]> git.proxmox.com Git - qemu.git/blame_incremental - hw/scsi/scsi-disk.c
projects / qemu.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
rng-egd: remove redundant free
[qemu.git] / hw / scsi / scsi-disk.c
... / ...
CommitLineData
1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27#else
28#define DPRINTF(fmt, ...) do {} while(0)
29#endif
30
31#include "qemu-common.h"
32#include "qemu/error-report.h"
33#include "hw/scsi/scsi.h"
34#include "block/scsi.h"
35#include "sysemu/sysemu.h"
36#include "sysemu/blockdev.h"
37#include "hw/block/block.h"
38#include "sysemu/dma.h"
39
40#ifdef __linux
41#include <scsi/sg.h>
42#endif
43
44#define SCSI_DMA_BUF_SIZE 131072
45#define SCSI_MAX_INQUIRY_LEN 256
46#define SCSI_MAX_MODE_LEN 256
47
48#define DEFAULT_DISCARD_GRANULARITY 4096
49
50typedef struct SCSIDiskState SCSIDiskState;
51
52typedef struct SCSIDiskReq {
53 SCSIRequest req;
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
55 uint64_t sector;
56 uint32_t sector_count;
57 uint32_t buflen;
58 bool started;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 BlockAcctCookie acct;
62} SCSIDiskReq;
63
64#define SCSI_DISK_F_REMOVABLE 0
65#define SCSI_DISK_F_DPOFUA 1
66#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
67
68struct SCSIDiskState
69{
70 SCSIDevice qdev;
71 uint32_t features;
72 bool media_changed;
73 bool media_event;
74 bool eject_request;
75 uint64_t wwn;
76 QEMUBH *bh;
77 char *version;
78 char *serial;
79 char *vendor;
80 char *product;
81 bool tray_open;
82 bool tray_locked;
83};
84
85static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
86
87static void scsi_free_request(SCSIRequest *req)
88{
89 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
90
91 qemu_vfree(r->iov.iov_base);
92}
93
94/* Helper function for command completion with sense. */
95static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
96{
97 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
98 r->req.tag, sense.key, sense.asc, sense.ascq);
99 scsi_req_build_sense(&r->req, sense);
100 scsi_req_complete(&r->req, CHECK_CONDITION);
101}
102
103/* Cancel a pending data transfer. */
104static void scsi_cancel_io(SCSIRequest *req)
105{
106 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
107
108 DPRINTF("Cancel tag=0x%x\n", req->tag);
109 if (r->req.aiocb) {
110 bdrv_aio_cancel(r->req.aiocb);
111
112 /* This reference was left in by scsi_*_data. We take ownership of
113 * it the moment scsi_req_cancel is called, independent of whether
114 * bdrv_aio_cancel completes the request or not. */
115 scsi_req_unref(&r->req);
116 }
117 r->req.aiocb = NULL;
118}
119
120static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
121{
122 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
123
124 if (!r->iov.iov_base) {
125 r->buflen = size;
126 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
127 }
128 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
129 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
130 return r->qiov.size / 512;
131}
132
133static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
134{
135 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
136
137 qemu_put_be64s(f, &r->sector);
138 qemu_put_be32s(f, &r->sector_count);
139 qemu_put_be32s(f, &r->buflen);
140 if (r->buflen) {
141 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
142 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
143 } else if (!req->retry) {
144 uint32_t len = r->iov.iov_len;
145 qemu_put_be32s(f, &len);
146 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
147 }
148 }
149}
150
151static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
152{
153 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
154
155 qemu_get_be64s(f, &r->sector);
156 qemu_get_be32s(f, &r->sector_count);
157 qemu_get_be32s(f, &r->buflen);
158 if (r->buflen) {
159 scsi_init_iovec(r, r->buflen);
160 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
161 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
162 } else if (!r->req.retry) {
163 uint32_t len;
164 qemu_get_be32s(f, &len);
165 r->iov.iov_len = len;
166 assert(r->iov.iov_len <= r->buflen);
167 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
168 }
169 }
170
171 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
172}
173
174static void scsi_aio_complete(void *opaque, int ret)
175{
176 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
177 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
178
179 assert(r->req.aiocb != NULL);
180 r->req.aiocb = NULL;
181 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
182 if (r->req.io_canceled) {
183 goto done;
184 }
185
186 if (ret < 0) {
187 if (scsi_handle_rw_error(r, -ret)) {
188 goto done;
189 }
190 }
191
192 scsi_req_complete(&r->req, GOOD);
193
194done:
195 if (!r->req.io_canceled) {
196 scsi_req_unref(&r->req);
197 }
198}
199
200static bool scsi_is_cmd_fua(SCSICommand *cmd)
201{
202 switch (cmd->buf[0]) {
203 case READ_10:
204 case READ_12:
205 case READ_16:
206 case WRITE_10:
207 case WRITE_12:
208 case WRITE_16:
209 return (cmd->buf[1] & 8) != 0;
210
211 case VERIFY_10:
212 case VERIFY_12:
213 case VERIFY_16:
214 case WRITE_VERIFY_10:
215 case WRITE_VERIFY_12:
216 case WRITE_VERIFY_16:
217 return true;
218
219 case READ_6:
220 case WRITE_6:
221 default:
222 return false;
223 }
224}
225
226static void scsi_write_do_fua(SCSIDiskReq *r)
227{
228 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
229
230 if (r->req.io_canceled) {
231 goto done;
232 }
233
234 if (scsi_is_cmd_fua(&r->req.cmd)) {
235 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
236 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
237 return;
238 }
239
240 scsi_req_complete(&r->req, GOOD);
241
242done:
243 if (!r->req.io_canceled) {
244 scsi_req_unref(&r->req);
245 }
246}
247
248static void scsi_dma_complete_noio(void *opaque, int ret)
249{
250 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
251 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
252
253 if (r->req.aiocb != NULL) {
254 r->req.aiocb = NULL;
255 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
256 }
257 if (r->req.io_canceled) {
258 goto done;
259 }
260
261 if (ret < 0) {
262 if (scsi_handle_rw_error(r, -ret)) {
263 goto done;
264 }
265 }
266
267 r->sector += r->sector_count;
268 r->sector_count = 0;
269 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
270 scsi_write_do_fua(r);
271 return;
272 } else {
273 scsi_req_complete(&r->req, GOOD);
274 }
275
276done:
277 if (!r->req.io_canceled) {
278 scsi_req_unref(&r->req);
279 }
280}
281
282static void scsi_dma_complete(void *opaque, int ret)
283{
284 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
285
286 assert(r->req.aiocb != NULL);
287 scsi_dma_complete_noio(opaque, ret);
288}
289
290static void scsi_read_complete(void * opaque, int ret)
291{
292 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
293 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
294 int n;
295
296 assert(r->req.aiocb != NULL);
297 r->req.aiocb = NULL;
298 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
299 if (r->req.io_canceled) {
300 goto done;
301 }
302
303 if (ret < 0) {
304 if (scsi_handle_rw_error(r, -ret)) {
305 goto done;
306 }
307 }
308
309 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
310
311 n = r->qiov.size / 512;
312 r->sector += n;
313 r->sector_count -= n;
314 scsi_req_data(&r->req, r->qiov.size);
315
316done:
317 if (!r->req.io_canceled) {
318 scsi_req_unref(&r->req);
319 }
320}
321
322/* Actually issue a read to the block device. */
323static void scsi_do_read(void *opaque, int ret)
324{
325 SCSIDiskReq *r = opaque;
326 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
327 uint32_t n;
328
329 if (r->req.aiocb != NULL) {
330 r->req.aiocb = NULL;
331 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
332 }
333 if (r->req.io_canceled) {
334 goto done;
335 }
336
337 if (ret < 0) {
338 if (scsi_handle_rw_error(r, -ret)) {
339 goto done;
340 }
341 }
342
343 /* The request is used as the AIO opaque value, so add a ref. */
344 scsi_req_ref(&r->req);
345
346 if (r->req.sg) {
347 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
348 r->req.resid -= r->req.sg->size;
349 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
350 scsi_dma_complete, r);
351 } else {
352 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
353 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
354 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
355 scsi_read_complete, r);
356 }
357
358done:
359 if (!r->req.io_canceled) {
360 scsi_req_unref(&r->req);
361 }
362}
363
364/* Read more data from scsi device into buffer. */
365static void scsi_read_data(SCSIRequest *req)
366{
367 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
368 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
369 bool first;
370
371 DPRINTF("Read sector_count=%d\n", r->sector_count);
372 if (r->sector_count == 0) {
373 /* This also clears the sense buffer for REQUEST SENSE. */
374 scsi_req_complete(&r->req, GOOD);
375 return;
376 }
377
378 /* No data transfer may already be in progress */
379 assert(r->req.aiocb == NULL);
380
381 /* The request is used as the AIO opaque value, so add a ref. */
382 scsi_req_ref(&r->req);
383 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
384 DPRINTF("Data transfer direction invalid\n");
385 scsi_read_complete(r, -EINVAL);
386 return;
387 }
388
389 if (s->tray_open) {
390 scsi_read_complete(r, -ENOMEDIUM);
391 return;
392 }
393
394 first = !r->started;
395 r->started = true;
396 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
397 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
398 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
399 } else {
400 scsi_do_read(r, 0);
401 }
402}
403
404/*
405 * scsi_handle_rw_error has two return values. 0 means that the error
406 * must be ignored, 1 means that the error has been processed and the
407 * caller should not do anything else for this request. Note that
408 * scsi_handle_rw_error always manages its reference counts, independent
409 * of the return value.
410 */
411static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
412{
413 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
414 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
415 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
416
417 if (action == BDRV_ACTION_REPORT) {
418 switch (error) {
419 case ENOMEDIUM:
420 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
421 break;
422 case ENOMEM:
423 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
424 break;
425 case EINVAL:
426 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
427 break;
428 default:
429 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
430 break;
431 }
432 }
433 bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
434 if (action == BDRV_ACTION_STOP) {
435 scsi_req_retry(&r->req);
436 }
437 return action != BDRV_ACTION_IGNORE;
438}
439
440static void scsi_write_complete(void * opaque, int ret)
441{
442 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
443 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
444 uint32_t n;
445
446 if (r->req.aiocb != NULL) {
447 r->req.aiocb = NULL;
448 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
449 }
450 if (r->req.io_canceled) {
451 goto done;
452 }
453
454 if (ret < 0) {
455 if (scsi_handle_rw_error(r, -ret)) {
456 goto done;
457 }
458 }
459
460 n = r->qiov.size / 512;
461 r->sector += n;
462 r->sector_count -= n;
463 if (r->sector_count == 0) {
464 scsi_write_do_fua(r);
465 return;
466 } else {
467 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
468 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
469 scsi_req_data(&r->req, r->qiov.size);
470 }
471
472done:
473 if (!r->req.io_canceled) {
474 scsi_req_unref(&r->req);
475 }
476}
477
478static void scsi_write_data(SCSIRequest *req)
479{
480 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
481 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
482 uint32_t n;
483
484 /* No data transfer may already be in progress */
485 assert(r->req.aiocb == NULL);
486
487 /* The request is used as the AIO opaque value, so add a ref. */
488 scsi_req_ref(&r->req);
489 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
490 DPRINTF("Data transfer direction invalid\n");
491 scsi_write_complete(r, -EINVAL);
492 return;
493 }
494
495 if (!r->req.sg && !r->qiov.size) {
496 /* Called for the first time. Ask the driver to send us more data. */
497 r->started = true;
498 scsi_write_complete(r, 0);
499 return;
500 }
501 if (s->tray_open) {
502 scsi_write_complete(r, -ENOMEDIUM);
503 return;
504 }
505
506 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
507 r->req.cmd.buf[0] == VERIFY_16) {
508 if (r->req.sg) {
509 scsi_dma_complete_noio(r, 0);
510 } else {
511 scsi_write_complete(r, 0);
512 }
513 return;
514 }
515
516 if (r->req.sg) {
517 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
518 r->req.resid -= r->req.sg->size;
519 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
520 scsi_dma_complete, r);
521 } else {
522 n = r->qiov.size / 512;
523 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
524 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
525 scsi_write_complete, r);
526 }
527}
528
529/* Return a pointer to the data buffer. */
530static uint8_t *scsi_get_buf(SCSIRequest *req)
531{
532 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
533
534 return (uint8_t *)r->iov.iov_base;
535}
536
537static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
538{
539 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
540 int buflen = 0;
541 int start;
542
543 if (req->cmd.buf[1] & 0x1) {
544 /* Vital product data */
545 uint8_t page_code = req->cmd.buf[2];
546
547 outbuf[buflen++] = s->qdev.type & 0x1f;
548 outbuf[buflen++] = page_code ; // this page
549 outbuf[buflen++] = 0x00;
550 outbuf[buflen++] = 0x00;
551 start = buflen;
552
553 switch (page_code) {
554 case 0x00: /* Supported page codes, mandatory */
555 {
556 DPRINTF("Inquiry EVPD[Supported pages] "
557 "buffer size %zd\n", req->cmd.xfer);
558 outbuf[buflen++] = 0x00; // list of supported pages (this page)
559 if (s->serial) {
560 outbuf[buflen++] = 0x80; // unit serial number
561 }
562 outbuf[buflen++] = 0x83; // device identification
563 if (s->qdev.type == TYPE_DISK) {
564 outbuf[buflen++] = 0xb0; // block limits
565 outbuf[buflen++] = 0xb2; // thin provisioning
566 }
567 break;
568 }
569 case 0x80: /* Device serial number, optional */
570 {
571 int l;
572
573 if (!s->serial) {
574 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
575 return -1;
576 }
577
578 l = strlen(s->serial);
579 if (l > 20) {
580 l = 20;
581 }
582
583 DPRINTF("Inquiry EVPD[Serial number] "
584 "buffer size %zd\n", req->cmd.xfer);
585 memcpy(outbuf+buflen, s->serial, l);
586 buflen += l;
587 break;
588 }
589
590 case 0x83: /* Device identification page, mandatory */
591 {
592 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
593 int max_len = s->serial ? 20 : 255 - 8;
594 int id_len = strlen(str);
595
596 if (id_len > max_len) {
597 id_len = max_len;
598 }
599 DPRINTF("Inquiry EVPD[Device identification] "
600 "buffer size %zd\n", req->cmd.xfer);
601
602 outbuf[buflen++] = 0x2; // ASCII
603 outbuf[buflen++] = 0; // not officially assigned
604 outbuf[buflen++] = 0; // reserved
605 outbuf[buflen++] = id_len; // length of data following
606 memcpy(outbuf+buflen, str, id_len);
607 buflen += id_len;
608
609 if (s->wwn) {
610 outbuf[buflen++] = 0x1; // Binary
611 outbuf[buflen++] = 0x3; // NAA
612 outbuf[buflen++] = 0; // reserved
613 outbuf[buflen++] = 8;
614 stq_be_p(&outbuf[buflen], s->wwn);
615 buflen += 8;
616 }
617 break;
618 }
619 case 0xb0: /* block limits */
620 {
621 unsigned int unmap_sectors =
622 s->qdev.conf.discard_granularity / s->qdev.blocksize;
623 unsigned int min_io_size =
624 s->qdev.conf.min_io_size / s->qdev.blocksize;
625 unsigned int opt_io_size =
626 s->qdev.conf.opt_io_size / s->qdev.blocksize;
627
628 if (s->qdev.type == TYPE_ROM) {
629 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
630 page_code);
631 return -1;
632 }
633 /* required VPD size with unmap support */
634 buflen = 0x40;
635 memset(outbuf + 4, 0, buflen - 4);
636
637 /* optimal transfer length granularity */
638 outbuf[6] = (min_io_size >> 8) & 0xff;
639 outbuf[7] = min_io_size & 0xff;
640
641 /* optimal transfer length */
642 outbuf[12] = (opt_io_size >> 24) & 0xff;
643 outbuf[13] = (opt_io_size >> 16) & 0xff;
644 outbuf[14] = (opt_io_size >> 8) & 0xff;
645 outbuf[15] = opt_io_size & 0xff;
646
647 /* optimal unmap granularity */
648 outbuf[28] = (unmap_sectors >> 24) & 0xff;
649 outbuf[29] = (unmap_sectors >> 16) & 0xff;
650 outbuf[30] = (unmap_sectors >> 8) & 0xff;
651 outbuf[31] = unmap_sectors & 0xff;
652 break;
653 }
654 case 0xb2: /* thin provisioning */
655 {
656 buflen = 8;
657 outbuf[4] = 0;
658 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
659 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
660 outbuf[7] = 0;
661 break;
662 }
663 default:
664 return -1;
665 }
666 /* done with EVPD */
667 assert(buflen - start <= 255);
668 outbuf[start - 1] = buflen - start;
669 return buflen;
670 }
671
672 /* Standard INQUIRY data */
673 if (req->cmd.buf[2] != 0) {
674 return -1;
675 }
676
677 /* PAGE CODE == 0 */
678 buflen = req->cmd.xfer;
679 if (buflen > SCSI_MAX_INQUIRY_LEN) {
680 buflen = SCSI_MAX_INQUIRY_LEN;
681 }
682
683 outbuf[0] = s->qdev.type & 0x1f;
684 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
685
686 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
687 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
688
689 memset(&outbuf[32], 0, 4);
690 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
691 /*
692 * We claim conformance to SPC-3, which is required for guests
693 * to ask for modern features like READ CAPACITY(16) or the
694 * block characteristics VPD page by default. Not all of SPC-3
695 * is actually implemented, but we're good enough.
696 */
697 outbuf[2] = 5;
698 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
699
700 if (buflen > 36) {
701 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
702 } else {
703 /* If the allocation length of CDB is too small,
704 the additional length is not adjusted */
705 outbuf[4] = 36 - 5;
706 }
707
708 /* Sync data transfer and TCQ. */
709 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
710 return buflen;
711}
712
713static inline bool media_is_dvd(SCSIDiskState *s)
714{
715 uint64_t nb_sectors;
716 if (s->qdev.type != TYPE_ROM) {
717 return false;
718 }
719 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
720 return false;
721 }
722 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
723 return nb_sectors > CD_MAX_SECTORS;
724}
725
726static inline bool media_is_cd(SCSIDiskState *s)
727{
728 uint64_t nb_sectors;
729 if (s->qdev.type != TYPE_ROM) {
730 return false;
731 }
732 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
733 return false;
734 }
735 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
736 return nb_sectors <= CD_MAX_SECTORS;
737}
738
739static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
740 uint8_t *outbuf)
741{
742 uint8_t type = r->req.cmd.buf[1] & 7;
743
744 if (s->qdev.type != TYPE_ROM) {
745 return -1;
746 }
747
748 /* Types 1/2 are only defined for Blu-Ray. */
749 if (type != 0) {
750 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
751 return -1;
752 }
753
754 memset(outbuf, 0, 34);
755 outbuf[1] = 32;
756 outbuf[2] = 0xe; /* last session complete, disc finalized */
757 outbuf[3] = 1; /* first track on disc */
758 outbuf[4] = 1; /* # of sessions */
759 outbuf[5] = 1; /* first track of last session */
760 outbuf[6] = 1; /* last track of last session */
761 outbuf[7] = 0x20; /* unrestricted use */
762 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
763 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
764 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
765 /* 24-31: disc bar code */
766 /* 32: disc application code */
767 /* 33: number of OPC tables */
768
769 return 34;
770}
771
772static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
773 uint8_t *outbuf)
774{
775 static const int rds_caps_size[5] = {
776 [0] = 2048 + 4,
777 [1] = 4 + 4,
778 [3] = 188 + 4,
779 [4] = 2048 + 4,
780 };
781
782 uint8_t media = r->req.cmd.buf[1];
783 uint8_t layer = r->req.cmd.buf[6];
784 uint8_t format = r->req.cmd.buf[7];
785 int size = -1;
786
787 if (s->qdev.type != TYPE_ROM) {
788 return -1;
789 }
790 if (media != 0) {
791 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
792 return -1;
793 }
794
795 if (format != 0xff) {
796 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
797 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
798 return -1;
799 }
800 if (media_is_cd(s)) {
801 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
802 return -1;
803 }
804 if (format >= ARRAY_SIZE(rds_caps_size)) {
805 return -1;
806 }
807 size = rds_caps_size[format];
808 memset(outbuf, 0, size);
809 }
810
811 switch (format) {
812 case 0x00: {
813 /* Physical format information */
814 uint64_t nb_sectors;
815 if (layer != 0) {
816 goto fail;
817 }
818 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
819
820 outbuf[4] = 1; /* DVD-ROM, part version 1 */
821 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
822 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
823 outbuf[7] = 0; /* default densities */
824
825 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
826 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
827 break;
828 }
829
830 case 0x01: /* DVD copyright information, all zeros */
831 break;
832
833 case 0x03: /* BCA information - invalid field for no BCA info */
834 return -1;
835
836 case 0x04: /* DVD disc manufacturing information, all zeros */
837 break;
838
839 case 0xff: { /* List capabilities */
840 int i;
841 size = 4;
842 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
843 if (!rds_caps_size[i]) {
844 continue;
845 }
846 outbuf[size] = i;
847 outbuf[size + 1] = 0x40; /* Not writable, readable */
848 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
849 size += 4;
850 }
851 break;
852 }
853
854 default:
855 return -1;
856 }
857
858 /* Size of buffer, not including 2 byte size field */
859 stw_be_p(outbuf, size - 2);
860 return size;
861
862fail:
863 return -1;
864}
865
866static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
867{
868 uint8_t event_code, media_status;
869
870 media_status = 0;
871 if (s->tray_open) {
872 media_status = MS_TRAY_OPEN;
873 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
874 media_status = MS_MEDIA_PRESENT;
875 }
876
877 /* Event notification descriptor */
878 event_code = MEC_NO_CHANGE;
879 if (media_status != MS_TRAY_OPEN) {
880 if (s->media_event) {
881 event_code = MEC_NEW_MEDIA;
882 s->media_event = false;
883 } else if (s->eject_request) {
884 event_code = MEC_EJECT_REQUESTED;
885 s->eject_request = false;
886 }
887 }
888
889 outbuf[0] = event_code;
890 outbuf[1] = media_status;
891
892 /* These fields are reserved, just clear them. */
893 outbuf[2] = 0;
894 outbuf[3] = 0;
895 return 4;
896}
897
898static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
899 uint8_t *outbuf)
900{
901 int size;
902 uint8_t *buf = r->req.cmd.buf;
903 uint8_t notification_class_request = buf[4];
904 if (s->qdev.type != TYPE_ROM) {
905 return -1;
906 }
907 if ((buf[1] & 1) == 0) {
908 /* asynchronous */
909 return -1;
910 }
911
912 size = 4;
913 outbuf[0] = outbuf[1] = 0;
914 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
915 if (notification_class_request & (1 << GESN_MEDIA)) {
916 outbuf[2] = GESN_MEDIA;
917 size += scsi_event_status_media(s, &outbuf[size]);
918 } else {
919 outbuf[2] = 0x80;
920 }
921 stw_be_p(outbuf, size - 4);
922 return size;
923}
924
925static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
926{
927 int current;
928
929 if (s->qdev.type != TYPE_ROM) {
930 return -1;
931 }
932 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
933 memset(outbuf, 0, 40);
934 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
935 stw_be_p(&outbuf[6], current);
936 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
937 outbuf[10] = 0x03; /* persistent, current */
938 outbuf[11] = 8; /* two profiles */
939 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
940 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
941 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
942 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
943 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
944 stw_be_p(&outbuf[20], 1);
945 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
946 outbuf[23] = 8;
947 stl_be_p(&outbuf[24], 1); /* SCSI */
948 outbuf[28] = 1; /* DBE = 1, mandatory */
949 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
950 stw_be_p(&outbuf[32], 3);
951 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
952 outbuf[35] = 4;
953 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
954 /* TODO: Random readable, CD read, DVD read, drive serial number,
955 power management */
956 return 40;
957}
958
959static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
960{
961 if (s->qdev.type != TYPE_ROM) {
962 return -1;
963 }
964 memset(outbuf, 0, 8);
965 outbuf[5] = 1; /* CD-ROM */
966 return 8;
967}
968
969static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
970 int page_control)
971{
972 static const int mode_sense_valid[0x3f] = {
973 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
974 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
975 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
976 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
977 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
978 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
979 };
980
981 uint8_t *p = *p_outbuf + 2;
982 int length;
983
984 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
985 return -1;
986 }
987
988 /*
989 * If Changeable Values are requested, a mask denoting those mode parameters
990 * that are changeable shall be returned. As we currently don't support
991 * parameter changes via MODE_SELECT all bits are returned set to zero.
992 * The buffer was already menset to zero by the caller of this function.
993 *
994 * The offsets here are off by two compared to the descriptions in the
995 * SCSI specs, because those include a 2-byte header. This is unfortunate,
996 * but it is done so that offsets are consistent within our implementation
997 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
998 * 2-byte and 4-byte headers.
999 */
1000 switch (page) {
1001 case MODE_PAGE_HD_GEOMETRY:
1002 length = 0x16;
1003 if (page_control == 1) { /* Changeable Values */
1004 break;
1005 }
1006 /* if a geometry hint is available, use it */
1007 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1008 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1009 p[2] = s->qdev.conf.cyls & 0xff;
1010 p[3] = s->qdev.conf.heads & 0xff;
1011 /* Write precomp start cylinder, disabled */
1012 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1013 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1014 p[6] = s->qdev.conf.cyls & 0xff;
1015 /* Reduced current start cylinder, disabled */
1016 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1017 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1018 p[9] = s->qdev.conf.cyls & 0xff;
1019 /* Device step rate [ns], 200ns */
1020 p[10] = 0;
1021 p[11] = 200;
1022 /* Landing zone cylinder */
1023 p[12] = 0xff;
1024 p[13] = 0xff;
1025 p[14] = 0xff;
1026 /* Medium rotation rate [rpm], 5400 rpm */
1027 p[18] = (5400 >> 8) & 0xff;
1028 p[19] = 5400 & 0xff;
1029 break;
1030
1031 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1032 length = 0x1e;
1033 if (page_control == 1) { /* Changeable Values */
1034 break;
1035 }
1036 /* Transfer rate [kbit/s], 5Mbit/s */
1037 p[0] = 5000 >> 8;
1038 p[1] = 5000 & 0xff;
1039 /* if a geometry hint is available, use it */
1040 p[2] = s->qdev.conf.heads & 0xff;
1041 p[3] = s->qdev.conf.secs & 0xff;
1042 p[4] = s->qdev.blocksize >> 8;
1043 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1044 p[7] = s->qdev.conf.cyls & 0xff;
1045 /* Write precomp start cylinder, disabled */
1046 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1047 p[9] = s->qdev.conf.cyls & 0xff;
1048 /* Reduced current start cylinder, disabled */
1049 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1050 p[11] = s->qdev.conf.cyls & 0xff;
1051 /* Device step rate [100us], 100us */
1052 p[12] = 0;
1053 p[13] = 1;
1054 /* Device step pulse width [us], 1us */
1055 p[14] = 1;
1056 /* Device head settle delay [100us], 100us */
1057 p[15] = 0;
1058 p[16] = 1;
1059 /* Motor on delay [0.1s], 0.1s */
1060 p[17] = 1;
1061 /* Motor off delay [0.1s], 0.1s */
1062 p[18] = 1;
1063 /* Medium rotation rate [rpm], 5400 rpm */
1064 p[26] = (5400 >> 8) & 0xff;
1065 p[27] = 5400 & 0xff;
1066 break;
1067
1068 case MODE_PAGE_CACHING:
1069 length = 0x12;
1070 if (page_control == 1 || /* Changeable Values */
1071 bdrv_enable_write_cache(s->qdev.conf.bs)) {
1072 p[0] = 4; /* WCE */
1073 }
1074 break;
1075
1076 case MODE_PAGE_R_W_ERROR:
1077 length = 10;
1078 if (page_control == 1) { /* Changeable Values */
1079 break;
1080 }
1081 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1082 if (s->qdev.type == TYPE_ROM) {
1083 p[1] = 0x20; /* Read Retry Count */
1084 }
1085 break;
1086
1087 case MODE_PAGE_AUDIO_CTL:
1088 length = 14;
1089 break;
1090
1091 case MODE_PAGE_CAPABILITIES:
1092 length = 0x14;
1093 if (page_control == 1) { /* Changeable Values */
1094 break;
1095 }
1096
1097 p[0] = 0x3b; /* CD-R & CD-RW read */
1098 p[1] = 0; /* Writing not supported */
1099 p[2] = 0x7f; /* Audio, composite, digital out,
1100 mode 2 form 1&2, multi session */
1101 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1102 RW corrected, C2 errors, ISRC,
1103 UPC, Bar code */
1104 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1105 /* Locking supported, jumper present, eject, tray */
1106 p[5] = 0; /* no volume & mute control, no
1107 changer */
1108 p[6] = (50 * 176) >> 8; /* 50x read speed */
1109 p[7] = (50 * 176) & 0xff;
1110 p[8] = 2 >> 8; /* Two volume levels */
1111 p[9] = 2 & 0xff;
1112 p[10] = 2048 >> 8; /* 2M buffer */
1113 p[11] = 2048 & 0xff;
1114 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1115 p[13] = (16 * 176) & 0xff;
1116 p[16] = (16 * 176) >> 8; /* 16x write speed */
1117 p[17] = (16 * 176) & 0xff;
1118 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1119 p[19] = (16 * 176) & 0xff;
1120 break;
1121
1122 default:
1123 return -1;
1124 }
1125
1126 assert(length < 256);
1127 (*p_outbuf)[0] = page;
1128 (*p_outbuf)[1] = length;
1129 *p_outbuf += length + 2;
1130 return length + 2;
1131}
1132
1133static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1134{
1135 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1136 uint64_t nb_sectors;
1137 bool dbd;
1138 int page, buflen, ret, page_control;
1139 uint8_t *p;
1140 uint8_t dev_specific_param;
1141
1142 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1143 page = r->req.cmd.buf[2] & 0x3f;
1144 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1145 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1146 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1147 memset(outbuf, 0, r->req.cmd.xfer);
1148 p = outbuf;
1149
1150 if (s->qdev.type == TYPE_DISK) {
1151 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1152 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1153 dev_specific_param |= 0x80; /* Readonly. */
1154 }
1155 } else {
1156 /* MMC prescribes that CD/DVD drives have no block descriptors,
1157 * and defines no device-specific parameter. */
1158 dev_specific_param = 0x00;
1159 dbd = true;
1160 }
1161
1162 if (r->req.cmd.buf[0] == MODE_SENSE) {
1163 p[1] = 0; /* Default media type. */
1164 p[2] = dev_specific_param;
1165 p[3] = 0; /* Block descriptor length. */
1166 p += 4;
1167 } else { /* MODE_SENSE_10 */
1168 p[2] = 0; /* Default media type. */
1169 p[3] = dev_specific_param;
1170 p[6] = p[7] = 0; /* Block descriptor length. */
1171 p += 8;
1172 }
1173
1174 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1175 if (!dbd && nb_sectors) {
1176 if (r->req.cmd.buf[0] == MODE_SENSE) {
1177 outbuf[3] = 8; /* Block descriptor length */
1178 } else { /* MODE_SENSE_10 */
1179 outbuf[7] = 8; /* Block descriptor length */
1180 }
1181 nb_sectors /= (s->qdev.blocksize / 512);
1182 if (nb_sectors > 0xffffff) {
1183 nb_sectors = 0;
1184 }
1185 p[0] = 0; /* media density code */
1186 p[1] = (nb_sectors >> 16) & 0xff;
1187 p[2] = (nb_sectors >> 8) & 0xff;
1188 p[3] = nb_sectors & 0xff;
1189 p[4] = 0; /* reserved */
1190 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1191 p[6] = s->qdev.blocksize >> 8;
1192 p[7] = 0;
1193 p += 8;
1194 }
1195
1196 if (page_control == 3) {
1197 /* Saved Values */
1198 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1199 return -1;
1200 }
1201
1202 if (page == 0x3f) {
1203 for (page = 0; page <= 0x3e; page++) {
1204 mode_sense_page(s, page, &p, page_control);
1205 }
1206 } else {
1207 ret = mode_sense_page(s, page, &p, page_control);
1208 if (ret == -1) {
1209 return -1;
1210 }
1211 }
1212
1213 buflen = p - outbuf;
1214 /*
1215 * The mode data length field specifies the length in bytes of the
1216 * following data that is available to be transferred. The mode data
1217 * length does not include itself.
1218 */
1219 if (r->req.cmd.buf[0] == MODE_SENSE) {
1220 outbuf[0] = buflen - 1;
1221 } else { /* MODE_SENSE_10 */
1222 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1223 outbuf[1] = (buflen - 2) & 0xff;
1224 }
1225 return buflen;
1226}
1227
1228static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1229{
1230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1231 int start_track, format, msf, toclen;
1232 uint64_t nb_sectors;
1233
1234 msf = req->cmd.buf[1] & 2;
1235 format = req->cmd.buf[2] & 0xf;
1236 start_track = req->cmd.buf[6];
1237 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1238 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1239 nb_sectors /= s->qdev.blocksize / 512;
1240 switch (format) {
1241 case 0:
1242 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1243 break;
1244 case 1:
1245 /* multi session : only a single session defined */
1246 toclen = 12;
1247 memset(outbuf, 0, 12);
1248 outbuf[1] = 0x0a;
1249 outbuf[2] = 0x01;
1250 outbuf[3] = 0x01;
1251 break;
1252 case 2:
1253 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1254 break;
1255 default:
1256 return -1;
1257 }
1258 return toclen;
1259}
1260
1261static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1262{
1263 SCSIRequest *req = &r->req;
1264 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1265 bool start = req->cmd.buf[4] & 1;
1266 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1267 int pwrcnd = req->cmd.buf[4] & 0xf0;
1268
1269 if (pwrcnd) {
1270 /* eject/load only happens for power condition == 0 */
1271 return 0;
1272 }
1273
1274 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1275 if (!start && !s->tray_open && s->tray_locked) {
1276 scsi_check_condition(r,
1277 bdrv_is_inserted(s->qdev.conf.bs)
1278 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1279 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1280 return -1;
1281 }
1282
1283 if (s->tray_open != !start) {
1284 bdrv_eject(s->qdev.conf.bs, !start);
1285 s->tray_open = !start;
1286 }
1287 }
1288 return 0;
1289}
1290
1291static void scsi_disk_emulate_read_data(SCSIRequest *req)
1292{
1293 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1294 int buflen = r->iov.iov_len;
1295
1296 if (buflen) {
1297 DPRINTF("Read buf_len=%d\n", buflen);
1298 r->iov.iov_len = 0;
1299 r->started = true;
1300 scsi_req_data(&r->req, buflen);
1301 return;
1302 }
1303
1304 /* This also clears the sense buffer for REQUEST SENSE. */
1305 scsi_req_complete(&r->req, GOOD);
1306}
1307
1308static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1309 uint8_t *inbuf, int inlen)
1310{
1311 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1312 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1313 uint8_t *p;
1314 int len, expected_len, changeable_len, i;
1315
1316 /* The input buffer does not include the page header, so it is
1317 * off by 2 bytes.
1318 */
1319 expected_len = inlen + 2;
1320 if (expected_len > SCSI_MAX_MODE_LEN) {
1321 return -1;
1322 }
1323
1324 p = mode_current;
1325 memset(mode_current, 0, inlen + 2);
1326 len = mode_sense_page(s, page, &p, 0);
1327 if (len < 0 || len != expected_len) {
1328 return -1;
1329 }
1330
1331 p = mode_changeable;
1332 memset(mode_changeable, 0, inlen + 2);
1333 changeable_len = mode_sense_page(s, page, &p, 1);
1334 assert(changeable_len == len);
1335
1336 /* Check that unchangeable bits are the same as what MODE SENSE
1337 * would return.
1338 */
1339 for (i = 2; i < len; i++) {
1340 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1341 return -1;
1342 }
1343 }
1344 return 0;
1345}
1346
1347static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1348{
1349 switch (page) {
1350 case MODE_PAGE_CACHING:
1351 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
1352 break;
1353
1354 default:
1355 break;
1356 }
1357}
1358
1359static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1360{
1361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1362
1363 while (len > 0) {
1364 int page, subpage, page_len;
1365
1366 /* Parse both possible formats for the mode page headers. */
1367 page = p[0] & 0x3f;
1368 if (p[0] & 0x40) {
1369 if (len < 4) {
1370 goto invalid_param_len;
1371 }
1372 subpage = p[1];
1373 page_len = lduw_be_p(&p[2]);
1374 p += 4;
1375 len -= 4;
1376 } else {
1377 if (len < 2) {
1378 goto invalid_param_len;
1379 }
1380 subpage = 0;
1381 page_len = p[1];
1382 p += 2;
1383 len -= 2;
1384 }
1385
1386 if (subpage) {
1387 goto invalid_param;
1388 }
1389 if (page_len > len) {
1390 goto invalid_param_len;
1391 }
1392
1393 if (!change) {
1394 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1395 goto invalid_param;
1396 }
1397 } else {
1398 scsi_disk_apply_mode_select(s, page, p);
1399 }
1400
1401 p += page_len;
1402 len -= page_len;
1403 }
1404 return 0;
1405
1406invalid_param:
1407 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1408 return -1;
1409
1410invalid_param_len:
1411 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1412 return -1;
1413}
1414
1415static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1416{
1417 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1418 uint8_t *p = inbuf;
1419 int cmd = r->req.cmd.buf[0];
1420 int len = r->req.cmd.xfer;
1421 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1422 int bd_len;
1423 int pass;
1424
1425 /* We only support PF=1, SP=0. */
1426 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1427 goto invalid_field;
1428 }
1429
1430 if (len < hdr_len) {
1431 goto invalid_param_len;
1432 }
1433
1434 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1435 len -= hdr_len;
1436 p += hdr_len;
1437 if (len < bd_len) {
1438 goto invalid_param_len;
1439 }
1440 if (bd_len != 0 && bd_len != 8) {
1441 goto invalid_param;
1442 }
1443
1444 len -= bd_len;
1445 p += bd_len;
1446
1447 /* Ensure no change is made if there is an error! */
1448 for (pass = 0; pass < 2; pass++) {
1449 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1450 assert(pass == 0);
1451 return;
1452 }
1453 }
1454 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
1455 /* The request is used as the AIO opaque value, so add a ref. */
1456 scsi_req_ref(&r->req);
1457 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1458 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1459 return;
1460 }
1461
1462 scsi_req_complete(&r->req, GOOD);
1463 return;
1464
1465invalid_param:
1466 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1467 return;
1468
1469invalid_param_len:
1470 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1471 return;
1472
1473invalid_field:
1474 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1475}
1476
1477static inline bool check_lba_range(SCSIDiskState *s,
1478 uint64_t sector_num, uint32_t nb_sectors)
1479{
1480 /*
1481 * The first line tests that no overflow happens when computing the last
1482 * sector. The second line tests that the last accessed sector is in
1483 * range.
1484 *
1485 * Careful, the computations should not underflow for nb_sectors == 0,
1486 * and a 0-block read to the first LBA beyond the end of device is
1487 * valid.
1488 */
1489 return (sector_num <= sector_num + nb_sectors &&
1490 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1491}
1492
1493typedef struct UnmapCBData {
1494 SCSIDiskReq *r;
1495 uint8_t *inbuf;
1496 int count;
1497} UnmapCBData;
1498
1499static void scsi_unmap_complete(void *opaque, int ret)
1500{
1501 UnmapCBData *data = opaque;
1502 SCSIDiskReq *r = data->r;
1503 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1504 uint64_t sector_num;
1505 uint32_t nb_sectors;
1506
1507 r->req.aiocb = NULL;
1508 if (r->req.io_canceled) {
1509 goto done;
1510 }
1511
1512 if (ret < 0) {
1513 if (scsi_handle_rw_error(r, -ret)) {
1514 goto done;
1515 }
1516 }
1517
1518 if (data->count > 0) {
1519 sector_num = ldq_be_p(&data->inbuf[0]);
1520 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1521 if (!check_lba_range(s, sector_num, nb_sectors)) {
1522 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1523 goto done;
1524 }
1525
1526 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1527 sector_num * (s->qdev.blocksize / 512),
1528 nb_sectors * (s->qdev.blocksize / 512),
1529 scsi_unmap_complete, data);
1530 data->count--;
1531 data->inbuf += 16;
1532 return;
1533 }
1534
1535 scsi_req_complete(&r->req, GOOD);
1536
1537done:
1538 if (!r->req.io_canceled) {
1539 scsi_req_unref(&r->req);
1540 }
1541 g_free(data);
1542}
1543
1544static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1545{
1546 uint8_t *p = inbuf;
1547 int len = r->req.cmd.xfer;
1548 UnmapCBData *data;
1549
1550 if (len < 8) {
1551 goto invalid_param_len;
1552 }
1553 if (len < lduw_be_p(&p[0]) + 2) {
1554 goto invalid_param_len;
1555 }
1556 if (len < lduw_be_p(&p[2]) + 8) {
1557 goto invalid_param_len;
1558 }
1559 if (lduw_be_p(&p[2]) & 15) {
1560 goto invalid_param_len;
1561 }
1562
1563 data = g_new0(UnmapCBData, 1);
1564 data->r = r;
1565 data->inbuf = &p[8];
1566 data->count = lduw_be_p(&p[2]) >> 4;
1567
1568 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1569 scsi_req_ref(&r->req);
1570 scsi_unmap_complete(data, 0);
1571 return;
1572
1573invalid_param_len:
1574 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1575}
1576
1577static void scsi_disk_emulate_write_data(SCSIRequest *req)
1578{
1579 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1580
1581 if (r->iov.iov_len) {
1582 int buflen = r->iov.iov_len;
1583 DPRINTF("Write buf_len=%d\n", buflen);
1584 r->iov.iov_len = 0;
1585 scsi_req_data(&r->req, buflen);
1586 return;
1587 }
1588
1589 switch (req->cmd.buf[0]) {
1590 case MODE_SELECT:
1591 case MODE_SELECT_10:
1592 /* This also clears the sense buffer for REQUEST SENSE. */
1593 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1594 break;
1595
1596 case UNMAP:
1597 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1598 break;
1599
1600 default:
1601 abort();
1602 }
1603}
1604
1605static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1606{
1607 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1608 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1609 uint64_t nb_sectors;
1610 uint8_t *outbuf;
1611 int buflen;
1612
1613 switch (req->cmd.buf[0]) {
1614 case INQUIRY:
1615 case MODE_SENSE:
1616 case MODE_SENSE_10:
1617 case RESERVE:
1618 case RESERVE_10:
1619 case RELEASE:
1620 case RELEASE_10:
1621 case START_STOP:
1622 case ALLOW_MEDIUM_REMOVAL:
1623 case GET_CONFIGURATION:
1624 case GET_EVENT_STATUS_NOTIFICATION:
1625 case MECHANISM_STATUS:
1626 case REQUEST_SENSE:
1627 break;
1628
1629 default:
1630 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1631 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1632 return 0;
1633 }
1634 break;
1635 }
1636
1637 /*
1638 * FIXME: we shouldn't return anything bigger than 4k, but the code
1639 * requires the buffer to be as big as req->cmd.xfer in several
1640 * places. So, do not allow CDBs with a very large ALLOCATION
1641 * LENGTH. The real fix would be to modify scsi_read_data and
1642 * dma_buf_read, so that they return data beyond the buflen
1643 * as all zeros.
1644 */
1645 if (req->cmd.xfer > 65536) {
1646 goto illegal_request;
1647 }
1648 r->buflen = MAX(4096, req->cmd.xfer);
1649
1650 if (!r->iov.iov_base) {
1651 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1652 }
1653
1654 buflen = req->cmd.xfer;
1655 outbuf = r->iov.iov_base;
1656 memset(outbuf, 0, r->buflen);
1657 switch (req->cmd.buf[0]) {
1658 case TEST_UNIT_READY:
1659 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1660 break;
1661 case INQUIRY:
1662 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1663 if (buflen < 0) {
1664 goto illegal_request;
1665 }
1666 break;
1667 case MODE_SENSE:
1668 case MODE_SENSE_10:
1669 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1670 if (buflen < 0) {
1671 goto illegal_request;
1672 }
1673 break;
1674 case READ_TOC:
1675 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1676 if (buflen < 0) {
1677 goto illegal_request;
1678 }
1679 break;
1680 case RESERVE:
1681 if (req->cmd.buf[1] & 1) {
1682 goto illegal_request;
1683 }
1684 break;
1685 case RESERVE_10:
1686 if (req->cmd.buf[1] & 3) {
1687 goto illegal_request;
1688 }
1689 break;
1690 case RELEASE:
1691 if (req->cmd.buf[1] & 1) {
1692 goto illegal_request;
1693 }
1694 break;
1695 case RELEASE_10:
1696 if (req->cmd.buf[1] & 3) {
1697 goto illegal_request;
1698 }
1699 break;
1700 case START_STOP:
1701 if (scsi_disk_emulate_start_stop(r) < 0) {
1702 return 0;
1703 }
1704 break;
1705 case ALLOW_MEDIUM_REMOVAL:
1706 s->tray_locked = req->cmd.buf[4] & 1;
1707 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1708 break;
1709 case READ_CAPACITY_10:
1710 /* The normal LEN field for this command is zero. */
1711 memset(outbuf, 0, 8);
1712 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1713 if (!nb_sectors) {
1714 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1715 return 0;
1716 }
1717 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1718 goto illegal_request;
1719 }
1720 nb_sectors /= s->qdev.blocksize / 512;
1721 /* Returned value is the address of the last sector. */
1722 nb_sectors--;
1723 /* Remember the new size for read/write sanity checking. */
1724 s->qdev.max_lba = nb_sectors;
1725 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1726 if (nb_sectors > UINT32_MAX) {
1727 nb_sectors = UINT32_MAX;
1728 }
1729 outbuf[0] = (nb_sectors >> 24) & 0xff;
1730 outbuf[1] = (nb_sectors >> 16) & 0xff;
1731 outbuf[2] = (nb_sectors >> 8) & 0xff;
1732 outbuf[3] = nb_sectors & 0xff;
1733 outbuf[4] = 0;
1734 outbuf[5] = 0;
1735 outbuf[6] = s->qdev.blocksize >> 8;
1736 outbuf[7] = 0;
1737 break;
1738 case REQUEST_SENSE:
1739 /* Just return "NO SENSE". */
1740 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1741 (req->cmd.buf[1] & 1) == 0);
1742 if (buflen < 0) {
1743 goto illegal_request;
1744 }
1745 break;
1746 case MECHANISM_STATUS:
1747 buflen = scsi_emulate_mechanism_status(s, outbuf);
1748 if (buflen < 0) {
1749 goto illegal_request;
1750 }
1751 break;
1752 case GET_CONFIGURATION:
1753 buflen = scsi_get_configuration(s, outbuf);
1754 if (buflen < 0) {
1755 goto illegal_request;
1756 }
1757 break;
1758 case GET_EVENT_STATUS_NOTIFICATION:
1759 buflen = scsi_get_event_status_notification(s, r, outbuf);
1760 if (buflen < 0) {
1761 goto illegal_request;
1762 }
1763 break;
1764 case READ_DISC_INFORMATION:
1765 buflen = scsi_read_disc_information(s, r, outbuf);
1766 if (buflen < 0) {
1767 goto illegal_request;
1768 }
1769 break;
1770 case READ_DVD_STRUCTURE:
1771 buflen = scsi_read_dvd_structure(s, r, outbuf);
1772 if (buflen < 0) {
1773 goto illegal_request;
1774 }
1775 break;
1776 case SERVICE_ACTION_IN_16:
1777 /* Service Action In subcommands. */
1778 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1779 DPRINTF("SAI READ CAPACITY(16)\n");
1780 memset(outbuf, 0, req->cmd.xfer);
1781 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1782 if (!nb_sectors) {
1783 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1784 return 0;
1785 }
1786 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1787 goto illegal_request;
1788 }
1789 nb_sectors /= s->qdev.blocksize / 512;
1790 /* Returned value is the address of the last sector. */
1791 nb_sectors--;
1792 /* Remember the new size for read/write sanity checking. */
1793 s->qdev.max_lba = nb_sectors;
1794 outbuf[0] = (nb_sectors >> 56) & 0xff;
1795 outbuf[1] = (nb_sectors >> 48) & 0xff;
1796 outbuf[2] = (nb_sectors >> 40) & 0xff;
1797 outbuf[3] = (nb_sectors >> 32) & 0xff;
1798 outbuf[4] = (nb_sectors >> 24) & 0xff;
1799 outbuf[5] = (nb_sectors >> 16) & 0xff;
1800 outbuf[6] = (nb_sectors >> 8) & 0xff;
1801 outbuf[7] = nb_sectors & 0xff;
1802 outbuf[8] = 0;
1803 outbuf[9] = 0;
1804 outbuf[10] = s->qdev.blocksize >> 8;
1805 outbuf[11] = 0;
1806 outbuf[12] = 0;
1807 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1808
1809 /* set TPE bit if the format supports discard */
1810 if (s->qdev.conf.discard_granularity) {
1811 outbuf[14] = 0x80;
1812 }
1813
1814 /* Protection, exponent and lowest lba field left blank. */
1815 break;
1816 }
1817 DPRINTF("Unsupported Service Action In\n");
1818 goto illegal_request;
1819 case SYNCHRONIZE_CACHE:
1820 /* The request is used as the AIO opaque value, so add a ref. */
1821 scsi_req_ref(&r->req);
1822 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1823 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1824 return 0;
1825 case SEEK_10:
1826 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1827 if (r->req.cmd.lba > s->qdev.max_lba) {
1828 goto illegal_lba;
1829 }
1830 break;
1831 case MODE_SELECT:
1832 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1833 break;
1834 case MODE_SELECT_10:
1835 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1836 break;
1837 case UNMAP:
1838 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
1839 break;
1840 case WRITE_SAME_10:
1841 case WRITE_SAME_16:
1842 nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
1843 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1844 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1845 return 0;
1846 }
1847 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1848 goto illegal_lba;
1849 }
1850
1851 /*
1852 * We only support WRITE SAME with the unmap bit set for now.
1853 */
1854 if (!(req->cmd.buf[1] & 0x8)) {
1855 goto illegal_request;
1856 }
1857
1858 /* The request is used as the AIO opaque value, so add a ref. */
1859 scsi_req_ref(&r->req);
1860 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1861 r->req.cmd.lba * (s->qdev.blocksize / 512),
1862 nb_sectors * (s->qdev.blocksize / 512),
1863 scsi_aio_complete, r);
1864 return 0;
1865 default:
1866 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1867 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1868 return 0;
1869 }
1870 assert(!r->req.aiocb);
1871 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
1872 if (r->iov.iov_len == 0) {
1873 scsi_req_complete(&r->req, GOOD);
1874 }
1875 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1876 assert(r->iov.iov_len == req->cmd.xfer);
1877 return -r->iov.iov_len;
1878 } else {
1879 return r->iov.iov_len;
1880 }
1881
1882illegal_request:
1883 if (r->req.status == -1) {
1884 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1885 }
1886 return 0;
1887
1888illegal_lba:
1889 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1890 return 0;
1891}
1892
1893/* Execute a scsi command. Returns the length of the data expected by the
1894 command. This will be Positive for data transfers from the device
1895 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1896 and zero if the command does not transfer any data. */
1897
1898static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
1899{
1900 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1901 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1902 uint32_t len;
1903 uint8_t command;
1904
1905 command = buf[0];
1906
1907 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1908 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1909 return 0;
1910 }
1911
1912 len = scsi_data_cdb_length(r->req.cmd.buf);
1913 switch (command) {
1914 case READ_6:
1915 case READ_10:
1916 case READ_12:
1917 case READ_16:
1918 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
1919 if (r->req.cmd.buf[1] & 0xe0) {
1920 goto illegal_request;
1921 }
1922 if (!check_lba_range(s, r->req.cmd.lba, len)) {
1923 goto illegal_lba;
1924 }
1925 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1926 r->sector_count = len * (s->qdev.blocksize / 512);
1927 break;
1928 case WRITE_6:
1929 case WRITE_10:
1930 case WRITE_12:
1931 case WRITE_16:
1932 case WRITE_VERIFY_10:
1933 case WRITE_VERIFY_12:
1934 case WRITE_VERIFY_16:
1935 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1936 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1937 return 0;
1938 }
1939 /* fallthrough */
1940 case VERIFY_10:
1941 case VERIFY_12:
1942 case VERIFY_16:
1943 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
1944 (command & 0xe) == 0xe ? "And Verify " : "",
1945 r->req.cmd.lba, len);
1946 if (r->req.cmd.buf[1] & 0xe0) {
1947 goto illegal_request;
1948 }
1949 if (!check_lba_range(s, r->req.cmd.lba, len)) {
1950 goto illegal_lba;
1951 }
1952 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1953 r->sector_count = len * (s->qdev.blocksize / 512);
1954 break;
1955 default:
1956 abort();
1957 illegal_request:
1958 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1959 return 0;
1960 illegal_lba:
1961 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1962 return 0;
1963 }
1964 if (r->sector_count == 0) {
1965 scsi_req_complete(&r->req, GOOD);
1966 }
1967 assert(r->iov.iov_len == 0);
1968 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1969 return -r->sector_count * 512;
1970 } else {
1971 return r->sector_count * 512;
1972 }
1973}
1974
1975static void scsi_disk_reset(DeviceState *dev)
1976{
1977 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1978 uint64_t nb_sectors;
1979
1980 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1981
1982 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1983 nb_sectors /= s->qdev.blocksize / 512;
1984 if (nb_sectors) {
1985 nb_sectors--;
1986 }
1987 s->qdev.max_lba = nb_sectors;
1988 /* reset tray statuses */
1989 s->tray_locked = 0;
1990 s->tray_open = 0;
1991}
1992
1993static void scsi_destroy(SCSIDevice *dev)
1994{
1995 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1996
1997 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1998 blockdev_mark_auto_del(s->qdev.conf.bs);
1999}
2000
2001static void scsi_disk_resize_cb(void *opaque)
2002{
2003 SCSIDiskState *s = opaque;
2004
2005 /* SPC lists this sense code as available only for
2006 * direct-access devices.
2007 */
2008 if (s->qdev.type == TYPE_DISK) {
2009 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2010 }
2011}
2012
2013static void scsi_cd_change_media_cb(void *opaque, bool load)
2014{
2015 SCSIDiskState *s = opaque;
2016
2017 /*
2018 * When a CD gets changed, we have to report an ejected state and
2019 * then a loaded state to guests so that they detect tray
2020 * open/close and media change events. Guests that do not use
2021 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2022 * states rely on this behavior.
2023 *
2024 * media_changed governs the state machine used for unit attention
2025 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2026 */
2027 s->media_changed = load;
2028 s->tray_open = !load;
2029 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2030 s->media_event = true;
2031 s->eject_request = false;
2032}
2033
2034static void scsi_cd_eject_request_cb(void *opaque, bool force)
2035{
2036 SCSIDiskState *s = opaque;
2037
2038 s->eject_request = true;
2039 if (force) {
2040 s->tray_locked = false;
2041 }
2042}
2043
2044static bool scsi_cd_is_tray_open(void *opaque)
2045{
2046 return ((SCSIDiskState *)opaque)->tray_open;
2047}
2048
2049static bool scsi_cd_is_medium_locked(void *opaque)
2050{
2051 return ((SCSIDiskState *)opaque)->tray_locked;
2052}
2053
2054static const BlockDevOps scsi_disk_removable_block_ops = {
2055 .change_media_cb = scsi_cd_change_media_cb,
2056 .eject_request_cb = scsi_cd_eject_request_cb,
2057 .is_tray_open = scsi_cd_is_tray_open,
2058 .is_medium_locked = scsi_cd_is_medium_locked,
2059
2060 .resize_cb = scsi_disk_resize_cb,
2061};
2062
2063static const BlockDevOps scsi_disk_block_ops = {
2064 .resize_cb = scsi_disk_resize_cb,
2065};
2066
2067static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2068{
2069 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2070 if (s->media_changed) {
2071 s->media_changed = false;
2072 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2073 }
2074}
2075
2076static int scsi_initfn(SCSIDevice *dev)
2077{
2078 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2079
2080 if (!s->qdev.conf.bs) {
2081 error_report("drive property not set");
2082 return -1;
2083 }
2084
2085 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2086 !bdrv_is_inserted(s->qdev.conf.bs)) {
2087 error_report("Device needs media, but drive is empty");
2088 return -1;
2089 }
2090
2091 blkconf_serial(&s->qdev.conf, &s->serial);
2092 if (dev->type == TYPE_DISK
2093 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
2094 return -1;
2095 }
2096
2097 if (s->qdev.conf.discard_granularity == -1) {
2098 s->qdev.conf.discard_granularity =
2099 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2100 }
2101
2102 if (!s->version) {
2103 s->version = g_strdup(qemu_get_version());
2104 }
2105 if (!s->vendor) {
2106 s->vendor = g_strdup("QEMU");
2107 }
2108
2109 if (bdrv_is_sg(s->qdev.conf.bs)) {
2110 error_report("unwanted /dev/sg*");
2111 return -1;
2112 }
2113
2114 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2115 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2116 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
2117 } else {
2118 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
2119 }
2120 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
2121
2122 bdrv_iostatus_enable(s->qdev.conf.bs);
2123 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
2124 return 0;
2125}
2126
2127static int scsi_hd_initfn(SCSIDevice *dev)
2128{
2129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2130 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2131 s->qdev.type = TYPE_DISK;
2132 if (!s->product) {
2133 s->product = g_strdup("QEMU HARDDISK");
2134 }
2135 return scsi_initfn(&s->qdev);
2136}
2137
2138static int scsi_cd_initfn(SCSIDevice *dev)
2139{
2140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2141 s->qdev.blocksize = 2048;
2142 s->qdev.type = TYPE_ROM;
2143 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2144 if (!s->product) {
2145 s->product = g_strdup("QEMU CD-ROM");
2146 }
2147 return scsi_initfn(&s->qdev);
2148}
2149
2150static int scsi_disk_initfn(SCSIDevice *dev)
2151{
2152 DriveInfo *dinfo;
2153
2154 if (!dev->conf.bs) {
2155 return scsi_initfn(dev); /* ... and die there */
2156 }
2157
2158 dinfo = drive_get_by_blockdev(dev->conf.bs);
2159 if (dinfo->media_cd) {
2160 return scsi_cd_initfn(dev);
2161 } else {
2162 return scsi_hd_initfn(dev);
2163 }
2164}
2165
2166static const SCSIReqOps scsi_disk_emulate_reqops = {
2167 .size = sizeof(SCSIDiskReq),
2168 .free_req = scsi_free_request,
2169 .send_command = scsi_disk_emulate_command,
2170 .read_data = scsi_disk_emulate_read_data,
2171 .write_data = scsi_disk_emulate_write_data,
2172 .get_buf = scsi_get_buf,
2173};
2174
2175static const SCSIReqOps scsi_disk_dma_reqops = {
2176 .size = sizeof(SCSIDiskReq),
2177 .free_req = scsi_free_request,
2178 .send_command = scsi_disk_dma_command,
2179 .read_data = scsi_read_data,
2180 .write_data = scsi_write_data,
2181 .cancel_io = scsi_cancel_io,
2182 .get_buf = scsi_get_buf,
2183 .load_request = scsi_disk_load_request,
2184 .save_request = scsi_disk_save_request,
2185};
2186
2187static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2188 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2189 [INQUIRY] = &scsi_disk_emulate_reqops,
2190 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2191 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2192 [START_STOP] = &scsi_disk_emulate_reqops,
2193 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2194 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2195 [READ_TOC] = &scsi_disk_emulate_reqops,
2196 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2197 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2198 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2199 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2200 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2201 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2202 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2203 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2204 [SEEK_10] = &scsi_disk_emulate_reqops,
2205 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2206 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2207 [UNMAP] = &scsi_disk_emulate_reqops,
2208 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2209 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2210
2211 [READ_6] = &scsi_disk_dma_reqops,
2212 [READ_10] = &scsi_disk_dma_reqops,
2213 [READ_12] = &scsi_disk_dma_reqops,
2214 [READ_16] = &scsi_disk_dma_reqops,
2215 [VERIFY_10] = &scsi_disk_dma_reqops,
2216 [VERIFY_12] = &scsi_disk_dma_reqops,
2217 [VERIFY_16] = &scsi_disk_dma_reqops,
2218 [WRITE_6] = &scsi_disk_dma_reqops,
2219 [WRITE_10] = &scsi_disk_dma_reqops,
2220 [WRITE_12] = &scsi_disk_dma_reqops,
2221 [WRITE_16] = &scsi_disk_dma_reqops,
2222 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2223 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2224 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2225};
2226
2227static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2228 uint8_t *buf, void *hba_private)
2229{
2230 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2231 SCSIRequest *req;
2232 const SCSIReqOps *ops;
2233 uint8_t command;
2234
2235 command = buf[0];
2236 ops = scsi_disk_reqops_dispatch[command];
2237 if (!ops) {
2238 ops = &scsi_disk_emulate_reqops;
2239 }
2240 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2241
2242#ifdef DEBUG_SCSI
2243 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2244 {
2245 int i;
2246 for (i = 1; i < req->cmd.len; i++) {
2247 printf(" 0x%02x", buf[i]);
2248 }
2249 printf("\n");
2250 }
2251#endif
2252
2253 return req;
2254}
2255
2256#ifdef __linux__
2257static int get_device_type(SCSIDiskState *s)
2258{
2259 BlockDriverState *bdrv = s->qdev.conf.bs;
2260 uint8_t cmd[16];
2261 uint8_t buf[36];
2262 uint8_t sensebuf[8];
2263 sg_io_hdr_t io_header;
2264 int ret;
2265
2266 memset(cmd, 0, sizeof(cmd));
2267 memset(buf, 0, sizeof(buf));
2268 cmd[0] = INQUIRY;
2269 cmd[4] = sizeof(buf);
2270
2271 memset(&io_header, 0, sizeof(io_header));
2272 io_header.interface_id = 'S';
2273 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2274 io_header.dxfer_len = sizeof(buf);
2275 io_header.dxferp = buf;
2276 io_header.cmdp = cmd;
2277 io_header.cmd_len = sizeof(cmd);
2278 io_header.mx_sb_len = sizeof(sensebuf);
2279 io_header.sbp = sensebuf;
2280 io_header.timeout = 6000; /* XXX */
2281
2282 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
2283 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2284 return -1;
2285 }
2286 s->qdev.type = buf[0];
2287 if (buf[1] & 0x80) {
2288 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2289 }
2290 return 0;
2291}
2292
2293static int scsi_block_initfn(SCSIDevice *dev)
2294{
2295 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2296 int sg_version;
2297 int rc;
2298
2299 if (!s->qdev.conf.bs) {
2300 error_report("scsi-block: drive property not set");
2301 return -1;
2302 }
2303
2304 /* check we are using a driver managing SG_IO (version 3 and after) */
2305 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
2306 sg_version < 30000) {
2307 error_report("scsi-block: scsi generic interface too old");
2308 return -1;
2309 }
2310
2311 /* get device type from INQUIRY data */
2312 rc = get_device_type(s);
2313 if (rc < 0) {
2314 error_report("scsi-block: INQUIRY failed");
2315 return -1;
2316 }
2317
2318 /* Make a guess for the block size, we'll fix it when the guest sends.
2319 * READ CAPACITY. If they don't, they likely would assume these sizes
2320 * anyway. (TODO: check in /sys).
2321 */
2322 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2323 s->qdev.blocksize = 2048;
2324 } else {
2325 s->qdev.blocksize = 512;
2326 }
2327
2328 /* Makes the scsi-block device not removable by using HMP and QMP eject
2329 * command.
2330 */
2331 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2332
2333 return scsi_initfn(&s->qdev);
2334}
2335
2336static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2337 uint32_t lun, uint8_t *buf,
2338 void *hba_private)
2339{
2340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2341
2342 switch (buf[0]) {
2343 case READ_6:
2344 case READ_10:
2345 case READ_12:
2346 case READ_16:
2347 case VERIFY_10:
2348 case VERIFY_12:
2349 case VERIFY_16:
2350 case WRITE_6:
2351 case WRITE_10:
2352 case WRITE_12:
2353 case WRITE_16:
2354 case WRITE_VERIFY_10:
2355 case WRITE_VERIFY_12:
2356 case WRITE_VERIFY_16:
2357 /* If we are not using O_DIRECT, we might read stale data from the
2358 * host cache if writes were made using other commands than these
2359 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2360 * O_DIRECT everything must go through SG_IO.
2361 */
2362 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
2363 break;
2364 }
2365
2366 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2367 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2368 * And once you do these writes, reading from the block device is
2369 * unreliable, too. It is even possible that reads deliver random data
2370 * from the host page cache (this is probably a Linux bug).
2371 *
2372 * We might use scsi_disk_dma_reqops as long as no writing commands are
2373 * seen, but performance usually isn't paramount on optical media. So,
2374 * just make scsi-block operate the same as scsi-generic for them.
2375 */
2376 if (s->qdev.type != TYPE_ROM) {
2377 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2378 hba_private);
2379 }
2380 }
2381
2382 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2383 hba_private);
2384}
2385#endif
2386
2387#define DEFINE_SCSI_DISK_PROPERTIES() \
2388 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2389 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2390 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2391 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2392 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2393
2394static Property scsi_hd_properties[] = {
2395 DEFINE_SCSI_DISK_PROPERTIES(),
2396 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2397 SCSI_DISK_F_REMOVABLE, false),
2398 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2399 SCSI_DISK_F_DPOFUA, false),
2400 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2401 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2402 DEFINE_PROP_END_OF_LIST(),
2403};
2404
2405static const VMStateDescription vmstate_scsi_disk_state = {
2406 .name = "scsi-disk",
2407 .version_id = 1,
2408 .minimum_version_id = 1,
2409 .minimum_version_id_old = 1,
2410 .fields = (VMStateField[]) {
2411 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2412 VMSTATE_BOOL(media_changed, SCSIDiskState),
2413 VMSTATE_BOOL(media_event, SCSIDiskState),
2414 VMSTATE_BOOL(eject_request, SCSIDiskState),
2415 VMSTATE_BOOL(tray_open, SCSIDiskState),
2416 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2417 VMSTATE_END_OF_LIST()
2418 }
2419};
2420
2421static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2422{
2423 DeviceClass *dc = DEVICE_CLASS(klass);
2424 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2425
2426 sc->init = scsi_hd_initfn;
2427 sc->destroy = scsi_destroy;
2428 sc->alloc_req = scsi_new_request;
2429 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2430 dc->fw_name = "disk";
2431 dc->desc = "virtual SCSI disk";
2432 dc->reset = scsi_disk_reset;
2433 dc->props = scsi_hd_properties;
2434 dc->vmsd = &vmstate_scsi_disk_state;
2435}
2436
2437static const TypeInfo scsi_hd_info = {
2438 .name = "scsi-hd",
2439 .parent = TYPE_SCSI_DEVICE,
2440 .instance_size = sizeof(SCSIDiskState),
2441 .class_init = scsi_hd_class_initfn,
2442};
2443
2444static Property scsi_cd_properties[] = {
2445 DEFINE_SCSI_DISK_PROPERTIES(),
2446 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2447 DEFINE_PROP_END_OF_LIST(),
2448};
2449
2450static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2451{
2452 DeviceClass *dc = DEVICE_CLASS(klass);
2453 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2454
2455 sc->init = scsi_cd_initfn;
2456 sc->destroy = scsi_destroy;
2457 sc->alloc_req = scsi_new_request;
2458 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2459 dc->fw_name = "disk";
2460 dc->desc = "virtual SCSI CD-ROM";
2461 dc->reset = scsi_disk_reset;
2462 dc->props = scsi_cd_properties;
2463 dc->vmsd = &vmstate_scsi_disk_state;
2464}
2465
2466static const TypeInfo scsi_cd_info = {
2467 .name = "scsi-cd",
2468 .parent = TYPE_SCSI_DEVICE,
2469 .instance_size = sizeof(SCSIDiskState),
2470 .class_init = scsi_cd_class_initfn,
2471};
2472
2473#ifdef __linux__
2474static Property scsi_block_properties[] = {
2475 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
2476 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
2477 DEFINE_PROP_END_OF_LIST(),
2478};
2479
2480static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2481{
2482 DeviceClass *dc = DEVICE_CLASS(klass);
2483 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2484
2485 sc->init = scsi_block_initfn;
2486 sc->destroy = scsi_destroy;
2487 sc->alloc_req = scsi_block_new_request;
2488 dc->fw_name = "disk";
2489 dc->desc = "SCSI block device passthrough";
2490 dc->reset = scsi_disk_reset;
2491 dc->props = scsi_block_properties;
2492 dc->vmsd = &vmstate_scsi_disk_state;
2493}
2494
2495static const TypeInfo scsi_block_info = {
2496 .name = "scsi-block",
2497 .parent = TYPE_SCSI_DEVICE,
2498 .instance_size = sizeof(SCSIDiskState),
2499 .class_init = scsi_block_class_initfn,
2500};
2501#endif
2502
2503static Property scsi_disk_properties[] = {
2504 DEFINE_SCSI_DISK_PROPERTIES(),
2505 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2506 SCSI_DISK_F_REMOVABLE, false),
2507 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2508 SCSI_DISK_F_DPOFUA, false),
2509 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2510 DEFINE_PROP_END_OF_LIST(),
2511};
2512
2513static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2514{
2515 DeviceClass *dc = DEVICE_CLASS(klass);
2516 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2517
2518 sc->init = scsi_disk_initfn;
2519 sc->destroy = scsi_destroy;
2520 sc->alloc_req = scsi_new_request;
2521 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2522 dc->fw_name = "disk";
2523 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2524 dc->reset = scsi_disk_reset;
2525 dc->props = scsi_disk_properties;
2526 dc->vmsd = &vmstate_scsi_disk_state;
2527}
2528
2529static const TypeInfo scsi_disk_info = {
2530 .name = "scsi-disk",
2531 .parent = TYPE_SCSI_DEVICE,
2532 .instance_size = sizeof(SCSIDiskState),
2533 .class_init = scsi_disk_class_initfn,
2534};
2535
2536static void scsi_disk_register_types(void)
2537{
2538 type_register_static(&scsi_hd_info);
2539 type_register_static(&scsi_cd_info);
2540#ifdef __linux__
2541 type_register_static(&scsi_block_info);
2542#endif
2543 type_register_static(&scsi_disk_info);
2544}
2545
2546type_init(scsi_disk_register_types)
Qemu copy for testing