]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi: Move sense handling into the driver
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb
PB		 14 *
15 * This code is licenced under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
5dba48a8
KW		 44#define SCSI_REQ_STATUS_RETRY 0x01
45#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46#define SCSI_REQ_STATUS_RETRY_READ 0x00
47#define SCSI_REQ_STATUS_RETRY_WRITE 0x02
78ced65e 48#define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
ea8a5d7f 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
a6d96eb7
HR		 52typedef struct SCSISense {
53 uint8_t key;
54} SCSISense;
55
4c41d2ef
GH		 56typedef struct SCSIDiskReq {
57 SCSIRequest req;
e035b43d 58 /* ??? We should probably keep track of whether the data transfer is
2e5d83bb 59 a read or a write. Currently we rely on the host getting it right. */
a917d384 60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 61 uint64_t sector;
62 uint32_t sector_count;
c87c0672
AL		 63 struct iovec iov;
64 QEMUIOVector qiov;
ea8a5d7f 65 uint32_t status;
4c41d2ef 66} SCSIDiskReq;
a917d384 67
d52affa7 68struct SCSIDiskState
a917d384 69{
d52affa7 70 SCSIDevice qdev;
428c149b 71 BlockDriverState *bs;
a917d384
PB		 72 /* The qemu block layer uses a fixed 512 byte sector size.
73 This is the number of 512 byte blocks in a single scsi sector. */
74 int cluster_size;
274fb0e1 75 uint64_t max_lba;
213189ab 76 QEMUBH *bh;
383b4d9b 77 char *version;
a0fef654 78 char *serial;
a6d96eb7 79 SCSISense sense;
2e5d83bb
PB		 80};
81
5dba48a8 82static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78ced65e 83static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
5dba48a8 84
72aef731
CH		 85static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
86 uint32_t lun)
2e5d83bb 87{
89b08ae1 88 SCSIRequest *req;
4c41d2ef 89 SCSIDiskReq *r;
a917d384 90
72aef731 91 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
89b08ae1 92 r = DO_UPCAST(SCSIDiskReq, req, req);
72aef731 93 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
a917d384 94 return r;
2e5d83bb
PB		 95}
96
4c41d2ef 97static void scsi_remove_request(SCSIDiskReq *r)
4d611c9a 98{
f8a83245 99 qemu_vfree(r->iov.iov_base);
89b08ae1 100 scsi_req_free(&r->req);
4d611c9a
PB		 101}
102
4c41d2ef 103static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
4d611c9a 104{
89b08ae1 105 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
a917d384
PB		 106}
107
a6d96eb7 108static void scsi_disk_clear_sense(SCSIDiskState *s)
ed3a34a3 109{
a6d96eb7
HR		 110 memset(&s->sense, 0, sizeof(s->sense));
111}
112
113static void scsi_disk_set_sense(SCSIDiskState *s, uint8_t key)
114{
115 s->sense.key = key;
116}
117
118static void scsi_req_set_status(SCSIDiskReq *r, int status, int sense_code)
119{
120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
121
122 r->req.status = status;
123 scsi_disk_set_sense(s, sense_code);
ed3a34a3
GH		 124}
125
a917d384 126/* Helper function for command completion. */
4c41d2ef 127static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
a917d384 128{
4c41d2ef
GH		 129 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
130 r->req.tag, status, sense);
a6d96eb7 131 scsi_req_set_status(r, status, sense);
ed3a34a3 132 scsi_req_complete(&r->req);
89b08ae1 133 scsi_remove_request(r);
4d611c9a
PB		 134}
135
136/* Cancel a pending data transfer. */
8ccc2ace 137static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
4d611c9a 138{
d52affa7 139 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 140 SCSIDiskReq *r;
a917d384
PB		 141 DPRINTF("Cancel tag=0x%x\n", tag);
142 r = scsi_find_request(s, tag);
143 if (r) {
4c41d2ef
GH		 144 if (r->req.aiocb)
145 bdrv_aio_cancel(r->req.aiocb);
146 r->req.aiocb = NULL;
a917d384
PB		 147 scsi_remove_request(r);
148 }
149}
150
151static void scsi_read_complete(void * opaque, int ret)
152{
4c41d2ef 153 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5dba48a8 154 int n;
a917d384 155
3e94cb02
JK		 156 r->req.aiocb = NULL;
157
a917d384 158 if (ret) {
5dba48a8
KW		 159 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
160 return;
161 }
4d611c9a 162 }
5dba48a8 163
aa2b1e89 164 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 165
5dba48a8
KW		 166 n = r->iov.iov_len / 512;
167 r->sector += n;
168 r->sector_count -= n;
4c41d2ef 169 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
4d611c9a
PB		 170}
171
5dba48a8
KW		 172
173static void scsi_read_request(SCSIDiskReq *r)
2e5d83bb 174{
5dba48a8 175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 176 uint32_t n;
177
a917d384 178 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 179 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 180 r->sector_count = 0;
4c41d2ef 181 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
a917d384 182 return;
2e5d83bb 183 }
a917d384
PB		 184 DPRINTF("Read sector_count=%d\n", r->sector_count);
185 if (r->sector_count == 0) {
0d65e1f8 186 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 187 return;
2e5d83bb
PB		 188 }
189
6fa2c95f
SH		 190 /* No data transfer may already be in progress */
191 assert(r->req.aiocb == NULL);
192
a917d384
PB		 193 n = r->sector_count;
194 if (n > SCSI_DMA_BUF_SIZE / 512)
195 n = SCSI_DMA_BUF_SIZE / 512;
196
c87c0672
AL		 197 r->iov.iov_len = n * 512;
198 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 199 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 200 scsi_read_complete, r);
d33ea50a
KW		 201 if (r->req.aiocb == NULL) {
202 scsi_read_complete(r, -EIO);
203 }
2e5d83bb
PB		 204}
205
5dba48a8
KW		 206/* Read more data from scsi device into buffer. */
207static void scsi_read_data(SCSIDevice *d, uint32_t tag)
ea8a5d7f 208{
5dba48a8
KW		 209 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
210 SCSIDiskReq *r;
211
212 r = scsi_find_request(s, tag);
213 if (!r) {
214 BADF("Bad read tag 0x%x\n", tag);
215 /* ??? This is the wrong error. */
216 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
217 return;
218 }
219
5dba48a8
KW		 220 scsi_read_request(r);
221}
222
223static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
224{
225 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
4c41d2ef 226 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 227 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
ea8a5d7f 228
380f640f 229 if (action == BLOCK_ERR_IGNORE) {
5dba48a8 230 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 231 return 0;
380f640f 232 }
ea8a5d7f
AL		 233
234 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
235 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8
KW		 236
237 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
238 r->status |= SCSI_REQ_STATUS_RETRY | type;
239
240 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
554a310b 241 vm_stop(0);
ea8a5d7f 242 } else {
5dba48a8
KW		 243 if (type == SCSI_REQ_STATUS_RETRY_READ) {
244 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
245 }
0d65e1f8
GH		 246 scsi_command_complete(r, CHECK_CONDITION,
247 HARDWARE_ERROR);
5dba48a8 248 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f
AL		 249 }
250
251 return 1;
252}
253
4d611c9a
PB		 254static void scsi_write_complete(void * opaque, int ret)
255{
4c41d2ef 256 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a917d384 257 uint32_t len;
ea8a5d7f
AL		 258 uint32_t n;
259
4c41d2ef 260 r->req.aiocb = NULL;
4d611c9a
PB		 261
262 if (ret) {
5dba48a8 263 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
ea8a5d7f 264 return;
5dba48a8 265 }
4d611c9a
PB		 266 }
267
c87c0672 268 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 269 r->sector += n;
270 r->sector_count -= n;
a917d384 271 if (r->sector_count == 0) {
0d65e1f8 272 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384
PB		 273 } else {
274 len = r->sector_count * 512;
275 if (len > SCSI_DMA_BUF_SIZE) {
276 len = SCSI_DMA_BUF_SIZE;
277 }
c87c0672 278 r->iov.iov_len = len;
4c41d2ef
GH		 279 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
280 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
4d611c9a 281 }
4d611c9a
PB		 282}
283
4c41d2ef 284static void scsi_write_request(SCSIDiskReq *r)
ea8a5d7f 285{
4c41d2ef 286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 287 uint32_t n;
288
6fa2c95f
SH		 289 /* No data transfer may already be in progress */
290 assert(r->req.aiocb == NULL);
291
c87c0672 292 n = r->iov.iov_len / 512;
ea8a5d7f 293 if (n) {
c87c0672 294 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
428c149b 295 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 296 scsi_write_complete, r);
d33ea50a
KW		 297 if (r->req.aiocb == NULL) {
298 scsi_write_complete(r, -EIO);
299 }
ea8a5d7f
AL		 300 } else {
301 /* Invoke completion routine to fetch data from host. */
302 scsi_write_complete(r, 0);
303 }
304}
305
4d611c9a
PB		 306/* Write data to a scsi device. Returns nonzero on failure.
307 The transfer may complete asynchronously. */
8ccc2ace 308static int scsi_write_data(SCSIDevice *d, uint32_t tag)
2e5d83bb 309{
d52affa7 310 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 311 SCSIDiskReq *r;
2e5d83bb 312
a917d384
PB		 313 DPRINTF("Write data tag=0x%x\n", tag);
314 r = scsi_find_request(s, tag);
315 if (!r) {
316 BADF("Bad write tag 0x%x\n", tag);
0d65e1f8 317 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
2e5d83bb
PB		 318 return 1;
319 }
ea8a5d7f 320
ea8a5d7f 321 scsi_write_request(r);
2e5d83bb 322
a917d384
PB		 323 return 0;
324}
2e5d83bb 325
213189ab 326static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 327{
d52affa7 328 SCSIDiskState *s = opaque;
9af99d98
GH		 329 SCSIRequest *req;
330 SCSIDiskReq *r;
213189ab
MA		 331
332 qemu_bh_delete(s->bh);
333 s->bh = NULL;
ea8a5d7f 334
9af99d98
GH		 335 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
336 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f 337 if (r->status & SCSI_REQ_STATUS_RETRY) {
5dba48a8 338 int status = r->status;
78ced65e
KW		 339 int ret;
340
5dba48a8
KW		 341 r->status &=
342 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
343
344 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
345 case SCSI_REQ_STATUS_RETRY_READ:
346 scsi_read_request(r);
347 break;
348 case SCSI_REQ_STATUS_RETRY_WRITE:
349 scsi_write_request(r);
350 break;
78ced65e
KW		 351 case SCSI_REQ_STATUS_RETRY_FLUSH:
352 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
353 if (ret == 0) {
354 scsi_command_complete(r, GOOD, NO_SENSE);
355 }
5dba48a8 356 }
ea8a5d7f 357 }
ea8a5d7f
AL		 358 }
359}
360
213189ab
MA		 361static void scsi_dma_restart_cb(void *opaque, int running, int reason)
362{
d52affa7 363 SCSIDiskState *s = opaque;
213189ab
MA		 364
365 if (!running)
366 return;
367
368 if (!s->bh) {
369 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
370 qemu_bh_schedule(s->bh);
371 }
372}
373
a917d384 374/* Return a pointer to the data buffer. */
8ccc2ace 375static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
a917d384 376{
d52affa7 377 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
4c41d2ef 378 SCSIDiskReq *r;
2e5d83bb 379
a917d384
PB		 380 r = scsi_find_request(s, tag);
381 if (!r) {
382 BADF("Bad buffer tag 0x%x\n", tag);
383 return NULL;
4d611c9a 384 }
3f4cb3d3 385 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 386}
387
0b06c059
GH		 388static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
389{
383b4d9b 390 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 391 int buflen = 0;
392
393 if (req->cmd.buf[1] & 0x2) {
394 /* Command support data - optional, not implemented */
395 BADF("optional INQUIRY command support request not implemented\n");
396 return -1;
397 }
398
399 if (req->cmd.buf[1] & 0x1) {
400 /* Vital product data */
401 uint8_t page_code = req->cmd.buf[2];
402 if (req->cmd.xfer < 4) {
403 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
404 "less than 4\n", page_code, req->cmd.xfer);
405 return -1;
406 }
407
428c149b 408 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
0b06c059
GH		 409 outbuf[buflen++] = 5;
410 } else {
411 outbuf[buflen++] = 0;
412 }
413 outbuf[buflen++] = page_code ; // this page
414 outbuf[buflen++] = 0x00;
415
416 switch (page_code) {
417 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 418 {
419 int pages;
0b06c059
GH		 420 DPRINTF("Inquiry EVPD[Supported pages] "
421 "buffer size %zd\n", req->cmd.xfer);
39d98982 422 pages = buflen++;
0b06c059
GH		 423 outbuf[buflen++] = 0x00; // list of supported pages (this page)
424 outbuf[buflen++] = 0x80; // unit serial number
425 outbuf[buflen++] = 0x83; // device identification
39d98982
HR		 426 if (bdrv_get_type_hint(s->bs) != BDRV_TYPE_CDROM) {
427 outbuf[buflen++] = 0xb0; // block device characteristics
428 }
429 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 430 break;
39d98982 431 }
0b06c059
GH		 432 case 0x80: /* Device serial number, optional */
433 {
a0fef654 434 int l = strlen(s->serial);
0b06c059
GH		 435
436 if (l > req->cmd.xfer)
437 l = req->cmd.xfer;
438 if (l > 20)
439 l = 20;
440
441 DPRINTF("Inquiry EVPD[Serial number] "
442 "buffer size %zd\n", req->cmd.xfer);
443 outbuf[buflen++] = l;
a0fef654 444 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 445 buflen += l;
446 break;
447 }
448
449 case 0x83: /* Device identification page, mandatory */
450 {
451 int max_len = 255 - 8;
428c149b 452 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 453
454 if (id_len > max_len)
455 id_len = max_len;
456 DPRINTF("Inquiry EVPD[Device identification] "
457 "buffer size %zd\n", req->cmd.xfer);
458
39d98982 459 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 460 outbuf[buflen++] = 0x2; // ASCII
461 outbuf[buflen++] = 0; // not officially assigned
462 outbuf[buflen++] = 0; // reserved
463 outbuf[buflen++] = id_len; // length of data following
464
428c149b 465 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 466 buflen += id_len;
467 break;
468 }
ee3659e3
CH		 469 case 0xb0: /* block device characteristics */
470 {
8cfacf07
CH		 471 unsigned int min_io_size =
472 s->qdev.conf.min_io_size / s->qdev.blocksize;
473 unsigned int opt_io_size =
474 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 475
39d98982
HR		 476 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
477 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
478 page_code);
479 return -1;
480 }
ee3659e3
CH		 481 /* required VPD size with unmap support */
482 outbuf[3] = buflen = 0x3c;
483
484 memset(outbuf + 4, 0, buflen - 4);
485
486 /* optimal transfer length granularity */
487 outbuf[6] = (min_io_size >> 8) & 0xff;
488 outbuf[7] = min_io_size & 0xff;
489
490 /* optimal transfer length */
491 outbuf[12] = (opt_io_size >> 24) & 0xff;
492 outbuf[13] = (opt_io_size >> 16) & 0xff;
493 outbuf[14] = (opt_io_size >> 8) & 0xff;
494 outbuf[15] = opt_io_size & 0xff;
495 break;
496 }
0b06c059
GH		 497 default:
498 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
499 "buffer size %zd\n", page_code, req->cmd.xfer);
500 return -1;
501 }
502 /* done with EVPD */
503 return buflen;
504 }
505
506 /* Standard INQUIRY data */
507 if (req->cmd.buf[2] != 0) {
508 BADF("Error: Inquiry (STANDARD) page or code "
509 "is non-zero [%02X]\n", req->cmd.buf[2]);
510 return -1;
511 }
512
513 /* PAGE CODE == 0 */
514 if (req->cmd.xfer < 5) {
515 BADF("Error: Inquiry (STANDARD) buffer size %zd "
516 "is less than 5\n", req->cmd.xfer);
517 return -1;
518 }
519
0b06c059
GH		 520 buflen = req->cmd.xfer;
521 if (buflen > SCSI_MAX_INQUIRY_LEN)
522 buflen = SCSI_MAX_INQUIRY_LEN;
523
524 memset(outbuf, 0, buflen);
525
526 if (req->lun || req->cmd.buf[1] >> 5) {
527 outbuf[0] = 0x7f; /* LUN not supported */
528 return buflen;
529 }
530
428c149b 531 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
0b06c059
GH		 532 outbuf[0] = 5;
533 outbuf[1] = 0x80;
550fe6c6 534 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059
GH		 535 } else {
536 outbuf[0] = 0;
550fe6c6 537 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 538 }
550fe6c6 539 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 540 memset(&outbuf[32], 0, 4);
552fee93 541 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 542 /*
543 * We claim conformance to SPC-3, which is required for guests
544 * to ask for modern features like READ CAPACITY(16) or the
545 * block characteristics VPD page by default. Not all of SPC-3
546 * is actually implemented, but we're good enough.
547 */
ee3659e3 548 outbuf[2] = 5;
0b06c059 549 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 550
551 if (buflen > 36) {
552 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
553 } else {
554 /* If the allocation length of CDB is too small,
555 the additional length is not adjusted */
556 outbuf[4] = 36 - 5;
557 }
558
0b06c059
GH		 559 /* Sync data transfer and TCQ. */
560 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
561 return buflen;
562}
563
282ab04e
BK		 564static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
565 int page_control)
ebddfcbe
GH		 566{
567 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
428c149b 568 BlockDriverState *bdrv = s->bs;
ebddfcbe
GH		 569 int cylinders, heads, secs;
570
282ab04e
BK		 571 /*
572 * If Changeable Values are requested, a mask denoting those mode parameters
573 * that are changeable shall be returned. As we currently don't support
574 * parameter changes via MODE_SELECT all bits are returned set to zero.
575 * The buffer was already menset to zero by the caller of this function.
576 */
ebddfcbe
GH		 577 switch (page) {
578 case 4: /* Rigid disk device geometry page. */
579 p[0] = 4;
580 p[1] = 0x16;
282ab04e
BK		 581 if (page_control == 1) { /* Changeable Values */
582 return p[1] + 2;
583 }
ebddfcbe
GH		 584 /* if a geometry hint is available, use it */
585 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
586 p[2] = (cylinders >> 16) & 0xff;
587 p[3] = (cylinders >> 8) & 0xff;
588 p[4] = cylinders & 0xff;
589 p[5] = heads & 0xff;
590 /* Write precomp start cylinder, disabled */
591 p[6] = (cylinders >> 16) & 0xff;
592 p[7] = (cylinders >> 8) & 0xff;
593 p[8] = cylinders & 0xff;
594 /* Reduced current start cylinder, disabled */
595 p[9] = (cylinders >> 16) & 0xff;
596 p[10] = (cylinders >> 8) & 0xff;
597 p[11] = cylinders & 0xff;
598 /* Device step rate [ns], 200ns */
599 p[12] = 0;
600 p[13] = 200;
601 /* Landing zone cylinder */
602 p[14] = 0xff;
603 p[15] = 0xff;
604 p[16] = 0xff;
605 /* Medium rotation rate [rpm], 5400 rpm */
606 p[20] = (5400 >> 8) & 0xff;
607 p[21] = 5400 & 0xff;
282ab04e 608 return p[1] + 2;
ebddfcbe
GH		 609
610 case 5: /* Flexible disk device geometry page. */
611 p[0] = 5;
612 p[1] = 0x1e;
282ab04e
BK		 613 if (page_control == 1) { /* Changeable Values */
614 return p[1] + 2;
615 }
ebddfcbe
GH		 616 /* Transfer rate [kbit/s], 5Mbit/s */
617 p[2] = 5000 >> 8;
618 p[3] = 5000 & 0xff;
619 /* if a geometry hint is available, use it */
620 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
621 p[4] = heads & 0xff;
622 p[5] = secs & 0xff;
623 p[6] = s->cluster_size * 2;
624 p[8] = (cylinders >> 8) & 0xff;
625 p[9] = cylinders & 0xff;
626 /* Write precomp start cylinder, disabled */
627 p[10] = (cylinders >> 8) & 0xff;
628 p[11] = cylinders & 0xff;
629 /* Reduced current start cylinder, disabled */
630 p[12] = (cylinders >> 8) & 0xff;
631 p[13] = cylinders & 0xff;
632 /* Device step rate [100us], 100us */
633 p[14] = 0;
634 p[15] = 1;
635 /* Device step pulse width [us], 1us */
636 p[16] = 1;
637 /* Device head settle delay [100us], 100us */
638 p[17] = 0;
639 p[18] = 1;
640 /* Motor on delay [0.1s], 0.1s */
641 p[19] = 1;
642 /* Motor off delay [0.1s], 0.1s */
643 p[20] = 1;
644 /* Medium rotation rate [rpm], 5400 rpm */
645 p[28] = (5400 >> 8) & 0xff;
646 p[29] = 5400 & 0xff;
282ab04e 647 return p[1] + 2;
ebddfcbe
GH		 648
649 case 8: /* Caching page. */
650 p[0] = 8;
651 p[1] = 0x12;
282ab04e
BK		 652 if (page_control == 1) { /* Changeable Values */
653 return p[1] + 2;
654 }
428c149b 655 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 656 p[2] = 4; /* WCE */
657 }
282ab04e 658 return p[1] + 2;
ebddfcbe
GH		 659
660 case 0x2a: /* CD Capabilities and Mechanical Status page. */
661 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
662 return 0;
663 p[0] = 0x2a;
664 p[1] = 0x14;
282ab04e
BK		 665 if (page_control == 1) { /* Changeable Values */
666 return p[1] + 2;
667 }
ebddfcbe
GH		 668 p[2] = 3; // CD-R & CD-RW read
669 p[3] = 0; // Writing not supported
670 p[4] = 0x7f; /* Audio, composite, digital out,
671 mode 2 form 1&2, multi session */
672 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
673 RW corrected, C2 errors, ISRC,
674 UPC, Bar code */
428c149b 675 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
ebddfcbe
GH		 676 /* Locking supported, jumper present, eject, tray */
677 p[7] = 0; /* no volume & mute control, no
678 changer */
679 p[8] = (50 * 176) >> 8; // 50x read speed
680 p[9] = (50 * 176) & 0xff;
681 p[10] = 0 >> 8; // No volume
682 p[11] = 0 & 0xff;
683 p[12] = 2048 >> 8; // 2M buffer
684 p[13] = 2048 & 0xff;
685 p[14] = (16 * 176) >> 8; // 16x read speed current
686 p[15] = (16 * 176) & 0xff;
687 p[18] = (16 * 176) >> 8; // 16x write speed
688 p[19] = (16 * 176) & 0xff;
689 p[20] = (16 * 176) >> 8; // 16x write speed current
690 p[21] = (16 * 176) & 0xff;
282ab04e 691 return p[1] + 2;
ebddfcbe
GH		 692
693 default:
694 return 0;
695 }
696}
697
698static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
699{
700 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ebddfcbe 701 uint64_t nb_sectors;
282ab04e 702 int page, dbd, buflen, page_control;
ebddfcbe 703 uint8_t *p;
ce512ee1 704 uint8_t dev_specific_param;
ebddfcbe
GH		 705
706 dbd = req->cmd.buf[1] & 0x8;
707 page = req->cmd.buf[2] & 0x3f;
282ab04e 708 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
aa2b1e89
BK		 709 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
710 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
ebddfcbe
GH		 711 memset(outbuf, 0, req->cmd.xfer);
712 p = outbuf;
713
0056dcc1 714 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 715 dev_specific_param = 0x80; /* Readonly. */
716 } else {
717 dev_specific_param = 0x00;
718 }
719
720 if (req->cmd.buf[0] == MODE_SENSE) {
721 p[1] = 0; /* Default media type. */
722 p[2] = dev_specific_param;
723 p[3] = 0; /* Block descriptor length. */
724 p += 4;
725 } else { /* MODE_SENSE_10 */
726 p[2] = 0; /* Default media type. */
727 p[3] = dev_specific_param;
728 p[6] = p[7] = 0; /* Block descriptor length. */
729 p += 8;
ebddfcbe 730 }
ebddfcbe 731
428c149b 732 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 733 if (!dbd && nb_sectors) {
ce512ee1
BK		 734 if (req->cmd.buf[0] == MODE_SENSE) {
735 outbuf[3] = 8; /* Block descriptor length */
736 } else { /* MODE_SENSE_10 */
737 outbuf[7] = 8; /* Block descriptor length */
738 }
ebddfcbe 739 nb_sectors /= s->cluster_size;
ebddfcbe 740 if (nb_sectors > 0xffffff)
2488b740 741 nb_sectors = 0;
ebddfcbe
GH		 742 p[0] = 0; /* media density code */
743 p[1] = (nb_sectors >> 16) & 0xff;
744 p[2] = (nb_sectors >> 8) & 0xff;
745 p[3] = nb_sectors & 0xff;
746 p[4] = 0; /* reserved */
747 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
748 p[6] = s->cluster_size * 2;
749 p[7] = 0;
750 p += 8;
751 }
752
282ab04e
BK		 753 if (page_control == 3) { /* Saved Values */
754 return -1; /* ILLEGAL_REQUEST */
755 }
756
ebddfcbe
GH		 757 switch (page) {
758 case 0x04:
759 case 0x05:
760 case 0x08:
761 case 0x2a:
282ab04e 762 p += mode_sense_page(req, page, p, page_control);
ebddfcbe
GH		 763 break;
764 case 0x3f:
282ab04e
BK		 765 p += mode_sense_page(req, 0x08, p, page_control);
766 p += mode_sense_page(req, 0x2a, p, page_control);
ebddfcbe 767 break;
a9c17b2b
BK		 768 default:
769 return -1; /* ILLEGAL_REQUEST */
ebddfcbe
GH		 770 }
771
772 buflen = p - outbuf;
ce512ee1
BK		 773 /*
774 * The mode data length field specifies the length in bytes of the
775 * following data that is available to be transferred. The mode data
776 * length does not include itself.
777 */
778 if (req->cmd.buf[0] == MODE_SENSE) {
779 outbuf[0] = buflen - 1;
780 } else { /* MODE_SENSE_10 */
781 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
782 outbuf[1] = (buflen - 2) & 0xff;
783 }
ebddfcbe
GH		 784 if (buflen > req->cmd.xfer)
785 buflen = req->cmd.xfer;
786 return buflen;
787}
788
02880f43
GH		 789static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
790{
791 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 792 int start_track, format, msf, toclen;
793 uint64_t nb_sectors;
794
795 msf = req->cmd.buf[1] & 2;
796 format = req->cmd.buf[2] & 0xf;
797 start_track = req->cmd.buf[6];
428c149b 798 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 799 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
800 nb_sectors /= s->cluster_size;
801 switch (format) {
802 case 0:
803 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
804 break;
805 case 1:
806 /* multi session : only a single session defined */
807 toclen = 12;
808 memset(outbuf, 0, 12);
809 outbuf[1] = 0x0a;
810 outbuf[2] = 0x01;
811 outbuf[3] = 0x01;
812 break;
813 case 2:
814 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
815 break;
816 default:
817 return -1;
818 }
819 if (toclen > req->cmd.xfer)
820 toclen = req->cmd.xfer;
821 return toclen;
822}
823
8af7a3ab 824static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
aa5dbdc1 825{
8af7a3ab 826 SCSIRequest *req = &r->req;
e7e25e32 827 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 828 uint64_t nb_sectors;
aa5dbdc1 829 int buflen = 0;
78ced65e 830 int ret;
aa5dbdc1
GH		 831
832 switch (req->cmd.buf[0]) {
833 case TEST_UNIT_READY:
428c149b 834 if (!bdrv_is_inserted(s->bs))
aa5dbdc1
GH		 835 goto not_ready;
836 break;
51ad87c9
GH		 837 case REQUEST_SENSE:
838 if (req->cmd.xfer < 4)
839 goto illegal_request;
840 memset(outbuf, 0, 4);
841 buflen = 4;
a6d96eb7 842 if (s->sense.key == NOT_READY && req->cmd.xfer >= 18) {
51ad87c9
GH		 843 memset(outbuf, 0, 18);
844 buflen = 18;
845 outbuf[7] = 10;
846 /* asc 0x3a, ascq 0: Medium not present */
847 outbuf[12] = 0x3a;
848 outbuf[13] = 0;
849 }
850 outbuf[0] = 0xf0;
851 outbuf[1] = 0;
a6d96eb7
HR		 852 outbuf[2] = s->sense.key;
853 scsi_disk_clear_sense(s);
51ad87c9 854 break;
0b06c059
GH		 855 case INQUIRY:
856 buflen = scsi_disk_emulate_inquiry(req, outbuf);
857 if (buflen < 0)
858 goto illegal_request;
859 break;
ebddfcbe
GH		 860 case MODE_SENSE:
861 case MODE_SENSE_10:
862 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
863 if (buflen < 0)
864 goto illegal_request;
865 break;
02880f43
GH		 866 case READ_TOC:
867 buflen = scsi_disk_emulate_read_toc(req, outbuf);
868 if (buflen < 0)
869 goto illegal_request;
870 break;
3d53ba18
GH		 871 case RESERVE:
872 if (req->cmd.buf[1] & 1)
873 goto illegal_request;
874 break;
875 case RESERVE_10:
876 if (req->cmd.buf[1] & 3)
877 goto illegal_request;
878 break;
879 case RELEASE:
880 if (req->cmd.buf[1] & 1)
881 goto illegal_request;
882 break;
883 case RELEASE_10:
884 if (req->cmd.buf[1] & 3)
885 goto illegal_request;
886 break;
8d3628ff 887 case START_STOP:
428c149b 888 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
8d3628ff 889 /* load/eject medium */
428c149b 890 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
8d3628ff
GH		 891 }
892 break;
c68b9f34 893 case ALLOW_MEDIUM_REMOVAL:
428c149b 894 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
c68b9f34 895 break;
e7e25e32
GH		 896 case READ_CAPACITY:
897 /* The normal LEN field for this command is zero. */
898 memset(outbuf, 0, 8);
428c149b 899 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 900 if (!nb_sectors)
901 goto not_ready;
902 nb_sectors /= s->cluster_size;
903 /* Returned value is the address of the last sector. */
904 nb_sectors--;
905 /* Remember the new size for read/write sanity checking. */
906 s->max_lba = nb_sectors;
907 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
908 if (nb_sectors > UINT32_MAX)
909 nb_sectors = UINT32_MAX;
910 outbuf[0] = (nb_sectors >> 24) & 0xff;
911 outbuf[1] = (nb_sectors >> 16) & 0xff;
912 outbuf[2] = (nb_sectors >> 8) & 0xff;
913 outbuf[3] = nb_sectors & 0xff;
914 outbuf[4] = 0;
915 outbuf[5] = 0;
916 outbuf[6] = s->cluster_size * 2;
917 outbuf[7] = 0;
918 buflen = 8;
919 break;
fc903943 920 case SYNCHRONIZE_CACHE:
78ced65e
KW		 921 ret = bdrv_flush(s->bs);
922 if (ret < 0) {
923 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
924 return -1;
925 }
926 }
fc903943 927 break;
38215553
GH		 928 case GET_CONFIGURATION:
929 memset(outbuf, 0, 8);
930 /* ??? This should probably return much more information. For now
931 just return the basic header indicating the CD-ROM profile. */
932 outbuf[7] = 8; // CD-ROM
933 buflen = 8;
934 break;
5dd90e2a
GH		 935 case SERVICE_ACTION_IN:
936 /* Service Action In subcommands. */
937 if ((req->cmd.buf[1] & 31) == 0x10) {
938 DPRINTF("SAI READ CAPACITY(16)\n");
939 memset(outbuf, 0, req->cmd.xfer);
428c149b 940 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 941 if (!nb_sectors)
942 goto not_ready;
943 nb_sectors /= s->cluster_size;
944 /* Returned value is the address of the last sector. */
945 nb_sectors--;
946 /* Remember the new size for read/write sanity checking. */
947 s->max_lba = nb_sectors;
948 outbuf[0] = (nb_sectors >> 56) & 0xff;
949 outbuf[1] = (nb_sectors >> 48) & 0xff;
950 outbuf[2] = (nb_sectors >> 40) & 0xff;
951 outbuf[3] = (nb_sectors >> 32) & 0xff;
952 outbuf[4] = (nb_sectors >> 24) & 0xff;
953 outbuf[5] = (nb_sectors >> 16) & 0xff;
954 outbuf[6] = (nb_sectors >> 8) & 0xff;
955 outbuf[7] = nb_sectors & 0xff;
956 outbuf[8] = 0;
957 outbuf[9] = 0;
958 outbuf[10] = s->cluster_size * 2;
959 outbuf[11] = 0;
ee3659e3
CH		 960 outbuf[12] = 0;
961 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
5dd90e2a
GH		 962 /* Protection, exponent and lowest lba field left blank. */
963 buflen = req->cmd.xfer;
964 break;
965 }
966 DPRINTF("Unsupported Service Action In\n");
967 goto illegal_request;
39ec9a50
GH		 968 case REPORT_LUNS:
969 if (req->cmd.xfer < 16)
970 goto illegal_request;
971 memset(outbuf, 0, 16);
972 outbuf[3] = 8;
973 buflen = 16;
974 break;
88f8a5ed
GH		 975 case VERIFY:
976 break;
ebef0bbb
BK		 977 case REZERO_UNIT:
978 DPRINTF("Rezero Unit\n");
979 if (!bdrv_is_inserted(s->bs)) {
980 goto not_ready;
981 }
982 break;
aa5dbdc1
GH		 983 default:
984 goto illegal_request;
985 }
a6d96eb7 986 scsi_req_set_status(r, GOOD, NO_SENSE);
aa5dbdc1
GH		 987 return buflen;
988
989not_ready:
8af7a3ab
KW		 990 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
991 return -1;
aa5dbdc1
GH		 992
993illegal_request:
8af7a3ab
KW		 994 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
995 return -1;
aa5dbdc1
GH		 996}
997
2e5d83bb
PB		 998/* Execute a scsi command. Returns the length of the data expected by the
999 command. This will be Positive for data transfers from the device
1000 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1001 and zero if the command does not transfer any data. */
1002
8ccc2ace
TS		 1003static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
1004 uint8_t *buf, int lun)
2e5d83bb 1005{
d52affa7 1006 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
86106e59 1007 uint64_t lba;
2e5d83bb
PB		 1008 uint32_t len;
1009 int cmdlen;
1010 int is_write;
a917d384
PB		 1011 uint8_t command;
1012 uint8_t *outbuf;
4c41d2ef 1013 SCSIDiskReq *r;
aa5dbdc1 1014 int rc;
a917d384
PB		 1015
1016 command = buf[0];
1017 r = scsi_find_request(s, tag);
1018 if (r) {
1019 BADF("Tag 0x%x already in use\n", tag);
8ccc2ace 1020 scsi_cancel_io(d, tag);
a917d384
PB		 1021 }
1022 /* ??? Tags are not unique for different luns. We only implement a
1023 single lun, so this should not matter. */
72aef731 1024 r = scsi_new_request(s, tag, lun);
3f4cb3d3 1025 outbuf = (uint8_t *)r->iov.iov_base;
2e5d83bb 1026 is_write = 0;
a917d384
PB		 1027 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
1028 switch (command >> 5) {
2e5d83bb 1029 case 0:
86106e59
AL		 1030 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
1031 (((uint64_t) buf[1] & 0x1f) << 16);
2e5d83bb
PB		 1032 len = buf[4];
1033 cmdlen = 6;
1034 break;
1035 case 1:
1036 case 2:
86106e59
AL		 1037 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1038 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
2e5d83bb
PB		 1039 len = buf[8] | (buf[7] << 8);
1040 cmdlen = 10;
1041 break;
1042 case 4:
86106e59
AL		 1043 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
1044 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
1045 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
1046 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
2e5d83bb
PB		 1047 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
1048 cmdlen = 16;
1049 break;
1050 case 5:
86106e59
AL		 1051 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1052 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
2e5d83bb
PB		 1053 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
1054 cmdlen = 12;
1055 break;
1056 default:
a917d384 1057 BADF("Unsupported command length, command %x\n", command);
2e5d83bb
PB		 1058 goto fail;
1059 }
1060#ifdef DEBUG_SCSI
1061 {
1062 int i;
1063 for (i = 1; i < cmdlen; i++) {
1064 printf(" 0x%02x", buf[i]);
1065 }
1066 printf("\n");
1067 }
1068#endif
aa5dbdc1
GH		 1069
1070 if (scsi_req_parse(&r->req, buf) != 0) {
1071 BADF("Unsupported command length, command %x\n", command);
1072 goto fail;
1073 }
1074 assert(r->req.cmd.len == cmdlen);
1075 assert(r->req.cmd.lba == lba);
1076
0fc5c15a 1077 if (lun || buf[1] >> 5) {
2e5d83bb 1078 /* Only LUN 0 supported. */
0fc5c15a 1079 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
ebf46023 1080 if (command != REQUEST_SENSE && command != INQUIRY)
22864256 1081 goto fail;
2e5d83bb 1082 }
a917d384 1083 switch (command) {
ebf46023 1084 case TEST_UNIT_READY:
51ad87c9 1085 case REQUEST_SENSE:
0b06c059 1086 case INQUIRY:
ebddfcbe
GH		 1087 case MODE_SENSE:
1088 case MODE_SENSE_10:
3d53ba18
GH		 1089 case RESERVE:
1090 case RESERVE_10:
1091 case RELEASE:
1092 case RELEASE_10:
8d3628ff 1093 case START_STOP:
c68b9f34 1094 case ALLOW_MEDIUM_REMOVAL:
e7e25e32 1095 case READ_CAPACITY:
fc903943 1096 case SYNCHRONIZE_CACHE:
02880f43 1097 case READ_TOC:
38215553 1098 case GET_CONFIGURATION:
5dd90e2a 1099 case SERVICE_ACTION_IN:
39ec9a50 1100 case REPORT_LUNS:
88f8a5ed 1101 case VERIFY:
ebef0bbb 1102 case REZERO_UNIT:
8af7a3ab
KW		 1103 rc = scsi_disk_emulate_command(r, outbuf);
1104 if (rc < 0) {
0b06c059 1105 return 0;
aa5dbdc1 1106 }
8af7a3ab
KW		 1107
1108 r->iov.iov_len = rc;
0b06c059 1109 break;
ebf46023
GH		 1110 case READ_6:
1111 case READ_10:
bd536cf3
GH		 1112 case READ_12:
1113 case READ_16:
0bf9e31a 1114 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
274fb0e1
AL		 1115 if (lba > s->max_lba)
1116 goto illegal_lba;
a917d384
PB		 1117 r->sector = lba * s->cluster_size;
1118 r->sector_count = len * s->cluster_size;
2e5d83bb 1119 break;
ebf46023
GH		 1120 case WRITE_6:
1121 case WRITE_10:
bd536cf3
GH		 1122 case WRITE_12:
1123 case WRITE_16:
ebef0bbb
BK		 1124 case WRITE_VERIFY:
1125 case WRITE_VERIFY_12:
1126 case WRITE_VERIFY_16:
1127 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1128 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
274fb0e1
AL		 1129 if (lba > s->max_lba)
1130 goto illegal_lba;
a917d384
PB		 1131 r->sector = lba * s->cluster_size;
1132 r->sector_count = len * s->cluster_size;
2e5d83bb
PB		 1133 is_write = 1;
1134 break;
ebef0bbb
BK		 1135 case MODE_SELECT:
1136 DPRINTF("Mode Select(6) (len %d)\n", len);
1137 /* We don't support mode parameter changes.
1138 Allow the mode parameter header + block descriptors only. */
1139 if (len > 12) {
1140 goto fail;
1141 }
1142 break;
1143 case MODE_SELECT_10:
1144 DPRINTF("Mode Select(10) (len %d)\n", len);
1145 /* We don't support mode parameter changes.
1146 Allow the mode parameter header + block descriptors only. */
1147 if (len > 16) {
1148 goto fail;
1149 }
1150 break;
1151 case SEEK_6:
1152 case SEEK_10:
1153 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1154 if (lba > s->max_lba) {
1155 goto illegal_lba;
1156 }
1157 break;
2e5d83bb
PB		 1158 default:
1159 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1160 fail:
0d65e1f8 1161 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
2e5d83bb 1162 return 0;
274fb0e1 1163 illegal_lba:
0d65e1f8 1164 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
274fb0e1 1165 return 0;
2e5d83bb 1166 }
c87c0672 1167 if (r->sector_count == 0 && r->iov.iov_len == 0) {
0d65e1f8 1168 scsi_command_complete(r, GOOD, NO_SENSE);
a917d384 1169 }
c87c0672 1170 len = r->sector_count * 512 + r->iov.iov_len;
a917d384
PB		 1171 if (is_write) {
1172 return -len;
1173 } else {
1174 if (!r->sector_count)
1175 r->sector_count = -1;
1176 return len;
2e5d83bb 1177 }
2e5d83bb
PB		 1178}
1179
e9447f35 1180static void scsi_disk_purge_requests(SCSIDiskState *s)
56a14938 1181{
9af99d98 1182 SCSIDiskReq *r;
56a14938 1183
9af99d98
GH		 1184 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1185 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
e9447f35
JK		 1186 if (r->req.aiocb) {
1187 bdrv_aio_cancel(r->req.aiocb);
1188 }
9af99d98
GH		 1189 scsi_remove_request(r);
1190 }
e9447f35
JK		 1191}
1192
1193static void scsi_disk_reset(DeviceState *dev)
1194{
1195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1196 uint64_t nb_sectors;
1197
1198 scsi_disk_purge_requests(s);
1199
1200 bdrv_get_geometry(s->bs, &nb_sectors);
1201 nb_sectors /= s->cluster_size;
1202 if (nb_sectors) {
1203 nb_sectors--;
1204 }
1205 s->max_lba = nb_sectors;
1206}
1207
1208static void scsi_destroy(SCSIDevice *dev)
1209{
1210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1211
1212 scsi_disk_purge_requests(s);
f8b6cc00 1213 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1214}
1215
d52affa7 1216static int scsi_disk_initfn(SCSIDevice *dev)
2e5d83bb 1217{
d52affa7 1218 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
7d0d6950 1219 int is_cd;
f8b6cc00 1220 DriveInfo *dinfo;
2e5d83bb 1221
f8b6cc00 1222 if (!s->qdev.conf.bs) {
1ecda02b 1223 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1224 return -1;
1225 }
f8b6cc00 1226 s->bs = s->qdev.conf.bs;
7d0d6950 1227 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
d52affa7 1228
98f28ad7
MA		 1229 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1230 error_report("Device needs media, but drive is empty");
1231 return -1;
1232 }
1233
a0fef654 1234 if (!s->serial) {
f8b6cc00
MA		 1235 /* try to fall back to value set with legacy -drive serial=... */
1236 dinfo = drive_get_by_blockdev(s->bs);
1237 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
a0fef654
MA		 1238 }
1239
552fee93
MA		 1240 if (!s->version) {
1241 s->version = qemu_strdup(QEMU_VERSION);
1242 }
1243
32bb404a 1244 if (bdrv_is_sg(s->bs)) {
1ecda02b 1245 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1246 return -1;
1247 }
1248
7d0d6950 1249 if (is_cd) {
8cfacf07 1250 s->qdev.blocksize = 2048;
2e5d83bb 1251 } else {
8cfacf07 1252 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2e5d83bb 1253 }
8cfacf07 1254 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1255 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1256
91376656 1257 s->qdev.type = TYPE_DISK;
ea8a5d7f 1258 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
7d0d6950 1259 bdrv_set_removable(s->bs, is_cd);
d52affa7
GH		 1260 return 0;
1261}
1262
1263static SCSIDeviceInfo scsi_disk_info = {
1264 .qdev.name = "scsi-disk",
1265 .qdev.desc = "virtual scsi disk or cdrom",
1266 .qdev.size = sizeof(SCSIDiskState),
e9447f35 1267 .qdev.reset = scsi_disk_reset,
d52affa7 1268 .init = scsi_disk_initfn,
56a14938 1269 .destroy = scsi_destroy,
d52affa7
GH		 1270 .send_command = scsi_send_command,
1271 .read_data = scsi_read_data,
1272 .write_data = scsi_write_data,
1273 .cancel_io = scsi_cancel_io,
1274 .get_buf = scsi_get_buf,
1275 .qdev.props = (Property[]) {
428c149b 1276 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
383b4d9b 1277 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
a0fef654 1278 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
d52affa7
GH		 1279 DEFINE_PROP_END_OF_LIST(),
1280 },
1281};
1282
1283static void scsi_disk_register_devices(void)
1284{
1285 scsi_qdev_register(&scsi_disk_info);
8ccc2ace 1286}
d52affa7 1287device_init(scsi_disk_register_devices)
Qemu copy for testing