]> git.proxmox.com Git - mirror_qemu.git/blob - hw/scsi/scsi-disk.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/bonzini/scsi-next' into staging
[mirror_qemu.git] / hw / scsi / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu/error-report.h"
33 #include "hw/scsi/scsi.h"
34 #include "block/scsi.h"
35 #include "sysemu/sysemu.h"
36 #include "sysemu/blockdev.h"
37 #include "hw/block/block.h"
38 #include "sysemu/dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_WRITE_SAME_MAX 524288
45 #define SCSI_DMA_BUF_SIZE 131072
46 #define SCSI_MAX_INQUIRY_LEN 256
47 #define SCSI_MAX_MODE_LEN 256
48
49 #define DEFAULT_DISCARD_GRANULARITY 4096
50 #define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
51
52 typedef struct SCSIDiskState SCSIDiskState;
53
54 typedef struct SCSIDiskReq {
55 SCSIRequest req;
56 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
57 uint64_t sector;
58 uint32_t sector_count;
59 uint32_t buflen;
60 bool started;
61 struct iovec iov;
62 QEMUIOVector qiov;
63 BlockAcctCookie acct;
64 } SCSIDiskReq;
65
66 #define SCSI_DISK_F_REMOVABLE 0
67 #define SCSI_DISK_F_DPOFUA 1
68 #define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
69
70 struct SCSIDiskState
71 {
72 SCSIDevice qdev;
73 uint32_t features;
74 bool media_changed;
75 bool media_event;
76 bool eject_request;
77 uint64_t wwn;
78 uint64_t port_wwn;
79 uint16_t port_index;
80 uint64_t max_unmap_size;
81 QEMUBH *bh;
82 char *version;
83 char *serial;
84 char *vendor;
85 char *product;
86 bool tray_open;
87 bool tray_locked;
88 };
89
90 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
91
92 static void scsi_free_request(SCSIRequest *req)
93 {
94 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
95
96 qemu_vfree(r->iov.iov_base);
97 }
98
99 /* Helper function for command completion with sense. */
100 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
101 {
102 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
103 r->req.tag, sense.key, sense.asc, sense.ascq);
104 scsi_req_build_sense(&r->req, sense);
105 scsi_req_complete(&r->req, CHECK_CONDITION);
106 }
107
108 /* Cancel a pending data transfer. */
109 static void scsi_cancel_io(SCSIRequest *req)
110 {
111 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
112
113 DPRINTF("Cancel tag=0x%x\n", req->tag);
114 if (r->req.aiocb) {
115 bdrv_aio_cancel(r->req.aiocb);
116
117 /* This reference was left in by scsi_*_data. We take ownership of
118 * it the moment scsi_req_cancel is called, independent of whether
119 * bdrv_aio_cancel completes the request or not. */
120 scsi_req_unref(&r->req);
121 }
122 r->req.aiocb = NULL;
123 }
124
125 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
126 {
127 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
128
129 if (!r->iov.iov_base) {
130 r->buflen = size;
131 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
132 }
133 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
134 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
135 return r->qiov.size / 512;
136 }
137
138 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
139 {
140 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
141
142 qemu_put_be64s(f, &r->sector);
143 qemu_put_be32s(f, &r->sector_count);
144 qemu_put_be32s(f, &r->buflen);
145 if (r->buflen) {
146 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
147 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
148 } else if (!req->retry) {
149 uint32_t len = r->iov.iov_len;
150 qemu_put_be32s(f, &len);
151 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
152 }
153 }
154 }
155
156 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
157 {
158 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
159
160 qemu_get_be64s(f, &r->sector);
161 qemu_get_be32s(f, &r->sector_count);
162 qemu_get_be32s(f, &r->buflen);
163 if (r->buflen) {
164 scsi_init_iovec(r, r->buflen);
165 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
166 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
167 } else if (!r->req.retry) {
168 uint32_t len;
169 qemu_get_be32s(f, &len);
170 r->iov.iov_len = len;
171 assert(r->iov.iov_len <= r->buflen);
172 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
173 }
174 }
175
176 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
177 }
178
179 static void scsi_aio_complete(void *opaque, int ret)
180 {
181 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
183
184 assert(r->req.aiocb != NULL);
185 r->req.aiocb = NULL;
186 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
187 if (r->req.io_canceled) {
188 goto done;
189 }
190
191 if (ret < 0) {
192 if (scsi_handle_rw_error(r, -ret)) {
193 goto done;
194 }
195 }
196
197 scsi_req_complete(&r->req, GOOD);
198
199 done:
200 if (!r->req.io_canceled) {
201 scsi_req_unref(&r->req);
202 }
203 }
204
205 static bool scsi_is_cmd_fua(SCSICommand *cmd)
206 {
207 switch (cmd->buf[0]) {
208 case READ_10:
209 case READ_12:
210 case READ_16:
211 case WRITE_10:
212 case WRITE_12:
213 case WRITE_16:
214 return (cmd->buf[1] & 8) != 0;
215
216 case VERIFY_10:
217 case VERIFY_12:
218 case VERIFY_16:
219 case WRITE_VERIFY_10:
220 case WRITE_VERIFY_12:
221 case WRITE_VERIFY_16:
222 return true;
223
224 case READ_6:
225 case WRITE_6:
226 default:
227 return false;
228 }
229 }
230
231 static void scsi_write_do_fua(SCSIDiskReq *r)
232 {
233 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
234
235 if (r->req.io_canceled) {
236 goto done;
237 }
238
239 if (scsi_is_cmd_fua(&r->req.cmd)) {
240 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
241 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
242 return;
243 }
244
245 scsi_req_complete(&r->req, GOOD);
246
247 done:
248 if (!r->req.io_canceled) {
249 scsi_req_unref(&r->req);
250 }
251 }
252
253 static void scsi_dma_complete_noio(void *opaque, int ret)
254 {
255 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
257
258 if (r->req.aiocb != NULL) {
259 r->req.aiocb = NULL;
260 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
261 }
262 if (r->req.io_canceled) {
263 goto done;
264 }
265
266 if (ret < 0) {
267 if (scsi_handle_rw_error(r, -ret)) {
268 goto done;
269 }
270 }
271
272 r->sector += r->sector_count;
273 r->sector_count = 0;
274 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
275 scsi_write_do_fua(r);
276 return;
277 } else {
278 scsi_req_complete(&r->req, GOOD);
279 }
280
281 done:
282 if (!r->req.io_canceled) {
283 scsi_req_unref(&r->req);
284 }
285 }
286
287 static void scsi_dma_complete(void *opaque, int ret)
288 {
289 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
290
291 assert(r->req.aiocb != NULL);
292 scsi_dma_complete_noio(opaque, ret);
293 }
294
295 static void scsi_read_complete(void * opaque, int ret)
296 {
297 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
299 int n;
300
301 assert(r->req.aiocb != NULL);
302 r->req.aiocb = NULL;
303 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
304 if (r->req.io_canceled) {
305 goto done;
306 }
307
308 if (ret < 0) {
309 if (scsi_handle_rw_error(r, -ret)) {
310 goto done;
311 }
312 }
313
314 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
315
316 n = r->qiov.size / 512;
317 r->sector += n;
318 r->sector_count -= n;
319 scsi_req_data(&r->req, r->qiov.size);
320
321 done:
322 if (!r->req.io_canceled) {
323 scsi_req_unref(&r->req);
324 }
325 }
326
327 /* Actually issue a read to the block device. */
328 static void scsi_do_read(void *opaque, int ret)
329 {
330 SCSIDiskReq *r = opaque;
331 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
332 uint32_t n;
333
334 if (r->req.aiocb != NULL) {
335 r->req.aiocb = NULL;
336 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
337 }
338 if (r->req.io_canceled) {
339 goto done;
340 }
341
342 if (ret < 0) {
343 if (scsi_handle_rw_error(r, -ret)) {
344 goto done;
345 }
346 }
347
348 /* The request is used as the AIO opaque value, so add a ref. */
349 scsi_req_ref(&r->req);
350
351 if (r->req.sg) {
352 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
353 r->req.resid -= r->req.sg->size;
354 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
355 scsi_dma_complete, r);
356 } else {
357 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
358 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
359 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
360 scsi_read_complete, r);
361 }
362
363 done:
364 if (!r->req.io_canceled) {
365 scsi_req_unref(&r->req);
366 }
367 }
368
369 /* Read more data from scsi device into buffer. */
370 static void scsi_read_data(SCSIRequest *req)
371 {
372 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
373 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
374 bool first;
375
376 DPRINTF("Read sector_count=%d\n", r->sector_count);
377 if (r->sector_count == 0) {
378 /* This also clears the sense buffer for REQUEST SENSE. */
379 scsi_req_complete(&r->req, GOOD);
380 return;
381 }
382
383 /* No data transfer may already be in progress */
384 assert(r->req.aiocb == NULL);
385
386 /* The request is used as the AIO opaque value, so add a ref. */
387 scsi_req_ref(&r->req);
388 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
389 DPRINTF("Data transfer direction invalid\n");
390 scsi_read_complete(r, -EINVAL);
391 return;
392 }
393
394 if (s->tray_open) {
395 scsi_read_complete(r, -ENOMEDIUM);
396 return;
397 }
398
399 first = !r->started;
400 r->started = true;
401 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
402 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
403 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
404 } else {
405 scsi_do_read(r, 0);
406 }
407 }
408
409 /*
410 * scsi_handle_rw_error has two return values. 0 means that the error
411 * must be ignored, 1 means that the error has been processed and the
412 * caller should not do anything else for this request. Note that
413 * scsi_handle_rw_error always manages its reference counts, independent
414 * of the return value.
415 */
416 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
417 {
418 bool is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
419 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
420 BlockErrorAction action = bdrv_get_error_action(s->qdev.conf.bs, is_read, error);
421
422 if (action == BDRV_ACTION_REPORT) {
423 switch (error) {
424 case ENOMEDIUM:
425 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
426 break;
427 case ENOMEM:
428 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
429 break;
430 case EINVAL:
431 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
432 break;
433 case ENOSPC:
434 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
435 break;
436 default:
437 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
438 break;
439 }
440 }
441 bdrv_error_action(s->qdev.conf.bs, action, is_read, error);
442 if (action == BDRV_ACTION_STOP) {
443 scsi_req_retry(&r->req);
444 }
445 return action != BDRV_ACTION_IGNORE;
446 }
447
448 static void scsi_write_complete(void * opaque, int ret)
449 {
450 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
451 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
452 uint32_t n;
453
454 if (r->req.aiocb != NULL) {
455 r->req.aiocb = NULL;
456 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
457 }
458 if (r->req.io_canceled) {
459 goto done;
460 }
461
462 if (ret < 0) {
463 if (scsi_handle_rw_error(r, -ret)) {
464 goto done;
465 }
466 }
467
468 n = r->qiov.size / 512;
469 r->sector += n;
470 r->sector_count -= n;
471 if (r->sector_count == 0) {
472 scsi_write_do_fua(r);
473 return;
474 } else {
475 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
476 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
477 scsi_req_data(&r->req, r->qiov.size);
478 }
479
480 done:
481 if (!r->req.io_canceled) {
482 scsi_req_unref(&r->req);
483 }
484 }
485
486 static void scsi_write_data(SCSIRequest *req)
487 {
488 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
489 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
490 uint32_t n;
491
492 /* No data transfer may already be in progress */
493 assert(r->req.aiocb == NULL);
494
495 /* The request is used as the AIO opaque value, so add a ref. */
496 scsi_req_ref(&r->req);
497 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
498 DPRINTF("Data transfer direction invalid\n");
499 scsi_write_complete(r, -EINVAL);
500 return;
501 }
502
503 if (!r->req.sg && !r->qiov.size) {
504 /* Called for the first time. Ask the driver to send us more data. */
505 r->started = true;
506 scsi_write_complete(r, 0);
507 return;
508 }
509 if (s->tray_open) {
510 scsi_write_complete(r, -ENOMEDIUM);
511 return;
512 }
513
514 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
515 r->req.cmd.buf[0] == VERIFY_16) {
516 if (r->req.sg) {
517 scsi_dma_complete_noio(r, 0);
518 } else {
519 scsi_write_complete(r, 0);
520 }
521 return;
522 }
523
524 if (r->req.sg) {
525 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
526 r->req.resid -= r->req.sg->size;
527 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
528 scsi_dma_complete, r);
529 } else {
530 n = r->qiov.size / 512;
531 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
532 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
533 scsi_write_complete, r);
534 }
535 }
536
537 /* Return a pointer to the data buffer. */
538 static uint8_t *scsi_get_buf(SCSIRequest *req)
539 {
540 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
541
542 return (uint8_t *)r->iov.iov_base;
543 }
544
545 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
546 {
547 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
548 int buflen = 0;
549 int start;
550
551 if (req->cmd.buf[1] & 0x1) {
552 /* Vital product data */
553 uint8_t page_code = req->cmd.buf[2];
554
555 outbuf[buflen++] = s->qdev.type & 0x1f;
556 outbuf[buflen++] = page_code ; // this page
557 outbuf[buflen++] = 0x00;
558 outbuf[buflen++] = 0x00;
559 start = buflen;
560
561 switch (page_code) {
562 case 0x00: /* Supported page codes, mandatory */
563 {
564 DPRINTF("Inquiry EVPD[Supported pages] "
565 "buffer size %zd\n", req->cmd.xfer);
566 outbuf[buflen++] = 0x00; // list of supported pages (this page)
567 if (s->serial) {
568 outbuf[buflen++] = 0x80; // unit serial number
569 }
570 outbuf[buflen++] = 0x83; // device identification
571 if (s->qdev.type == TYPE_DISK) {
572 outbuf[buflen++] = 0xb0; // block limits
573 outbuf[buflen++] = 0xb2; // thin provisioning
574 }
575 break;
576 }
577 case 0x80: /* Device serial number, optional */
578 {
579 int l;
580
581 if (!s->serial) {
582 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
583 return -1;
584 }
585
586 l = strlen(s->serial);
587 if (l > 20) {
588 l = 20;
589 }
590
591 DPRINTF("Inquiry EVPD[Serial number] "
592 "buffer size %zd\n", req->cmd.xfer);
593 memcpy(outbuf+buflen, s->serial, l);
594 buflen += l;
595 break;
596 }
597
598 case 0x83: /* Device identification page, mandatory */
599 {
600 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
601 int max_len = s->serial ? 20 : 255 - 8;
602 int id_len = strlen(str);
603
604 if (id_len > max_len) {
605 id_len = max_len;
606 }
607 DPRINTF("Inquiry EVPD[Device identification] "
608 "buffer size %zd\n", req->cmd.xfer);
609
610 outbuf[buflen++] = 0x2; // ASCII
611 outbuf[buflen++] = 0; // not officially assigned
612 outbuf[buflen++] = 0; // reserved
613 outbuf[buflen++] = id_len; // length of data following
614 memcpy(outbuf+buflen, str, id_len);
615 buflen += id_len;
616
617 if (s->wwn) {
618 outbuf[buflen++] = 0x1; // Binary
619 outbuf[buflen++] = 0x3; // NAA
620 outbuf[buflen++] = 0; // reserved
621 outbuf[buflen++] = 8;
622 stq_be_p(&outbuf[buflen], s->wwn);
623 buflen += 8;
624 }
625
626 if (s->port_wwn) {
627 outbuf[buflen++] = 0x61; // SAS / Binary
628 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
629 outbuf[buflen++] = 0; // reserved
630 outbuf[buflen++] = 8;
631 stq_be_p(&outbuf[buflen], s->port_wwn);
632 buflen += 8;
633 }
634
635 if (s->port_index) {
636 outbuf[buflen++] = 0x61; // SAS / Binary
637 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
638 outbuf[buflen++] = 0; // reserved
639 outbuf[buflen++] = 4;
640 stw_be_p(&outbuf[buflen + 2], s->port_index);
641 buflen += 4;
642 }
643 break;
644 }
645 case 0xb0: /* block limits */
646 {
647 unsigned int unmap_sectors =
648 s->qdev.conf.discard_granularity / s->qdev.blocksize;
649 unsigned int min_io_size =
650 s->qdev.conf.min_io_size / s->qdev.blocksize;
651 unsigned int opt_io_size =
652 s->qdev.conf.opt_io_size / s->qdev.blocksize;
653 unsigned int max_unmap_sectors =
654 s->max_unmap_size / s->qdev.blocksize;
655
656 if (s->qdev.type == TYPE_ROM) {
657 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
658 page_code);
659 return -1;
660 }
661 /* required VPD size with unmap support */
662 buflen = 0x40;
663 memset(outbuf + 4, 0, buflen - 4);
664
665 outbuf[4] = 0x1; /* wsnz */
666
667 /* optimal transfer length granularity */
668 outbuf[6] = (min_io_size >> 8) & 0xff;
669 outbuf[7] = min_io_size & 0xff;
670
671 /* optimal transfer length */
672 outbuf[12] = (opt_io_size >> 24) & 0xff;
673 outbuf[13] = (opt_io_size >> 16) & 0xff;
674 outbuf[14] = (opt_io_size >> 8) & 0xff;
675 outbuf[15] = opt_io_size & 0xff;
676
677 /* max unmap LBA count, default is 1GB */
678 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
679 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
680 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
681 outbuf[23] = max_unmap_sectors & 0xff;
682
683 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
684 outbuf[24] = 0;
685 outbuf[25] = 0;
686 outbuf[26] = 0;
687 outbuf[27] = 255;
688
689 /* optimal unmap granularity */
690 outbuf[28] = (unmap_sectors >> 24) & 0xff;
691 outbuf[29] = (unmap_sectors >> 16) & 0xff;
692 outbuf[30] = (unmap_sectors >> 8) & 0xff;
693 outbuf[31] = unmap_sectors & 0xff;
694 break;
695 }
696 case 0xb2: /* thin provisioning */
697 {
698 buflen = 8;
699 outbuf[4] = 0;
700 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
701 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
702 outbuf[7] = 0;
703 break;
704 }
705 default:
706 return -1;
707 }
708 /* done with EVPD */
709 assert(buflen - start <= 255);
710 outbuf[start - 1] = buflen - start;
711 return buflen;
712 }
713
714 /* Standard INQUIRY data */
715 if (req->cmd.buf[2] != 0) {
716 return -1;
717 }
718
719 /* PAGE CODE == 0 */
720 buflen = req->cmd.xfer;
721 if (buflen > SCSI_MAX_INQUIRY_LEN) {
722 buflen = SCSI_MAX_INQUIRY_LEN;
723 }
724
725 outbuf[0] = s->qdev.type & 0x1f;
726 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
727
728 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
729 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
730
731 memset(&outbuf[32], 0, 4);
732 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
733 /*
734 * We claim conformance to SPC-3, which is required for guests
735 * to ask for modern features like READ CAPACITY(16) or the
736 * block characteristics VPD page by default. Not all of SPC-3
737 * is actually implemented, but we're good enough.
738 */
739 outbuf[2] = 5;
740 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
741
742 if (buflen > 36) {
743 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
744 } else {
745 /* If the allocation length of CDB is too small,
746 the additional length is not adjusted */
747 outbuf[4] = 36 - 5;
748 }
749
750 /* Sync data transfer and TCQ. */
751 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
752 return buflen;
753 }
754
755 static inline bool media_is_dvd(SCSIDiskState *s)
756 {
757 uint64_t nb_sectors;
758 if (s->qdev.type != TYPE_ROM) {
759 return false;
760 }
761 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
762 return false;
763 }
764 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
765 return nb_sectors > CD_MAX_SECTORS;
766 }
767
768 static inline bool media_is_cd(SCSIDiskState *s)
769 {
770 uint64_t nb_sectors;
771 if (s->qdev.type != TYPE_ROM) {
772 return false;
773 }
774 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
775 return false;
776 }
777 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
778 return nb_sectors <= CD_MAX_SECTORS;
779 }
780
781 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
782 uint8_t *outbuf)
783 {
784 uint8_t type = r->req.cmd.buf[1] & 7;
785
786 if (s->qdev.type != TYPE_ROM) {
787 return -1;
788 }
789
790 /* Types 1/2 are only defined for Blu-Ray. */
791 if (type != 0) {
792 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
793 return -1;
794 }
795
796 memset(outbuf, 0, 34);
797 outbuf[1] = 32;
798 outbuf[2] = 0xe; /* last session complete, disc finalized */
799 outbuf[3] = 1; /* first track on disc */
800 outbuf[4] = 1; /* # of sessions */
801 outbuf[5] = 1; /* first track of last session */
802 outbuf[6] = 1; /* last track of last session */
803 outbuf[7] = 0x20; /* unrestricted use */
804 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
805 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
806 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
807 /* 24-31: disc bar code */
808 /* 32: disc application code */
809 /* 33: number of OPC tables */
810
811 return 34;
812 }
813
814 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
815 uint8_t *outbuf)
816 {
817 static const int rds_caps_size[5] = {
818 [0] = 2048 + 4,
819 [1] = 4 + 4,
820 [3] = 188 + 4,
821 [4] = 2048 + 4,
822 };
823
824 uint8_t media = r->req.cmd.buf[1];
825 uint8_t layer = r->req.cmd.buf[6];
826 uint8_t format = r->req.cmd.buf[7];
827 int size = -1;
828
829 if (s->qdev.type != TYPE_ROM) {
830 return -1;
831 }
832 if (media != 0) {
833 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
834 return -1;
835 }
836
837 if (format != 0xff) {
838 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
839 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
840 return -1;
841 }
842 if (media_is_cd(s)) {
843 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
844 return -1;
845 }
846 if (format >= ARRAY_SIZE(rds_caps_size)) {
847 return -1;
848 }
849 size = rds_caps_size[format];
850 memset(outbuf, 0, size);
851 }
852
853 switch (format) {
854 case 0x00: {
855 /* Physical format information */
856 uint64_t nb_sectors;
857 if (layer != 0) {
858 goto fail;
859 }
860 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
861
862 outbuf[4] = 1; /* DVD-ROM, part version 1 */
863 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
864 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
865 outbuf[7] = 0; /* default densities */
866
867 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
868 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
869 break;
870 }
871
872 case 0x01: /* DVD copyright information, all zeros */
873 break;
874
875 case 0x03: /* BCA information - invalid field for no BCA info */
876 return -1;
877
878 case 0x04: /* DVD disc manufacturing information, all zeros */
879 break;
880
881 case 0xff: { /* List capabilities */
882 int i;
883 size = 4;
884 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
885 if (!rds_caps_size[i]) {
886 continue;
887 }
888 outbuf[size] = i;
889 outbuf[size + 1] = 0x40; /* Not writable, readable */
890 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
891 size += 4;
892 }
893 break;
894 }
895
896 default:
897 return -1;
898 }
899
900 /* Size of buffer, not including 2 byte size field */
901 stw_be_p(outbuf, size - 2);
902 return size;
903
904 fail:
905 return -1;
906 }
907
908 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
909 {
910 uint8_t event_code, media_status;
911
912 media_status = 0;
913 if (s->tray_open) {
914 media_status = MS_TRAY_OPEN;
915 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
916 media_status = MS_MEDIA_PRESENT;
917 }
918
919 /* Event notification descriptor */
920 event_code = MEC_NO_CHANGE;
921 if (media_status != MS_TRAY_OPEN) {
922 if (s->media_event) {
923 event_code = MEC_NEW_MEDIA;
924 s->media_event = false;
925 } else if (s->eject_request) {
926 event_code = MEC_EJECT_REQUESTED;
927 s->eject_request = false;
928 }
929 }
930
931 outbuf[0] = event_code;
932 outbuf[1] = media_status;
933
934 /* These fields are reserved, just clear them. */
935 outbuf[2] = 0;
936 outbuf[3] = 0;
937 return 4;
938 }
939
940 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
941 uint8_t *outbuf)
942 {
943 int size;
944 uint8_t *buf = r->req.cmd.buf;
945 uint8_t notification_class_request = buf[4];
946 if (s->qdev.type != TYPE_ROM) {
947 return -1;
948 }
949 if ((buf[1] & 1) == 0) {
950 /* asynchronous */
951 return -1;
952 }
953
954 size = 4;
955 outbuf[0] = outbuf[1] = 0;
956 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
957 if (notification_class_request & (1 << GESN_MEDIA)) {
958 outbuf[2] = GESN_MEDIA;
959 size += scsi_event_status_media(s, &outbuf[size]);
960 } else {
961 outbuf[2] = 0x80;
962 }
963 stw_be_p(outbuf, size - 4);
964 return size;
965 }
966
967 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
968 {
969 int current;
970
971 if (s->qdev.type != TYPE_ROM) {
972 return -1;
973 }
974 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
975 memset(outbuf, 0, 40);
976 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
977 stw_be_p(&outbuf[6], current);
978 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
979 outbuf[10] = 0x03; /* persistent, current */
980 outbuf[11] = 8; /* two profiles */
981 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
982 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
983 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
984 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
985 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
986 stw_be_p(&outbuf[20], 1);
987 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
988 outbuf[23] = 8;
989 stl_be_p(&outbuf[24], 1); /* SCSI */
990 outbuf[28] = 1; /* DBE = 1, mandatory */
991 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
992 stw_be_p(&outbuf[32], 3);
993 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
994 outbuf[35] = 4;
995 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
996 /* TODO: Random readable, CD read, DVD read, drive serial number,
997 power management */
998 return 40;
999 }
1000
1001 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1002 {
1003 if (s->qdev.type != TYPE_ROM) {
1004 return -1;
1005 }
1006 memset(outbuf, 0, 8);
1007 outbuf[5] = 1; /* CD-ROM */
1008 return 8;
1009 }
1010
1011 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
1012 int page_control)
1013 {
1014 static const int mode_sense_valid[0x3f] = {
1015 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1016 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1017 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1018 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1019 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
1020 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1021 };
1022
1023 uint8_t *p = *p_outbuf + 2;
1024 int length;
1025
1026 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1027 return -1;
1028 }
1029
1030 /*
1031 * If Changeable Values are requested, a mask denoting those mode parameters
1032 * that are changeable shall be returned. As we currently don't support
1033 * parameter changes via MODE_SELECT all bits are returned set to zero.
1034 * The buffer was already menset to zero by the caller of this function.
1035 *
1036 * The offsets here are off by two compared to the descriptions in the
1037 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1038 * but it is done so that offsets are consistent within our implementation
1039 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1040 * 2-byte and 4-byte headers.
1041 */
1042 switch (page) {
1043 case MODE_PAGE_HD_GEOMETRY:
1044 length = 0x16;
1045 if (page_control == 1) { /* Changeable Values */
1046 break;
1047 }
1048 /* if a geometry hint is available, use it */
1049 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1050 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1051 p[2] = s->qdev.conf.cyls & 0xff;
1052 p[3] = s->qdev.conf.heads & 0xff;
1053 /* Write precomp start cylinder, disabled */
1054 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1055 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1056 p[6] = s->qdev.conf.cyls & 0xff;
1057 /* Reduced current start cylinder, disabled */
1058 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1059 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1060 p[9] = s->qdev.conf.cyls & 0xff;
1061 /* Device step rate [ns], 200ns */
1062 p[10] = 0;
1063 p[11] = 200;
1064 /* Landing zone cylinder */
1065 p[12] = 0xff;
1066 p[13] = 0xff;
1067 p[14] = 0xff;
1068 /* Medium rotation rate [rpm], 5400 rpm */
1069 p[18] = (5400 >> 8) & 0xff;
1070 p[19] = 5400 & 0xff;
1071 break;
1072
1073 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1074 length = 0x1e;
1075 if (page_control == 1) { /* Changeable Values */
1076 break;
1077 }
1078 /* Transfer rate [kbit/s], 5Mbit/s */
1079 p[0] = 5000 >> 8;
1080 p[1] = 5000 & 0xff;
1081 /* if a geometry hint is available, use it */
1082 p[2] = s->qdev.conf.heads & 0xff;
1083 p[3] = s->qdev.conf.secs & 0xff;
1084 p[4] = s->qdev.blocksize >> 8;
1085 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1086 p[7] = s->qdev.conf.cyls & 0xff;
1087 /* Write precomp start cylinder, disabled */
1088 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1089 p[9] = s->qdev.conf.cyls & 0xff;
1090 /* Reduced current start cylinder, disabled */
1091 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1092 p[11] = s->qdev.conf.cyls & 0xff;
1093 /* Device step rate [100us], 100us */
1094 p[12] = 0;
1095 p[13] = 1;
1096 /* Device step pulse width [us], 1us */
1097 p[14] = 1;
1098 /* Device head settle delay [100us], 100us */
1099 p[15] = 0;
1100 p[16] = 1;
1101 /* Motor on delay [0.1s], 0.1s */
1102 p[17] = 1;
1103 /* Motor off delay [0.1s], 0.1s */
1104 p[18] = 1;
1105 /* Medium rotation rate [rpm], 5400 rpm */
1106 p[26] = (5400 >> 8) & 0xff;
1107 p[27] = 5400 & 0xff;
1108 break;
1109
1110 case MODE_PAGE_CACHING:
1111 length = 0x12;
1112 if (page_control == 1 || /* Changeable Values */
1113 bdrv_enable_write_cache(s->qdev.conf.bs)) {
1114 p[0] = 4; /* WCE */
1115 }
1116 break;
1117
1118 case MODE_PAGE_R_W_ERROR:
1119 length = 10;
1120 if (page_control == 1) { /* Changeable Values */
1121 break;
1122 }
1123 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1124 if (s->qdev.type == TYPE_ROM) {
1125 p[1] = 0x20; /* Read Retry Count */
1126 }
1127 break;
1128
1129 case MODE_PAGE_AUDIO_CTL:
1130 length = 14;
1131 break;
1132
1133 case MODE_PAGE_CAPABILITIES:
1134 length = 0x14;
1135 if (page_control == 1) { /* Changeable Values */
1136 break;
1137 }
1138
1139 p[0] = 0x3b; /* CD-R & CD-RW read */
1140 p[1] = 0; /* Writing not supported */
1141 p[2] = 0x7f; /* Audio, composite, digital out,
1142 mode 2 form 1&2, multi session */
1143 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1144 RW corrected, C2 errors, ISRC,
1145 UPC, Bar code */
1146 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1147 /* Locking supported, jumper present, eject, tray */
1148 p[5] = 0; /* no volume & mute control, no
1149 changer */
1150 p[6] = (50 * 176) >> 8; /* 50x read speed */
1151 p[7] = (50 * 176) & 0xff;
1152 p[8] = 2 >> 8; /* Two volume levels */
1153 p[9] = 2 & 0xff;
1154 p[10] = 2048 >> 8; /* 2M buffer */
1155 p[11] = 2048 & 0xff;
1156 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1157 p[13] = (16 * 176) & 0xff;
1158 p[16] = (16 * 176) >> 8; /* 16x write speed */
1159 p[17] = (16 * 176) & 0xff;
1160 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1161 p[19] = (16 * 176) & 0xff;
1162 break;
1163
1164 default:
1165 return -1;
1166 }
1167
1168 assert(length < 256);
1169 (*p_outbuf)[0] = page;
1170 (*p_outbuf)[1] = length;
1171 *p_outbuf += length + 2;
1172 return length + 2;
1173 }
1174
1175 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1176 {
1177 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1178 uint64_t nb_sectors;
1179 bool dbd;
1180 int page, buflen, ret, page_control;
1181 uint8_t *p;
1182 uint8_t dev_specific_param;
1183
1184 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1185 page = r->req.cmd.buf[2] & 0x3f;
1186 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1187 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1188 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1189 memset(outbuf, 0, r->req.cmd.xfer);
1190 p = outbuf;
1191
1192 if (s->qdev.type == TYPE_DISK) {
1193 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1194 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1195 dev_specific_param |= 0x80; /* Readonly. */
1196 }
1197 } else {
1198 /* MMC prescribes that CD/DVD drives have no block descriptors,
1199 * and defines no device-specific parameter. */
1200 dev_specific_param = 0x00;
1201 dbd = true;
1202 }
1203
1204 if (r->req.cmd.buf[0] == MODE_SENSE) {
1205 p[1] = 0; /* Default media type. */
1206 p[2] = dev_specific_param;
1207 p[3] = 0; /* Block descriptor length. */
1208 p += 4;
1209 } else { /* MODE_SENSE_10 */
1210 p[2] = 0; /* Default media type. */
1211 p[3] = dev_specific_param;
1212 p[6] = p[7] = 0; /* Block descriptor length. */
1213 p += 8;
1214 }
1215
1216 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1217 if (!dbd && nb_sectors) {
1218 if (r->req.cmd.buf[0] == MODE_SENSE) {
1219 outbuf[3] = 8; /* Block descriptor length */
1220 } else { /* MODE_SENSE_10 */
1221 outbuf[7] = 8; /* Block descriptor length */
1222 }
1223 nb_sectors /= (s->qdev.blocksize / 512);
1224 if (nb_sectors > 0xffffff) {
1225 nb_sectors = 0;
1226 }
1227 p[0] = 0; /* media density code */
1228 p[1] = (nb_sectors >> 16) & 0xff;
1229 p[2] = (nb_sectors >> 8) & 0xff;
1230 p[3] = nb_sectors & 0xff;
1231 p[4] = 0; /* reserved */
1232 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1233 p[6] = s->qdev.blocksize >> 8;
1234 p[7] = 0;
1235 p += 8;
1236 }
1237
1238 if (page_control == 3) {
1239 /* Saved Values */
1240 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1241 return -1;
1242 }
1243
1244 if (page == 0x3f) {
1245 for (page = 0; page <= 0x3e; page++) {
1246 mode_sense_page(s, page, &p, page_control);
1247 }
1248 } else {
1249 ret = mode_sense_page(s, page, &p, page_control);
1250 if (ret == -1) {
1251 return -1;
1252 }
1253 }
1254
1255 buflen = p - outbuf;
1256 /*
1257 * The mode data length field specifies the length in bytes of the
1258 * following data that is available to be transferred. The mode data
1259 * length does not include itself.
1260 */
1261 if (r->req.cmd.buf[0] == MODE_SENSE) {
1262 outbuf[0] = buflen - 1;
1263 } else { /* MODE_SENSE_10 */
1264 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1265 outbuf[1] = (buflen - 2) & 0xff;
1266 }
1267 return buflen;
1268 }
1269
1270 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1271 {
1272 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1273 int start_track, format, msf, toclen;
1274 uint64_t nb_sectors;
1275
1276 msf = req->cmd.buf[1] & 2;
1277 format = req->cmd.buf[2] & 0xf;
1278 start_track = req->cmd.buf[6];
1279 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1280 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1281 nb_sectors /= s->qdev.blocksize / 512;
1282 switch (format) {
1283 case 0:
1284 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1285 break;
1286 case 1:
1287 /* multi session : only a single session defined */
1288 toclen = 12;
1289 memset(outbuf, 0, 12);
1290 outbuf[1] = 0x0a;
1291 outbuf[2] = 0x01;
1292 outbuf[3] = 0x01;
1293 break;
1294 case 2:
1295 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1296 break;
1297 default:
1298 return -1;
1299 }
1300 return toclen;
1301 }
1302
1303 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1304 {
1305 SCSIRequest *req = &r->req;
1306 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1307 bool start = req->cmd.buf[4] & 1;
1308 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1309 int pwrcnd = req->cmd.buf[4] & 0xf0;
1310
1311 if (pwrcnd) {
1312 /* eject/load only happens for power condition == 0 */
1313 return 0;
1314 }
1315
1316 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
1317 if (!start && !s->tray_open && s->tray_locked) {
1318 scsi_check_condition(r,
1319 bdrv_is_inserted(s->qdev.conf.bs)
1320 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1321 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1322 return -1;
1323 }
1324
1325 if (s->tray_open != !start) {
1326 bdrv_eject(s->qdev.conf.bs, !start);
1327 s->tray_open = !start;
1328 }
1329 }
1330 return 0;
1331 }
1332
1333 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1334 {
1335 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1336 int buflen = r->iov.iov_len;
1337
1338 if (buflen) {
1339 DPRINTF("Read buf_len=%d\n", buflen);
1340 r->iov.iov_len = 0;
1341 r->started = true;
1342 scsi_req_data(&r->req, buflen);
1343 return;
1344 }
1345
1346 /* This also clears the sense buffer for REQUEST SENSE. */
1347 scsi_req_complete(&r->req, GOOD);
1348 }
1349
1350 static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1351 uint8_t *inbuf, int inlen)
1352 {
1353 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1354 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1355 uint8_t *p;
1356 int len, expected_len, changeable_len, i;
1357
1358 /* The input buffer does not include the page header, so it is
1359 * off by 2 bytes.
1360 */
1361 expected_len = inlen + 2;
1362 if (expected_len > SCSI_MAX_MODE_LEN) {
1363 return -1;
1364 }
1365
1366 p = mode_current;
1367 memset(mode_current, 0, inlen + 2);
1368 len = mode_sense_page(s, page, &p, 0);
1369 if (len < 0 || len != expected_len) {
1370 return -1;
1371 }
1372
1373 p = mode_changeable;
1374 memset(mode_changeable, 0, inlen + 2);
1375 changeable_len = mode_sense_page(s, page, &p, 1);
1376 assert(changeable_len == len);
1377
1378 /* Check that unchangeable bits are the same as what MODE SENSE
1379 * would return.
1380 */
1381 for (i = 2; i < len; i++) {
1382 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1383 return -1;
1384 }
1385 }
1386 return 0;
1387 }
1388
1389 static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1390 {
1391 switch (page) {
1392 case MODE_PAGE_CACHING:
1393 bdrv_set_enable_write_cache(s->qdev.conf.bs, (p[0] & 4) != 0);
1394 break;
1395
1396 default:
1397 break;
1398 }
1399 }
1400
1401 static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1402 {
1403 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1404
1405 while (len > 0) {
1406 int page, subpage, page_len;
1407
1408 /* Parse both possible formats for the mode page headers. */
1409 page = p[0] & 0x3f;
1410 if (p[0] & 0x40) {
1411 if (len < 4) {
1412 goto invalid_param_len;
1413 }
1414 subpage = p[1];
1415 page_len = lduw_be_p(&p[2]);
1416 p += 4;
1417 len -= 4;
1418 } else {
1419 if (len < 2) {
1420 goto invalid_param_len;
1421 }
1422 subpage = 0;
1423 page_len = p[1];
1424 p += 2;
1425 len -= 2;
1426 }
1427
1428 if (subpage) {
1429 goto invalid_param;
1430 }
1431 if (page_len > len) {
1432 goto invalid_param_len;
1433 }
1434
1435 if (!change) {
1436 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1437 goto invalid_param;
1438 }
1439 } else {
1440 scsi_disk_apply_mode_select(s, page, p);
1441 }
1442
1443 p += page_len;
1444 len -= page_len;
1445 }
1446 return 0;
1447
1448 invalid_param:
1449 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1450 return -1;
1451
1452 invalid_param_len:
1453 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1454 return -1;
1455 }
1456
1457 static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1458 {
1459 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1460 uint8_t *p = inbuf;
1461 int cmd = r->req.cmd.buf[0];
1462 int len = r->req.cmd.xfer;
1463 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1464 int bd_len;
1465 int pass;
1466
1467 /* We only support PF=1, SP=0. */
1468 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1469 goto invalid_field;
1470 }
1471
1472 if (len < hdr_len) {
1473 goto invalid_param_len;
1474 }
1475
1476 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1477 len -= hdr_len;
1478 p += hdr_len;
1479 if (len < bd_len) {
1480 goto invalid_param_len;
1481 }
1482 if (bd_len != 0 && bd_len != 8) {
1483 goto invalid_param;
1484 }
1485
1486 len -= bd_len;
1487 p += bd_len;
1488
1489 /* Ensure no change is made if there is an error! */
1490 for (pass = 0; pass < 2; pass++) {
1491 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1492 assert(pass == 0);
1493 return;
1494 }
1495 }
1496 if (!bdrv_enable_write_cache(s->qdev.conf.bs)) {
1497 /* The request is used as the AIO opaque value, so add a ref. */
1498 scsi_req_ref(&r->req);
1499 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1500 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1501 return;
1502 }
1503
1504 scsi_req_complete(&r->req, GOOD);
1505 return;
1506
1507 invalid_param:
1508 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1509 return;
1510
1511 invalid_param_len:
1512 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1513 return;
1514
1515 invalid_field:
1516 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1517 }
1518
1519 static inline bool check_lba_range(SCSIDiskState *s,
1520 uint64_t sector_num, uint32_t nb_sectors)
1521 {
1522 /*
1523 * The first line tests that no overflow happens when computing the last
1524 * sector. The second line tests that the last accessed sector is in
1525 * range.
1526 *
1527 * Careful, the computations should not underflow for nb_sectors == 0,
1528 * and a 0-block read to the first LBA beyond the end of device is
1529 * valid.
1530 */
1531 return (sector_num <= sector_num + nb_sectors &&
1532 sector_num + nb_sectors <= s->qdev.max_lba + 1);
1533 }
1534
1535 typedef struct UnmapCBData {
1536 SCSIDiskReq *r;
1537 uint8_t *inbuf;
1538 int count;
1539 } UnmapCBData;
1540
1541 static void scsi_unmap_complete(void *opaque, int ret)
1542 {
1543 UnmapCBData *data = opaque;
1544 SCSIDiskReq *r = data->r;
1545 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1546 uint64_t sector_num;
1547 uint32_t nb_sectors;
1548
1549 r->req.aiocb = NULL;
1550 if (r->req.io_canceled) {
1551 goto done;
1552 }
1553
1554 if (ret < 0) {
1555 if (scsi_handle_rw_error(r, -ret)) {
1556 goto done;
1557 }
1558 }
1559
1560 if (data->count > 0) {
1561 sector_num = ldq_be_p(&data->inbuf[0]);
1562 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
1563 if (!check_lba_range(s, sector_num, nb_sectors)) {
1564 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1565 goto done;
1566 }
1567
1568 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1569 sector_num * (s->qdev.blocksize / 512),
1570 nb_sectors * (s->qdev.blocksize / 512),
1571 scsi_unmap_complete, data);
1572 data->count--;
1573 data->inbuf += 16;
1574 return;
1575 }
1576
1577 scsi_req_complete(&r->req, GOOD);
1578
1579 done:
1580 if (!r->req.io_canceled) {
1581 scsi_req_unref(&r->req);
1582 }
1583 g_free(data);
1584 }
1585
1586 static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1587 {
1588 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1589 uint8_t *p = inbuf;
1590 int len = r->req.cmd.xfer;
1591 UnmapCBData *data;
1592
1593 /* Reject ANCHOR=1. */
1594 if (r->req.cmd.buf[1] & 0x1) {
1595 goto invalid_field;
1596 }
1597
1598 if (len < 8) {
1599 goto invalid_param_len;
1600 }
1601 if (len < lduw_be_p(&p[0]) + 2) {
1602 goto invalid_param_len;
1603 }
1604 if (len < lduw_be_p(&p[2]) + 8) {
1605 goto invalid_param_len;
1606 }
1607 if (lduw_be_p(&p[2]) & 15) {
1608 goto invalid_param_len;
1609 }
1610
1611 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1612 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1613 return;
1614 }
1615
1616 data = g_new0(UnmapCBData, 1);
1617 data->r = r;
1618 data->inbuf = &p[8];
1619 data->count = lduw_be_p(&p[2]) >> 4;
1620
1621 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1622 scsi_req_ref(&r->req);
1623 scsi_unmap_complete(data, 0);
1624 return;
1625
1626 invalid_param_len:
1627 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1628 return;
1629
1630 invalid_field:
1631 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1632 }
1633
1634 typedef struct WriteSameCBData {
1635 SCSIDiskReq *r;
1636 int64_t sector;
1637 int nb_sectors;
1638 QEMUIOVector qiov;
1639 struct iovec iov;
1640 } WriteSameCBData;
1641
1642 static void scsi_write_same_complete(void *opaque, int ret)
1643 {
1644 WriteSameCBData *data = opaque;
1645 SCSIDiskReq *r = data->r;
1646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1647
1648 assert(r->req.aiocb != NULL);
1649 r->req.aiocb = NULL;
1650 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
1651 if (r->req.io_canceled) {
1652 goto done;
1653 }
1654
1655 if (ret < 0) {
1656 if (scsi_handle_rw_error(r, -ret)) {
1657 goto done;
1658 }
1659 }
1660
1661 data->nb_sectors -= data->iov.iov_len / 512;
1662 data->sector += data->iov.iov_len / 512;
1663 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1664 if (data->iov.iov_len) {
1665 bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE);
1666 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector,
1667 &data->qiov, data->iov.iov_len / 512,
1668 scsi_write_same_complete, data);
1669 return;
1670 }
1671
1672 scsi_req_complete(&r->req, GOOD);
1673
1674 done:
1675 if (!r->req.io_canceled) {
1676 scsi_req_unref(&r->req);
1677 }
1678 qemu_vfree(data->iov.iov_base);
1679 g_free(data);
1680 }
1681
1682 static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1683 {
1684 SCSIRequest *req = &r->req;
1685 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1686 uint32_t nb_sectors = scsi_data_cdb_length(r->req.cmd.buf);
1687 WriteSameCBData *data;
1688 uint8_t *buf;
1689 int i;
1690
1691 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1692 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1693 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1694 return;
1695 }
1696
1697 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1698 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1699 return;
1700 }
1701 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1702 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1703 return;
1704 }
1705
1706 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1707 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1708
1709 /* The request is used as the AIO opaque value, so add a ref. */
1710 scsi_req_ref(&r->req);
1711 bdrv_acct_start(s->qdev.conf.bs, &r->acct, nb_sectors * s->qdev.blocksize,
1712 BDRV_ACCT_WRITE);
1713 r->req.aiocb = bdrv_aio_write_zeroes(s->qdev.conf.bs,
1714 r->req.cmd.lba * (s->qdev.blocksize / 512),
1715 nb_sectors * (s->qdev.blocksize / 512),
1716 flags, scsi_aio_complete, r);
1717 return;
1718 }
1719
1720 data = g_new0(WriteSameCBData, 1);
1721 data->r = r;
1722 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1723 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1724 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
1725 data->iov.iov_base = buf = qemu_blockalign(s->qdev.conf.bs, data->iov.iov_len);
1726 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1727
1728 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1729 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1730 }
1731
1732 scsi_req_ref(&r->req);
1733 bdrv_acct_start(s->qdev.conf.bs, &r->acct, data->iov.iov_len, BDRV_ACCT_WRITE);
1734 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, data->sector,
1735 &data->qiov, data->iov.iov_len / 512,
1736 scsi_write_same_complete, data);
1737 }
1738
1739 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1740 {
1741 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1742
1743 if (r->iov.iov_len) {
1744 int buflen = r->iov.iov_len;
1745 DPRINTF("Write buf_len=%d\n", buflen);
1746 r->iov.iov_len = 0;
1747 scsi_req_data(&r->req, buflen);
1748 return;
1749 }
1750
1751 switch (req->cmd.buf[0]) {
1752 case MODE_SELECT:
1753 case MODE_SELECT_10:
1754 /* This also clears the sense buffer for REQUEST SENSE. */
1755 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
1756 break;
1757
1758 case UNMAP:
1759 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1760 break;
1761
1762 case VERIFY_10:
1763 case VERIFY_12:
1764 case VERIFY_16:
1765 if (r->req.status == -1) {
1766 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1767 }
1768 break;
1769
1770 case WRITE_SAME_10:
1771 case WRITE_SAME_16:
1772 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1773 break;
1774
1775 default:
1776 abort();
1777 }
1778 }
1779
1780 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1781 {
1782 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1783 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1784 uint64_t nb_sectors;
1785 uint8_t *outbuf;
1786 int buflen;
1787
1788 switch (req->cmd.buf[0]) {
1789 case INQUIRY:
1790 case MODE_SENSE:
1791 case MODE_SENSE_10:
1792 case RESERVE:
1793 case RESERVE_10:
1794 case RELEASE:
1795 case RELEASE_10:
1796 case START_STOP:
1797 case ALLOW_MEDIUM_REMOVAL:
1798 case GET_CONFIGURATION:
1799 case GET_EVENT_STATUS_NOTIFICATION:
1800 case MECHANISM_STATUS:
1801 case REQUEST_SENSE:
1802 break;
1803
1804 default:
1805 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1806 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1807 return 0;
1808 }
1809 break;
1810 }
1811
1812 /*
1813 * FIXME: we shouldn't return anything bigger than 4k, but the code
1814 * requires the buffer to be as big as req->cmd.xfer in several
1815 * places. So, do not allow CDBs with a very large ALLOCATION
1816 * LENGTH. The real fix would be to modify scsi_read_data and
1817 * dma_buf_read, so that they return data beyond the buflen
1818 * as all zeros.
1819 */
1820 if (req->cmd.xfer > 65536) {
1821 goto illegal_request;
1822 }
1823 r->buflen = MAX(4096, req->cmd.xfer);
1824
1825 if (!r->iov.iov_base) {
1826 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1827 }
1828
1829 buflen = req->cmd.xfer;
1830 outbuf = r->iov.iov_base;
1831 memset(outbuf, 0, r->buflen);
1832 switch (req->cmd.buf[0]) {
1833 case TEST_UNIT_READY:
1834 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1835 break;
1836 case INQUIRY:
1837 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1838 if (buflen < 0) {
1839 goto illegal_request;
1840 }
1841 break;
1842 case MODE_SENSE:
1843 case MODE_SENSE_10:
1844 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1845 if (buflen < 0) {
1846 goto illegal_request;
1847 }
1848 break;
1849 case READ_TOC:
1850 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1851 if (buflen < 0) {
1852 goto illegal_request;
1853 }
1854 break;
1855 case RESERVE:
1856 if (req->cmd.buf[1] & 1) {
1857 goto illegal_request;
1858 }
1859 break;
1860 case RESERVE_10:
1861 if (req->cmd.buf[1] & 3) {
1862 goto illegal_request;
1863 }
1864 break;
1865 case RELEASE:
1866 if (req->cmd.buf[1] & 1) {
1867 goto illegal_request;
1868 }
1869 break;
1870 case RELEASE_10:
1871 if (req->cmd.buf[1] & 3) {
1872 goto illegal_request;
1873 }
1874 break;
1875 case START_STOP:
1876 if (scsi_disk_emulate_start_stop(r) < 0) {
1877 return 0;
1878 }
1879 break;
1880 case ALLOW_MEDIUM_REMOVAL:
1881 s->tray_locked = req->cmd.buf[4] & 1;
1882 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1883 break;
1884 case READ_CAPACITY_10:
1885 /* The normal LEN field for this command is zero. */
1886 memset(outbuf, 0, 8);
1887 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1888 if (!nb_sectors) {
1889 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1890 return 0;
1891 }
1892 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1893 goto illegal_request;
1894 }
1895 nb_sectors /= s->qdev.blocksize / 512;
1896 /* Returned value is the address of the last sector. */
1897 nb_sectors--;
1898 /* Remember the new size for read/write sanity checking. */
1899 s->qdev.max_lba = nb_sectors;
1900 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1901 if (nb_sectors > UINT32_MAX) {
1902 nb_sectors = UINT32_MAX;
1903 }
1904 outbuf[0] = (nb_sectors >> 24) & 0xff;
1905 outbuf[1] = (nb_sectors >> 16) & 0xff;
1906 outbuf[2] = (nb_sectors >> 8) & 0xff;
1907 outbuf[3] = nb_sectors & 0xff;
1908 outbuf[4] = 0;
1909 outbuf[5] = 0;
1910 outbuf[6] = s->qdev.blocksize >> 8;
1911 outbuf[7] = 0;
1912 break;
1913 case REQUEST_SENSE:
1914 /* Just return "NO SENSE". */
1915 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1916 (req->cmd.buf[1] & 1) == 0);
1917 if (buflen < 0) {
1918 goto illegal_request;
1919 }
1920 break;
1921 case MECHANISM_STATUS:
1922 buflen = scsi_emulate_mechanism_status(s, outbuf);
1923 if (buflen < 0) {
1924 goto illegal_request;
1925 }
1926 break;
1927 case GET_CONFIGURATION:
1928 buflen = scsi_get_configuration(s, outbuf);
1929 if (buflen < 0) {
1930 goto illegal_request;
1931 }
1932 break;
1933 case GET_EVENT_STATUS_NOTIFICATION:
1934 buflen = scsi_get_event_status_notification(s, r, outbuf);
1935 if (buflen < 0) {
1936 goto illegal_request;
1937 }
1938 break;
1939 case READ_DISC_INFORMATION:
1940 buflen = scsi_read_disc_information(s, r, outbuf);
1941 if (buflen < 0) {
1942 goto illegal_request;
1943 }
1944 break;
1945 case READ_DVD_STRUCTURE:
1946 buflen = scsi_read_dvd_structure(s, r, outbuf);
1947 if (buflen < 0) {
1948 goto illegal_request;
1949 }
1950 break;
1951 case SERVICE_ACTION_IN_16:
1952 /* Service Action In subcommands. */
1953 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1954 DPRINTF("SAI READ CAPACITY(16)\n");
1955 memset(outbuf, 0, req->cmd.xfer);
1956 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1957 if (!nb_sectors) {
1958 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1959 return 0;
1960 }
1961 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1962 goto illegal_request;
1963 }
1964 nb_sectors /= s->qdev.blocksize / 512;
1965 /* Returned value is the address of the last sector. */
1966 nb_sectors--;
1967 /* Remember the new size for read/write sanity checking. */
1968 s->qdev.max_lba = nb_sectors;
1969 outbuf[0] = (nb_sectors >> 56) & 0xff;
1970 outbuf[1] = (nb_sectors >> 48) & 0xff;
1971 outbuf[2] = (nb_sectors >> 40) & 0xff;
1972 outbuf[3] = (nb_sectors >> 32) & 0xff;
1973 outbuf[4] = (nb_sectors >> 24) & 0xff;
1974 outbuf[5] = (nb_sectors >> 16) & 0xff;
1975 outbuf[6] = (nb_sectors >> 8) & 0xff;
1976 outbuf[7] = nb_sectors & 0xff;
1977 outbuf[8] = 0;
1978 outbuf[9] = 0;
1979 outbuf[10] = s->qdev.blocksize >> 8;
1980 outbuf[11] = 0;
1981 outbuf[12] = 0;
1982 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1983
1984 /* set TPE bit if the format supports discard */
1985 if (s->qdev.conf.discard_granularity) {
1986 outbuf[14] = 0x80;
1987 }
1988
1989 /* Protection, exponent and lowest lba field left blank. */
1990 break;
1991 }
1992 DPRINTF("Unsupported Service Action In\n");
1993 goto illegal_request;
1994 case SYNCHRONIZE_CACHE:
1995 /* The request is used as the AIO opaque value, so add a ref. */
1996 scsi_req_ref(&r->req);
1997 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1998 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1999 return 0;
2000 case SEEK_10:
2001 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2002 if (r->req.cmd.lba > s->qdev.max_lba) {
2003 goto illegal_lba;
2004 }
2005 break;
2006 case MODE_SELECT:
2007 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
2008 break;
2009 case MODE_SELECT_10:
2010 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
2011 break;
2012 case UNMAP:
2013 DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer);
2014 break;
2015 case VERIFY_10:
2016 case VERIFY_12:
2017 case VERIFY_16:
2018 DPRINTF("Verify (bytchk %lu)\n", (r->req.buf[1] >> 1) & 3);
2019 if (req->cmd.buf[1] & 6) {
2020 goto illegal_request;
2021 }
2022 break;
2023 case WRITE_SAME_10:
2024 case WRITE_SAME_16:
2025 DPRINTF("WRITE SAME %d (len %lu)\n",
2026 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
2027 (long)r->req.cmd.xfer);
2028 break;
2029 default:
2030 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
2031 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
2032 return 0;
2033 }
2034 assert(!r->req.aiocb);
2035 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
2036 if (r->iov.iov_len == 0) {
2037 scsi_req_complete(&r->req, GOOD);
2038 }
2039 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2040 assert(r->iov.iov_len == req->cmd.xfer);
2041 return -r->iov.iov_len;
2042 } else {
2043 return r->iov.iov_len;
2044 }
2045
2046 illegal_request:
2047 if (r->req.status == -1) {
2048 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2049 }
2050 return 0;
2051
2052 illegal_lba:
2053 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2054 return 0;
2055 }
2056
2057 /* Execute a scsi command. Returns the length of the data expected by the
2058 command. This will be Positive for data transfers from the device
2059 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2060 and zero if the command does not transfer any data. */
2061
2062 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2063 {
2064 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2065 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
2066 uint32_t len;
2067 uint8_t command;
2068
2069 command = buf[0];
2070
2071 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
2072 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2073 return 0;
2074 }
2075
2076 len = scsi_data_cdb_length(r->req.cmd.buf);
2077 switch (command) {
2078 case READ_6:
2079 case READ_10:
2080 case READ_12:
2081 case READ_16:
2082 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
2083 if (r->req.cmd.buf[1] & 0xe0) {
2084 goto illegal_request;
2085 }
2086 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2087 goto illegal_lba;
2088 }
2089 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2090 r->sector_count = len * (s->qdev.blocksize / 512);
2091 break;
2092 case WRITE_6:
2093 case WRITE_10:
2094 case WRITE_12:
2095 case WRITE_16:
2096 case WRITE_VERIFY_10:
2097 case WRITE_VERIFY_12:
2098 case WRITE_VERIFY_16:
2099 if (bdrv_is_read_only(s->qdev.conf.bs)) {
2100 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2101 return 0;
2102 }
2103 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2104 (command & 0xe) == 0xe ? "And Verify " : "",
2105 r->req.cmd.lba, len);
2106 if (r->req.cmd.buf[1] & 0xe0) {
2107 goto illegal_request;
2108 }
2109 if (!check_lba_range(s, r->req.cmd.lba, len)) {
2110 goto illegal_lba;
2111 }
2112 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2113 r->sector_count = len * (s->qdev.blocksize / 512);
2114 break;
2115 default:
2116 abort();
2117 illegal_request:
2118 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2119 return 0;
2120 illegal_lba:
2121 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2122 return 0;
2123 }
2124 if (r->sector_count == 0) {
2125 scsi_req_complete(&r->req, GOOD);
2126 }
2127 assert(r->iov.iov_len == 0);
2128 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2129 return -r->sector_count * 512;
2130 } else {
2131 return r->sector_count * 512;
2132 }
2133 }
2134
2135 static void scsi_disk_reset(DeviceState *dev)
2136 {
2137 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2138 uint64_t nb_sectors;
2139
2140 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
2141
2142 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
2143 nb_sectors /= s->qdev.blocksize / 512;
2144 if (nb_sectors) {
2145 nb_sectors--;
2146 }
2147 s->qdev.max_lba = nb_sectors;
2148 /* reset tray statuses */
2149 s->tray_locked = 0;
2150 s->tray_open = 0;
2151 }
2152
2153 static void scsi_destroy(SCSIDevice *dev)
2154 {
2155 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2156
2157 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
2158 blockdev_mark_auto_del(s->qdev.conf.bs);
2159 }
2160
2161 static void scsi_disk_resize_cb(void *opaque)
2162 {
2163 SCSIDiskState *s = opaque;
2164
2165 /* SPC lists this sense code as available only for
2166 * direct-access devices.
2167 */
2168 if (s->qdev.type == TYPE_DISK) {
2169 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
2170 }
2171 }
2172
2173 static void scsi_cd_change_media_cb(void *opaque, bool load)
2174 {
2175 SCSIDiskState *s = opaque;
2176
2177 /*
2178 * When a CD gets changed, we have to report an ejected state and
2179 * then a loaded state to guests so that they detect tray
2180 * open/close and media change events. Guests that do not use
2181 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2182 * states rely on this behavior.
2183 *
2184 * media_changed governs the state machine used for unit attention
2185 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2186 */
2187 s->media_changed = load;
2188 s->tray_open = !load;
2189 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
2190 s->media_event = true;
2191 s->eject_request = false;
2192 }
2193
2194 static void scsi_cd_eject_request_cb(void *opaque, bool force)
2195 {
2196 SCSIDiskState *s = opaque;
2197
2198 s->eject_request = true;
2199 if (force) {
2200 s->tray_locked = false;
2201 }
2202 }
2203
2204 static bool scsi_cd_is_tray_open(void *opaque)
2205 {
2206 return ((SCSIDiskState *)opaque)->tray_open;
2207 }
2208
2209 static bool scsi_cd_is_medium_locked(void *opaque)
2210 {
2211 return ((SCSIDiskState *)opaque)->tray_locked;
2212 }
2213
2214 static const BlockDevOps scsi_disk_removable_block_ops = {
2215 .change_media_cb = scsi_cd_change_media_cb,
2216 .eject_request_cb = scsi_cd_eject_request_cb,
2217 .is_tray_open = scsi_cd_is_tray_open,
2218 .is_medium_locked = scsi_cd_is_medium_locked,
2219
2220 .resize_cb = scsi_disk_resize_cb,
2221 };
2222
2223 static const BlockDevOps scsi_disk_block_ops = {
2224 .resize_cb = scsi_disk_resize_cb,
2225 };
2226
2227 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2228 {
2229 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2230 if (s->media_changed) {
2231 s->media_changed = false;
2232 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
2233 }
2234 }
2235
2236 static int scsi_initfn(SCSIDevice *dev)
2237 {
2238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2239
2240 if (!s->qdev.conf.bs) {
2241 error_report("drive property not set");
2242 return -1;
2243 }
2244
2245 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2246 !bdrv_is_inserted(s->qdev.conf.bs)) {
2247 error_report("Device needs media, but drive is empty");
2248 return -1;
2249 }
2250
2251 blkconf_serial(&s->qdev.conf, &s->serial);
2252 if (dev->type == TYPE_DISK
2253 && blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
2254 return -1;
2255 }
2256
2257 if (s->qdev.conf.discard_granularity == -1) {
2258 s->qdev.conf.discard_granularity =
2259 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2260 }
2261
2262 if (!s->version) {
2263 s->version = g_strdup(qemu_get_version());
2264 }
2265 if (!s->vendor) {
2266 s->vendor = g_strdup("QEMU");
2267 }
2268
2269 if (bdrv_is_sg(s->qdev.conf.bs)) {
2270 error_report("unwanted /dev/sg*");
2271 return -1;
2272 }
2273
2274 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2275 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
2276 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_removable_block_ops, s);
2277 } else {
2278 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_disk_block_ops, s);
2279 }
2280 bdrv_set_guest_block_size(s->qdev.conf.bs, s->qdev.blocksize);
2281
2282 bdrv_iostatus_enable(s->qdev.conf.bs);
2283 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
2284 return 0;
2285 }
2286
2287 static int scsi_hd_initfn(SCSIDevice *dev)
2288 {
2289 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2290 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2291 s->qdev.type = TYPE_DISK;
2292 if (!s->product) {
2293 s->product = g_strdup("QEMU HARDDISK");
2294 }
2295 return scsi_initfn(&s->qdev);
2296 }
2297
2298 static int scsi_cd_initfn(SCSIDevice *dev)
2299 {
2300 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2301 s->qdev.blocksize = 2048;
2302 s->qdev.type = TYPE_ROM;
2303 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2304 if (!s->product) {
2305 s->product = g_strdup("QEMU CD-ROM");
2306 }
2307 return scsi_initfn(&s->qdev);
2308 }
2309
2310 static int scsi_disk_initfn(SCSIDevice *dev)
2311 {
2312 DriveInfo *dinfo;
2313
2314 if (!dev->conf.bs) {
2315 return scsi_initfn(dev); /* ... and die there */
2316 }
2317
2318 dinfo = drive_get_by_blockdev(dev->conf.bs);
2319 if (dinfo->media_cd) {
2320 return scsi_cd_initfn(dev);
2321 } else {
2322 return scsi_hd_initfn(dev);
2323 }
2324 }
2325
2326 static const SCSIReqOps scsi_disk_emulate_reqops = {
2327 .size = sizeof(SCSIDiskReq),
2328 .free_req = scsi_free_request,
2329 .send_command = scsi_disk_emulate_command,
2330 .read_data = scsi_disk_emulate_read_data,
2331 .write_data = scsi_disk_emulate_write_data,
2332 .cancel_io = scsi_cancel_io,
2333 .get_buf = scsi_get_buf,
2334 };
2335
2336 static const SCSIReqOps scsi_disk_dma_reqops = {
2337 .size = sizeof(SCSIDiskReq),
2338 .free_req = scsi_free_request,
2339 .send_command = scsi_disk_dma_command,
2340 .read_data = scsi_read_data,
2341 .write_data = scsi_write_data,
2342 .cancel_io = scsi_cancel_io,
2343 .get_buf = scsi_get_buf,
2344 .load_request = scsi_disk_load_request,
2345 .save_request = scsi_disk_save_request,
2346 };
2347
2348 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2349 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2350 [INQUIRY] = &scsi_disk_emulate_reqops,
2351 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2352 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2353 [START_STOP] = &scsi_disk_emulate_reqops,
2354 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2355 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2356 [READ_TOC] = &scsi_disk_emulate_reqops,
2357 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2358 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2359 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2360 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2361 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2362 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2363 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2364 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2365 [SEEK_10] = &scsi_disk_emulate_reqops,
2366 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2367 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
2368 [UNMAP] = &scsi_disk_emulate_reqops,
2369 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2370 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
2371 [VERIFY_10] = &scsi_disk_emulate_reqops,
2372 [VERIFY_12] = &scsi_disk_emulate_reqops,
2373 [VERIFY_16] = &scsi_disk_emulate_reqops,
2374
2375 [READ_6] = &scsi_disk_dma_reqops,
2376 [READ_10] = &scsi_disk_dma_reqops,
2377 [READ_12] = &scsi_disk_dma_reqops,
2378 [READ_16] = &scsi_disk_dma_reqops,
2379 [WRITE_6] = &scsi_disk_dma_reqops,
2380 [WRITE_10] = &scsi_disk_dma_reqops,
2381 [WRITE_12] = &scsi_disk_dma_reqops,
2382 [WRITE_16] = &scsi_disk_dma_reqops,
2383 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2384 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2385 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2386 };
2387
2388 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2389 uint8_t *buf, void *hba_private)
2390 {
2391 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2392 SCSIRequest *req;
2393 const SCSIReqOps *ops;
2394 uint8_t command;
2395
2396 command = buf[0];
2397 ops = scsi_disk_reqops_dispatch[command];
2398 if (!ops) {
2399 ops = &scsi_disk_emulate_reqops;
2400 }
2401 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2402
2403 #ifdef DEBUG_SCSI
2404 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
2405 {
2406 int i;
2407 for (i = 1; i < req->cmd.len; i++) {
2408 printf(" 0x%02x", buf[i]);
2409 }
2410 printf("\n");
2411 }
2412 #endif
2413
2414 return req;
2415 }
2416
2417 #ifdef __linux__
2418 static int get_device_type(SCSIDiskState *s)
2419 {
2420 BlockDriverState *bdrv = s->qdev.conf.bs;
2421 uint8_t cmd[16];
2422 uint8_t buf[36];
2423 uint8_t sensebuf[8];
2424 sg_io_hdr_t io_header;
2425 int ret;
2426
2427 memset(cmd, 0, sizeof(cmd));
2428 memset(buf, 0, sizeof(buf));
2429 cmd[0] = INQUIRY;
2430 cmd[4] = sizeof(buf);
2431
2432 memset(&io_header, 0, sizeof(io_header));
2433 io_header.interface_id = 'S';
2434 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2435 io_header.dxfer_len = sizeof(buf);
2436 io_header.dxferp = buf;
2437 io_header.cmdp = cmd;
2438 io_header.cmd_len = sizeof(cmd);
2439 io_header.mx_sb_len = sizeof(sensebuf);
2440 io_header.sbp = sensebuf;
2441 io_header.timeout = 6000; /* XXX */
2442
2443 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
2444 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2445 return -1;
2446 }
2447 s->qdev.type = buf[0];
2448 if (buf[1] & 0x80) {
2449 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2450 }
2451 return 0;
2452 }
2453
2454 static int scsi_block_initfn(SCSIDevice *dev)
2455 {
2456 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2457 int sg_version;
2458 int rc;
2459
2460 if (!s->qdev.conf.bs) {
2461 error_report("scsi-block: drive property not set");
2462 return -1;
2463 }
2464
2465 /* check we are using a driver managing SG_IO (version 3 and after) */
2466 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
2467 sg_version < 30000) {
2468 error_report("scsi-block: scsi generic interface too old");
2469 return -1;
2470 }
2471
2472 /* get device type from INQUIRY data */
2473 rc = get_device_type(s);
2474 if (rc < 0) {
2475 error_report("scsi-block: INQUIRY failed");
2476 return -1;
2477 }
2478
2479 /* Make a guess for the block size, we'll fix it when the guest sends.
2480 * READ CAPACITY. If they don't, they likely would assume these sizes
2481 * anyway. (TODO: check in /sys).
2482 */
2483 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2484 s->qdev.blocksize = 2048;
2485 } else {
2486 s->qdev.blocksize = 512;
2487 }
2488
2489 /* Makes the scsi-block device not removable by using HMP and QMP eject
2490 * command.
2491 */
2492 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2493
2494 return scsi_initfn(&s->qdev);
2495 }
2496
2497 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2498 uint32_t lun, uint8_t *buf,
2499 void *hba_private)
2500 {
2501 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2502
2503 switch (buf[0]) {
2504 case READ_6:
2505 case READ_10:
2506 case READ_12:
2507 case READ_16:
2508 case VERIFY_10:
2509 case VERIFY_12:
2510 case VERIFY_16:
2511 case WRITE_6:
2512 case WRITE_10:
2513 case WRITE_12:
2514 case WRITE_16:
2515 case WRITE_VERIFY_10:
2516 case WRITE_VERIFY_12:
2517 case WRITE_VERIFY_16:
2518 /* If we are not using O_DIRECT, we might read stale data from the
2519 * host cache if writes were made using other commands than these
2520 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2521 * O_DIRECT everything must go through SG_IO.
2522 */
2523 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
2524 break;
2525 }
2526
2527 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2528 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2529 * And once you do these writes, reading from the block device is
2530 * unreliable, too. It is even possible that reads deliver random data
2531 * from the host page cache (this is probably a Linux bug).
2532 *
2533 * We might use scsi_disk_dma_reqops as long as no writing commands are
2534 * seen, but performance usually isn't paramount on optical media. So,
2535 * just make scsi-block operate the same as scsi-generic for them.
2536 */
2537 if (s->qdev.type != TYPE_ROM) {
2538 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2539 hba_private);
2540 }
2541 }
2542
2543 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2544 hba_private);
2545 }
2546 #endif
2547
2548 #define DEFINE_SCSI_DISK_PROPERTIES() \
2549 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2550 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2551 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2552 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2553 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2554
2555 static Property scsi_hd_properties[] = {
2556 DEFINE_SCSI_DISK_PROPERTIES(),
2557 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2558 SCSI_DISK_F_REMOVABLE, false),
2559 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2560 SCSI_DISK_F_DPOFUA, false),
2561 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2562 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2563 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2564 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2565 DEFAULT_MAX_UNMAP_SIZE),
2566 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2567 DEFINE_PROP_END_OF_LIST(),
2568 };
2569
2570 static const VMStateDescription vmstate_scsi_disk_state = {
2571 .name = "scsi-disk",
2572 .version_id = 1,
2573 .minimum_version_id = 1,
2574 .minimum_version_id_old = 1,
2575 .fields = (VMStateField[]) {
2576 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2577 VMSTATE_BOOL(media_changed, SCSIDiskState),
2578 VMSTATE_BOOL(media_event, SCSIDiskState),
2579 VMSTATE_BOOL(eject_request, SCSIDiskState),
2580 VMSTATE_BOOL(tray_open, SCSIDiskState),
2581 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2582 VMSTATE_END_OF_LIST()
2583 }
2584 };
2585
2586 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2587 {
2588 DeviceClass *dc = DEVICE_CLASS(klass);
2589 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2590
2591 sc->init = scsi_hd_initfn;
2592 sc->destroy = scsi_destroy;
2593 sc->alloc_req = scsi_new_request;
2594 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2595 dc->fw_name = "disk";
2596 dc->desc = "virtual SCSI disk";
2597 dc->reset = scsi_disk_reset;
2598 dc->props = scsi_hd_properties;
2599 dc->vmsd = &vmstate_scsi_disk_state;
2600 }
2601
2602 static const TypeInfo scsi_hd_info = {
2603 .name = "scsi-hd",
2604 .parent = TYPE_SCSI_DEVICE,
2605 .instance_size = sizeof(SCSIDiskState),
2606 .class_init = scsi_hd_class_initfn,
2607 };
2608
2609 static Property scsi_cd_properties[] = {
2610 DEFINE_SCSI_DISK_PROPERTIES(),
2611 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2612 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2613 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2614 DEFINE_PROP_END_OF_LIST(),
2615 };
2616
2617 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2618 {
2619 DeviceClass *dc = DEVICE_CLASS(klass);
2620 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2621
2622 sc->init = scsi_cd_initfn;
2623 sc->destroy = scsi_destroy;
2624 sc->alloc_req = scsi_new_request;
2625 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2626 dc->fw_name = "disk";
2627 dc->desc = "virtual SCSI CD-ROM";
2628 dc->reset = scsi_disk_reset;
2629 dc->props = scsi_cd_properties;
2630 dc->vmsd = &vmstate_scsi_disk_state;
2631 }
2632
2633 static const TypeInfo scsi_cd_info = {
2634 .name = "scsi-cd",
2635 .parent = TYPE_SCSI_DEVICE,
2636 .instance_size = sizeof(SCSIDiskState),
2637 .class_init = scsi_cd_class_initfn,
2638 };
2639
2640 #ifdef __linux__
2641 static Property scsi_block_properties[] = {
2642 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
2643 DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1),
2644 DEFINE_PROP_END_OF_LIST(),
2645 };
2646
2647 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2648 {
2649 DeviceClass *dc = DEVICE_CLASS(klass);
2650 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2651
2652 sc->init = scsi_block_initfn;
2653 sc->destroy = scsi_destroy;
2654 sc->alloc_req = scsi_block_new_request;
2655 dc->fw_name = "disk";
2656 dc->desc = "SCSI block device passthrough";
2657 dc->reset = scsi_disk_reset;
2658 dc->props = scsi_block_properties;
2659 dc->vmsd = &vmstate_scsi_disk_state;
2660 }
2661
2662 static const TypeInfo scsi_block_info = {
2663 .name = "scsi-block",
2664 .parent = TYPE_SCSI_DEVICE,
2665 .instance_size = sizeof(SCSIDiskState),
2666 .class_init = scsi_block_class_initfn,
2667 };
2668 #endif
2669
2670 static Property scsi_disk_properties[] = {
2671 DEFINE_SCSI_DISK_PROPERTIES(),
2672 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2673 SCSI_DISK_F_REMOVABLE, false),
2674 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2675 SCSI_DISK_F_DPOFUA, false),
2676 DEFINE_PROP_UINT64("wwn", SCSIDiskState, wwn, 0),
2677 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, port_wwn, 0),
2678 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
2679 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2680 DEFAULT_MAX_UNMAP_SIZE),
2681 DEFINE_PROP_END_OF_LIST(),
2682 };
2683
2684 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2685 {
2686 DeviceClass *dc = DEVICE_CLASS(klass);
2687 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2688
2689 sc->init = scsi_disk_initfn;
2690 sc->destroy = scsi_destroy;
2691 sc->alloc_req = scsi_new_request;
2692 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2693 dc->fw_name = "disk";
2694 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2695 dc->reset = scsi_disk_reset;
2696 dc->props = scsi_disk_properties;
2697 dc->vmsd = &vmstate_scsi_disk_state;
2698 }
2699
2700 static const TypeInfo scsi_disk_info = {
2701 .name = "scsi-disk",
2702 .parent = TYPE_SCSI_DEVICE,
2703 .instance_size = sizeof(SCSIDiskState),
2704 .class_init = scsi_disk_class_initfn,
2705 };
2706
2707 static void scsi_disk_register_types(void)
2708 {
2709 type_register_static(&scsi_hd_info);
2710 type_register_static(&scsi_cd_info);
2711 #ifdef __linux__
2712 type_register_static(&scsi_block_info);
2713 #endif
2714 type_register_static(&scsi_disk_info);
2715 }
2716
2717 type_init(scsi_disk_register_types)
QEMU mirror