]> git.proxmox.com Git - mirror_qemu.git/blob - hw/scsi/scsi-disk.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'pull-target-arm-20230203' of https://git.linaro.org/people/pmaydell/qemu...
[mirror_qemu.git] / hw / scsi / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 #include "qemu/osdep.h"
23 #include "qemu/units.h"
24 #include "qapi/error.h"
25 #include "qemu/error-report.h"
26 #include "qemu/main-loop.h"
27 #include "qemu/module.h"
28 #include "qemu/hw-version.h"
29 #include "qemu/memalign.h"
30 #include "hw/scsi/scsi.h"
31 #include "migration/qemu-file-types.h"
32 #include "migration/vmstate.h"
33 #include "hw/scsi/emulation.h"
34 #include "scsi/constants.h"
35 #include "sysemu/block-backend.h"
36 #include "sysemu/blockdev.h"
37 #include "hw/block/block.h"
38 #include "hw/qdev-properties.h"
39 #include "hw/qdev-properties-system.h"
40 #include "sysemu/dma.h"
41 #include "sysemu/sysemu.h"
42 #include "qemu/cutils.h"
43 #include "trace.h"
44 #include "qom/object.h"
45
46 #ifdef __linux
47 #include <scsi/sg.h>
48 #endif
49
50 #define SCSI_WRITE_SAME_MAX (512 * KiB)
51 #define SCSI_DMA_BUF_SIZE (128 * KiB)
52 #define SCSI_MAX_INQUIRY_LEN 256
53 #define SCSI_MAX_MODE_LEN 256
54
55 #define DEFAULT_DISCARD_GRANULARITY (4 * KiB)
56 #define DEFAULT_MAX_UNMAP_SIZE (1 * GiB)
57 #define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
58
59 #define TYPE_SCSI_DISK_BASE "scsi-disk-base"
60
61 OBJECT_DECLARE_TYPE(SCSIDiskState, SCSIDiskClass, SCSI_DISK_BASE)
62
63 struct SCSIDiskClass {
64 SCSIDeviceClass parent_class;
65 DMAIOFunc *dma_readv;
66 DMAIOFunc *dma_writev;
67 bool (*need_fua_emulation)(SCSICommand *cmd);
68 void (*update_sense)(SCSIRequest *r);
69 };
70
71 typedef struct SCSIDiskReq {
72 SCSIRequest req;
73 /* Both sector and sector_count are in terms of BDRV_SECTOR_SIZE bytes. */
74 uint64_t sector;
75 uint32_t sector_count;
76 uint32_t buflen;
77 bool started;
78 bool need_fua_emulation;
79 struct iovec iov;
80 QEMUIOVector qiov;
81 BlockAcctCookie acct;
82 } SCSIDiskReq;
83
84 #define SCSI_DISK_F_REMOVABLE 0
85 #define SCSI_DISK_F_DPOFUA 1
86 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
87
88 struct SCSIDiskState {
89 SCSIDevice qdev;
90 uint32_t features;
91 bool media_changed;
92 bool media_event;
93 bool eject_request;
94 uint16_t port_index;
95 uint64_t max_unmap_size;
96 uint64_t max_io_size;
97 uint32_t quirks;
98 QEMUBH *bh;
99 char *version;
100 char *serial;
101 char *vendor;
102 char *product;
103 char *device_id;
104 bool tray_open;
105 bool tray_locked;
106 /*
107 * 0x0000 - rotation rate not reported
108 * 0x0001 - non-rotating medium (SSD)
109 * 0x0002-0x0400 - reserved
110 * 0x0401-0xffe - rotations per minute
111 * 0xffff - reserved
112 */
113 uint16_t rotation_rate;
114 };
115
116 static void scsi_free_request(SCSIRequest *req)
117 {
118 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
119
120 qemu_vfree(r->iov.iov_base);
121 }
122
123 /* Helper function for command completion with sense. */
124 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
125 {
126 trace_scsi_disk_check_condition(r->req.tag, sense.key, sense.asc,
127 sense.ascq);
128 scsi_req_build_sense(&r->req, sense);
129 scsi_req_complete(&r->req, CHECK_CONDITION);
130 }
131
132 static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
133 {
134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
135
136 if (!r->iov.iov_base) {
137 r->buflen = size;
138 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
139 }
140 r->iov.iov_len = MIN(r->sector_count * BDRV_SECTOR_SIZE, r->buflen);
141 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
142 }
143
144 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
145 {
146 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
147
148 qemu_put_be64s(f, &r->sector);
149 qemu_put_be32s(f, &r->sector_count);
150 qemu_put_be32s(f, &r->buflen);
151 if (r->buflen) {
152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
153 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
154 } else if (!req->retry) {
155 uint32_t len = r->iov.iov_len;
156 qemu_put_be32s(f, &len);
157 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 }
159 }
160 }
161
162 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
163 {
164 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
165
166 qemu_get_be64s(f, &r->sector);
167 qemu_get_be32s(f, &r->sector_count);
168 qemu_get_be32s(f, &r->buflen);
169 if (r->buflen) {
170 scsi_init_iovec(r, r->buflen);
171 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
173 } else if (!r->req.retry) {
174 uint32_t len;
175 qemu_get_be32s(f, &len);
176 r->iov.iov_len = len;
177 assert(r->iov.iov_len <= r->buflen);
178 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
179 }
180 }
181
182 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
183 }
184
185 /*
186 * scsi_handle_rw_error has two return values. False means that the error
187 * must be ignored, true means that the error has been processed and the
188 * caller should not do anything else for this request. Note that
189 * scsi_handle_rw_error always manages its reference counts, independent
190 * of the return value.
191 */
192 static bool scsi_handle_rw_error(SCSIDiskReq *r, int ret, bool acct_failed)
193 {
194 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
195 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
196 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
197 SCSISense sense = SENSE_CODE(NO_SENSE);
198 int error = 0;
199 bool req_has_sense = false;
200 BlockErrorAction action;
201 int status;
202
203 if (ret < 0) {
204 status = scsi_sense_from_errno(-ret, &sense);
205 error = -ret;
206 } else {
207 /* A passthrough command has completed with nonzero status. */
208 status = ret;
209 if (status == CHECK_CONDITION) {
210 req_has_sense = true;
211 error = scsi_sense_buf_to_errno(r->req.sense, sizeof(r->req.sense));
212 } else {
213 error = EINVAL;
214 }
215 }
216
217 /*
218 * Check whether the error has to be handled by the guest or should
219 * rather follow the rerror=/werror= settings. Guest-handled errors
220 * are usually retried immediately, so do not post them to QMP and
221 * do not account them as failed I/O.
222 */
223 if (req_has_sense &&
224 scsi_sense_buf_is_guest_recoverable(r->req.sense, sizeof(r->req.sense))) {
225 action = BLOCK_ERROR_ACTION_REPORT;
226 acct_failed = false;
227 } else {
228 action = blk_get_error_action(s->qdev.conf.blk, is_read, error);
229 blk_error_action(s->qdev.conf.blk, action, is_read, error);
230 }
231
232 switch (action) {
233 case BLOCK_ERROR_ACTION_REPORT:
234 if (acct_failed) {
235 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
236 }
237 if (req_has_sense) {
238 sdc->update_sense(&r->req);
239 } else if (status == CHECK_CONDITION) {
240 scsi_req_build_sense(&r->req, sense);
241 }
242 scsi_req_complete(&r->req, status);
243 return true;
244
245 case BLOCK_ERROR_ACTION_IGNORE:
246 return false;
247
248 case BLOCK_ERROR_ACTION_STOP:
249 scsi_req_retry(&r->req);
250 return true;
251
252 default:
253 g_assert_not_reached();
254 }
255 }
256
257 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
258 {
259 if (r->req.io_canceled) {
260 scsi_req_cancel_complete(&r->req);
261 return true;
262 }
263
264 if (ret < 0) {
265 return scsi_handle_rw_error(r, ret, acct_failed);
266 }
267
268 return false;
269 }
270
271 static void scsi_aio_complete(void *opaque, int ret)
272 {
273 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
274 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
275
276 assert(r->req.aiocb != NULL);
277 r->req.aiocb = NULL;
278 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
279 if (scsi_disk_req_check_error(r, ret, true)) {
280 goto done;
281 }
282
283 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
284 scsi_req_complete(&r->req, GOOD);
285
286 done:
287 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
288 scsi_req_unref(&r->req);
289 }
290
291 static bool scsi_is_cmd_fua(SCSICommand *cmd)
292 {
293 switch (cmd->buf[0]) {
294 case READ_10:
295 case READ_12:
296 case READ_16:
297 case WRITE_10:
298 case WRITE_12:
299 case WRITE_16:
300 return (cmd->buf[1] & 8) != 0;
301
302 case VERIFY_10:
303 case VERIFY_12:
304 case VERIFY_16:
305 case WRITE_VERIFY_10:
306 case WRITE_VERIFY_12:
307 case WRITE_VERIFY_16:
308 return true;
309
310 case READ_6:
311 case WRITE_6:
312 default:
313 return false;
314 }
315 }
316
317 static void scsi_write_do_fua(SCSIDiskReq *r)
318 {
319 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
320
321 assert(r->req.aiocb == NULL);
322 assert(!r->req.io_canceled);
323
324 if (r->need_fua_emulation) {
325 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
326 BLOCK_ACCT_FLUSH);
327 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
328 return;
329 }
330
331 scsi_req_complete(&r->req, GOOD);
332 scsi_req_unref(&r->req);
333 }
334
335 static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
336 {
337 assert(r->req.aiocb == NULL);
338 if (scsi_disk_req_check_error(r, ret, false)) {
339 goto done;
340 }
341
342 r->sector += r->sector_count;
343 r->sector_count = 0;
344 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
345 scsi_write_do_fua(r);
346 return;
347 } else {
348 scsi_req_complete(&r->req, GOOD);
349 }
350
351 done:
352 scsi_req_unref(&r->req);
353 }
354
355 static void scsi_dma_complete(void *opaque, int ret)
356 {
357 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
358 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
359
360 assert(r->req.aiocb != NULL);
361 r->req.aiocb = NULL;
362
363 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
364 if (ret < 0) {
365 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
366 } else {
367 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
368 }
369 scsi_dma_complete_noio(r, ret);
370 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
371 }
372
373 static void scsi_read_complete_noio(SCSIDiskReq *r, int ret)
374 {
375 uint32_t n;
376
377 assert(r->req.aiocb == NULL);
378 if (scsi_disk_req_check_error(r, ret, false)) {
379 goto done;
380 }
381
382 n = r->qiov.size / BDRV_SECTOR_SIZE;
383 r->sector += n;
384 r->sector_count -= n;
385 scsi_req_data(&r->req, r->qiov.size);
386
387 done:
388 scsi_req_unref(&r->req);
389 }
390
391 static void scsi_read_complete(void *opaque, int ret)
392 {
393 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
395
396 assert(r->req.aiocb != NULL);
397 r->req.aiocb = NULL;
398
399 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
400 if (ret < 0) {
401 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
402 } else {
403 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
404 trace_scsi_disk_read_complete(r->req.tag, r->qiov.size);
405 }
406 scsi_read_complete_noio(r, ret);
407 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
408 }
409
410 /* Actually issue a read to the block device. */
411 static void scsi_do_read(SCSIDiskReq *r, int ret)
412 {
413 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
414 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
415
416 assert (r->req.aiocb == NULL);
417 if (scsi_disk_req_check_error(r, ret, false)) {
418 goto done;
419 }
420
421 /* The request is used as the AIO opaque value, so add a ref. */
422 scsi_req_ref(&r->req);
423
424 if (r->req.sg) {
425 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
426 r->req.residual -= r->req.sg->size;
427 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
428 r->req.sg, r->sector << BDRV_SECTOR_BITS,
429 BDRV_SECTOR_SIZE,
430 sdc->dma_readv, r, scsi_dma_complete, r,
431 DMA_DIRECTION_FROM_DEVICE);
432 } else {
433 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
434 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
435 r->qiov.size, BLOCK_ACCT_READ);
436 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
437 scsi_read_complete, r, r);
438 }
439
440 done:
441 scsi_req_unref(&r->req);
442 }
443
444 static void scsi_do_read_cb(void *opaque, int ret)
445 {
446 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
448
449 assert (r->req.aiocb != NULL);
450 r->req.aiocb = NULL;
451
452 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
453 if (ret < 0) {
454 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
455 } else {
456 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
457 }
458 scsi_do_read(opaque, ret);
459 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
460 }
461
462 /* Read more data from scsi device into buffer. */
463 static void scsi_read_data(SCSIRequest *req)
464 {
465 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
466 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
467 bool first;
468
469 trace_scsi_disk_read_data_count(r->sector_count);
470 if (r->sector_count == 0) {
471 /* This also clears the sense buffer for REQUEST SENSE. */
472 scsi_req_complete(&r->req, GOOD);
473 return;
474 }
475
476 /* No data transfer may already be in progress */
477 assert(r->req.aiocb == NULL);
478
479 /* The request is used as the AIO opaque value, so add a ref. */
480 scsi_req_ref(&r->req);
481 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
482 trace_scsi_disk_read_data_invalid();
483 scsi_read_complete_noio(r, -EINVAL);
484 return;
485 }
486
487 if (!blk_is_available(req->dev->conf.blk)) {
488 scsi_read_complete_noio(r, -ENOMEDIUM);
489 return;
490 }
491
492 first = !r->started;
493 r->started = true;
494 if (first && r->need_fua_emulation) {
495 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
496 BLOCK_ACCT_FLUSH);
497 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
498 } else {
499 scsi_do_read(r, 0);
500 }
501 }
502
503 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
504 {
505 uint32_t n;
506
507 assert (r->req.aiocb == NULL);
508 if (scsi_disk_req_check_error(r, ret, false)) {
509 goto done;
510 }
511
512 n = r->qiov.size / BDRV_SECTOR_SIZE;
513 r->sector += n;
514 r->sector_count -= n;
515 if (r->sector_count == 0) {
516 scsi_write_do_fua(r);
517 return;
518 } else {
519 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
520 trace_scsi_disk_write_complete_noio(r->req.tag, r->qiov.size);
521 scsi_req_data(&r->req, r->qiov.size);
522 }
523
524 done:
525 scsi_req_unref(&r->req);
526 }
527
528 static void scsi_write_complete(void * opaque, int ret)
529 {
530 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
531 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
532
533 assert (r->req.aiocb != NULL);
534 r->req.aiocb = NULL;
535
536 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
537 if (ret < 0) {
538 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
539 } else {
540 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
541 }
542 scsi_write_complete_noio(r, ret);
543 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
544 }
545
546 static void scsi_write_data(SCSIRequest *req)
547 {
548 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
549 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
550 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
551
552 /* No data transfer may already be in progress */
553 assert(r->req.aiocb == NULL);
554
555 /* The request is used as the AIO opaque value, so add a ref. */
556 scsi_req_ref(&r->req);
557 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
558 trace_scsi_disk_write_data_invalid();
559 scsi_write_complete_noio(r, -EINVAL);
560 return;
561 }
562
563 if (!r->req.sg && !r->qiov.size) {
564 /* Called for the first time. Ask the driver to send us more data. */
565 r->started = true;
566 scsi_write_complete_noio(r, 0);
567 return;
568 }
569 if (!blk_is_available(req->dev->conf.blk)) {
570 scsi_write_complete_noio(r, -ENOMEDIUM);
571 return;
572 }
573
574 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
575 r->req.cmd.buf[0] == VERIFY_16) {
576 if (r->req.sg) {
577 scsi_dma_complete_noio(r, 0);
578 } else {
579 scsi_write_complete_noio(r, 0);
580 }
581 return;
582 }
583
584 if (r->req.sg) {
585 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
586 r->req.residual -= r->req.sg->size;
587 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
588 r->req.sg, r->sector << BDRV_SECTOR_BITS,
589 BDRV_SECTOR_SIZE,
590 sdc->dma_writev, r, scsi_dma_complete, r,
591 DMA_DIRECTION_TO_DEVICE);
592 } else {
593 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
594 r->qiov.size, BLOCK_ACCT_WRITE);
595 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
596 scsi_write_complete, r, r);
597 }
598 }
599
600 /* Return a pointer to the data buffer. */
601 static uint8_t *scsi_get_buf(SCSIRequest *req)
602 {
603 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
604
605 return (uint8_t *)r->iov.iov_base;
606 }
607
608 static int scsi_disk_emulate_vpd_page(SCSIRequest *req, uint8_t *outbuf)
609 {
610 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
611 uint8_t page_code = req->cmd.buf[2];
612 int start, buflen = 0;
613
614 outbuf[buflen++] = s->qdev.type & 0x1f;
615 outbuf[buflen++] = page_code;
616 outbuf[buflen++] = 0x00;
617 outbuf[buflen++] = 0x00;
618 start = buflen;
619
620 switch (page_code) {
621 case 0x00: /* Supported page codes, mandatory */
622 {
623 trace_scsi_disk_emulate_vpd_page_00(req->cmd.xfer);
624 outbuf[buflen++] = 0x00; /* list of supported pages (this page) */
625 if (s->serial) {
626 outbuf[buflen++] = 0x80; /* unit serial number */
627 }
628 outbuf[buflen++] = 0x83; /* device identification */
629 if (s->qdev.type == TYPE_DISK) {
630 outbuf[buflen++] = 0xb0; /* block limits */
631 outbuf[buflen++] = 0xb1; /* block device characteristics */
632 outbuf[buflen++] = 0xb2; /* thin provisioning */
633 }
634 break;
635 }
636 case 0x80: /* Device serial number, optional */
637 {
638 int l;
639
640 if (!s->serial) {
641 trace_scsi_disk_emulate_vpd_page_80_not_supported();
642 return -1;
643 }
644
645 l = strlen(s->serial);
646 if (l > 36) {
647 l = 36;
648 }
649
650 trace_scsi_disk_emulate_vpd_page_80(req->cmd.xfer);
651 memcpy(outbuf + buflen, s->serial, l);
652 buflen += l;
653 break;
654 }
655
656 case 0x83: /* Device identification page, mandatory */
657 {
658 int id_len = s->device_id ? MIN(strlen(s->device_id), 255 - 8) : 0;
659
660 trace_scsi_disk_emulate_vpd_page_83(req->cmd.xfer);
661
662 if (id_len) {
663 outbuf[buflen++] = 0x2; /* ASCII */
664 outbuf[buflen++] = 0; /* not officially assigned */
665 outbuf[buflen++] = 0; /* reserved */
666 outbuf[buflen++] = id_len; /* length of data following */
667 memcpy(outbuf + buflen, s->device_id, id_len);
668 buflen += id_len;
669 }
670
671 if (s->qdev.wwn) {
672 outbuf[buflen++] = 0x1; /* Binary */
673 outbuf[buflen++] = 0x3; /* NAA */
674 outbuf[buflen++] = 0; /* reserved */
675 outbuf[buflen++] = 8;
676 stq_be_p(&outbuf[buflen], s->qdev.wwn);
677 buflen += 8;
678 }
679
680 if (s->qdev.port_wwn) {
681 outbuf[buflen++] = 0x61; /* SAS / Binary */
682 outbuf[buflen++] = 0x93; /* PIV / Target port / NAA */
683 outbuf[buflen++] = 0; /* reserved */
684 outbuf[buflen++] = 8;
685 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
686 buflen += 8;
687 }
688
689 if (s->port_index) {
690 outbuf[buflen++] = 0x61; /* SAS / Binary */
691
692 /* PIV/Target port/relative target port */
693 outbuf[buflen++] = 0x94;
694
695 outbuf[buflen++] = 0; /* reserved */
696 outbuf[buflen++] = 4;
697 stw_be_p(&outbuf[buflen + 2], s->port_index);
698 buflen += 4;
699 }
700 break;
701 }
702 case 0xb0: /* block limits */
703 {
704 SCSIBlockLimits bl = {};
705
706 if (s->qdev.type == TYPE_ROM) {
707 trace_scsi_disk_emulate_vpd_page_b0_not_supported();
708 return -1;
709 }
710 bl.wsnz = 1;
711 bl.unmap_sectors =
712 s->qdev.conf.discard_granularity / s->qdev.blocksize;
713 bl.min_io_size =
714 s->qdev.conf.min_io_size / s->qdev.blocksize;
715 bl.opt_io_size =
716 s->qdev.conf.opt_io_size / s->qdev.blocksize;
717 bl.max_unmap_sectors =
718 s->max_unmap_size / s->qdev.blocksize;
719 bl.max_io_sectors =
720 s->max_io_size / s->qdev.blocksize;
721 /* 255 descriptors fit in 4 KiB with an 8-byte header */
722 bl.max_unmap_descr = 255;
723
724 if (s->qdev.type == TYPE_DISK) {
725 int max_transfer_blk = blk_get_max_transfer(s->qdev.conf.blk);
726 int max_io_sectors_blk =
727 max_transfer_blk / s->qdev.blocksize;
728
729 bl.max_io_sectors =
730 MIN_NON_ZERO(max_io_sectors_blk, bl.max_io_sectors);
731 }
732 buflen += scsi_emulate_block_limits(outbuf + buflen, &bl);
733 break;
734 }
735 case 0xb1: /* block device characteristics */
736 {
737 buflen = 0x40;
738 outbuf[4] = (s->rotation_rate >> 8) & 0xff;
739 outbuf[5] = s->rotation_rate & 0xff;
740 outbuf[6] = 0; /* PRODUCT TYPE */
741 outbuf[7] = 0; /* WABEREQ | WACEREQ | NOMINAL FORM FACTOR */
742 outbuf[8] = 0; /* VBULS */
743 break;
744 }
745 case 0xb2: /* thin provisioning */
746 {
747 buflen = 8;
748 outbuf[4] = 0;
749 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
750 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
751 outbuf[7] = 0;
752 break;
753 }
754 default:
755 return -1;
756 }
757 /* done with EVPD */
758 assert(buflen - start <= 255);
759 outbuf[start - 1] = buflen - start;
760 return buflen;
761 }
762
763 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
764 {
765 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
766 int buflen = 0;
767
768 if (req->cmd.buf[1] & 0x1) {
769 /* Vital product data */
770 return scsi_disk_emulate_vpd_page(req, outbuf);
771 }
772
773 /* Standard INQUIRY data */
774 if (req->cmd.buf[2] != 0) {
775 return -1;
776 }
777
778 /* PAGE CODE == 0 */
779 buflen = req->cmd.xfer;
780 if (buflen > SCSI_MAX_INQUIRY_LEN) {
781 buflen = SCSI_MAX_INQUIRY_LEN;
782 }
783
784 outbuf[0] = s->qdev.type & 0x1f;
785 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
786
787 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
788 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
789
790 memset(&outbuf[32], 0, 4);
791 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
792 /*
793 * We claim conformance to SPC-3, which is required for guests
794 * to ask for modern features like READ CAPACITY(16) or the
795 * block characteristics VPD page by default. Not all of SPC-3
796 * is actually implemented, but we're good enough.
797 */
798 outbuf[2] = s->qdev.default_scsi_version;
799 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
800
801 if (buflen > 36) {
802 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
803 } else {
804 /* If the allocation length of CDB is too small,
805 the additional length is not adjusted */
806 outbuf[4] = 36 - 5;
807 }
808
809 /* Sync data transfer and TCQ. */
810 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
811 return buflen;
812 }
813
814 static inline bool media_is_dvd(SCSIDiskState *s)
815 {
816 uint64_t nb_sectors;
817 if (s->qdev.type != TYPE_ROM) {
818 return false;
819 }
820 if (!blk_is_available(s->qdev.conf.blk)) {
821 return false;
822 }
823 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
824 return nb_sectors > CD_MAX_SECTORS;
825 }
826
827 static inline bool media_is_cd(SCSIDiskState *s)
828 {
829 uint64_t nb_sectors;
830 if (s->qdev.type != TYPE_ROM) {
831 return false;
832 }
833 if (!blk_is_available(s->qdev.conf.blk)) {
834 return false;
835 }
836 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
837 return nb_sectors <= CD_MAX_SECTORS;
838 }
839
840 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
841 uint8_t *outbuf)
842 {
843 uint8_t type = r->req.cmd.buf[1] & 7;
844
845 if (s->qdev.type != TYPE_ROM) {
846 return -1;
847 }
848
849 /* Types 1/2 are only defined for Blu-Ray. */
850 if (type != 0) {
851 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
852 return -1;
853 }
854
855 memset(outbuf, 0, 34);
856 outbuf[1] = 32;
857 outbuf[2] = 0xe; /* last session complete, disc finalized */
858 outbuf[3] = 1; /* first track on disc */
859 outbuf[4] = 1; /* # of sessions */
860 outbuf[5] = 1; /* first track of last session */
861 outbuf[6] = 1; /* last track of last session */
862 outbuf[7] = 0x20; /* unrestricted use */
863 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
864 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
865 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
866 /* 24-31: disc bar code */
867 /* 32: disc application code */
868 /* 33: number of OPC tables */
869
870 return 34;
871 }
872
873 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
874 uint8_t *outbuf)
875 {
876 static const int rds_caps_size[5] = {
877 [0] = 2048 + 4,
878 [1] = 4 + 4,
879 [3] = 188 + 4,
880 [4] = 2048 + 4,
881 };
882
883 uint8_t media = r->req.cmd.buf[1];
884 uint8_t layer = r->req.cmd.buf[6];
885 uint8_t format = r->req.cmd.buf[7];
886 int size = -1;
887
888 if (s->qdev.type != TYPE_ROM) {
889 return -1;
890 }
891 if (media != 0) {
892 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
893 return -1;
894 }
895
896 if (format != 0xff) {
897 if (!blk_is_available(s->qdev.conf.blk)) {
898 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
899 return -1;
900 }
901 if (media_is_cd(s)) {
902 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
903 return -1;
904 }
905 if (format >= ARRAY_SIZE(rds_caps_size)) {
906 return -1;
907 }
908 size = rds_caps_size[format];
909 memset(outbuf, 0, size);
910 }
911
912 switch (format) {
913 case 0x00: {
914 /* Physical format information */
915 uint64_t nb_sectors;
916 if (layer != 0) {
917 goto fail;
918 }
919 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
920
921 outbuf[4] = 1; /* DVD-ROM, part version 1 */
922 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
923 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
924 outbuf[7] = 0; /* default densities */
925
926 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
927 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
928 break;
929 }
930
931 case 0x01: /* DVD copyright information, all zeros */
932 break;
933
934 case 0x03: /* BCA information - invalid field for no BCA info */
935 return -1;
936
937 case 0x04: /* DVD disc manufacturing information, all zeros */
938 break;
939
940 case 0xff: { /* List capabilities */
941 int i;
942 size = 4;
943 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
944 if (!rds_caps_size[i]) {
945 continue;
946 }
947 outbuf[size] = i;
948 outbuf[size + 1] = 0x40; /* Not writable, readable */
949 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
950 size += 4;
951 }
952 break;
953 }
954
955 default:
956 return -1;
957 }
958
959 /* Size of buffer, not including 2 byte size field */
960 stw_be_p(outbuf, size - 2);
961 return size;
962
963 fail:
964 return -1;
965 }
966
967 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
968 {
969 uint8_t event_code, media_status;
970
971 media_status = 0;
972 if (s->tray_open) {
973 media_status = MS_TRAY_OPEN;
974 } else if (blk_is_inserted(s->qdev.conf.blk)) {
975 media_status = MS_MEDIA_PRESENT;
976 }
977
978 /* Event notification descriptor */
979 event_code = MEC_NO_CHANGE;
980 if (media_status != MS_TRAY_OPEN) {
981 if (s->media_event) {
982 event_code = MEC_NEW_MEDIA;
983 s->media_event = false;
984 } else if (s->eject_request) {
985 event_code = MEC_EJECT_REQUESTED;
986 s->eject_request = false;
987 }
988 }
989
990 outbuf[0] = event_code;
991 outbuf[1] = media_status;
992
993 /* These fields are reserved, just clear them. */
994 outbuf[2] = 0;
995 outbuf[3] = 0;
996 return 4;
997 }
998
999 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
1000 uint8_t *outbuf)
1001 {
1002 int size;
1003 uint8_t *buf = r->req.cmd.buf;
1004 uint8_t notification_class_request = buf[4];
1005 if (s->qdev.type != TYPE_ROM) {
1006 return -1;
1007 }
1008 if ((buf[1] & 1) == 0) {
1009 /* asynchronous */
1010 return -1;
1011 }
1012
1013 size = 4;
1014 outbuf[0] = outbuf[1] = 0;
1015 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
1016 if (notification_class_request & (1 << GESN_MEDIA)) {
1017 outbuf[2] = GESN_MEDIA;
1018 size += scsi_event_status_media(s, &outbuf[size]);
1019 } else {
1020 outbuf[2] = 0x80;
1021 }
1022 stw_be_p(outbuf, size - 4);
1023 return size;
1024 }
1025
1026 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
1027 {
1028 int current;
1029
1030 if (s->qdev.type != TYPE_ROM) {
1031 return -1;
1032 }
1033
1034 if (media_is_dvd(s)) {
1035 current = MMC_PROFILE_DVD_ROM;
1036 } else if (media_is_cd(s)) {
1037 current = MMC_PROFILE_CD_ROM;
1038 } else {
1039 current = MMC_PROFILE_NONE;
1040 }
1041
1042 memset(outbuf, 0, 40);
1043 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1044 stw_be_p(&outbuf[6], current);
1045 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1046 outbuf[10] = 0x03; /* persistent, current */
1047 outbuf[11] = 8; /* two profiles */
1048 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1049 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1050 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1051 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1052 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1053 stw_be_p(&outbuf[20], 1);
1054 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1055 outbuf[23] = 8;
1056 stl_be_p(&outbuf[24], 1); /* SCSI */
1057 outbuf[28] = 1; /* DBE = 1, mandatory */
1058 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1059 stw_be_p(&outbuf[32], 3);
1060 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1061 outbuf[35] = 4;
1062 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1063 /* TODO: Random readable, CD read, DVD read, drive serial number,
1064 power management */
1065 return 40;
1066 }
1067
1068 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1069 {
1070 if (s->qdev.type != TYPE_ROM) {
1071 return -1;
1072 }
1073 memset(outbuf, 0, 8);
1074 outbuf[5] = 1; /* CD-ROM */
1075 return 8;
1076 }
1077
1078 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1079 int page_control)
1080 {
1081 static const int mode_sense_valid[0x3f] = {
1082 [MODE_PAGE_VENDOR_SPECIFIC] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1083 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1084 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1085 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1086 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1087 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1088 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1089 [MODE_PAGE_APPLE_VENDOR] = (1 << TYPE_ROM),
1090 };
1091
1092 uint8_t *p = *p_outbuf + 2;
1093 int length;
1094
1095 assert(page < ARRAY_SIZE(mode_sense_valid));
1096 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1097 return -1;
1098 }
1099
1100 /*
1101 * If Changeable Values are requested, a mask denoting those mode parameters
1102 * that are changeable shall be returned. As we currently don't support
1103 * parameter changes via MODE_SELECT all bits are returned set to zero.
1104 * The buffer was already menset to zero by the caller of this function.
1105 *
1106 * The offsets here are off by two compared to the descriptions in the
1107 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1108 * but it is done so that offsets are consistent within our implementation
1109 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1110 * 2-byte and 4-byte headers.
1111 */
1112 switch (page) {
1113 case MODE_PAGE_HD_GEOMETRY:
1114 length = 0x16;
1115 if (page_control == 1) { /* Changeable Values */
1116 break;
1117 }
1118 /* if a geometry hint is available, use it */
1119 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1120 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1121 p[2] = s->qdev.conf.cyls & 0xff;
1122 p[3] = s->qdev.conf.heads & 0xff;
1123 /* Write precomp start cylinder, disabled */
1124 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1125 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1126 p[6] = s->qdev.conf.cyls & 0xff;
1127 /* Reduced current start cylinder, disabled */
1128 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1129 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1130 p[9] = s->qdev.conf.cyls & 0xff;
1131 /* Device step rate [ns], 200ns */
1132 p[10] = 0;
1133 p[11] = 200;
1134 /* Landing zone cylinder */
1135 p[12] = 0xff;
1136 p[13] = 0xff;
1137 p[14] = 0xff;
1138 /* Medium rotation rate [rpm], 5400 rpm */
1139 p[18] = (5400 >> 8) & 0xff;
1140 p[19] = 5400 & 0xff;
1141 break;
1142
1143 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1144 length = 0x1e;
1145 if (page_control == 1) { /* Changeable Values */
1146 break;
1147 }
1148 /* Transfer rate [kbit/s], 5Mbit/s */
1149 p[0] = 5000 >> 8;
1150 p[1] = 5000 & 0xff;
1151 /* if a geometry hint is available, use it */
1152 p[2] = s->qdev.conf.heads & 0xff;
1153 p[3] = s->qdev.conf.secs & 0xff;
1154 p[4] = s->qdev.blocksize >> 8;
1155 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1156 p[7] = s->qdev.conf.cyls & 0xff;
1157 /* Write precomp start cylinder, disabled */
1158 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1159 p[9] = s->qdev.conf.cyls & 0xff;
1160 /* Reduced current start cylinder, disabled */
1161 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1162 p[11] = s->qdev.conf.cyls & 0xff;
1163 /* Device step rate [100us], 100us */
1164 p[12] = 0;
1165 p[13] = 1;
1166 /* Device step pulse width [us], 1us */
1167 p[14] = 1;
1168 /* Device head settle delay [100us], 100us */
1169 p[15] = 0;
1170 p[16] = 1;
1171 /* Motor on delay [0.1s], 0.1s */
1172 p[17] = 1;
1173 /* Motor off delay [0.1s], 0.1s */
1174 p[18] = 1;
1175 /* Medium rotation rate [rpm], 5400 rpm */
1176 p[26] = (5400 >> 8) & 0xff;
1177 p[27] = 5400 & 0xff;
1178 break;
1179
1180 case MODE_PAGE_CACHING:
1181 length = 0x12;
1182 if (page_control == 1 || /* Changeable Values */
1183 blk_enable_write_cache(s->qdev.conf.blk)) {
1184 p[0] = 4; /* WCE */
1185 }
1186 break;
1187
1188 case MODE_PAGE_R_W_ERROR:
1189 length = 10;
1190 if (page_control == 1) { /* Changeable Values */
1191 if (s->qdev.type == TYPE_ROM) {
1192 /* Automatic Write Reallocation Enabled */
1193 p[0] = 0x80;
1194 }
1195 break;
1196 }
1197 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1198 if (s->qdev.type == TYPE_ROM) {
1199 p[1] = 0x20; /* Read Retry Count */
1200 }
1201 break;
1202
1203 case MODE_PAGE_AUDIO_CTL:
1204 length = 14;
1205 break;
1206
1207 case MODE_PAGE_CAPABILITIES:
1208 length = 0x14;
1209 if (page_control == 1) { /* Changeable Values */
1210 break;
1211 }
1212
1213 p[0] = 0x3b; /* CD-R & CD-RW read */
1214 p[1] = 0; /* Writing not supported */
1215 p[2] = 0x7f; /* Audio, composite, digital out,
1216 mode 2 form 1&2, multi session */
1217 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1218 RW corrected, C2 errors, ISRC,
1219 UPC, Bar code */
1220 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1221 /* Locking supported, jumper present, eject, tray */
1222 p[5] = 0; /* no volume & mute control, no
1223 changer */
1224 p[6] = (50 * 176) >> 8; /* 50x read speed */
1225 p[7] = (50 * 176) & 0xff;
1226 p[8] = 2 >> 8; /* Two volume levels */
1227 p[9] = 2 & 0xff;
1228 p[10] = 2048 >> 8; /* 2M buffer */
1229 p[11] = 2048 & 0xff;
1230 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1231 p[13] = (16 * 176) & 0xff;
1232 p[16] = (16 * 176) >> 8; /* 16x write speed */
1233 p[17] = (16 * 176) & 0xff;
1234 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1235 p[19] = (16 * 176) & 0xff;
1236 break;
1237
1238 case MODE_PAGE_APPLE_VENDOR:
1239 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR)) {
1240 length = 0x1e;
1241 if (page_control == 1) { /* Changeable Values */
1242 break;
1243 }
1244
1245 memset(p, 0, length);
1246 strcpy((char *)p + 8, "APPLE COMPUTER, INC ");
1247 break;
1248 } else {
1249 return -1;
1250 }
1251
1252 case MODE_PAGE_VENDOR_SPECIFIC:
1253 if (s->qdev.type == TYPE_DISK && (s->quirks &
1254 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1255 length = 0x2;
1256 if (page_control == 1) { /* Changeable Values */
1257 p[0] = 0xff;
1258 p[1] = 0xff;
1259 break;
1260 }
1261 p[0] = 0;
1262 p[1] = 0;
1263 break;
1264 } else {
1265 return -1;
1266 }
1267
1268 default:
1269 return -1;
1270 }
1271
1272 assert(length < 256);
1273 (*p_outbuf)[0] = page;
1274 (*p_outbuf)[1] = length;
1275 *p_outbuf += length + 2;
1276 return length + 2;
1277 }
1278
1279 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1280 {
1281 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1282 uint64_t nb_sectors;
1283 bool dbd;
1284 int page, buflen, ret, page_control;
1285 uint8_t *p;
1286 uint8_t dev_specific_param;
1287
1288 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1289 page = r->req.cmd.buf[2] & 0x3f;
1290 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1291
1292 trace_scsi_disk_emulate_mode_sense((r->req.cmd.buf[0] == MODE_SENSE) ? 6 :
1293 10, page, r->req.cmd.xfer, page_control);
1294 memset(outbuf, 0, r->req.cmd.xfer);
1295 p = outbuf;
1296
1297 if (s->qdev.type == TYPE_DISK) {
1298 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1299 if (!blk_is_writable(s->qdev.conf.blk)) {
1300 dev_specific_param |= 0x80; /* Readonly. */
1301 }
1302 } else {
1303 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD)) {
1304 /* Use DBD from the request... */
1305 dev_specific_param = 0x00;
1306
1307 /*
1308 * ... unless we receive a request for MODE_PAGE_APPLE_VENDOR
1309 * which should never return a block descriptor even though DBD is
1310 * not set, otherwise CDROM detection fails in MacOS
1311 */
1312 if (s->quirks & (1 << SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR) &&
1313 page == MODE_PAGE_APPLE_VENDOR) {
1314 dbd = true;
1315 }
1316 } else {
1317 /*
1318 * MMC prescribes that CD/DVD drives have no block descriptors,
1319 * and defines no device-specific parameter.
1320 */
1321 dev_specific_param = 0x00;
1322 dbd = true;
1323 }
1324 }
1325
1326 if (r->req.cmd.buf[0] == MODE_SENSE) {
1327 p[1] = 0; /* Default media type. */
1328 p[2] = dev_specific_param;
1329 p[3] = 0; /* Block descriptor length. */
1330 p += 4;
1331 } else { /* MODE_SENSE_10 */
1332 p[2] = 0; /* Default media type. */
1333 p[3] = dev_specific_param;
1334 p[6] = p[7] = 0; /* Block descriptor length. */
1335 p += 8;
1336 }
1337
1338 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1339 if (!dbd && nb_sectors) {
1340 if (r->req.cmd.buf[0] == MODE_SENSE) {
1341 outbuf[3] = 8; /* Block descriptor length */
1342 } else { /* MODE_SENSE_10 */
1343 outbuf[7] = 8; /* Block descriptor length */
1344 }
1345 nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1346 if (nb_sectors > 0xffffff) {
1347 nb_sectors = 0;
1348 }
1349 p[0] = 0; /* media density code */
1350 p[1] = (nb_sectors >> 16) & 0xff;
1351 p[2] = (nb_sectors >> 8) & 0xff;
1352 p[3] = nb_sectors & 0xff;
1353 p[4] = 0; /* reserved */
1354 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1355 p[6] = s->qdev.blocksize >> 8;
1356 p[7] = 0;
1357 p += 8;
1358 }
1359
1360 if (page_control == 3) {
1361 /* Saved Values */
1362 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1363 return -1;
1364 }
1365
1366 if (page == 0x3f) {
1367 for (page = 0; page <= 0x3e; page++) {
1368 mode_sense_page(s, page, &p, page_control);
1369 }
1370 } else {
1371 ret = mode_sense_page(s, page, &p, page_control);
1372 if (ret == -1) {
1373 return -1;
1374 }
1375 }
1376
1377 buflen = p - outbuf;
1378 /*
1379 * The mode data length field specifies the length in bytes of the
1380 * following data that is available to be transferred. The mode data
1381 * length does not include itself.
1382 */
1383 if (r->req.cmd.buf[0] == MODE_SENSE) {
1384 outbuf[0] = buflen - 1;
1385 } else { /* MODE_SENSE_10 */
1386 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1387 outbuf[1] = (buflen - 2) & 0xff;
1388 }
1389 return buflen;
1390 }
1391
1392 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1393 {
1394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1395 int start_track, format, msf, toclen;
1396 uint64_t nb_sectors;
1397
1398 msf = req->cmd.buf[1] & 2;
1399 format = req->cmd.buf[2] & 0xf;
1400 start_track = req->cmd.buf[6];
1401 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
1402 trace_scsi_disk_emulate_read_toc(start_track, format, msf >> 1);
1403 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
1404 switch (format) {
1405 case 0:
1406 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1407 break;
1408 case 1:
1409 /* multi session : only a single session defined */
1410 toclen = 12;
1411 memset(outbuf, 0, 12);
1412 outbuf[1] = 0x0a;
1413 outbuf[2] = 0x01;
1414 outbuf[3] = 0x01;
1415 break;
1416 case 2:
1417 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1418 break;
1419 default:
1420 return -1;
1421 }
1422 return toclen;
1423 }
1424
1425 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1426 {
1427 SCSIRequest *req = &r->req;
1428 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1429 bool start = req->cmd.buf[4] & 1;
1430 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1431 int pwrcnd = req->cmd.buf[4] & 0xf0;
1432
1433 if (pwrcnd) {
1434 /* eject/load only happens for power condition == 0 */
1435 return 0;
1436 }
1437
1438 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1439 if (!start && !s->tray_open && s->tray_locked) {
1440 scsi_check_condition(r,
1441 blk_is_inserted(s->qdev.conf.blk)
1442 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1443 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1444 return -1;
1445 }
1446
1447 if (s->tray_open != !start) {
1448 blk_eject(s->qdev.conf.blk, !start);
1449 s->tray_open = !start;
1450 }
1451 }
1452 return 0;
1453 }
1454
1455 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1456 {
1457 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1458 int buflen = r->iov.iov_len;
1459
1460 if (buflen) {
1461 trace_scsi_disk_emulate_read_data(buflen);
1462 r->iov.iov_len = 0;
1463 r->started = true;
1464 scsi_req_data(&r->req, buflen);
1465 return;
1466 }
1467
1468 /* This also clears the sense buffer for REQUEST SENSE. */
1469 scsi_req_complete(&r->req, GOOD);
1470 }
1471
1472 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1473 uint8_t *inbuf, int inlen)
1474 {
1475 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1476 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1477 uint8_t *p;
1478 int len, expected_len, changeable_len, i;
1479
1480 /* The input buffer does not include the page header, so it is
1481 * off by 2 bytes.
1482 */
1483 expected_len = inlen + 2;
1484 if (expected_len > SCSI_MAX_MODE_LEN) {
1485 return -1;
1486 }
1487
1488 /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
1489 if (page == MODE_PAGE_ALLS) {
1490 return -1;
1491 }
1492
1493 p = mode_current;
1494 memset(mode_current, 0, inlen + 2);
1495 len = mode_sense_page(s, page, &p, 0);
1496 if (len < 0 || len != expected_len) {
1497 return -1;
1498 }
1499
1500 p = mode_changeable;
1501 memset(mode_changeable, 0, inlen + 2);
1502 changeable_len = mode_sense_page(s, page, &p, 1);
1503 assert(changeable_len == len);
1504
1505 /* Check that unchangeable bits are the same as what MODE SENSE
1506 * would return.
1507 */
1508 for (i = 2; i < len; i++) {
1509 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1510 return -1;
1511 }
1512 }
1513 return 0;
1514 }
1515
1516 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1517 {
1518 switch (page) {
1519 case MODE_PAGE_CACHING:
1520 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
1521 break;
1522
1523 default:
1524 break;
1525 }
1526 }
1527
1528 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1529 {
1530 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1531
1532 while (len > 0) {
1533 int page, subpage, page_len;
1534
1535 /* Parse both possible formats for the mode page headers. */
1536 page = p[0] & 0x3f;
1537 if (p[0] & 0x40) {
1538 if (len < 4) {
1539 goto invalid_param_len;
1540 }
1541 subpage = p[1];
1542 page_len = lduw_be_p(&p[2]);
1543 p += 4;
1544 len -= 4;
1545 } else {
1546 if (len < 2) {
1547 goto invalid_param_len;
1548 }
1549 subpage = 0;
1550 page_len = p[1];
1551 p += 2;
1552 len -= 2;
1553 }
1554
1555 if (subpage) {
1556 goto invalid_param;
1557 }
1558 if (page_len > len) {
1559 if (!(s->quirks & SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED)) {
1560 goto invalid_param_len;
1561 }
1562 trace_scsi_disk_mode_select_page_truncated(page, page_len, len);
1563 }
1564
1565 if (!change) {
1566 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1567 goto invalid_param;
1568 }
1569 } else {
1570 scsi_disk_apply_mode_select(s, page, p);
1571 }
1572
1573 p += page_len;
1574 len -= page_len;
1575 }
1576 return 0;
1577
1578 invalid_param:
1579 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1580 return -1;
1581
1582 invalid_param_len:
1583 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1584 return -1;
1585 }
1586
1587 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1588 {
1589 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1590 uint8_t *p = inbuf;
1591 int cmd = r->req.cmd.buf[0];
1592 int len = r->req.cmd.xfer;
1593 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1594 int bd_len, bs;
1595 int pass;
1596
1597 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1598 if (!(s->quirks &
1599 (1 << SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE))) {
1600 /* We only support PF=1, SP=0. */
1601 goto invalid_field;
1602 }
1603 }
1604
1605 if (len < hdr_len) {
1606 goto invalid_param_len;
1607 }
1608
1609 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1610 len -= hdr_len;
1611 p += hdr_len;
1612 if (len < bd_len) {
1613 goto invalid_param_len;
1614 }
1615 if (bd_len != 0 && bd_len != 8) {
1616 goto invalid_param;
1617 }
1618
1619 /* Allow changing the block size */
1620 if (bd_len) {
1621 bs = p[5] << 16 | p[6] << 8 | p[7];
1622
1623 /*
1624 * Since the existing code only checks/updates bits 8-15 of the block
1625 * size, restrict ourselves to the same requirement for now to ensure
1626 * that a block size set by a block descriptor and then read back by
1627 * a subsequent SCSI command will be the same
1628 */
1629 if (bs && !(bs & ~0xff00) && bs != s->qdev.blocksize) {
1630 s->qdev.blocksize = bs;
1631 trace_scsi_disk_mode_select_set_blocksize(s->qdev.blocksize);
1632 }
1633 }
1634
1635 len -= bd_len;
1636 p += bd_len;
1637
1638 /* Ensure no change is made if there is an error! */
1639 for (pass = 0; pass < 2; pass++) {
1640 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1641 assert(pass == 0);
1642 return;
1643 }
1644 }
1645 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
1646 /* The request is used as the AIO opaque value, so add a ref. */
1647 scsi_req_ref(&r->req);
1648 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
1649 BLOCK_ACCT_FLUSH);
1650 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
1651 return;
1652 }
1653
1654 scsi_req_complete(&r->req, GOOD);
1655 return;
1656
1657 invalid_param:
1658 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1659 return;
1660
1661 invalid_param_len:
1662 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1663 return;
1664
1665 invalid_field:
1666 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1667 }
1668
1669 /* sector_num and nb_sectors expected to be in qdev blocksize */
1670 static inline bool check_lba_range(SCSIDiskState *s,
1671 uint64_t sector_num, uint32_t nb_sectors)
1672 {
1673 /*
1674 * The first line tests that no overflow happens when computing the last
1675 * sector. The second line tests that the last accessed sector is in
1676 * range.
1677 *
1678 * Careful, the computations should not underflow for nb_sectors == 0,
1679 * and a 0-block read to the first LBA beyond the end of device is
1680 * valid.
1681 */
1682 return (sector_num <= sector_num + nb_sectors &&
1683 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1684 }
1685
1686 typedef struct UnmapCBData {
1687 SCSIDiskReq *r;
1688 uint8_t *inbuf;
1689 int count;
1690 } UnmapCBData;
1691
1692 static void scsi_unmap_complete(void *opaque, int ret);
1693
1694 static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
1695 {
1696 SCSIDiskReq *r = data->r;
1697 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1698
1699 assert(r->req.aiocb == NULL);
1700
1701 if (data->count > 0) {
1702 uint64_t sector_num = ldq_be_p(&data->inbuf[0]);
1703 uint32_t nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1704 r->sector = sector_num * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1705 r->sector_count = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1706
1707 if (!check_lba_range(s, sector_num, nb_sectors)) {
1708 block_acct_invalid(blk_get_stats(s->qdev.conf.blk),
1709 BLOCK_ACCT_UNMAP);
1710 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1711 goto done;
1712 }
1713
1714 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1715 r->sector_count * BDRV_SECTOR_SIZE,
1716 BLOCK_ACCT_UNMAP);
1717
1718 r->req.aiocb = blk_aio_pdiscard(s->qdev.conf.blk,
1719 r->sector * BDRV_SECTOR_SIZE,
1720 r->sector_count * BDRV_SECTOR_SIZE,
1721 scsi_unmap_complete, data);
1722 data->count--;
1723 data->inbuf += 16;
1724 return;
1725 }
1726
1727 scsi_req_complete(&r->req, GOOD);
1728
1729 done:
1730 scsi_req_unref(&r->req);
1731 g_free(data);
1732 }
1733
1734 static void scsi_unmap_complete(void *opaque, int ret)
1735 {
1736 UnmapCBData *data = opaque;
1737 SCSIDiskReq *r = data->r;
1738 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1739
1740 assert(r->req.aiocb != NULL);
1741 r->req.aiocb = NULL;
1742
1743 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1744 if (scsi_disk_req_check_error(r, ret, true)) {
1745 scsi_req_unref(&r->req);
1746 g_free(data);
1747 } else {
1748 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1749 scsi_unmap_complete_noio(data, ret);
1750 }
1751 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1752 }
1753
1754 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1755 {
1756 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1757 uint8_t *p = inbuf;
1758 int len = r->req.cmd.xfer;
1759 UnmapCBData *data;
1760
1761 /* Reject ANCHOR=1. */
1762 if (r->req.cmd.buf[1] & 0x1) {
1763 goto invalid_field;
1764 }
1765
1766 if (len < 8) {
1767 goto invalid_param_len;
1768 }
1769 if (len < lduw_be_p(&p[0]) + 2) {
1770 goto invalid_param_len;
1771 }
1772 if (len < lduw_be_p(&p[2]) + 8) {
1773 goto invalid_param_len;
1774 }
1775 if (lduw_be_p(&p[2]) & 15) {
1776 goto invalid_param_len;
1777 }
1778
1779 if (!blk_is_writable(s->qdev.conf.blk)) {
1780 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1781 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1782 return;
1783 }
1784
1785 data = g_new0(UnmapCBData, 1);
1786 data->r = r;
1787 data->inbuf = &p[8];
1788 data->count = lduw_be_p(&p[2]) >> 4;
1789
1790 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1791 scsi_req_ref(&r->req);
1792 scsi_unmap_complete_noio(data, 0);
1793 return;
1794
1795 invalid_param_len:
1796 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1797 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1798 return;
1799
1800 invalid_field:
1801 block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP);
1802 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1803 }
1804
1805 typedef struct WriteSameCBData {
1806 SCSIDiskReq *r;
1807 int64_t sector;
1808 int nb_sectors;
1809 QEMUIOVector qiov;
1810 struct iovec iov;
1811 } WriteSameCBData;
1812
1813 static void scsi_write_same_complete(void *opaque, int ret)
1814 {
1815 WriteSameCBData *data = opaque;
1816 SCSIDiskReq *r = data->r;
1817 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1818
1819 assert(r->req.aiocb != NULL);
1820 r->req.aiocb = NULL;
1821 aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk));
1822 if (scsi_disk_req_check_error(r, ret, true)) {
1823 goto done;
1824 }
1825
1826 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1827
1828 data->nb_sectors -= data->iov.iov_len / BDRV_SECTOR_SIZE;
1829 data->sector += data->iov.iov_len / BDRV_SECTOR_SIZE;
1830 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1831 data->iov.iov_len);
1832 if (data->iov.iov_len) {
1833 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1834 data->iov.iov_len, BLOCK_ACCT_WRITE);
1835 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1836 * where final qiov may need smaller size */
1837 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1838 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1839 data->sector << BDRV_SECTOR_BITS,
1840 &data->qiov, 0,
1841 scsi_write_same_complete, data);
1842 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1843 return;
1844 }
1845
1846 scsi_req_complete(&r->req, GOOD);
1847
1848 done:
1849 scsi_req_unref(&r->req);
1850 qemu_vfree(data->iov.iov_base);
1851 g_free(data);
1852 aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
1853 }
1854
1855 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1856 {
1857 SCSIRequest *req = &r->req;
1858 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1859 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
1860 WriteSameCBData *data;
1861 uint8_t *buf;
1862 int i, l;
1863
1864 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1865 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1866 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1867 return;
1868 }
1869
1870 if (!blk_is_writable(s->qdev.conf.blk)) {
1871 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1872 return;
1873 }
1874 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1875 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1876 return;
1877 }
1878
1879 if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
1880 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1881
1882 /* The request is used as the AIO opaque value, so add a ref. */
1883 scsi_req_ref(&r->req);
1884 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1885 nb_sectors * s->qdev.blocksize,
1886 BLOCK_ACCT_WRITE);
1887 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
1888 r->req.cmd.lba * s->qdev.blocksize,
1889 nb_sectors * s->qdev.blocksize,
1890 flags, scsi_aio_complete, r);
1891 return;
1892 }
1893
1894 data = g_new0(WriteSameCBData, 1);
1895 data->r = r;
1896 data->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1897 data->nb_sectors = nb_sectors * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
1898 data->iov.iov_len = MIN(data->nb_sectors * BDRV_SECTOR_SIZE,
1899 SCSI_WRITE_SAME_MAX);
1900 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1901 data->iov.iov_len);
1902 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1903
1904 for (i = 0; i < data->iov.iov_len; i += l) {
1905 l = MIN(s->qdev.blocksize, data->iov.iov_len - i);
1906 memcpy(&buf[i], inbuf, l);
1907 }
1908
1909 scsi_req_ref(&r->req);
1910 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
1911 data->iov.iov_len, BLOCK_ACCT_WRITE);
1912 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1913 data->sector << BDRV_SECTOR_BITS,
1914 &data->qiov, 0,
1915 scsi_write_same_complete, data);
1916 }
1917
1918 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1919 {
1920 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1921
1922 if (r->iov.iov_len) {
1923 int buflen = r->iov.iov_len;
1924 trace_scsi_disk_emulate_write_data(buflen);
1925 r->iov.iov_len = 0;
1926 scsi_req_data(&r->req, buflen);
1927 return;
1928 }
1929
1930 switch (req->cmd.buf[0]) {
1931 case MODE_SELECT:
1932 case MODE_SELECT_10:
1933 /* This also clears the sense buffer for REQUEST SENSE. */
1934 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1935 break;
1936
1937 case UNMAP:
1938 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1939 break;
1940
1941 case VERIFY_10:
1942 case VERIFY_12:
1943 case VERIFY_16:
1944 if (r->req.status == -1) {
1945 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1946 }
1947 break;
1948
1949 case WRITE_SAME_10:
1950 case WRITE_SAME_16:
1951 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1952 break;
1953
1954 default:
1955 abort();
1956 }
1957 }
1958
1959 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1960 {
1961 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1962 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1963 uint64_t nb_sectors;
1964 uint8_t *outbuf;
1965 int buflen;
1966
1967 switch (req->cmd.buf[0]) {
1968 case INQUIRY:
1969 case MODE_SENSE:
1970 case MODE_SENSE_10:
1971 case RESERVE:
1972 case RESERVE_10:
1973 case RELEASE:
1974 case RELEASE_10:
1975 case START_STOP:
1976 case ALLOW_MEDIUM_REMOVAL:
1977 case GET_CONFIGURATION:
1978 case GET_EVENT_STATUS_NOTIFICATION:
1979 case MECHANISM_STATUS:
1980 case REQUEST_SENSE:
1981 break;
1982
1983 default:
1984 if (!blk_is_available(s->qdev.conf.blk)) {
1985 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1986 return 0;
1987 }
1988 break;
1989 }
1990
1991 /*
1992 * FIXME: we shouldn't return anything bigger than 4k, but the code
1993 * requires the buffer to be as big as req->cmd.xfer in several
1994 * places. So, do not allow CDBs with a very large ALLOCATION
1995 * LENGTH. The real fix would be to modify scsi_read_data and
1996 * dma_buf_read, so that they return data beyond the buflen
1997 * as all zeros.
1998 */
1999 if (req->cmd.xfer > 65536) {
2000 goto illegal_request;
2001 }
2002 r->buflen = MAX(4096, req->cmd.xfer);
2003
2004 if (!r->iov.iov_base) {
2005 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
2006 }
2007
2008 outbuf = r->iov.iov_base;
2009 memset(outbuf, 0, r->buflen);
2010 switch (req->cmd.buf[0]) {
2011 case TEST_UNIT_READY:
2012 assert(blk_is_available(s->qdev.conf.blk));
2013 break;
2014 case INQUIRY:
2015 buflen = scsi_disk_emulate_inquiry(req, outbuf);
2016 if (buflen < 0) {
2017 goto illegal_request;
2018 }
2019 break;
2020 case MODE_SENSE:
2021 case MODE_SENSE_10:
2022 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
2023 if (buflen < 0) {
2024 goto illegal_request;
2025 }
2026 break;
2027 case READ_TOC:
2028 buflen = scsi_disk_emulate_read_toc(req, outbuf);
2029 if (buflen < 0) {
2030 goto illegal_request;
2031 }
2032 break;
2033 case RESERVE:
2034 if (req->cmd.buf[1] & 1) {
2035 goto illegal_request;
2036 }
2037 break;
2038 case RESERVE_10:
2039 if (req->cmd.buf[1] & 3) {
2040 goto illegal_request;
2041 }
2042 break;
2043 case RELEASE:
2044 if (req->cmd.buf[1] & 1) {
2045 goto illegal_request;
2046 }
2047 break;
2048 case RELEASE_10:
2049 if (req->cmd.buf[1] & 3) {
2050 goto illegal_request;
2051 }
2052 break;
2053 case START_STOP:
2054 if (scsi_disk_emulate_start_stop(r) < 0) {
2055 return 0;
2056 }
2057 break;
2058 case ALLOW_MEDIUM_REMOVAL:
2059 s->tray_locked = req->cmd.buf[4] & 1;
2060 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
2061 break;
2062 case READ_CAPACITY_10:
2063 /* The normal LEN field for this command is zero. */
2064 memset(outbuf, 0, 8);
2065 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2066 if (!nb_sectors) {
2067 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2068 return 0;
2069 }
2070 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
2071 goto illegal_request;
2072 }
2073 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2074 /* Returned value is the address of the last sector. */
2075 nb_sectors--;
2076 /* Remember the new size for read/write sanity checking. */
2077 s->qdev.max_lba = nb_sectors;
2078 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
2079 if (nb_sectors > UINT32_MAX) {
2080 nb_sectors = UINT32_MAX;
2081 }
2082 outbuf[0] = (nb_sectors >> 24) & 0xff;
2083 outbuf[1] = (nb_sectors >> 16) & 0xff;
2084 outbuf[2] = (nb_sectors >> 8) & 0xff;
2085 outbuf[3] = nb_sectors & 0xff;
2086 outbuf[4] = 0;
2087 outbuf[5] = 0;
2088 outbuf[6] = s->qdev.blocksize >> 8;
2089 outbuf[7] = 0;
2090 break;
2091 case REQUEST_SENSE:
2092 /* Just return "NO SENSE". */
2093 buflen = scsi_convert_sense(NULL, 0, outbuf, r->buflen,
2094 (req->cmd.buf[1] & 1) == 0);
2095 if (buflen < 0) {
2096 goto illegal_request;
2097 }
2098 break;
2099 case MECHANISM_STATUS:
2100 buflen = scsi_emulate_mechanism_status(s, outbuf);
2101 if (buflen < 0) {
2102 goto illegal_request;
2103 }
2104 break;
2105 case GET_CONFIGURATION:
2106 buflen = scsi_get_configuration(s, outbuf);
2107 if (buflen < 0) {
2108 goto illegal_request;
2109 }
2110 break;
2111 case GET_EVENT_STATUS_NOTIFICATION:
2112 buflen = scsi_get_event_status_notification(s, r, outbuf);
2113 if (buflen < 0) {
2114 goto illegal_request;
2115 }
2116 break;
2117 case READ_DISC_INFORMATION:
2118 buflen = scsi_read_disc_information(s, r, outbuf);
2119 if (buflen < 0) {
2120 goto illegal_request;
2121 }
2122 break;
2123 case READ_DVD_STRUCTURE:
2124 buflen = scsi_read_dvd_structure(s, r, outbuf);
2125 if (buflen < 0) {
2126 goto illegal_request;
2127 }
2128 break;
2129 case SERVICE_ACTION_IN_16:
2130 /* Service Action In subcommands. */
2131 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
2132 trace_scsi_disk_emulate_command_SAI_16();
2133 memset(outbuf, 0, req->cmd.xfer);
2134 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2135 if (!nb_sectors) {
2136 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
2137 return 0;
2138 }
2139 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2140 goto illegal_request;
2141 }
2142 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2143 /* Returned value is the address of the last sector. */
2144 nb_sectors--;
2145 /* Remember the new size for read/write sanity checking. */
2146 s->qdev.max_lba = nb_sectors;
2147 outbuf[0] = (nb_sectors >> 56) & 0xff;
2148 outbuf[1] = (nb_sectors >> 48) & 0xff;
2149 outbuf[2] = (nb_sectors >> 40) & 0xff;
2150 outbuf[3] = (nb_sectors >> 32) & 0xff;
2151 outbuf[4] = (nb_sectors >> 24) & 0xff;
2152 outbuf[5] = (nb_sectors >> 16) & 0xff;
2153 outbuf[6] = (nb_sectors >> 8) & 0xff;
2154 outbuf[7] = nb_sectors & 0xff;
2155 outbuf[8] = 0;
2156 outbuf[9] = 0;
2157 outbuf[10] = s->qdev.blocksize >> 8;
2158 outbuf[11] = 0;
2159 outbuf[12] = 0;
2160 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
2161
2162 /* set TPE bit if the format supports discard */
2163 if (s->qdev.conf.discard_granularity) {
2164 outbuf[14] = 0x80;
2165 }
2166
2167 /* Protection, exponent and lowest lba field left blank. */
2168 break;
2169 }
2170 trace_scsi_disk_emulate_command_SAI_unsupported();
2171 goto illegal_request;
2172 case SYNCHRONIZE_CACHE:
2173 /* The request is used as the AIO opaque value, so add a ref. */
2174 scsi_req_ref(&r->req);
2175 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
2176 BLOCK_ACCT_FLUSH);
2177 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
2178 return 0;
2179 case SEEK_10:
2180 trace_scsi_disk_emulate_command_SEEK_10(r->req.cmd.lba);
2181 if (r->req.cmd.lba > s->qdev.max_lba) {
2182 goto illegal_lba;
2183 }
2184 break;
2185 case MODE_SELECT:
2186 trace_scsi_disk_emulate_command_MODE_SELECT(r->req.cmd.xfer);
2187 break;
2188 case MODE_SELECT_10:
2189 trace_scsi_disk_emulate_command_MODE_SELECT_10(r->req.cmd.xfer);
2190 break;
2191 case UNMAP:
2192 trace_scsi_disk_emulate_command_UNMAP(r->req.cmd.xfer);
2193 break;
2194 case VERIFY_10:
2195 case VERIFY_12:
2196 case VERIFY_16:
2197 trace_scsi_disk_emulate_command_VERIFY((req->cmd.buf[1] >> 1) & 3);
2198 if (req->cmd.buf[1] & 6) {
2199 goto illegal_request;
2200 }
2201 break;
2202 case WRITE_SAME_10:
2203 case WRITE_SAME_16:
2204 trace_scsi_disk_emulate_command_WRITE_SAME(
2205 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16, r->req.cmd.xfer);
2206 break;
2207 case FORMAT_UNIT:
2208 trace_scsi_disk_emulate_command_FORMAT_UNIT(r->req.cmd.xfer);
2209 break;
2210 default:
2211 trace_scsi_disk_emulate_command_UNKNOWN(buf[0],
2212 scsi_command_name(buf[0]));
2213 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2214 return 0;
2215 }
2216 assert(!r->req.aiocb);
2217 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2218 if (r->iov.iov_len == 0) {
2219 scsi_req_complete(&r->req, GOOD);
2220 }
2221 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2222 assert(r->iov.iov_len == req->cmd.xfer);
2223 return -r->iov.iov_len;
2224 } else {
2225 return r->iov.iov_len;
2226 }
2227
2228 illegal_request:
2229 if (r->req.status == -1) {
2230 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2231 }
2232 return 0;
2233
2234 illegal_lba:
2235 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2236 return 0;
2237 }
2238
2239 /* Execute a scsi command. Returns the length of the data expected by the
2240 command. This will be Positive for data transfers from the device
2241 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2242 and zero if the command does not transfer any data. */
2243
2244 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2245 {
2246 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2247 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2248 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
2249 uint32_t len;
2250 uint8_t command;
2251
2252 command = buf[0];
2253
2254 if (!blk_is_available(s->qdev.conf.blk)) {
2255 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2256 return 0;
2257 }
2258
2259 len = scsi_data_cdb_xfer(r->req.cmd.buf);
2260 switch (command) {
2261 case READ_6:
2262 case READ_10:
2263 case READ_12:
2264 case READ_16:
2265 trace_scsi_disk_dma_command_READ(r->req.cmd.lba, len);
2266 /* Protection information is not supported. For SCSI versions 2 and
2267 * older (as determined by snooping the guest's INQUIRY commands),
2268 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
2269 */
2270 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2271 goto illegal_request;
2272 }
2273 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2274 goto illegal_lba;
2275 }
2276 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2277 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2278 break;
2279 case WRITE_6:
2280 case WRITE_10:
2281 case WRITE_12:
2282 case WRITE_16:
2283 case WRITE_VERIFY_10:
2284 case WRITE_VERIFY_12:
2285 case WRITE_VERIFY_16:
2286 if (!blk_is_writable(s->qdev.conf.blk)) {
2287 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2288 return 0;
2289 }
2290 trace_scsi_disk_dma_command_WRITE(
2291 (command & 0xe) == 0xe ? "And Verify " : "",
2292 r->req.cmd.lba, len);
2293 /* fall through */
2294 case VERIFY_10:
2295 case VERIFY_12:
2296 case VERIFY_16:
2297 /* We get here only for BYTCHK == 0x01 and only for scsi-block.
2298 * As far as DMA is concerned, we can treat it the same as a write;
2299 * scsi_block_do_sgio will send VERIFY commands.
2300 */
2301 if (s->qdev.scsi_version > 2 && (r->req.cmd.buf[1] & 0xe0)) {
2302 goto illegal_request;
2303 }
2304 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2305 goto illegal_lba;
2306 }
2307 r->sector = r->req.cmd.lba * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2308 r->sector_count = len * (s->qdev.blocksize / BDRV_SECTOR_SIZE);
2309 break;
2310 default:
2311 abort();
2312 illegal_request:
2313 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2314 return 0;
2315 illegal_lba:
2316 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2317 return 0;
2318 }
2319 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
2320 if (r->sector_count == 0) {
2321 scsi_req_complete(&r->req, GOOD);
2322 }
2323 assert(r->iov.iov_len == 0);
2324 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2325 return -r->sector_count * BDRV_SECTOR_SIZE;
2326 } else {
2327 return r->sector_count * BDRV_SECTOR_SIZE;
2328 }
2329 }
2330
2331 static void scsi_disk_reset(DeviceState *dev)
2332 {
2333 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2334 uint64_t nb_sectors;
2335 AioContext *ctx;
2336
2337 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2338
2339 ctx = blk_get_aio_context(s->qdev.conf.blk);
2340 aio_context_acquire(ctx);
2341 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
2342 aio_context_release(ctx);
2343
2344 nb_sectors /= s->qdev.blocksize / BDRV_SECTOR_SIZE;
2345 if (nb_sectors) {
2346 nb_sectors--;
2347 }
2348 s->qdev.max_lba = nb_sectors;
2349 /* reset tray statuses */
2350 s->tray_locked = 0;
2351 s->tray_open = 0;
2352
2353 s->qdev.scsi_version = s->qdev.default_scsi_version;
2354 }
2355
2356 static void scsi_disk_resize_cb(void *opaque)
2357 {
2358 SCSIDiskState *s = opaque;
2359
2360 /* SPC lists this sense code as available only for
2361 * direct-access devices.
2362 */
2363 if (s->qdev.type == TYPE_DISK) {
2364 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2365 }
2366 }
2367
2368 static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
2369 {
2370 SCSIDiskState *s = opaque;
2371
2372 /*
2373 * When a CD gets changed, we have to report an ejected state and
2374 * then a loaded state to guests so that they detect tray
2375 * open/close and media change events. Guests that do not use
2376 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2377 * states rely on this behavior.
2378 *
2379 * media_changed governs the state machine used for unit attention
2380 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2381 */
2382 s->media_changed = load;
2383 s->tray_open = !load;
2384 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2385 s->media_event = true;
2386 s->eject_request = false;
2387 }
2388
2389 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2390 {
2391 SCSIDiskState *s = opaque;
2392
2393 s->eject_request = true;
2394 if (force) {
2395 s->tray_locked = false;
2396 }
2397 }
2398
2399 static bool scsi_cd_is_tray_open(void *opaque)
2400 {
2401 return ((SCSIDiskState *)opaque)->tray_open;
2402 }
2403
2404 static bool scsi_cd_is_medium_locked(void *opaque)
2405 {
2406 return ((SCSIDiskState *)opaque)->tray_locked;
2407 }
2408
2409 static const BlockDevOps scsi_disk_removable_block_ops = {
2410 .change_media_cb = scsi_cd_change_media_cb,
2411 .eject_request_cb = scsi_cd_eject_request_cb,
2412 .is_tray_open = scsi_cd_is_tray_open,
2413 .is_medium_locked = scsi_cd_is_medium_locked,
2414
2415 .resize_cb = scsi_disk_resize_cb,
2416 };
2417
2418 static const BlockDevOps scsi_disk_block_ops = {
2419 .resize_cb = scsi_disk_resize_cb,
2420 };
2421
2422 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2423 {
2424 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2425 if (s->media_changed) {
2426 s->media_changed = false;
2427 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2428 }
2429 }
2430
2431 static void scsi_realize(SCSIDevice *dev, Error **errp)
2432 {
2433 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2434 bool read_only;
2435
2436 if (!s->qdev.conf.blk) {
2437 error_setg(errp, "drive property not set");
2438 return;
2439 }
2440
2441 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2442 !blk_is_inserted(s->qdev.conf.blk)) {
2443 error_setg(errp, "Device needs media, but drive is empty");
2444 return;
2445 }
2446
2447 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2448 return;
2449 }
2450
2451 if (blk_get_aio_context(s->qdev.conf.blk) != qemu_get_aio_context() &&
2452 !s->qdev.hba_supports_iothread)
2453 {
2454 error_setg(errp, "HBA does not support iothreads");
2455 return;
2456 }
2457
2458 if (dev->type == TYPE_DISK) {
2459 if (!blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, errp)) {
2460 return;
2461 }
2462 }
2463
2464 read_only = !blk_supports_write_perm(s->qdev.conf.blk);
2465 if (dev->type == TYPE_ROM) {
2466 read_only = true;
2467 }
2468
2469 if (!blkconf_apply_backend_options(&dev->conf, read_only,
2470 dev->type == TYPE_DISK, errp)) {
2471 return;
2472 }
2473
2474 if (s->qdev.conf.discard_granularity == -1) {
2475 s->qdev.conf.discard_granularity =
2476 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2477 }
2478
2479 if (!s->version) {
2480 s->version = g_strdup(qemu_hw_version());
2481 }
2482 if (!s->vendor) {
2483 s->vendor = g_strdup("QEMU");
2484 }
2485 if (!s->device_id) {
2486 if (s->serial) {
2487 s->device_id = g_strdup_printf("%.20s", s->serial);
2488 } else {
2489 const char *str = blk_name(s->qdev.conf.blk);
2490 if (str && *str) {
2491 s->device_id = g_strdup(str);
2492 }
2493 }
2494 }
2495
2496 if (blk_is_sg(s->qdev.conf.blk)) {
2497 error_setg(errp, "unwanted /dev/sg*");
2498 return;
2499 }
2500
2501 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2502 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2503 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
2504 } else {
2505 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2506 }
2507
2508 blk_iostatus_enable(s->qdev.conf.blk);
2509
2510 add_boot_device_lchs(&dev->qdev, NULL,
2511 dev->conf.lcyls,
2512 dev->conf.lheads,
2513 dev->conf.lsecs);
2514 }
2515
2516 static void scsi_unrealize(SCSIDevice *dev)
2517 {
2518 del_boot_device_lchs(&dev->qdev, NULL);
2519 }
2520
2521 static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
2522 {
2523 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2524 AioContext *ctx = NULL;
2525 /* can happen for devices without drive. The error message for missing
2526 * backend will be issued in scsi_realize
2527 */
2528 if (s->qdev.conf.blk) {
2529 ctx = blk_get_aio_context(s->qdev.conf.blk);
2530 aio_context_acquire(ctx);
2531 if (!blkconf_blocksizes(&s->qdev.conf, errp)) {
2532 goto out;
2533 }
2534 }
2535 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2536 s->qdev.type = TYPE_DISK;
2537 if (!s->product) {
2538 s->product = g_strdup("QEMU HARDDISK");
2539 }
2540 scsi_realize(&s->qdev, errp);
2541 out:
2542 if (ctx) {
2543 aio_context_release(ctx);
2544 }
2545 }
2546
2547 static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
2548 {
2549 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2550 AioContext *ctx;
2551 int ret;
2552 uint32_t blocksize = 2048;
2553
2554 if (!dev->conf.blk) {
2555 /* Anonymous BlockBackend for an empty drive. As we put it into
2556 * dev->conf, qdev takes care of detaching on unplug. */
2557 dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
2558 ret = blk_attach_dev(dev->conf.blk, &dev->qdev);
2559 assert(ret == 0);
2560 }
2561
2562 if (dev->conf.physical_block_size != 0) {
2563 blocksize = dev->conf.physical_block_size;
2564 }
2565
2566 ctx = blk_get_aio_context(dev->conf.blk);
2567 aio_context_acquire(ctx);
2568 s->qdev.blocksize = blocksize;
2569 s->qdev.type = TYPE_ROM;
2570 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2571 if (!s->product) {
2572 s->product = g_strdup("QEMU CD-ROM");
2573 }
2574 scsi_realize(&s->qdev, errp);
2575 aio_context_release(ctx);
2576 }
2577
2578
2579 static const SCSIReqOps scsi_disk_emulate_reqops = {
2580 .size = sizeof(SCSIDiskReq),
2581 .free_req = scsi_free_request,
2582 .send_command = scsi_disk_emulate_command,
2583 .read_data = scsi_disk_emulate_read_data,
2584 .write_data = scsi_disk_emulate_write_data,
2585 .get_buf = scsi_get_buf,
2586 };
2587
2588 static const SCSIReqOps scsi_disk_dma_reqops = {
2589 .size = sizeof(SCSIDiskReq),
2590 .free_req = scsi_free_request,
2591 .send_command = scsi_disk_dma_command,
2592 .read_data = scsi_read_data,
2593 .write_data = scsi_write_data,
2594 .get_buf = scsi_get_buf,
2595 .load_request = scsi_disk_load_request,
2596 .save_request = scsi_disk_save_request,
2597 };
2598
2599 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2600 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2601 [INQUIRY] = &scsi_disk_emulate_reqops,
2602 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2603 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2604 [START_STOP] = &scsi_disk_emulate_reqops,
2605 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2606 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2607 [READ_TOC] = &scsi_disk_emulate_reqops,
2608 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2609 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2610 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2611 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2612 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2613 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2614 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2615 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2616 [SEEK_10] = &scsi_disk_emulate_reqops,
2617 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2618 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2619 [UNMAP] = &scsi_disk_emulate_reqops,
2620 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2621 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2622 [VERIFY_10] = &scsi_disk_emulate_reqops,
2623 [VERIFY_12] = &scsi_disk_emulate_reqops,
2624 [VERIFY_16] = &scsi_disk_emulate_reqops,
2625 [FORMAT_UNIT] = &scsi_disk_emulate_reqops,
2626
2627 [READ_6] = &scsi_disk_dma_reqops,
2628 [READ_10] = &scsi_disk_dma_reqops,
2629 [READ_12] = &scsi_disk_dma_reqops,
2630 [READ_16] = &scsi_disk_dma_reqops,
2631 [WRITE_6] = &scsi_disk_dma_reqops,
2632 [WRITE_10] = &scsi_disk_dma_reqops,
2633 [WRITE_12] = &scsi_disk_dma_reqops,
2634 [WRITE_16] = &scsi_disk_dma_reqops,
2635 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2636 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2637 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2638 };
2639
2640 static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
2641 {
2642 int i;
2643 int len = scsi_cdb_length(buf);
2644 char *line_buffer, *p;
2645
2646 assert(len > 0 && len <= 16);
2647 line_buffer = g_malloc(len * 5 + 1);
2648
2649 for (i = 0, p = line_buffer; i < len; i++) {
2650 p += sprintf(p, " 0x%02x", buf[i]);
2651 }
2652 trace_scsi_disk_new_request(lun, tag, line_buffer);
2653
2654 g_free(line_buffer);
2655 }
2656
2657 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2658 uint8_t *buf, void *hba_private)
2659 {
2660 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2661 SCSIRequest *req;
2662 const SCSIReqOps *ops;
2663 uint8_t command;
2664
2665 command = buf[0];
2666 ops = scsi_disk_reqops_dispatch[command];
2667 if (!ops) {
2668 ops = &scsi_disk_emulate_reqops;
2669 }
2670 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2671
2672 if (trace_event_get_state_backends(TRACE_SCSI_DISK_NEW_REQUEST)) {
2673 scsi_disk_new_request_dump(lun, tag, buf);
2674 }
2675
2676 return req;
2677 }
2678
2679 #ifdef __linux__
2680 static int get_device_type(SCSIDiskState *s)
2681 {
2682 uint8_t cmd[16];
2683 uint8_t buf[36];
2684 int ret;
2685
2686 memset(cmd, 0, sizeof(cmd));
2687 memset(buf, 0, sizeof(buf));
2688 cmd[0] = INQUIRY;
2689 cmd[4] = sizeof(buf);
2690
2691 ret = scsi_SG_IO_FROM_DEV(s->qdev.conf.blk, cmd, sizeof(cmd),
2692 buf, sizeof(buf), s->qdev.io_timeout);
2693 if (ret < 0) {
2694 return -1;
2695 }
2696 s->qdev.type = buf[0];
2697 if (buf[1] & 0x80) {
2698 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2699 }
2700 return 0;
2701 }
2702
2703 static void scsi_block_realize(SCSIDevice *dev, Error **errp)
2704 {
2705 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2706 AioContext *ctx;
2707 int sg_version;
2708 int rc;
2709
2710 if (!s->qdev.conf.blk) {
2711 error_setg(errp, "drive property not set");
2712 return;
2713 }
2714
2715 if (s->rotation_rate) {
2716 error_report_once("rotation_rate is specified for scsi-block but is "
2717 "not implemented. This option is deprecated and will "
2718 "be removed in a future version");
2719 }
2720
2721 ctx = blk_get_aio_context(s->qdev.conf.blk);
2722 aio_context_acquire(ctx);
2723
2724 /* check we are using a driver managing SG_IO (version 3 and after) */
2725 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
2726 if (rc < 0) {
2727 error_setg_errno(errp, -rc, "cannot get SG_IO version number");
2728 if (rc != -EPERM) {
2729 error_append_hint(errp, "Is this a SCSI device?\n");
2730 }
2731 goto out;
2732 }
2733 if (sg_version < 30000) {
2734 error_setg(errp, "scsi generic interface too old");
2735 goto out;
2736 }
2737
2738 /* get device type from INQUIRY data */
2739 rc = get_device_type(s);
2740 if (rc < 0) {
2741 error_setg(errp, "INQUIRY failed");
2742 goto out;
2743 }
2744
2745 /* Make a guess for the block size, we'll fix it when the guest sends.
2746 * READ CAPACITY. If they don't, they likely would assume these sizes
2747 * anyway. (TODO: check in /sys).
2748 */
2749 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2750 s->qdev.blocksize = 2048;
2751 } else {
2752 s->qdev.blocksize = 512;
2753 }
2754
2755 /* Makes the scsi-block device not removable by using HMP and QMP eject
2756 * command.
2757 */
2758 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2759
2760 scsi_realize(&s->qdev, errp);
2761 scsi_generic_read_device_inquiry(&s->qdev);
2762
2763 out:
2764 aio_context_release(ctx);
2765 }
2766
2767 typedef struct SCSIBlockReq {
2768 SCSIDiskReq req;
2769 sg_io_hdr_t io_header;
2770
2771 /* Selected bytes of the original CDB, copied into our own CDB. */
2772 uint8_t cmd, cdb1, group_number;
2773
2774 /* CDB passed to SG_IO. */
2775 uint8_t cdb[16];
2776 BlockCompletionFunc *cb;
2777 void *cb_opaque;
2778 } SCSIBlockReq;
2779
2780 static void scsi_block_sgio_complete(void *opaque, int ret)
2781 {
2782 SCSIBlockReq *req = (SCSIBlockReq *)opaque;
2783 SCSIDiskReq *r = &req->req;
2784 SCSIDevice *s = r->req.dev;
2785 sg_io_hdr_t *io_hdr = &req->io_header;
2786
2787 if (ret == 0) {
2788 if (io_hdr->host_status != SCSI_HOST_OK) {
2789 scsi_req_complete_failed(&r->req, io_hdr->host_status);
2790 scsi_req_unref(&r->req);
2791 return;
2792 }
2793
2794 if (io_hdr->driver_status & SG_ERR_DRIVER_TIMEOUT) {
2795 ret = BUSY;
2796 } else {
2797 ret = io_hdr->status;
2798 }
2799
2800 if (ret > 0) {
2801 aio_context_acquire(blk_get_aio_context(s->conf.blk));
2802 if (scsi_handle_rw_error(r, ret, true)) {
2803 aio_context_release(blk_get_aio_context(s->conf.blk));
2804 scsi_req_unref(&r->req);
2805 return;
2806 }
2807 aio_context_release(blk_get_aio_context(s->conf.blk));
2808
2809 /* Ignore error. */
2810 ret = 0;
2811 }
2812 }
2813
2814 req->cb(req->cb_opaque, ret);
2815 }
2816
2817 static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2818 int64_t offset, QEMUIOVector *iov,
2819 int direction,
2820 BlockCompletionFunc *cb, void *opaque)
2821 {
2822 sg_io_hdr_t *io_header = &req->io_header;
2823 SCSIDiskReq *r = &req->req;
2824 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2825 int nb_logical_blocks;
2826 uint64_t lba;
2827 BlockAIOCB *aiocb;
2828
2829 /* This is not supported yet. It can only happen if the guest does
2830 * reads and writes that are not aligned to one logical sectors
2831 * _and_ cover multiple MemoryRegions.
2832 */
2833 assert(offset % s->qdev.blocksize == 0);
2834 assert(iov->size % s->qdev.blocksize == 0);
2835
2836 io_header->interface_id = 'S';
2837
2838 /* The data transfer comes from the QEMUIOVector. */
2839 io_header->dxfer_direction = direction;
2840 io_header->dxfer_len = iov->size;
2841 io_header->dxferp = (void *)iov->iov;
2842 io_header->iovec_count = iov->niov;
2843 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2844
2845 /* Build a new CDB with the LBA and length patched in, in case
2846 * DMA helpers split the transfer in multiple segments. Do not
2847 * build a CDB smaller than what the guest wanted, and only build
2848 * a larger one if strictly necessary.
2849 */
2850 io_header->cmdp = req->cdb;
2851 lba = offset / s->qdev.blocksize;
2852 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2853
2854 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2855 /* 6-byte CDB */
2856 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2857 req->cdb[4] = nb_logical_blocks;
2858 req->cdb[5] = 0;
2859 io_header->cmd_len = 6;
2860 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2861 /* 10-byte CDB */
2862 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2863 req->cdb[1] = req->cdb1;
2864 stl_be_p(&req->cdb[2], lba);
2865 req->cdb[6] = req->group_number;
2866 stw_be_p(&req->cdb[7], nb_logical_blocks);
2867 req->cdb[9] = 0;
2868 io_header->cmd_len = 10;
2869 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2870 /* 12-byte CDB */
2871 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2872 req->cdb[1] = req->cdb1;
2873 stl_be_p(&req->cdb[2], lba);
2874 stl_be_p(&req->cdb[6], nb_logical_blocks);
2875 req->cdb[10] = req->group_number;
2876 req->cdb[11] = 0;
2877 io_header->cmd_len = 12;
2878 } else {
2879 /* 16-byte CDB */
2880 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2881 req->cdb[1] = req->cdb1;
2882 stq_be_p(&req->cdb[2], lba);
2883 stl_be_p(&req->cdb[10], nb_logical_blocks);
2884 req->cdb[14] = req->group_number;
2885 req->cdb[15] = 0;
2886 io_header->cmd_len = 16;
2887 }
2888
2889 /* The rest is as in scsi-generic.c. */
2890 io_header->mx_sb_len = sizeof(r->req.sense);
2891 io_header->sbp = r->req.sense;
2892 io_header->timeout = s->qdev.io_timeout * 1000;
2893 io_header->usr_ptr = r;
2894 io_header->flags |= SG_FLAG_DIRECT_IO;
2895 req->cb = cb;
2896 req->cb_opaque = opaque;
2897 trace_scsi_disk_aio_sgio_command(r->req.tag, req->cdb[0], lba,
2898 nb_logical_blocks, io_header->timeout);
2899 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, scsi_block_sgio_complete, req);
2900 assert(aiocb != NULL);
2901 return aiocb;
2902 }
2903
2904 static bool scsi_block_no_fua(SCSICommand *cmd)
2905 {
2906 return false;
2907 }
2908
2909 static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2910 QEMUIOVector *iov,
2911 BlockCompletionFunc *cb, void *cb_opaque,
2912 void *opaque)
2913 {
2914 SCSIBlockReq *r = opaque;
2915 return scsi_block_do_sgio(r, offset, iov,
2916 SG_DXFER_FROM_DEV, cb, cb_opaque);
2917 }
2918
2919 static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2920 QEMUIOVector *iov,
2921 BlockCompletionFunc *cb, void *cb_opaque,
2922 void *opaque)
2923 {
2924 SCSIBlockReq *r = opaque;
2925 return scsi_block_do_sgio(r, offset, iov,
2926 SG_DXFER_TO_DEV, cb, cb_opaque);
2927 }
2928
2929 static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
2930 {
2931 switch (buf[0]) {
2932 case VERIFY_10:
2933 case VERIFY_12:
2934 case VERIFY_16:
2935 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2936 * for the number of logical blocks specified in the length
2937 * field). For other modes, do not use scatter/gather operation.
2938 */
2939 if ((buf[1] & 6) == 2) {
2940 return false;
2941 }
2942 break;
2943
2944 case READ_6:
2945 case READ_10:
2946 case READ_12:
2947 case READ_16:
2948 case WRITE_6:
2949 case WRITE_10:
2950 case WRITE_12:
2951 case WRITE_16:
2952 case WRITE_VERIFY_10:
2953 case WRITE_VERIFY_12:
2954 case WRITE_VERIFY_16:
2955 /* MMC writing cannot be done via DMA helpers, because it sometimes
2956 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2957 * We might use scsi_block_dma_reqops as long as no writing commands are
2958 * seen, but performance usually isn't paramount on optical media. So,
2959 * just make scsi-block operate the same as scsi-generic for them.
2960 */
2961 if (s->qdev.type != TYPE_ROM) {
2962 return false;
2963 }
2964 break;
2965
2966 default:
2967 break;
2968 }
2969
2970 return true;
2971 }
2972
2973
2974 static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2975 {
2976 SCSIBlockReq *r = (SCSIBlockReq *)req;
2977 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2978
2979 r->cmd = req->cmd.buf[0];
2980 switch (r->cmd >> 5) {
2981 case 0:
2982 /* 6-byte CDB. */
2983 r->cdb1 = r->group_number = 0;
2984 break;
2985 case 1:
2986 /* 10-byte CDB. */
2987 r->cdb1 = req->cmd.buf[1];
2988 r->group_number = req->cmd.buf[6];
2989 break;
2990 case 4:
2991 /* 12-byte CDB. */
2992 r->cdb1 = req->cmd.buf[1];
2993 r->group_number = req->cmd.buf[10];
2994 break;
2995 case 5:
2996 /* 16-byte CDB. */
2997 r->cdb1 = req->cmd.buf[1];
2998 r->group_number = req->cmd.buf[14];
2999 break;
3000 default:
3001 abort();
3002 }
3003
3004 /* Protection information is not supported. For SCSI versions 2 and
3005 * older (as determined by snooping the guest's INQUIRY commands),
3006 * there is no RD/WR/VRPROTECT, so skip this check in these versions.
3007 */
3008 if (s->qdev.scsi_version > 2 && (req->cmd.buf[1] & 0xe0)) {
3009 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
3010 return 0;
3011 }
3012
3013 return scsi_disk_dma_command(req, buf);
3014 }
3015
3016 static const SCSIReqOps scsi_block_dma_reqops = {
3017 .size = sizeof(SCSIBlockReq),
3018 .free_req = scsi_free_request,
3019 .send_command = scsi_block_dma_command,
3020 .read_data = scsi_read_data,
3021 .write_data = scsi_write_data,
3022 .get_buf = scsi_get_buf,
3023 .load_request = scsi_disk_load_request,
3024 .save_request = scsi_disk_save_request,
3025 };
3026
3027 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
3028 uint32_t lun, uint8_t *buf,
3029 void *hba_private)
3030 {
3031 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3032
3033 if (scsi_block_is_passthrough(s, buf)) {
3034 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
3035 hba_private);
3036 } else {
3037 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
3038 hba_private);
3039 }
3040 }
3041
3042 static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
3043 uint8_t *buf, size_t buf_len,
3044 void *hba_private)
3045 {
3046 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
3047
3048 if (scsi_block_is_passthrough(s, buf)) {
3049 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, buf_len, hba_private);
3050 } else {
3051 return scsi_req_parse_cdb(&s->qdev, cmd, buf, buf_len);
3052 }
3053 }
3054
3055 static void scsi_block_update_sense(SCSIRequest *req)
3056 {
3057 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
3058 SCSIBlockReq *br = DO_UPCAST(SCSIBlockReq, req, r);
3059 r->req.sense_len = MIN(br->io_header.sb_len_wr, sizeof(r->req.sense));
3060 }
3061 #endif
3062
3063 static
3064 BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
3065 BlockCompletionFunc *cb, void *cb_opaque,
3066 void *opaque)
3067 {
3068 SCSIDiskReq *r = opaque;
3069 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3070 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3071 }
3072
3073 static
3074 BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
3075 BlockCompletionFunc *cb, void *cb_opaque,
3076 void *opaque)
3077 {
3078 SCSIDiskReq *r = opaque;
3079 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
3080 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
3081 }
3082
3083 static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
3084 {
3085 DeviceClass *dc = DEVICE_CLASS(klass);
3086 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3087
3088 dc->fw_name = "disk";
3089 dc->reset = scsi_disk_reset;
3090 sdc->dma_readv = scsi_dma_readv;
3091 sdc->dma_writev = scsi_dma_writev;
3092 sdc->need_fua_emulation = scsi_is_cmd_fua;
3093 }
3094
3095 static const TypeInfo scsi_disk_base_info = {
3096 .name = TYPE_SCSI_DISK_BASE,
3097 .parent = TYPE_SCSI_DEVICE,
3098 .class_init = scsi_disk_base_class_initfn,
3099 .instance_size = sizeof(SCSIDiskState),
3100 .class_size = sizeof(SCSIDiskClass),
3101 .abstract = true,
3102 };
3103
3104 #define DEFINE_SCSI_DISK_PROPERTIES() \
3105 DEFINE_PROP_DRIVE_IOTHREAD("drive", SCSIDiskState, qdev.conf.blk), \
3106 DEFINE_BLOCK_PROPERTIES_BASE(SCSIDiskState, qdev.conf), \
3107 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
3108 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
3109 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
3110 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
3111 DEFINE_PROP_STRING("product", SCSIDiskState, product), \
3112 DEFINE_PROP_STRING("device_id", SCSIDiskState, device_id)
3113
3114
3115 static Property scsi_hd_properties[] = {
3116 DEFINE_SCSI_DISK_PROPERTIES(),
3117 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
3118 SCSI_DISK_F_REMOVABLE, false),
3119 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
3120 SCSI_DISK_F_DPOFUA, false),
3121 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3122 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3123 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3124 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3125 DEFAULT_MAX_UNMAP_SIZE),
3126 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3127 DEFAULT_MAX_IO_SIZE),
3128 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3129 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3130 5),
3131 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3132 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3133 0),
3134 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
3135 DEFINE_PROP_END_OF_LIST(),
3136 };
3137
3138 static const VMStateDescription vmstate_scsi_disk_state = {
3139 .name = "scsi-disk",
3140 .version_id = 1,
3141 .minimum_version_id = 1,
3142 .fields = (VMStateField[]) {
3143 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
3144 VMSTATE_BOOL(media_changed, SCSIDiskState),
3145 VMSTATE_BOOL(media_event, SCSIDiskState),
3146 VMSTATE_BOOL(eject_request, SCSIDiskState),
3147 VMSTATE_BOOL(tray_open, SCSIDiskState),
3148 VMSTATE_BOOL(tray_locked, SCSIDiskState),
3149 VMSTATE_END_OF_LIST()
3150 }
3151 };
3152
3153 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
3154 {
3155 DeviceClass *dc = DEVICE_CLASS(klass);
3156 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3157
3158 sc->realize = scsi_hd_realize;
3159 sc->unrealize = scsi_unrealize;
3160 sc->alloc_req = scsi_new_request;
3161 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3162 dc->desc = "virtual SCSI disk";
3163 device_class_set_props(dc, scsi_hd_properties);
3164 dc->vmsd = &vmstate_scsi_disk_state;
3165 }
3166
3167 static const TypeInfo scsi_hd_info = {
3168 .name = "scsi-hd",
3169 .parent = TYPE_SCSI_DISK_BASE,
3170 .class_init = scsi_hd_class_initfn,
3171 };
3172
3173 static Property scsi_cd_properties[] = {
3174 DEFINE_SCSI_DISK_PROPERTIES(),
3175 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
3176 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
3177 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
3178 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3179 DEFAULT_MAX_IO_SIZE),
3180 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3181 5),
3182 DEFINE_PROP_BIT("quirk_mode_page_apple_vendor", SCSIDiskState, quirks,
3183 SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR, 0),
3184 DEFINE_PROP_BIT("quirk_mode_sense_rom_use_dbd", SCSIDiskState, quirks,
3185 SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD, 0),
3186 DEFINE_PROP_BIT("quirk_mode_page_vendor_specific_apple", SCSIDiskState,
3187 quirks, SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE,
3188 0),
3189 DEFINE_PROP_BIT("quirk_mode_page_truncated", SCSIDiskState, quirks,
3190 SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED, 0),
3191 DEFINE_PROP_END_OF_LIST(),
3192 };
3193
3194 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
3195 {
3196 DeviceClass *dc = DEVICE_CLASS(klass);
3197 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3198
3199 sc->realize = scsi_cd_realize;
3200 sc->alloc_req = scsi_new_request;
3201 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
3202 dc->desc = "virtual SCSI CD-ROM";
3203 device_class_set_props(dc, scsi_cd_properties);
3204 dc->vmsd = &vmstate_scsi_disk_state;
3205 }
3206
3207 static const TypeInfo scsi_cd_info = {
3208 .name = "scsi-cd",
3209 .parent = TYPE_SCSI_DISK_BASE,
3210 .class_init = scsi_cd_class_initfn,
3211 };
3212
3213 #ifdef __linux__
3214 static Property scsi_block_properties[] = {
3215 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),
3216 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
3217 DEFINE_PROP_BOOL("share-rw", SCSIDiskState, qdev.conf.share_rw, false),
3218 DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0),
3219 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
3220 DEFAULT_MAX_UNMAP_SIZE),
3221 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
3222 DEFAULT_MAX_IO_SIZE),
3223 DEFINE_PROP_INT32("scsi_version", SCSIDiskState, qdev.default_scsi_version,
3224 -1),
3225 DEFINE_PROP_UINT32("io_timeout", SCSIDiskState, qdev.io_timeout,
3226 DEFAULT_IO_TIMEOUT),
3227 DEFINE_PROP_END_OF_LIST(),
3228 };
3229
3230 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
3231 {
3232 DeviceClass *dc = DEVICE_CLASS(klass);
3233 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
3234 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
3235
3236 sc->realize = scsi_block_realize;
3237 sc->alloc_req = scsi_block_new_request;
3238 sc->parse_cdb = scsi_block_parse_cdb;
3239 sdc->dma_readv = scsi_block_dma_readv;
3240 sdc->dma_writev = scsi_block_dma_writev;
3241 sdc->update_sense = scsi_block_update_sense;
3242 sdc->need_fua_emulation = scsi_block_no_fua;
3243 dc->desc = "SCSI block device passthrough";
3244 device_class_set_props(dc, scsi_block_properties);
3245 dc->vmsd = &vmstate_scsi_disk_state;
3246 }
3247
3248 static const TypeInfo scsi_block_info = {
3249 .name = "scsi-block",
3250 .parent = TYPE_SCSI_DISK_BASE,
3251 .class_init = scsi_block_class_initfn,
3252 };
3253 #endif
3254
3255 static void scsi_disk_register_types(void)
3256 {
3257 type_register_static(&scsi_disk_base_info);
3258 type_register_static(&scsi_hd_info);
3259 type_register_static(&scsi_cd_info);
3260 #ifdef __linux__
3261 type_register_static(&scsi_block_info);
3262 #endif
3263 }
3264
3265 type_init(scsi_disk_register_types)
QEMU mirror