]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi: support FUA on reads
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
d1a0739d 40#include "block_int.h"
5d0d2467 41#include "dma.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
f0f72ffe 47#define SCSI_DMA_BUF_SIZE 131072
57575058 48#define SCSI_MAX_INQUIRY_LEN 256
a917d384 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
7285477a 57 uint32_t buflen;
a0e66a69 58 bool started;
c87c0672
AL		 59 struct iovec iov;
60 QEMUIOVector qiov;
a597e79c 61 BlockAcctCookie acct;
4c41d2ef 62} SCSIDiskReq;
a917d384 63
d52affa7 64struct SCSIDiskState
a917d384 65{
d52affa7 66 SCSIDevice qdev;
419e691f 67 uint32_t removable;
8a9c16f6 68 bool media_changed;
3c2f7c12 69 bool media_event;
4480de19 70 bool eject_request;
213189ab 71 QEMUBH *bh;
383b4d9b 72 char *version;
a0fef654 73 char *serial;
ece0d5e9 74 bool tray_open;
81b1008d 75 bool tray_locked;
2e5d83bb
PB		 76};
77
71544d30 78static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 79
ad2d30f7 80static void scsi_free_request(SCSIRequest *req)
4d611c9a 81{
ad2d30f7
PB		 82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83
7285477a
PB		 84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
86 }
4d611c9a
PB		 87}
88
b45ef674
PB		 89/* Helper function for command completion with sense. */
90static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 91{
02fa69b6
BS		 92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 96}
97
98/* Cancel a pending data transfer. */
5c6c0e51 99static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 100{
5c6c0e51
HR		 101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 if (r->req.aiocb) {
105 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 106
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
a917d384 111 }
5c6c0e51 112 r->req.aiocb = NULL;
a917d384
PB		 113}
114
43b978b9 115static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 116{
7285477a
PB		 117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118
119 if (!r->iov.iov_base) {
43b978b9 120 r->buflen = size;
44740c38 121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 122 }
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
126}
127
43b978b9
PB		 128static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129{
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
137 }
138}
139
140static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141{
142 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143
144 qemu_get_be64s(f, &r->sector);
145 qemu_get_be32s(f, &r->sector_count);
146 qemu_get_be32s(f, &r->buflen);
147 if (r->buflen) {
148 scsi_init_iovec(r, r->buflen);
149 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
150 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
151 }
152 }
153
154 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
155}
156
b77912a7 157static void scsi_flush_complete(void * opaque, int ret)
5d0d2467
PB		 158{
159 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
160 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161
162 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
163
80624c93 164 if (ret < 0) {
5d0d2467
PB		 165 if (scsi_handle_rw_error(r, -ret)) {
166 goto done;
167 }
168 }
169
5d0d2467
PB		 170 scsi_req_complete(&r->req, GOOD);
171
172done:
b8aba8d7
PB		 173 if (!r->req.io_canceled) {
174 scsi_req_unref(&r->req);
175 }
5d0d2467
PB		 176}
177
7e8c49c5
PB		 178static bool scsi_is_cmd_fua(SCSICommand *cmd)
179{
180 switch (cmd->buf[0]) {
181 case READ_10:
182 case READ_12:
183 case READ_16:
184 case WRITE_10:
185 case WRITE_12:
186 case WRITE_16:
187 return (cmd->buf[1] & 8) != 0;
188
7f64f8e2
PB		 189 case VERIFY_10:
190 case VERIFY_12:
191 case VERIFY_16:
7e8c49c5
PB		 192 case WRITE_VERIFY_10:
193 case WRITE_VERIFY_12:
194 case WRITE_VERIFY_16:
195 return true;
196
197 case READ_6:
198 case WRITE_6:
199 default:
200 return false;
201 }
202}
203
204static void scsi_write_do_fua(SCSIDiskReq *r)
205{
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
208 if (scsi_is_cmd_fua(&r->req.cmd)) {
209 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
210 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
211 return;
212 }
213
214 scsi_req_complete(&r->req, GOOD);
215 if (!r->req.io_canceled) {
216 scsi_req_unref(&r->req);
217 }
218}
219
b77912a7 220static void scsi_dma_complete(void *opaque, int ret)
a917d384 221{
4c41d2ef 222 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 224
7f64f8e2
PB		 225 if (r->req.aiocb != NULL) {
226 r->req.aiocb = NULL;
227 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
228 }
a597e79c 229
80624c93 230 if (ret < 0) {
71544d30 231 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 232 goto done;
5dba48a8 233 }
4d611c9a 234 }
5dba48a8 235
b77912a7
PB		 236 r->sector += r->sector_count;
237 r->sector_count = 0;
7e8c49c5
PB		 238 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
239 scsi_write_do_fua(r);
240 return;
241 } else {
242 scsi_req_complete(&r->req, GOOD);
243 }
c7bae6a7
PB		 244
245done:
246 if (!r->req.io_canceled) {
247 scsi_req_unref(&r->req);
248 }
4d611c9a
PB		 249}
250
b77912a7 251static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 252{
253 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 255 int n;
0a4ac106 256
b77912a7
PB		 257 if (r->req.aiocb != NULL) {
258 r->req.aiocb = NULL;
259 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
260 }
0a4ac106
PB		 261
262 if (ret < 0) {
71544d30 263 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 264 goto done;
0a4ac106
PB		 265 }
266 }
267
b77912a7
PB		 268 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
269
270 n = r->qiov.size / 512;
271 r->sector += n;
272 r->sector_count -= n;
273 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 274
275done:
276 if (!r->req.io_canceled) {
277 scsi_req_unref(&r->req);
278 }
0a4ac106 279}
5dba48a8 280
ac668426
PB		 281/* Actually issue a read to the block device. */
282static void scsi_do_read(void *opaque, int ret)
283{
284 SCSIDiskReq *r = opaque;
285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
286 uint32_t n;
287
288 if (r->req.aiocb != NULL) {
289 r->req.aiocb = NULL;
290 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
291 }
292
293 if (ret < 0) {
294 if (scsi_handle_rw_error(r, -ret)) {
295 goto done;
296 }
297 }
298
299 if (r->req.sg) {
300 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
301 r->req.resid -= r->req.sg->size;
302 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
303 scsi_dma_complete, r);
304 } else {
305 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
306 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
307 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
308 scsi_read_complete, r);
309 }
310
311done:
312 if (!r->req.io_canceled) {
313 scsi_req_unref(&r->req);
314 }
315}
316
5c6c0e51
HR		 317/* Read more data from scsi device into buffer. */
318static void scsi_read_data(SCSIRequest *req)
2e5d83bb 319{
5c6c0e51 320 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 322 bool first;
2e5d83bb 323
a917d384 324 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 325 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 326 r->sector_count = 0;
a0e66a69 327 r->started = true;
ab9adc88 328 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 329 return;
2e5d83bb 330 }
a917d384
PB		 331 DPRINTF("Read sector_count=%d\n", r->sector_count);
332 if (r->sector_count == 0) {
b45ef674
PB		 333 /* This also clears the sense buffer for REQUEST SENSE. */
334 scsi_req_complete(&r->req, GOOD);
a917d384 335 return;
2e5d83bb
PB		 336 }
337
6fa2c95f
SH		 338 /* No data transfer may already be in progress */
339 assert(r->req.aiocb == NULL);
340
c7bae6a7
PB		 341 /* The request is used as the AIO opaque value, so add a ref. */
342 scsi_req_ref(&r->req);
efb9ee02
HR		 343 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
344 DPRINTF("Data transfer direction invalid\n");
345 scsi_read_complete(r, -EINVAL);
346 return;
347 }
348
a1aff5bf
MA		 349 if (s->tray_open) {
350 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 351 return;
a1aff5bf 352 }
c7bae6a7 353
ac668426 354 first = !r->started;
a0e66a69 355 r->started = true;
ac668426
PB		 356 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
357 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
358 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
5d0d2467 359 } else {
ac668426 360 scsi_do_read(r, 0);
5d0d2467 361 }
2e5d83bb
PB		 362}
363
c7bae6a7
PB		 364/*
365 * scsi_handle_rw_error has two return values. 0 means that the error
366 * must be ignored, 1 means that the error has been processed and the
367 * caller should not do anything else for this request. Note that
368 * scsi_handle_rw_error always manages its reference counts, independent
369 * of the return value.
370 */
71544d30 371static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 372{
71544d30 373 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
44740c38 375 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
ea8a5d7f 376
380f640f 377 if (action == BLOCK_ERR_IGNORE) {
329c0a48 378 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 379 return 0;
380f640f 380 }
ea8a5d7f
AL		 381
382 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
383 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8 384
329c0a48 385 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
0461d5a6 386 vm_stop(RUN_STATE_IO_ERROR);
44740c38 387 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
71544d30 388 scsi_req_retry(&r->req);
ea8a5d7f 389 } else {
efb9ee02 390 switch (error) {
7e218df5
PB		 391 case ENOMEDIUM:
392 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
393 break;
efb9ee02 394 case ENOMEM:
b45ef674 395 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 396 break;
397 case EINVAL:
b45ef674 398 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 399 break;
400 default:
b45ef674 401 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 402 break;
a1f0cce2 403 }
329c0a48 404 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 405 }
ea8a5d7f
AL		 406 return 1;
407}
408
4d611c9a
PB		 409static void scsi_write_complete(void * opaque, int ret)
410{
4c41d2ef 411 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 412 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 413 uint32_t n;
414
8e321cc6
PB		 415 if (r->req.aiocb != NULL) {
416 r->req.aiocb = NULL;
44740c38 417 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 418 }
a597e79c 419
80624c93 420 if (ret < 0) {
71544d30 421 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 422 goto done;
5dba48a8 423 }
4d611c9a
PB		 424 }
425
103b40f5 426 n = r->qiov.size / 512;
ea8a5d7f
AL		 427 r->sector += n;
428 r->sector_count -= n;
a917d384 429 if (r->sector_count == 0) {
7e8c49c5
PB		 430 scsi_write_do_fua(r);
431 return;
a917d384 432 } else {
43b978b9 433 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
103b40f5
PB		 434 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
435 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 436 }
c7bae6a7
PB		 437
438done:
439 if (!r->req.io_canceled) {
440 scsi_req_unref(&r->req);
441 }
4d611c9a
PB		 442}
443
42741212 444static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 445{
5c6c0e51 446 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 448 uint32_t n;
449
6fa2c95f
SH		 450 /* No data transfer may already be in progress */
451 assert(r->req.aiocb == NULL);
452
c7bae6a7
PB		 453 /* The request is used as the AIO opaque value, so add a ref. */
454 scsi_req_ref(&r->req);
efb9ee02
HR		 455 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
456 DPRINTF("Data transfer direction invalid\n");
457 scsi_write_complete(r, -EINVAL);
42741212 458 return;
efb9ee02
HR		 459 }
460
5d0d2467
PB		 461 if (!r->req.sg && !r->qiov.size) {
462 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 463 r->started = true;
5d0d2467
PB		 464 scsi_write_complete(r, 0);
465 return;
466 }
467 if (s->tray_open) {
468 scsi_write_complete(r, -ENOMEDIUM);
469 return;
470 }
471
7f64f8e2
PB		 472 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
473 r->req.cmd.buf[0] == VERIFY_16) {
474 if (r->req.sg) {
475 scsi_dma_complete(r, 0);
476 } else {
477 scsi_write_complete(r, 0);
478 }
479 return;
480 }
481
5d0d2467
PB		 482 if (r->req.sg) {
483 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
484 r->req.resid -= r->req.sg->size;
485 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
486 scsi_dma_complete, r);
487 } else {
488 n = r->qiov.size / 512;
44740c38
PB		 489 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
490 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 491 scsi_write_complete, r);
ea8a5d7f 492 }
a917d384 493}
2e5d83bb 494
a917d384 495/* Return a pointer to the data buffer. */
5c6c0e51 496static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 497{
5c6c0e51 498 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 499
3f4cb3d3 500 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 501}
502
0b06c059
GH		 503static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
504{
383b4d9b 505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 506 int buflen = 0;
507
508 if (req->cmd.buf[1] & 0x2) {
509 /* Command support data - optional, not implemented */
510 BADF("optional INQUIRY command support request not implemented\n");
511 return -1;
512 }
513
514 if (req->cmd.buf[1] & 0x1) {
515 /* Vital product data */
516 uint8_t page_code = req->cmd.buf[2];
517 if (req->cmd.xfer < 4) {
518 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
519 "less than 4\n", page_code, req->cmd.xfer);
520 return -1;
521 }
522
e39be482 523 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 524 outbuf[buflen++] = page_code ; // this page
525 outbuf[buflen++] = 0x00;
526
527 switch (page_code) {
528 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 529 {
530 int pages;
0b06c059
GH		 531 DPRINTF("Inquiry EVPD[Supported pages] "
532 "buffer size %zd\n", req->cmd.xfer);
39d98982 533 pages = buflen++;
0b06c059 534 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 535 if (s->serial) {
3e1c0c9a 536 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 537 }
0b06c059 538 outbuf[buflen++] = 0x83; // device identification
f37bd73b 539 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 540 outbuf[buflen++] = 0xb0; // block limits
541 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 542 }
543 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 544 break;
39d98982 545 }
0b06c059
GH		 546 case 0x80: /* Device serial number, optional */
547 {
3e1c0c9a 548 int l;
0b06c059 549
3e1c0c9a
HR		 550 if (!s->serial) {
551 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
552 return -1;
553 }
554
555 l = strlen(s->serial);
f01b5931 556 if (l > 20) {
0b06c059 557 l = 20;
f01b5931 558 }
0b06c059
GH		 559
560 DPRINTF("Inquiry EVPD[Serial number] "
561 "buffer size %zd\n", req->cmd.xfer);
562 outbuf[buflen++] = l;
a0fef654 563 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 564 buflen += l;
565 break;
566 }
567
568 case 0x83: /* Device identification page, mandatory */
569 {
fd930791
PB		 570 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
571 int max_len = s->serial ? 20 : 255 - 8;
572 int id_len = strlen(str);
0b06c059 573
f01b5931 574 if (id_len > max_len) {
0b06c059 575 id_len = max_len;
f01b5931 576 }
0b06c059
GH		 577 DPRINTF("Inquiry EVPD[Device identification] "
578 "buffer size %zd\n", req->cmd.xfer);
579
39d98982 580 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 581 outbuf[buflen++] = 0x2; // ASCII
582 outbuf[buflen++] = 0; // not officially assigned
583 outbuf[buflen++] = 0; // reserved
584 outbuf[buflen++] = id_len; // length of data following
585
fd930791 586 memcpy(outbuf+buflen, str, id_len);
0b06c059
GH		 587 buflen += id_len;
588 break;
589 }
ea3bd56f 590 case 0xb0: /* block limits */
ee3659e3 591 {
ea3bd56f
CH		 592 unsigned int unmap_sectors =
593 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 594 unsigned int min_io_size =
595 s->qdev.conf.min_io_size / s->qdev.blocksize;
596 unsigned int opt_io_size =
597 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 598
f37bd73b 599 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 600 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
601 page_code);
602 return -1;
603 }
ee3659e3
CH		 604 /* required VPD size with unmap support */
605 outbuf[3] = buflen = 0x3c;
606
607 memset(outbuf + 4, 0, buflen - 4);
608
609 /* optimal transfer length granularity */
610 outbuf[6] = (min_io_size >> 8) & 0xff;
611 outbuf[7] = min_io_size & 0xff;
612
613 /* optimal transfer length */
614 outbuf[12] = (opt_io_size >> 24) & 0xff;
615 outbuf[13] = (opt_io_size >> 16) & 0xff;
616 outbuf[14] = (opt_io_size >> 8) & 0xff;
617 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 618
619 /* optimal unmap granularity */
620 outbuf[28] = (unmap_sectors >> 24) & 0xff;
621 outbuf[29] = (unmap_sectors >> 16) & 0xff;
622 outbuf[30] = (unmap_sectors >> 8) & 0xff;
623 outbuf[31] = unmap_sectors & 0xff;
624 break;
625 }
626 case 0xb2: /* thin provisioning */
627 {
628 outbuf[3] = buflen = 8;
629 outbuf[4] = 0;
630 outbuf[5] = 0x40; /* write same with unmap supported */
631 outbuf[6] = 0;
632 outbuf[7] = 0;
ee3659e3
CH		 633 break;
634 }
0b06c059
GH		 635 default:
636 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
637 "buffer size %zd\n", page_code, req->cmd.xfer);
638 return -1;
639 }
640 /* done with EVPD */
641 return buflen;
642 }
643
644 /* Standard INQUIRY data */
645 if (req->cmd.buf[2] != 0) {
646 BADF("Error: Inquiry (STANDARD) page or code "
647 "is non-zero [%02X]\n", req->cmd.buf[2]);
648 return -1;
649 }
650
651 /* PAGE CODE == 0 */
652 if (req->cmd.xfer < 5) {
653 BADF("Error: Inquiry (STANDARD) buffer size %zd "
654 "is less than 5\n", req->cmd.xfer);
655 return -1;
656 }
657
0b06c059 658 buflen = req->cmd.xfer;
f01b5931 659 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 660 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 661 }
0b06c059
GH		 662 memset(outbuf, 0, buflen);
663
f37bd73b 664 outbuf[0] = s->qdev.type & 0x1f;
e39be482 665 outbuf[1] = s->removable ? 0x80 : 0;
f37bd73b 666 if (s->qdev.type == TYPE_ROM) {
550fe6c6 667 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 668 } else {
550fe6c6 669 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 670 }
550fe6c6 671 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 672 memset(&outbuf[32], 0, 4);
552fee93 673 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 674 /*
675 * We claim conformance to SPC-3, which is required for guests
676 * to ask for modern features like READ CAPACITY(16) or the
677 * block characteristics VPD page by default. Not all of SPC-3
678 * is actually implemented, but we're good enough.
679 */
ee3659e3 680 outbuf[2] = 5;
0b06c059 681 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 682
683 if (buflen > 36) {
684 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
685 } else {
686 /* If the allocation length of CDB is too small,
687 the additional length is not adjusted */
688 outbuf[4] = 36 - 5;
689 }
690
0b06c059 691 /* Sync data transfer and TCQ. */
afd4030c 692 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 693 return buflen;
694}
695
430ee2f2
PB		 696static inline bool media_is_dvd(SCSIDiskState *s)
697{
698 uint64_t nb_sectors;
699 if (s->qdev.type != TYPE_ROM) {
700 return false;
701 }
44740c38 702 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 703 return false;
704 }
44740c38 705 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 706 return nb_sectors > CD_MAX_SECTORS;
707}
708
ceb792ef
PB		 709static inline bool media_is_cd(SCSIDiskState *s)
710{
711 uint64_t nb_sectors;
712 if (s->qdev.type != TYPE_ROM) {
713 return false;
714 }
44740c38 715 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 716 return false;
717 }
44740c38 718 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 719 return nb_sectors <= CD_MAX_SECTORS;
720}
721
b6c251ab
PB		 722static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
723 uint8_t *outbuf)
724{
ceb792ef
PB		 725 static const int rds_caps_size[5] = {
726 [0] = 2048 + 4,
727 [1] = 4 + 4,
728 [3] = 188 + 4,
729 [4] = 2048 + 4,
730 };
731
732 uint8_t media = r->req.cmd.buf[1];
733 uint8_t layer = r->req.cmd.buf[6];
734 uint8_t format = r->req.cmd.buf[7];
735 int size = -1;
736
737 if (s->qdev.type != TYPE_ROM) {
738 return -1;
739 }
740 if (media != 0) {
741 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
742 return -1;
743 }
744
745 if (format != 0xff) {
44740c38 746 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 747 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
748 return -1;
749 }
750 if (media_is_cd(s)) {
751 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
752 return -1;
753 }
754 if (format >= ARRAY_SIZE(rds_caps_size)) {
755 return -1;
756 }
757 size = rds_caps_size[format];
758 memset(outbuf, 0, size);
759 }
760
761 switch (format) {
762 case 0x00: {
763 /* Physical format information */
764 uint64_t nb_sectors;
765 if (layer != 0) {
766 goto fail;
767 }
44740c38 768 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 769
770 outbuf[4] = 1; /* DVD-ROM, part version 1 */
771 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
772 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
773 outbuf[7] = 0; /* default densities */
774
775 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
776 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
777 break;
778 }
779
780 case 0x01: /* DVD copyright information, all zeros */
781 break;
782
783 case 0x03: /* BCA information - invalid field for no BCA info */
784 return -1;
785
786 case 0x04: /* DVD disc manufacturing information, all zeros */
787 break;
788
789 case 0xff: { /* List capabilities */
790 int i;
791 size = 4;
792 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
793 if (!rds_caps_size[i]) {
794 continue;
795 }
796 outbuf[size] = i;
797 outbuf[size + 1] = 0x40; /* Not writable, readable */
798 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
799 size += 4;
800 }
801 break;
802 }
803
804 default:
805 return -1;
806 }
807
808 /* Size of buffer, not including 2 byte size field */
809 stw_be_p(outbuf, size - 2);
810 return size;
811
812fail:
b6c251ab
PB		 813 return -1;
814}
815
3c2f7c12 816static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 817{
3c2f7c12
PB		 818 uint8_t event_code, media_status;
819
820 media_status = 0;
821 if (s->tray_open) {
822 media_status = MS_TRAY_OPEN;
44740c38 823 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 824 media_status = MS_MEDIA_PRESENT;
825 }
826
827 /* Event notification descriptor */
828 event_code = MEC_NO_CHANGE;
4480de19
PB		 829 if (media_status != MS_TRAY_OPEN) {
830 if (s->media_event) {
831 event_code = MEC_NEW_MEDIA;
832 s->media_event = false;
833 } else if (s->eject_request) {
834 event_code = MEC_EJECT_REQUESTED;
835 s->eject_request = false;
836 }
3c2f7c12
PB		 837 }
838
839 outbuf[0] = event_code;
840 outbuf[1] = media_status;
841
842 /* These fields are reserved, just clear them. */
843 outbuf[2] = 0;
844 outbuf[3] = 0;
845 return 4;
846}
847
848static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
849 uint8_t *outbuf)
850{
851 int size;
852 uint8_t *buf = r->req.cmd.buf;
853 uint8_t notification_class_request = buf[4];
854 if (s->qdev.type != TYPE_ROM) {
855 return -1;
856 }
857 if ((buf[1] & 1) == 0) {
858 /* asynchronous */
859 return -1;
860 }
861
862 size = 4;
863 outbuf[0] = outbuf[1] = 0;
864 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
865 if (notification_class_request & (1 << GESN_MEDIA)) {
866 outbuf[2] = GESN_MEDIA;
867 size += scsi_event_status_media(s, &outbuf[size]);
868 } else {
869 outbuf[2] = 0x80;
870 }
871 stw_be_p(outbuf, size - 4);
872 return size;
b6c251ab
PB		 873}
874
430ee2f2 875static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 876{
430ee2f2
PB		 877 int current;
878
b6c251ab
PB		 879 if (s->qdev.type != TYPE_ROM) {
880 return -1;
881 }
430ee2f2
PB		 882 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
883 memset(outbuf, 0, 40);
884 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
885 stw_be_p(&outbuf[6], current);
886 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
887 outbuf[10] = 0x03; /* persistent, current */
888 outbuf[11] = 8; /* two profiles */
889 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
890 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
891 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
892 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
893 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
894 stw_be_p(&outbuf[20], 1);
895 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
896 outbuf[23] = 8;
897 stl_be_p(&outbuf[24], 1); /* SCSI */
898 outbuf[28] = 1; /* DBE = 1, mandatory */
899 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
900 stw_be_p(&outbuf[32], 3);
901 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
902 outbuf[35] = 4;
903 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
904 /* TODO: Random readable, CD read, DVD read, drive serial number,
905 power management */
906 return 40;
b6c251ab
PB		 907}
908
909static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
910{
911 if (s->qdev.type != TYPE_ROM) {
912 return -1;
913 }
914 memset(outbuf, 0, 8);
915 outbuf[5] = 1; /* CD-ROM */
916 return 8;
917}
918
cfc606da 919static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 920 int page_control)
ebddfcbe 921{
a8f4bbe2
PB		 922 static const int mode_sense_valid[0x3f] = {
923 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
924 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
925 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 926 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
927 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 928 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
929 };
930
44740c38 931 BlockDriverState *bdrv = s->qdev.conf.bs;
ebddfcbe 932 int cylinders, heads, secs;
cfc606da 933 uint8_t *p = *p_outbuf;
ebddfcbe 934
a8f4bbe2
PB		 935 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
936 return -1;
937 }
938
939 p[0] = page;
940
282ab04e
BK		 941 /*
942 * If Changeable Values are requested, a mask denoting those mode parameters
943 * that are changeable shall be returned. As we currently don't support
944 * parameter changes via MODE_SELECT all bits are returned set to zero.
945 * The buffer was already menset to zero by the caller of this function.
946 */
ebddfcbe 947 switch (page) {
67cc61e4 948 case MODE_PAGE_HD_GEOMETRY:
ebddfcbe 949 p[1] = 0x16;
282ab04e 950 if (page_control == 1) { /* Changeable Values */
cfc606da 951 break;
282ab04e 952 }
ebddfcbe 953 /* if a geometry hint is available, use it */
245d0049 954 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 955 p[2] = (cylinders >> 16) & 0xff;
956 p[3] = (cylinders >> 8) & 0xff;
957 p[4] = cylinders & 0xff;
958 p[5] = heads & 0xff;
959 /* Write precomp start cylinder, disabled */
960 p[6] = (cylinders >> 16) & 0xff;
961 p[7] = (cylinders >> 8) & 0xff;
962 p[8] = cylinders & 0xff;
963 /* Reduced current start cylinder, disabled */
964 p[9] = (cylinders >> 16) & 0xff;
965 p[10] = (cylinders >> 8) & 0xff;
966 p[11] = cylinders & 0xff;
967 /* Device step rate [ns], 200ns */
968 p[12] = 0;
969 p[13] = 200;
970 /* Landing zone cylinder */
971 p[14] = 0xff;
972 p[15] = 0xff;
973 p[16] = 0xff;
974 /* Medium rotation rate [rpm], 5400 rpm */
975 p[20] = (5400 >> 8) & 0xff;
976 p[21] = 5400 & 0xff;
cfc606da 977 break;
ebddfcbe 978
67cc61e4 979 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ebddfcbe 980 p[1] = 0x1e;
282ab04e 981 if (page_control == 1) { /* Changeable Values */
cfc606da 982 break;
282ab04e 983 }
ebddfcbe
GH		 984 /* Transfer rate [kbit/s], 5Mbit/s */
985 p[2] = 5000 >> 8;
986 p[3] = 5000 & 0xff;
987 /* if a geometry hint is available, use it */
245d0049 988 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
ebddfcbe
GH		 989 p[4] = heads & 0xff;
990 p[5] = secs & 0xff;
69377307 991 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 992 p[8] = (cylinders >> 8) & 0xff;
993 p[9] = cylinders & 0xff;
994 /* Write precomp start cylinder, disabled */
995 p[10] = (cylinders >> 8) & 0xff;
996 p[11] = cylinders & 0xff;
997 /* Reduced current start cylinder, disabled */
998 p[12] = (cylinders >> 8) & 0xff;
999 p[13] = cylinders & 0xff;
1000 /* Device step rate [100us], 100us */
1001 p[14] = 0;
1002 p[15] = 1;
1003 /* Device step pulse width [us], 1us */
1004 p[16] = 1;
1005 /* Device head settle delay [100us], 100us */
1006 p[17] = 0;
1007 p[18] = 1;
1008 /* Motor on delay [0.1s], 0.1s */
1009 p[19] = 1;
1010 /* Motor off delay [0.1s], 0.1s */
1011 p[20] = 1;
1012 /* Medium rotation rate [rpm], 5400 rpm */
1013 p[28] = (5400 >> 8) & 0xff;
1014 p[29] = 5400 & 0xff;
cfc606da 1015 break;
ebddfcbe 1016
67cc61e4 1017 case MODE_PAGE_CACHING:
ebddfcbe
GH		 1018 p[0] = 8;
1019 p[1] = 0x12;
282ab04e 1020 if (page_control == 1) { /* Changeable Values */
cfc606da 1021 break;
282ab04e 1022 }
44740c38 1023 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
ebddfcbe
GH		 1024 p[2] = 4; /* WCE */
1025 }
cfc606da 1026 break;
ebddfcbe 1027
a07c7dcd
PB		 1028 case MODE_PAGE_R_W_ERROR:
1029 p[1] = 10;
1030 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1031 if (s->qdev.type == TYPE_ROM) {
1032 p[3] = 0x20; /* Read Retry Count */
1033 }
1034 break;
1035
1036 case MODE_PAGE_AUDIO_CTL:
1037 p[1] = 14;
1038 break;
1039
67cc61e4 1040 case MODE_PAGE_CAPABILITIES:
ebddfcbe 1041 p[1] = 0x14;
282ab04e 1042 if (page_control == 1) { /* Changeable Values */
cfc606da 1043 break;
282ab04e 1044 }
a07c7dcd
PB		 1045
1046 p[2] = 0x3b; /* CD-R & CD-RW read */
1047 p[3] = 0; /* Writing not supported */
ebddfcbe
GH		 1048 p[4] = 0x7f; /* Audio, composite, digital out,
1049 mode 2 form 1&2, multi session */
1050 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1051 RW corrected, C2 errors, ISRC,
1052 UPC, Bar code */
81b1008d 1053 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 1054 /* Locking supported, jumper present, eject, tray */
1055 p[7] = 0; /* no volume & mute control, no
1056 changer */
a07c7dcd 1057 p[8] = (50 * 176) >> 8; /* 50x read speed */
ebddfcbe 1058 p[9] = (50 * 176) & 0xff;
a07c7dcd
PB		 1059 p[10] = 2 >> 8; /* Two volume levels */
1060 p[11] = 2 & 0xff;
1061 p[12] = 2048 >> 8; /* 2M buffer */
ebddfcbe 1062 p[13] = 2048 & 0xff;
a07c7dcd 1063 p[14] = (16 * 176) >> 8; /* 16x read speed current */
ebddfcbe 1064 p[15] = (16 * 176) & 0xff;
a07c7dcd 1065 p[18] = (16 * 176) >> 8; /* 16x write speed */
ebddfcbe 1066 p[19] = (16 * 176) & 0xff;
a07c7dcd 1067 p[20] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1068 p[21] = (16 * 176) & 0xff;
cfc606da 1069 break;
ebddfcbe
GH		 1070
1071 default:
cfc606da 1072 return -1;
ebddfcbe 1073 }
cfc606da
PB		 1074
1075 *p_outbuf += p[1] + 2;
1076 return p[1] + 2;
ebddfcbe
GH		 1077}
1078
cfc606da 1079static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1080{
cfc606da 1081 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1082 uint64_t nb_sectors;
cfc606da 1083 int page, dbd, buflen, ret, page_control;
ebddfcbe 1084 uint8_t *p;
ce512ee1 1085 uint8_t dev_specific_param;
ebddfcbe 1086
cfc606da
PB		 1087 dbd = r->req.cmd.buf[1] & 0x8;
1088 page = r->req.cmd.buf[2] & 0x3f;
1089 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1090 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1091 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1092 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1093 p = outbuf;
1094
44740c38 1095 if (bdrv_is_read_only(s->qdev.conf.bs)) {
ce512ee1
BK		 1096 dev_specific_param = 0x80; /* Readonly. */
1097 } else {
1098 dev_specific_param = 0x00;
1099 }
1100
cfc606da 1101 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1102 p[1] = 0; /* Default media type. */
1103 p[2] = dev_specific_param;
1104 p[3] = 0; /* Block descriptor length. */
1105 p += 4;
1106 } else { /* MODE_SENSE_10 */
1107 p[2] = 0; /* Default media type. */
1108 p[3] = dev_specific_param;
1109 p[6] = p[7] = 0; /* Block descriptor length. */
1110 p += 8;
ebddfcbe 1111 }
ebddfcbe 1112
0fd76ff4 1113 /* MMC prescribes that CD/DVD drives have no block descriptors. */
44740c38 1114 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
0fd76ff4 1115 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
cfc606da 1116 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1117 outbuf[3] = 8; /* Block descriptor length */
1118 } else { /* MODE_SENSE_10 */
1119 outbuf[7] = 8; /* Block descriptor length */
1120 }
69377307 1121 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1122 if (nb_sectors > 0xffffff) {
2488b740 1123 nb_sectors = 0;
f01b5931 1124 }
ebddfcbe
GH		 1125 p[0] = 0; /* media density code */
1126 p[1] = (nb_sectors >> 16) & 0xff;
1127 p[2] = (nb_sectors >> 8) & 0xff;
1128 p[3] = nb_sectors & 0xff;
1129 p[4] = 0; /* reserved */
1130 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1131 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1132 p[7] = 0;
1133 p += 8;
1134 }
1135
cfc606da
PB		 1136 if (page_control == 3) {
1137 /* Saved Values */
1138 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1139 return -1;
282ab04e
BK		 1140 }
1141
cfc606da
PB		 1142 if (page == 0x3f) {
1143 for (page = 0; page <= 0x3e; page++) {
1144 mode_sense_page(s, page, &p, page_control);
1145 }
1146 } else {
1147 ret = mode_sense_page(s, page, &p, page_control);
1148 if (ret == -1) {
1149 return -1;
1150 }
ebddfcbe
GH		 1151 }
1152
1153 buflen = p - outbuf;
ce512ee1
BK		 1154 /*
1155 * The mode data length field specifies the length in bytes of the
1156 * following data that is available to be transferred. The mode data
1157 * length does not include itself.
1158 */
cfc606da 1159 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1160 outbuf[0] = buflen - 1;
1161 } else { /* MODE_SENSE_10 */
1162 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1163 outbuf[1] = (buflen - 2) & 0xff;
1164 }
ebddfcbe
GH		 1165 return buflen;
1166}
1167
02880f43
GH		 1168static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1169{
1170 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1171 int start_track, format, msf, toclen;
1172 uint64_t nb_sectors;
1173
1174 msf = req->cmd.buf[1] & 2;
1175 format = req->cmd.buf[2] & 0xf;
1176 start_track = req->cmd.buf[6];
44740c38 1177 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1178 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1179 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1180 switch (format) {
1181 case 0:
1182 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1183 break;
1184 case 1:
1185 /* multi session : only a single session defined */
1186 toclen = 12;
1187 memset(outbuf, 0, 12);
1188 outbuf[1] = 0x0a;
1189 outbuf[2] = 0x01;
1190 outbuf[3] = 0x01;
1191 break;
1192 case 2:
1193 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1194 break;
1195 default:
1196 return -1;
1197 }
02880f43
GH		 1198 return toclen;
1199}
1200
68bb01f3 1201static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1202{
1203 SCSIRequest *req = &r->req;
1204 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1205 bool start = req->cmd.buf[4] & 1;
1206 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1207
1208 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 1209 if (!start && !s->tray_open && s->tray_locked) {
1210 scsi_check_condition(r,
44740c38 1211 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1212 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1213 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1214 return -1;
fdec4404 1215 }
d88b1819
LC		 1216
1217 if (s->tray_open != !start) {
1218 bdrv_eject(s->qdev.conf.bs, !start);
1219 s->tray_open = !start;
1220 }
bfd52647 1221 }
68bb01f3 1222 return 0;
bfd52647
MA		 1223}
1224
7285477a 1225static int scsi_disk_emulate_command(SCSIDiskReq *r)
aa5dbdc1 1226{
8af7a3ab 1227 SCSIRequest *req = &r->req;
e7e25e32 1228 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1229 uint64_t nb_sectors;
7285477a 1230 uint8_t *outbuf;
aa5dbdc1
GH		 1231 int buflen = 0;
1232
7285477a
PB		 1233 if (!r->iov.iov_base) {
1234 /*
1235 * FIXME: we shouldn't return anything bigger than 4k, but the code
1236 * requires the buffer to be as big as req->cmd.xfer in several
1237 * places. So, do not allow CDBs with a very large ALLOCATION
1238 * LENGTH. The real fix would be to modify scsi_read_data and
1239 * dma_buf_read, so that they return data beyond the buflen
1240 * as all zeros.
1241 */
1242 if (req->cmd.xfer > 65536) {
1243 goto illegal_request;
1244 }
1245 r->buflen = MAX(4096, req->cmd.xfer);
44740c38 1246 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1247 }
1248
1249 outbuf = r->iov.iov_base;
aa5dbdc1
GH		 1250 switch (req->cmd.buf[0]) {
1251 case TEST_UNIT_READY:
9bcaf4fe 1252 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1253 break;
0b06c059
GH		 1254 case INQUIRY:
1255 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1256 if (buflen < 0) {
0b06c059 1257 goto illegal_request;
f01b5931 1258 }
5f71d32f 1259 break;
ebddfcbe
GH		 1260 case MODE_SENSE:
1261 case MODE_SENSE_10:
cfc606da 1262 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1263 if (buflen < 0) {
ebddfcbe 1264 goto illegal_request;
f01b5931 1265 }
ebddfcbe 1266 break;
02880f43
GH		 1267 case READ_TOC:
1268 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1269 if (buflen < 0) {
02880f43 1270 goto illegal_request;
f01b5931 1271 }
02880f43 1272 break;
3d53ba18 1273 case RESERVE:
f01b5931 1274 if (req->cmd.buf[1] & 1) {
3d53ba18 1275 goto illegal_request;
f01b5931 1276 }
3d53ba18
GH		 1277 break;
1278 case RESERVE_10:
f01b5931 1279 if (req->cmd.buf[1] & 3) {
3d53ba18 1280 goto illegal_request;
f01b5931 1281 }
3d53ba18
GH		 1282 break;
1283 case RELEASE:
f01b5931 1284 if (req->cmd.buf[1] & 1) {
3d53ba18 1285 goto illegal_request;
f01b5931 1286 }
3d53ba18
GH		 1287 break;
1288 case RELEASE_10:
f01b5931 1289 if (req->cmd.buf[1] & 3) {
3d53ba18 1290 goto illegal_request;
f01b5931 1291 }
3d53ba18 1292 break;
8d3628ff 1293 case START_STOP:
68bb01f3
MA		 1294 if (scsi_disk_emulate_start_stop(r) < 0) {
1295 return -1;
1296 }
5f71d32f 1297 break;
c68b9f34 1298 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1299 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1300 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1301 break;
5e30a07d 1302 case READ_CAPACITY_10:
e7e25e32 1303 /* The normal LEN field for this command is zero. */
5f71d32f 1304 memset(outbuf, 0, 8);
44740c38 1305 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1306 if (!nb_sectors) {
9bcaf4fe
PB		 1307 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1308 return -1;
f01b5931 1309 }
7cec78b6
PB		 1310 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1311 goto illegal_request;
1312 }
69377307 1313 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1314 /* Returned value is the address of the last sector. */
1315 nb_sectors--;
1316 /* Remember the new size for read/write sanity checking. */
7877903a 1317 s->qdev.max_lba = nb_sectors;
e7e25e32 1318 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1319 if (nb_sectors > UINT32_MAX) {
e7e25e32 1320 nb_sectors = UINT32_MAX;
f01b5931 1321 }
e7e25e32
GH		 1322 outbuf[0] = (nb_sectors >> 24) & 0xff;
1323 outbuf[1] = (nb_sectors >> 16) & 0xff;
1324 outbuf[2] = (nb_sectors >> 8) & 0xff;
1325 outbuf[3] = nb_sectors & 0xff;
1326 outbuf[4] = 0;
1327 outbuf[5] = 0;
69377307 1328 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32
GH		 1329 outbuf[7] = 0;
1330 buflen = 8;
5f71d32f 1331 break;
f3b338ef
PB		 1332 case REQUEST_SENSE:
1333 /* Just return "NO SENSE". */
1334 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1335 (req->cmd.buf[1] & 1) == 0);
1336 break;
b6c251ab
PB		 1337 case MECHANISM_STATUS:
1338 buflen = scsi_emulate_mechanism_status(s, outbuf);
1339 if (buflen < 0) {
1340 goto illegal_request;
1341 }
1342 break;
38215553 1343 case GET_CONFIGURATION:
430ee2f2 1344 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1345 if (buflen < 0) {
1346 goto illegal_request;
1347 }
1348 break;
1349 case GET_EVENT_STATUS_NOTIFICATION:
1350 buflen = scsi_get_event_status_notification(s, r, outbuf);
1351 if (buflen < 0) {
1352 goto illegal_request;
1353 }
1354 break;
1355 case READ_DVD_STRUCTURE:
1356 buflen = scsi_read_dvd_structure(s, r, outbuf);
1357 if (buflen < 0) {
1358 goto illegal_request;
1359 }
38215553 1360 break;
f6515262 1361 case SERVICE_ACTION_IN_16:
5dd90e2a 1362 /* Service Action In subcommands. */
f6515262 1363 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1364 DPRINTF("SAI READ CAPACITY(16)\n");
1365 memset(outbuf, 0, req->cmd.xfer);
44740c38 1366 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1367 if (!nb_sectors) {
9bcaf4fe
PB		 1368 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1369 return -1;
f01b5931 1370 }
7cec78b6
PB		 1371 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1372 goto illegal_request;
1373 }
69377307 1374 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1375 /* Returned value is the address of the last sector. */
1376 nb_sectors--;
1377 /* Remember the new size for read/write sanity checking. */
7877903a 1378 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1379 outbuf[0] = (nb_sectors >> 56) & 0xff;
1380 outbuf[1] = (nb_sectors >> 48) & 0xff;
1381 outbuf[2] = (nb_sectors >> 40) & 0xff;
1382 outbuf[3] = (nb_sectors >> 32) & 0xff;
1383 outbuf[4] = (nb_sectors >> 24) & 0xff;
1384 outbuf[5] = (nb_sectors >> 16) & 0xff;
1385 outbuf[6] = (nb_sectors >> 8) & 0xff;
1386 outbuf[7] = nb_sectors & 0xff;
1387 outbuf[8] = 0;
1388 outbuf[9] = 0;
69377307 1389 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1390 outbuf[11] = 0;
ee3659e3
CH		 1391 outbuf[12] = 0;
1392 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1393
1394 /* set TPE bit if the format supports discard */
1395 if (s->qdev.conf.discard_granularity) {
1396 outbuf[14] = 0x80;
1397 }
1398
5dd90e2a
GH		 1399 /* Protection, exponent and lowest lba field left blank. */
1400 buflen = req->cmd.xfer;
1401 break;
1402 }
1403 DPRINTF("Unsupported Service Action In\n");
1404 goto illegal_request;
aa5dbdc1 1405 default:
b45ef674 1406 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1407 return -1;
aa5dbdc1 1408 }
e2f0c49f 1409 buflen = MIN(buflen, req->cmd.xfer);
aa5dbdc1
GH		 1410 return buflen;
1411
aa5dbdc1 1412illegal_request:
cfc606da
PB		 1413 if (r->req.status == -1) {
1414 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1415 }
8af7a3ab 1416 return -1;
aa5dbdc1
GH		 1417}
1418
2e5d83bb
PB		 1419/* Execute a scsi command. Returns the length of the data expected by the
1420 command. This will be Positive for data transfers from the device
1421 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1422 and zero if the command does not transfer any data. */
1423
5c6c0e51 1424static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1425{
5c6c0e51
HR		 1426 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1427 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1428 int32_t len;
a917d384 1429 uint8_t command;
aa5dbdc1 1430 int rc;
a917d384
PB		 1431
1432 command = buf[0];
653c1c3f 1433 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1434
2e5d83bb
PB		 1435#ifdef DEBUG_SCSI
1436 {
1437 int i;
2dd791b6 1438 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1439 printf(" 0x%02x", buf[i]);
1440 }
1441 printf("\n");
1442 }
1443#endif
aa5dbdc1 1444
9bcaf4fe
PB		 1445 switch (command) {
1446 case INQUIRY:
1447 case MODE_SENSE:
1448 case MODE_SENSE_10:
1449 case RESERVE:
1450 case RESERVE_10:
1451 case RELEASE:
1452 case RELEASE_10:
1453 case START_STOP:
1454 case ALLOW_MEDIUM_REMOVAL:
1455 case GET_CONFIGURATION:
1456 case GET_EVENT_STATUS_NOTIFICATION:
1457 case MECHANISM_STATUS:
1458 case REQUEST_SENSE:
1459 break;
1460
1461 default:
1462 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1463 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1464 return 0;
1465 }
1466 break;
1467 }
1468
a917d384 1469 switch (command) {
ebf46023 1470 case TEST_UNIT_READY:
0b06c059 1471 case INQUIRY:
ebddfcbe
GH		 1472 case MODE_SENSE:
1473 case MODE_SENSE_10:
3d53ba18
GH		 1474 case RESERVE:
1475 case RESERVE_10:
1476 case RELEASE:
1477 case RELEASE_10:
8d3628ff 1478 case START_STOP:
c68b9f34 1479 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1480 case READ_CAPACITY_10:
02880f43 1481 case READ_TOC:
b6c251ab 1482 case READ_DVD_STRUCTURE:
38215553 1483 case GET_CONFIGURATION:
b6c251ab
PB		 1484 case GET_EVENT_STATUS_NOTIFICATION:
1485 case MECHANISM_STATUS:
f6515262 1486 case SERVICE_ACTION_IN_16:
f3b338ef 1487 case REQUEST_SENSE:
7285477a 1488 rc = scsi_disk_emulate_command(r);
8af7a3ab 1489 if (rc < 0) {
0b06c059 1490 return 0;
aa5dbdc1 1491 }
8af7a3ab
KW		 1492
1493 r->iov.iov_len = rc;
0b06c059 1494 break;
0a4ac106 1495 case SYNCHRONIZE_CACHE:
c7bae6a7
PB		 1496 /* The request is used as the AIO opaque value, so add a ref. */
1497 scsi_req_ref(&r->req);
44740c38
PB		 1498 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1499 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
0a4ac106 1500 return 0;
ebf46023
GH		 1501 case READ_6:
1502 case READ_10:
bd536cf3
GH		 1503 case READ_12:
1504 case READ_16:
5c6c0e51 1505 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6 1506 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
7877903a 1507 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1508 goto illegal_lba;
f01b5931 1509 }
69377307
PB		 1510 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1511 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1512 break;
7f64f8e2
PB		 1513 case VERIFY_10:
1514 case VERIFY_12:
1515 case VERIFY_16:
ebf46023
GH		 1516 case WRITE_6:
1517 case WRITE_10:
bd536cf3
GH		 1518 case WRITE_12:
1519 case WRITE_16:
5e30a07d 1520 case WRITE_VERIFY_10:
ebef0bbb
BK		 1521 case WRITE_VERIFY_12:
1522 case WRITE_VERIFY_16:
5c6c0e51 1523 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1524 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1525 (command & 0xe) == 0xe ? "And Verify " : "",
1526 r->req.cmd.lba, len);
7877903a 1527 if (r->req.cmd.lba > s->qdev.max_lba) {
274fb0e1 1528 goto illegal_lba;
f01b5931 1529 }
69377307
PB		 1530 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1531 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1532 break;
ebef0bbb 1533 case MODE_SELECT:
2dd791b6 1534 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1535 /* We don't support mode parameter changes.
1536 Allow the mode parameter header + block descriptors only. */
2dd791b6 1537 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1538 goto fail;
1539 }
1540 break;
1541 case MODE_SELECT_10:
2dd791b6 1542 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1543 /* We don't support mode parameter changes.
1544 Allow the mode parameter header + block descriptors only. */
2dd791b6 1545 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1546 goto fail;
1547 }
1548 break;
ebef0bbb 1549 case SEEK_10:
00a01ad4 1550 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
7877903a 1551 if (r->req.cmd.lba > s->qdev.max_lba) {
ebef0bbb
BK		 1552 goto illegal_lba;
1553 }
ea3bd56f
CH		 1554 break;
1555 case WRITE_SAME_16:
5c6c0e51 1556 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1557
1558 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1559 r->req.cmd.lba, len);
1560
7877903a 1561 if (r->req.cmd.lba > s->qdev.max_lba) {
ea3bd56f
CH		 1562 goto illegal_lba;
1563 }
1564
1565 /*
1566 * We only support WRITE SAME with the unmap bit set for now.
1567 */
1568 if (!(buf[1] & 0x8)) {
1569 goto fail;
1570 }
1571
69377307
PB		 1572 rc = bdrv_discard(s->qdev.conf.bs,
1573 r->req.cmd.lba * (s->qdev.blocksize / 512),
1574 len * (s->qdev.blocksize / 512));
ea3bd56f
CH		 1575 if (rc < 0) {
1576 /* XXX: better error code ?*/
1577 goto fail;
1578 }
1579
ebef0bbb 1580 break;
2e5d83bb 1581 default:
2dd791b6 1582 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1583 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1584 return 0;
2e5d83bb 1585 fail:
b45ef674 1586 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1587 return 0;
274fb0e1 1588 illegal_lba:
b45ef674 1589 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1590 return 0;
2e5d83bb 1591 }
c87c0672 1592 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1593 scsi_req_complete(&r->req, GOOD);
a917d384 1594 }
c87c0672 1595 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1596 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1597 return -len;
a917d384 1598 } else {
f01b5931 1599 if (!r->sector_count) {
a917d384 1600 r->sector_count = -1;
f01b5931 1601 }
efb9ee02 1602 return len;
2e5d83bb 1603 }
2e5d83bb
PB		 1604}
1605
e9447f35
JK		 1606static void scsi_disk_reset(DeviceState *dev)
1607{
1608 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1609 uint64_t nb_sectors;
1610
c7b48872 1611 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1612
44740c38 1613 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1614 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1615 if (nb_sectors) {
1616 nb_sectors--;
1617 }
7877903a 1618 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1619}
1620
1621static void scsi_destroy(SCSIDevice *dev)
1622{
1623 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1624
c7b48872 1625 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1626 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1627}
1628
7d4b4ba5 1629static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1630{
8a9c16f6
PB		 1631 SCSIDiskState *s = opaque;
1632
1633 /*
1634 * When a CD gets changed, we have to report an ejected state and
1635 * then a loaded state to guests so that they detect tray
1636 * open/close and media change events. Guests that do not use
1637 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1638 * states rely on this behavior.
1639 *
1640 * media_changed governs the state machine used for unit attention
1641 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1642 */
1643 s->media_changed = load;
1644 s->tray_open = !load;
1645 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
3c2f7c12 1646 s->media_event = true;
4480de19
PB		 1647 s->eject_request = false;
1648}
1649
1650static void scsi_cd_eject_request_cb(void *opaque, bool force)
1651{
1652 SCSIDiskState *s = opaque;
1653
1654 s->eject_request = true;
1655 if (force) {
1656 s->tray_locked = false;
1657 }
2c6942fa
MA		 1658}
1659
e4def80b
MA		 1660static bool scsi_cd_is_tray_open(void *opaque)
1661{
1662 return ((SCSIDiskState *)opaque)->tray_open;
1663}
1664
f107639a
MA		 1665static bool scsi_cd_is_medium_locked(void *opaque)
1666{
1667 return ((SCSIDiskState *)opaque)->tray_locked;
1668}
1669
1670static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1671 .change_media_cb = scsi_cd_change_media_cb,
4480de19 1672 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 1673 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1674 .is_medium_locked = scsi_cd_is_medium_locked,
1675};
1676
8a9c16f6
PB		 1677static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1678{
1679 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1680 if (s->media_changed) {
1681 s->media_changed = false;
1682 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1683 }
1684}
1685
e39be482 1686static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 1687{
d52affa7 1688 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1689 DriveInfo *dinfo;
2e5d83bb 1690
f8b6cc00 1691 if (!s->qdev.conf.bs) {
6a84cb1f 1692 error_report("drive property not set");
d52affa7
GH		 1693 return -1;
1694 }
1695
e39be482 1696 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 1697 error_report("Device needs media, but drive is empty");
1698 return -1;
1699 }
1700
a0fef654 1701 if (!s->serial) {
f8b6cc00 1702 /* try to fall back to value set with legacy -drive serial=... */
44740c38 1703 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
3e1c0c9a 1704 if (*dinfo->serial) {
7267c094 1705 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1706 }
a0fef654
MA		 1707 }
1708
552fee93 1709 if (!s->version) {
7267c094 1710 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1711 }
1712
44740c38 1713 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 1714 error_report("unwanted /dev/sg*");
32bb404a
MA		 1715 return -1;
1716 }
1717
e39be482 1718 if (s->removable) {
44740c38 1719 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
2e5d83bb 1720 }
44740c38 1721 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 1722
44740c38 1723 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 1724 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 1725 return 0;
1726}
1727
b443ae67
MA		 1728static int scsi_hd_initfn(SCSIDevice *dev)
1729{
e39be482
PB		 1730 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1731 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1732 s->qdev.type = TYPE_DISK;
1733 return scsi_initfn(&s->qdev);
b443ae67
MA		 1734}
1735
1736static int scsi_cd_initfn(SCSIDevice *dev)
1737{
e39be482
PB		 1738 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1739 s->qdev.blocksize = 2048;
1740 s->qdev.type = TYPE_ROM;
1741 s->removable = true;
1742 return scsi_initfn(&s->qdev);
b443ae67
MA		 1743}
1744
1745static int scsi_disk_initfn(SCSIDevice *dev)
1746{
95b5edcd 1747 DriveInfo *dinfo;
b443ae67
MA		 1748
1749 if (!dev->conf.bs) {
e39be482 1750 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 1751 }
1752
e39be482
PB		 1753 dinfo = drive_get_by_blockdev(dev->conf.bs);
1754 if (dinfo->media_cd) {
1755 return scsi_cd_initfn(dev);
1756 } else {
1757 return scsi_hd_initfn(dev);
1758 }
b443ae67
MA		 1759}
1760
adcf2754 1761static const SCSIReqOps scsi_disk_reqops = {
8dbd4574 1762 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1763 .free_req = scsi_free_request,
1764 .send_command = scsi_send_command,
1765 .read_data = scsi_read_data,
1766 .write_data = scsi_write_data,
1767 .cancel_io = scsi_cancel_io,
1768 .get_buf = scsi_get_buf,
43b978b9
PB		 1769 .load_request = scsi_disk_load_request,
1770 .save_request = scsi_disk_save_request,
8dbd4574
PB		 1771};
1772
63db0f0e
PB		 1773static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1774 uint8_t *buf, void *hba_private)
8dbd4574
PB		 1775{
1776 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1777 SCSIRequest *req;
8dbd4574
PB		 1778
1779 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
8dbd4574
PB		 1780 return req;
1781}
1782
336a6915
PB		 1783#ifdef __linux__
1784static int get_device_type(SCSIDiskState *s)
1785{
1786 BlockDriverState *bdrv = s->qdev.conf.bs;
1787 uint8_t cmd[16];
1788 uint8_t buf[36];
1789 uint8_t sensebuf[8];
1790 sg_io_hdr_t io_header;
1791 int ret;
1792
1793 memset(cmd, 0, sizeof(cmd));
1794 memset(buf, 0, sizeof(buf));
1795 cmd[0] = INQUIRY;
1796 cmd[4] = sizeof(buf);
1797
1798 memset(&io_header, 0, sizeof(io_header));
1799 io_header.interface_id = 'S';
1800 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1801 io_header.dxfer_len = sizeof(buf);
1802 io_header.dxferp = buf;
1803 io_header.cmdp = cmd;
1804 io_header.cmd_len = sizeof(cmd);
1805 io_header.mx_sb_len = sizeof(sensebuf);
1806 io_header.sbp = sensebuf;
1807 io_header.timeout = 6000; /* XXX */
1808
1809 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1810 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1811 return -1;
1812 }
1813 s->qdev.type = buf[0];
1814 s->removable = (buf[1] & 0x80) != 0;
1815 return 0;
1816}
1817
1818static int scsi_block_initfn(SCSIDevice *dev)
1819{
1820 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1821 int sg_version;
1822 int rc;
1823
1824 if (!s->qdev.conf.bs) {
1825 error_report("scsi-block: drive property not set");
1826 return -1;
1827 }
1828
1829 /* check we are using a driver managing SG_IO (version 3 and after) */
1830 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1831 sg_version < 30000) {
1832 error_report("scsi-block: scsi generic interface too old");
1833 return -1;
1834 }
1835
1836 /* get device type from INQUIRY data */
1837 rc = get_device_type(s);
1838 if (rc < 0) {
1839 error_report("scsi-block: INQUIRY failed");
1840 return -1;
1841 }
1842
1843 /* Make a guess for the block size, we'll fix it when the guest sends.
1844 * READ CAPACITY. If they don't, they likely would assume these sizes
1845 * anyway. (TODO: check in /sys).
1846 */
1847 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1848 s->qdev.blocksize = 2048;
1849 } else {
1850 s->qdev.blocksize = 512;
1851 }
1852 return scsi_initfn(&s->qdev);
1853}
1854
1855static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1856 uint32_t lun, uint8_t *buf,
1857 void *hba_private)
1858{
1859 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1860
1861 switch (buf[0]) {
1862 case READ_6:
1863 case READ_10:
1864 case READ_12:
1865 case READ_16:
7f64f8e2
PB		 1866 case VERIFY_10:
1867 case VERIFY_12:
1868 case VERIFY_16:
336a6915
PB		 1869 case WRITE_6:
1870 case WRITE_10:
1871 case WRITE_12:
1872 case WRITE_16:
1873 case WRITE_VERIFY_10:
1874 case WRITE_VERIFY_12:
1875 case WRITE_VERIFY_16:
eaccf49e
PB		 1876 /* If we are not using O_DIRECT, we might read stale data from the
1877 * host cache if writes were made using other commands than these
1878 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1879 * O_DIRECT everything must go through SG_IO.
1880 */
1881 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1882 break;
1883 }
1884
33ebad12
PB		 1885 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1886 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1887 * And once you do these writes, reading from the block device is
1888 * unreliable, too. It is even possible that reads deliver random data
1889 * from the host page cache (this is probably a Linux bug).
1890 *
1891 * We might use scsi_disk_reqops as long as no writing commands are
1892 * seen, but performance usually isn't paramount on optical media. So,
1893 * just make scsi-block operate the same as scsi-generic for them.
1894 */
eaccf49e
PB		 1895 if (s->qdev.type == TYPE_ROM) {
1896 break;
1897 }
1898 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1899 hba_private);
336a6915
PB		 1900 }
1901
1902 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1903 hba_private);
1904}
1905#endif
1906
b443ae67
MA		 1907#define DEFINE_SCSI_DISK_PROPERTIES() \
1908 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1909 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1910 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1911
39bffca2
AL		 1912static Property scsi_hd_properties[] = {
1913 DEFINE_SCSI_DISK_PROPERTIES(),
1914 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1915 DEFINE_PROP_END_OF_LIST(),
1916};
1917
43b978b9
PB		 1918static const VMStateDescription vmstate_scsi_disk_state = {
1919 .name = "scsi-disk",
1920 .version_id = 1,
1921 .minimum_version_id = 1,
1922 .minimum_version_id_old = 1,
1923 .fields = (VMStateField[]) {
1924 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1925 VMSTATE_BOOL(media_changed, SCSIDiskState),
1926 VMSTATE_BOOL(media_event, SCSIDiskState),
1927 VMSTATE_BOOL(eject_request, SCSIDiskState),
1928 VMSTATE_BOOL(tray_open, SCSIDiskState),
1929 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1930 VMSTATE_END_OF_LIST()
1931 }
1932};
1933
b9eea3e6
AL		 1934static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1935{
39bffca2 1936 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1937 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1938
1939 sc->init = scsi_hd_initfn;
1940 sc->destroy = scsi_destroy;
1941 sc->alloc_req = scsi_new_request;
1942 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1943 dc->fw_name = "disk";
1944 dc->desc = "virtual SCSI disk";
1945 dc->reset = scsi_disk_reset;
1946 dc->props = scsi_hd_properties;
43b978b9 1947 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1948}
1949
39bffca2
AL		 1950static TypeInfo scsi_hd_info = {
1951 .name = "scsi-hd",
1952 .parent = TYPE_SCSI_DEVICE,
1953 .instance_size = sizeof(SCSIDiskState),
1954 .class_init = scsi_hd_class_initfn,
1955};
1956
1957static Property scsi_cd_properties[] = {
1958 DEFINE_SCSI_DISK_PROPERTIES(),
1959 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 1960};
1961
1962static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1963{
39bffca2 1964 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1965 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1966
1967 sc->init = scsi_cd_initfn;
1968 sc->destroy = scsi_destroy;
1969 sc->alloc_req = scsi_new_request;
1970 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 1971 dc->fw_name = "disk";
1972 dc->desc = "virtual SCSI CD-ROM";
1973 dc->reset = scsi_disk_reset;
1974 dc->props = scsi_cd_properties;
43b978b9 1975 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 1976}
1977
39bffca2
AL		 1978static TypeInfo scsi_cd_info = {
1979 .name = "scsi-cd",
1980 .parent = TYPE_SCSI_DEVICE,
1981 .instance_size = sizeof(SCSIDiskState),
1982 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 1983};
1984
336a6915 1985#ifdef __linux__
39bffca2
AL		 1986static Property scsi_block_properties[] = {
1987 DEFINE_SCSI_DISK_PROPERTIES(),
1988 DEFINE_PROP_END_OF_LIST(),
1989};
1990
b9eea3e6
AL		 1991static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1992{
39bffca2 1993 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 1994 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1995
1996 sc->init = scsi_block_initfn;
1997 sc->destroy = scsi_destroy;
1998 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 1999 dc->fw_name = "disk";
2000 dc->desc = "SCSI block device passthrough";
2001 dc->reset = scsi_disk_reset;
2002 dc->props = scsi_block_properties;
43b978b9 2003 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2004}
2005
39bffca2
AL		 2006static TypeInfo scsi_block_info = {
2007 .name = "scsi-block",
2008 .parent = TYPE_SCSI_DEVICE,
2009 .instance_size = sizeof(SCSIDiskState),
2010 .class_init = scsi_block_class_initfn,
b9eea3e6 2011};
336a6915 2012#endif
b9eea3e6 2013
39bffca2
AL		 2014static Property scsi_disk_properties[] = {
2015 DEFINE_SCSI_DISK_PROPERTIES(),
2016 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
2017 DEFINE_PROP_END_OF_LIST(),
2018};
2019
b9eea3e6
AL		 2020static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2021{
39bffca2 2022 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2023 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2024
2025 sc->init = scsi_disk_initfn;
2026 sc->destroy = scsi_destroy;
2027 sc->alloc_req = scsi_new_request;
2028 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2029 dc->fw_name = "disk";
2030 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2031 dc->reset = scsi_disk_reset;
2032 dc->props = scsi_disk_properties;
43b978b9 2033 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2034}
2035
39bffca2
AL		 2036static TypeInfo scsi_disk_info = {
2037 .name = "scsi-disk",
2038 .parent = TYPE_SCSI_DEVICE,
2039 .instance_size = sizeof(SCSIDiskState),
2040 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 2041};
2042
83f7d43a 2043static void scsi_disk_register_types(void)
d52affa7 2044{
39bffca2
AL		 2045 type_register_static(&scsi_hd_info);
2046 type_register_static(&scsi_cd_info);
b9eea3e6 2047#ifdef __linux__
39bffca2 2048 type_register_static(&scsi_block_info);
b9eea3e6 2049#endif
39bffca2 2050 type_register_static(&scsi_disk_info);
8ccc2ace 2051}
83f7d43a
AF		 2052
2053type_init(scsi_disk_register_types)
Qemu copy for testing