]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qemu-nbd: add --discard option
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
87ecb68b 31#include "qemu-common.h"
1de7afc9 32#include "qemu/error-report.h"
43b443b6 33#include "scsi.h"
0d65e1f8 34#include "scsi-defs.h"
9c17d615
PB		 35#include "sysemu/sysemu.h"
36#include "sysemu/blockdev.h"
9db1c0f7 37#include "hw/block-common.h"
9c17d615 38#include "sysemu/dma.h"
22864256 39
336a6915
PB		 40#ifdef __linux
41#include <scsi/sg.h>
42#endif
43
f0f72ffe 44#define SCSI_DMA_BUF_SIZE 131072
57575058 45#define SCSI_MAX_INQUIRY_LEN 256
380feaff 46#define SCSI_MAX_MODE_LEN 256
a917d384 47
d52affa7
GH		 48typedef struct SCSIDiskState SCSIDiskState;
49
4c41d2ef
GH		 50typedef struct SCSIDiskReq {
51 SCSIRequest req;
a917d384 52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 53 uint64_t sector;
54 uint32_t sector_count;
7285477a 55 uint32_t buflen;
a0e66a69 56 bool started;
c87c0672
AL		 57 struct iovec iov;
58 QEMUIOVector qiov;
a597e79c 59 BlockAcctCookie acct;
4c41d2ef 60} SCSIDiskReq;
a917d384 61
bfe3d7ac 62#define SCSI_DISK_F_REMOVABLE 0
da8365db 63#define SCSI_DISK_F_DPOFUA 1
bfe3d7ac 64
d52affa7 65struct SCSIDiskState
a917d384 66{
d52affa7 67 SCSIDevice qdev;
bfe3d7ac 68 uint32_t features;
8a9c16f6 69 bool media_changed;
3c2f7c12 70 bool media_event;
4480de19 71 bool eject_request;
27395add 72 uint64_t wwn;
213189ab 73 QEMUBH *bh;
383b4d9b 74 char *version;
a0fef654 75 char *serial;
353815aa
DF		 76 char *vendor;
77 char *product;
ece0d5e9 78 bool tray_open;
81b1008d 79 bool tray_locked;
2e5d83bb
PB		 80};
81
71544d30 82static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
5dba48a8 83
ad2d30f7 84static void scsi_free_request(SCSIRequest *req)
4d611c9a 85{
ad2d30f7
PB		 86 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
87
db4c34c3 88 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 89}
90
b45ef674
PB		 91/* Helper function for command completion with sense. */
92static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 93{
02fa69b6
BS		 94 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
95 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 96 scsi_req_build_sense(&r->req, sense);
97 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 98}
99
100/* Cancel a pending data transfer. */
5c6c0e51 101static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 102{
5c6c0e51
HR		 103 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
104
105 DPRINTF("Cancel tag=0x%x\n", req->tag);
106 if (r->req.aiocb) {
107 bdrv_aio_cancel(r->req.aiocb);
c7bae6a7
PB		 108
109 /* This reference was left in by scsi_*_data. We take ownership of
110 * it the moment scsi_req_cancel is called, independent of whether
111 * bdrv_aio_cancel completes the request or not. */
112 scsi_req_unref(&r->req);
a917d384 113 }
5c6c0e51 114 r->req.aiocb = NULL;
a917d384
PB		 115}
116
43b978b9 117static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 118{
7285477a
PB		 119 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
120
121 if (!r->iov.iov_base) {
43b978b9 122 r->buflen = size;
44740c38 123 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 124 }
125 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5
PB		 126 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
127 return r->qiov.size / 512;
128}
129
43b978b9
PB		 130static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
131{
132 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
133
134 qemu_put_be64s(f, &r->sector);
135 qemu_put_be32s(f, &r->sector_count);
136 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 137 if (r->buflen) {
138 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
139 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
140 } else if (!req->retry) {
141 uint32_t len = r->iov.iov_len;
142 qemu_put_be32s(f, &len);
143 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
144 }
43b978b9
PB		 145 }
146}
147
148static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
149{
150 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
151
152 qemu_get_be64s(f, &r->sector);
153 qemu_get_be32s(f, &r->sector_count);
154 qemu_get_be32s(f, &r->buflen);
155 if (r->buflen) {
156 scsi_init_iovec(r, r->buflen);
157 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
158 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 159 } else if (!r->req.retry) {
160 uint32_t len;
161 qemu_get_be32s(f, &len);
162 r->iov.iov_len = len;
163 assert(r->iov.iov_len <= r->buflen);
164 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 165 }
166 }
167
168 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
169}
170
c1b35247 171static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 172{
173 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
175
46e3f30e
PB		 176 assert(r->req.aiocb != NULL);
177 r->req.aiocb = NULL;
5d0d2467
PB		 178 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
179
80624c93 180 if (ret < 0) {
5d0d2467
PB		 181 if (scsi_handle_rw_error(r, -ret)) {
182 goto done;
183 }
184 }
185
5d0d2467
PB		 186 scsi_req_complete(&r->req, GOOD);
187
188done:
b8aba8d7
PB		 189 if (!r->req.io_canceled) {
190 scsi_req_unref(&r->req);
191 }
5d0d2467
PB		 192}
193
7e8c49c5
PB		 194static bool scsi_is_cmd_fua(SCSICommand *cmd)
195{
196 switch (cmd->buf[0]) {
197 case READ_10:
198 case READ_12:
199 case READ_16:
200 case WRITE_10:
201 case WRITE_12:
202 case WRITE_16:
203 return (cmd->buf[1] & 8) != 0;
204
7f64f8e2
PB		 205 case VERIFY_10:
206 case VERIFY_12:
207 case VERIFY_16:
7e8c49c5
PB		 208 case WRITE_VERIFY_10:
209 case WRITE_VERIFY_12:
210 case WRITE_VERIFY_16:
211 return true;
212
213 case READ_6:
214 case WRITE_6:
215 default:
216 return false;
217 }
218}
219
220static void scsi_write_do_fua(SCSIDiskReq *r)
221{
222 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
223
224 if (scsi_is_cmd_fua(&r->req.cmd)) {
225 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
c1b35247 226 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
7e8c49c5
PB		 227 return;
228 }
229
230 scsi_req_complete(&r->req, GOOD);
231 if (!r->req.io_canceled) {
232 scsi_req_unref(&r->req);
233 }
234}
235
b77912a7 236static void scsi_dma_complete(void *opaque, int ret)
a917d384 237{
4c41d2ef 238 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 240
46e3f30e
PB		 241 assert(r->req.aiocb != NULL);
242 r->req.aiocb = NULL;
243 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
a597e79c 244
80624c93 245 if (ret < 0) {
71544d30 246 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 247 goto done;
5dba48a8 248 }
4d611c9a 249 }
5dba48a8 250
b77912a7
PB		 251 r->sector += r->sector_count;
252 r->sector_count = 0;
7e8c49c5
PB		 253 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
254 scsi_write_do_fua(r);
255 return;
256 } else {
257 scsi_req_complete(&r->req, GOOD);
258 }
c7bae6a7
PB		 259
260done:
261 if (!r->req.io_canceled) {
262 scsi_req_unref(&r->req);
263 }
4d611c9a
PB		 264}
265
b77912a7 266static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 267{
268 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 270 int n;
0a4ac106 271
46e3f30e
PB		 272 assert(r->req.aiocb != NULL);
273 r->req.aiocb = NULL;
274 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
0a4ac106
PB		 275
276 if (ret < 0) {
71544d30 277 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 278 goto done;
0a4ac106
PB		 279 }
280 }
281
b77912a7
PB		 282 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
283
284 n = r->qiov.size / 512;
285 r->sector += n;
286 r->sector_count -= n;
287 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 288
289done:
290 if (!r->req.io_canceled) {
291 scsi_req_unref(&r->req);
292 }
0a4ac106 293}
5dba48a8 294
ac668426
PB		 295/* Actually issue a read to the block device. */
296static void scsi_do_read(void *opaque, int ret)
297{
298 SCSIDiskReq *r = opaque;
299 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
300 uint32_t n;
301
302 if (r->req.aiocb != NULL) {
303 r->req.aiocb = NULL;
304 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
305 }
306
307 if (ret < 0) {
308 if (scsi_handle_rw_error(r, -ret)) {
309 goto done;
310 }
311 }
312
31e8fd86
PB		 313 if (r->req.io_canceled) {
314 return;
315 }
316
317 /* The request is used as the AIO opaque value, so add a ref. */
318 scsi_req_ref(&r->req);
319
ac668426
PB		 320 if (r->req.sg) {
321 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
322 r->req.resid -= r->req.sg->size;
323 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
324 scsi_dma_complete, r);
325 } else {
326 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
327 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
328 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
329 scsi_read_complete, r);
330 }
331
332done:
333 if (!r->req.io_canceled) {
334 scsi_req_unref(&r->req);
335 }
336}
337
5c6c0e51
HR		 338/* Read more data from scsi device into buffer. */
339static void scsi_read_data(SCSIRequest *req)
2e5d83bb 340{
5c6c0e51 341 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 342 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 343 bool first;
2e5d83bb 344
a917d384
PB		 345 DPRINTF("Read sector_count=%d\n", r->sector_count);
346 if (r->sector_count == 0) {
b45ef674
PB		 347 /* This also clears the sense buffer for REQUEST SENSE. */
348 scsi_req_complete(&r->req, GOOD);
a917d384 349 return;
2e5d83bb
PB		 350 }
351
6fa2c95f
SH		 352 /* No data transfer may already be in progress */
353 assert(r->req.aiocb == NULL);
354
c7bae6a7
PB		 355 /* The request is used as the AIO opaque value, so add a ref. */
356 scsi_req_ref(&r->req);
efb9ee02
HR		 357 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
358 DPRINTF("Data transfer direction invalid\n");
359 scsi_read_complete(r, -EINVAL);
360 return;
361 }
362
a1aff5bf
MA		 363 if (s->tray_open) {
364 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 365 return;
a1aff5bf 366 }
c7bae6a7 367
ac668426 368 first = !r->started;
a0e66a69 369 r->started = true;
ac668426
PB		 370 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
371 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
372 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
5d0d2467 373 } else {
ac668426 374 scsi_do_read(r, 0);
5d0d2467 375 }
2e5d83bb
PB		 376}
377
c7bae6a7
PB		 378/*
379 * scsi_handle_rw_error has two return values. 0 means that the error
380 * must be ignored, 1 means that the error has been processed and the
381 * caller should not do anything else for this request. Note that
382 * scsi_handle_rw_error always manages its reference counts, independent
383 * of the return value.
384 */
71544d30 385static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
5dba48a8 386{
1ceee0d5 387 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
4c41d2ef 388 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3e1caa5f 389 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
ea8a5d7f 390
3e1caa5f 391 if (action == BDRV_ACTION_REPORT) {
efb9ee02 392 switch (error) {
7e218df5
PB		 393 case ENOMEDIUM:
394 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
395 break;
efb9ee02 396 case ENOMEM:
b45ef674 397 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 398 break;
399 case EINVAL:
b45ef674 400 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 401 break;
402 default:
b45ef674 403 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 404 break;
a1f0cce2 405 }
ea8a5d7f 406 }
3e1caa5f
PB		 407 bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
408 if (action == BDRV_ACTION_STOP) {
409 scsi_req_retry(&r->req);
410 }
411 return action != BDRV_ACTION_IGNORE;
ea8a5d7f
AL		 412}
413
4d611c9a
PB		 414static void scsi_write_complete(void * opaque, int ret)
415{
4c41d2ef 416 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 417 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 418 uint32_t n;
419
8e321cc6
PB		 420 if (r->req.aiocb != NULL) {
421 r->req.aiocb = NULL;
44740c38 422 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
8e321cc6 423 }
a597e79c 424
80624c93 425 if (ret < 0) {
71544d30 426 if (scsi_handle_rw_error(r, -ret)) {
c7bae6a7 427 goto done;
5dba48a8 428 }
4d611c9a
PB		 429 }
430
103b40f5 431 n = r->qiov.size / 512;
ea8a5d7f
AL		 432 r->sector += n;
433 r->sector_count -= n;
a917d384 434 if (r->sector_count == 0) {
7e8c49c5
PB		 435 scsi_write_do_fua(r);
436 return;
a917d384 437 } else {
43b978b9 438 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
79fb50bb 439 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
103b40f5 440 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 441 }
c7bae6a7
PB		 442
443done:
444 if (!r->req.io_canceled) {
445 scsi_req_unref(&r->req);
446 }
4d611c9a
PB		 447}
448
42741212 449static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 450{
5c6c0e51 451 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 452 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 453 uint32_t n;
454
6fa2c95f
SH		 455 /* No data transfer may already be in progress */
456 assert(r->req.aiocb == NULL);
457
c7bae6a7
PB		 458 /* The request is used as the AIO opaque value, so add a ref. */
459 scsi_req_ref(&r->req);
efb9ee02
HR		 460 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
461 DPRINTF("Data transfer direction invalid\n");
462 scsi_write_complete(r, -EINVAL);
42741212 463 return;
efb9ee02
HR		 464 }
465
5d0d2467
PB		 466 if (!r->req.sg && !r->qiov.size) {
467 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 468 r->started = true;
5d0d2467
PB		 469 scsi_write_complete(r, 0);
470 return;
471 }
472 if (s->tray_open) {
473 scsi_write_complete(r, -ENOMEDIUM);
474 return;
475 }
476
7f64f8e2
PB		 477 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
478 r->req.cmd.buf[0] == VERIFY_16) {
479 if (r->req.sg) {
480 scsi_dma_complete(r, 0);
481 } else {
482 scsi_write_complete(r, 0);
483 }
484 return;
485 }
486
5d0d2467
PB		 487 if (r->req.sg) {
488 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
489 r->req.resid -= r->req.sg->size;
490 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
491 scsi_dma_complete, r);
492 } else {
493 n = r->qiov.size / 512;
44740c38
PB		 494 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
495 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
103b40f5 496 scsi_write_complete, r);
ea8a5d7f 497 }
a917d384 498}
2e5d83bb 499
a917d384 500/* Return a pointer to the data buffer. */
5c6c0e51 501static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 502{
5c6c0e51 503 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 504
3f4cb3d3 505 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 506}
507
0b06c059
GH		 508static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
509{
383b4d9b 510 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059 511 int buflen = 0;
82579390 512 int start;
0b06c059 513
0b06c059
GH		 514 if (req->cmd.buf[1] & 0x1) {
515 /* Vital product data */
516 uint8_t page_code = req->cmd.buf[2];
0b06c059 517
e39be482 518 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 519 outbuf[buflen++] = page_code ; // this page
520 outbuf[buflen++] = 0x00;
82579390
PB		 521 outbuf[buflen++] = 0x00;
522 start = buflen;
0b06c059
GH		 523
524 switch (page_code) {
525 case 0x00: /* Supported page codes, mandatory */
39d98982 526 {
0b06c059
GH		 527 DPRINTF("Inquiry EVPD[Supported pages] "
528 "buffer size %zd\n", req->cmd.xfer);
0b06c059 529 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 530 if (s->serial) {
3e1c0c9a 531 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 532 }
0b06c059 533 outbuf[buflen++] = 0x83; // device identification
f37bd73b 534 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 535 outbuf[buflen++] = 0xb0; // block limits
536 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982 537 }
0b06c059 538 break;
39d98982 539 }
0b06c059
GH		 540 case 0x80: /* Device serial number, optional */
541 {
3e1c0c9a 542 int l;
0b06c059 543
3e1c0c9a
HR		 544 if (!s->serial) {
545 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
546 return -1;
547 }
548
549 l = strlen(s->serial);
f01b5931 550 if (l > 20) {
0b06c059 551 l = 20;
f01b5931 552 }
0b06c059
GH		 553
554 DPRINTF("Inquiry EVPD[Serial number] "
555 "buffer size %zd\n", req->cmd.xfer);
a0fef654 556 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 557 buflen += l;
558 break;
559 }
560
561 case 0x83: /* Device identification page, mandatory */
562 {
fd930791
PB		 563 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
564 int max_len = s->serial ? 20 : 255 - 8;
565 int id_len = strlen(str);
0b06c059 566
f01b5931 567 if (id_len > max_len) {
0b06c059 568 id_len = max_len;
f01b5931 569 }
0b06c059
GH		 570 DPRINTF("Inquiry EVPD[Device identification] "
571 "buffer size %zd\n", req->cmd.xfer);
572
0b06c059
GH		 573 outbuf[buflen++] = 0x2; // ASCII
574 outbuf[buflen++] = 0; // not officially assigned
575 outbuf[buflen++] = 0; // reserved
576 outbuf[buflen++] = id_len; // length of data following
fd930791 577 memcpy(outbuf+buflen, str, id_len);
0b06c059 578 buflen += id_len;
27395add
PB		 579
580 if (s->wwn) {
581 outbuf[buflen++] = 0x1; // Binary
582 outbuf[buflen++] = 0x3; // NAA
583 outbuf[buflen++] = 0; // reserved
584 outbuf[buflen++] = 8;
585 stq_be_p(&outbuf[buflen], s->wwn);
586 buflen += 8;
587 }
0b06c059
GH		 588 break;
589 }
ea3bd56f 590 case 0xb0: /* block limits */
ee3659e3 591 {
ea3bd56f
CH		 592 unsigned int unmap_sectors =
593 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 594 unsigned int min_io_size =
595 s->qdev.conf.min_io_size / s->qdev.blocksize;
596 unsigned int opt_io_size =
597 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 598
f37bd73b 599 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 600 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
601 page_code);
602 return -1;
603 }
ee3659e3 604 /* required VPD size with unmap support */
82579390 605 buflen = 0x40;
ee3659e3
CH		 606 memset(outbuf + 4, 0, buflen - 4);
607
608 /* optimal transfer length granularity */
609 outbuf[6] = (min_io_size >> 8) & 0xff;
610 outbuf[7] = min_io_size & 0xff;
611
612 /* optimal transfer length */
613 outbuf[12] = (opt_io_size >> 24) & 0xff;
614 outbuf[13] = (opt_io_size >> 16) & 0xff;
615 outbuf[14] = (opt_io_size >> 8) & 0xff;
616 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 617
618 /* optimal unmap granularity */
619 outbuf[28] = (unmap_sectors >> 24) & 0xff;
620 outbuf[29] = (unmap_sectors >> 16) & 0xff;
621 outbuf[30] = (unmap_sectors >> 8) & 0xff;
622 outbuf[31] = unmap_sectors & 0xff;
623 break;
624 }
625 case 0xb2: /* thin provisioning */
626 {
82579390 627 buflen = 8;
ea3bd56f 628 outbuf[4] = 0;
5222aaf2 629 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
f644a290 630 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
ea3bd56f 631 outbuf[7] = 0;
ee3659e3
CH		 632 break;
633 }
0b06c059 634 default:
0b06c059
GH		 635 return -1;
636 }
637 /* done with EVPD */
82579390
PB		 638 assert(buflen - start <= 255);
639 outbuf[start - 1] = buflen - start;
0b06c059
GH		 640 return buflen;
641 }
642
643 /* Standard INQUIRY data */
644 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 645 return -1;
646 }
647
648 /* PAGE CODE == 0 */
0b06c059 649 buflen = req->cmd.xfer;
f01b5931 650 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 651 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 652 }
0b06c059 653
f37bd73b 654 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 655 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 656
657 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
658 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
659
314b1811 660 memset(&outbuf[32], 0, 4);
552fee93 661 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 662 /*
663 * We claim conformance to SPC-3, which is required for guests
664 * to ask for modern features like READ CAPACITY(16) or the
665 * block characteristics VPD page by default. Not all of SPC-3
666 * is actually implemented, but we're good enough.
667 */
ee3659e3 668 outbuf[2] = 5;
1109c894 669 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 670
671 if (buflen > 36) {
672 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
673 } else {
674 /* If the allocation length of CDB is too small,
675 the additional length is not adjusted */
676 outbuf[4] = 36 - 5;
677 }
678
0b06c059 679 /* Sync data transfer and TCQ. */
afd4030c 680 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 681 return buflen;
682}
683
430ee2f2
PB		 684static inline bool media_is_dvd(SCSIDiskState *s)
685{
686 uint64_t nb_sectors;
687 if (s->qdev.type != TYPE_ROM) {
688 return false;
689 }
44740c38 690 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
430ee2f2
PB		 691 return false;
692 }
44740c38 693 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
430ee2f2
PB		 694 return nb_sectors > CD_MAX_SECTORS;
695}
696
ceb792ef
PB		 697static inline bool media_is_cd(SCSIDiskState *s)
698{
699 uint64_t nb_sectors;
700 if (s->qdev.type != TYPE_ROM) {
701 return false;
702 }
44740c38 703 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 704 return false;
705 }
44740c38 706 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 707 return nb_sectors <= CD_MAX_SECTORS;
708}
709
1a4f0c3a
PB		 710static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
711 uint8_t *outbuf)
712{
713 uint8_t type = r->req.cmd.buf[1] & 7;
714
715 if (s->qdev.type != TYPE_ROM) {
716 return -1;
717 }
718
719 /* Types 1/2 are only defined for Blu-Ray. */
720 if (type != 0) {
721 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
722 return -1;
723 }
724
725 memset(outbuf, 0, 34);
726 outbuf[1] = 32;
727 outbuf[2] = 0xe; /* last session complete, disc finalized */
728 outbuf[3] = 1; /* first track on disc */
729 outbuf[4] = 1; /* # of sessions */
730 outbuf[5] = 1; /* first track of last session */
731 outbuf[6] = 1; /* last track of last session */
732 outbuf[7] = 0x20; /* unrestricted use */
733 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
734 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
735 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
736 /* 24-31: disc bar code */
737 /* 32: disc application code */
738 /* 33: number of OPC tables */
739
740 return 34;
741}
742
b6c251ab
PB		 743static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
744 uint8_t *outbuf)
745{
ceb792ef
PB		 746 static const int rds_caps_size[5] = {
747 [0] = 2048 + 4,
748 [1] = 4 + 4,
749 [3] = 188 + 4,
750 [4] = 2048 + 4,
751 };
752
753 uint8_t media = r->req.cmd.buf[1];
754 uint8_t layer = r->req.cmd.buf[6];
755 uint8_t format = r->req.cmd.buf[7];
756 int size = -1;
757
758 if (s->qdev.type != TYPE_ROM) {
759 return -1;
760 }
761 if (media != 0) {
762 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
763 return -1;
764 }
765
766 if (format != 0xff) {
44740c38 767 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
ceb792ef
PB		 768 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
769 return -1;
770 }
771 if (media_is_cd(s)) {
772 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
773 return -1;
774 }
775 if (format >= ARRAY_SIZE(rds_caps_size)) {
776 return -1;
777 }
778 size = rds_caps_size[format];
779 memset(outbuf, 0, size);
780 }
781
782 switch (format) {
783 case 0x00: {
784 /* Physical format information */
785 uint64_t nb_sectors;
786 if (layer != 0) {
787 goto fail;
788 }
44740c38 789 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
ceb792ef
PB		 790
791 outbuf[4] = 1; /* DVD-ROM, part version 1 */
792 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
793 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
794 outbuf[7] = 0; /* default densities */
795
796 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
797 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
798 break;
799 }
800
801 case 0x01: /* DVD copyright information, all zeros */
802 break;
803
804 case 0x03: /* BCA information - invalid field for no BCA info */
805 return -1;
806
807 case 0x04: /* DVD disc manufacturing information, all zeros */
808 break;
809
810 case 0xff: { /* List capabilities */
811 int i;
812 size = 4;
813 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
814 if (!rds_caps_size[i]) {
815 continue;
816 }
817 outbuf[size] = i;
818 outbuf[size + 1] = 0x40; /* Not writable, readable */
819 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
820 size += 4;
821 }
822 break;
823 }
824
825 default:
826 return -1;
827 }
828
829 /* Size of buffer, not including 2 byte size field */
830 stw_be_p(outbuf, size - 2);
831 return size;
832
833fail:
b6c251ab
PB		 834 return -1;
835}
836
3c2f7c12 837static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 838{
3c2f7c12
PB		 839 uint8_t event_code, media_status;
840
841 media_status = 0;
842 if (s->tray_open) {
843 media_status = MS_TRAY_OPEN;
44740c38 844 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
3c2f7c12
PB		 845 media_status = MS_MEDIA_PRESENT;
846 }
847
848 /* Event notification descriptor */
849 event_code = MEC_NO_CHANGE;
4480de19
PB		 850 if (media_status != MS_TRAY_OPEN) {
851 if (s->media_event) {
852 event_code = MEC_NEW_MEDIA;
853 s->media_event = false;
854 } else if (s->eject_request) {
855 event_code = MEC_EJECT_REQUESTED;
856 s->eject_request = false;
857 }
3c2f7c12
PB		 858 }
859
860 outbuf[0] = event_code;
861 outbuf[1] = media_status;
862
863 /* These fields are reserved, just clear them. */
864 outbuf[2] = 0;
865 outbuf[3] = 0;
866 return 4;
867}
868
869static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
870 uint8_t *outbuf)
871{
872 int size;
873 uint8_t *buf = r->req.cmd.buf;
874 uint8_t notification_class_request = buf[4];
875 if (s->qdev.type != TYPE_ROM) {
876 return -1;
877 }
878 if ((buf[1] & 1) == 0) {
879 /* asynchronous */
880 return -1;
881 }
882
883 size = 4;
884 outbuf[0] = outbuf[1] = 0;
885 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
886 if (notification_class_request & (1 << GESN_MEDIA)) {
887 outbuf[2] = GESN_MEDIA;
888 size += scsi_event_status_media(s, &outbuf[size]);
889 } else {
890 outbuf[2] = 0x80;
891 }
892 stw_be_p(outbuf, size - 4);
893 return size;
b6c251ab
PB		 894}
895
430ee2f2 896static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 897{
430ee2f2
PB		 898 int current;
899
b6c251ab
PB		 900 if (s->qdev.type != TYPE_ROM) {
901 return -1;
902 }
430ee2f2
PB		 903 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
904 memset(outbuf, 0, 40);
905 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
906 stw_be_p(&outbuf[6], current);
907 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
908 outbuf[10] = 0x03; /* persistent, current */
909 outbuf[11] = 8; /* two profiles */
910 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
911 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
912 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
913 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
914 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
915 stw_be_p(&outbuf[20], 1);
916 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
917 outbuf[23] = 8;
918 stl_be_p(&outbuf[24], 1); /* SCSI */
919 outbuf[28] = 1; /* DBE = 1, mandatory */
920 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
921 stw_be_p(&outbuf[32], 3);
922 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
923 outbuf[35] = 4;
924 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
925 /* TODO: Random readable, CD read, DVD read, drive serial number,
926 power management */
927 return 40;
b6c251ab
PB		 928}
929
930static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
931{
932 if (s->qdev.type != TYPE_ROM) {
933 return -1;
934 }
935 memset(outbuf, 0, 8);
936 outbuf[5] = 1; /* CD-ROM */
937 return 8;
938}
939
cfc606da 940static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 941 int page_control)
ebddfcbe 942{
a8f4bbe2
PB		 943 static const int mode_sense_valid[0x3f] = {
944 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
945 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
946 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 947 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
948 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 949 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
950 };
ef405611
PB		 951
952 uint8_t *p = *p_outbuf + 2;
953 int length;
ebddfcbe 954
a8f4bbe2
PB		 955 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
956 return -1;
957 }
958
282ab04e
BK		 959 /*
960 * If Changeable Values are requested, a mask denoting those mode parameters
961 * that are changeable shall be returned. As we currently don't support
962 * parameter changes via MODE_SELECT all bits are returned set to zero.
963 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 964 *
965 * The offsets here are off by two compared to the descriptions in the
966 * SCSI specs, because those include a 2-byte header. This is unfortunate,
967 * but it is done so that offsets are consistent within our implementation
968 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
969 * 2-byte and 4-byte headers.
282ab04e 970 */
ebddfcbe 971 switch (page) {
67cc61e4 972 case MODE_PAGE_HD_GEOMETRY:
ef405611 973 length = 0x16;
282ab04e 974 if (page_control == 1) { /* Changeable Values */
cfc606da 975 break;
282ab04e 976 }
ebddfcbe 977 /* if a geometry hint is available, use it */
ef405611
PB		 978 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
979 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
980 p[2] = s->qdev.conf.cyls & 0xff;
981 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 982 /* Write precomp start cylinder, disabled */
ef405611
PB		 983 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
984 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
985 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 986 /* Reduced current start cylinder, disabled */
ef405611
PB		 987 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
988 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
989 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 990 /* Device step rate [ns], 200ns */
ef405611
PB		 991 p[10] = 0;
992 p[11] = 200;
ebddfcbe 993 /* Landing zone cylinder */
ef405611
PB		 994 p[12] = 0xff;
995 p[13] = 0xff;
ebddfcbe 996 p[14] = 0xff;
ebddfcbe 997 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 998 p[18] = (5400 >> 8) & 0xff;
999 p[19] = 5400 & 0xff;
cfc606da 1000 break;
ebddfcbe 1001
67cc61e4 1002 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1003 length = 0x1e;
282ab04e 1004 if (page_control == 1) { /* Changeable Values */
cfc606da 1005 break;
282ab04e 1006 }
ebddfcbe 1007 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1008 p[0] = 5000 >> 8;
1009 p[1] = 5000 & 0xff;
ebddfcbe 1010 /* if a geometry hint is available, use it */
ef405611
PB		 1011 p[2] = s->qdev.conf.heads & 0xff;
1012 p[3] = s->qdev.conf.secs & 0xff;
1013 p[4] = s->qdev.blocksize >> 8;
1014 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1015 p[7] = s->qdev.conf.cyls & 0xff;
1016 /* Write precomp start cylinder, disabled */
d252df48
MA		 1017 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1018 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1019 /* Reduced current start cylinder, disabled */
d252df48
MA		 1020 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1021 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1022 /* Device step rate [100us], 100us */
ef405611
PB		 1023 p[12] = 0;
1024 p[13] = 1;
ebddfcbe 1025 /* Device step pulse width [us], 1us */
ef405611 1026 p[14] = 1;
ebddfcbe 1027 /* Device head settle delay [100us], 100us */
ef405611
PB		 1028 p[15] = 0;
1029 p[16] = 1;
ebddfcbe 1030 /* Motor on delay [0.1s], 0.1s */
ef405611 1031 p[17] = 1;
ebddfcbe 1032 /* Motor off delay [0.1s], 0.1s */
ef405611 1033 p[18] = 1;
ebddfcbe 1034 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1035 p[26] = (5400 >> 8) & 0xff;
1036 p[27] = 5400 & 0xff;
cfc606da 1037 break;
ebddfcbe 1038
67cc61e4 1039 case MODE_PAGE_CACHING:
ef405611 1040 length = 0x12;
96c91bbf
PB		 1041 if (page_control == 1 || /* Changeable Values */
1042 bdrv_enable_write_cache(s->qdev.conf.bs)) {
ef405611 1043 p[0] = 4; /* WCE */
ebddfcbe 1044 }
cfc606da 1045 break;
ebddfcbe 1046
a07c7dcd 1047 case MODE_PAGE_R_W_ERROR:
ef405611 1048 length = 10;
4f588b15
PB		 1049 if (page_control == 1) { /* Changeable Values */
1050 break;
1051 }
ef405611 1052 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1053 if (s->qdev.type == TYPE_ROM) {
ef405611 1054 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1055 }
1056 break;
1057
1058 case MODE_PAGE_AUDIO_CTL:
ef405611 1059 length = 14;
a07c7dcd
PB		 1060 break;
1061
67cc61e4 1062 case MODE_PAGE_CAPABILITIES:
ef405611 1063 length = 0x14;
282ab04e 1064 if (page_control == 1) { /* Changeable Values */
cfc606da 1065 break;
282ab04e 1066 }
a07c7dcd 1067
ef405611
PB		 1068 p[0] = 0x3b; /* CD-R & CD-RW read */
1069 p[1] = 0; /* Writing not supported */
1070 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1071 mode 2 form 1&2, multi session */
ef405611 1072 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1073 RW corrected, C2 errors, ISRC,
1074 UPC, Bar code */
ef405611 1075 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1076 /* Locking supported, jumper present, eject, tray */
ef405611 1077 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1078 changer */
ef405611
PB		 1079 p[6] = (50 * 176) >> 8; /* 50x read speed */
1080 p[7] = (50 * 176) & 0xff;
1081 p[8] = 2 >> 8; /* Two volume levels */
1082 p[9] = 2 & 0xff;
1083 p[10] = 2048 >> 8; /* 2M buffer */
1084 p[11] = 2048 & 0xff;
1085 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1086 p[13] = (16 * 176) & 0xff;
1087 p[16] = (16 * 176) >> 8; /* 16x write speed */
1088 p[17] = (16 * 176) & 0xff;
1089 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1090 p[19] = (16 * 176) & 0xff;
cfc606da 1091 break;
ebddfcbe
GH		 1092
1093 default:
cfc606da 1094 return -1;
ebddfcbe 1095 }
cfc606da 1096
ef405611
PB		 1097 assert(length < 256);
1098 (*p_outbuf)[0] = page;
1099 (*p_outbuf)[1] = length;
1100 *p_outbuf += length + 2;
1101 return length + 2;
ebddfcbe
GH		 1102}
1103
cfc606da 1104static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1105{
cfc606da 1106 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1107 uint64_t nb_sectors;
e590ecbe
PB		 1108 bool dbd;
1109 int page, buflen, ret, page_control;
ebddfcbe 1110 uint8_t *p;
ce512ee1 1111 uint8_t dev_specific_param;
ebddfcbe 1112
e590ecbe 1113 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1114 page = r->req.cmd.buf[2] & 0x3f;
1115 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1116 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1117 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1118 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1119 p = outbuf;
1120
e590ecbe 1121 if (s->qdev.type == TYPE_DISK) {
da8365db 1122 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
e590ecbe
PB		 1123 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1124 dev_specific_param |= 0x80; /* Readonly. */
1125 }
ce512ee1 1126 } else {
e590ecbe
PB		 1127 /* MMC prescribes that CD/DVD drives have no block descriptors,
1128 * and defines no device-specific parameter. */
6a2de0f2 1129 dev_specific_param = 0x00;
e590ecbe 1130 dbd = true;
ce512ee1
BK		 1131 }
1132
cfc606da 1133 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1134 p[1] = 0; /* Default media type. */
1135 p[2] = dev_specific_param;
1136 p[3] = 0; /* Block descriptor length. */
1137 p += 4;
1138 } else { /* MODE_SENSE_10 */
1139 p[2] = 0; /* Default media type. */
1140 p[3] = dev_specific_param;
1141 p[6] = p[7] = 0; /* Block descriptor length. */
1142 p += 8;
ebddfcbe 1143 }
ebddfcbe 1144
44740c38 1145 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
e590ecbe 1146 if (!dbd && nb_sectors) {
cfc606da 1147 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1148 outbuf[3] = 8; /* Block descriptor length */
1149 } else { /* MODE_SENSE_10 */
1150 outbuf[7] = 8; /* Block descriptor length */
1151 }
69377307 1152 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1153 if (nb_sectors > 0xffffff) {
2488b740 1154 nb_sectors = 0;
f01b5931 1155 }
ebddfcbe
GH		 1156 p[0] = 0; /* media density code */
1157 p[1] = (nb_sectors >> 16) & 0xff;
1158 p[2] = (nb_sectors >> 8) & 0xff;
1159 p[3] = nb_sectors & 0xff;
1160 p[4] = 0; /* reserved */
1161 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1162 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1163 p[7] = 0;
1164 p += 8;
1165 }
1166
cfc606da
PB		 1167 if (page_control == 3) {
1168 /* Saved Values */
1169 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1170 return -1;
282ab04e
BK		 1171 }
1172
cfc606da
PB		 1173 if (page == 0x3f) {
1174 for (page = 0; page <= 0x3e; page++) {
1175 mode_sense_page(s, page, &p, page_control);
1176 }
1177 } else {
1178 ret = mode_sense_page(s, page, &p, page_control);
1179 if (ret == -1) {
1180 return -1;
1181 }
ebddfcbe
GH		 1182 }
1183
1184 buflen = p - outbuf;
ce512ee1
BK		 1185 /*
1186 * The mode data length field specifies the length in bytes of the
1187 * following data that is available to be transferred. The mode data
1188 * length does not include itself.
1189 */
cfc606da 1190 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1191 outbuf[0] = buflen - 1;
1192 } else { /* MODE_SENSE_10 */
1193 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1194 outbuf[1] = (buflen - 2) & 0xff;
1195 }
ebddfcbe
GH		 1196 return buflen;
1197}
1198
02880f43
GH		 1199static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1200{
1201 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1202 int start_track, format, msf, toclen;
1203 uint64_t nb_sectors;
1204
1205 msf = req->cmd.buf[1] & 2;
1206 format = req->cmd.buf[2] & 0xf;
1207 start_track = req->cmd.buf[6];
44740c38 1208 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
02880f43 1209 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1210 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1211 switch (format) {
1212 case 0:
1213 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1214 break;
1215 case 1:
1216 /* multi session : only a single session defined */
1217 toclen = 12;
1218 memset(outbuf, 0, 12);
1219 outbuf[1] = 0x0a;
1220 outbuf[2] = 0x01;
1221 outbuf[3] = 0x01;
1222 break;
1223 case 2:
1224 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1225 break;
1226 default:
1227 return -1;
1228 }
02880f43
GH		 1229 return toclen;
1230}
1231
68bb01f3 1232static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1233{
1234 SCSIRequest *req = &r->req;
1235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1236 bool start = req->cmd.buf[4] & 1;
1237 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1238 int pwrcnd = req->cmd.buf[4] & 0xf0;
1239
1240 if (pwrcnd) {
1241 /* eject/load only happens for power condition == 0 */
1242 return 0;
1243 }
bfd52647 1244
b456a71c 1245 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1246 if (!start && !s->tray_open && s->tray_locked) {
1247 scsi_check_condition(r,
44740c38 1248 bdrv_is_inserted(s->qdev.conf.bs)
68bb01f3
MA		 1249 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1250 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1251 return -1;
fdec4404 1252 }
d88b1819
LC		 1253
1254 if (s->tray_open != !start) {
1255 bdrv_eject(s->qdev.conf.bs, !start);
1256 s->tray_open = !start;
1257 }
bfd52647 1258 }
68bb01f3 1259 return 0;
bfd52647
MA		 1260}
1261
314a3299
PB		 1262static void scsi_disk_emulate_read_data(SCSIRequest *req)
1263{
1264 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1265 int buflen = r->iov.iov_len;
1266
1267 if (buflen) {
79fb50bb 1268 DPRINTF("Read buf_len=%d\n", buflen);
314a3299
PB		 1269 r->iov.iov_len = 0;
1270 r->started = true;
1271 scsi_req_data(&r->req, buflen);
1272 return;
1273 }
1274
1275 /* This also clears the sense buffer for REQUEST SENSE. */
1276 scsi_req_complete(&r->req, GOOD);
1277}
1278
380feaff
PB		 1279static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1280 uint8_t *inbuf, int inlen)
1281{
1282 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1283 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1284 uint8_t *p;
1285 int len, expected_len, changeable_len, i;
1286
1287 /* The input buffer does not include the page header, so it is
1288 * off by 2 bytes.
1289 */
1290 expected_len = inlen + 2;
1291 if (expected_len > SCSI_MAX_MODE_LEN) {
1292 return -1;
1293 }
1294
1295 p = mode_current;
1296 memset(mode_current, 0, inlen + 2);
1297 len = mode_sense_page(s, page, &p, 0);
1298 if (len < 0 || len != expected_len) {
1299 return -1;
1300 }
1301
1302 p = mode_changeable;
1303 memset(mode_changeable, 0, inlen + 2);
1304 changeable_len = mode_sense_page(s, page, &p, 1);
1305 assert(changeable_len == len);
1306
1307 /* Check that unchangeable bits are the same as what MODE SENSE
1308 * would return.
1309 */
1310 for (i = 2; i < len; i++) {
1311 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1312 return -1;
1313 }
1314 }
1315 return 0;
1316}
1317
1318static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1319{
96c91bbf
PB		 1320 switch (page) {
1321 case MODE_PAGE_CACHING:
1322 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
1323 break;
1324
1325 default:
1326 break;
1327 }
380feaff
PB		 1328}
1329
1330static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1331{
1332 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1333
1334 while (len > 0) {
1335 int page, subpage, page_len;
1336
1337 /* Parse both possible formats for the mode page headers. */
1338 page = p[0] & 0x3f;
1339 if (p[0] & 0x40) {
1340 if (len < 4) {
1341 goto invalid_param_len;
1342 }
1343 subpage = p[1];
1344 page_len = lduw_be_p(&p[2]);
1345 p += 4;
1346 len -= 4;
1347 } else {
1348 if (len < 2) {
1349 goto invalid_param_len;
1350 }
1351 subpage = 0;
1352 page_len = p[1];
1353 p += 2;
1354 len -= 2;
1355 }
1356
1357 if (subpage) {
1358 goto invalid_param;
1359 }
1360 if (page_len > len) {
1361 goto invalid_param_len;
1362 }
1363
1364 if (!change) {
1365 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1366 goto invalid_param;
1367 }
1368 } else {
1369 scsi_disk_apply_mode_select(s, page, p);
1370 }
1371
1372 p += page_len;
1373 len -= page_len;
1374 }
1375 return 0;
1376
1377invalid_param:
1378 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1379 return -1;
1380
1381invalid_param_len:
1382 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1383 return -1;
1384}
1385
1386static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1387{
accfeb2d 1388 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1389 uint8_t *p = inbuf;
1390 int cmd = r->req.cmd.buf[0];
1391 int len = r->req.cmd.xfer;
1392 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1393 int bd_len;
1394 int pass;
1395
1396 /* We only support PF=1, SP=0. */
1397 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1398 goto invalid_field;
1399 }
1400
1401 if (len < hdr_len) {
1402 goto invalid_param_len;
1403 }
1404
1405 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1406 len -= hdr_len;
1407 p += hdr_len;
1408 if (len < bd_len) {
1409 goto invalid_param_len;
1410 }
1411 if (bd_len != 0 && bd_len != 8) {
1412 goto invalid_param;
1413 }
1414
1415 len -= bd_len;
1416 p += bd_len;
1417
1418 /* Ensure no change is made if there is an error! */
1419 for (pass = 0; pass < 2; pass++) {
1420 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1421 assert(pass == 0);
1422 return;
1423 }
1424 }
accfeb2d
PB		 1425 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
1426 /* The request is used as the AIO opaque value, so add a ref. */
1427 scsi_req_ref(&r->req);
1428 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1429 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1430 return;
1431 }
1432
380feaff
PB		 1433 scsi_req_complete(&r->req, GOOD);
1434 return;
1435
1436invalid_param:
1437 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1438 return;
1439
1440invalid_param_len:
1441 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1442 return;
1443
1444invalid_field:
1445 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1446}
1447
444bc908
PB		 1448static inline bool check_lba_range(SCSIDiskState *s,
1449 uint64_t sector_num, uint32_t nb_sectors)
1450{
1451 /*
1452 * The first line tests that no overflow happens when computing the last
1453 * sector. The second line tests that the last accessed sector is in
1454 * range.
12ca76fc
PB		 1455 *
1456 * Careful, the computations should not underflow for nb_sectors == 0,
1457 * and a 0-block read to the first LBA beyond the end of device is
1458 * valid.
444bc908
PB		 1459 */
1460 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1461 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1462}
1463
5222aaf2
PB		 1464typedef struct UnmapCBData {
1465 SCSIDiskReq *r;
1466 uint8_t *inbuf;
1467 int count;
1468} UnmapCBData;
1469
1470static void scsi_unmap_complete(void *opaque, int ret)
1471{
1472 UnmapCBData *data = opaque;
1473 SCSIDiskReq *r = data->r;
1474 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1475 uint64_t sector_num;
5bb0b62e 1476 uint32_t nb_sectors;
5222aaf2
PB		 1477
1478 r->req.aiocb = NULL;
1479 if (ret < 0) {
1480 if (scsi_handle_rw_error(r, -ret)) {
1481 goto done;
1482 }
1483 }
1484
1485 if (data->count > 0 && !r->req.io_canceled) {
1486 sector_num = ldq_be_p(&data->inbuf[0]);
1487 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
444bc908 1488 if (!check_lba_range(s, sector_num, nb_sectors)) {
5222aaf2
PB		 1489 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1490 goto done;
1491 }
1492
1493 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1494 sector_num * (s->qdev.blocksize / 512),
1495 nb_sectors * (s->qdev.blocksize / 512),
1496 scsi_unmap_complete, data);
1497 data->count--;
1498 data->inbuf += 16;
1499 return;
1500 }
1501
1502done:
1503 if (data->count == 0) {
1504 scsi_req_complete(&r->req, GOOD);
1505 }
1506 if (!r->req.io_canceled) {
1507 scsi_req_unref(&r->req);
1508 }
1509 g_free(data);
1510}
1511
1512static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1513{
1514 uint8_t *p = inbuf;
1515 int len = r->req.cmd.xfer;
1516 UnmapCBData *data;
1517
1518 if (len < 8) {
1519 goto invalid_param_len;
1520 }
1521 if (len < lduw_be_p(&p[0]) + 2) {
1522 goto invalid_param_len;
1523 }
1524 if (len < lduw_be_p(&p[2]) + 8) {
1525 goto invalid_param_len;
1526 }
1527 if (lduw_be_p(&p[2]) & 15) {
1528 goto invalid_param_len;
1529 }
1530
1531 data = g_new0(UnmapCBData, 1);
1532 data->r = r;
1533 data->inbuf = &p[8];
1534 data->count = lduw_be_p(&p[2]) >> 4;
1535
1536 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1537 scsi_req_ref(&r->req);
1538 scsi_unmap_complete(data, 0);
1539 return;
1540
1541invalid_param_len:
1542 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
5222aaf2
PB		 1543}
1544
314a3299
PB		 1545static void scsi_disk_emulate_write_data(SCSIRequest *req)
1546{
af6d510d
PB		 1547 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1548
1549 if (r->iov.iov_len) {
1550 int buflen = r->iov.iov_len;
79fb50bb 1551 DPRINTF("Write buf_len=%d\n", buflen);
af6d510d
PB		 1552 r->iov.iov_len = 0;
1553 scsi_req_data(&r->req, buflen);
1554 return;
1555 }
1556
1557 switch (req->cmd.buf[0]) {
1558 case MODE_SELECT:
1559 case MODE_SELECT_10:
1560 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1561 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1562 break;
1563
5222aaf2
PB		 1564 case UNMAP:
1565 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1566 break;
1567
af6d510d
PB		 1568 default:
1569 abort();
1570 }
314a3299
PB		 1571}
1572
b08d0ea0 1573static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1574{
b08d0ea0 1575 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1576 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1577 uint64_t nb_sectors;
7285477a 1578 uint8_t *outbuf;
af6d510d 1579 int buflen;
aa5dbdc1 1580
b08d0ea0
PB		 1581 switch (req->cmd.buf[0]) {
1582 case INQUIRY:
1583 case MODE_SENSE:
1584 case MODE_SENSE_10:
1585 case RESERVE:
1586 case RESERVE_10:
1587 case RELEASE:
1588 case RELEASE_10:
1589 case START_STOP:
1590 case ALLOW_MEDIUM_REMOVAL:
1591 case GET_CONFIGURATION:
1592 case GET_EVENT_STATUS_NOTIFICATION:
1593 case MECHANISM_STATUS:
1594 case REQUEST_SENSE:
1595 break;
1596
1597 default:
1598 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1599 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1600 return 0;
1601 }
1602 break;
1603 }
1604
c8dcb531
PB		 1605 /*
1606 * FIXME: we shouldn't return anything bigger than 4k, but the code
1607 * requires the buffer to be as big as req->cmd.xfer in several
1608 * places. So, do not allow CDBs with a very large ALLOCATION
1609 * LENGTH. The real fix would be to modify scsi_read_data and
1610 * dma_buf_read, so that they return data beyond the buflen
1611 * as all zeros.
1612 */
1613 if (req->cmd.xfer > 65536) {
1614 goto illegal_request;
1615 }
1616 r->buflen = MAX(4096, req->cmd.xfer);
1617
7285477a 1618 if (!r->iov.iov_base) {
44740c38 1619 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
7285477a
PB		 1620 }
1621
af6d510d 1622 buflen = req->cmd.xfer;
7285477a 1623 outbuf = r->iov.iov_base;
c8dcb531 1624 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1625 switch (req->cmd.buf[0]) {
1626 case TEST_UNIT_READY:
9bcaf4fe 1627 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
5f71d32f 1628 break;
0b06c059
GH		 1629 case INQUIRY:
1630 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1631 if (buflen < 0) {
0b06c059 1632 goto illegal_request;
f01b5931 1633 }
5f71d32f 1634 break;
ebddfcbe
GH		 1635 case MODE_SENSE:
1636 case MODE_SENSE_10:
cfc606da 1637 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1638 if (buflen < 0) {
ebddfcbe 1639 goto illegal_request;
f01b5931 1640 }
ebddfcbe 1641 break;
02880f43
GH		 1642 case READ_TOC:
1643 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1644 if (buflen < 0) {
02880f43 1645 goto illegal_request;
f01b5931 1646 }
02880f43 1647 break;
3d53ba18 1648 case RESERVE:
f01b5931 1649 if (req->cmd.buf[1] & 1) {
3d53ba18 1650 goto illegal_request;
f01b5931 1651 }
3d53ba18
GH		 1652 break;
1653 case RESERVE_10:
f01b5931 1654 if (req->cmd.buf[1] & 3) {
3d53ba18 1655 goto illegal_request;
f01b5931 1656 }
3d53ba18
GH		 1657 break;
1658 case RELEASE:
f01b5931 1659 if (req->cmd.buf[1] & 1) {
3d53ba18 1660 goto illegal_request;
f01b5931 1661 }
3d53ba18
GH		 1662 break;
1663 case RELEASE_10:
f01b5931 1664 if (req->cmd.buf[1] & 3) {
3d53ba18 1665 goto illegal_request;
f01b5931 1666 }
3d53ba18 1667 break;
8d3628ff 1668 case START_STOP:
68bb01f3 1669 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1670 return 0;
68bb01f3 1671 }
5f71d32f 1672 break;
c68b9f34 1673 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1674 s->tray_locked = req->cmd.buf[4] & 1;
44740c38 1675 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
5f71d32f 1676 break;
5e30a07d 1677 case READ_CAPACITY_10:
e7e25e32 1678 /* The normal LEN field for this command is zero. */
5f71d32f 1679 memset(outbuf, 0, 8);
44740c38 1680 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1681 if (!nb_sectors) {
9bcaf4fe 1682 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1683 return 0;
f01b5931 1684 }
7cec78b6
PB		 1685 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1686 goto illegal_request;
1687 }
69377307 1688 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1689 /* Returned value is the address of the last sector. */
1690 nb_sectors--;
1691 /* Remember the new size for read/write sanity checking. */
7877903a 1692 s->qdev.max_lba = nb_sectors;
e7e25e32 1693 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1694 if (nb_sectors > UINT32_MAX) {
e7e25e32 1695 nb_sectors = UINT32_MAX;
f01b5931 1696 }
e7e25e32
GH		 1697 outbuf[0] = (nb_sectors >> 24) & 0xff;
1698 outbuf[1] = (nb_sectors >> 16) & 0xff;
1699 outbuf[2] = (nb_sectors >> 8) & 0xff;
1700 outbuf[3] = nb_sectors & 0xff;
1701 outbuf[4] = 0;
1702 outbuf[5] = 0;
69377307 1703 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 1704 outbuf[7] = 0;
5f71d32f 1705 break;
f3b338ef
PB		 1706 case REQUEST_SENSE:
1707 /* Just return "NO SENSE". */
1708 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1709 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 1710 if (buflen < 0) {
1711 goto illegal_request;
1712 }
f3b338ef 1713 break;
b6c251ab
PB		 1714 case MECHANISM_STATUS:
1715 buflen = scsi_emulate_mechanism_status(s, outbuf);
1716 if (buflen < 0) {
1717 goto illegal_request;
1718 }
1719 break;
38215553 1720 case GET_CONFIGURATION:
430ee2f2 1721 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1722 if (buflen < 0) {
1723 goto illegal_request;
1724 }
1725 break;
1726 case GET_EVENT_STATUS_NOTIFICATION:
1727 buflen = scsi_get_event_status_notification(s, r, outbuf);
1728 if (buflen < 0) {
1729 goto illegal_request;
1730 }
1731 break;
1a4f0c3a
PB		 1732 case READ_DISC_INFORMATION:
1733 buflen = scsi_read_disc_information(s, r, outbuf);
1734 if (buflen < 0) {
1735 goto illegal_request;
1736 }
1737 break;
b6c251ab
PB		 1738 case READ_DVD_STRUCTURE:
1739 buflen = scsi_read_dvd_structure(s, r, outbuf);
1740 if (buflen < 0) {
1741 goto illegal_request;
1742 }
38215553 1743 break;
f6515262 1744 case SERVICE_ACTION_IN_16:
5dd90e2a 1745 /* Service Action In subcommands. */
f6515262 1746 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 1747 DPRINTF("SAI READ CAPACITY(16)\n");
1748 memset(outbuf, 0, req->cmd.xfer);
44740c38 1749 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
f01b5931 1750 if (!nb_sectors) {
9bcaf4fe 1751 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1752 return 0;
f01b5931 1753 }
7cec78b6
PB		 1754 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1755 goto illegal_request;
1756 }
69377307 1757 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 1758 /* Returned value is the address of the last sector. */
1759 nb_sectors--;
1760 /* Remember the new size for read/write sanity checking. */
7877903a 1761 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 1762 outbuf[0] = (nb_sectors >> 56) & 0xff;
1763 outbuf[1] = (nb_sectors >> 48) & 0xff;
1764 outbuf[2] = (nb_sectors >> 40) & 0xff;
1765 outbuf[3] = (nb_sectors >> 32) & 0xff;
1766 outbuf[4] = (nb_sectors >> 24) & 0xff;
1767 outbuf[5] = (nb_sectors >> 16) & 0xff;
1768 outbuf[6] = (nb_sectors >> 8) & 0xff;
1769 outbuf[7] = nb_sectors & 0xff;
1770 outbuf[8] = 0;
1771 outbuf[9] = 0;
69377307 1772 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 1773 outbuf[11] = 0;
ee3659e3
CH		 1774 outbuf[12] = 0;
1775 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 1776
1777 /* set TPE bit if the format supports discard */
1778 if (s->qdev.conf.discard_granularity) {
1779 outbuf[14] = 0x80;
1780 }
1781
5dd90e2a 1782 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 1783 break;
1784 }
1785 DPRINTF("Unsupported Service Action In\n");
1786 goto illegal_request;
101aa85f
PB		 1787 case SYNCHRONIZE_CACHE:
1788 /* The request is used as the AIO opaque value, so add a ref. */
1789 scsi_req_ref(&r->req);
1790 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1791 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1792 return 0;
1793 case SEEK_10:
1794 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1795 if (r->req.cmd.lba > s->qdev.max_lba) {
1796 goto illegal_lba;
1797 }
1798 break;
101aa85f
PB		 1799 case MODE_SELECT:
1800 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
101aa85f
PB		 1801 break;
1802 case MODE_SELECT_10:
1803 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
101aa85f 1804 break;
5222aaf2
PB		 1805 case UNMAP:
1806 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
1807 break;
101aa85f 1808 case WRITE_SAME_10:
101aa85f 1809 case WRITE_SAME_16:
e93176d5 1810 nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
6a8a685c
RS		 1811 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1812 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1813 return 0;
1814 }
444bc908 1815 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
101aa85f
PB		 1816 goto illegal_lba;
1817 }
1818
1819 /*
1820 * We only support WRITE SAME with the unmap bit set for now.
1821 */
1822 if (!(req->cmd.buf[1] & 0x8)) {
1823 goto illegal_request;
1824 }
1825
1826 /* The request is used as the AIO opaque value, so add a ref. */
1827 scsi_req_ref(&r->req);
1828 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1829 r->req.cmd.lba * (s->qdev.blocksize / 512),
1830 nb_sectors * (s->qdev.blocksize / 512),
1831 scsi_aio_complete, r);
1832 return 0;
aa5dbdc1 1833 default:
b08d0ea0 1834 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1835 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 1836 return 0;
aa5dbdc1 1837 }
314a3299 1838 assert(!r->req.aiocb);
c8dcb531 1839 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 1840 if (r->iov.iov_len == 0) {
1841 scsi_req_complete(&r->req, GOOD);
1842 }
af6d510d
PB		 1843 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1844 assert(r->iov.iov_len == req->cmd.xfer);
1845 return -r->iov.iov_len;
1846 } else {
1847 return r->iov.iov_len;
1848 }
aa5dbdc1 1849
aa5dbdc1 1850illegal_request:
cfc606da
PB		 1851 if (r->req.status == -1) {
1852 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1853 }
b08d0ea0 1854 return 0;
101aa85f
PB		 1855
1856illegal_lba:
1857 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1858 return 0;
aa5dbdc1
GH		 1859}
1860
2e5d83bb
PB		 1861/* Execute a scsi command. Returns the length of the data expected by the
1862 command. This will be Positive for data transfers from the device
1863 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1864 and zero if the command does not transfer any data. */
1865
b08d0ea0 1866static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 1867{
5c6c0e51
HR		 1868 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1869 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e93176d5 1870 uint32_t len;
a917d384 1871 uint8_t command;
a917d384
PB		 1872
1873 command = buf[0];
aa5dbdc1 1874
b08d0ea0
PB		 1875 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1876 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1877 return 0;
9bcaf4fe
PB		 1878 }
1879
e93176d5 1880 len = scsi_data_cdb_length(r->req.cmd.buf);
a917d384 1881 switch (command) {
ebf46023
GH		 1882 case READ_6:
1883 case READ_10:
bd536cf3
GH		 1884 case READ_12:
1885 case READ_16:
e93176d5 1886 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
96bdbbab
RS		 1887 if (r->req.cmd.buf[1] & 0xe0) {
1888 goto illegal_request;
1889 }
444bc908 1890 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 1891 goto illegal_lba;
f01b5931 1892 }
69377307
PB		 1893 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1894 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1895 break;
ebf46023
GH		 1896 case WRITE_6:
1897 case WRITE_10:
bd536cf3
GH		 1898 case WRITE_12:
1899 case WRITE_16:
5e30a07d 1900 case WRITE_VERIFY_10:
ebef0bbb
BK		 1901 case WRITE_VERIFY_12:
1902 case WRITE_VERIFY_16:
6a8a685c
RS		 1903 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1904 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1905 return 0;
1906 }
1907 /* fallthrough */
1908 case VERIFY_10:
1909 case VERIFY_12:
1910 case VERIFY_16:
e93176d5 1911 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2dd791b6
HR		 1912 (command & 0xe) == 0xe ? "And Verify " : "",
1913 r->req.cmd.lba, len);
96bdbbab
RS		 1914 if (r->req.cmd.buf[1] & 0xe0) {
1915 goto illegal_request;
1916 }
444bc908 1917 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 1918 goto illegal_lba;
f01b5931 1919 }
69377307
PB		 1920 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1921 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 1922 break;
101aa85f 1923 default:
b08d0ea0 1924 abort();
96bdbbab
RS		 1925 illegal_request:
1926 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1927 return 0;
274fb0e1 1928 illegal_lba:
b45ef674 1929 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1930 return 0;
2e5d83bb 1931 }
b08d0ea0 1932 if (r->sector_count == 0) {
b45ef674 1933 scsi_req_complete(&r->req, GOOD);
a917d384 1934 }
b08d0ea0 1935 assert(r->iov.iov_len == 0);
efb9ee02 1936 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
b08d0ea0 1937 return -r->sector_count * 512;
a917d384 1938 } else {
b08d0ea0 1939 return r->sector_count * 512;
2e5d83bb 1940 }
2e5d83bb
PB		 1941}
1942
e9447f35
JK		 1943static void scsi_disk_reset(DeviceState *dev)
1944{
1945 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1946 uint64_t nb_sectors;
1947
c7b48872 1948 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 1949
44740c38 1950 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
69377307 1951 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 1952 if (nb_sectors) {
1953 nb_sectors--;
1954 }
7877903a 1955 s->qdev.max_lba = nb_sectors;
e9447f35
JK		 1956}
1957
1958static void scsi_destroy(SCSIDevice *dev)
1959{
1960 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1961
c7b48872 1962 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1963 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1964}
1965
aaebacef
PB		 1966static void scsi_disk_resize_cb(void *opaque)
1967{
1968 SCSIDiskState *s = opaque;
1969
1970 /* SPC lists this sense code as available only for
1971 * direct-access devices.
1972 */
1973 if (s->qdev.type == TYPE_DISK) {
53200fad 1974 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 1975 }
1976}
1977
7d4b4ba5 1978static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 1979{
8a9c16f6
PB		 1980 SCSIDiskState *s = opaque;
1981
1982 /*
1983 * When a CD gets changed, we have to report an ejected state and
1984 * then a loaded state to guests so that they detect tray
1985 * open/close and media change events. Guests that do not use
1986 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1987 * states rely on this behavior.
1988 *
1989 * media_changed governs the state machine used for unit attention
1990 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1991 */
1992 s->media_changed = load;
1993 s->tray_open = !load;
e48e84ea 1994 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 1995 s->media_event = true;
4480de19
PB		 1996 s->eject_request = false;
1997}
1998
1999static void scsi_cd_eject_request_cb(void *opaque, bool force)
2000{
2001 SCSIDiskState *s = opaque;
2002
2003 s->eject_request = true;
2004 if (force) {
2005 s->tray_locked = false;
2006 }
2c6942fa
MA		 2007}
2008
e4def80b
MA		 2009static bool scsi_cd_is_tray_open(void *opaque)
2010{
2011 return ((SCSIDiskState *)opaque)->tray_open;
2012}
2013
f107639a
MA		 2014static bool scsi_cd_is_medium_locked(void *opaque)
2015{
2016 return ((SCSIDiskState *)opaque)->tray_locked;
2017}
2018
aaebacef 2019static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2020 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2021 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2022 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2023 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2024
2025 .resize_cb = scsi_disk_resize_cb,
2026};
2027
2028static const BlockDevOps scsi_disk_block_ops = {
2029 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2030};
2031
8a9c16f6
PB		 2032static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2033{
2034 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2035 if (s->media_changed) {
2036 s->media_changed = false;
e48e84ea 2037 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2038 }
2039}
2040
e39be482 2041static int scsi_initfn(SCSIDevice *dev)
2e5d83bb 2042{
d52affa7 2043 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2e5d83bb 2044
f8b6cc00 2045 if (!s->qdev.conf.bs) {
6a84cb1f 2046 error_report("drive property not set");
d52affa7
GH		 2047 return -1;
2048 }
2049
bfe3d7ac
PB		 2050 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2051 !bdrv_is_inserted(s->qdev.conf.bs)) {
98f28ad7
MA		 2052 error_report("Device needs media, but drive is empty");
2053 return -1;
2054 }
2055
911525db 2056 blkconf_serial(&s->qdev.conf, &s->serial);
b2df4314
MA		 2057 if (dev->type == TYPE_DISK
2058 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
b7eb0c9f
MA		 2059 return -1;
2060 }
a0fef654 2061
552fee93 2062 if (!s->version) {
93bfef4c 2063 s->version = g_strdup(qemu_get_version());
552fee93 2064 }
353815aa
DF		 2065 if (!s->vendor) {
2066 s->vendor = g_strdup("QEMU");
2067 }
552fee93 2068
44740c38 2069 if (bdrv_is_sg(s->qdev.conf.bs)) {
6a84cb1f 2070 error_report("unwanted /dev/sg*");
32bb404a
MA		 2071 return -1;
2072 }
2073
bfe3d7ac 2074 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
aaebacef
PB		 2075 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
2076 } else {
2077 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
2e5d83bb 2078 }
44740c38 2079 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
8cfacf07 2080
44740c38 2081 bdrv_iostatus_enable(s->qdev.conf.bs);
7082826e 2082 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
d52affa7
GH		 2083 return 0;
2084}
2085
b443ae67
MA		 2086static int scsi_hd_initfn(SCSIDevice *dev)
2087{
e39be482
PB		 2088 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2089 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2090 s->qdev.type = TYPE_DISK;
353815aa
DF		 2091 if (!s->product) {
2092 s->product = g_strdup("QEMU HARDDISK");
2093 }
e39be482 2094 return scsi_initfn(&s->qdev);
b443ae67
MA		 2095}
2096
2097static int scsi_cd_initfn(SCSIDevice *dev)
2098{
e39be482
PB		 2099 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2100 s->qdev.blocksize = 2048;
2101 s->qdev.type = TYPE_ROM;
bfe3d7ac 2102 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2103 if (!s->product) {
2104 s->product = g_strdup("QEMU CD-ROM");
2105 }
e39be482 2106 return scsi_initfn(&s->qdev);
b443ae67
MA		 2107}
2108
2109static int scsi_disk_initfn(SCSIDevice *dev)
2110{
95b5edcd 2111 DriveInfo *dinfo;
b443ae67
MA		 2112
2113 if (!dev->conf.bs) {
e39be482 2114 return scsi_initfn(dev); /* ... and die there */
b443ae67
MA		 2115 }
2116
e39be482
PB		 2117 dinfo = drive_get_by_blockdev(dev->conf.bs);
2118 if (dinfo->media_cd) {
2119 return scsi_cd_initfn(dev);
2120 } else {
2121 return scsi_hd_initfn(dev);
2122 }
b443ae67
MA		 2123}
2124
b08d0ea0 2125static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2126 .size = sizeof(SCSIDiskReq),
12010e7b 2127 .free_req = scsi_free_request,
b08d0ea0 2128 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2129 .read_data = scsi_disk_emulate_read_data,
2130 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2131 .get_buf = scsi_get_buf,
2132};
2133
2134static const SCSIReqOps scsi_disk_dma_reqops = {
2135 .size = sizeof(SCSIDiskReq),
2136 .free_req = scsi_free_request,
2137 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2138 .read_data = scsi_read_data,
2139 .write_data = scsi_write_data,
2140 .cancel_io = scsi_cancel_io,
2141 .get_buf = scsi_get_buf,
43b978b9
PB		 2142 .load_request = scsi_disk_load_request,
2143 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2144};
2145
b08d0ea0
PB		 2146static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2147 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2148 [INQUIRY] = &scsi_disk_emulate_reqops,
2149 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2150 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2151 [START_STOP] = &scsi_disk_emulate_reqops,
2152 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2153 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2154 [READ_TOC] = &scsi_disk_emulate_reqops,
2155 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2156 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2157 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2158 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2159 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2160 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2161 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2162 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2163 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2164 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2165 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2166 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2167 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2168 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2169
2170 [READ_6] = &scsi_disk_dma_reqops,
2171 [READ_10] = &scsi_disk_dma_reqops,
2172 [READ_12] = &scsi_disk_dma_reqops,
2173 [READ_16] = &scsi_disk_dma_reqops,
2174 [VERIFY_10] = &scsi_disk_dma_reqops,
2175 [VERIFY_12] = &scsi_disk_dma_reqops,
2176 [VERIFY_16] = &scsi_disk_dma_reqops,
2177 [WRITE_6] = &scsi_disk_dma_reqops,
2178 [WRITE_10] = &scsi_disk_dma_reqops,
2179 [WRITE_12] = &scsi_disk_dma_reqops,
2180 [WRITE_16] = &scsi_disk_dma_reqops,
2181 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2182 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2183 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2184};
2185
63db0f0e
PB		 2186static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2187 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2188{
2189 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2190 SCSIRequest *req;
b08d0ea0
PB		 2191 const SCSIReqOps *ops;
2192 uint8_t command;
8dbd4574 2193
79fb50bb
PB		 2194 command = buf[0];
2195 ops = scsi_disk_reqops_dispatch[command];
2196 if (!ops) {
2197 ops = &scsi_disk_emulate_reqops;
2198 }
2199 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2200
b08d0ea0 2201#ifdef DEBUG_SCSI
79fb50bb 2202 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
b08d0ea0
PB		 2203 {
2204 int i;
79fb50bb 2205 for (i = 1; i < req->cmd.len; i++) {
b08d0ea0
PB		 2206 printf(" 0x%02x", buf[i]);
2207 }
2208 printf("\n");
2209 }
2210#endif
2211
8dbd4574
PB		 2212 return req;
2213}
2214
336a6915
PB		 2215#ifdef __linux__
2216static int get_device_type(SCSIDiskState *s)
2217{
2218 BlockDriverState *bdrv = s->qdev.conf.bs;
2219 uint8_t cmd[16];
2220 uint8_t buf[36];
2221 uint8_t sensebuf[8];
2222 sg_io_hdr_t io_header;
2223 int ret;
2224
2225 memset(cmd, 0, sizeof(cmd));
2226 memset(buf, 0, sizeof(buf));
2227 cmd[0] = INQUIRY;
2228 cmd[4] = sizeof(buf);
2229
2230 memset(&io_header, 0, sizeof(io_header));
2231 io_header.interface_id = 'S';
2232 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2233 io_header.dxfer_len = sizeof(buf);
2234 io_header.dxferp = buf;
2235 io_header.cmdp = cmd;
2236 io_header.cmd_len = sizeof(cmd);
2237 io_header.mx_sb_len = sizeof(sensebuf);
2238 io_header.sbp = sensebuf;
2239 io_header.timeout = 6000; /* XXX */
2240
2241 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
2242 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2243 return -1;
2244 }
2245 s->qdev.type = buf[0];
bfe3d7ac
PB		 2246 if (buf[1] & 0x80) {
2247 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2248 }
336a6915
PB		 2249 return 0;
2250}
2251
2252static int scsi_block_initfn(SCSIDevice *dev)
2253{
2254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2255 int sg_version;
2256 int rc;
2257
2258 if (!s->qdev.conf.bs) {
2259 error_report("scsi-block: drive property not set");
2260 return -1;
2261 }
2262
2263 /* check we are using a driver managing SG_IO (version 3 and after) */
2264 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
2265 sg_version < 30000) {
2266 error_report("scsi-block: scsi generic interface too old");
2267 return -1;
2268 }
2269
2270 /* get device type from INQUIRY data */
2271 rc = get_device_type(s);
2272 if (rc < 0) {
2273 error_report("scsi-block: INQUIRY failed");
2274 return -1;
2275 }
2276
2277 /* Make a guess for the block size, we'll fix it when the guest sends.
2278 * READ CAPACITY. If they don't, they likely would assume these sizes
2279 * anyway. (TODO: check in /sys).
2280 */
2281 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2282 s->qdev.blocksize = 2048;
2283 } else {
2284 s->qdev.blocksize = 512;
2285 }
2286 return scsi_initfn(&s->qdev);
2287}
2288
2289static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2290 uint32_t lun, uint8_t *buf,
2291 void *hba_private)
2292{
2293 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2294
2295 switch (buf[0]) {
2296 case READ_6:
2297 case READ_10:
2298 case READ_12:
2299 case READ_16:
7f64f8e2
PB		 2300 case VERIFY_10:
2301 case VERIFY_12:
2302 case VERIFY_16:
336a6915
PB		 2303 case WRITE_6:
2304 case WRITE_10:
2305 case WRITE_12:
2306 case WRITE_16:
2307 case WRITE_VERIFY_10:
2308 case WRITE_VERIFY_12:
2309 case WRITE_VERIFY_16:
eaccf49e
PB		 2310 /* If we are not using O_DIRECT, we might read stale data from the
2311 * host cache if writes were made using other commands than these
2312 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2313 * O_DIRECT everything must go through SG_IO.
2314 */
137745c5 2315 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
eaccf49e
PB		 2316 break;
2317 }
2318
33ebad12
PB		 2319 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2320 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2321 * And once you do these writes, reading from the block device is
2322 * unreliable, too. It is even possible that reads deliver random data
2323 * from the host page cache (this is probably a Linux bug).
2324 *
b08d0ea0 2325 * We might use scsi_disk_dma_reqops as long as no writing commands are
33ebad12
PB		 2326 * seen, but performance usually isn't paramount on optical media. So,
2327 * just make scsi-block operate the same as scsi-generic for them.
2328 */
b08d0ea0
PB		 2329 if (s->qdev.type != TYPE_ROM) {
2330 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2331 hba_private);
2332 }
336a6915
PB		 2333 }
2334
2335 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2336 hba_private);
2337}
2338#endif
2339
353815aa
DF		 2340#define DEFINE_SCSI_DISK_PROPERTIES() \
2341 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2342 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2343 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2344 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2345 DEFINE_PROP_STRING("product", SCSIDiskState, product)
b443ae67 2346
39bffca2
AL		 2347static Property scsi_hd_properties[] = {
2348 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2349 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2350 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2351 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2352 SCSI_DISK_F_DPOFUA, false),
27395add 2353 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
d252df48 2354 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 2355 DEFINE_PROP_END_OF_LIST(),
2356};
2357
43b978b9
PB		 2358static const VMStateDescription vmstate_scsi_disk_state = {
2359 .name = "scsi-disk",
2360 .version_id = 1,
2361 .minimum_version_id = 1,
2362 .minimum_version_id_old = 1,
2363 .fields = (VMStateField[]) {
2364 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2365 VMSTATE_BOOL(media_changed, SCSIDiskState),
2366 VMSTATE_BOOL(media_event, SCSIDiskState),
2367 VMSTATE_BOOL(eject_request, SCSIDiskState),
2368 VMSTATE_BOOL(tray_open, SCSIDiskState),
2369 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2370 VMSTATE_END_OF_LIST()
2371 }
2372};
2373
b9eea3e6
AL		 2374static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2375{
39bffca2 2376 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2377 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2378
2379 sc->init = scsi_hd_initfn;
2380 sc->destroy = scsi_destroy;
2381 sc->alloc_req = scsi_new_request;
2382 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2383 dc->fw_name = "disk";
2384 dc->desc = "virtual SCSI disk";
2385 dc->reset = scsi_disk_reset;
2386 dc->props = scsi_hd_properties;
43b978b9 2387 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2388}
2389
8c43a6f0 2390static const TypeInfo scsi_hd_info = {
39bffca2
AL		 2391 .name = "scsi-hd",
2392 .parent = TYPE_SCSI_DEVICE,
2393 .instance_size = sizeof(SCSIDiskState),
2394 .class_init = scsi_hd_class_initfn,
2395};
2396
2397static Property scsi_cd_properties[] = {
2398 DEFINE_SCSI_DISK_PROPERTIES(),
27395add 2399 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
39bffca2 2400 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 2401};
2402
2403static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2404{
39bffca2 2405 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2406 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2407
2408 sc->init = scsi_cd_initfn;
2409 sc->destroy = scsi_destroy;
2410 sc->alloc_req = scsi_new_request;
2411 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2412 dc->fw_name = "disk";
2413 dc->desc = "virtual SCSI CD-ROM";
2414 dc->reset = scsi_disk_reset;
2415 dc->props = scsi_cd_properties;
43b978b9 2416 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2417}
2418
8c43a6f0 2419static const TypeInfo scsi_cd_info = {
39bffca2
AL		 2420 .name = "scsi-cd",
2421 .parent = TYPE_SCSI_DEVICE,
2422 .instance_size = sizeof(SCSIDiskState),
2423 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 2424};
2425
336a6915 2426#ifdef __linux__
39bffca2 2427static Property scsi_block_properties[] = {
03847837 2428 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
0f1da449 2429 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
39bffca2
AL		 2430 DEFINE_PROP_END_OF_LIST(),
2431};
2432
b9eea3e6
AL		 2433static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2434{
39bffca2 2435 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2436 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2437
2438 sc->init = scsi_block_initfn;
2439 sc->destroy = scsi_destroy;
2440 sc->alloc_req = scsi_block_new_request;
39bffca2
AL		 2441 dc->fw_name = "disk";
2442 dc->desc = "SCSI block device passthrough";
2443 dc->reset = scsi_disk_reset;
2444 dc->props = scsi_block_properties;
43b978b9 2445 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2446}
2447
8c43a6f0 2448static const TypeInfo scsi_block_info = {
39bffca2
AL		 2449 .name = "scsi-block",
2450 .parent = TYPE_SCSI_DEVICE,
2451 .instance_size = sizeof(SCSIDiskState),
2452 .class_init = scsi_block_class_initfn,
b9eea3e6 2453};
336a6915 2454#endif
b9eea3e6 2455
39bffca2
AL		 2456static Property scsi_disk_properties[] = {
2457 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2458 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2459 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2460 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2461 SCSI_DISK_F_DPOFUA, false),
27395add 2462 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
39bffca2
AL		 2463 DEFINE_PROP_END_OF_LIST(),
2464};
2465
b9eea3e6
AL		 2466static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2467{
39bffca2 2468 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2469 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2470
2471 sc->init = scsi_disk_initfn;
2472 sc->destroy = scsi_destroy;
2473 sc->alloc_req = scsi_new_request;
2474 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2475 dc->fw_name = "disk";
2476 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2477 dc->reset = scsi_disk_reset;
2478 dc->props = scsi_disk_properties;
43b978b9 2479 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2480}
2481
8c43a6f0 2482static const TypeInfo scsi_disk_info = {
39bffca2
AL		 2483 .name = "scsi-disk",
2484 .parent = TYPE_SCSI_DEVICE,
2485 .instance_size = sizeof(SCSIDiskState),
2486 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 2487};
2488
83f7d43a 2489static void scsi_disk_register_types(void)
d52affa7 2490{
39bffca2
AL		 2491 type_register_static(&scsi_hd_info);
2492 type_register_static(&scsi_cd_info);
b9eea3e6 2493#ifdef __linux__
39bffca2 2494 type_register_static(&scsi_block_info);
b9eea3e6 2495#endif
39bffca2 2496 type_register_static(&scsi_disk_info);
8ccc2ace 2497}
83f7d43a
AF		 2498
2499type_init(scsi_disk_register_types)
Qemu copy for testing