]> git.proxmox.com Git - qemu.git/blame - hw/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
block: Show whether the virtual tray is open in info block
[qemu.git] / hw / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
001faf32
BS		 31#define BADF(fmt, ...) \
32do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 33
87ecb68b 34#include "qemu-common.h"
2f792016 35#include "qemu-error.h"
43b443b6 36#include "scsi.h"
0d65e1f8 37#include "scsi-defs.h"
666daa68 38#include "sysemu.h"
2446333c 39#include "blockdev.h"
22864256 40
f0f72ffe 41#define SCSI_DMA_BUF_SIZE 131072
57575058 42#define SCSI_MAX_INQUIRY_LEN 256
a917d384 43
5dba48a8
KW		 44#define SCSI_REQ_STATUS_RETRY 0x01
45#define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46#define SCSI_REQ_STATUS_RETRY_READ 0x00
47#define SCSI_REQ_STATUS_RETRY_WRITE 0x02
78ced65e 48#define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
ea8a5d7f 49
d52affa7
GH		 50typedef struct SCSIDiskState SCSIDiskState;
51
4c41d2ef
GH		 52typedef struct SCSIDiskReq {
53 SCSIRequest req;
a917d384 54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 55 uint64_t sector;
56 uint32_t sector_count;
c87c0672
AL		 57 struct iovec iov;
58 QEMUIOVector qiov;
ea8a5d7f 59 uint32_t status;
a597e79c 60 BlockAcctCookie acct;
4c41d2ef 61} SCSIDiskReq;
a917d384 62
d52affa7 63struct SCSIDiskState
a917d384 64{
d52affa7 65 SCSIDevice qdev;
428c149b 66 BlockDriverState *bs;
a917d384
PB		 67 /* The qemu block layer uses a fixed 512 byte sector size.
68 This is the number of 512 byte blocks in a single scsi sector. */
69 int cluster_size;
419e691f 70 uint32_t removable;
274fb0e1 71 uint64_t max_lba;
213189ab 72 QEMUBH *bh;
383b4d9b 73 char *version;
a0fef654 74 char *serial;
ece0d5e9 75 bool tray_open;
81b1008d 76 bool tray_locked;
2e5d83bb
PB		 77};
78
5dba48a8 79static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
78ced65e 80static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
5dba48a8 81
ad2d30f7 82static void scsi_free_request(SCSIRequest *req)
4d611c9a 83{
ad2d30f7
PB		 84 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
85
f8a83245 86 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 87}
88
b45ef674
PB		 89/* Helper function for command completion with sense. */
90static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 91{
02fa69b6
BS		 92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 96}
97
98/* Cancel a pending data transfer. */
5c6c0e51 99static void scsi_cancel_io(SCSIRequest *req)
4d611c9a 100{
5c6c0e51
HR		 101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 if (r->req.aiocb) {
105 bdrv_aio_cancel(r->req.aiocb);
a917d384 106 }
5c6c0e51 107 r->req.aiocb = NULL;
a917d384
PB		 108}
109
110static void scsi_read_complete(void * opaque, int ret)
111{
4c41d2ef 112 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 114 int n;
a917d384 115
8e321cc6
PB		 116 if (r->req.aiocb != NULL) {
117 r->req.aiocb = NULL;
118 bdrv_acct_done(s->bs, &r->acct);
119 }
a597e79c 120
a917d384 121 if (ret) {
5dba48a8
KW		 122 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
123 return;
124 }
4d611c9a 125 }
5dba48a8 126
aa2b1e89 127 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
a917d384 128
5dba48a8
KW		 129 n = r->iov.iov_len / 512;
130 r->sector += n;
131 r->sector_count -= n;
ab9adc88 132 scsi_req_data(&r->req, r->iov.iov_len);
4d611c9a
PB		 133}
134
0a4ac106
PB		 135static void scsi_flush_complete(void * opaque, int ret)
136{
137 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
139
140 if (r->req.aiocb != NULL) {
141 r->req.aiocb = NULL;
142 bdrv_acct_done(s->bs, &r->acct);
143 }
144
145 if (ret < 0) {
146 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
147 return;
148 }
149 }
150
151 scsi_req_complete(&r->req, GOOD);
152}
5dba48a8 153
5c6c0e51
HR		 154/* Read more data from scsi device into buffer. */
155static void scsi_read_data(SCSIRequest *req)
2e5d83bb 156{
5c6c0e51 157 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 158 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2e5d83bb
PB		 159 uint32_t n;
160
a917d384 161 if (r->sector_count == (uint32_t)-1) {
aa2b1e89 162 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
a917d384 163 r->sector_count = 0;
ab9adc88 164 scsi_req_data(&r->req, r->iov.iov_len);
a917d384 165 return;
2e5d83bb 166 }
a917d384
PB		 167 DPRINTF("Read sector_count=%d\n", r->sector_count);
168 if (r->sector_count == 0) {
b45ef674
PB		 169 /* This also clears the sense buffer for REQUEST SENSE. */
170 scsi_req_complete(&r->req, GOOD);
a917d384 171 return;
2e5d83bb
PB		 172 }
173
6fa2c95f
SH		 174 /* No data transfer may already be in progress */
175 assert(r->req.aiocb == NULL);
176
efb9ee02
HR		 177 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
178 DPRINTF("Data transfer direction invalid\n");
179 scsi_read_complete(r, -EINVAL);
180 return;
181 }
182
a917d384
PB		 183 n = r->sector_count;
184 if (n > SCSI_DMA_BUF_SIZE / 512)
185 n = SCSI_DMA_BUF_SIZE / 512;
186
a1aff5bf
MA		 187 if (s->tray_open) {
188 scsi_read_complete(r, -ENOMEDIUM);
189 }
c87c0672
AL		 190 r->iov.iov_len = n * 512;
191 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
a597e79c
CH		 192
193 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
428c149b 194 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
c87c0672 195 scsi_read_complete, r);
d33ea50a
KW		 196 if (r->req.aiocb == NULL) {
197 scsi_read_complete(r, -EIO);
198 }
2e5d83bb
PB		 199}
200
5dba48a8
KW		 201static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
202{
203 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
4c41d2ef 204 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5dba48a8 205 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
ea8a5d7f 206
380f640f 207 if (action == BLOCK_ERR_IGNORE) {
5dba48a8 208 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
ea8a5d7f 209 return 0;
380f640f 210 }
ea8a5d7f
AL		 211
212 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
213 || action == BLOCK_ERR_STOP_ANY) {
5dba48a8
KW		 214
215 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
216 r->status |= SCSI_REQ_STATUS_RETRY | type;
217
218 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
e07bbac5 219 vm_stop(VMSTOP_DISKFULL);
ea8a5d7f 220 } else {
efb9ee02
HR		 221 switch (error) {
222 case ENOMEM:
b45ef674 223 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 224 break;
225 case EINVAL:
b45ef674 226 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02
HR		 227 break;
228 default:
b45ef674 229 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 230 break;
a1f0cce2 231 }
5dba48a8 232 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
ea8a5d7f 233 }
ea8a5d7f
AL		 234 return 1;
235}
236
4d611c9a
PB		 237static void scsi_write_complete(void * opaque, int ret)
238{
4c41d2ef 239 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
a597e79c 240 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
a917d384 241 uint32_t len;
ea8a5d7f
AL		 242 uint32_t n;
243
8e321cc6
PB		 244 if (r->req.aiocb != NULL) {
245 r->req.aiocb = NULL;
246 bdrv_acct_done(s->bs, &r->acct);
247 }
a597e79c 248
4d611c9a 249 if (ret) {
5dba48a8 250 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
ea8a5d7f 251 return;
5dba48a8 252 }
4d611c9a
PB		 253 }
254
c87c0672 255 n = r->iov.iov_len / 512;
ea8a5d7f
AL		 256 r->sector += n;
257 r->sector_count -= n;
a917d384 258 if (r->sector_count == 0) {
b45ef674 259 scsi_req_complete(&r->req, GOOD);
a917d384
PB		 260 } else {
261 len = r->sector_count * 512;
262 if (len > SCSI_DMA_BUF_SIZE) {
263 len = SCSI_DMA_BUF_SIZE;
264 }
c87c0672 265 r->iov.iov_len = len;
4c41d2ef 266 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
ab9adc88 267 scsi_req_data(&r->req, len);
4d611c9a 268 }
4d611c9a
PB		 269}
270
42741212 271static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 272{
5c6c0e51 273 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ea8a5d7f
AL		 275 uint32_t n;
276
6fa2c95f
SH		 277 /* No data transfer may already be in progress */
278 assert(r->req.aiocb == NULL);
279
efb9ee02
HR		 280 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
281 DPRINTF("Data transfer direction invalid\n");
282 scsi_write_complete(r, -EINVAL);
42741212 283 return;
efb9ee02
HR		 284 }
285
c87c0672 286 n = r->iov.iov_len / 512;
ea8a5d7f 287 if (n) {
a1aff5bf
MA		 288 if (s->tray_open) {
289 scsi_write_complete(r, -ENOMEDIUM);
290 }
c87c0672 291 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
a597e79c
CH		 292
293 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
428c149b 294 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
c87c0672 295 scsi_write_complete, r);
d33ea50a 296 if (r->req.aiocb == NULL) {
a1f0cce2 297 scsi_write_complete(r, -ENOMEM);
d33ea50a 298 }
ea8a5d7f
AL		 299 } else {
300 /* Invoke completion routine to fetch data from host. */
301 scsi_write_complete(r, 0);
302 }
a917d384 303}
2e5d83bb 304
213189ab 305static void scsi_dma_restart_bh(void *opaque)
ea8a5d7f 306{
d52affa7 307 SCSIDiskState *s = opaque;
9af99d98
GH		 308 SCSIRequest *req;
309 SCSIDiskReq *r;
213189ab
MA		 310
311 qemu_bh_delete(s->bh);
312 s->bh = NULL;
ea8a5d7f 313
9af99d98
GH		 314 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
315 r = DO_UPCAST(SCSIDiskReq, req, req);
ea8a5d7f 316 if (r->status & SCSI_REQ_STATUS_RETRY) {
5dba48a8 317 int status = r->status;
78ced65e
KW		 318 int ret;
319
5dba48a8
KW		 320 r->status &=
321 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
322
323 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
324 case SCSI_REQ_STATUS_RETRY_READ:
5c6c0e51 325 scsi_read_data(&r->req);
5dba48a8
KW		 326 break;
327 case SCSI_REQ_STATUS_RETRY_WRITE:
5c6c0e51 328 scsi_write_data(&r->req);
5dba48a8 329 break;
78ced65e
KW		 330 case SCSI_REQ_STATUS_RETRY_FLUSH:
331 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
332 if (ret == 0) {
b45ef674 333 scsi_req_complete(&r->req, GOOD);
78ced65e 334 }
5dba48a8 335 }
ea8a5d7f 336 }
ea8a5d7f
AL		 337 }
338}
339
213189ab
MA		 340static void scsi_dma_restart_cb(void *opaque, int running, int reason)
341{
d52affa7 342 SCSIDiskState *s = opaque;
213189ab
MA		 343
344 if (!running)
345 return;
346
347 if (!s->bh) {
348 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
349 qemu_bh_schedule(s->bh);
350 }
351}
352
a917d384 353/* Return a pointer to the data buffer. */
5c6c0e51 354static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 355{
5c6c0e51 356 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 357
3f4cb3d3 358 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 359}
360
0b06c059
GH		 361static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
362{
383b4d9b 363 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059
GH		 364 int buflen = 0;
365
366 if (req->cmd.buf[1] & 0x2) {
367 /* Command support data - optional, not implemented */
368 BADF("optional INQUIRY command support request not implemented\n");
369 return -1;
370 }
371
372 if (req->cmd.buf[1] & 0x1) {
373 /* Vital product data */
374 uint8_t page_code = req->cmd.buf[2];
375 if (req->cmd.xfer < 4) {
376 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
377 "less than 4\n", page_code, req->cmd.xfer);
378 return -1;
379 }
380
f37bd73b 381 if (s->qdev.type == TYPE_ROM) {
0b06c059
GH		 382 outbuf[buflen++] = 5;
383 } else {
384 outbuf[buflen++] = 0;
385 }
386 outbuf[buflen++] = page_code ; // this page
387 outbuf[buflen++] = 0x00;
388
389 switch (page_code) {
390 case 0x00: /* Supported page codes, mandatory */
39d98982
HR		 391 {
392 int pages;
0b06c059
GH		 393 DPRINTF("Inquiry EVPD[Supported pages] "
394 "buffer size %zd\n", req->cmd.xfer);
39d98982 395 pages = buflen++;
0b06c059 396 outbuf[buflen++] = 0x00; // list of supported pages (this page)
3e1c0c9a
HR		 397 if (s->serial)
398 outbuf[buflen++] = 0x80; // unit serial number
0b06c059 399 outbuf[buflen++] = 0x83; // device identification
f37bd73b 400 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 401 outbuf[buflen++] = 0xb0; // block limits
402 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982
HR		 403 }
404 outbuf[pages] = buflen - pages - 1; // number of pages
0b06c059 405 break;
39d98982 406 }
0b06c059
GH		 407 case 0x80: /* Device serial number, optional */
408 {
3e1c0c9a 409 int l;
0b06c059 410
3e1c0c9a
HR		 411 if (!s->serial) {
412 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
413 return -1;
414 }
415
416 l = strlen(s->serial);
0b06c059
GH		 417 if (l > req->cmd.xfer)
418 l = req->cmd.xfer;
419 if (l > 20)
420 l = 20;
421
422 DPRINTF("Inquiry EVPD[Serial number] "
423 "buffer size %zd\n", req->cmd.xfer);
424 outbuf[buflen++] = l;
a0fef654 425 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 426 buflen += l;
427 break;
428 }
429
430 case 0x83: /* Device identification page, mandatory */
431 {
432 int max_len = 255 - 8;
428c149b 433 int id_len = strlen(bdrv_get_device_name(s->bs));
0b06c059
GH		 434
435 if (id_len > max_len)
436 id_len = max_len;
437 DPRINTF("Inquiry EVPD[Device identification] "
438 "buffer size %zd\n", req->cmd.xfer);
439
39d98982 440 outbuf[buflen++] = 4 + id_len;
0b06c059
GH		 441 outbuf[buflen++] = 0x2; // ASCII
442 outbuf[buflen++] = 0; // not officially assigned
443 outbuf[buflen++] = 0; // reserved
444 outbuf[buflen++] = id_len; // length of data following
445
428c149b 446 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
0b06c059
GH		 447 buflen += id_len;
448 break;
449 }
ea3bd56f 450 case 0xb0: /* block limits */
ee3659e3 451 {
ea3bd56f
CH		 452 unsigned int unmap_sectors =
453 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 454 unsigned int min_io_size =
455 s->qdev.conf.min_io_size / s->qdev.blocksize;
456 unsigned int opt_io_size =
457 s->qdev.conf.opt_io_size / s->qdev.blocksize;
ee3659e3 458
f37bd73b 459 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 460 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
461 page_code);
462 return -1;
463 }
ee3659e3
CH		 464 /* required VPD size with unmap support */
465 outbuf[3] = buflen = 0x3c;
466
467 memset(outbuf + 4, 0, buflen - 4);
468
469 /* optimal transfer length granularity */
470 outbuf[6] = (min_io_size >> 8) & 0xff;
471 outbuf[7] = min_io_size & 0xff;
472
473 /* optimal transfer length */
474 outbuf[12] = (opt_io_size >> 24) & 0xff;
475 outbuf[13] = (opt_io_size >> 16) & 0xff;
476 outbuf[14] = (opt_io_size >> 8) & 0xff;
477 outbuf[15] = opt_io_size & 0xff;
ea3bd56f
CH		 478
479 /* optimal unmap granularity */
480 outbuf[28] = (unmap_sectors >> 24) & 0xff;
481 outbuf[29] = (unmap_sectors >> 16) & 0xff;
482 outbuf[30] = (unmap_sectors >> 8) & 0xff;
483 outbuf[31] = unmap_sectors & 0xff;
484 break;
485 }
486 case 0xb2: /* thin provisioning */
487 {
488 outbuf[3] = buflen = 8;
489 outbuf[4] = 0;
490 outbuf[5] = 0x40; /* write same with unmap supported */
491 outbuf[6] = 0;
492 outbuf[7] = 0;
ee3659e3
CH		 493 break;
494 }
0b06c059
GH		 495 default:
496 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
497 "buffer size %zd\n", page_code, req->cmd.xfer);
498 return -1;
499 }
500 /* done with EVPD */
501 return buflen;
502 }
503
504 /* Standard INQUIRY data */
505 if (req->cmd.buf[2] != 0) {
506 BADF("Error: Inquiry (STANDARD) page or code "
507 "is non-zero [%02X]\n", req->cmd.buf[2]);
508 return -1;
509 }
510
511 /* PAGE CODE == 0 */
512 if (req->cmd.xfer < 5) {
513 BADF("Error: Inquiry (STANDARD) buffer size %zd "
514 "is less than 5\n", req->cmd.xfer);
515 return -1;
516 }
517
0b06c059
GH		 518 buflen = req->cmd.xfer;
519 if (buflen > SCSI_MAX_INQUIRY_LEN)
520 buflen = SCSI_MAX_INQUIRY_LEN;
521
522 memset(outbuf, 0, buflen);
523
f37bd73b
HR		 524 outbuf[0] = s->qdev.type & 0x1f;
525 if (s->qdev.type == TYPE_ROM) {
0b06c059 526 outbuf[1] = 0x80;
550fe6c6 527 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
0b06c059 528 } else {
419e691f 529 outbuf[1] = s->removable ? 0x80 : 0;
550fe6c6 530 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
0b06c059 531 }
550fe6c6 532 memcpy(&outbuf[8], "QEMU ", 8);
314b1811 533 memset(&outbuf[32], 0, 4);
552fee93 534 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 535 /*
536 * We claim conformance to SPC-3, which is required for guests
537 * to ask for modern features like READ CAPACITY(16) or the
538 * block characteristics VPD page by default. Not all of SPC-3
539 * is actually implemented, but we're good enough.
540 */
ee3659e3 541 outbuf[2] = 5;
0b06c059 542 outbuf[3] = 2; /* Format 2 */
ad3cea42
AT		 543
544 if (buflen > 36) {
545 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
546 } else {
547 /* If the allocation length of CDB is too small,
548 the additional length is not adjusted */
549 outbuf[4] = 36 - 5;
550 }
551
0b06c059
GH		 552 /* Sync data transfer and TCQ. */
553 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
554 return buflen;
555}
556
cfc606da 557static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 558 int page_control)
ebddfcbe 559{
428c149b 560 BlockDriverState *bdrv = s->bs;
ebddfcbe 561 int cylinders, heads, secs;
cfc606da 562 uint8_t *p = *p_outbuf;
ebddfcbe 563
282ab04e
BK		 564 /*
565 * If Changeable Values are requested, a mask denoting those mode parameters
566 * that are changeable shall be returned. As we currently don't support
567 * parameter changes via MODE_SELECT all bits are returned set to zero.
568 * The buffer was already menset to zero by the caller of this function.
569 */
ebddfcbe
GH		 570 switch (page) {
571 case 4: /* Rigid disk device geometry page. */
cfc606da
PB		 572 if (s->qdev.type == TYPE_ROM) {
573 return -1;
574 }
ebddfcbe
GH		 575 p[0] = 4;
576 p[1] = 0x16;
282ab04e 577 if (page_control == 1) { /* Changeable Values */
cfc606da 578 break;
282ab04e 579 }
ebddfcbe
GH		 580 /* if a geometry hint is available, use it */
581 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
582 p[2] = (cylinders >> 16) & 0xff;
583 p[3] = (cylinders >> 8) & 0xff;
584 p[4] = cylinders & 0xff;
585 p[5] = heads & 0xff;
586 /* Write precomp start cylinder, disabled */
587 p[6] = (cylinders >> 16) & 0xff;
588 p[7] = (cylinders >> 8) & 0xff;
589 p[8] = cylinders & 0xff;
590 /* Reduced current start cylinder, disabled */
591 p[9] = (cylinders >> 16) & 0xff;
592 p[10] = (cylinders >> 8) & 0xff;
593 p[11] = cylinders & 0xff;
594 /* Device step rate [ns], 200ns */
595 p[12] = 0;
596 p[13] = 200;
597 /* Landing zone cylinder */
598 p[14] = 0xff;
599 p[15] = 0xff;
600 p[16] = 0xff;
601 /* Medium rotation rate [rpm], 5400 rpm */
602 p[20] = (5400 >> 8) & 0xff;
603 p[21] = 5400 & 0xff;
cfc606da 604 break;
ebddfcbe
GH		 605
606 case 5: /* Flexible disk device geometry page. */
cfc606da
PB		 607 if (s->qdev.type == TYPE_ROM) {
608 return -1;
609 }
ebddfcbe
GH		 610 p[0] = 5;
611 p[1] = 0x1e;
282ab04e 612 if (page_control == 1) { /* Changeable Values */
cfc606da 613 break;
282ab04e 614 }
ebddfcbe
GH		 615 /* Transfer rate [kbit/s], 5Mbit/s */
616 p[2] = 5000 >> 8;
617 p[3] = 5000 & 0xff;
618 /* if a geometry hint is available, use it */
619 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
620 p[4] = heads & 0xff;
621 p[5] = secs & 0xff;
622 p[6] = s->cluster_size * 2;
623 p[8] = (cylinders >> 8) & 0xff;
624 p[9] = cylinders & 0xff;
625 /* Write precomp start cylinder, disabled */
626 p[10] = (cylinders >> 8) & 0xff;
627 p[11] = cylinders & 0xff;
628 /* Reduced current start cylinder, disabled */
629 p[12] = (cylinders >> 8) & 0xff;
630 p[13] = cylinders & 0xff;
631 /* Device step rate [100us], 100us */
632 p[14] = 0;
633 p[15] = 1;
634 /* Device step pulse width [us], 1us */
635 p[16] = 1;
636 /* Device head settle delay [100us], 100us */
637 p[17] = 0;
638 p[18] = 1;
639 /* Motor on delay [0.1s], 0.1s */
640 p[19] = 1;
641 /* Motor off delay [0.1s], 0.1s */
642 p[20] = 1;
643 /* Medium rotation rate [rpm], 5400 rpm */
644 p[28] = (5400 >> 8) & 0xff;
645 p[29] = 5400 & 0xff;
cfc606da 646 break;
ebddfcbe
GH		 647
648 case 8: /* Caching page. */
649 p[0] = 8;
650 p[1] = 0x12;
282ab04e 651 if (page_control == 1) { /* Changeable Values */
cfc606da 652 break;
282ab04e 653 }
428c149b 654 if (bdrv_enable_write_cache(s->bs)) {
ebddfcbe
GH		 655 p[2] = 4; /* WCE */
656 }
cfc606da 657 break;
ebddfcbe
GH		 658
659 case 0x2a: /* CD Capabilities and Mechanical Status page. */
cfc606da
PB		 660 if (s->qdev.type != TYPE_ROM) {
661 return -1;
662 }
ebddfcbe
GH		 663 p[0] = 0x2a;
664 p[1] = 0x14;
282ab04e 665 if (page_control == 1) { /* Changeable Values */
cfc606da 666 break;
282ab04e 667 }
ebddfcbe
GH		 668 p[2] = 3; // CD-R & CD-RW read
669 p[3] = 0; // Writing not supported
670 p[4] = 0x7f; /* Audio, composite, digital out,
671 mode 2 form 1&2, multi session */
672 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
673 RW corrected, C2 errors, ISRC,
674 UPC, Bar code */
81b1008d 675 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe
GH		 676 /* Locking supported, jumper present, eject, tray */
677 p[7] = 0; /* no volume & mute control, no
678 changer */
679 p[8] = (50 * 176) >> 8; // 50x read speed
680 p[9] = (50 * 176) & 0xff;
681 p[10] = 0 >> 8; // No volume
682 p[11] = 0 & 0xff;
683 p[12] = 2048 >> 8; // 2M buffer
684 p[13] = 2048 & 0xff;
685 p[14] = (16 * 176) >> 8; // 16x read speed current
686 p[15] = (16 * 176) & 0xff;
687 p[18] = (16 * 176) >> 8; // 16x write speed
688 p[19] = (16 * 176) & 0xff;
689 p[20] = (16 * 176) >> 8; // 16x write speed current
690 p[21] = (16 * 176) & 0xff;
cfc606da 691 break;
ebddfcbe
GH		 692
693 default:
cfc606da 694 return -1;
ebddfcbe 695 }
cfc606da
PB		 696
697 *p_outbuf += p[1] + 2;
698 return p[1] + 2;
ebddfcbe
GH		 699}
700
cfc606da 701static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 702{
cfc606da 703 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 704 uint64_t nb_sectors;
cfc606da 705 int page, dbd, buflen, ret, page_control;
ebddfcbe 706 uint8_t *p;
ce512ee1 707 uint8_t dev_specific_param;
ebddfcbe 708
cfc606da
PB		 709 dbd = r->req.cmd.buf[1] & 0x8;
710 page = r->req.cmd.buf[2] & 0x3f;
711 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 712 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 713 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
714 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 715 p = outbuf;
716
0056dcc1 717 if (bdrv_is_read_only(s->bs)) {
ce512ee1
BK		 718 dev_specific_param = 0x80; /* Readonly. */
719 } else {
720 dev_specific_param = 0x00;
721 }
722
cfc606da 723 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 724 p[1] = 0; /* Default media type. */
725 p[2] = dev_specific_param;
726 p[3] = 0; /* Block descriptor length. */
727 p += 4;
728 } else { /* MODE_SENSE_10 */
729 p[2] = 0; /* Default media type. */
730 p[3] = dev_specific_param;
731 p[6] = p[7] = 0; /* Block descriptor length. */
732 p += 8;
ebddfcbe 733 }
ebddfcbe 734
428c149b 735 bdrv_get_geometry(s->bs, &nb_sectors);
333d50fe 736 if (!dbd && nb_sectors) {
cfc606da 737 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 738 outbuf[3] = 8; /* Block descriptor length */
739 } else { /* MODE_SENSE_10 */
740 outbuf[7] = 8; /* Block descriptor length */
741 }
ebddfcbe 742 nb_sectors /= s->cluster_size;
ebddfcbe 743 if (nb_sectors > 0xffffff)
2488b740 744 nb_sectors = 0;
ebddfcbe
GH		 745 p[0] = 0; /* media density code */
746 p[1] = (nb_sectors >> 16) & 0xff;
747 p[2] = (nb_sectors >> 8) & 0xff;
748 p[3] = nb_sectors & 0xff;
749 p[4] = 0; /* reserved */
750 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
751 p[6] = s->cluster_size * 2;
752 p[7] = 0;
753 p += 8;
754 }
755
cfc606da
PB		 756 if (page_control == 3) {
757 /* Saved Values */
758 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
759 return -1;
282ab04e
BK		 760 }
761
cfc606da
PB		 762 if (page == 0x3f) {
763 for (page = 0; page <= 0x3e; page++) {
764 mode_sense_page(s, page, &p, page_control);
765 }
766 } else {
767 ret = mode_sense_page(s, page, &p, page_control);
768 if (ret == -1) {
769 return -1;
770 }
ebddfcbe
GH		 771 }
772
773 buflen = p - outbuf;
ce512ee1
BK		 774 /*
775 * The mode data length field specifies the length in bytes of the
776 * following data that is available to be transferred. The mode data
777 * length does not include itself.
778 */
cfc606da 779 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 780 outbuf[0] = buflen - 1;
781 } else { /* MODE_SENSE_10 */
782 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
783 outbuf[1] = (buflen - 2) & 0xff;
784 }
cfc606da
PB		 785 if (buflen > r->req.cmd.xfer)
786 buflen = r->req.cmd.xfer;
ebddfcbe
GH		 787 return buflen;
788}
789
02880f43
GH		 790static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
791{
792 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 793 int start_track, format, msf, toclen;
794 uint64_t nb_sectors;
795
796 msf = req->cmd.buf[1] & 2;
797 format = req->cmd.buf[2] & 0xf;
798 start_track = req->cmd.buf[6];
428c149b 799 bdrv_get_geometry(s->bs, &nb_sectors);
02880f43
GH		 800 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
801 nb_sectors /= s->cluster_size;
802 switch (format) {
803 case 0:
804 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
805 break;
806 case 1:
807 /* multi session : only a single session defined */
808 toclen = 12;
809 memset(outbuf, 0, 12);
810 outbuf[1] = 0x0a;
811 outbuf[2] = 0x01;
812 outbuf[3] = 0x01;
813 break;
814 case 2:
815 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
816 break;
817 default:
818 return -1;
819 }
820 if (toclen > req->cmd.xfer)
821 toclen = req->cmd.xfer;
822 return toclen;
823}
824
68bb01f3 825static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 826{
827 SCSIRequest *req = &r->req;
828 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
829 bool start = req->cmd.buf[4] & 1;
830 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
831
832 if (s->qdev.type == TYPE_ROM && loej) {
68bb01f3
MA		 833 if (!start && !s->tray_open && s->tray_locked) {
834 scsi_check_condition(r,
835 bdrv_is_inserted(s->bs)
836 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
837 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
838 return -1;
fdec4404 839 }
bfd52647 840 bdrv_eject(s->bs, !start);
ece0d5e9 841 s->tray_open = !start;
bfd52647 842 }
68bb01f3 843 return 0;
bfd52647
MA		 844}
845
8af7a3ab 846static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
aa5dbdc1 847{
8af7a3ab 848 SCSIRequest *req = &r->req;
e7e25e32 849 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 850 uint64_t nb_sectors;
aa5dbdc1
GH		 851 int buflen = 0;
852
853 switch (req->cmd.buf[0]) {
854 case TEST_UNIT_READY:
a1aff5bf 855 if (s->tray_open || !bdrv_is_inserted(s->bs))
aa5dbdc1 856 goto not_ready;
5f71d32f 857 break;
0b06c059
GH		 858 case INQUIRY:
859 buflen = scsi_disk_emulate_inquiry(req, outbuf);
860 if (buflen < 0)
861 goto illegal_request;
5f71d32f 862 break;
ebddfcbe
GH		 863 case MODE_SENSE:
864 case MODE_SENSE_10:
cfc606da 865 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
ebddfcbe
GH		 866 if (buflen < 0)
867 goto illegal_request;
868 break;
02880f43
GH		 869 case READ_TOC:
870 buflen = scsi_disk_emulate_read_toc(req, outbuf);
871 if (buflen < 0)
872 goto illegal_request;
873 break;
3d53ba18
GH		 874 case RESERVE:
875 if (req->cmd.buf[1] & 1)
876 goto illegal_request;
877 break;
878 case RESERVE_10:
879 if (req->cmd.buf[1] & 3)
880 goto illegal_request;
881 break;
882 case RELEASE:
883 if (req->cmd.buf[1] & 1)
884 goto illegal_request;
885 break;
886 case RELEASE_10:
887 if (req->cmd.buf[1] & 3)
888 goto illegal_request;
889 break;
8d3628ff 890 case START_STOP:
68bb01f3
MA		 891 if (scsi_disk_emulate_start_stop(r) < 0) {
892 return -1;
893 }
5f71d32f 894 break;
c68b9f34 895 case ALLOW_MEDIUM_REMOVAL:
81b1008d 896 s->tray_locked = req->cmd.buf[4] & 1;
025e849a 897 bdrv_lock_medium(s->bs, req->cmd.buf[4] & 1);
5f71d32f 898 break;
5e30a07d 899 case READ_CAPACITY_10:
e7e25e32 900 /* The normal LEN field for this command is zero. */
5f71d32f
HR		 901 memset(outbuf, 0, 8);
902 bdrv_get_geometry(s->bs, &nb_sectors);
e7e25e32
GH		 903 if (!nb_sectors)
904 goto not_ready;
905 nb_sectors /= s->cluster_size;
906 /* Returned value is the address of the last sector. */
907 nb_sectors--;
908 /* Remember the new size for read/write sanity checking. */
909 s->max_lba = nb_sectors;
910 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
911 if (nb_sectors > UINT32_MAX)
912 nb_sectors = UINT32_MAX;
913 outbuf[0] = (nb_sectors >> 24) & 0xff;
914 outbuf[1] = (nb_sectors >> 16) & 0xff;
915 outbuf[2] = (nb_sectors >> 8) & 0xff;
916 outbuf[3] = nb_sectors & 0xff;
917 outbuf[4] = 0;
918 outbuf[5] = 0;
919 outbuf[6] = s->cluster_size * 2;
920 outbuf[7] = 0;
921 buflen = 8;
5f71d32f 922 break;
38215553
GH		 923 case GET_CONFIGURATION:
924 memset(outbuf, 0, 8);
925 /* ??? This should probably return much more information. For now
926 just return the basic header indicating the CD-ROM profile. */
927 outbuf[7] = 8; // CD-ROM
928 buflen = 8;
929 break;
f6515262 930 case SERVICE_ACTION_IN_16:
5dd90e2a 931 /* Service Action In subcommands. */
f6515262 932 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 933 DPRINTF("SAI READ CAPACITY(16)\n");
934 memset(outbuf, 0, req->cmd.xfer);
428c149b 935 bdrv_get_geometry(s->bs, &nb_sectors);
5dd90e2a
GH		 936 if (!nb_sectors)
937 goto not_ready;
938 nb_sectors /= s->cluster_size;
939 /* Returned value is the address of the last sector. */
940 nb_sectors--;
941 /* Remember the new size for read/write sanity checking. */
942 s->max_lba = nb_sectors;
943 outbuf[0] = (nb_sectors >> 56) & 0xff;
944 outbuf[1] = (nb_sectors >> 48) & 0xff;
945 outbuf[2] = (nb_sectors >> 40) & 0xff;
946 outbuf[3] = (nb_sectors >> 32) & 0xff;
947 outbuf[4] = (nb_sectors >> 24) & 0xff;
948 outbuf[5] = (nb_sectors >> 16) & 0xff;
949 outbuf[6] = (nb_sectors >> 8) & 0xff;
950 outbuf[7] = nb_sectors & 0xff;
951 outbuf[8] = 0;
952 outbuf[9] = 0;
953 outbuf[10] = s->cluster_size * 2;
954 outbuf[11] = 0;
ee3659e3
CH		 955 outbuf[12] = 0;
956 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 957
958 /* set TPE bit if the format supports discard */
959 if (s->qdev.conf.discard_granularity) {
960 outbuf[14] = 0x80;
961 }
962
5dd90e2a
GH		 963 /* Protection, exponent and lowest lba field left blank. */
964 buflen = req->cmd.xfer;
965 break;
966 }
967 DPRINTF("Unsupported Service Action In\n");
968 goto illegal_request;
5e30a07d 969 case VERIFY_10:
88f8a5ed 970 break;
aa5dbdc1 971 default:
b45ef674 972 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 973 return -1;
aa5dbdc1 974 }
aa5dbdc1
GH		 975 return buflen;
976
977not_ready:
a1aff5bf 978 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
b45ef674 979 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
a1f0cce2 980 } else {
b45ef674 981 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
a1f0cce2 982 }
8af7a3ab 983 return -1;
aa5dbdc1
GH		 984
985illegal_request:
cfc606da
PB		 986 if (r->req.status == -1) {
987 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
988 }
8af7a3ab 989 return -1;
aa5dbdc1
GH		 990}
991
2e5d83bb
PB		 992/* Execute a scsi command. Returns the length of the data expected by the
993 command. This will be Positive for data transfers from the device
994 (eg. disk reads), negative for transfers to the device (eg. disk writes),
995 and zero if the command does not transfer any data. */
996
5c6c0e51 997static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 998{
5c6c0e51
HR		 999 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1000 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
ad2d30f7 1001 int32_t len;
a917d384
PB		 1002 uint8_t command;
1003 uint8_t *outbuf;
aa5dbdc1 1004 int rc;
a917d384
PB		 1005
1006 command = buf[0];
3f4cb3d3 1007 outbuf = (uint8_t *)r->iov.iov_base;
653c1c3f 1008 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
2dd791b6 1009
2e5d83bb
PB		 1010#ifdef DEBUG_SCSI
1011 {
1012 int i;
2dd791b6 1013 for (i = 1; i < r->req.cmd.len; i++) {
2e5d83bb
PB		 1014 printf(" 0x%02x", buf[i]);
1015 }
1016 printf("\n");
1017 }
1018#endif
aa5dbdc1 1019
a917d384 1020 switch (command) {
ebf46023 1021 case TEST_UNIT_READY:
0b06c059 1022 case INQUIRY:
ebddfcbe
GH		 1023 case MODE_SENSE:
1024 case MODE_SENSE_10:
3d53ba18
GH		 1025 case RESERVE:
1026 case RESERVE_10:
1027 case RELEASE:
1028 case RELEASE_10:
8d3628ff 1029 case START_STOP:
c68b9f34 1030 case ALLOW_MEDIUM_REMOVAL:
5e30a07d 1031 case READ_CAPACITY_10:
02880f43 1032 case READ_TOC:
38215553 1033 case GET_CONFIGURATION:
f6515262 1034 case SERVICE_ACTION_IN_16:
5e30a07d 1035 case VERIFY_10:
8af7a3ab
KW		 1036 rc = scsi_disk_emulate_command(r, outbuf);
1037 if (rc < 0) {
0b06c059 1038 return 0;
aa5dbdc1 1039 }
8af7a3ab
KW		 1040
1041 r->iov.iov_len = rc;
0b06c059 1042 break;
0a4ac106
PB		 1043 case SYNCHRONIZE_CACHE:
1044 bdrv_acct_start(s->bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1045 r->req.aiocb = bdrv_aio_flush(s->bs, scsi_flush_complete, r);
1046 if (r->req.aiocb == NULL) {
1047 scsi_flush_complete(r, -EIO);
1048 }
1049 return 0;
ebf46023
GH		 1050 case READ_6:
1051 case READ_10:
bd536cf3
GH		 1052 case READ_12:
1053 case READ_16:
5c6c0e51 1054 len = r->req.cmd.xfer / s->qdev.blocksize;
2dd791b6
HR		 1055 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1056 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1057 goto illegal_lba;
2dd791b6 1058 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1059 r->sector_count = len * s->cluster_size;
2e5d83bb 1060 break;
ebf46023
GH		 1061 case WRITE_6:
1062 case WRITE_10:
bd536cf3
GH		 1063 case WRITE_12:
1064 case WRITE_16:
5e30a07d 1065 case WRITE_VERIFY_10:
ebef0bbb
BK		 1066 case WRITE_VERIFY_12:
1067 case WRITE_VERIFY_16:
5c6c0e51 1068 len = r->req.cmd.xfer / s->qdev.blocksize;
ebef0bbb 1069 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
2dd791b6
HR		 1070 (command & 0xe) == 0xe ? "And Verify " : "",
1071 r->req.cmd.lba, len);
1072 if (r->req.cmd.lba > s->max_lba)
274fb0e1 1073 goto illegal_lba;
2dd791b6 1074 r->sector = r->req.cmd.lba * s->cluster_size;
a917d384 1075 r->sector_count = len * s->cluster_size;
2e5d83bb 1076 break;
ebef0bbb 1077 case MODE_SELECT:
2dd791b6 1078 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1079 /* We don't support mode parameter changes.
1080 Allow the mode parameter header + block descriptors only. */
2dd791b6 1081 if (r->req.cmd.xfer > 12) {
ebef0bbb
BK		 1082 goto fail;
1083 }
1084 break;
1085 case MODE_SELECT_10:
2dd791b6 1086 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
ebef0bbb
BK		 1087 /* We don't support mode parameter changes.
1088 Allow the mode parameter header + block descriptors only. */
2dd791b6 1089 if (r->req.cmd.xfer > 16) {
ebef0bbb
BK		 1090 goto fail;
1091 }
1092 break;
1093 case SEEK_6:
1094 case SEEK_10:
2dd791b6
HR		 1095 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1096 r->req.cmd.lba);
1097 if (r->req.cmd.lba > s->max_lba) {
ebef0bbb
BK		 1098 goto illegal_lba;
1099 }
ea3bd56f
CH		 1100 break;
1101 case WRITE_SAME_16:
5c6c0e51 1102 len = r->req.cmd.xfer / s->qdev.blocksize;
ea3bd56f
CH		 1103
1104 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1105 r->req.cmd.lba, len);
1106
1107 if (r->req.cmd.lba > s->max_lba) {
1108 goto illegal_lba;
1109 }
1110
1111 /*
1112 * We only support WRITE SAME with the unmap bit set for now.
1113 */
1114 if (!(buf[1] & 0x8)) {
1115 goto fail;
1116 }
1117
1118 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1119 len * s->cluster_size);
1120 if (rc < 0) {
1121 /* XXX: better error code ?*/
1122 goto fail;
1123 }
1124
ebef0bbb 1125 break;
739df215
PB		 1126 case REQUEST_SENSE:
1127 abort();
2e5d83bb 1128 default:
2dd791b6 1129 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
b45ef674 1130 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
a1f0cce2 1131 return 0;
2e5d83bb 1132 fail:
b45ef674 1133 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2dd791b6 1134 return 0;
274fb0e1 1135 illegal_lba:
b45ef674 1136 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 1137 return 0;
2e5d83bb 1138 }
c87c0672 1139 if (r->sector_count == 0 && r->iov.iov_len == 0) {
b45ef674 1140 scsi_req_complete(&r->req, GOOD);
a917d384 1141 }
c87c0672 1142 len = r->sector_count * 512 + r->iov.iov_len;
efb9ee02
HR		 1143 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1144 return -len;
a917d384
PB		 1145 } else {
1146 if (!r->sector_count)
1147 r->sector_count = -1;
efb9ee02 1148 return len;
2e5d83bb 1149 }
2e5d83bb
PB		 1150}
1151
e9447f35
JK		 1152static void scsi_disk_reset(DeviceState *dev)
1153{
1154 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1155 uint64_t nb_sectors;
1156
c7b48872 1157 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35
JK		 1158
1159 bdrv_get_geometry(s->bs, &nb_sectors);
1160 nb_sectors /= s->cluster_size;
1161 if (nb_sectors) {
1162 nb_sectors--;
1163 }
1164 s->max_lba = nb_sectors;
1165}
1166
1167static void scsi_destroy(SCSIDevice *dev)
1168{
1169 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1170
c7b48872 1171 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
f8b6cc00 1172 blockdev_mark_auto_del(s->qdev.conf.bs);
56a14938
GH		 1173}
1174
2c6942fa
MA		 1175static void scsi_cd_change_media_cb(void *opaque)
1176{
1177}
1178
e4def80b
MA		 1179static bool scsi_cd_is_tray_open(void *opaque)
1180{
1181 return ((SCSIDiskState *)opaque)->tray_open;
1182}
1183
f107639a
MA		 1184static bool scsi_cd_is_medium_locked(void *opaque)
1185{
1186 return ((SCSIDiskState *)opaque)->tray_locked;
1187}
1188
1189static const BlockDevOps scsi_cd_block_ops = {
2c6942fa 1190 .change_media_cb = scsi_cd_change_media_cb,
e4def80b 1191 .is_tray_open = scsi_cd_is_tray_open,
f107639a
MA		 1192 .is_medium_locked = scsi_cd_is_medium_locked,
1193};
1194
f37bd73b 1195static int scsi_initfn(SCSIDevice *dev, uint8_t scsi_type)
2e5d83bb 1196{
d52affa7 1197 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
f8b6cc00 1198 DriveInfo *dinfo;
2e5d83bb 1199
f8b6cc00 1200 if (!s->qdev.conf.bs) {
1ecda02b 1201 error_report("scsi-disk: drive property not set");
d52affa7
GH		 1202 return -1;
1203 }
f8b6cc00 1204 s->bs = s->qdev.conf.bs;
d52affa7 1205
f37bd73b 1206 if (scsi_type == TYPE_DISK && !bdrv_is_inserted(s->bs)) {
98f28ad7
MA		 1207 error_report("Device needs media, but drive is empty");
1208 return -1;
1209 }
1210
a0fef654 1211 if (!s->serial) {
f8b6cc00
MA		 1212 /* try to fall back to value set with legacy -drive serial=... */
1213 dinfo = drive_get_by_blockdev(s->bs);
3e1c0c9a 1214 if (*dinfo->serial) {
7267c094 1215 s->serial = g_strdup(dinfo->serial);
3e1c0c9a 1216 }
a0fef654
MA		 1217 }
1218
552fee93 1219 if (!s->version) {
7267c094 1220 s->version = g_strdup(QEMU_VERSION);
552fee93
MA		 1221 }
1222
32bb404a 1223 if (bdrv_is_sg(s->bs)) {
1ecda02b 1224 error_report("scsi-disk: unwanted /dev/sg*");
32bb404a
MA		 1225 return -1;
1226 }
1227
f37bd73b 1228 if (scsi_type == TYPE_ROM) {
f107639a 1229 bdrv_set_dev_ops(s->bs, &scsi_cd_block_ops, s);
8cfacf07 1230 s->qdev.blocksize = 2048;
f37bd73b 1231 } else if (scsi_type == TYPE_DISK) {
8cfacf07 1232 s->qdev.blocksize = s->qdev.conf.logical_block_size;
f37bd73b
HR		 1233 } else {
1234 error_report("scsi-disk: Unhandled SCSI type %02x", scsi_type);
1235 return -1;
2e5d83bb 1236 }
8cfacf07 1237 s->cluster_size = s->qdev.blocksize / 512;
73fdb1e1 1238 s->bs->buffer_alignment = s->qdev.blocksize;
8cfacf07 1239
f37bd73b 1240 s->qdev.type = scsi_type;
ea8a5d7f 1241 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1ca4d09a 1242 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
d52affa7
GH		 1243 return 0;
1244}
1245
b443ae67
MA		 1246static int scsi_hd_initfn(SCSIDevice *dev)
1247{
f37bd73b 1248 return scsi_initfn(dev, TYPE_DISK);
b443ae67
MA		 1249}
1250
1251static int scsi_cd_initfn(SCSIDevice *dev)
1252{
f37bd73b 1253 return scsi_initfn(dev, TYPE_ROM);
b443ae67
MA		 1254}
1255
1256static int scsi_disk_initfn(SCSIDevice *dev)
1257{
95b5edcd 1258 DriveInfo *dinfo;
f37bd73b 1259 uint8_t scsi_type;
b443ae67
MA		 1260
1261 if (!dev->conf.bs) {
f37bd73b 1262 scsi_type = TYPE_DISK; /* will die in scsi_initfn() */
b443ae67 1263 } else {
95b5edcd 1264 dinfo = drive_get_by_blockdev(dev->conf.bs);
f37bd73b 1265 scsi_type = dinfo->media_cd ? TYPE_ROM : TYPE_DISK;
b443ae67
MA		 1266 }
1267
f37bd73b 1268 return scsi_initfn(dev, scsi_type);
b443ae67
MA		 1269}
1270
8dbd4574
PB		 1271static SCSIReqOps scsi_disk_reqops = {
1272 .size = sizeof(SCSIDiskReq),
12010e7b
PB		 1273 .free_req = scsi_free_request,
1274 .send_command = scsi_send_command,
1275 .read_data = scsi_read_data,
1276 .write_data = scsi_write_data,
1277 .cancel_io = scsi_cancel_io,
1278 .get_buf = scsi_get_buf,
8dbd4574
PB		 1279};
1280
1281static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
1282 uint32_t lun, void *hba_private)
1283{
1284 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1285 SCSIRequest *req;
1286 SCSIDiskReq *r;
1287
1288 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1289 r = DO_UPCAST(SCSIDiskReq, req, req);
1290 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
1291 return req;
1292}
1293
b443ae67
MA		 1294#define DEFINE_SCSI_DISK_PROPERTIES() \
1295 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1296 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1297 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1298
1299static SCSIDeviceInfo scsi_disk_info[] = {
1300 {
1301 .qdev.name = "scsi-hd",
1302 .qdev.fw_name = "disk",
1303 .qdev.desc = "virtual SCSI disk",
1304 .qdev.size = sizeof(SCSIDiskState),
1305 .qdev.reset = scsi_disk_reset,
1306 .init = scsi_hd_initfn,
1307 .destroy = scsi_destroy,
5c6c0e51 1308 .alloc_req = scsi_new_request,
b443ae67
MA		 1309 .qdev.props = (Property[]) {
1310 DEFINE_SCSI_DISK_PROPERTIES(),
1311 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1312 DEFINE_PROP_END_OF_LIST(),
1313 }
1314 },{
1315 .qdev.name = "scsi-cd",
1316 .qdev.fw_name = "disk",
1317 .qdev.desc = "virtual SCSI CD-ROM",
1318 .qdev.size = sizeof(SCSIDiskState),
1319 .qdev.reset = scsi_disk_reset,
1320 .init = scsi_cd_initfn,
1321 .destroy = scsi_destroy,
5c6c0e51 1322 .alloc_req = scsi_new_request,
b443ae67
MA		 1323 .qdev.props = (Property[]) {
1324 DEFINE_SCSI_DISK_PROPERTIES(),
1325 DEFINE_PROP_END_OF_LIST(),
1326 },
1327 },{
1328 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1329 .qdev.fw_name = "disk",
1330 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1331 .qdev.size = sizeof(SCSIDiskState),
1332 .qdev.reset = scsi_disk_reset,
1333 .init = scsi_disk_initfn,
1334 .destroy = scsi_destroy,
5c6c0e51 1335 .alloc_req = scsi_new_request,
b443ae67
MA		 1336 .qdev.props = (Property[]) {
1337 DEFINE_SCSI_DISK_PROPERTIES(),
1338 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1339 DEFINE_PROP_END_OF_LIST(),
1340 }
1341 }
d52affa7
GH		 1342};
1343
1344static void scsi_disk_register_devices(void)
1345{
b443ae67
MA		 1346 int i;
1347
1348 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1349 scsi_qdev_register(&scsi_disk_info[i]);
1350 }
8ccc2ace 1351}
d52affa7 1352device_init(scsi_disk_register_devices)
Qemu copy for testing