]> git.proxmox.com Git - mirror_qemu.git/blob - hw/scsi/scsi-disk.c
ce89c98b4eb5faf7b576dd82caeba636d97cf114
[mirror_qemu.git] / hw / scsi / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34 #include "hw/scsi/scsi.h"
35 #include "block/scsi.h"
36 #include "sysemu/sysemu.h"
37 #include "sysemu/block-backend.h"
38 #include "sysemu/blockdev.h"
39 #include "hw/block/block.h"
40 #include "sysemu/dma.h"
41 #include "qemu/cutils.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_WRITE_SAME_MAX 524288
48 #define SCSI_DMA_BUF_SIZE 131072
49 #define SCSI_MAX_INQUIRY_LEN 256
50 #define SCSI_MAX_MODE_LEN 256
51
52 #define DEFAULT_DISCARD_GRANULARITY 4096
53 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
54 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
55
56 typedef struct SCSIDiskState SCSIDiskState;
57
58 typedef struct SCSIDiskReq {
59 SCSIRequest req;
60 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
61 uint64_t sector;
62 uint32_t sector_count;
63 uint32_t buflen;
64 bool started;
65 struct iovec iov;
66 QEMUIOVector qiov;
67 BlockAcctCookie acct;
68 } SCSIDiskReq;
69
70 #define SCSI_DISK_F_REMOVABLE 0
71 #define SCSI_DISK_F_DPOFUA 1
72 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
73
74 struct SCSIDiskState
75 {
76 SCSIDevice qdev;
77 uint32_t features;
78 bool media_changed;
79 bool media_event;
80 bool eject_request;
81 uint16_t port_index;
82 uint64_t max_unmap_size;
83 uint64_t max_io_size;
84 QEMUBH *bh;
85 char *version;
86 char *serial;
87 char *vendor;
88 char *product;
89 bool tray_open;
90 bool tray_locked;
91 };
92
93 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
94
95 static void scsi_free_request(SCSIRequest *req)
96 {
97 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
98
99 qemu_vfree(r->iov.iov_base);
100 }
101
102 /* Helper function for command completion with sense. */
103 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
104 {
105 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
106 r->req.tag, sense.key, sense.asc, sense.ascq);
107 scsi_req_build_sense(&r->req, sense);
108 scsi_req_complete(&r->req, CHECK_CONDITION);
109 }
110
111 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
112 {
113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
114
115 if (!r->iov.iov_base) {
116 r->buflen = size;
117 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
118 }
119 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
120 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
121 }
122
123 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
124 {
125 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
126
127 qemu_put_be64s(f, &r->sector);
128 qemu_put_be32s(f, &r->sector_count);
129 qemu_put_be32s(f, &r->buflen);
130 if (r->buflen) {
131 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
132 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
133 } else if (!req->retry) {
134 uint32_t len = r->iov.iov_len;
135 qemu_put_be32s(f, &len);
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
137 }
138 }
139 }
140
141 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
142 {
143 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
144
145 qemu_get_be64s(f, &r->sector);
146 qemu_get_be32s(f, &r->sector_count);
147 qemu_get_be32s(f, &r->buflen);
148 if (r->buflen) {
149 scsi_init_iovec(r, r->buflen);
150 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
151 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
152 } else if (!r->req.retry) {
153 uint32_t len;
154 qemu_get_be32s(f, &len);
155 r->iov.iov_len = len;
156 assert(r->iov.iov_len <= r->buflen);
157 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 }
159 }
160
161 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
162 }
163
164 static void scsi_aio_complete(void *opaque, int ret)
165 {
166 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
167 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
168
169 assert(r->req.aiocb != NULL);
170 r->req.aiocb = NULL;
171 if (r->req.io_canceled) {
172 scsi_req_cancel_complete(&r->req);
173 goto done;
174 }
175
176 if (ret < 0) {
177 if (scsi_handle_rw_error(r, -ret, true)) {
178 goto done;
179 }
180 }
181
182 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
183 scsi_req_complete(&r->req, GOOD);
184
185 done:
186 scsi_req_unref(&r->req);
187 }
188
189 static bool scsi_is_cmd_fua(SCSICommand *cmd)
190 {
191 switch (cmd->buf[0]) {
192 case READ_10:
193 case READ_12:
194 case READ_16:
195 case WRITE_10:
196 case WRITE_12:
197 case WRITE_16:
198 return (cmd->buf[1] & 8) != 0;
199
200 case VERIFY_10:
201 case VERIFY_12:
202 case VERIFY_16:
203 case WRITE_VERIFY_10:
204 case WRITE_VERIFY_12:
205 case WRITE_VERIFY_16:
206 return true;
207
208 case READ_6:
209 case WRITE_6:
210 default:
211 return false;
212 }
213 }
214
215 static void scsi_write_do_fua(SCSIDiskReq *r)
216 {
217 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
218
219 assert(r->req.aiocb == NULL);
220
221 if (r->req.io_canceled) {
222 scsi_req_cancel_complete(&r->req);
223 goto done;
224 }
225
226 if (scsi_is_cmd_fua(&r->req.cmd)) {
227 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
228 BLOCK_ACCT_FLUSH);
229 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
230 return;
231 }
232
233 scsi_req_complete(&r->req, GOOD);
234
235 done:
236 scsi_req_unref(&r->req);
237 }
238
239 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
240 {
241 assert(r->req.aiocb == NULL);
242
243 if (r->req.io_canceled) {
244 scsi_req_cancel_complete(&r->req);
245 goto done;
246 }
247
248 if (ret < 0) {
249 if (scsi_handle_rw_error(r, -ret, false)) {
250 goto done;
251 }
252 }
253
254 r->sector += r->sector_count;
255 r->sector_count = 0;
256 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
257 scsi_write_do_fua(r);
258 return;
259 } else {
260 scsi_req_complete(&r->req, GOOD);
261 }
262
263 done:
264 scsi_req_unref(&r->req);
265 }
266
267 static void scsi_dma_complete(void *opaque, int ret)
268 {
269 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
271
272 assert(r->req.aiocb != NULL);
273 r->req.aiocb = NULL;
274
275 if (ret < 0) {
276 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
277 } else {
278 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
279 }
280 scsi_dma_complete_noio(r, ret);
281 }
282
283 static void scsi_read_complete(void * opaque, int ret)
284 {
285 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
286 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
287 int n;
288
289 assert(r->req.aiocb != NULL);
290 r->req.aiocb = NULL;
291 if (r->req.io_canceled) {
292 scsi_req_cancel_complete(&r->req);
293 goto done;
294 }
295
296 if (ret < 0) {
297 if (scsi_handle_rw_error(r, -ret, true)) {
298 goto done;
299 }
300 }
301
302 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
303 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
304
305 n = r->qiov.size / 512;
306 r->sector += n;
307 r->sector_count -= n;
308 scsi_req_data(&r->req, r->qiov.size);
309
310 done:
311 scsi_req_unref(&r->req);
312 }
313
314 /* Actually issue a read to the block device. */
315 static void scsi_do_read(SCSIDiskReq *r, int ret)
316 {
317 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
318
319 assert (r->req.aiocb == NULL);
320
321 if (r->req.io_canceled) {
322 scsi_req_cancel_complete(&r->req);
323 goto done;
324 }
325
326 if (ret < 0) {
327 if (scsi_handle_rw_error(r, -ret, false)) {
328 goto done;
329 }
330 }
331
332 /* The request is used as the AIO opaque value, so add a ref. */
333 scsi_req_ref(&r->req);
334
335 if (r->req.sg) {
336 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
337 r->req.resid -= r->req.sg->size;
338 r->req.aiocb = dma_blk_read(s->qdev.conf.blk, r->req.sg, r->sector,
339 scsi_dma_complete, r);
340 } else {
341 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
342 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
343 r->qiov.size, BLOCK_ACCT_READ);
344 r->req.aiocb = blk_aio_preadv(s->qdev.conf.blk,
345 r->sector << BDRV_SECTOR_BITS, &r->qiov,
346 0, scsi_read_complete, r);
347 }
348
349 done:
350 scsi_req_unref(&r->req);
351 }
352
353 static void scsi_do_read_cb(void *opaque, int ret)
354 {
355 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
356 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
357
358 assert (r->req.aiocb != NULL);
359 r->req.aiocb = NULL;
360
361 if (ret < 0) {
362 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
363 } else {
364 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
365 }
366 scsi_do_read(opaque, ret);
367 }
368
369 /* Read more data from scsi device into buffer. */
370 static void scsi_read_data(SCSIRequest *req)
371 {
372 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
374 bool first;
375
376 DPRINTF("Read sector_count=%d\n", r->sector_count);
377 if (r->sector_count == 0) {
378 /* This also clears the sense buffer for REQUEST SENSE. */
379 scsi_req_complete(&r->req, GOOD);
380 return;
381 }
382
383 /* No data transfer may already be in progress */
384 assert(r->req.aiocb == NULL);
385
386 /* The request is used as the AIO opaque value, so add a ref. */
387 scsi_req_ref(&r->req);
388 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
389 DPRINTF("Data transfer direction invalid\n");
390 scsi_read_complete(r, -EINVAL);
391 return;
392 }
393
394 if (s->tray_open) {
395 scsi_read_complete(r, -ENOMEDIUM);
396 return;
397 }
398
399 first = !r->started;
400 r->started = true;
401 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
402 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
403 BLOCK_ACCT_FLUSH);
404 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
405 } else {
406 scsi_do_read(r, 0);
407 }
408 }
409
410 /*
411 * scsi_handle_rw_error has two return values. 0 means that the error
412 * must be ignored, 1 means that the error has been processed and the
413 * caller should not do anything else for this request. Note that
414 * scsi_handle_rw_error always manages its reference counts, independent
415 * of the return value.
416 */
417 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
418 {
419 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
420 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
421 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
422 is_read, error);
423
424 if (action == BLOCK_ERROR_ACTION_REPORT) {
425 if (acct_failed) {
426 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
427 }
428 switch (error) {
429 case ENOMEDIUM:
430 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
431 break;
432 case ENOMEM:
433 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
434 break;
435 case EINVAL:
436 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
437 break;
438 case ENOSPC:
439 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
440 break;
441 default:
442 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
443 break;
444 }
445 }
446 blk_error_action(s->qdev.conf.blk, action, is_read, error);
447 if (action == BLOCK_ERROR_ACTION_STOP) {
448 scsi_req_retry(&r->req);
449 }
450 return action != BLOCK_ERROR_ACTION_IGNORE;
451 }
452
453 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
454 {
455 uint32_t n;
456
457 assert (r->req.aiocb == NULL);
458
459 if (r->req.io_canceled) {
460 scsi_req_cancel_complete(&r->req);
461 goto done;
462 }
463
464 if (ret < 0) {
465 if (scsi_handle_rw_error(r, -ret, false)) {
466 goto done;
467 }
468 }
469
470 n = r->qiov.size / 512;
471 r->sector += n;
472 r->sector_count -= n;
473 if (r->sector_count == 0) {
474 scsi_write_do_fua(r);
475 return;
476 } else {
477 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
478 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
479 scsi_req_data(&r->req, r->qiov.size);
480 }
481
482 done:
483 scsi_req_unref(&r->req);
484 }
485
486 static void scsi_write_complete(void * opaque, int ret)
487 {
488 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
489 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
490
491 assert (r->req.aiocb != NULL);
492 r->req.aiocb = NULL;
493
494 if (ret < 0) {
495 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
496 } else {
497 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
498 }
499 scsi_write_complete_noio(r, ret);
500 }
501
502 static void scsi_write_data(SCSIRequest *req)
503 {
504 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
506
507 /* No data transfer may already be in progress */
508 assert(r->req.aiocb == NULL);
509
510 /* The request is used as the AIO opaque value, so add a ref. */
511 scsi_req_ref(&r->req);
512 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
513 DPRINTF("Data transfer direction invalid\n");
514 scsi_write_complete_noio(r, -EINVAL);
515 return;
516 }
517
518 if (!r->req.sg && !r->qiov.size) {
519 /* Called for the first time. Ask the driver to send us more data. */
520 r->started = true;
521 scsi_write_complete_noio(r, 0);
522 return;
523 }
524 if (s->tray_open) {
525 scsi_write_complete_noio(r, -ENOMEDIUM);
526 return;
527 }
528
529 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
530 r->req.cmd.buf[0] == VERIFY_16) {
531 if (r->req.sg) {
532 scsi_dma_complete_noio(r, 0);
533 } else {
534 scsi_write_complete_noio(r, 0);
535 }
536 return;
537 }
538
539 if (r->req.sg) {
540 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
541 r->req.resid -= r->req.sg->size;
542 r->req.aiocb = dma_blk_write(s->qdev.conf.blk, r->req.sg, r->sector,
543 scsi_dma_complete, r);
544 } else {
545 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
546 r->qiov.size, BLOCK_ACCT_WRITE);
547 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
548 r->sector << BDRV_SECTOR_BITS, &r->qiov,
549 0, scsi_write_complete, r);
550 }
551 }
552
553 /* Return a pointer to the data buffer. */
554 static uint8_t *scsi_get_buf(SCSIRequest *req)
555 {
556 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
557
558 return (uint8_t *)r->iov.iov_base;
559 }
560
561 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
562 {
563 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
564 int buflen = 0;
565 int start;
566
567 if (req->cmd.buf[1] & 0x1) {
568 /* Vital product data */
569 uint8_t page_code = req->cmd.buf[2];
570
571 outbuf[buflen++] = s->qdev.type & 0x1f;
572 outbuf[buflen++] = page_code ; // this page
573 outbuf[buflen++] = 0x00;
574 outbuf[buflen++] = 0x00;
575 start = buflen;
576
577 switch (page_code) {
578 case 0x00: /* Supported page codes, mandatory */
579 {
580 DPRINTF("Inquiry EVPD[Supported pages] "
581 "buffer size %zd\n", req->cmd.xfer);
582 outbuf[buflen++] = 0x00; // list of supported pages (this page)
583 if (s->serial) {
584 outbuf[buflen++] = 0x80; // unit serial number
585 }
586 outbuf[buflen++] = 0x83; // device identification
587 if (s->qdev.type == TYPE_DISK) {
588 outbuf[buflen++] = 0xb0; // block limits
589 outbuf[buflen++] = 0xb2; // thin provisioning
590 }
591 break;
592 }
593 case 0x80: /* Device serial number, optional */
594 {
595 int l;
596
597 if (!s->serial) {
598 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
599 return -1;
600 }
601
602 l = strlen(s->serial);
603 if (l > 20) {
604 l = 20;
605 }
606
607 DPRINTF("Inquiry EVPD[Serial number] "
608 "buffer size %zd\n", req->cmd.xfer);
609 memcpy(outbuf+buflen, s->serial, l);
610 buflen += l;
611 break;
612 }
613
614 case 0x83: /* Device identification page, mandatory */
615 {
616 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
617 int max_len = s->serial ? 20 : 255 - 8;
618 int id_len = strlen(str);
619
620 if (id_len > max_len) {
621 id_len = max_len;
622 }
623 DPRINTF("Inquiry EVPD[Device identification] "
624 "buffer size %zd\n", req->cmd.xfer);
625
626 outbuf[buflen++] = 0x2; // ASCII
627 outbuf[buflen++] = 0; // not officially assigned
628 outbuf[buflen++] = 0; // reserved
629 outbuf[buflen++] = id_len; // length of data following
630 memcpy(outbuf+buflen, str, id_len);
631 buflen += id_len;
632
633 if (s->qdev.wwn) {
634 outbuf[buflen++] = 0x1; // Binary
635 outbuf[buflen++] = 0x3; // NAA
636 outbuf[buflen++] = 0; // reserved
637 outbuf[buflen++] = 8;
638 stq_be_p(&outbuf[buflen], s->qdev.wwn);
639 buflen += 8;
640 }
641
642 if (s->qdev.port_wwn) {
643 outbuf[buflen++] = 0x61; // SAS / Binary
644 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
645 outbuf[buflen++] = 0; // reserved
646 outbuf[buflen++] = 8;
647 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
648 buflen += 8;
649 }
650
651 if (s->port_index) {
652 outbuf[buflen++] = 0x61; // SAS / Binary
653 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
654 outbuf[buflen++] = 0; // reserved
655 outbuf[buflen++] = 4;
656 stw_be_p(&outbuf[buflen + 2], s->port_index);
657 buflen += 4;
658 }
659 break;
660 }
661 case 0xb0: /* block limits */
662 {
663 unsigned int unmap_sectors =
664 s->qdev.conf.discard_granularity / s->qdev.blocksize;
665 unsigned int min_io_size =
666 s->qdev.conf.min_io_size / s->qdev.blocksize;
667 unsigned int opt_io_size =
668 s->qdev.conf.opt_io_size / s->qdev.blocksize;
669 unsigned int max_unmap_sectors =
670 s->max_unmap_size / s->qdev.blocksize;
671 unsigned int max_io_sectors =
672 s->max_io_size / s->qdev.blocksize;
673
674 if (s->qdev.type == TYPE_ROM) {
675 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
676 page_code);
677 return -1;
678 }
679 /* required VPD size with unmap support */
680 buflen = 0x40;
681 memset(outbuf + 4, 0, buflen - 4);
682
683 outbuf[4] = 0x1; /* wsnz */
684
685 /* optimal transfer length granularity */
686 outbuf[6] = (min_io_size >> 8) & 0xff;
687 outbuf[7] = min_io_size & 0xff;
688
689 /* maximum transfer length */
690 outbuf[8] = (max_io_sectors >> 24) & 0xff;
691 outbuf[9] = (max_io_sectors >> 16) & 0xff;
692 outbuf[10] = (max_io_sectors >> 8) & 0xff;
693 outbuf[11] = max_io_sectors & 0xff;
694
695 /* optimal transfer length */
696 outbuf[12] = (opt_io_size >> 24) & 0xff;
697 outbuf[13] = (opt_io_size >> 16) & 0xff;
698 outbuf[14] = (opt_io_size >> 8) & 0xff;
699 outbuf[15] = opt_io_size & 0xff;
700
701 /* max unmap LBA count, default is 1GB */
702 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
703 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
704 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
705 outbuf[23] = max_unmap_sectors & 0xff;
706
707 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
708 outbuf[24] = 0;
709 outbuf[25] = 0;
710 outbuf[26] = 0;
711 outbuf[27] = 255;
712
713 /* optimal unmap granularity */
714 outbuf[28] = (unmap_sectors >> 24) & 0xff;
715 outbuf[29] = (unmap_sectors >> 16) & 0xff;
716 outbuf[30] = (unmap_sectors >> 8) & 0xff;
717 outbuf[31] = unmap_sectors & 0xff;
718
719 /* max write same size */
720 outbuf[36] = 0;
721 outbuf[37] = 0;
722 outbuf[38] = 0;
723 outbuf[39] = 0;
724
725 outbuf[40] = (max_io_sectors >> 24) & 0xff;
726 outbuf[41] = (max_io_sectors >> 16) & 0xff;
727 outbuf[42] = (max_io_sectors >> 8) & 0xff;
728 outbuf[43] = max_io_sectors & 0xff;
729 break;
730 }
731 case 0xb2: /* thin provisioning */
732 {
733 buflen = 8;
734 outbuf[4] = 0;
735 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
736 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
737 outbuf[7] = 0;
738 break;
739 }
740 default:
741 return -1;
742 }
743 /* done with EVPD */
744 assert(buflen - start <= 255);
745 outbuf[start - 1] = buflen - start;
746 return buflen;
747 }
748
749 /* Standard INQUIRY data */
750 if (req->cmd.buf[2] != 0) {
751 return -1;
752 }
753
754 /* PAGE CODE == 0 */
755 buflen = req->cmd.xfer;
756 if (buflen > SCSI_MAX_INQUIRY_LEN) {
757 buflen = SCSI_MAX_INQUIRY_LEN;
758 }
759
760 outbuf[0] = s->qdev.type & 0x1f;
761 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
762
763 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
764 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
765
766 memset(&outbuf[32], 0, 4);
767 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
768 /*
769 * We claim conformance to SPC-3, which is required for guests
770 * to ask for modern features like READ CAPACITY(16) or the
771 * block characteristics VPD page by default. Not all of SPC-3
772 * is actually implemented, but we're good enough.
773 */
774 outbuf[2] = 5;
775 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
776
777 if (buflen > 36) {
778 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
779 } else {
780 /* If the allocation length of CDB is too small,
781 the additional length is not adjusted */
782 outbuf[4] = 36 - 5;
783 }
784
785 /* Sync data transfer and TCQ. */
786 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
787 return buflen;
788 }
789
790 static inline bool media_is_dvd(SCSIDiskState *s)
791 {
792 uint64_t nb_sectors;
793 if (s->qdev.type != TYPE_ROM) {
794 return false;
795 }
796 if (!blk_is_inserted(s->qdev.conf.blk)) {
797 return false;
798 }
799 if (s->tray_open) {
800 return false;
801 }
802 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
803 return nb_sectors > CD_MAX_SECTORS;
804 }
805
806 static inline bool media_is_cd(SCSIDiskState *s)
807 {
808 uint64_t nb_sectors;
809 if (s->qdev.type != TYPE_ROM) {
810 return false;
811 }
812 if (!blk_is_inserted(s->qdev.conf.blk)) {
813 return false;
814 }
815 if (s->tray_open) {
816 return false;
817 }
818 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
819 return nb_sectors <= CD_MAX_SECTORS;
820 }
821
822 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
823 uint8_t *outbuf)
824 {
825 uint8_t type = r->req.cmd.buf[1] & 7;
826
827 if (s->qdev.type != TYPE_ROM) {
828 return -1;
829 }
830
831 /* Types 1/2 are only defined for Blu-Ray. */
832 if (type != 0) {
833 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
834 return -1;
835 }
836
837 memset(outbuf, 0, 34);
838 outbuf[1] = 32;
839 outbuf[2] = 0xe; /* last session complete, disc finalized */
840 outbuf[3] = 1; /* first track on disc */
841 outbuf[4] = 1; /* # of sessions */
842 outbuf[5] = 1; /* first track of last session */
843 outbuf[6] = 1; /* last track of last session */
844 outbuf[7] = 0x20; /* unrestricted use */
845 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
846 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
847 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
848 /* 24-31: disc bar code */
849 /* 32: disc application code */
850 /* 33: number of OPC tables */
851
852 return 34;
853 }
854
855 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
856 uint8_t *outbuf)
857 {
858 static const int rds_caps_size[5] = {
859 [0] = 2048 + 4,
860 [1] = 4 + 4,
861 [3] = 188 + 4,
862 [4] = 2048 + 4,
863 };
864
865 uint8_t media = r->req.cmd.buf[1];
866 uint8_t layer = r->req.cmd.buf[6];
867 uint8_t format = r->req.cmd.buf[7];
868 int size = -1;
869
870 if (s->qdev.type != TYPE_ROM) {
871 return -1;
872 }
873 if (media != 0) {
874 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
875 return -1;
876 }
877
878 if (format != 0xff) {
879 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
880 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
881 return -1;
882 }
883 if (media_is_cd(s)) {
884 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
885 return -1;
886 }
887 if (format >= ARRAY_SIZE(rds_caps_size)) {
888 return -1;
889 }
890 size = rds_caps_size[format];
891 memset(outbuf, 0, size);
892 }
893
894 switch (format) {
895 case 0x00: {
896 /* Physical format information */
897 uint64_t nb_sectors;
898 if (layer != 0) {
899 goto fail;
900 }
901 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
902
903 outbuf[4] = 1; /* DVD-ROM, part version 1 */
904 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
905 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
906 outbuf[7] = 0; /* default densities */
907
908 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
909 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
910 break;
911 }
912
913 case 0x01: /* DVD copyright information, all zeros */
914 break;
915
916 case 0x03: /* BCA information - invalid field for no BCA info */
917 return -1;
918
919 case 0x04: /* DVD disc manufacturing information, all zeros */
920 break;
921
922 case 0xff: { /* List capabilities */
923 int i;
924 size = 4;
925 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
926 if (!rds_caps_size[i]) {
927 continue;
928 }
929 outbuf[size] = i;
930 outbuf[size + 1] = 0x40; /* Not writable, readable */
931 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
932 size += 4;
933 }
934 break;
935 }
936
937 default:
938 return -1;
939 }
940
941 /* Size of buffer, not including 2 byte size field */
942 stw_be_p(outbuf, size - 2);
943 return size;
944
945 fail:
946 return -1;
947 }
948
949 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
950 {
951 uint8_t event_code, media_status;
952
953 media_status = 0;
954 if (s->tray_open) {
955 media_status = MS_TRAY_OPEN;
956 } else if (blk_is_inserted(s->qdev.conf.blk)) {
957 media_status = MS_MEDIA_PRESENT;
958 }
959
960 /* Event notification descriptor */
961 event_code = MEC_NO_CHANGE;
962 if (media_status != MS_TRAY_OPEN) {
963 if (s->media_event) {
964 event_code = MEC_NEW_MEDIA;
965 s->media_event = false;
966 } else if (s->eject_request) {
967 event_code = MEC_EJECT_REQUESTED;
968 s->eject_request = false;
969 }
970 }
971
972 outbuf[0] = event_code;
973 outbuf[1] = media_status;
974
975 /* These fields are reserved, just clear them. */
976 outbuf[2] = 0;
977 outbuf[3] = 0;
978 return 4;
979 }
980
981 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
982 uint8_t *outbuf)
983 {
984 int size;
985 uint8_t *buf = r->req.cmd.buf;
986 uint8_t notification_class_request = buf[4];
987 if (s->qdev.type != TYPE_ROM) {
988 return -1;
989 }
990 if ((buf[1] & 1) == 0) {
991 /* asynchronous */
992 return -1;
993 }
994
995 size = 4;
996 outbuf[0] = outbuf[1] = 0;
997 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
998 if (notification_class_request & (1 << GESN_MEDIA)) {
999 outbuf[2] = GESN_MEDIA;
1000 size += scsi_event_status_media(s, &outbuf[size]);
1001 } else {
1002 outbuf[2] = 0x80;
1003 }
1004 stw_be_p(outbuf, size - 4);
1005 return size;
1006 }
1007
1008 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1009 {
1010 int current;
1011
1012 if (s->qdev.type != TYPE_ROM) {
1013 return -1;
1014 }
1015
1016 if (media_is_dvd(s)) {
1017 current = MMC_PROFILE_DVD_ROM;
1018 } else if (media_is_cd(s)) {
1019 current = MMC_PROFILE_CD_ROM;
1020 } else {
1021 current = MMC_PROFILE_NONE;
1022 }
1023
1024 memset(outbuf, 0, 40);
1025 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1026 stw_be_p(&outbuf[6], current);
1027 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1028 outbuf[10] = 0x03; /* persistent, current */
1029 outbuf[11] = 8; /* two profiles */
1030 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1031 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1032 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1033 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1034 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1035 stw_be_p(&outbuf[20], 1);
1036 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1037 outbuf[23] = 8;
1038 stl_be_p(&outbuf[24], 1); /* SCSI */
1039 outbuf[28] = 1; /* DBE = 1, mandatory */
1040 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1041 stw_be_p(&outbuf[32], 3);
1042 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1043 outbuf[35] = 4;
1044 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1045 /* TODO: Random readable, CD read, DVD read, drive serial number,
1046 power management */
1047 return 40;
1048 }
1049
1050 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1051 {
1052 if (s->qdev.type != TYPE_ROM) {
1053 return -1;
1054 }
1055 memset(outbuf, 0, 8);
1056 outbuf[5] = 1; /* CD-ROM */
1057 return 8;
1058 }
1059
1060 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1061 int page_control)
1062 {
1063 static const int mode_sense_valid[0x3f] = {
1064 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1065 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1066 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1067 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1068 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1069 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1070 };
1071
1072 uint8_t *p = *p_outbuf + 2;
1073 int length;
1074
1075 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1076 return -1;
1077 }
1078
1079 /*
1080 * If Changeable Values are requested, a mask denoting those mode parameters
1081 * that are changeable shall be returned. As we currently don't support
1082 * parameter changes via MODE_SELECT all bits are returned set to zero.
1083 * The buffer was already menset to zero by the caller of this function.
1084 *
1085 * The offsets here are off by two compared to the descriptions in the
1086 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1087 * but it is done so that offsets are consistent within our implementation
1088 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1089 * 2-byte and 4-byte headers.
1090 */
1091 switch (page) {
1092 case MODE_PAGE_HD_GEOMETRY:
1093 length = 0x16;
1094 if (page_control == 1) { /* Changeable Values */
1095 break;
1096 }
1097 /* if a geometry hint is available, use it */
1098 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1099 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1100 p[2] = s->qdev.conf.cyls & 0xff;
1101 p[3] = s->qdev.conf.heads & 0xff;
1102 /* Write precomp start cylinder, disabled */
1103 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1104 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1105 p[6] = s->qdev.conf.cyls & 0xff;
1106 /* Reduced current start cylinder, disabled */
1107 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1108 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1109 p[9] = s->qdev.conf.cyls & 0xff;
1110 /* Device step rate [ns], 200ns */
1111 p[10] = 0;
1112 p[11] = 200;
1113 /* Landing zone cylinder */
1114 p[12] = 0xff;
1115 p[13] = 0xff;
1116 p[14] = 0xff;
1117 /* Medium rotation rate [rpm], 5400 rpm */
1118 p[18] = (5400 >> 8) & 0xff;
1119 p[19] = 5400 & 0xff;
1120 break;
1121
1122 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1123 length = 0x1e;
1124 if (page_control == 1) { /* Changeable Values */
1125 break;
1126 }
1127 /* Transfer rate [kbit/s], 5Mbit/s */
1128 p[0] = 5000 >> 8;
1129 p[1] = 5000 & 0xff;
1130 /* if a geometry hint is available, use it */
1131 p[2] = s->qdev.conf.heads & 0xff;
1132 p[3] = s->qdev.conf.secs & 0xff;
1133 p[4] = s->qdev.blocksize >> 8;
1134 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1135 p[7] = s->qdev.conf.cyls & 0xff;
1136 /* Write precomp start cylinder, disabled */
1137 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1138 p[9] = s->qdev.conf.cyls & 0xff;
1139 /* Reduced current start cylinder, disabled */
1140 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1141 p[11] = s->qdev.conf.cyls & 0xff;
1142 /* Device step rate [100us], 100us */
1143 p[12] = 0;
1144 p[13] = 1;
1145 /* Device step pulse width [us], 1us */
1146 p[14] = 1;
1147 /* Device head settle delay [100us], 100us */
1148 p[15] = 0;
1149 p[16] = 1;
1150 /* Motor on delay [0.1s], 0.1s */
1151 p[17] = 1;
1152 /* Motor off delay [0.1s], 0.1s */
1153 p[18] = 1;
1154 /* Medium rotation rate [rpm], 5400 rpm */
1155 p[26] = (5400 >> 8) & 0xff;
1156 p[27] = 5400 & 0xff;
1157 break;
1158
1159 case MODE_PAGE_CACHING:
1160 length = 0x12;
1161 if (page_control == 1 || /* Changeable Values */
1162 blk_enable_write_cache(s->qdev.conf.blk)) {
1163 p[0] = 4; /* WCE */
1164 }
1165 break;
1166
1167 case MODE_PAGE_R_W_ERROR:
1168 length = 10;
1169 if (page_control == 1) { /* Changeable Values */
1170 break;
1171 }
1172 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1173 if (s->qdev.type == TYPE_ROM) {
1174 p[1] = 0x20; /* Read Retry Count */
1175 }
1176 break;
1177
1178 case MODE_PAGE_AUDIO_CTL:
1179 length = 14;
1180 break;
1181
1182 case MODE_PAGE_CAPABILITIES:
1183 length = 0x14;
1184 if (page_control == 1) { /* Changeable Values */
1185 break;
1186 }
1187
1188 p[0] = 0x3b; /* CD-R & CD-RW read */
1189 p[1] = 0; /* Writing not supported */
1190 p[2] = 0x7f; /* Audio, composite, digital out,
1191 mode 2 form 1&2, multi session */
1192 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1193 RW corrected, C2 errors, ISRC,
1194 UPC, Bar code */
1195 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1196 /* Locking supported, jumper present, eject, tray */
1197 p[5] = 0; /* no volume & mute control, no
1198 changer */
1199 p[6] = (50 * 176) >> 8; /* 50x read speed */
1200 p[7] = (50 * 176) & 0xff;
1201 p[8] = 2 >> 8; /* Two volume levels */
1202 p[9] = 2 & 0xff;
1203 p[10] = 2048 >> 8; /* 2M buffer */
1204 p[11] = 2048 & 0xff;
1205 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1206 p[13] = (16 * 176) & 0xff;
1207 p[16] = (16 * 176) >> 8; /* 16x write speed */
1208 p[17] = (16 * 176) & 0xff;
1209 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1210 p[19] = (16 * 176) & 0xff;
1211 break;
1212
1213 default:
1214 return -1;
1215 }
1216
1217 assert(length < 256);
1218 (*p_outbuf)[0] = page;
1219 (*p_outbuf)[1] = length;
1220 *p_outbuf += length + 2;
1221 return length + 2;
1222 }
1223
1224 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1225 {
1226 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1227 uint64_t nb_sectors;
1228 bool dbd;
1229 int page, buflen, ret, page_control;
1230 uint8_t *p;
1231 uint8_t dev_specific_param;
1232
1233 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1234 page = r->req.cmd.buf[2] & 0x3f;
1235 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1236 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1237 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1238 memset(outbuf, 0, r->req.cmd.xfer);
1239 p = outbuf;
1240
1241 if (s->qdev.type == TYPE_DISK) {
1242 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1243 if (blk_is_read_only(s->qdev.conf.blk)) {
1244 dev_specific_param |= 0x80; /* Readonly. */
1245 }
1246 } else {
1247 /* MMC prescribes that CD/DVD drives have no block descriptors,
1248 * and defines no device-specific parameter. */
1249 dev_specific_param = 0x00;
1250 dbd = true;
1251 }
1252
1253 if (r->req.cmd.buf[0] == MODE_SENSE) {
1254 p[1] = 0; /* Default media type. */
1255 p[2] = dev_specific_param;
1256 p[3] = 0; /* Block descriptor length. */
1257 p += 4;
1258 } else { /* MODE_SENSE_10 */
1259 p[2] = 0; /* Default media type. */
1260 p[3] = dev_specific_param;
1261 p[6] = p[7] = 0; /* Block descriptor length. */
1262 p += 8;
1263 }
1264
1265 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1266 if (!dbd && nb_sectors) {
1267 if (r->req.cmd.buf[0] == MODE_SENSE) {
1268 outbuf[3] = 8; /* Block descriptor length */
1269 } else { /* MODE_SENSE_10 */
1270 outbuf[7] = 8; /* Block descriptor length */
1271 }
1272 nb_sectors /= (s->qdev.blocksize / 512);
1273 if (nb_sectors > 0xffffff) {
1274 nb_sectors = 0;
1275 }
1276 p[0] = 0; /* media density code */
1277 p[1] = (nb_sectors >> 16) & 0xff;
1278 p[2] = (nb_sectors >> 8) & 0xff;
1279 p[3] = nb_sectors & 0xff;
1280 p[4] = 0; /* reserved */
1281 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1282 p[6] = s->qdev.blocksize >> 8;
1283 p[7] = 0;
1284 p += 8;
1285 }
1286
1287 if (page_control == 3) {
1288 /* Saved Values */
1289 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1290 return -1;
1291 }
1292
1293 if (page == 0x3f) {
1294 for (page = 0; page <= 0x3e; page++) {
1295 mode_sense_page(s, page, &p, page_control);
1296 }
1297 } else {
1298 ret = mode_sense_page(s, page, &p, page_control);
1299 if (ret == -1) {
1300 return -1;
1301 }
1302 }
1303
1304 buflen = p - outbuf;
1305 /*
1306 * The mode data length field specifies the length in bytes of the
1307 * following data that is available to be transferred. The mode data
1308 * length does not include itself.
1309 */
1310 if (r->req.cmd.buf[0] == MODE_SENSE) {
1311 outbuf[0] = buflen - 1;
1312 } else { /* MODE_SENSE_10 */
1313 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1314 outbuf[1] = (buflen - 2) & 0xff;
1315 }
1316 return buflen;
1317 }
1318
1319 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1320 {
1321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1322 int start_track, format, msf, toclen;
1323 uint64_t nb_sectors;
1324
1325 msf = req->cmd.buf[1] & 2;
1326 format = req->cmd.buf[2] & 0xf;
1327 start_track = req->cmd.buf[6];
1328 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1329 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1330 nb_sectors /= s->qdev.blocksize / 512;
1331 switch (format) {
1332 case 0:
1333 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1334 break;
1335 case 1:
1336 /* multi session : only a single session defined */
1337 toclen = 12;
1338 memset(outbuf, 0, 12);
1339 outbuf[1] = 0x0a;
1340 outbuf[2] = 0x01;
1341 outbuf[3] = 0x01;
1342 break;
1343 case 2:
1344 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1345 break;
1346 default:
1347 return -1;
1348 }
1349 return toclen;
1350 }
1351
1352 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1353 {
1354 SCSIRequest *req = &r->req;
1355 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1356 bool start = req->cmd.buf[4] & 1;
1357 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1358 int pwrcnd = req->cmd.buf[4] & 0xf0;
1359
1360 if (pwrcnd) {
1361 /* eject/load only happens for power condition == 0 */
1362 return 0;
1363 }
1364
1365 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1366 if (!start && !s->tray_open && s->tray_locked) {
1367 scsi_check_condition(r,
1368 blk_is_inserted(s->qdev.conf.blk)
1369 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1370 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1371 return -1;
1372 }
1373
1374 if (s->tray_open != !start) {
1375 blk_eject(s->qdev.conf.blk, !start);
1376 s->tray_open = !start;
1377 }
1378 }
1379 return 0;
1380 }
1381
1382 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1383 {
1384 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1385 int buflen = r->iov.iov_len;
1386
1387 if (buflen) {
1388 DPRINTF("Read buf_len=%d\n", buflen);
1389 r->iov.iov_len = 0;
1390 r->started = true;
1391 scsi_req_data(&r->req, buflen);
1392 return;
1393 }
1394
1395 /* This also clears the sense buffer for REQUEST SENSE. */
1396 scsi_req_complete(&r->req, GOOD);
1397 }
1398
1399 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1400 uint8_t *inbuf, int inlen)
1401 {
1402 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1403 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1404 uint8_t *p;
1405 int len, expected_len, changeable_len, i;
1406
1407 /* The input buffer does not include the page header, so it is
1408 * off by 2 bytes.
1409 */
1410 expected_len = inlen + 2;
1411 if (expected_len > SCSI_MAX_MODE_LEN) {
1412 return -1;
1413 }
1414
1415 p = mode_current;
1416 memset(mode_current, 0, inlen + 2);
1417 len = mode_sense_page(s, page, &p, 0);
1418 if (len < 0 || len != expected_len) {
1419 return -1;
1420 }
1421
1422 p = mode_changeable;
1423 memset(mode_changeable, 0, inlen + 2);
1424 changeable_len = mode_sense_page(s, page, &p, 1);
1425 assert(changeable_len == len);
1426
1427 /* Check that unchangeable bits are the same as what MODE SENSE
1428 * would return.
1429 */
1430 for (i = 2; i < len; i++) {
1431 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1432 return -1;
1433 }
1434 }
1435 return 0;
1436 }
1437
1438 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1439 {
1440 switch (page) {
1441 case MODE_PAGE_CACHING:
1442 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1443 break;
1444
1445 default:
1446 break;
1447 }
1448 }
1449
1450 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1451 {
1452 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1453
1454 while (len > 0) {
1455 int page, subpage, page_len;
1456
1457 /* Parse both possible formats for the mode page headers. */
1458 page = p[0] & 0x3f;
1459 if (p[0] & 0x40) {
1460 if (len < 4) {
1461 goto invalid_param_len;
1462 }
1463 subpage = p[1];
1464 page_len = lduw_be_p(&p[2]);
1465 p += 4;
1466 len -= 4;
1467 } else {
1468 if (len < 2) {
1469 goto invalid_param_len;
1470 }
1471 subpage = 0;
1472 page_len = p[1];
1473 p += 2;
1474 len -= 2;
1475 }
1476
1477 if (subpage) {
1478 goto invalid_param;
1479 }
1480 if (page_len > len) {
1481 goto invalid_param_len;
1482 }
1483
1484 if (!change) {
1485 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1486 goto invalid_param;
1487 }
1488 } else {
1489 scsi_disk_apply_mode_select(s, page, p);
1490 }
1491
1492 p += page_len;
1493 len -= page_len;
1494 }
1495 return 0;
1496
1497 invalid_param:
1498 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1499 return -1;
1500
1501 invalid_param_len:
1502 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1503 return -1;
1504 }
1505
1506 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1507 {
1508 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1509 uint8_t *p = inbuf;
1510 int cmd = r->req.cmd.buf[0];
1511 int len = r->req.cmd.xfer;
1512 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1513 int bd_len;
1514 int pass;
1515
1516 /* We only support PF=1, SP=0. */
1517 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1518 goto invalid_field;
1519 }
1520
1521 if (len < hdr_len) {
1522 goto invalid_param_len;
1523 }
1524
1525 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1526 len -= hdr_len;
1527 p += hdr_len;
1528 if (len < bd_len) {
1529 goto invalid_param_len;
1530 }
1531 if (bd_len != 0 && bd_len != 8) {
1532 goto invalid_param;
1533 }
1534
1535 len -= bd_len;
1536 p += bd_len;
1537
1538 /* Ensure no change is made if there is an error! */
1539 for (pass = 0; pass < 2; pass++) {
1540 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1541 assert(pass == 0);
1542 return;
1543 }
1544 }
1545 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1546 /* The request is used as the AIO opaque value, so add a ref. */
1547 scsi_req_ref(&r->req);
1548 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1549 BLOCK_ACCT_FLUSH);
1550 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1551 return;
1552 }
1553
1554 scsi_req_complete(&r->req, GOOD);
1555 return;
1556
1557 invalid_param:
1558 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1559 return;
1560
1561 invalid_param_len:
1562 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1563 return;
1564
1565 invalid_field:
1566 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1567 }
1568
1569 static inline bool check_lba_range(SCSIDiskState *s,
1570 uint64_t sector_num, uint32_t nb_sectors)
1571 {
1572 /*
1573 * The first line tests that no overflow happens when computing the last
1574 * sector. The second line tests that the last accessed sector is in
1575 * range.
1576 *
1577 * Careful, the computations should not underflow for nb_sectors == 0,
1578 * and a 0-block read to the first LBA beyond the end of device is
1579 * valid.
1580 */
1581 return (sector_num <= sector_num + nb_sectors &&
1582 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1583 }
1584
1585 typedef struct UnmapCBData {
1586 SCSIDiskReq *r;
1587 uint8_t *inbuf;
1588 int count;
1589 } UnmapCBData;
1590
1591 static void scsi_unmap_complete(void *opaque, int ret);
1592
1593 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1594 {
1595 SCSIDiskReq *r = data->r;
1596 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1597 uint64_t sector_num;
1598 uint32_t nb_sectors;
1599
1600 assert(r->req.aiocb == NULL);
1601
1602 if (r->req.io_canceled) {
1603 scsi_req_cancel_complete(&r->req);
1604 goto done;
1605 }
1606
1607 if (ret < 0) {
1608 if (scsi_handle_rw_error(r, -ret, false)) {
1609 goto done;
1610 }
1611 }
1612
1613 if (data->count > 0) {
1614 sector_num = ldq_be_p(&data->inbuf[0]);
1615 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1616 if (!check_lba_range(s, sector_num, nb_sectors)) {
1617 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1618 goto done;
1619 }
1620
1621 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk,
1622 sector_num * (s->qdev.blocksize / 512),
1623 nb_sectors * (s->qdev.blocksize / 512),
1624 scsi_unmap_complete, data);
1625 data->count--;
1626 data->inbuf += 16;
1627 return;
1628 }
1629
1630 scsi_req_complete(&r->req, GOOD);
1631
1632 done:
1633 scsi_req_unref(&r->req);
1634 g_free(data);
1635 }
1636
1637 static void scsi_unmap_complete(void *opaque, int ret)
1638 {
1639 UnmapCBData *data = opaque;
1640 SCSIDiskReq *r = data->r;
1641
1642 assert(r->req.aiocb != NULL);
1643 r->req.aiocb = NULL;
1644
1645 scsi_unmap_complete_noio(data, ret);
1646 }
1647
1648 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1649 {
1650 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1651 uint8_t *p = inbuf;
1652 int len = r->req.cmd.xfer;
1653 UnmapCBData *data;
1654
1655 /* Reject ANCHOR=1. */
1656 if (r->req.cmd.buf[1] & 0x1) {
1657 goto invalid_field;
1658 }
1659
1660 if (len < 8) {
1661 goto invalid_param_len;
1662 }
1663 if (len < lduw_be_p(&p[0]) + 2) {
1664 goto invalid_param_len;
1665 }
1666 if (len < lduw_be_p(&p[2]) + 8) {
1667 goto invalid_param_len;
1668 }
1669 if (lduw_be_p(&p[2]) & 15) {
1670 goto invalid_param_len;
1671 }
1672
1673 if (blk_is_read_only(s->qdev.conf.blk)) {
1674 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1675 return;
1676 }
1677
1678 data = g_new0(UnmapCBData, 1);
1679 data->r = r;
1680 data->inbuf = &p[8];
1681 data->count = lduw_be_p(&p[2]) >> 4;
1682
1683 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1684 scsi_req_ref(&r->req);
1685 scsi_unmap_complete_noio(data, 0);
1686 return;
1687
1688 invalid_param_len:
1689 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1690 return;
1691
1692 invalid_field:
1693 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1694 }
1695
1696 typedef struct WriteSameCBData {
1697 SCSIDiskReq *r;
1698 int64_t sector;
1699 int nb_sectors;
1700 QEMUIOVector qiov;
1701 struct iovec iov;
1702 } WriteSameCBData;
1703
1704 static void scsi_write_same_complete(void *opaque, int ret)
1705 {
1706 WriteSameCBData *data = opaque;
1707 SCSIDiskReq *r = data->r;
1708 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1709
1710 assert(r->req.aiocb != NULL);
1711 r->req.aiocb = NULL;
1712 if (r->req.io_canceled) {
1713 scsi_req_cancel_complete(&r->req);
1714 goto done;
1715 }
1716
1717 if (ret < 0) {
1718 if (scsi_handle_rw_error(r, -ret, true)) {
1719 goto done;
1720 }
1721 }
1722
1723 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1724
1725 data->nb_sectors -= data->iov.iov_len / 512;
1726 data->sector += data->iov.iov_len / 512;
1727 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1728 if (data->iov.iov_len) {
1729 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1730 data->iov.iov_len, BLOCK_ACCT_WRITE);
1731 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1732 * where final qiov may need smaller size */
1733 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1734 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1735 data->sector << BDRV_SECTOR_BITS,
1736 &data->qiov, 0,
1737 scsi_write_same_complete, data);
1738 return;
1739 }
1740
1741 scsi_req_complete(&r->req, GOOD);
1742
1743 done:
1744 scsi_req_unref(&r->req);
1745 qemu_vfree(data->iov.iov_base);
1746 g_free(data);
1747 }
1748
1749 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1750 {
1751 SCSIRequest *req = &r->req;
1752 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1753 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1754 WriteSameCBData *data;
1755 uint8_t *buf;
1756 int i;
1757
1758 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1759 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1760 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1761 return;
1762 }
1763
1764 if (blk_is_read_only(s->qdev.conf.blk)) {
1765 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1766 return;
1767 }
1768 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1769 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1770 return;
1771 }
1772
1773 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1774 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1775
1776 /* The request is used as the AIO opaque value, so add a ref. */
1777 scsi_req_ref(&r->req);
1778 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1779 nb_sectors * s->qdev.blocksize,
1780 BLOCK_ACCT_WRITE);
1781 r->req.aiocb = blk_aio_write_zeroes(s->qdev.conf.blk,
1782 r->req.cmd.lba * s->qdev.blocksize,
1783 nb_sectors * s->qdev.blocksize,
1784 flags, scsi_aio_complete, r);
1785 return;
1786 }
1787
1788 data = g_new0(WriteSameCBData, 1);
1789 data->r = r;
1790 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1791 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1792 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1793 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1794 data->iov.iov_len);
1795 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1796
1797 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1798 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1799 }
1800
1801 scsi_req_ref(&r->req);
1802 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1803 data->iov.iov_len, BLOCK_ACCT_WRITE);
1804 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1805 data->sector << BDRV_SECTOR_BITS,
1806 &data->qiov, 0,
1807 scsi_write_same_complete, data);
1808 }
1809
1810 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1811 {
1812 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1813
1814 if (r->iov.iov_len) {
1815 int buflen = r->iov.iov_len;
1816 DPRINTF("Write buf_len=%d\n", buflen);
1817 r->iov.iov_len = 0;
1818 scsi_req_data(&r->req, buflen);
1819 return;
1820 }
1821
1822 switch (req->cmd.buf[0]) {
1823 case MODE_SELECT:
1824 case MODE_SELECT_10:
1825 /* This also clears the sense buffer for REQUEST SENSE. */
1826 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1827 break;
1828
1829 case UNMAP:
1830 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1831 break;
1832
1833 case VERIFY_10:
1834 case VERIFY_12:
1835 case VERIFY_16:
1836 if (r->req.status == -1) {
1837 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1838 }
1839 break;
1840
1841 case WRITE_SAME_10:
1842 case WRITE_SAME_16:
1843 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1844 break;
1845
1846 default:
1847 abort();
1848 }
1849 }
1850
1851 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1852 {
1853 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1854 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1855 uint64_t nb_sectors;
1856 uint8_t *outbuf;
1857 int buflen;
1858
1859 switch (req->cmd.buf[0]) {
1860 case INQUIRY:
1861 case MODE_SENSE:
1862 case MODE_SENSE_10:
1863 case RESERVE:
1864 case RESERVE_10:
1865 case RELEASE:
1866 case RELEASE_10:
1867 case START_STOP:
1868 case ALLOW_MEDIUM_REMOVAL:
1869 case GET_CONFIGURATION:
1870 case GET_EVENT_STATUS_NOTIFICATION:
1871 case MECHANISM_STATUS:
1872 case REQUEST_SENSE:
1873 break;
1874
1875 default:
1876 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
1877 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1878 return 0;
1879 }
1880 break;
1881 }
1882
1883 /*
1884 * FIXME: we shouldn't return anything bigger than 4k, but the code
1885 * requires the buffer to be as big as req->cmd.xfer in several
1886 * places. So, do not allow CDBs with a very large ALLOCATION
1887 * LENGTH. The real fix would be to modify scsi_read_data and
1888 * dma_buf_read, so that they return data beyond the buflen
1889 * as all zeros.
1890 */
1891 if (req->cmd.xfer > 65536) {
1892 goto illegal_request;
1893 }
1894 r->buflen = MAX(4096, req->cmd.xfer);
1895
1896 if (!r->iov.iov_base) {
1897 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1898 }
1899
1900 buflen = req->cmd.xfer;
1901 outbuf = r->iov.iov_base;
1902 memset(outbuf, 0, r->buflen);
1903 switch (req->cmd.buf[0]) {
1904 case TEST_UNIT_READY:
1905 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk));
1906 break;
1907 case INQUIRY:
1908 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1909 if (buflen < 0) {
1910 goto illegal_request;
1911 }
1912 break;
1913 case MODE_SENSE:
1914 case MODE_SENSE_10:
1915 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1916 if (buflen < 0) {
1917 goto illegal_request;
1918 }
1919 break;
1920 case READ_TOC:
1921 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1922 if (buflen < 0) {
1923 goto illegal_request;
1924 }
1925 break;
1926 case RESERVE:
1927 if (req->cmd.buf[1] & 1) {
1928 goto illegal_request;
1929 }
1930 break;
1931 case RESERVE_10:
1932 if (req->cmd.buf[1] & 3) {
1933 goto illegal_request;
1934 }
1935 break;
1936 case RELEASE:
1937 if (req->cmd.buf[1] & 1) {
1938 goto illegal_request;
1939 }
1940 break;
1941 case RELEASE_10:
1942 if (req->cmd.buf[1] & 3) {
1943 goto illegal_request;
1944 }
1945 break;
1946 case START_STOP:
1947 if (scsi_disk_emulate_start_stop(r) < 0) {
1948 return 0;
1949 }
1950 break;
1951 case ALLOW_MEDIUM_REMOVAL:
1952 s->tray_locked = req->cmd.buf[4] & 1;
1953 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1954 break;
1955 case READ_CAPACITY_10:
1956 /* The normal LEN field for this command is zero. */
1957 memset(outbuf, 0, 8);
1958 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1959 if (!nb_sectors) {
1960 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1961 return 0;
1962 }
1963 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1964 goto illegal_request;
1965 }
1966 nb_sectors /= s->qdev.blocksize / 512;
1967 /* Returned value is the address of the last sector. */
1968 nb_sectors--;
1969 /* Remember the new size for read/write sanity checking. */
1970 s->qdev.max_lba = nb_sectors;
1971 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1972 if (nb_sectors > UINT32_MAX) {
1973 nb_sectors = UINT32_MAX;
1974 }
1975 outbuf[0] = (nb_sectors >> 24) & 0xff;
1976 outbuf[1] = (nb_sectors >> 16) & 0xff;
1977 outbuf[2] = (nb_sectors >> 8) & 0xff;
1978 outbuf[3] = nb_sectors & 0xff;
1979 outbuf[4] = 0;
1980 outbuf[5] = 0;
1981 outbuf[6] = s->qdev.blocksize >> 8;
1982 outbuf[7] = 0;
1983 break;
1984 case REQUEST_SENSE:
1985 /* Just return "NO SENSE". */
1986 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1987 (req->cmd.buf[1] & 1) == 0);
1988 if (buflen < 0) {
1989 goto illegal_request;
1990 }
1991 break;
1992 case MECHANISM_STATUS:
1993 buflen = scsi_emulate_mechanism_status(s, outbuf);
1994 if (buflen < 0) {
1995 goto illegal_request;
1996 }
1997 break;
1998 case GET_CONFIGURATION:
1999 buflen = scsi_get_configuration(s, outbuf);
2000 if (buflen < 0) {
2001 goto illegal_request;
2002 }
2003 break;
2004 case GET_EVENT_STATUS_NOTIFICATION:
2005 buflen = scsi_get_event_status_notification(s, r, outbuf);
2006 if (buflen < 0) {
2007 goto illegal_request;
2008 }
2009 break;
2010 case READ_DISC_INFORMATION:
2011 buflen = scsi_read_disc_information(s, r, outbuf);
2012 if (buflen < 0) {
2013 goto illegal_request;
2014 }
2015 break;
2016 case READ_DVD_STRUCTURE:
2017 buflen = scsi_read_dvd_structure(s, r, outbuf);
2018 if (buflen < 0) {
2019 goto illegal_request;
2020 }
2021 break;
2022 case SERVICE_ACTION_IN_16:
2023 /* Service Action In subcommands. */
2024 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2025 DPRINTF("SAI READ CAPACITY(16)\n");
2026 memset(outbuf, 0, req->cmd.xfer);
2027 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2028 if (!nb_sectors) {
2029 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2030 return 0;
2031 }
2032 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2033 goto illegal_request;
2034 }
2035 nb_sectors /= s->qdev.blocksize / 512;
2036 /* Returned value is the address of the last sector. */
2037 nb_sectors--;
2038 /* Remember the new size for read/write sanity checking. */
2039 s->qdev.max_lba = nb_sectors;
2040 outbuf[0] = (nb_sectors >> 56) & 0xff;
2041 outbuf[1] = (nb_sectors >> 48) & 0xff;
2042 outbuf[2] = (nb_sectors >> 40) & 0xff;
2043 outbuf[3] = (nb_sectors >> 32) & 0xff;
2044 outbuf[4] = (nb_sectors >> 24) & 0xff;
2045 outbuf[5] = (nb_sectors >> 16) & 0xff;
2046 outbuf[6] = (nb_sectors >> 8) & 0xff;
2047 outbuf[7] = nb_sectors & 0xff;
2048 outbuf[8] = 0;
2049 outbuf[9] = 0;
2050 outbuf[10] = s->qdev.blocksize >> 8;
2051 outbuf[11] = 0;
2052 outbuf[12] = 0;
2053 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2054
2055 /* set TPE bit if the format supports discard */
2056 if (s->qdev.conf.discard_granularity) {
2057 outbuf[14] = 0x80;
2058 }
2059
2060 /* Protection, exponent and lowest lba field left blank. */
2061 break;
2062 }
2063 DPRINTF("Unsupported Service Action In\n");
2064 goto illegal_request;
2065 case SYNCHRONIZE_CACHE:
2066 /* The request is used as the AIO opaque value, so add a ref. */
2067 scsi_req_ref(&r->req);
2068 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2069 BLOCK_ACCT_FLUSH);
2070 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2071 return 0;
2072 case SEEK_10:
2073 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2074 if (r->req.cmd.lba > s->qdev.max_lba) {
2075 goto illegal_lba;
2076 }
2077 break;
2078 case MODE_SELECT:
2079 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
2080 break;
2081 case MODE_SELECT_10:
2082 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
2083 break;
2084 case UNMAP:
2085 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
2086 break;
2087 case VERIFY_10:
2088 case VERIFY_12:
2089 case VERIFY_16:
2090 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2091 if (req->cmd.buf[1] & 6) {
2092 goto illegal_request;
2093 }
2094 break;
2095 case WRITE_SAME_10:
2096 case WRITE_SAME_16:
2097 DPRINTF("WRITE SAME %d (len %lu)\n",
2098 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2099 (long)r->req.cmd.xfer);
2100 break;
2101 default:
2102 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2103 scsi_command_name(buf[0]));
2104 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2105 return 0;
2106 }
2107 assert(!r->req.aiocb);
2108 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2109 if (r->iov.iov_len == 0) {
2110 scsi_req_complete(&r->req, GOOD);
2111 }
2112 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2113 assert(r->iov.iov_len == req->cmd.xfer);
2114 return -r->iov.iov_len;
2115 } else {
2116 return r->iov.iov_len;
2117 }
2118
2119 illegal_request:
2120 if (r->req.status == -1) {
2121 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2122 }
2123 return 0;
2124
2125 illegal_lba:
2126 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2127 return 0;
2128 }
2129
2130 /* Execute a scsi command. Returns the length of the data expected by the
2131 command. This will be Positive for data transfers from the device
2132 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2133 and zero if the command does not transfer any data. */
2134
2135 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2136 {
2137 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2138 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2139 uint32_t len;
2140 uint8_t command;
2141
2142 command = buf[0];
2143
2144 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
2145 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2146 return 0;
2147 }
2148
2149 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2150 switch (command) {
2151 case READ_6:
2152 case READ_10:
2153 case READ_12:
2154 case READ_16:
2155 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2156 if (r->req.cmd.buf[1] & 0xe0) {
2157 goto illegal_request;
2158 }
2159 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2160 goto illegal_lba;
2161 }
2162 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2163 r->sector_count = len * (s->qdev.blocksize / 512);
2164 break;
2165 case WRITE_6:
2166 case WRITE_10:
2167 case WRITE_12:
2168 case WRITE_16:
2169 case WRITE_VERIFY_10:
2170 case WRITE_VERIFY_12:
2171 case WRITE_VERIFY_16:
2172 if (blk_is_read_only(s->qdev.conf.blk)) {
2173 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2174 return 0;
2175 }
2176 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2177 (command & 0xe) == 0xe ? "And Verify " : "",
2178 r->req.cmd.lba, len);
2179 if (r->req.cmd.buf[1] & 0xe0) {
2180 goto illegal_request;
2181 }
2182 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2183 goto illegal_lba;
2184 }
2185 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2186 r->sector_count = len * (s->qdev.blocksize / 512);
2187 break;
2188 default:
2189 abort();
2190 illegal_request:
2191 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2192 return 0;
2193 illegal_lba:
2194 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2195 return 0;
2196 }
2197 if (r->sector_count == 0) {
2198 scsi_req_complete(&r->req, GOOD);
2199 }
2200 assert(r->iov.iov_len == 0);
2201 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2202 return -r->sector_count * 512;
2203 } else {
2204 return r->sector_count * 512;
2205 }
2206 }
2207
2208 static void scsi_disk_reset(DeviceState *dev)
2209 {
2210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2211 uint64_t nb_sectors;
2212
2213 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2214
2215 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2216 nb_sectors /= s->qdev.blocksize / 512;
2217 if (nb_sectors) {
2218 nb_sectors--;
2219 }
2220 s->qdev.max_lba = nb_sectors;
2221 /* reset tray statuses */
2222 s->tray_locked = 0;
2223 s->tray_open = 0;
2224 }
2225
2226 static void scsi_disk_resize_cb(void *opaque)
2227 {
2228 SCSIDiskState *s = opaque;
2229
2230 /* SPC lists this sense code as available only for
2231 * direct-access devices.
2232 */
2233 if (s->qdev.type == TYPE_DISK) {
2234 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2235 }
2236 }
2237
2238 static void scsi_cd_change_media_cb(void *opaque, bool load)
2239 {
2240 SCSIDiskState *s = opaque;
2241
2242 /*
2243 * When a CD gets changed, we have to report an ejected state and
2244 * then a loaded state to guests so that they detect tray
2245 * open/close and media change events. Guests that do not use
2246 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2247 * states rely on this behavior.
2248 *
2249 * media_changed governs the state machine used for unit attention
2250 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2251 */
2252 s->media_changed = load;
2253 s->tray_open = !load;
2254 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2255 s->media_event = true;
2256 s->eject_request = false;
2257 }
2258
2259 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2260 {
2261 SCSIDiskState *s = opaque;
2262
2263 s->eject_request = true;
2264 if (force) {
2265 s->tray_locked = false;
2266 }
2267 }
2268
2269 static bool scsi_cd_is_tray_open(void *opaque)
2270 {
2271 return ((SCSIDiskState *)opaque)->tray_open;
2272 }
2273
2274 static bool scsi_cd_is_medium_locked(void *opaque)
2275 {
2276 return ((SCSIDiskState *)opaque)->tray_locked;
2277 }
2278
2279 static const BlockDevOps scsi_disk_removable_block_ops = {
2280 .change_media_cb = scsi_cd_change_media_cb,
2281 .eject_request_cb = scsi_cd_eject_request_cb,
2282 .is_tray_open = scsi_cd_is_tray_open,
2283 .is_medium_locked = scsi_cd_is_medium_locked,
2284
2285 .resize_cb = scsi_disk_resize_cb,
2286 };
2287
2288 static const BlockDevOps scsi_disk_block_ops = {
2289 .resize_cb = scsi_disk_resize_cb,
2290 };
2291
2292 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2293 {
2294 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2295 if (s->media_changed) {
2296 s->media_changed = false;
2297 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2298 }
2299 }
2300
2301 static void scsi_realize(SCSIDevice *dev, Error **errp)
2302 {
2303 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2304 Error *err = NULL;
2305
2306 if (!s->qdev.conf.blk) {
2307 error_setg(errp, "drive property not set");
2308 return;
2309 }
2310
2311 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2312 !blk_is_inserted(s->qdev.conf.blk)) {
2313 error_setg(errp, "Device needs media, but drive is empty");
2314 return;
2315 }
2316
2317 blkconf_serial(&s->qdev.conf, &s->serial);
2318 blkconf_blocksizes(&s->qdev.conf);
2319 if (dev->type == TYPE_DISK) {
2320 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2321 if (err) {
2322 error_propagate(errp, err);
2323 return;
2324 }
2325 }
2326
2327 if (s->qdev.conf.discard_granularity == -1) {
2328 s->qdev.conf.discard_granularity =
2329 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2330 }
2331
2332 if (!s->version) {
2333 s->version = g_strdup(qemu_hw_version());
2334 }
2335 if (!s->vendor) {
2336 s->vendor = g_strdup("QEMU");
2337 }
2338
2339 if (blk_is_sg(s->qdev.conf.blk)) {
2340 error_setg(errp, "unwanted /dev/sg*");
2341 return;
2342 }
2343
2344 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2345 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2346 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2347 } else {
2348 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2349 }
2350 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2351
2352 blk_iostatus_enable(s->qdev.conf.blk);
2353 }
2354
2355 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2356 {
2357 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2358 /* can happen for devices without drive. The error message for missing
2359 * backend will be issued in scsi_realize
2360 */
2361 if (s->qdev.conf.blk) {
2362 blkconf_blocksizes(&s->qdev.conf);
2363 }
2364 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2365 s->qdev.type = TYPE_DISK;
2366 if (!s->product) {
2367 s->product = g_strdup("QEMU HARDDISK");
2368 }
2369 scsi_realize(&s->qdev, errp);
2370 }
2371
2372 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2373 {
2374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2375 s->qdev.blocksize = 2048;
2376 s->qdev.type = TYPE_ROM;
2377 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2378 if (!s->product) {
2379 s->product = g_strdup("QEMU CD-ROM");
2380 }
2381 scsi_realize(&s->qdev, errp);
2382 }
2383
2384 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2385 {
2386 DriveInfo *dinfo;
2387 Error *local_err = NULL;
2388
2389 if (!dev->conf.blk) {
2390 scsi_realize(dev, &local_err);
2391 assert(local_err);
2392 error_propagate(errp, local_err);
2393 return;
2394 }
2395
2396 dinfo = blk_legacy_dinfo(dev->conf.blk);
2397 if (dinfo && dinfo->media_cd) {
2398 scsi_cd_realize(dev, errp);
2399 } else {
2400 scsi_hd_realize(dev, errp);
2401 }
2402 }
2403
2404 static const SCSIReqOps scsi_disk_emulate_reqops = {
2405 .size = sizeof(SCSIDiskReq),
2406 .free_req = scsi_free_request,
2407 .send_command = scsi_disk_emulate_command,
2408 .read_data = scsi_disk_emulate_read_data,
2409 .write_data = scsi_disk_emulate_write_data,
2410 .get_buf = scsi_get_buf,
2411 };
2412
2413 static const SCSIReqOps scsi_disk_dma_reqops = {
2414 .size = sizeof(SCSIDiskReq),
2415 .free_req = scsi_free_request,
2416 .send_command = scsi_disk_dma_command,
2417 .read_data = scsi_read_data,
2418 .write_data = scsi_write_data,
2419 .get_buf = scsi_get_buf,
2420 .load_request = scsi_disk_load_request,
2421 .save_request = scsi_disk_save_request,
2422 };
2423
2424 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2425 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2426 [INQUIRY] = &scsi_disk_emulate_reqops,
2427 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2428 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2429 [START_STOP] = &scsi_disk_emulate_reqops,
2430 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2431 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2432 [READ_TOC] = &scsi_disk_emulate_reqops,
2433 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2434 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2435 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2436 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2437 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2438 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2439 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2440 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2441 [SEEK_10] = &scsi_disk_emulate_reqops,
2442 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2443 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2444 [UNMAP] = &scsi_disk_emulate_reqops,
2445 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2446 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2447 [VERIFY_10] = &scsi_disk_emulate_reqops,
2448 [VERIFY_12] = &scsi_disk_emulate_reqops,
2449 [VERIFY_16] = &scsi_disk_emulate_reqops,
2450
2451 [READ_6] = &scsi_disk_dma_reqops,
2452 [READ_10] = &scsi_disk_dma_reqops,
2453 [READ_12] = &scsi_disk_dma_reqops,
2454 [READ_16] = &scsi_disk_dma_reqops,
2455 [WRITE_6] = &scsi_disk_dma_reqops,
2456 [WRITE_10] = &scsi_disk_dma_reqops,
2457 [WRITE_12] = &scsi_disk_dma_reqops,
2458 [WRITE_16] = &scsi_disk_dma_reqops,
2459 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2460 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2461 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2462 };
2463
2464 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2465 uint8_t *buf, void *hba_private)
2466 {
2467 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2468 SCSIRequest *req;
2469 const SCSIReqOps *ops;
2470 uint8_t command;
2471
2472 command = buf[0];
2473 ops = scsi_disk_reqops_dispatch[command];
2474 if (!ops) {
2475 ops = &scsi_disk_emulate_reqops;
2476 }
2477 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2478
2479 #ifdef DEBUG_SCSI
2480 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2481 {
2482 int i;
2483 for (i = 1; i < scsi_cdb_length(buf); i++) {
2484 printf(" 0x%02x", buf[i]);
2485 }
2486 printf("\n");
2487 }
2488 #endif
2489
2490 return req;
2491 }
2492
2493 #ifdef __linux__
2494 static int get_device_type(SCSIDiskState *s)
2495 {
2496 uint8_t cmd[16];
2497 uint8_t buf[36];
2498 uint8_t sensebuf[8];
2499 sg_io_hdr_t io_header;
2500 int ret;
2501
2502 memset(cmd, 0, sizeof(cmd));
2503 memset(buf, 0, sizeof(buf));
2504 cmd[0] = INQUIRY;
2505 cmd[4] = sizeof(buf);
2506
2507 memset(&io_header, 0, sizeof(io_header));
2508 io_header.interface_id = 'S';
2509 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2510 io_header.dxfer_len = sizeof(buf);
2511 io_header.dxferp = buf;
2512 io_header.cmdp = cmd;
2513 io_header.cmd_len = sizeof(cmd);
2514 io_header.mx_sb_len = sizeof(sensebuf);
2515 io_header.sbp = sensebuf;
2516 io_header.timeout = 6000; /* XXX */
2517
2518 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
2519 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2520 return -1;
2521 }
2522 s->qdev.type = buf[0];
2523 if (buf[1] & 0x80) {
2524 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2525 }
2526 return 0;
2527 }
2528
2529 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2530 {
2531 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2532 int sg_version;
2533 int rc;
2534
2535 if (!s->qdev.conf.blk) {
2536 error_setg(errp, "drive property not set");
2537 return;
2538 }
2539
2540 /* check we are using a driver managing SG_IO (version 3 and after) */
2541 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2542 if (rc < 0) {
2543 error_setg(errp, "cannot get SG_IO version number: %s. "
2544 "Is this a SCSI device?",
2545 strerror(-rc));
2546 return;
2547 }
2548 if (sg_version < 30000) {
2549 error_setg(errp, "scsi generic interface too old");
2550 return;
2551 }
2552
2553 /* get device type from INQUIRY data */
2554 rc = get_device_type(s);
2555 if (rc < 0) {
2556 error_setg(errp, "INQUIRY failed");
2557 return;
2558 }
2559
2560 /* Make a guess for the block size, we'll fix it when the guest sends.
2561 * READ CAPACITY. If they don't, they likely would assume these sizes
2562 * anyway. (TODO: check in /sys).
2563 */
2564 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2565 s->qdev.blocksize = 2048;
2566 } else {
2567 s->qdev.blocksize = 512;
2568 }
2569
2570 /* Makes the scsi-block device not removable by using HMP and QMP eject
2571 * command.
2572 */
2573 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2574
2575 scsi_realize(&s->qdev, errp);
2576 scsi_generic_read_device_identification(&s->qdev);
2577 }
2578
2579 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2580 {
2581 switch (buf[0]) {
2582 case READ_6:
2583 case READ_10:
2584 case READ_12:
2585 case READ_16:
2586 case VERIFY_10:
2587 case VERIFY_12:
2588 case VERIFY_16:
2589 case WRITE_6:
2590 case WRITE_10:
2591 case WRITE_12:
2592 case WRITE_16:
2593 case WRITE_VERIFY_10:
2594 case WRITE_VERIFY_12:
2595 case WRITE_VERIFY_16:
2596 /* If we are not using O_DIRECT, we might read stale data from the
2597 * host cache if writes were made using other commands than these
2598 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2599 * O_DIRECT everything must go through SG_IO.
2600 */
2601 if (!(blk_get_flags(s->qdev.conf.blk) & BDRV_O_NOCACHE)) {
2602 break;
2603 }
2604
2605 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2606 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2607 * And once you do these writes, reading from the block device is
2608 * unreliable, too. It is even possible that reads deliver random data
2609 * from the host page cache (this is probably a Linux bug).
2610 *
2611 * We might use scsi_disk_dma_reqops as long as no writing commands are
2612 * seen, but performance usually isn't paramount on optical media. So,
2613 * just make scsi-block operate the same as scsi-generic for them.
2614 */
2615 if (s->qdev.type != TYPE_ROM) {
2616 return false;
2617 }
2618 break;
2619
2620 default:
2621 break;
2622 }
2623
2624 return true;
2625 }
2626
2627
2628 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2629 uint32_t lun, uint8_t *buf,
2630 void *hba_private)
2631 {
2632 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2633
2634 if (scsi_block_is_passthrough(s, buf)) {
2635 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2636 hba_private);
2637 } else {
2638 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2639 hba_private);
2640 }
2641 }
2642
2643 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2644 uint8_t *buf, void *hba_private)
2645 {
2646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2647
2648 if (scsi_block_is_passthrough(s, buf)) {
2649 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2650 } else {
2651 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2652 }
2653 }
2654
2655 #endif
2656
2657 #define DEFINE_SCSI_DISK_PROPERTIES() \
2658 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2659 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2660 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2661 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2662 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2663
2664 static Property scsi_hd_properties[] = {
2665 DEFINE_SCSI_DISK_PROPERTIES(),
2666 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2667 SCSI_DISK_F_REMOVABLE, false),
2668 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2669 SCSI_DISK_F_DPOFUA, false),
2670 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2671 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2672 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2673 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2674 DEFAULT_MAX_UNMAP_SIZE),
2675 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2676 DEFAULT_MAX_IO_SIZE),
2677 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2678 DEFINE_PROP_END_OF_LIST(),
2679 };
2680
2681 static const VMStateDescription vmstate_scsi_disk_state = {
2682 .name = "scsi-disk",
2683 .version_id = 1,
2684 .minimum_version_id = 1,
2685 .fields = (VMStateField[]) {
2686 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2687 VMSTATE_BOOL(media_changed, SCSIDiskState),
2688 VMSTATE_BOOL(media_event, SCSIDiskState),
2689 VMSTATE_BOOL(eject_request, SCSIDiskState),
2690 VMSTATE_BOOL(tray_open, SCSIDiskState),
2691 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2692 VMSTATE_END_OF_LIST()
2693 }
2694 };
2695
2696 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2697 {
2698 DeviceClass *dc = DEVICE_CLASS(klass);
2699 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2700
2701 sc->realize = scsi_hd_realize;
2702 sc->alloc_req = scsi_new_request;
2703 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2704 dc->fw_name = "disk";
2705 dc->desc = "virtual SCSI disk";
2706 dc->reset = scsi_disk_reset;
2707 dc->props = scsi_hd_properties;
2708 dc->vmsd = &vmstate_scsi_disk_state;
2709 }
2710
2711 static const TypeInfo scsi_hd_info = {
2712 .name = "scsi-hd",
2713 .parent = TYPE_SCSI_DEVICE,
2714 .instance_size = sizeof(SCSIDiskState),
2715 .class_init = scsi_hd_class_initfn,
2716 };
2717
2718 static Property scsi_cd_properties[] = {
2719 DEFINE_SCSI_DISK_PROPERTIES(),
2720 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2721 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2722 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2723 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2724 DEFAULT_MAX_IO_SIZE),
2725 DEFINE_PROP_END_OF_LIST(),
2726 };
2727
2728 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2729 {
2730 DeviceClass *dc = DEVICE_CLASS(klass);
2731 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2732
2733 sc->realize = scsi_cd_realize;
2734 sc->alloc_req = scsi_new_request;
2735 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2736 dc->fw_name = "disk";
2737 dc->desc = "virtual SCSI CD-ROM";
2738 dc->reset = scsi_disk_reset;
2739 dc->props = scsi_cd_properties;
2740 dc->vmsd = &vmstate_scsi_disk_state;
2741 }
2742
2743 static const TypeInfo scsi_cd_info = {
2744 .name = "scsi-cd",
2745 .parent = TYPE_SCSI_DEVICE,
2746 .instance_size = sizeof(SCSIDiskState),
2747 .class_init = scsi_cd_class_initfn,
2748 };
2749
2750 #ifdef __linux__
2751 static Property scsi_block_properties[] = {
2752 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
2753 DEFINE_PROP_END_OF_LIST(),
2754 };
2755
2756 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2757 {
2758 DeviceClass *dc = DEVICE_CLASS(klass);
2759 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2760
2761 sc->realize = scsi_block_realize;
2762 sc->alloc_req = scsi_block_new_request;
2763 sc->parse_cdb = scsi_block_parse_cdb;
2764 dc->fw_name = "disk";
2765 dc->desc = "SCSI block device passthrough";
2766 dc->reset = scsi_disk_reset;
2767 dc->props = scsi_block_properties;
2768 dc->vmsd = &vmstate_scsi_disk_state;
2769 }
2770
2771 static const TypeInfo scsi_block_info = {
2772 .name = "scsi-block",
2773 .parent = TYPE_SCSI_DEVICE,
2774 .instance_size = sizeof(SCSIDiskState),
2775 .class_init = scsi_block_class_initfn,
2776 };
2777 #endif
2778
2779 static Property scsi_disk_properties[] = {
2780 DEFINE_SCSI_DISK_PROPERTIES(),
2781 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2782 SCSI_DISK_F_REMOVABLE, false),
2783 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2784 SCSI_DISK_F_DPOFUA, false),
2785 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2786 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2787 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2788 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2789 DEFAULT_MAX_UNMAP_SIZE),
2790 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2791 DEFAULT_MAX_IO_SIZE),
2792 DEFINE_PROP_END_OF_LIST(),
2793 };
2794
2795 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2796 {
2797 DeviceClass *dc = DEVICE_CLASS(klass);
2798 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2799
2800 sc->realize = scsi_disk_realize;
2801 sc->alloc_req = scsi_new_request;
2802 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2803 dc->fw_name = "disk";
2804 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2805 dc->reset = scsi_disk_reset;
2806 dc->props = scsi_disk_properties;
2807 dc->vmsd = &vmstate_scsi_disk_state;
2808 }
2809
2810 static const TypeInfo scsi_disk_info = {
2811 .name = "scsi-disk",
2812 .parent = TYPE_SCSI_DEVICE,
2813 .instance_size = sizeof(SCSIDiskState),
2814 .class_init = scsi_disk_class_initfn,
2815 };
2816
2817 static void scsi_disk_register_types(void)
2818 {
2819 type_register_static(&scsi_hd_info);
2820 type_register_static(&scsi_cd_info);
2821 #ifdef __linux__
2822 type_register_static(&scsi_block_info);
2823 #endif
2824 type_register_static(&scsi_disk_info);
2825 }
2826
2827 type_init(scsi_disk_register_types)