]> git.proxmox.com Git - mirror_qemu.git/blob - hw/scsi/scsi-disk.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190205' into...
[mirror_qemu.git] / hw / scsi / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu/osdep.h"
32 #include "qemu/units.h"
33 #include "qapi/error.h"
34 #include "qemu/error-report.h"
35 #include "hw/scsi/scsi.h"
36 #include "hw/scsi/emulation.h"
37 #include "scsi/constants.h"
38 #include "sysemu/sysemu.h"
39 #include "sysemu/block-backend.h"
40 #include "sysemu/blockdev.h"
41 #include "hw/block/block.h"
42 #include "sysemu/dma.h"
43 #include "qemu/cutils.h"
44
45 #ifdef __linux
46 #include <scsi/sg.h>
47 #endif
48
49 #define SCSI_WRITE_SAME_MAX (512 * KiB)
50 #define SCSI_DMA_BUF_SIZE (128 * KiB)
51 #define SCSI_MAX_INQUIRY_LEN 256
52 #define SCSI_MAX_MODE_LEN 256
53
54 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
55 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
56 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
57
58 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
59
60 #define SCSI_DISK_BASE(obj) \
61 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
62 #define SCSI_DISK_BASE_CLASS(klass) \
63 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
64 #define SCSI_DISK_BASE_GET_CLASS(obj) \
65 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
66
67 typedef struct SCSIDiskClass {
68 SCSIDeviceClass parent_class;
69 DMAIOFunc *dma_readv;
70 DMAIOFunc *dma_writev;
71 bool (*need_fua_emulation)(SCSICommand *cmd);
72 } SCSIDiskClass;
73
74 typedef struct SCSIDiskReq {
75 SCSIRequest req;
76 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
77 uint64_t sector;
78 uint32_t sector_count;
79 uint32_t buflen;
80 bool started;
81 bool need_fua_emulation;
82 struct iovec iov;
83 QEMUIOVector qiov;
84 BlockAcctCookie acct;
85 unsigned char *status;
86 } SCSIDiskReq;
87
88 #define SCSI_DISK_F_REMOVABLE 0
89 #define SCSI_DISK_F_DPOFUA 1
90 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
91
92 typedef struct SCSIDiskState
93 {
94 SCSIDevice qdev;
95 uint32_t features;
96 bool media_changed;
97 bool media_event;
98 bool eject_request;
99 uint16_t port_index;
100 uint64_t max_unmap_size;
101 uint64_t max_io_size;
102 QEMUBH *bh;
103 char *version;
104 char *serial;
105 char *vendor;
106 char *product;
107 char *device_id;
108 bool tray_open;
109 bool tray_locked;
110 /*
111 * 0x0000 - rotation rate not reported
112 * 0x0001 - non-rotating medium (SSD)
113 * 0x0002-0x0400 - reserved
114 * 0x0401-0xffe - rotations per minute
115 * 0xffff - reserved
116 */
117 uint16_t rotation_rate;
118 } SCSIDiskState;
119
120 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
121
122 static void scsi_free_request(SCSIRequest *req)
123 {
124 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
125
126 qemu_vfree(r->iov.iov_base);
127 }
128
129 /* Helper function for command completion with sense. */
130 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
131 {
132 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
133 r->req.tag, sense.key, sense.asc, sense.ascq);
134 scsi_req_build_sense(&r->req, sense);
135 scsi_req_complete(&r->req, CHECK_CONDITION);
136 }
137
138 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
139 {
140 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
141
142 if (!r->iov.iov_base) {
143 r->buflen = size;
144 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
145 }
146 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
147 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
148 }
149
150 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
151 {
152 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
153
154 qemu_put_be64s(f, &r->sector);
155 qemu_put_be32s(f, &r->sector_count);
156 qemu_put_be32s(f, &r->buflen);
157 if (r->buflen) {
158 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
159 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
160 } else if (!req->retry) {
161 uint32_t len = r->iov.iov_len;
162 qemu_put_be32s(f, &len);
163 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
164 }
165 }
166 }
167
168 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
169 {
170 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
171
172 qemu_get_be64s(f, &r->sector);
173 qemu_get_be32s(f, &r->sector_count);
174 qemu_get_be32s(f, &r->buflen);
175 if (r->buflen) {
176 scsi_init_iovec(r, r->buflen);
177 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
178 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
179 } else if (!r->req.retry) {
180 uint32_t len;
181 qemu_get_be32s(f, &len);
182 r->iov.iov_len = len;
183 assert(r->iov.iov_len <= r->buflen);
184 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
185 }
186 }
187
188 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
189 }
190
191 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
192 {
193 if (r->req.io_canceled) {
194 scsi_req_cancel_complete(&r->req);
195 return true;
196 }
197
198 if (ret < 0 || (r->status && *r->status)) {
199 return scsi_handle_rw_error(r, -ret, acct_failed);
200 }
201
202 return false;
203 }
204
205 static void scsi_aio_complete(void *opaque, int ret)
206 {
207 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
208 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
209
210 assert(r->req.aiocb != NULL);
211 r->req.aiocb = NULL;
212 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
213 if (scsi_disk_req_check_error(r, ret, true)) {
214 goto done;
215 }
216
217 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
218 scsi_req_complete(&r->req, GOOD);
219
220 done:
221 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
222 scsi_req_unref(&r->req);
223 }
224
225 static bool scsi_is_cmd_fua(SCSICommand *cmd)
226 {
227 switch (cmd->buf[0]) {
228 case READ_10:
229 case READ_12:
230 case READ_16:
231 case WRITE_10:
232 case WRITE_12:
233 case WRITE_16:
234 return (cmd->buf[1] & 8) != 0;
235
236 case VERIFY_10:
237 case VERIFY_12:
238 case VERIFY_16:
239 case WRITE_VERIFY_10:
240 case WRITE_VERIFY_12:
241 case WRITE_VERIFY_16:
242 return true;
243
244 case READ_6:
245 case WRITE_6:
246 default:
247 return false;
248 }
249 }
250
251 static void scsi_write_do_fua(SCSIDiskReq *r)
252 {
253 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
254
255 assert(r->req.aiocb == NULL);
256 assert(!r->req.io_canceled);
257
258 if (r->need_fua_emulation) {
259 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
260 BLOCK_ACCT_FLUSH);
261 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
262 return;
263 }
264
265 scsi_req_complete(&r->req, GOOD);
266 scsi_req_unref(&r->req);
267 }
268
269 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
270 {
271 assert(r->req.aiocb == NULL);
272 if (scsi_disk_req_check_error(r, ret, false)) {
273 goto done;
274 }
275
276 r->sector += r->sector_count;
277 r->sector_count = 0;
278 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
279 scsi_write_do_fua(r);
280 return;
281 } else {
282 scsi_req_complete(&r->req, GOOD);
283 }
284
285 done:
286 scsi_req_unref(&r->req);
287 }
288
289 static void scsi_dma_complete(void *opaque, int ret)
290 {
291 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
292 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
293
294 assert(r->req.aiocb != NULL);
295 r->req.aiocb = NULL;
296
297 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
298 if (ret < 0) {
299 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
300 } else {
301 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
302 }
303 scsi_dma_complete_noio(r, ret);
304 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
305 }
306
307 static void scsi_read_complete(void * opaque, int ret)
308 {
309 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
310 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
311 int n;
312
313 assert(r->req.aiocb != NULL);
314 r->req.aiocb = NULL;
315 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
316 if (scsi_disk_req_check_error(r, ret, true)) {
317 goto done;
318 }
319
320 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
321 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
322
323 n = r->qiov.size / 512;
324 r->sector += n;
325 r->sector_count -= n;
326 scsi_req_data(&r->req, r->qiov.size);
327
328 done:
329 scsi_req_unref(&r->req);
330 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
331 }
332
333 /* Actually issue a read to the block device. */
334 static void scsi_do_read(SCSIDiskReq *r, int ret)
335 {
336 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
337 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
338
339 assert (r->req.aiocb == NULL);
340 if (scsi_disk_req_check_error(r, ret, false)) {
341 goto done;
342 }
343
344 /* The request is used as the AIO opaque value, so add a ref. */
345 scsi_req_ref(&r->req);
346
347 if (r->req.sg) {
348 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
349 r->req.resid -= r->req.sg->size;
350 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
351 r->req.sg, r->sector << BDRV_SECTOR_BITS,
352 BDRV_SECTOR_SIZE,
353 sdc->dma_readv, r, scsi_dma_complete, r,
354 DMA_DIRECTION_FROM_DEVICE);
355 } else {
356 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
357 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
358 r->qiov.size, BLOCK_ACCT_READ);
359 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
360 scsi_read_complete, r, r);
361 }
362
363 done:
364 scsi_req_unref(&r->req);
365 }
366
367 static void scsi_do_read_cb(void *opaque, int ret)
368 {
369 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
370 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
371
372 assert (r->req.aiocb != NULL);
373 r->req.aiocb = NULL;
374
375 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
376 if (ret < 0) {
377 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
378 } else {
379 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
380 }
381 scsi_do_read(opaque, ret);
382 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
383 }
384
385 /* Read more data from scsi device into buffer. */
386 static void scsi_read_data(SCSIRequest *req)
387 {
388 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
389 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
390 bool first;
391
392 DPRINTF("Read sector_count=%d\n", r->sector_count);
393 if (r->sector_count == 0) {
394 /* This also clears the sense buffer for REQUEST SENSE. */
395 scsi_req_complete(&r->req, GOOD);
396 return;
397 }
398
399 /* No data transfer may already be in progress */
400 assert(r->req.aiocb == NULL);
401
402 /* The request is used as the AIO opaque value, so add a ref. */
403 scsi_req_ref(&r->req);
404 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
405 DPRINTF("Data transfer direction invalid\n");
406 scsi_read_complete(r, -EINVAL);
407 return;
408 }
409
410 if (!blk_is_available(req->dev->conf.blk)) {
411 scsi_read_complete(r, -ENOMEDIUM);
412 return;
413 }
414
415 first = !r->started;
416 r->started = true;
417 if (first && r->need_fua_emulation) {
418 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
419 BLOCK_ACCT_FLUSH);
420 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
421 } else {
422 scsi_do_read(r, 0);
423 }
424 }
425
426 /*
427 * scsi_handle_rw_error has two return values. False means that the error
428 * must be ignored, true means that the error has been processed and the
429 * caller should not do anything else for this request. Note that
430 * scsi_handle_rw_error always manages its reference counts, independent
431 * of the return value.
432 */
433 static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
434 {
435 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
436 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
437 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
438 is_read, error);
439
440 if (action == BLOCK_ERROR_ACTION_REPORT) {
441 if (acct_failed) {
442 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
443 }
444 switch (error) {
445 case 0:
446 /* A passthrough command has run and has produced sense data; check
447 * whether the error has to be handled by the guest or should rather
448 * pause the host.
449 */
450 assert(r->status && *r->status);
451 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
452 if (error == ECANCELED || error == EAGAIN || error == ENOTCONN ||
453 error == 0) {
454 /* These errors are handled by guest. */
455 scsi_req_complete(&r->req, *r->status);
456 return true;
457 }
458 break;
459 case ENOMEDIUM:
460 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
461 break;
462 case ENOMEM:
463 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
464 break;
465 case EINVAL:
466 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
467 break;
468 case ENOSPC:
469 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
470 break;
471 default:
472 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
473 break;
474 }
475 }
476
477 blk_error_action(s->qdev.conf.blk, action, is_read, error);
478 if (action == BLOCK_ERROR_ACTION_IGNORE) {
479 scsi_req_complete(&r->req, 0);
480 return true;
481 }
482
483 if (action == BLOCK_ERROR_ACTION_STOP) {
484 scsi_req_retry(&r->req);
485 }
486 return true;
487 }
488
489 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
490 {
491 uint32_t n;
492
493 assert (r->req.aiocb == NULL);
494 if (scsi_disk_req_check_error(r, ret, false)) {
495 goto done;
496 }
497
498 n = r->qiov.size / 512;
499 r->sector += n;
500 r->sector_count -= n;
501 if (r->sector_count == 0) {
502 scsi_write_do_fua(r);
503 return;
504 } else {
505 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
506 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
507 scsi_req_data(&r->req, r->qiov.size);
508 }
509
510 done:
511 scsi_req_unref(&r->req);
512 }
513
514 static void scsi_write_complete(void * opaque, int ret)
515 {
516 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
517 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
518
519 assert (r->req.aiocb != NULL);
520 r->req.aiocb = NULL;
521
522 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
523 if (ret < 0) {
524 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
525 } else {
526 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
527 }
528 scsi_write_complete_noio(r, ret);
529 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
530 }
531
532 static void scsi_write_data(SCSIRequest *req)
533 {
534 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
535 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
536 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
537
538 /* No data transfer may already be in progress */
539 assert(r->req.aiocb == NULL);
540
541 /* The request is used as the AIO opaque value, so add a ref. */
542 scsi_req_ref(&r->req);
543 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
544 DPRINTF("Data transfer direction invalid\n");
545 scsi_write_complete_noio(r, -EINVAL);
546 return;
547 }
548
549 if (!r->req.sg && !r->qiov.size) {
550 /* Called for the first time. Ask the driver to send us more data. */
551 r->started = true;
552 scsi_write_complete_noio(r, 0);
553 return;
554 }
555 if (!blk_is_available(req->dev->conf.blk)) {
556 scsi_write_complete_noio(r, -ENOMEDIUM);
557 return;
558 }
559
560 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
561 r->req.cmd.buf[0] == VERIFY_16) {
562 if (r->req.sg) {
563 scsi_dma_complete_noio(r, 0);
564 } else {
565 scsi_write_complete_noio(r, 0);
566 }
567 return;
568 }
569
570 if (r->req.sg) {
571 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
572 r->req.resid -= r->req.sg->size;
573 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
574 r->req.sg, r->sector << BDRV_SECTOR_BITS,
575 BDRV_SECTOR_SIZE,
576 sdc->dma_writev, r, scsi_dma_complete, r,
577 DMA_DIRECTION_TO_DEVICE);
578 } else {
579 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
580 r->qiov.size, BLOCK_ACCT_WRITE);
581 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
582 scsi_write_complete, r, r);
583 }
584 }
585
586 /* Return a pointer to the data buffer. */
587 static uint8_t *scsi_get_buf(SCSIRequest *req)
588 {
589 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
590
591 return (uint8_t *)r->iov.iov_base;
592 }
593
594 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
595 {
596 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
597 uint8_t page_code = req->cmd.buf[2];
598 int start, buflen = 0;
599
600 outbuf[buflen++] = s->qdev.type & 0x1f;
601 outbuf[buflen++] = page_code;
602 outbuf[buflen++] = 0x00;
603 outbuf[buflen++] = 0x00;
604 start = buflen;
605
606 switch (page_code) {
607 case 0x00: /* Supported page codes, mandatory */
608 {
609 DPRINTF("Inquiry EVPD[Supported pages] "
610 "buffer size %zd\n", req->cmd.xfer);
611 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
612 if (s->serial) {
613 outbuf[buflen++] = 0x80; /* unit serial number */
614 }
615 outbuf[buflen++] = 0x83; /* device identification */
616 if (s->qdev.type == TYPE_DISK) {
617 outbuf[buflen++] = 0xb0; /* block limits */
618 outbuf[buflen++] = 0xb1; /* block device characteristics */
619 outbuf[buflen++] = 0xb2; /* thin provisioning */
620 }
621 break;
622 }
623 case 0x80: /* Device serial number, optional */
624 {
625 int l;
626
627 if (!s->serial) {
628 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
629 return -1;
630 }
631
632 l = strlen(s->serial);
633 if (l > 36) {
634 l = 36;
635 }
636
637 DPRINTF("Inquiry EVPD[Serial number] "
638 "buffer size %zd\n", req->cmd.xfer);
639 memcpy(outbuf + buflen, s->serial, l);
640 buflen += l;
641 break;
642 }
643
644 case 0x83: /* Device identification page, mandatory */
645 {
646 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
647
648 DPRINTF("Inquiry EVPD[Device identification] "
649 "buffer size %zd\n", req->cmd.xfer);
650
651 if (id_len) {
652 outbuf[buflen++] = 0x2; /* ASCII */
653 outbuf[buflen++] = 0; /* not officially assigned */
654 outbuf[buflen++] = 0; /* reserved */
655 outbuf[buflen++] = id_len; /* length of data following */
656 memcpy(outbuf + buflen, s->device_id, id_len);
657 buflen += id_len;
658 }
659
660 if (s->qdev.wwn) {
661 outbuf[buflen++] = 0x1; /* Binary */
662 outbuf[buflen++] = 0x3; /* NAA */
663 outbuf[buflen++] = 0; /* reserved */
664 outbuf[buflen++] = 8;
665 stq_be_p(&outbuf[buflen], s->qdev.wwn);
666 buflen += 8;
667 }
668
669 if (s->qdev.port_wwn) {
670 outbuf[buflen++] = 0x61; /* SAS / Binary */
671 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
672 outbuf[buflen++] = 0; /* reserved */
673 outbuf[buflen++] = 8;
674 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
675 buflen += 8;
676 }
677
678 if (s->port_index) {
679 outbuf[buflen++] = 0x61; /* SAS / Binary */
680
681 /* PIV/Target port/relative target port */
682 outbuf[buflen++] = 0x94;
683
684 outbuf[buflen++] = 0; /* reserved */
685 outbuf[buflen++] = 4;
686 stw_be_p(&outbuf[buflen + 2], s->port_index);
687 buflen += 4;
688 }
689 break;
690 }
691 case 0xb0: /* block limits */
692 {
693 SCSIBlockLimits bl = {};
694
695 if (s->qdev.type == TYPE_ROM) {
696 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
697 page_code);
698 return -1;
699 }
700 bl.wsnz = 1;
701 bl.unmap_sectors =
702 s->qdev.conf.discard_granularity / s->qdev.blocksize;
703 bl.min_io_size =
704 s->qdev.conf.min_io_size / s->qdev.blocksize;
705 bl.opt_io_size =
706 s->qdev.conf.opt_io_size / s->qdev.blocksize;
707 bl.max_unmap_sectors =
708 s->max_unmap_size / s->qdev.blocksize;
709 bl.max_io_sectors =
710 s->max_io_size / s->qdev.blocksize;
711 /* 255 descriptors fit in 4 KiB with an 8-byte header */
712 bl.max_unmap_descr = 255;
713
714 if (s->qdev.type == TYPE_DISK) {
715 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
716 int max_io_sectors_blk =
717 max_transfer_blk / s->qdev.blocksize;
718
719 bl.max_io_sectors =
720 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
721 }
722 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
723 break;
724 }
725 case 0xb1: /* block device characteristics */
726 {
727 buflen = 0x40;
728 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
729 outbuf[5] = s->rotation_rate & 0xff;
730 outbuf[6] = 0; /* PRODUCT TYPE */
731 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
732 outbuf[8] = 0; /* VBULS */
733 break;
734 }
735 case 0xb2: /* thin provisioning */
736 {
737 buflen = 8;
738 outbuf[4] = 0;
739 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
740 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
741 outbuf[7] = 0;
742 break;
743 }
744 default:
745 return -1;
746 }
747 /* done with EVPD */
748 assert(buflen - start <= 255);
749 outbuf[start - 1] = buflen - start;
750 return buflen;
751 }
752
753 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
754 {
755 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
756 int buflen = 0;
757
758 if (req->cmd.buf[1] & 0x1) {
759 /* Vital product data */
760 return scsi_disk_emulate_vpd_page(req, outbuf);
761 }
762
763 /* Standard INQUIRY data */
764 if (req->cmd.buf[2] != 0) {
765 return -1;
766 }
767
768 /* PAGE CODE == 0 */
769 buflen = req->cmd.xfer;
770 if (buflen > SCSI_MAX_INQUIRY_LEN) {
771 buflen = SCSI_MAX_INQUIRY_LEN;
772 }
773
774 outbuf[0] = s->qdev.type & 0x1f;
775 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
776
777 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
778 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
779
780 memset(&outbuf[32], 0, 4);
781 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
782 /*
783 * We claim conformance to SPC-3, which is required for guests
784 * to ask for modern features like READ CAPACITY(16) or the
785 * block characteristics VPD page by default. Not all of SPC-3
786 * is actually implemented, but we're good enough.
787 */
788 outbuf[2] = s->qdev.default_scsi_version;
789 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
790
791 if (buflen > 36) {
792 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
793 } else {
794 /* If the allocation length of CDB is too small,
795 the additional length is not adjusted */
796 outbuf[4] = 36 - 5;
797 }
798
799 /* Sync data transfer and TCQ. */
800 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
801 return buflen;
802 }
803
804 static inline bool media_is_dvd(SCSIDiskState *s)
805 {
806 uint64_t nb_sectors;
807 if (s->qdev.type != TYPE_ROM) {
808 return false;
809 }
810 if (!blk_is_available(s->qdev.conf.blk)) {
811 return false;
812 }
813 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
814 return nb_sectors > CD_MAX_SECTORS;
815 }
816
817 static inline bool media_is_cd(SCSIDiskState *s)
818 {
819 uint64_t nb_sectors;
820 if (s->qdev.type != TYPE_ROM) {
821 return false;
822 }
823 if (!blk_is_available(s->qdev.conf.blk)) {
824 return false;
825 }
826 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
827 return nb_sectors <= CD_MAX_SECTORS;
828 }
829
830 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
831 uint8_t *outbuf)
832 {
833 uint8_t type = r->req.cmd.buf[1] & 7;
834
835 if (s->qdev.type != TYPE_ROM) {
836 return -1;
837 }
838
839 /* Types 1/2 are only defined for Blu-Ray. */
840 if (type != 0) {
841 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
842 return -1;
843 }
844
845 memset(outbuf, 0, 34);
846 outbuf[1] = 32;
847 outbuf[2] = 0xe; /* last session complete, disc finalized */
848 outbuf[3] = 1; /* first track on disc */
849 outbuf[4] = 1; /* # of sessions */
850 outbuf[5] = 1; /* first track of last session */
851 outbuf[6] = 1; /* last track of last session */
852 outbuf[7] = 0x20; /* unrestricted use */
853 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
854 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
855 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
856 /* 24-31: disc bar code */
857 /* 32: disc application code */
858 /* 33: number of OPC tables */
859
860 return 34;
861 }
862
863 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
864 uint8_t *outbuf)
865 {
866 static const int rds_caps_size[5] = {
867 [0] = 2048 + 4,
868 [1] = 4 + 4,
869 [3] = 188 + 4,
870 [4] = 2048 + 4,
871 };
872
873 uint8_t media = r->req.cmd.buf[1];
874 uint8_t layer = r->req.cmd.buf[6];
875 uint8_t format = r->req.cmd.buf[7];
876 int size = -1;
877
878 if (s->qdev.type != TYPE_ROM) {
879 return -1;
880 }
881 if (media != 0) {
882 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
883 return -1;
884 }
885
886 if (format != 0xff) {
887 if (!blk_is_available(s->qdev.conf.blk)) {
888 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
889 return -1;
890 }
891 if (media_is_cd(s)) {
892 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
893 return -1;
894 }
895 if (format >= ARRAY_SIZE(rds_caps_size)) {
896 return -1;
897 }
898 size = rds_caps_size[format];
899 memset(outbuf, 0, size);
900 }
901
902 switch (format) {
903 case 0x00: {
904 /* Physical format information */
905 uint64_t nb_sectors;
906 if (layer != 0) {
907 goto fail;
908 }
909 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
910
911 outbuf[4] = 1; /* DVD-ROM, part version 1 */
912 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
913 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
914 outbuf[7] = 0; /* default densities */
915
916 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
917 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
918 break;
919 }
920
921 case 0x01: /* DVD copyright information, all zeros */
922 break;
923
924 case 0x03: /* BCA information - invalid field for no BCA info */
925 return -1;
926
927 case 0x04: /* DVD disc manufacturing information, all zeros */
928 break;
929
930 case 0xff: { /* List capabilities */
931 int i;
932 size = 4;
933 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
934 if (!rds_caps_size[i]) {
935 continue;
936 }
937 outbuf[size] = i;
938 outbuf[size + 1] = 0x40; /* Not writable, readable */
939 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
940 size += 4;
941 }
942 break;
943 }
944
945 default:
946 return -1;
947 }
948
949 /* Size of buffer, not including 2 byte size field */
950 stw_be_p(outbuf, size - 2);
951 return size;
952
953 fail:
954 return -1;
955 }
956
957 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
958 {
959 uint8_t event_code, media_status;
960
961 media_status = 0;
962 if (s->tray_open) {
963 media_status = MS_TRAY_OPEN;
964 } else if (blk_is_inserted(s->qdev.conf.blk)) {
965 media_status = MS_MEDIA_PRESENT;
966 }
967
968 /* Event notification descriptor */
969 event_code = MEC_NO_CHANGE;
970 if (media_status != MS_TRAY_OPEN) {
971 if (s->media_event) {
972 event_code = MEC_NEW_MEDIA;
973 s->media_event = false;
974 } else if (s->eject_request) {
975 event_code = MEC_EJECT_REQUESTED;
976 s->eject_request = false;
977 }
978 }
979
980 outbuf[0] = event_code;
981 outbuf[1] = media_status;
982
983 /* These fields are reserved, just clear them. */
984 outbuf[2] = 0;
985 outbuf[3] = 0;
986 return 4;
987 }
988
989 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
990 uint8_t *outbuf)
991 {
992 int size;
993 uint8_t *buf = r->req.cmd.buf;
994 uint8_t notification_class_request = buf[4];
995 if (s->qdev.type != TYPE_ROM) {
996 return -1;
997 }
998 if ((buf[1] & 1) == 0) {
999 /* asynchronous */
1000 return -1;
1001 }
1002
1003 size = 4;
1004 outbuf[0] = outbuf[1] = 0;
1005 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1006 if (notification_class_request & (1 << GESN_MEDIA)) {
1007 outbuf[2] = GESN_MEDIA;
1008 size += scsi_event_status_media(s, &outbuf[size]);
1009 } else {
1010 outbuf[2] = 0x80;
1011 }
1012 stw_be_p(outbuf, size - 4);
1013 return size;
1014 }
1015
1016 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1017 {
1018 int current;
1019
1020 if (s->qdev.type != TYPE_ROM) {
1021 return -1;
1022 }
1023
1024 if (media_is_dvd(s)) {
1025 current = MMC_PROFILE_DVD_ROM;
1026 } else if (media_is_cd(s)) {
1027 current = MMC_PROFILE_CD_ROM;
1028 } else {
1029 current = MMC_PROFILE_NONE;
1030 }
1031
1032 memset(outbuf, 0, 40);
1033 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1034 stw_be_p(&outbuf[6], current);
1035 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1036 outbuf[10] = 0x03; /* persistent, current */
1037 outbuf[11] = 8; /* two profiles */
1038 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1039 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1040 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1041 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1042 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1043 stw_be_p(&outbuf[20], 1);
1044 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1045 outbuf[23] = 8;
1046 stl_be_p(&outbuf[24], 1); /* SCSI */
1047 outbuf[28] = 1; /* DBE = 1, mandatory */
1048 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1049 stw_be_p(&outbuf[32], 3);
1050 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1051 outbuf[35] = 4;
1052 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1053 /* TODO: Random readable, CD read, DVD read, drive serial number,
1054 power management */
1055 return 40;
1056 }
1057
1058 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1059 {
1060 if (s->qdev.type != TYPE_ROM) {
1061 return -1;
1062 }
1063 memset(outbuf, 0, 8);
1064 outbuf[5] = 1; /* CD-ROM */
1065 return 8;
1066 }
1067
1068 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1069 int page_control)
1070 {
1071 static const int mode_sense_valid[0x3f] = {
1072 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1073 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1074 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1075 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1076 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1077 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1078 };
1079
1080 uint8_t *p = *p_outbuf + 2;
1081 int length;
1082
1083 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1084 return -1;
1085 }
1086
1087 /*
1088 * If Changeable Values are requested, a mask denoting those mode parameters
1089 * that are changeable shall be returned. As we currently don't support
1090 * parameter changes via MODE_SELECT all bits are returned set to zero.
1091 * The buffer was already menset to zero by the caller of this function.
1092 *
1093 * The offsets here are off by two compared to the descriptions in the
1094 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1095 * but it is done so that offsets are consistent within our implementation
1096 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1097 * 2-byte and 4-byte headers.
1098 */
1099 switch (page) {
1100 case MODE_PAGE_HD_GEOMETRY:
1101 length = 0x16;
1102 if (page_control == 1) { /* Changeable Values */
1103 break;
1104 }
1105 /* if a geometry hint is available, use it */
1106 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1107 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1108 p[2] = s->qdev.conf.cyls & 0xff;
1109 p[3] = s->qdev.conf.heads & 0xff;
1110 /* Write precomp start cylinder, disabled */
1111 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1112 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1113 p[6] = s->qdev.conf.cyls & 0xff;
1114 /* Reduced current start cylinder, disabled */
1115 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1116 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1117 p[9] = s->qdev.conf.cyls & 0xff;
1118 /* Device step rate [ns], 200ns */
1119 p[10] = 0;
1120 p[11] = 200;
1121 /* Landing zone cylinder */
1122 p[12] = 0xff;
1123 p[13] = 0xff;
1124 p[14] = 0xff;
1125 /* Medium rotation rate [rpm], 5400 rpm */
1126 p[18] = (5400 >> 8) & 0xff;
1127 p[19] = 5400 & 0xff;
1128 break;
1129
1130 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1131 length = 0x1e;
1132 if (page_control == 1) { /* Changeable Values */
1133 break;
1134 }
1135 /* Transfer rate [kbit/s], 5Mbit/s */
1136 p[0] = 5000 >> 8;
1137 p[1] = 5000 & 0xff;
1138 /* if a geometry hint is available, use it */
1139 p[2] = s->qdev.conf.heads & 0xff;
1140 p[3] = s->qdev.conf.secs & 0xff;
1141 p[4] = s->qdev.blocksize >> 8;
1142 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1143 p[7] = s->qdev.conf.cyls & 0xff;
1144 /* Write precomp start cylinder, disabled */
1145 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1146 p[9] = s->qdev.conf.cyls & 0xff;
1147 /* Reduced current start cylinder, disabled */
1148 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1149 p[11] = s->qdev.conf.cyls & 0xff;
1150 /* Device step rate [100us], 100us */
1151 p[12] = 0;
1152 p[13] = 1;
1153 /* Device step pulse width [us], 1us */
1154 p[14] = 1;
1155 /* Device head settle delay [100us], 100us */
1156 p[15] = 0;
1157 p[16] = 1;
1158 /* Motor on delay [0.1s], 0.1s */
1159 p[17] = 1;
1160 /* Motor off delay [0.1s], 0.1s */
1161 p[18] = 1;
1162 /* Medium rotation rate [rpm], 5400 rpm */
1163 p[26] = (5400 >> 8) & 0xff;
1164 p[27] = 5400 & 0xff;
1165 break;
1166
1167 case MODE_PAGE_CACHING:
1168 length = 0x12;
1169 if (page_control == 1 || /* Changeable Values */
1170 blk_enable_write_cache(s->qdev.conf.blk)) {
1171 p[0] = 4; /* WCE */
1172 }
1173 break;
1174
1175 case MODE_PAGE_R_W_ERROR:
1176 length = 10;
1177 if (page_control == 1) { /* Changeable Values */
1178 break;
1179 }
1180 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1181 if (s->qdev.type == TYPE_ROM) {
1182 p[1] = 0x20; /* Read Retry Count */
1183 }
1184 break;
1185
1186 case MODE_PAGE_AUDIO_CTL:
1187 length = 14;
1188 break;
1189
1190 case MODE_PAGE_CAPABILITIES:
1191 length = 0x14;
1192 if (page_control == 1) { /* Changeable Values */
1193 break;
1194 }
1195
1196 p[0] = 0x3b; /* CD-R & CD-RW read */
1197 p[1] = 0; /* Writing not supported */
1198 p[2] = 0x7f; /* Audio, composite, digital out,
1199 mode 2 form 1&2, multi session */
1200 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1201 RW corrected, C2 errors, ISRC,
1202 UPC, Bar code */
1203 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1204 /* Locking supported, jumper present, eject, tray */
1205 p[5] = 0; /* no volume & mute control, no
1206 changer */
1207 p[6] = (50 * 176) >> 8; /* 50x read speed */
1208 p[7] = (50 * 176) & 0xff;
1209 p[8] = 2 >> 8; /* Two volume levels */
1210 p[9] = 2 & 0xff;
1211 p[10] = 2048 >> 8; /* 2M buffer */
1212 p[11] = 2048 & 0xff;
1213 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1214 p[13] = (16 * 176) & 0xff;
1215 p[16] = (16 * 176) >> 8; /* 16x write speed */
1216 p[17] = (16 * 176) & 0xff;
1217 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1218 p[19] = (16 * 176) & 0xff;
1219 break;
1220
1221 default:
1222 return -1;
1223 }
1224
1225 assert(length < 256);
1226 (*p_outbuf)[0] = page;
1227 (*p_outbuf)[1] = length;
1228 *p_outbuf += length + 2;
1229 return length + 2;
1230 }
1231
1232 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1233 {
1234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1235 uint64_t nb_sectors;
1236 bool dbd;
1237 int page, buflen, ret, page_control;
1238 uint8_t *p;
1239 uint8_t dev_specific_param;
1240
1241 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1242 page = r->req.cmd.buf[2] & 0x3f;
1243 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1244 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1245 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1246 memset(outbuf, 0, r->req.cmd.xfer);
1247 p = outbuf;
1248
1249 if (s->qdev.type == TYPE_DISK) {
1250 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1251 if (blk_is_read_only(s->qdev.conf.blk)) {
1252 dev_specific_param |= 0x80; /* Readonly. */
1253 }
1254 } else {
1255 /* MMC prescribes that CD/DVD drives have no block descriptors,
1256 * and defines no device-specific parameter. */
1257 dev_specific_param = 0x00;
1258 dbd = true;
1259 }
1260
1261 if (r->req.cmd.buf[0] == MODE_SENSE) {
1262 p[1] = 0; /* Default media type. */
1263 p[2] = dev_specific_param;
1264 p[3] = 0; /* Block descriptor length. */
1265 p += 4;
1266 } else { /* MODE_SENSE_10 */
1267 p[2] = 0; /* Default media type. */
1268 p[3] = dev_specific_param;
1269 p[6] = p[7] = 0; /* Block descriptor length. */
1270 p += 8;
1271 }
1272
1273 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1274 if (!dbd && nb_sectors) {
1275 if (r->req.cmd.buf[0] == MODE_SENSE) {
1276 outbuf[3] = 8; /* Block descriptor length */
1277 } else { /* MODE_SENSE_10 */
1278 outbuf[7] = 8; /* Block descriptor length */
1279 }
1280 nb_sectors /= (s->qdev.blocksize / 512);
1281 if (nb_sectors > 0xffffff) {
1282 nb_sectors = 0;
1283 }
1284 p[0] = 0; /* media density code */
1285 p[1] = (nb_sectors >> 16) & 0xff;
1286 p[2] = (nb_sectors >> 8) & 0xff;
1287 p[3] = nb_sectors & 0xff;
1288 p[4] = 0; /* reserved */
1289 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1290 p[6] = s->qdev.blocksize >> 8;
1291 p[7] = 0;
1292 p += 8;
1293 }
1294
1295 if (page_control == 3) {
1296 /* Saved Values */
1297 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1298 return -1;
1299 }
1300
1301 if (page == 0x3f) {
1302 for (page = 0; page <= 0x3e; page++) {
1303 mode_sense_page(s, page, &p, page_control);
1304 }
1305 } else {
1306 ret = mode_sense_page(s, page, &p, page_control);
1307 if (ret == -1) {
1308 return -1;
1309 }
1310 }
1311
1312 buflen = p - outbuf;
1313 /*
1314 * The mode data length field specifies the length in bytes of the
1315 * following data that is available to be transferred. The mode data
1316 * length does not include itself.
1317 */
1318 if (r->req.cmd.buf[0] == MODE_SENSE) {
1319 outbuf[0] = buflen - 1;
1320 } else { /* MODE_SENSE_10 */
1321 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1322 outbuf[1] = (buflen - 2) & 0xff;
1323 }
1324 return buflen;
1325 }
1326
1327 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1328 {
1329 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1330 int start_track, format, msf, toclen;
1331 uint64_t nb_sectors;
1332
1333 msf = req->cmd.buf[1] & 2;
1334 format = req->cmd.buf[2] & 0xf;
1335 start_track = req->cmd.buf[6];
1336 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1337 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1338 nb_sectors /= s->qdev.blocksize / 512;
1339 switch (format) {
1340 case 0:
1341 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1342 break;
1343 case 1:
1344 /* multi session : only a single session defined */
1345 toclen = 12;
1346 memset(outbuf, 0, 12);
1347 outbuf[1] = 0x0a;
1348 outbuf[2] = 0x01;
1349 outbuf[3] = 0x01;
1350 break;
1351 case 2:
1352 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1353 break;
1354 default:
1355 return -1;
1356 }
1357 return toclen;
1358 }
1359
1360 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1361 {
1362 SCSIRequest *req = &r->req;
1363 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1364 bool start = req->cmd.buf[4] & 1;
1365 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1366 int pwrcnd = req->cmd.buf[4] & 0xf0;
1367
1368 if (pwrcnd) {
1369 /* eject/load only happens for power condition == 0 */
1370 return 0;
1371 }
1372
1373 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1374 if (!start && !s->tray_open && s->tray_locked) {
1375 scsi_check_condition(r,
1376 blk_is_inserted(s->qdev.conf.blk)
1377 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1378 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1379 return -1;
1380 }
1381
1382 if (s->tray_open != !start) {
1383 blk_eject(s->qdev.conf.blk, !start);
1384 s->tray_open = !start;
1385 }
1386 }
1387 return 0;
1388 }
1389
1390 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1391 {
1392 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1393 int buflen = r->iov.iov_len;
1394
1395 if (buflen) {
1396 DPRINTF("Read buf_len=%d\n", buflen);
1397 r->iov.iov_len = 0;
1398 r->started = true;
1399 scsi_req_data(&r->req, buflen);
1400 return;
1401 }
1402
1403 /* This also clears the sense buffer for REQUEST SENSE. */
1404 scsi_req_complete(&r->req, GOOD);
1405 }
1406
1407 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1408 uint8_t *inbuf, int inlen)
1409 {
1410 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1411 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1412 uint8_t *p;
1413 int len, expected_len, changeable_len, i;
1414
1415 /* The input buffer does not include the page header, so it is
1416 * off by 2 bytes.
1417 */
1418 expected_len = inlen + 2;
1419 if (expected_len > SCSI_MAX_MODE_LEN) {
1420 return -1;
1421 }
1422
1423 p = mode_current;
1424 memset(mode_current, 0, inlen + 2);
1425 len = mode_sense_page(s, page, &p, 0);
1426 if (len < 0 || len != expected_len) {
1427 return -1;
1428 }
1429
1430 p = mode_changeable;
1431 memset(mode_changeable, 0, inlen + 2);
1432 changeable_len = mode_sense_page(s, page, &p, 1);
1433 assert(changeable_len == len);
1434
1435 /* Check that unchangeable bits are the same as what MODE SENSE
1436 * would return.
1437 */
1438 for (i = 2; i < len; i++) {
1439 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1440 return -1;
1441 }
1442 }
1443 return 0;
1444 }
1445
1446 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1447 {
1448 switch (page) {
1449 case MODE_PAGE_CACHING:
1450 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1451 break;
1452
1453 default:
1454 break;
1455 }
1456 }
1457
1458 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1459 {
1460 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1461
1462 while (len > 0) {
1463 int page, subpage, page_len;
1464
1465 /* Parse both possible formats for the mode page headers. */
1466 page = p[0] & 0x3f;
1467 if (p[0] & 0x40) {
1468 if (len < 4) {
1469 goto invalid_param_len;
1470 }
1471 subpage = p[1];
1472 page_len = lduw_be_p(&p[2]);
1473 p += 4;
1474 len -= 4;
1475 } else {
1476 if (len < 2) {
1477 goto invalid_param_len;
1478 }
1479 subpage = 0;
1480 page_len = p[1];
1481 p += 2;
1482 len -= 2;
1483 }
1484
1485 if (subpage) {
1486 goto invalid_param;
1487 }
1488 if (page_len > len) {
1489 goto invalid_param_len;
1490 }
1491
1492 if (!change) {
1493 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1494 goto invalid_param;
1495 }
1496 } else {
1497 scsi_disk_apply_mode_select(s, page, p);
1498 }
1499
1500 p += page_len;
1501 len -= page_len;
1502 }
1503 return 0;
1504
1505 invalid_param:
1506 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1507 return -1;
1508
1509 invalid_param_len:
1510 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1511 return -1;
1512 }
1513
1514 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1515 {
1516 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1517 uint8_t *p = inbuf;
1518 int cmd = r->req.cmd.buf[0];
1519 int len = r->req.cmd.xfer;
1520 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1521 int bd_len;
1522 int pass;
1523
1524 /* We only support PF=1, SP=0. */
1525 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1526 goto invalid_field;
1527 }
1528
1529 if (len < hdr_len) {
1530 goto invalid_param_len;
1531 }
1532
1533 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1534 len -= hdr_len;
1535 p += hdr_len;
1536 if (len < bd_len) {
1537 goto invalid_param_len;
1538 }
1539 if (bd_len != 0 && bd_len != 8) {
1540 goto invalid_param;
1541 }
1542
1543 len -= bd_len;
1544 p += bd_len;
1545
1546 /* Ensure no change is made if there is an error! */
1547 for (pass = 0; pass < 2; pass++) {
1548 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1549 assert(pass == 0);
1550 return;
1551 }
1552 }
1553 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1554 /* The request is used as the AIO opaque value, so add a ref. */
1555 scsi_req_ref(&r->req);
1556 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1557 BLOCK_ACCT_FLUSH);
1558 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1559 return;
1560 }
1561
1562 scsi_req_complete(&r->req, GOOD);
1563 return;
1564
1565 invalid_param:
1566 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1567 return;
1568
1569 invalid_param_len:
1570 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1571 return;
1572
1573 invalid_field:
1574 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1575 }
1576
1577 static inline bool check_lba_range(SCSIDiskState *s,
1578 uint64_t sector_num, uint32_t nb_sectors)
1579 {
1580 /*
1581 * The first line tests that no overflow happens when computing the last
1582 * sector. The second line tests that the last accessed sector is in
1583 * range.
1584 *
1585 * Careful, the computations should not underflow for nb_sectors == 0,
1586 * and a 0-block read to the first LBA beyond the end of device is
1587 * valid.
1588 */
1589 return (sector_num <= sector_num + nb_sectors &&
1590 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1591 }
1592
1593 typedef struct UnmapCBData {
1594 SCSIDiskReq *r;
1595 uint8_t *inbuf;
1596 int count;
1597 } UnmapCBData;
1598
1599 static void scsi_unmap_complete(void *opaque, int ret);
1600
1601 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1602 {
1603 SCSIDiskReq *r = data->r;
1604 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1605 uint64_t sector_num;
1606 uint32_t nb_sectors;
1607
1608 assert(r->req.aiocb == NULL);
1609 if (scsi_disk_req_check_error(r, ret, false)) {
1610 goto done;
1611 }
1612
1613 if (data->count > 0) {
1614 sector_num = ldq_be_p(&data->inbuf[0]);
1615 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1616 if (!check_lba_range(s, sector_num, nb_sectors)) {
1617 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1618 goto done;
1619 }
1620
1621 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1622 sector_num * s->qdev.blocksize,
1623 nb_sectors * s->qdev.blocksize,
1624 scsi_unmap_complete, data);
1625 data->count--;
1626 data->inbuf += 16;
1627 return;
1628 }
1629
1630 scsi_req_complete(&r->req, GOOD);
1631
1632 done:
1633 scsi_req_unref(&r->req);
1634 g_free(data);
1635 }
1636
1637 static void scsi_unmap_complete(void *opaque, int ret)
1638 {
1639 UnmapCBData *data = opaque;
1640 SCSIDiskReq *r = data->r;
1641 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1642
1643 assert(r->req.aiocb != NULL);
1644 r->req.aiocb = NULL;
1645
1646 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1647 scsi_unmap_complete_noio(data, ret);
1648 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1649 }
1650
1651 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1652 {
1653 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1654 uint8_t *p = inbuf;
1655 int len = r->req.cmd.xfer;
1656 UnmapCBData *data;
1657
1658 /* Reject ANCHOR=1. */
1659 if (r->req.cmd.buf[1] & 0x1) {
1660 goto invalid_field;
1661 }
1662
1663 if (len < 8) {
1664 goto invalid_param_len;
1665 }
1666 if (len < lduw_be_p(&p[0]) + 2) {
1667 goto invalid_param_len;
1668 }
1669 if (len < lduw_be_p(&p[2]) + 8) {
1670 goto invalid_param_len;
1671 }
1672 if (lduw_be_p(&p[2]) & 15) {
1673 goto invalid_param_len;
1674 }
1675
1676 if (blk_is_read_only(s->qdev.conf.blk)) {
1677 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1678 return;
1679 }
1680
1681 data = g_new0(UnmapCBData, 1);
1682 data->r = r;
1683 data->inbuf = &p[8];
1684 data->count = lduw_be_p(&p[2]) >> 4;
1685
1686 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1687 scsi_req_ref(&r->req);
1688 scsi_unmap_complete_noio(data, 0);
1689 return;
1690
1691 invalid_param_len:
1692 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1693 return;
1694
1695 invalid_field:
1696 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1697 }
1698
1699 typedef struct WriteSameCBData {
1700 SCSIDiskReq *r;
1701 int64_t sector;
1702 int nb_sectors;
1703 QEMUIOVector qiov;
1704 struct iovec iov;
1705 } WriteSameCBData;
1706
1707 static void scsi_write_same_complete(void *opaque, int ret)
1708 {
1709 WriteSameCBData *data = opaque;
1710 SCSIDiskReq *r = data->r;
1711 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1712
1713 assert(r->req.aiocb != NULL);
1714 r->req.aiocb = NULL;
1715 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1716 if (scsi_disk_req_check_error(r, ret, true)) {
1717 goto done;
1718 }
1719
1720 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1721
1722 data->nb_sectors -= data->iov.iov_len / 512;
1723 data->sector += data->iov.iov_len / 512;
1724 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1725 if (data->iov.iov_len) {
1726 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1727 data->iov.iov_len, BLOCK_ACCT_WRITE);
1728 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1729 * where final qiov may need smaller size */
1730 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1731 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1732 data->sector << BDRV_SECTOR_BITS,
1733 &data->qiov, 0,
1734 scsi_write_same_complete, data);
1735 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1736 return;
1737 }
1738
1739 scsi_req_complete(&r->req, GOOD);
1740
1741 done:
1742 scsi_req_unref(&r->req);
1743 qemu_vfree(data->iov.iov_base);
1744 g_free(data);
1745 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1746 }
1747
1748 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1749 {
1750 SCSIRequest *req = &r->req;
1751 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1752 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1753 WriteSameCBData *data;
1754 uint8_t *buf;
1755 int i;
1756
1757 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1758 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1759 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1760 return;
1761 }
1762
1763 if (blk_is_read_only(s->qdev.conf.blk)) {
1764 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1765 return;
1766 }
1767 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1768 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1769 return;
1770 }
1771
1772 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1773 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1774
1775 /* The request is used as the AIO opaque value, so add a ref. */
1776 scsi_req_ref(&r->req);
1777 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1778 nb_sectors * s->qdev.blocksize,
1779 BLOCK_ACCT_WRITE);
1780 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1781 r->req.cmd.lba * s->qdev.blocksize,
1782 nb_sectors * s->qdev.blocksize,
1783 flags, scsi_aio_complete, r);
1784 return;
1785 }
1786
1787 data = g_new0(WriteSameCBData, 1);
1788 data->r = r;
1789 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1790 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1791 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1792 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1793 data->iov.iov_len);
1794 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1795
1796 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1797 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1798 }
1799
1800 scsi_req_ref(&r->req);
1801 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1802 data->iov.iov_len, BLOCK_ACCT_WRITE);
1803 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1804 data->sector << BDRV_SECTOR_BITS,
1805 &data->qiov, 0,
1806 scsi_write_same_complete, data);
1807 }
1808
1809 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1810 {
1811 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1812
1813 if (r->iov.iov_len) {
1814 int buflen = r->iov.iov_len;
1815 DPRINTF("Write buf_len=%d\n", buflen);
1816 r->iov.iov_len = 0;
1817 scsi_req_data(&r->req, buflen);
1818 return;
1819 }
1820
1821 switch (req->cmd.buf[0]) {
1822 case MODE_SELECT:
1823 case MODE_SELECT_10:
1824 /* This also clears the sense buffer for REQUEST SENSE. */
1825 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1826 break;
1827
1828 case UNMAP:
1829 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1830 break;
1831
1832 case VERIFY_10:
1833 case VERIFY_12:
1834 case VERIFY_16:
1835 if (r->req.status == -1) {
1836 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1837 }
1838 break;
1839
1840 case WRITE_SAME_10:
1841 case WRITE_SAME_16:
1842 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1843 break;
1844
1845 default:
1846 abort();
1847 }
1848 }
1849
1850 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1851 {
1852 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1853 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1854 uint64_t nb_sectors;
1855 uint8_t *outbuf;
1856 int buflen;
1857
1858 switch (req->cmd.buf[0]) {
1859 case INQUIRY:
1860 case MODE_SENSE:
1861 case MODE_SENSE_10:
1862 case RESERVE:
1863 case RESERVE_10:
1864 case RELEASE:
1865 case RELEASE_10:
1866 case START_STOP:
1867 case ALLOW_MEDIUM_REMOVAL:
1868 case GET_CONFIGURATION:
1869 case GET_EVENT_STATUS_NOTIFICATION:
1870 case MECHANISM_STATUS:
1871 case REQUEST_SENSE:
1872 break;
1873
1874 default:
1875 if (!blk_is_available(s->qdev.conf.blk)) {
1876 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1877 return 0;
1878 }
1879 break;
1880 }
1881
1882 /*
1883 * FIXME: we shouldn't return anything bigger than 4k, but the code
1884 * requires the buffer to be as big as req->cmd.xfer in several
1885 * places. So, do not allow CDBs with a very large ALLOCATION
1886 * LENGTH. The real fix would be to modify scsi_read_data and
1887 * dma_buf_read, so that they return data beyond the buflen
1888 * as all zeros.
1889 */
1890 if (req->cmd.xfer > 65536) {
1891 goto illegal_request;
1892 }
1893 r->buflen = MAX(4096, req->cmd.xfer);
1894
1895 if (!r->iov.iov_base) {
1896 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
1897 }
1898
1899 buflen = req->cmd.xfer;
1900 outbuf = r->iov.iov_base;
1901 memset(outbuf, 0, r->buflen);
1902 switch (req->cmd.buf[0]) {
1903 case TEST_UNIT_READY:
1904 assert(blk_is_available(s->qdev.conf.blk));
1905 break;
1906 case INQUIRY:
1907 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1908 if (buflen < 0) {
1909 goto illegal_request;
1910 }
1911 break;
1912 case MODE_SENSE:
1913 case MODE_SENSE_10:
1914 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1915 if (buflen < 0) {
1916 goto illegal_request;
1917 }
1918 break;
1919 case READ_TOC:
1920 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1921 if (buflen < 0) {
1922 goto illegal_request;
1923 }
1924 break;
1925 case RESERVE:
1926 if (req->cmd.buf[1] & 1) {
1927 goto illegal_request;
1928 }
1929 break;
1930 case RESERVE_10:
1931 if (req->cmd.buf[1] & 3) {
1932 goto illegal_request;
1933 }
1934 break;
1935 case RELEASE:
1936 if (req->cmd.buf[1] & 1) {
1937 goto illegal_request;
1938 }
1939 break;
1940 case RELEASE_10:
1941 if (req->cmd.buf[1] & 3) {
1942 goto illegal_request;
1943 }
1944 break;
1945 case START_STOP:
1946 if (scsi_disk_emulate_start_stop(r) < 0) {
1947 return 0;
1948 }
1949 break;
1950 case ALLOW_MEDIUM_REMOVAL:
1951 s->tray_locked = req->cmd.buf[4] & 1;
1952 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
1953 break;
1954 case READ_CAPACITY_10:
1955 /* The normal LEN field for this command is zero. */
1956 memset(outbuf, 0, 8);
1957 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1958 if (!nb_sectors) {
1959 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1960 return 0;
1961 }
1962 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1963 goto illegal_request;
1964 }
1965 nb_sectors /= s->qdev.blocksize / 512;
1966 /* Returned value is the address of the last sector. */
1967 nb_sectors--;
1968 /* Remember the new size for read/write sanity checking. */
1969 s->qdev.max_lba = nb_sectors;
1970 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1971 if (nb_sectors > UINT32_MAX) {
1972 nb_sectors = UINT32_MAX;
1973 }
1974 outbuf[0] = (nb_sectors >> 24) & 0xff;
1975 outbuf[1] = (nb_sectors >> 16) & 0xff;
1976 outbuf[2] = (nb_sectors >> 8) & 0xff;
1977 outbuf[3] = nb_sectors & 0xff;
1978 outbuf[4] = 0;
1979 outbuf[5] = 0;
1980 outbuf[6] = s->qdev.blocksize >> 8;
1981 outbuf[7] = 0;
1982 break;
1983 case REQUEST_SENSE:
1984 /* Just return "NO SENSE". */
1985 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
1986 (req->cmd.buf[1] & 1) == 0);
1987 if (buflen < 0) {
1988 goto illegal_request;
1989 }
1990 break;
1991 case MECHANISM_STATUS:
1992 buflen = scsi_emulate_mechanism_status(s, outbuf);
1993 if (buflen < 0) {
1994 goto illegal_request;
1995 }
1996 break;
1997 case GET_CONFIGURATION:
1998 buflen = scsi_get_configuration(s, outbuf);
1999 if (buflen < 0) {
2000 goto illegal_request;
2001 }
2002 break;
2003 case GET_EVENT_STATUS_NOTIFICATION:
2004 buflen = scsi_get_event_status_notification(s, r, outbuf);
2005 if (buflen < 0) {
2006 goto illegal_request;
2007 }
2008 break;
2009 case READ_DISC_INFORMATION:
2010 buflen = scsi_read_disc_information(s, r, outbuf);
2011 if (buflen < 0) {
2012 goto illegal_request;
2013 }
2014 break;
2015 case READ_DVD_STRUCTURE:
2016 buflen = scsi_read_dvd_structure(s, r, outbuf);
2017 if (buflen < 0) {
2018 goto illegal_request;
2019 }
2020 break;
2021 case SERVICE_ACTION_IN_16:
2022 /* Service Action In subcommands. */
2023 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2024 DPRINTF("SAI READ CAPACITY(16)\n");
2025 memset(outbuf, 0, req->cmd.xfer);
2026 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2027 if (!nb_sectors) {
2028 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2029 return 0;
2030 }
2031 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2032 goto illegal_request;
2033 }
2034 nb_sectors /= s->qdev.blocksize / 512;
2035 /* Returned value is the address of the last sector. */
2036 nb_sectors--;
2037 /* Remember the new size for read/write sanity checking. */
2038 s->qdev.max_lba = nb_sectors;
2039 outbuf[0] = (nb_sectors >> 56) & 0xff;
2040 outbuf[1] = (nb_sectors >> 48) & 0xff;
2041 outbuf[2] = (nb_sectors >> 40) & 0xff;
2042 outbuf[3] = (nb_sectors >> 32) & 0xff;
2043 outbuf[4] = (nb_sectors >> 24) & 0xff;
2044 outbuf[5] = (nb_sectors >> 16) & 0xff;
2045 outbuf[6] = (nb_sectors >> 8) & 0xff;
2046 outbuf[7] = nb_sectors & 0xff;
2047 outbuf[8] = 0;
2048 outbuf[9] = 0;
2049 outbuf[10] = s->qdev.blocksize >> 8;
2050 outbuf[11] = 0;
2051 outbuf[12] = 0;
2052 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2053
2054 /* set TPE bit if the format supports discard */
2055 if (s->qdev.conf.discard_granularity) {
2056 outbuf[14] = 0x80;
2057 }
2058
2059 /* Protection, exponent and lowest lba field left blank. */
2060 break;
2061 }
2062 DPRINTF("Unsupported Service Action In\n");
2063 goto illegal_request;
2064 case SYNCHRONIZE_CACHE:
2065 /* The request is used as the AIO opaque value, so add a ref. */
2066 scsi_req_ref(&r->req);
2067 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2068 BLOCK_ACCT_FLUSH);
2069 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2070 return 0;
2071 case SEEK_10:
2072 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2073 if (r->req.cmd.lba > s->qdev.max_lba) {
2074 goto illegal_lba;
2075 }
2076 break;
2077 case MODE_SELECT:
2078 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2079 break;
2080 case MODE_SELECT_10:
2081 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2082 break;
2083 case UNMAP:
2084 DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer);
2085 break;
2086 case VERIFY_10:
2087 case VERIFY_12:
2088 case VERIFY_16:
2089 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
2090 if (req->cmd.buf[1] & 6) {
2091 goto illegal_request;
2092 }
2093 break;
2094 case WRITE_SAME_10:
2095 case WRITE_SAME_16:
2096 DPRINTF("WRITE SAME %d (len %lu)\n",
2097 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2098 (unsigned long)r->req.cmd.xfer);
2099 break;
2100 default:
2101 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2102 scsi_command_name(buf[0]));
2103 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2104 return 0;
2105 }
2106 assert(!r->req.aiocb);
2107 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2108 if (r->iov.iov_len == 0) {
2109 scsi_req_complete(&r->req, GOOD);
2110 }
2111 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2112 assert(r->iov.iov_len == req->cmd.xfer);
2113 return -r->iov.iov_len;
2114 } else {
2115 return r->iov.iov_len;
2116 }
2117
2118 illegal_request:
2119 if (r->req.status == -1) {
2120 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2121 }
2122 return 0;
2123
2124 illegal_lba:
2125 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2126 return 0;
2127 }
2128
2129 /* Execute a scsi command. Returns the length of the data expected by the
2130 command. This will be Positive for data transfers from the device
2131 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2132 and zero if the command does not transfer any data. */
2133
2134 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2135 {
2136 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2137 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2138 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2139 uint32_t len;
2140 uint8_t command;
2141
2142 command = buf[0];
2143
2144 if (!blk_is_available(s->qdev.conf.blk)) {
2145 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2146 return 0;
2147 }
2148
2149 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2150 switch (command) {
2151 case READ_6:
2152 case READ_10:
2153 case READ_12:
2154 case READ_16:
2155 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2156 /* Protection information is not supported. For SCSI versions 2 and
2157 * older (as determined by snooping the guest's INQUIRY commands),
2158 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2159 */
2160 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2161 goto illegal_request;
2162 }
2163 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2164 goto illegal_lba;
2165 }
2166 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2167 r->sector_count = len * (s->qdev.blocksize / 512);
2168 break;
2169 case WRITE_6:
2170 case WRITE_10:
2171 case WRITE_12:
2172 case WRITE_16:
2173 case WRITE_VERIFY_10:
2174 case WRITE_VERIFY_12:
2175 case WRITE_VERIFY_16:
2176 if (blk_is_read_only(s->qdev.conf.blk)) {
2177 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2178 return 0;
2179 }
2180 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2181 (command & 0xe) == 0xe ? "And Verify " : "",
2182 r->req.cmd.lba, len);
2183 /* fall through */
2184 case VERIFY_10:
2185 case VERIFY_12:
2186 case VERIFY_16:
2187 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2188 * As far as DMA is concerned, we can treat it the same as a write;
2189 * scsi_block_do_sgio will send VERIFY commands.
2190 */
2191 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2192 goto illegal_request;
2193 }
2194 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2195 goto illegal_lba;
2196 }
2197 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2198 r->sector_count = len * (s->qdev.blocksize / 512);
2199 break;
2200 default:
2201 abort();
2202 illegal_request:
2203 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2204 return 0;
2205 illegal_lba:
2206 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2207 return 0;
2208 }
2209 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2210 if (r->sector_count == 0) {
2211 scsi_req_complete(&r->req, GOOD);
2212 }
2213 assert(r->iov.iov_len == 0);
2214 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2215 return -r->sector_count * 512;
2216 } else {
2217 return r->sector_count * 512;
2218 }
2219 }
2220
2221 static void scsi_disk_reset(DeviceState *dev)
2222 {
2223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2224 uint64_t nb_sectors;
2225
2226 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2227
2228 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2229 nb_sectors /= s->qdev.blocksize / 512;
2230 if (nb_sectors) {
2231 nb_sectors--;
2232 }
2233 s->qdev.max_lba = nb_sectors;
2234 /* reset tray statuses */
2235 s->tray_locked = 0;
2236 s->tray_open = 0;
2237
2238 s->qdev.scsi_version = s->qdev.default_scsi_version;
2239 }
2240
2241 static void scsi_disk_resize_cb(void *opaque)
2242 {
2243 SCSIDiskState *s = opaque;
2244
2245 /* SPC lists this sense code as available only for
2246 * direct-access devices.
2247 */
2248 if (s->qdev.type == TYPE_DISK) {
2249 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2250 }
2251 }
2252
2253 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2254 {
2255 SCSIDiskState *s = opaque;
2256
2257 /*
2258 * When a CD gets changed, we have to report an ejected state and
2259 * then a loaded state to guests so that they detect tray
2260 * open/close and media change events. Guests that do not use
2261 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2262 * states rely on this behavior.
2263 *
2264 * media_changed governs the state machine used for unit attention
2265 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2266 */
2267 s->media_changed = load;
2268 s->tray_open = !load;
2269 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2270 s->media_event = true;
2271 s->eject_request = false;
2272 }
2273
2274 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2275 {
2276 SCSIDiskState *s = opaque;
2277
2278 s->eject_request = true;
2279 if (force) {
2280 s->tray_locked = false;
2281 }
2282 }
2283
2284 static bool scsi_cd_is_tray_open(void *opaque)
2285 {
2286 return ((SCSIDiskState *)opaque)->tray_open;
2287 }
2288
2289 static bool scsi_cd_is_medium_locked(void *opaque)
2290 {
2291 return ((SCSIDiskState *)opaque)->tray_locked;
2292 }
2293
2294 static const BlockDevOps scsi_disk_removable_block_ops = {
2295 .change_media_cb = scsi_cd_change_media_cb,
2296 .eject_request_cb = scsi_cd_eject_request_cb,
2297 .is_tray_open = scsi_cd_is_tray_open,
2298 .is_medium_locked = scsi_cd_is_medium_locked,
2299
2300 .resize_cb = scsi_disk_resize_cb,
2301 };
2302
2303 static const BlockDevOps scsi_disk_block_ops = {
2304 .resize_cb = scsi_disk_resize_cb,
2305 };
2306
2307 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2308 {
2309 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2310 if (s->media_changed) {
2311 s->media_changed = false;
2312 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2313 }
2314 }
2315
2316 static void scsi_realize(SCSIDevice *dev, Error **errp)
2317 {
2318 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2319
2320 if (!s->qdev.conf.blk) {
2321 error_setg(errp, "drive property not set");
2322 return;
2323 }
2324
2325 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2326 !blk_is_inserted(s->qdev.conf.blk)) {
2327 error_setg(errp, "Device needs media, but drive is empty");
2328 return;
2329 }
2330
2331 blkconf_blocksizes(&s->qdev.conf);
2332
2333 if (s->qdev.conf.logical_block_size >
2334 s->qdev.conf.physical_block_size) {
2335 error_setg(errp,
2336 "logical_block_size > physical_block_size not supported");
2337 return;
2338 }
2339
2340 if (dev->type == TYPE_DISK) {
2341 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2342 return;
2343 }
2344 }
2345 if (!blkconf_apply_backend_options(&dev->conf,
2346 blk_is_read_only(s->qdev.conf.blk),
2347 dev->type == TYPE_DISK, errp)) {
2348 return;
2349 }
2350
2351 if (s->qdev.conf.discard_granularity == -1) {
2352 s->qdev.conf.discard_granularity =
2353 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2354 }
2355
2356 if (!s->version) {
2357 s->version = g_strdup(qemu_hw_version());
2358 }
2359 if (!s->vendor) {
2360 s->vendor = g_strdup("QEMU");
2361 }
2362 if (!s->device_id) {
2363 if (s->serial) {
2364 s->device_id = g_strdup_printf("%.20s", s->serial);
2365 } else {
2366 const char *str = blk_name(s->qdev.conf.blk);
2367 if (str && *str) {
2368 s->device_id = g_strdup(str);
2369 }
2370 }
2371 }
2372
2373 if (blk_is_sg(s->qdev.conf.blk)) {
2374 error_setg(errp, "unwanted /dev/sg*");
2375 return;
2376 }
2377
2378 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2379 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2380 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2381 } else {
2382 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2383 }
2384 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
2385
2386 blk_iostatus_enable(s->qdev.conf.blk);
2387 }
2388
2389 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2390 {
2391 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2392 AioContext *ctx = NULL;
2393 /* can happen for devices without drive. The error message for missing
2394 * backend will be issued in scsi_realize
2395 */
2396 if (s->qdev.conf.blk) {
2397 ctx = blk_get_aio_context(s->qdev.conf.blk);
2398 aio_context_acquire(ctx);
2399 blkconf_blocksizes(&s->qdev.conf);
2400 }
2401 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2402 s->qdev.type = TYPE_DISK;
2403 if (!s->product) {
2404 s->product = g_strdup("QEMU HARDDISK");
2405 }
2406 scsi_realize(&s->qdev, errp);
2407 if (ctx) {
2408 aio_context_release(ctx);
2409 }
2410 }
2411
2412 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2413 {
2414 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2415 AioContext *ctx;
2416 int ret;
2417
2418 if (!dev->conf.blk) {
2419 /* Anonymous BlockBackend for an empty drive. As we put it into
2420 * dev->conf, qdev takes care of detaching on unplug. */
2421 dev->conf.blk = blk_new(0, BLK_PERM_ALL);
2422 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2423 assert(ret == 0);
2424 }
2425
2426 ctx = blk_get_aio_context(dev->conf.blk);
2427 aio_context_acquire(ctx);
2428 s->qdev.blocksize = 2048;
2429 s->qdev.type = TYPE_ROM;
2430 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2431 if (!s->product) {
2432 s->product = g_strdup("QEMU CD-ROM");
2433 }
2434 scsi_realize(&s->qdev, errp);
2435 aio_context_release(ctx);
2436 }
2437
2438 static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
2439 {
2440 DriveInfo *dinfo;
2441 Error *local_err = NULL;
2442
2443 if (!dev->conf.blk) {
2444 scsi_realize(dev, &local_err);
2445 assert(local_err);
2446 error_propagate(errp, local_err);
2447 return;
2448 }
2449
2450 dinfo = blk_legacy_dinfo(dev->conf.blk);
2451 if (dinfo && dinfo->media_cd) {
2452 scsi_cd_realize(dev, errp);
2453 } else {
2454 scsi_hd_realize(dev, errp);
2455 }
2456 }
2457
2458 static const SCSIReqOps scsi_disk_emulate_reqops = {
2459 .size = sizeof(SCSIDiskReq),
2460 .free_req = scsi_free_request,
2461 .send_command = scsi_disk_emulate_command,
2462 .read_data = scsi_disk_emulate_read_data,
2463 .write_data = scsi_disk_emulate_write_data,
2464 .get_buf = scsi_get_buf,
2465 };
2466
2467 static const SCSIReqOps scsi_disk_dma_reqops = {
2468 .size = sizeof(SCSIDiskReq),
2469 .free_req = scsi_free_request,
2470 .send_command = scsi_disk_dma_command,
2471 .read_data = scsi_read_data,
2472 .write_data = scsi_write_data,
2473 .get_buf = scsi_get_buf,
2474 .load_request = scsi_disk_load_request,
2475 .save_request = scsi_disk_save_request,
2476 };
2477
2478 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2479 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2480 [INQUIRY] = &scsi_disk_emulate_reqops,
2481 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2482 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2483 [START_STOP] = &scsi_disk_emulate_reqops,
2484 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2485 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2486 [READ_TOC] = &scsi_disk_emulate_reqops,
2487 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2488 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2489 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2490 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2491 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2492 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2493 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2494 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2495 [SEEK_10] = &scsi_disk_emulate_reqops,
2496 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2497 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2498 [UNMAP] = &scsi_disk_emulate_reqops,
2499 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2500 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2501 [VERIFY_10] = &scsi_disk_emulate_reqops,
2502 [VERIFY_12] = &scsi_disk_emulate_reqops,
2503 [VERIFY_16] = &scsi_disk_emulate_reqops,
2504
2505 [READ_6] = &scsi_disk_dma_reqops,
2506 [READ_10] = &scsi_disk_dma_reqops,
2507 [READ_12] = &scsi_disk_dma_reqops,
2508 [READ_16] = &scsi_disk_dma_reqops,
2509 [WRITE_6] = &scsi_disk_dma_reqops,
2510 [WRITE_10] = &scsi_disk_dma_reqops,
2511 [WRITE_12] = &scsi_disk_dma_reqops,
2512 [WRITE_16] = &scsi_disk_dma_reqops,
2513 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2514 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2515 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2516 };
2517
2518 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2519 uint8_t *buf, void *hba_private)
2520 {
2521 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2522 SCSIRequest *req;
2523 const SCSIReqOps *ops;
2524 uint8_t command;
2525
2526 command = buf[0];
2527 ops = scsi_disk_reqops_dispatch[command];
2528 if (!ops) {
2529 ops = &scsi_disk_emulate_reqops;
2530 }
2531 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2532
2533 #ifdef DEBUG_SCSI
2534 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2535 {
2536 int i;
2537 for (i = 1; i < scsi_cdb_length(buf); i++) {
2538 printf(" 0x%02x", buf[i]);
2539 }
2540 printf("\n");
2541 }
2542 #endif
2543
2544 return req;
2545 }
2546
2547 #ifdef __linux__
2548 static int get_device_type(SCSIDiskState *s)
2549 {
2550 uint8_t cmd[16];
2551 uint8_t buf[36];
2552 int ret;
2553
2554 memset(cmd, 0, sizeof(cmd));
2555 memset(buf, 0, sizeof(buf));
2556 cmd[0] = INQUIRY;
2557 cmd[4] = sizeof(buf);
2558
2559 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2560 buf, sizeof(buf));
2561 if (ret < 0) {
2562 return -1;
2563 }
2564 s->qdev.type = buf[0];
2565 if (buf[1] & 0x80) {
2566 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2567 }
2568 return 0;
2569 }
2570
2571 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2572 {
2573 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2574 AioContext *ctx;
2575 int sg_version;
2576 int rc;
2577
2578 if (!s->qdev.conf.blk) {
2579 error_setg(errp, "drive property not set");
2580 return;
2581 }
2582
2583 if (s->rotation_rate) {
2584 error_report_once("rotation_rate is specified for scsi-block but is "
2585 "not implemented. This option is deprecated and will "
2586 "be removed in a future version");
2587 }
2588
2589 ctx = blk_get_aio_context(s->qdev.conf.blk);
2590 aio_context_acquire(ctx);
2591
2592 /* check we are using a driver managing SG_IO (version 3 and after) */
2593 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2594 if (rc < 0) {
2595 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2596 if (rc != -EPERM) {
2597 error_append_hint(errp, "Is this a SCSI device?\n");
2598 }
2599 goto out;
2600 }
2601 if (sg_version < 30000) {
2602 error_setg(errp, "scsi generic interface too old");
2603 goto out;
2604 }
2605
2606 /* get device type from INQUIRY data */
2607 rc = get_device_type(s);
2608 if (rc < 0) {
2609 error_setg(errp, "INQUIRY failed");
2610 goto out;
2611 }
2612
2613 /* Make a guess for the block size, we'll fix it when the guest sends.
2614 * READ CAPACITY. If they don't, they likely would assume these sizes
2615 * anyway. (TODO: check in /sys).
2616 */
2617 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2618 s->qdev.blocksize = 2048;
2619 } else {
2620 s->qdev.blocksize = 512;
2621 }
2622
2623 /* Makes the scsi-block device not removable by using HMP and QMP eject
2624 * command.
2625 */
2626 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2627
2628 scsi_realize(&s->qdev, errp);
2629 scsi_generic_read_device_inquiry(&s->qdev);
2630
2631 out:
2632 aio_context_release(ctx);
2633 }
2634
2635 typedef struct SCSIBlockReq {
2636 SCSIDiskReq req;
2637 sg_io_hdr_t io_header;
2638
2639 /* Selected bytes of the original CDB, copied into our own CDB. */
2640 uint8_t cmd, cdb1, group_number;
2641
2642 /* CDB passed to SG_IO. */
2643 uint8_t cdb[16];
2644 } SCSIBlockReq;
2645
2646 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2647 int64_t offset, QEMUIOVector *iov,
2648 int direction,
2649 BlockCompletionFunc *cb, void *opaque)
2650 {
2651 sg_io_hdr_t *io_header = &req->io_header;
2652 SCSIDiskReq *r = &req->req;
2653 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2654 int nb_logical_blocks;
2655 uint64_t lba;
2656 BlockAIOCB *aiocb;
2657
2658 /* This is not supported yet. It can only happen if the guest does
2659 * reads and writes that are not aligned to one logical sectors
2660 * _and_ cover multiple MemoryRegions.
2661 */
2662 assert(offset % s->qdev.blocksize == 0);
2663 assert(iov->size % s->qdev.blocksize == 0);
2664
2665 io_header->interface_id = 'S';
2666
2667 /* The data transfer comes from the QEMUIOVector. */
2668 io_header->dxfer_direction = direction;
2669 io_header->dxfer_len = iov->size;
2670 io_header->dxferp = (void *)iov->iov;
2671 io_header->iovec_count = iov->niov;
2672 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2673
2674 /* Build a new CDB with the LBA and length patched in, in case
2675 * DMA helpers split the transfer in multiple segments. Do not
2676 * build a CDB smaller than what the guest wanted, and only build
2677 * a larger one if strictly necessary.
2678 */
2679 io_header->cmdp = req->cdb;
2680 lba = offset / s->qdev.blocksize;
2681 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2682
2683 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2684 /* 6-byte CDB */
2685 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2686 req->cdb[4] = nb_logical_blocks;
2687 req->cdb[5] = 0;
2688 io_header->cmd_len = 6;
2689 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2690 /* 10-byte CDB */
2691 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2692 req->cdb[1] = req->cdb1;
2693 stl_be_p(&req->cdb[2], lba);
2694 req->cdb[6] = req->group_number;
2695 stw_be_p(&req->cdb[7], nb_logical_blocks);
2696 req->cdb[9] = 0;
2697 io_header->cmd_len = 10;
2698 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2699 /* 12-byte CDB */
2700 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2701 req->cdb[1] = req->cdb1;
2702 stl_be_p(&req->cdb[2], lba);
2703 stl_be_p(&req->cdb[6], nb_logical_blocks);
2704 req->cdb[10] = req->group_number;
2705 req->cdb[11] = 0;
2706 io_header->cmd_len = 12;
2707 } else {
2708 /* 16-byte CDB */
2709 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2710 req->cdb[1] = req->cdb1;
2711 stq_be_p(&req->cdb[2], lba);
2712 stl_be_p(&req->cdb[10], nb_logical_blocks);
2713 req->cdb[14] = req->group_number;
2714 req->cdb[15] = 0;
2715 io_header->cmd_len = 16;
2716 }
2717
2718 /* The rest is as in scsi-generic.c. */
2719 io_header->mx_sb_len = sizeof(r->req.sense);
2720 io_header->sbp = r->req.sense;
2721 io_header->timeout = UINT_MAX;
2722 io_header->usr_ptr = r;
2723 io_header->flags |= SG_FLAG_DIRECT_IO;
2724
2725 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2726 assert(aiocb != NULL);
2727 return aiocb;
2728 }
2729
2730 static bool scsi_block_no_fua(SCSICommand *cmd)
2731 {
2732 return false;
2733 }
2734
2735 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2736 QEMUIOVector *iov,
2737 BlockCompletionFunc *cb, void *cb_opaque,
2738 void *opaque)
2739 {
2740 SCSIBlockReq *r = opaque;
2741 return scsi_block_do_sgio(r, offset, iov,
2742 SG_DXFER_FROM_DEV, cb, cb_opaque);
2743 }
2744
2745 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2746 QEMUIOVector *iov,
2747 BlockCompletionFunc *cb, void *cb_opaque,
2748 void *opaque)
2749 {
2750 SCSIBlockReq *r = opaque;
2751 return scsi_block_do_sgio(r, offset, iov,
2752 SG_DXFER_TO_DEV, cb, cb_opaque);
2753 }
2754
2755 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2756 {
2757 switch (buf[0]) {
2758 case VERIFY_10:
2759 case VERIFY_12:
2760 case VERIFY_16:
2761 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2762 * for the number of logical blocks specified in the length
2763 * field). For other modes, do not use scatter/gather operation.
2764 */
2765 if ((buf[1] & 6) == 2) {
2766 return false;
2767 }
2768 break;
2769
2770 case READ_6:
2771 case READ_10:
2772 case READ_12:
2773 case READ_16:
2774 case WRITE_6:
2775 case WRITE_10:
2776 case WRITE_12:
2777 case WRITE_16:
2778 case WRITE_VERIFY_10:
2779 case WRITE_VERIFY_12:
2780 case WRITE_VERIFY_16:
2781 /* MMC writing cannot be done via DMA helpers, because it sometimes
2782 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2783 * We might use scsi_block_dma_reqops as long as no writing commands are
2784 * seen, but performance usually isn't paramount on optical media. So,
2785 * just make scsi-block operate the same as scsi-generic for them.
2786 */
2787 if (s->qdev.type != TYPE_ROM) {
2788 return false;
2789 }
2790 break;
2791
2792 default:
2793 break;
2794 }
2795
2796 return true;
2797 }
2798
2799
2800 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2801 {
2802 SCSIBlockReq *r = (SCSIBlockReq *)req;
2803 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2804
2805 r->cmd = req->cmd.buf[0];
2806 switch (r->cmd >> 5) {
2807 case 0:
2808 /* 6-byte CDB. */
2809 r->cdb1 = r->group_number = 0;
2810 break;
2811 case 1:
2812 /* 10-byte CDB. */
2813 r->cdb1 = req->cmd.buf[1];
2814 r->group_number = req->cmd.buf[6];
2815 break;
2816 case 4:
2817 /* 12-byte CDB. */
2818 r->cdb1 = req->cmd.buf[1];
2819 r->group_number = req->cmd.buf[10];
2820 break;
2821 case 5:
2822 /* 16-byte CDB. */
2823 r->cdb1 = req->cmd.buf[1];
2824 r->group_number = req->cmd.buf[14];
2825 break;
2826 default:
2827 abort();
2828 }
2829
2830 /* Protection information is not supported. For SCSI versions 2 and
2831 * older (as determined by snooping the guest's INQUIRY commands),
2832 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2833 */
2834 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
2835 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2836 return 0;
2837 }
2838
2839 r->req.status = &r->io_header.status;
2840 return scsi_disk_dma_command(req, buf);
2841 }
2842
2843 static const SCSIReqOps scsi_block_dma_reqops = {
2844 .size = sizeof(SCSIBlockReq),
2845 .free_req = scsi_free_request,
2846 .send_command = scsi_block_dma_command,
2847 .read_data = scsi_read_data,
2848 .write_data = scsi_write_data,
2849 .get_buf = scsi_get_buf,
2850 .load_request = scsi_disk_load_request,
2851 .save_request = scsi_disk_save_request,
2852 };
2853
2854 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2855 uint32_t lun, uint8_t *buf,
2856 void *hba_private)
2857 {
2858 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2859
2860 if (scsi_block_is_passthrough(s, buf)) {
2861 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2862 hba_private);
2863 } else {
2864 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
2865 hba_private);
2866 }
2867 }
2868
2869 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2870 uint8_t *buf, void *hba_private)
2871 {
2872 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2873
2874 if (scsi_block_is_passthrough(s, buf)) {
2875 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2876 } else {
2877 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2878 }
2879 }
2880
2881 #endif
2882
2883 static
2884 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2885 BlockCompletionFunc *cb, void *cb_opaque,
2886 void *opaque)
2887 {
2888 SCSIDiskReq *r = opaque;
2889 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2890 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2891 }
2892
2893 static
2894 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2895 BlockCompletionFunc *cb, void *cb_opaque,
2896 void *opaque)
2897 {
2898 SCSIDiskReq *r = opaque;
2899 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2900 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2901 }
2902
2903 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2904 {
2905 DeviceClass *dc = DEVICE_CLASS(klass);
2906 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
2907
2908 dc->fw_name = "disk";
2909 dc->reset = scsi_disk_reset;
2910 sdc->dma_readv = scsi_dma_readv;
2911 sdc->dma_writev = scsi_dma_writev;
2912 sdc->need_fua_emulation = scsi_is_cmd_fua;
2913 }
2914
2915 static const TypeInfo scsi_disk_base_info = {
2916 .name = TYPE_SCSI_DISK_BASE,
2917 .parent = TYPE_SCSI_DEVICE,
2918 .class_init = scsi_disk_base_class_initfn,
2919 .instance_size = sizeof(SCSIDiskState),
2920 .class_size = sizeof(SCSIDiskClass),
2921 .abstract = true,
2922 };
2923
2924 #define DEFINE_SCSI_DISK_PROPERTIES() \
2925 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2926 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
2927 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2928 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2929 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2930 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
2931 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
2932
2933
2934 static Property scsi_hd_properties[] = {
2935 DEFINE_SCSI_DISK_PROPERTIES(),
2936 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2937 SCSI_DISK_F_REMOVABLE, false),
2938 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2939 SCSI_DISK_F_DPOFUA, false),
2940 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2941 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2942 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2943 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2944 DEFAULT_MAX_UNMAP_SIZE),
2945 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2946 DEFAULT_MAX_IO_SIZE),
2947 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
2948 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
2949 5),
2950 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2951 DEFINE_PROP_END_OF_LIST(),
2952 };
2953
2954 static const VMStateDescription vmstate_scsi_disk_state = {
2955 .name = "scsi-disk",
2956 .version_id = 1,
2957 .minimum_version_id = 1,
2958 .fields = (VMStateField[]) {
2959 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2960 VMSTATE_BOOL(media_changed, SCSIDiskState),
2961 VMSTATE_BOOL(media_event, SCSIDiskState),
2962 VMSTATE_BOOL(eject_request, SCSIDiskState),
2963 VMSTATE_BOOL(tray_open, SCSIDiskState),
2964 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2965 VMSTATE_END_OF_LIST()
2966 }
2967 };
2968
2969 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2970 {
2971 DeviceClass *dc = DEVICE_CLASS(klass);
2972 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2973
2974 sc->realize = scsi_hd_realize;
2975 sc->alloc_req = scsi_new_request;
2976 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2977 dc->desc = "virtual SCSI disk";
2978 dc->props = scsi_hd_properties;
2979 dc->vmsd = &vmstate_scsi_disk_state;
2980 }
2981
2982 static const TypeInfo scsi_hd_info = {
2983 .name = "scsi-hd",
2984 .parent = TYPE_SCSI_DISK_BASE,
2985 .class_init = scsi_hd_class_initfn,
2986 };
2987
2988 static Property scsi_cd_properties[] = {
2989 DEFINE_SCSI_DISK_PROPERTIES(),
2990 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2991 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
2992 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2993 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2994 DEFAULT_MAX_IO_SIZE),
2995 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
2996 5),
2997 DEFINE_PROP_END_OF_LIST(),
2998 };
2999
3000 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3001 {
3002 DeviceClass *dc = DEVICE_CLASS(klass);
3003 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3004
3005 sc->realize = scsi_cd_realize;
3006 sc->alloc_req = scsi_new_request;
3007 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3008 dc->desc = "virtual SCSI CD-ROM";
3009 dc->props = scsi_cd_properties;
3010 dc->vmsd = &vmstate_scsi_disk_state;
3011 }
3012
3013 static const TypeInfo scsi_cd_info = {
3014 .name = "scsi-cd",
3015 .parent = TYPE_SCSI_DISK_BASE,
3016 .class_init = scsi_cd_class_initfn,
3017 };
3018
3019 #ifdef __linux__
3020 static Property scsi_block_properties[] = {
3021 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3022 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3023 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3024 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3025 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3026 DEFAULT_MAX_UNMAP_SIZE),
3027 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3028 DEFAULT_MAX_IO_SIZE),
3029 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3030 -1),
3031 DEFINE_PROP_END_OF_LIST(),
3032 };
3033
3034 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3035 {
3036 DeviceClass *dc = DEVICE_CLASS(klass);
3037 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3038 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3039
3040 sc->realize = scsi_block_realize;
3041 sc->alloc_req = scsi_block_new_request;
3042 sc->parse_cdb = scsi_block_parse_cdb;
3043 sdc->dma_readv = scsi_block_dma_readv;
3044 sdc->dma_writev = scsi_block_dma_writev;
3045 sdc->need_fua_emulation = scsi_block_no_fua;
3046 dc->desc = "SCSI block device passthrough";
3047 dc->props = scsi_block_properties;
3048 dc->vmsd = &vmstate_scsi_disk_state;
3049 }
3050
3051 static const TypeInfo scsi_block_info = {
3052 .name = "scsi-block",
3053 .parent = TYPE_SCSI_DISK_BASE,
3054 .class_init = scsi_block_class_initfn,
3055 };
3056 #endif
3057
3058 static Property scsi_disk_properties[] = {
3059 DEFINE_SCSI_DISK_PROPERTIES(),
3060 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3061 SCSI_DISK_F_REMOVABLE, false),
3062 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3063 SCSI_DISK_F_DPOFUA, false),
3064 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3065 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3066 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3067 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3068 DEFAULT_MAX_UNMAP_SIZE),
3069 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3070 DEFAULT_MAX_IO_SIZE),
3071 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3072 5),
3073 DEFINE_PROP_END_OF_LIST(),
3074 };
3075
3076 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
3077 {
3078 DeviceClass *dc = DEVICE_CLASS(klass);
3079 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3080
3081 sc->realize = scsi_disk_realize;
3082 sc->alloc_req = scsi_new_request;
3083 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3084 dc->fw_name = "disk";
3085 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
3086 dc->reset = scsi_disk_reset;
3087 dc->props = scsi_disk_properties;
3088 dc->vmsd = &vmstate_scsi_disk_state;
3089 }
3090
3091 static const TypeInfo scsi_disk_info = {
3092 .name = "scsi-disk",
3093 .parent = TYPE_SCSI_DISK_BASE,
3094 .class_init = scsi_disk_class_initfn,
3095 };
3096
3097 static void scsi_disk_register_types(void)
3098 {
3099 type_register_static(&scsi_disk_base_info);
3100 type_register_static(&scsi_hd_info);
3101 type_register_static(&scsi_cd_info);
3102 #ifdef __linux__
3103 type_register_static(&scsi_block_info);
3104 #endif
3105 type_register_static(&scsi_disk_info);
3106 }
3107
3108 type_init(scsi_disk_register_types)
QEMU mirror