[mirror_qemu.git] / hw / virtio-scsi.c

/*
 * Virtio SCSI HBA
 *
 * Copyright IBM, Corp. 2010
 * Copyright Red Hat, Inc. 2011
 *
 * Authors:
 *   Stefan Hajnoczi    <stefanha@linux.vnet.ibm.com>
 *   Paolo Bonzini      <pbonzini@redhat.com>
 *
 * This work is licensed under the terms of the GNU GPL, version 2 or later.
 * See the COPYING file in the top-level directory.
 *
 */

#include "virtio-scsi.h"
#include <hw/scsi.h>
#include <hw/scsi-defs.h>

#define VIRTIO_SCSI_VQ_SIZE     128
#define VIRTIO_SCSI_CDB_SIZE    32
#define VIRTIO_SCSI_SENSE_SIZE  96
#define VIRTIO_SCSI_MAX_CHANNEL 0
#define VIRTIO_SCSI_MAX_TARGET  255
#define VIRTIO_SCSI_MAX_LUN     16383

/* Response codes */
#define VIRTIO_SCSI_S_OK                       0
#define VIRTIO_SCSI_S_OVERRUN                  1
#define VIRTIO_SCSI_S_ABORTED                  2
#define VIRTIO_SCSI_S_BAD_TARGET               3
#define VIRTIO_SCSI_S_RESET                    4
#define VIRTIO_SCSI_S_BUSY                     5
#define VIRTIO_SCSI_S_TRANSPORT_FAILURE        6
#define VIRTIO_SCSI_S_TARGET_FAILURE           7
#define VIRTIO_SCSI_S_NEXUS_FAILURE            8
#define VIRTIO_SCSI_S_FAILURE                  9
#define VIRTIO_SCSI_S_FUNCTION_SUCCEEDED       10
#define VIRTIO_SCSI_S_FUNCTION_REJECTED        11
#define VIRTIO_SCSI_S_INCORRECT_LUN            12

/* Controlq type codes.  */
#define VIRTIO_SCSI_T_TMF                      0
#define VIRTIO_SCSI_T_AN_QUERY                 1
#define VIRTIO_SCSI_T_AN_SUBSCRIBE             2

/* Valid TMF subtypes.  */
#define VIRTIO_SCSI_T_TMF_ABORT_TASK           0
#define VIRTIO_SCSI_T_TMF_ABORT_TASK_SET       1
#define VIRTIO_SCSI_T_TMF_CLEAR_ACA            2
#define VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET       3
#define VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET      4
#define VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET   5
#define VIRTIO_SCSI_T_TMF_QUERY_TASK           6
#define VIRTIO_SCSI_T_TMF_QUERY_TASK_SET       7

/* Events.  */
#define VIRTIO_SCSI_T_EVENTS_MISSED            0x80000000
#define VIRTIO_SCSI_T_NO_EVENT                 0
#define VIRTIO_SCSI_T_TRANSPORT_RESET          1
#define VIRTIO_SCSI_T_ASYNC_NOTIFY             2

/* SCSI command request, followed by data-out */
typedef struct {
    uint8_t lun[8];              /* Logical Unit Number */
    uint64_t tag;                /* Command identifier */
    uint8_t task_attr;           /* Task attribute */
    uint8_t prio;
    uint8_t crn;
    uint8_t cdb[];
} QEMU_PACKED VirtIOSCSICmdReq;

/* Response, followed by sense data and data-in */
typedef struct {
    uint32_t sense_len;          /* Sense data length */
    uint32_t resid;              /* Residual bytes in data buffer */
    uint16_t status_qualifier;   /* Status qualifier */
    uint8_t status;              /* Command completion status */
    uint8_t response;            /* Response values */
    uint8_t sense[];
} QEMU_PACKED VirtIOSCSICmdResp;

/* Task Management Request */
typedef struct {
    uint32_t type;
    uint32_t subtype;
    uint8_t lun[8];
    uint64_t tag;
} QEMU_PACKED VirtIOSCSICtrlTMFReq;

typedef struct {
    uint8_t response;
} QEMU_PACKED VirtIOSCSICtrlTMFResp;

/* Asynchronous notification query/subscription */
typedef struct {
    uint32_t type;
    uint8_t lun[8];
    uint32_t event_requested;
} QEMU_PACKED VirtIOSCSICtrlANReq;

typedef struct {
    uint32_t event_actual;
    uint8_t response;
} QEMU_PACKED VirtIOSCSICtrlANResp;

typedef struct {
    uint32_t event;
    uint8_t lun[8];
    uint32_t reason;
} QEMU_PACKED VirtIOSCSIEvent;

typedef struct {
    uint32_t num_queues;
    uint32_t seg_max;
    uint32_t max_sectors;
    uint32_t cmd_per_lun;
    uint32_t event_info_size;
    uint32_t sense_size;
    uint32_t cdb_size;
    uint16_t max_channel;
    uint16_t max_target;
    uint32_t max_lun;
} QEMU_PACKED VirtIOSCSIConfig;

typedef struct {
    VirtIODevice vdev;
    DeviceState *qdev;
    VirtIOSCSIConf *conf;

    SCSIBus bus;
    VirtQueue *ctrl_vq;
    VirtQueue *event_vq;
    VirtQueue *cmd_vq;
    uint32_t sense_size;
    uint32_t cdb_size;
} VirtIOSCSI;

typedef struct VirtIOSCSIReq {
    VirtIOSCSI *dev;
    VirtQueue *vq;
    VirtQueueElement elem;
    QEMUSGList qsgl;
    SCSIRequest *sreq;
    union {
        char                  *buf;
        VirtIOSCSICmdReq      *cmd;
        VirtIOSCSICtrlTMFReq  *tmf;
        VirtIOSCSICtrlANReq   *an;
    } req;
    union {
        char                  *buf;
        VirtIOSCSICmdResp     *cmd;
        VirtIOSCSICtrlTMFResp *tmf;
        VirtIOSCSICtrlANResp  *an;
        VirtIOSCSIEvent       *event;
    } resp;
} VirtIOSCSIReq;

static inline int virtio_scsi_get_lun(uint8_t *lun)
{
    return ((lun[2] << 8) | lun[3]) & 0x3FFF;
}

static inline SCSIDevice *virtio_scsi_device_find(VirtIOSCSI *s, uint8_t *lun)
{
    if (lun[0] != 1) {
        return NULL;
    }
    if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) {
        return NULL;
    }
    return scsi_device_find(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun));
}

static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
{
    VirtIOSCSI *s = req->dev;
    VirtQueue *vq = req->vq;
    virtqueue_push(vq, &req->elem, req->qsgl.size + req->elem.in_sg[0].iov_len);
    qemu_sglist_destroy(&req->qsgl);
    if (req->sreq) {
        req->sreq->hba_private = NULL;
        scsi_req_unref(req->sreq);
    }
    g_free(req);
    virtio_notify(&s->vdev, vq);
}

static void virtio_scsi_bad_req(void)
{
    error_report("wrong size for virtio-scsi headers");
    exit(1);
}

static void qemu_sgl_init_external(QEMUSGList *qsgl, struct iovec *sg,
                                   target_phys_addr_t *addr, int num)
{
    memset(qsgl, 0, sizeof(*qsgl));
    while (num--) {
        qemu_sglist_add(qsgl, *(addr++), (sg++)->iov_len);
    }
}

static void virtio_scsi_parse_req(VirtIOSCSI *s, VirtQueue *vq,
                                  VirtIOSCSIReq *req)
{
    assert(req->elem.out_num && req->elem.in_num);
    req->vq = vq;
    req->dev = s;
    req->sreq = NULL;
    req->req.buf = req->elem.out_sg[0].iov_base;
    req->resp.buf = req->elem.in_sg[0].iov_base;

    if (req->elem.out_num > 1) {
        qemu_sgl_init_external(&req->qsgl, &req->elem.out_sg[1],
                               &req->elem.out_addr[1],
                               req->elem.out_num - 1);
    } else {
        qemu_sgl_init_external(&req->qsgl, &req->elem.in_sg[1],
                               &req->elem.in_addr[1],
                               req->elem.in_num - 1);
    }
}

static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, VirtQueue *vq)
{
    VirtIOSCSIReq *req;
    req = g_malloc(sizeof(*req));
    if (!virtqueue_pop(vq, &req->elem)) {
        g_free(req);
        return NULL;
    }

    virtio_scsi_parse_req(s, vq, req);
    return req;
}

static void virtio_scsi_fail_ctrl_req(VirtIOSCSIReq *req)
{
    if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
        req->resp.tmf->response = VIRTIO_SCSI_S_FAILURE;
    } else {
        req->resp.an->response = VIRTIO_SCSI_S_FAILURE;
    }

    virtio_scsi_complete_req(req);
}

static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
{
    VirtIOSCSI *s = (VirtIOSCSI *)vdev;
    VirtIOSCSIReq *req;

    while ((req = virtio_scsi_pop_req(s, vq))) {
        virtio_scsi_fail_ctrl_req(req);
    }
}

static void virtio_scsi_command_complete(SCSIRequest *r, uint32_t status,
                                         size_t resid)
{
    VirtIOSCSIReq *req = r->hba_private;

    req->resp.cmd->response = VIRTIO_SCSI_S_OK;
    req->resp.cmd->status = status;
    if (req->resp.cmd->status == GOOD) {
        req->resp.cmd->resid = resid;
    } else {
        req->resp.cmd->resid = 0;
        req->resp.cmd->sense_len =
            scsi_req_get_sense(r, req->resp.cmd->sense, VIRTIO_SCSI_SENSE_SIZE);
    }
    virtio_scsi_complete_req(req);
}

static QEMUSGList *virtio_scsi_get_sg_list(SCSIRequest *r)
{
    VirtIOSCSIReq *req = r->hba_private;

    return &req->qsgl;
}

static void virtio_scsi_request_cancelled(SCSIRequest *r)
{
    VirtIOSCSIReq *req = r->hba_private;

    if (!req) {
        return;
    }
    req->resp.cmd->response = VIRTIO_SCSI_S_ABORTED;
    virtio_scsi_complete_req(req);
}

static void virtio_scsi_fail_cmd_req(VirtIOSCSIReq *req)
{
    req->resp.cmd->response = VIRTIO_SCSI_S_FAILURE;
    virtio_scsi_complete_req(req);
}

static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
{
    VirtIOSCSI *s = (VirtIOSCSI *)vdev;
    VirtIOSCSIReq *req;
    int n;

    while ((req = virtio_scsi_pop_req(s, vq))) {
        SCSIDevice *d;
        int out_size, in_size;
        if (req->elem.out_num < 1 || req->elem.in_num < 1) {
            virtio_scsi_bad_req();
        }

        out_size = req->elem.out_sg[0].iov_len;
        in_size = req->elem.in_sg[0].iov_len;
        if (out_size < sizeof(VirtIOSCSICmdReq) + s->cdb_size ||
            in_size < sizeof(VirtIOSCSICmdResp) + s->sense_size) {
            virtio_scsi_bad_req();
        }

        if (req->elem.out_num > 1 && req->elem.in_num > 1) {
            virtio_scsi_fail_cmd_req(req);
            continue;
        }

        d = virtio_scsi_device_find(s, req->req.cmd->lun);
        if (!d) {
            req->resp.cmd->response = VIRTIO_SCSI_S_BAD_TARGET;
            virtio_scsi_complete_req(req);
            continue;
        }
        req->sreq = scsi_req_new(d, req->req.cmd->tag,
                                 virtio_scsi_get_lun(req->req.cmd->lun),
                                 req->req.cmd->cdb, req);

        if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
            int req_mode =
                (req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV);

            if (req->sreq->cmd.mode != req_mode ||
                req->sreq->cmd.xfer > req->qsgl.size) {
                req->resp.cmd->response = VIRTIO_SCSI_S_OVERRUN;
                virtio_scsi_complete_req(req);
                continue;
            }
        }

        n = scsi_req_enqueue(req->sreq);
        if (n) {
            scsi_req_continue(req->sreq);
        }
    }
}

static void virtio_scsi_get_config(VirtIODevice *vdev,
                                   uint8_t *config)
{
    VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config;
    VirtIOSCSI *s = (VirtIOSCSI *)vdev;

    stl_raw(&scsiconf->num_queues, s->conf->num_queues);
    stl_raw(&scsiconf->seg_max, 128 - 2);
    stl_raw(&scsiconf->max_sectors, s->conf->max_sectors);
    stl_raw(&scsiconf->cmd_per_lun, s->conf->cmd_per_lun);
    stl_raw(&scsiconf->event_info_size, sizeof(VirtIOSCSIEvent));
    stl_raw(&scsiconf->sense_size, s->sense_size);
    stl_raw(&scsiconf->cdb_size, s->cdb_size);
    stl_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
    stl_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
    stl_raw(&scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN);
}

static void virtio_scsi_set_config(VirtIODevice *vdev,
                                   const uint8_t *config)
{
    VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config;
    VirtIOSCSI *s = (VirtIOSCSI *)vdev;

    if ((uint32_t) ldl_raw(&scsiconf->sense_size) >= 65536 ||
        (uint32_t) ldl_raw(&scsiconf->cdb_size) >= 256) {
        error_report("bad data written to virtio-scsi configuration space");
        exit(1);
    }

    s->sense_size = ldl_raw(&scsiconf->sense_size);
    s->cdb_size = ldl_raw(&scsiconf->cdb_size);
}

static uint32_t virtio_scsi_get_features(VirtIODevice *vdev,
                                         uint32_t requested_features)
{
    return requested_features;
}

static void virtio_scsi_reset(VirtIODevice *vdev)
{
    VirtIOSCSI *s = (VirtIOSCSI *)vdev;

    s->sense_size = VIRTIO_SCSI_SENSE_SIZE;
    s->cdb_size = VIRTIO_SCSI_CDB_SIZE;
}

static struct SCSIBusInfo virtio_scsi_scsi_info = {
    .tcq = true,
    .max_channel = VIRTIO_SCSI_MAX_CHANNEL,
    .max_target = VIRTIO_SCSI_MAX_TARGET,
    .max_lun = VIRTIO_SCSI_MAX_LUN,

    .complete = virtio_scsi_command_complete,
    .cancel = virtio_scsi_request_cancelled,
    .get_sg_list = virtio_scsi_get_sg_list,
};

VirtIODevice *virtio_scsi_init(DeviceState *dev, VirtIOSCSIConf *proxyconf)
{
    VirtIOSCSI *s;

    s = (VirtIOSCSI *)virtio_common_init("virtio-scsi", VIRTIO_ID_SCSI,
                                         sizeof(VirtIOSCSIConfig),
                                         sizeof(VirtIOSCSI));

    s->qdev = dev;
    s->conf = proxyconf;

    /* TODO set up vdev function pointers */
    s->vdev.get_config = virtio_scsi_get_config;
    s->vdev.set_config = virtio_scsi_set_config;
    s->vdev.get_features = virtio_scsi_get_features;
    s->vdev.reset = virtio_scsi_reset;

    s->ctrl_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
                                   virtio_scsi_handle_ctrl);
    s->event_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
                                   NULL);
    s->cmd_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
                                   virtio_scsi_handle_cmd);

    scsi_bus_new(&s->bus, dev, &virtio_scsi_scsi_info);
    if (!dev->hotplugged) {
        scsi_bus_legacy_handle_cmdline(&s->bus);
    }

    /* TODO savevm */

    return &s->vdev;
}

void virtio_scsi_exit(VirtIODevice *vdev)
{
    virtio_cleanup(vdev);
}
Commit	Line	Data
973abc7f SH	1	/*
	2	* Virtio SCSI HBA
	3	*
	4	* Copyright IBM, Corp. 2010
	5	* Copyright Red Hat, Inc. 2011
	6	*
	7	* Authors:
	8	* Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
	9	* Paolo Bonzini <pbonzini@redhat.com>
	10	*
	11	* This work is licensed under the terms of the GNU GPL, version 2 or later.
	12	* See the COPYING file in the top-level directory.
	13	*
	14	*/
	15
	16	#include "virtio-scsi.h"
	17	#include <hw/scsi.h>
	18	#include <hw/scsi-defs.h>
	19
	20	#define VIRTIO_SCSI_VQ_SIZE 128
	21	#define VIRTIO_SCSI_CDB_SIZE 32
	22	#define VIRTIO_SCSI_SENSE_SIZE 96
	23	#define VIRTIO_SCSI_MAX_CHANNEL 0
	24	#define VIRTIO_SCSI_MAX_TARGET 255
	25	#define VIRTIO_SCSI_MAX_LUN 16383
	26
	27	/* Response codes */
	28	#define VIRTIO_SCSI_S_OK 0
	29	#define VIRTIO_SCSI_S_OVERRUN 1
	30	#define VIRTIO_SCSI_S_ABORTED 2
	31	#define VIRTIO_SCSI_S_BAD_TARGET 3
	32	#define VIRTIO_SCSI_S_RESET 4
	33	#define VIRTIO_SCSI_S_BUSY 5
	34	#define VIRTIO_SCSI_S_TRANSPORT_FAILURE 6
	35	#define VIRTIO_SCSI_S_TARGET_FAILURE 7
	36	#define VIRTIO_SCSI_S_NEXUS_FAILURE 8
	37	#define VIRTIO_SCSI_S_FAILURE 9
	38	#define VIRTIO_SCSI_S_FUNCTION_SUCCEEDED 10
	39	#define VIRTIO_SCSI_S_FUNCTION_REJECTED 11
	40	#define VIRTIO_SCSI_S_INCORRECT_LUN 12
	41
	42	/* Controlq type codes. */
	43	#define VIRTIO_SCSI_T_TMF 0
	44	#define VIRTIO_SCSI_T_AN_QUERY 1
	45	#define VIRTIO_SCSI_T_AN_SUBSCRIBE 2
	46
	47	/* Valid TMF subtypes. */
	48	#define VIRTIO_SCSI_T_TMF_ABORT_TASK 0
	49	#define VIRTIO_SCSI_T_TMF_ABORT_TASK_SET 1
	50	#define VIRTIO_SCSI_T_TMF_CLEAR_ACA 2
	51	#define VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET 3
	52	#define VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET 4
	53	#define VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET 5
	54	#define VIRTIO_SCSI_T_TMF_QUERY_TASK 6
	55	#define VIRTIO_SCSI_T_TMF_QUERY_TASK_SET 7
	56
	57	/* Events. */
	58	#define VIRTIO_SCSI_T_EVENTS_MISSED 0x80000000
	59	#define VIRTIO_SCSI_T_NO_EVENT 0
	60	#define VIRTIO_SCSI_T_TRANSPORT_RESET 1
	61	#define VIRTIO_SCSI_T_ASYNC_NOTIFY 2
	62
	63	/* SCSI command request, followed by data-out */
	64	typedef struct {
65	uint8_t lun[8]; /* Logical Unit Number */
66	uint64_t tag; /* Command identifier */
67	uint8_t task_attr; /* Task attribute */
68	uint8_t prio;
69	uint8_t crn;
70	uint8_t cdb[];
71	} QEMU_PACKED VirtIOSCSICmdReq;
72
73	/* Response, followed by sense data and data-in */
74	typedef struct {
75	uint32_t sense_len; /* Sense data length */
76	uint32_t resid; /* Residual bytes in data buffer */
77	uint16_t status_qualifier; /* Status qualifier */
78	uint8_t status; /* Command completion status */
79	uint8_t response; /* Response values */
80	uint8_t sense[];
81	} QEMU_PACKED VirtIOSCSICmdResp;
82
83	/* Task Management Request */
84	typedef struct {
85	uint32_t type;
86	uint32_t subtype;
87	uint8_t lun[8];
88	uint64_t tag;
89	} QEMU_PACKED VirtIOSCSICtrlTMFReq;
90
91	typedef struct {
92	uint8_t response;
93	} QEMU_PACKED VirtIOSCSICtrlTMFResp;
94
95	/* Asynchronous notification query/subscription */
96	typedef struct {
97	uint32_t type;
98	uint8_t lun[8];
99	uint32_t event_requested;
100	} QEMU_PACKED VirtIOSCSICtrlANReq;
101
102	typedef struct {
103	uint32_t event_actual;
104	uint8_t response;
105	} QEMU_PACKED VirtIOSCSICtrlANResp;
106
107	typedef struct {
108	uint32_t event;
109	uint8_t lun[8];
110	uint32_t reason;
111	} QEMU_PACKED VirtIOSCSIEvent;
112
113	typedef struct {
114	uint32_t num_queues;
115	uint32_t seg_max;
116	uint32_t max_sectors;
117	uint32_t cmd_per_lun;
118	uint32_t event_info_size;
119	uint32_t sense_size;
120	uint32_t cdb_size;
121	uint16_t max_channel;
122	uint16_t max_target;
123	uint32_t max_lun;
124	} QEMU_PACKED VirtIOSCSIConfig;
125
126	typedef struct {
127	VirtIODevice vdev;
128	DeviceState *qdev;
129	VirtIOSCSIConf *conf;
130
2ccdcd8d	131	SCSIBus bus;
973abc7f SH	132	VirtQueue *ctrl_vq;
	133	VirtQueue *event_vq;
	134	VirtQueue *cmd_vq;
	135	uint32_t sense_size;
	136	uint32_t cdb_size;
	137	} VirtIOSCSI;
	138
326799c0 SH	139	typedef struct VirtIOSCSIReq {
	140	VirtIOSCSI *dev;
	141	VirtQueue *vq;
	142	VirtQueueElement elem;
	143	QEMUSGList qsgl;
	144	SCSIRequest *sreq;
	145	union {
	146	char *buf;
	147	VirtIOSCSICmdReq *cmd;
	148	VirtIOSCSICtrlTMFReq *tmf;
	149	VirtIOSCSICtrlANReq *an;
	150	} req;
	151	union {
	152	char *buf;
	153	VirtIOSCSICmdResp *cmd;
	154	VirtIOSCSICtrlTMFResp *tmf;
	155	VirtIOSCSICtrlANResp *an;
	156	VirtIOSCSIEvent *event;
	157	} resp;
	158	} VirtIOSCSIReq;
	159
2ccdcd8d PB	160	static inline int virtio_scsi_get_lun(uint8_t *lun)
	161	{
	162	return ((lun[2] << 8) \| lun[3]) & 0x3FFF;
	163	}
	164
	165	static inline SCSIDevice virtio_scsi_device_find(VirtIOSCSI s, uint8_t *lun)
	166	{
	167	if (lun[0] != 1) {
	168	return NULL;
	169	}
	170	if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) {
	171	return NULL;
	172	}
	173	return scsi_device_find(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun));
	174	}
	175
326799c0 SH	176	static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
	177	{
	178	VirtIOSCSI *s = req->dev;
	179	VirtQueue *vq = req->vq;
	180	virtqueue_push(vq, &req->elem, req->qsgl.size + req->elem.in_sg[0].iov_len);
	181	qemu_sglist_destroy(&req->qsgl);
	182	if (req->sreq) {
	183	req->sreq->hba_private = NULL;
	184	scsi_req_unref(req->sreq);
	185	}
	186	g_free(req);
	187	virtio_notify(&s->vdev, vq);
	188	}
	189
	190	static void virtio_scsi_bad_req(void)
	191	{
	192	error_report("wrong size for virtio-scsi headers");
	193	exit(1);
	194	}
	195
	196	static void qemu_sgl_init_external(QEMUSGList qsgl, struct iovec sg,
	197	target_phys_addr_t *addr, int num)
	198	{
	199	memset(qsgl, 0, sizeof(*qsgl));
	200	while (num--) {
	201	qemu_sglist_add(qsgl, *(addr++), (sg++)->iov_len);
	202	}
	203	}
	204
	205	static void virtio_scsi_parse_req(VirtIOSCSI s, VirtQueue vq,
	206	VirtIOSCSIReq *req)
	207	{
	208	assert(req->elem.out_num && req->elem.in_num);
	209	req->vq = vq;
	210	req->dev = s;
	211	req->sreq = NULL;
	212	req->req.buf = req->elem.out_sg[0].iov_base;
	213	req->resp.buf = req->elem.in_sg[0].iov_base;
	214
	215	if (req->elem.out_num > 1) {
	216	qemu_sgl_init_external(&req->qsgl, &req->elem.out_sg[1],
	217	&req->elem.out_addr[1],
	218	req->elem.out_num - 1);
	219	} else {
	220	qemu_sgl_init_external(&req->qsgl, &req->elem.in_sg[1],
	221	&req->elem.in_addr[1],
	222	req->elem.in_num - 1);
	223	}
	224	}
	225
	226	static VirtIOSCSIReq virtio_scsi_pop_req(VirtIOSCSI s, VirtQueue *vq)
	227	{
	228	VirtIOSCSIReq *req;
	229	req = g_malloc(sizeof(*req));
	230	if (!virtqueue_pop(vq, &req->elem)) {
	231	g_free(req);
	232	return NULL;
	233	}
	234
	235	virtio_scsi_parse_req(s, vq, req);
	236	return req;
	237	}
	238
	239	static void virtio_scsi_fail_ctrl_req(VirtIOSCSIReq *req)
240	{
241	if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
242	req->resp.tmf->response = VIRTIO_SCSI_S_FAILURE;
243	} else {
244	req->resp.an->response = VIRTIO_SCSI_S_FAILURE;
245	}
246
247	virtio_scsi_complete_req(req);
248	}
249
973abc7f SH	250	static void virtio_scsi_handle_ctrl(VirtIODevice vdev, VirtQueue vq)
973abc7f SH	251	{
326799c0 SH	252	VirtIOSCSI s = (VirtIOSCSI )vdev;
	253	VirtIOSCSIReq *req;
	254
	255	while ((req = virtio_scsi_pop_req(s, vq))) {
	256	virtio_scsi_fail_ctrl_req(req);
	257	}
	258	}
	259
2ccdcd8d PB	260	static void virtio_scsi_command_complete(SCSIRequest *r, uint32_t status,
	261	size_t resid)
	262	{
	263	VirtIOSCSIReq *req = r->hba_private;
	264
	265	req->resp.cmd->response = VIRTIO_SCSI_S_OK;
	266	req->resp.cmd->status = status;
	267	if (req->resp.cmd->status == GOOD) {
	268	req->resp.cmd->resid = resid;
	269	} else {
	270	req->resp.cmd->resid = 0;
	271	req->resp.cmd->sense_len =
	272	scsi_req_get_sense(r, req->resp.cmd->sense, VIRTIO_SCSI_SENSE_SIZE);
	273	}
	274	virtio_scsi_complete_req(req);
	275	}
	276
	277	static QEMUSGList virtio_scsi_get_sg_list(SCSIRequest r)
	278	{
	279	VirtIOSCSIReq *req = r->hba_private;
	280
	281	return &req->qsgl;
	282	}
	283
	284	static void virtio_scsi_request_cancelled(SCSIRequest *r)
	285	{
	286	VirtIOSCSIReq *req = r->hba_private;
	287
	288	if (!req) {
	289	return;
	290	}
	291	req->resp.cmd->response = VIRTIO_SCSI_S_ABORTED;
	292	virtio_scsi_complete_req(req);
	293	}
	294
	295	static void virtio_scsi_fail_cmd_req(VirtIOSCSIReq *req)
326799c0 SH	296	{
	297	req->resp.cmd->response = VIRTIO_SCSI_S_FAILURE;
	298	virtio_scsi_complete_req(req);
973abc7f SH	299	}
	300
	301	static void virtio_scsi_handle_cmd(VirtIODevice vdev, VirtQueue vq)
	302	{
326799c0 SH	303	VirtIOSCSI s = (VirtIOSCSI )vdev;
326799c0 SH	304	VirtIOSCSIReq *req;
2ccdcd8d	305	int n;
326799c0 SH	306
326799c0 SH	307	while ((req = virtio_scsi_pop_req(s, vq))) {
2ccdcd8d	308	SCSIDevice *d;
326799c0 SH	309	int out_size, in_size;
	310	if (req->elem.out_num < 1 \|\| req->elem.in_num < 1) {
	311	virtio_scsi_bad_req();
	312	}
	313
	314	out_size = req->elem.out_sg[0].iov_len;
	315	in_size = req->elem.in_sg[0].iov_len;
	316	if (out_size < sizeof(VirtIOSCSICmdReq) + s->cdb_size \|\|
	317	in_size < sizeof(VirtIOSCSICmdResp) + s->sense_size) {
	318	virtio_scsi_bad_req();
	319	}
	320
	321	if (req->elem.out_num > 1 && req->elem.in_num > 1) {
2ccdcd8d	322	virtio_scsi_fail_cmd_req(req);
326799c0 SH	323	continue;
	324	}
	325
2ccdcd8d PB	326	d = virtio_scsi_device_find(s, req->req.cmd->lun);
	327	if (!d) {
	328	req->resp.cmd->response = VIRTIO_SCSI_S_BAD_TARGET;
	329	virtio_scsi_complete_req(req);
	330	continue;
	331	}
	332	req->sreq = scsi_req_new(d, req->req.cmd->tag,
	333	virtio_scsi_get_lun(req->req.cmd->lun),
	334	req->req.cmd->cdb, req);
	335
	336	if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
	337	int req_mode =
	338	(req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV);
	339
	340	if (req->sreq->cmd.mode != req_mode \|\|
	341	req->sreq->cmd.xfer > req->qsgl.size) {
	342	req->resp.cmd->response = VIRTIO_SCSI_S_OVERRUN;
	343	virtio_scsi_complete_req(req);
	344	continue;
	345	}
	346	}
	347
	348	n = scsi_req_enqueue(req->sreq);
	349	if (n) {
	350	scsi_req_continue(req->sreq);
	351	}
326799c0	352	}
973abc7f SH	353	}
	354
	355	static void virtio_scsi_get_config(VirtIODevice *vdev,
	356	uint8_t *config)
	357	{
	358	VirtIOSCSIConfig scsiconf = (VirtIOSCSIConfig )config;
	359	VirtIOSCSI s = (VirtIOSCSI )vdev;
	360
	361	stl_raw(&scsiconf->num_queues, s->conf->num_queues);
	362	stl_raw(&scsiconf->seg_max, 128 - 2);
	363	stl_raw(&scsiconf->max_sectors, s->conf->max_sectors);
	364	stl_raw(&scsiconf->cmd_per_lun, s->conf->cmd_per_lun);
	365	stl_raw(&scsiconf->event_info_size, sizeof(VirtIOSCSIEvent));
	366	stl_raw(&scsiconf->sense_size, s->sense_size);
	367	stl_raw(&scsiconf->cdb_size, s->cdb_size);
	368	stl_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
	369	stl_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
	370	stl_raw(&scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN);
	371	}
	372
	373	static void virtio_scsi_set_config(VirtIODevice *vdev,
	374	const uint8_t *config)
	375	{
	376	VirtIOSCSIConfig scsiconf = (VirtIOSCSIConfig )config;
	377	VirtIOSCSI s = (VirtIOSCSI )vdev;
	378
	379	if ((uint32_t) ldl_raw(&scsiconf->sense_size) >= 65536 \|\|
	380	(uint32_t) ldl_raw(&scsiconf->cdb_size) >= 256) {
	381	error_report("bad data written to virtio-scsi configuration space");
	382	exit(1);
	383	}
	384
	385	s->sense_size = ldl_raw(&scsiconf->sense_size);
	386	s->cdb_size = ldl_raw(&scsiconf->cdb_size);
	387	}
	388
	389	static uint32_t virtio_scsi_get_features(VirtIODevice *vdev,
	390	uint32_t requested_features)
	391	{
	392	return requested_features;
	393	}
	394
	395	static void virtio_scsi_reset(VirtIODevice *vdev)
	396	{
	397	VirtIOSCSI s = (VirtIOSCSI )vdev;
	398
	399	s->sense_size = VIRTIO_SCSI_SENSE_SIZE;
	400	s->cdb_size = VIRTIO_SCSI_CDB_SIZE;
	401	}
	402
2ccdcd8d PB	403	static struct SCSIBusInfo virtio_scsi_scsi_info = {
	404	.tcq = true,
	405	.max_channel = VIRTIO_SCSI_MAX_CHANNEL,
	406	.max_target = VIRTIO_SCSI_MAX_TARGET,
	407	.max_lun = VIRTIO_SCSI_MAX_LUN,
	408
	409	.complete = virtio_scsi_command_complete,
	410	.cancel = virtio_scsi_request_cancelled,
	411	.get_sg_list = virtio_scsi_get_sg_list,
	412	};
	413
973abc7f SH	414	VirtIODevice virtio_scsi_init(DeviceState dev, VirtIOSCSIConf *proxyconf)
	415	{
	416	VirtIOSCSI *s;
	417
	418	s = (VirtIOSCSI *)virtio_common_init("virtio-scsi", VIRTIO_ID_SCSI,
	419	sizeof(VirtIOSCSIConfig),
	420	sizeof(VirtIOSCSI));
	421
	422	s->qdev = dev;
	423	s->conf = proxyconf;
	424
	425	/* TODO set up vdev function pointers */
	426	s->vdev.get_config = virtio_scsi_get_config;
	427	s->vdev.set_config = virtio_scsi_set_config;
	428	s->vdev.get_features = virtio_scsi_get_features;
	429	s->vdev.reset = virtio_scsi_reset;
	430
	431	s->ctrl_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
	432	virtio_scsi_handle_ctrl);
	433	s->event_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
	434	NULL);
	435	s->cmd_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE,
	436	virtio_scsi_handle_cmd);
	437
2ccdcd8d PB	438	scsi_bus_new(&s->bus, dev, &virtio_scsi_scsi_info);
	439	if (!dev->hotplugged) {
	440	scsi_bus_legacy_handle_cmdline(&s->bus);
	441	}
	442
973abc7f SH	443	/* TODO savevm */
	444
	445	return &s->vdev;
	446	}
	447
	448	void virtio_scsi_exit(VirtIODevice *vdev)
	449	{
	450	virtio_cleanup(vdev);
	451	}