dev->conf.bs);
1304 kind = dinfo->media_cd ? SCSI_CD : SCSI_HD;
b443ae67
MA		 1305 }
1306
1307 return scsi_initfn(dev, kind);
1308}
1309
1310#define DEFINE_SCSI_DISK_PROPERTIES() \
1311 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1312 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1313 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1314
1315static SCSIDeviceInfo scsi_disk_info[] = {
1316 {
1317 .qdev.name = "scsi-hd",
1318 .qdev.fw_name = "disk",
1319 .qdev.desc = "virtual SCSI disk",
1320 .qdev.size = sizeof(SCSIDiskState),
1321 .qdev.reset = scsi_disk_reset,
1322 .init = scsi_hd_initfn,
1323 .destroy = scsi_destroy,
1324 .send_command = scsi_send_command,
1325 .read_data = scsi_read_data,
1326 .write_data = scsi_write_data,
1327 .cancel_io = scsi_cancel_io,
1328 .get_buf = scsi_get_buf,
1329 .qdev.props = (Property[]) {
1330 DEFINE_SCSI_DISK_PROPERTIES(),
1331 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1332 DEFINE_PROP_END_OF_LIST(),
1333 }
1334 },{
1335 .qdev.name = "scsi-cd",
1336 .qdev.fw_name = "disk",
1337 .qdev.desc = "virtual SCSI CD-ROM",
1338 .qdev.size = sizeof(SCSIDiskState),
1339 .qdev.reset = scsi_disk_reset,
1340 .init = scsi_cd_initfn,
1341 .destroy = scsi_destroy,
1342 .send_command = scsi_send_command,
1343 .read_data = scsi_read_data,
1344 .write_data = scsi_write_data,
1345 .cancel_io = scsi_cancel_io,
1346 .get_buf = scsi_get_buf,
1347 .qdev.props = (Property[]) {
1348 DEFINE_SCSI_DISK_PROPERTIES(),
1349 DEFINE_PROP_END_OF_LIST(),
1350 },
1351 },{
1352 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1353 .qdev.fw_name = "disk",
1354 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1355 .qdev.size = sizeof(SCSIDiskState),
1356 .qdev.reset = scsi_disk_reset,
1357 .init = scsi_disk_initfn,
1358 .destroy = scsi_destroy,
1359 .send_command = scsi_send_command,
1360 .read_data = scsi_read_data,
1361 .write_data = scsi_write_data,
1362 .cancel_io = scsi_cancel_io,
1363 .get_buf = scsi_get_buf,
1364 .qdev.props = (Property[]) {
1365 DEFINE_SCSI_DISK_PROPERTIES(),
1366 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1367 DEFINE_PROP_END_OF_LIST(),
1368 }
1369 }
d52affa7
GH		 1370};
1371
1372static void scsi_disk_register_devices(void)
1373{
b443ae67
MA		 1374 int i;
1375
1376 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1377 scsi_qdev_register(&scsi_disk_info[i]);
1378 }
8ccc2ace 1379}
d52affa7 1380device_init(scsi_disk_register_devices)
QEMU mirror