]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
sun4u: implement interrupt clearing registers
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "block_int.h"
38 #include "dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIDiskReq {
50 SCSIRequest req;
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 uint32_t buflen;
55 bool started;
56 struct iovec iov;
57 QEMUIOVector qiov;
58 BlockAcctCookie acct;
59 } SCSIDiskReq;
60
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t features;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 bool tray_open;
75 bool tray_locked;
76 };
77
78 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79
80 static void scsi_free_request(SCSIRequest *req)
81 {
82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83
84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
86 }
87 }
88
89 /* Helper function for command completion with sense. */
90 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 {
92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
96 }
97
98 /* Cancel a pending data transfer. */
99 static void scsi_cancel_io(SCSIRequest *req)
100 {
101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 if (r->req.aiocb) {
105 bdrv_aio_cancel(r->req.aiocb);
106
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
111 }
112 r->req.aiocb = NULL;
113 }
114
115 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 {
117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118
119 if (!r->iov.iov_base) {
120 r->buflen = size;
121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 }
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
126 }
127
128 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 {
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
137 }
138 }
139
140 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141 {
142 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143
144 qemu_get_be64s(f, &r->sector);
145 qemu_get_be32s(f, &r->sector_count);
146 qemu_get_be32s(f, &r->buflen);
147 if (r->buflen) {
148 scsi_init_iovec(r, r->buflen);
149 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
150 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
151 }
152 }
153
154 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
155 }
156
157 static void scsi_flush_complete(void * opaque, int ret)
158 {
159 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
160 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161
162 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
163
164 if (ret < 0) {
165 if (scsi_handle_rw_error(r, -ret)) {
166 goto done;
167 }
168 }
169
170 scsi_req_complete(&r->req, GOOD);
171
172 done:
173 if (!r->req.io_canceled) {
174 scsi_req_unref(&r->req);
175 }
176 }
177
178 static bool scsi_is_cmd_fua(SCSICommand *cmd)
179 {
180 switch (cmd->buf[0]) {
181 case READ_10:
182 case READ_12:
183 case READ_16:
184 case WRITE_10:
185 case WRITE_12:
186 case WRITE_16:
187 return (cmd->buf[1] & 8) != 0;
188
189 case VERIFY_10:
190 case VERIFY_12:
191 case VERIFY_16:
192 case WRITE_VERIFY_10:
193 case WRITE_VERIFY_12:
194 case WRITE_VERIFY_16:
195 return true;
196
197 case READ_6:
198 case WRITE_6:
199 default:
200 return false;
201 }
202 }
203
204 static void scsi_write_do_fua(SCSIDiskReq *r)
205 {
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
208 if (scsi_is_cmd_fua(&r->req.cmd)) {
209 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
210 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
211 return;
212 }
213
214 scsi_req_complete(&r->req, GOOD);
215 if (!r->req.io_canceled) {
216 scsi_req_unref(&r->req);
217 }
218 }
219
220 static void scsi_dma_complete(void *opaque, int ret)
221 {
222 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
224
225 if (r->req.aiocb != NULL) {
226 r->req.aiocb = NULL;
227 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
228 }
229
230 if (ret < 0) {
231 if (scsi_handle_rw_error(r, -ret)) {
232 goto done;
233 }
234 }
235
236 r->sector += r->sector_count;
237 r->sector_count = 0;
238 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
239 scsi_write_do_fua(r);
240 return;
241 } else {
242 scsi_req_complete(&r->req, GOOD);
243 }
244
245 done:
246 if (!r->req.io_canceled) {
247 scsi_req_unref(&r->req);
248 }
249 }
250
251 static void scsi_read_complete(void * opaque, int ret)
252 {
253 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
255 int n;
256
257 if (r->req.aiocb != NULL) {
258 r->req.aiocb = NULL;
259 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
260 }
261
262 if (ret < 0) {
263 if (scsi_handle_rw_error(r, -ret)) {
264 goto done;
265 }
266 }
267
268 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
269
270 n = r->qiov.size / 512;
271 r->sector += n;
272 r->sector_count -= n;
273 scsi_req_data(&r->req, r->qiov.size);
274
275 done:
276 if (!r->req.io_canceled) {
277 scsi_req_unref(&r->req);
278 }
279 }
280
281 /* Actually issue a read to the block device. */
282 static void scsi_do_read(void *opaque, int ret)
283 {
284 SCSIDiskReq *r = opaque;
285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
286 uint32_t n;
287
288 if (r->req.aiocb != NULL) {
289 r->req.aiocb = NULL;
290 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
291 }
292
293 if (ret < 0) {
294 if (scsi_handle_rw_error(r, -ret)) {
295 goto done;
296 }
297 }
298
299 if (r->req.io_canceled) {
300 return;
301 }
302
303 /* The request is used as the AIO opaque value, so add a ref. */
304 scsi_req_ref(&r->req);
305
306 if (r->req.sg) {
307 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
308 r->req.resid -= r->req.sg->size;
309 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
310 scsi_dma_complete, r);
311 } else {
312 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
313 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
314 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
315 scsi_read_complete, r);
316 }
317
318 done:
319 if (!r->req.io_canceled) {
320 scsi_req_unref(&r->req);
321 }
322 }
323
324 /* Read more data from scsi device into buffer. */
325 static void scsi_read_data(SCSIRequest *req)
326 {
327 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
329 bool first;
330
331 if (r->sector_count == (uint32_t)-1) {
332 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
333 r->sector_count = 0;
334 r->started = true;
335 scsi_req_data(&r->req, r->iov.iov_len);
336 return;
337 }
338 DPRINTF("Read sector_count=%d\n", r->sector_count);
339 if (r->sector_count == 0) {
340 /* This also clears the sense buffer for REQUEST SENSE. */
341 scsi_req_complete(&r->req, GOOD);
342 return;
343 }
344
345 /* No data transfer may already be in progress */
346 assert(r->req.aiocb == NULL);
347
348 /* The request is used as the AIO opaque value, so add a ref. */
349 scsi_req_ref(&r->req);
350 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
351 DPRINTF("Data transfer direction invalid\n");
352 scsi_read_complete(r, -EINVAL);
353 return;
354 }
355
356 if (s->tray_open) {
357 scsi_read_complete(r, -ENOMEDIUM);
358 return;
359 }
360
361 first = !r->started;
362 r->started = true;
363 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
364 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
365 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
366 } else {
367 scsi_do_read(r, 0);
368 }
369 }
370
371 /*
372 * scsi_handle_rw_error has two return values. 0 means that the error
373 * must be ignored, 1 means that the error has been processed and the
374 * caller should not do anything else for this request. Note that
375 * scsi_handle_rw_error always manages its reference counts, independent
376 * of the return value.
377 */
378 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
379 {
380 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
381 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
382 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
383
384 if (action == BLOCK_ERR_IGNORE) {
385 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
386 return 0;
387 }
388
389 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
390 || action == BLOCK_ERR_STOP_ANY) {
391
392 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
393 vm_stop(RUN_STATE_IO_ERROR);
394 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
395 scsi_req_retry(&r->req);
396 } else {
397 switch (error) {
398 case ENOMEDIUM:
399 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
400 break;
401 case ENOMEM:
402 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
403 break;
404 case EINVAL:
405 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
406 break;
407 default:
408 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
409 break;
410 }
411 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
412 }
413 return 1;
414 }
415
416 static void scsi_write_complete(void * opaque, int ret)
417 {
418 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
419 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
420 uint32_t n;
421
422 if (r->req.aiocb != NULL) {
423 r->req.aiocb = NULL;
424 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
425 }
426
427 if (ret < 0) {
428 if (scsi_handle_rw_error(r, -ret)) {
429 goto done;
430 }
431 }
432
433 n = r->qiov.size / 512;
434 r->sector += n;
435 r->sector_count -= n;
436 if (r->sector_count == 0) {
437 scsi_write_do_fua(r);
438 return;
439 } else {
440 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
441 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
442 scsi_req_data(&r->req, r->qiov.size);
443 }
444
445 done:
446 if (!r->req.io_canceled) {
447 scsi_req_unref(&r->req);
448 }
449 }
450
451 static void scsi_write_data(SCSIRequest *req)
452 {
453 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
454 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
455 uint32_t n;
456
457 /* No data transfer may already be in progress */
458 assert(r->req.aiocb == NULL);
459
460 /* The request is used as the AIO opaque value, so add a ref. */
461 scsi_req_ref(&r->req);
462 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
463 DPRINTF("Data transfer direction invalid\n");
464 scsi_write_complete(r, -EINVAL);
465 return;
466 }
467
468 if (!r->req.sg && !r->qiov.size) {
469 /* Called for the first time. Ask the driver to send us more data. */
470 r->started = true;
471 scsi_write_complete(r, 0);
472 return;
473 }
474 if (s->tray_open) {
475 scsi_write_complete(r, -ENOMEDIUM);
476 return;
477 }
478
479 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
480 r->req.cmd.buf[0] == VERIFY_16) {
481 if (r->req.sg) {
482 scsi_dma_complete(r, 0);
483 } else {
484 scsi_write_complete(r, 0);
485 }
486 return;
487 }
488
489 if (r->req.sg) {
490 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
491 r->req.resid -= r->req.sg->size;
492 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
493 scsi_dma_complete, r);
494 } else {
495 n = r->qiov.size / 512;
496 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
497 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
498 scsi_write_complete, r);
499 }
500 }
501
502 /* Return a pointer to the data buffer. */
503 static uint8_t *scsi_get_buf(SCSIRequest *req)
504 {
505 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
506
507 return (uint8_t *)r->iov.iov_base;
508 }
509
510 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
511 {
512 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
513 int buflen = 0;
514
515 if (req->cmd.buf[1] & 0x1) {
516 /* Vital product data */
517 uint8_t page_code = req->cmd.buf[2];
518
519 outbuf[buflen++] = s->qdev.type & 0x1f;
520 outbuf[buflen++] = page_code ; // this page
521 outbuf[buflen++] = 0x00;
522
523 switch (page_code) {
524 case 0x00: /* Supported page codes, mandatory */
525 {
526 int pages;
527 DPRINTF("Inquiry EVPD[Supported pages] "
528 "buffer size %zd\n", req->cmd.xfer);
529 pages = buflen++;
530 outbuf[buflen++] = 0x00; // list of supported pages (this page)
531 if (s->serial) {
532 outbuf[buflen++] = 0x80; // unit serial number
533 }
534 outbuf[buflen++] = 0x83; // device identification
535 if (s->qdev.type == TYPE_DISK) {
536 outbuf[buflen++] = 0xb0; // block limits
537 outbuf[buflen++] = 0xb2; // thin provisioning
538 }
539 outbuf[pages] = buflen - pages - 1; // number of pages
540 break;
541 }
542 case 0x80: /* Device serial number, optional */
543 {
544 int l;
545
546 if (!s->serial) {
547 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
548 return -1;
549 }
550
551 l = strlen(s->serial);
552 if (l > 20) {
553 l = 20;
554 }
555
556 DPRINTF("Inquiry EVPD[Serial number] "
557 "buffer size %zd\n", req->cmd.xfer);
558 outbuf[buflen++] = l;
559 memcpy(outbuf+buflen, s->serial, l);
560 buflen += l;
561 break;
562 }
563
564 case 0x83: /* Device identification page, mandatory */
565 {
566 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
567 int max_len = s->serial ? 20 : 255 - 8;
568 int id_len = strlen(str);
569
570 if (id_len > max_len) {
571 id_len = max_len;
572 }
573 DPRINTF("Inquiry EVPD[Device identification] "
574 "buffer size %zd\n", req->cmd.xfer);
575
576 outbuf[buflen++] = 4 + id_len;
577 outbuf[buflen++] = 0x2; // ASCII
578 outbuf[buflen++] = 0; // not officially assigned
579 outbuf[buflen++] = 0; // reserved
580 outbuf[buflen++] = id_len; // length of data following
581
582 memcpy(outbuf+buflen, str, id_len);
583 buflen += id_len;
584 break;
585 }
586 case 0xb0: /* block limits */
587 {
588 unsigned int unmap_sectors =
589 s->qdev.conf.discard_granularity / s->qdev.blocksize;
590 unsigned int min_io_size =
591 s->qdev.conf.min_io_size / s->qdev.blocksize;
592 unsigned int opt_io_size =
593 s->qdev.conf.opt_io_size / s->qdev.blocksize;
594
595 if (s->qdev.type == TYPE_ROM) {
596 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
597 page_code);
598 return -1;
599 }
600 /* required VPD size with unmap support */
601 outbuf[3] = buflen = 0x3c;
602
603 memset(outbuf + 4, 0, buflen - 4);
604
605 /* optimal transfer length granularity */
606 outbuf[6] = (min_io_size >> 8) & 0xff;
607 outbuf[7] = min_io_size & 0xff;
608
609 /* optimal transfer length */
610 outbuf[12] = (opt_io_size >> 24) & 0xff;
611 outbuf[13] = (opt_io_size >> 16) & 0xff;
612 outbuf[14] = (opt_io_size >> 8) & 0xff;
613 outbuf[15] = opt_io_size & 0xff;
614
615 /* optimal unmap granularity */
616 outbuf[28] = (unmap_sectors >> 24) & 0xff;
617 outbuf[29] = (unmap_sectors >> 16) & 0xff;
618 outbuf[30] = (unmap_sectors >> 8) & 0xff;
619 outbuf[31] = unmap_sectors & 0xff;
620 break;
621 }
622 case 0xb2: /* thin provisioning */
623 {
624 outbuf[3] = buflen = 8;
625 outbuf[4] = 0;
626 outbuf[5] = 0x60; /* write_same 10/16 supported */
627 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
628 outbuf[7] = 0;
629 break;
630 }
631 default:
632 return -1;
633 }
634 /* done with EVPD */
635 return buflen;
636 }
637
638 /* Standard INQUIRY data */
639 if (req->cmd.buf[2] != 0) {
640 return -1;
641 }
642
643 /* PAGE CODE == 0 */
644 buflen = req->cmd.xfer;
645 if (buflen > SCSI_MAX_INQUIRY_LEN) {
646 buflen = SCSI_MAX_INQUIRY_LEN;
647 }
648 memset(outbuf, 0, buflen);
649
650 outbuf[0] = s->qdev.type & 0x1f;
651 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
652 if (s->qdev.type == TYPE_ROM) {
653 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
654 } else {
655 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
656 }
657 memcpy(&outbuf[8], "QEMU ", 8);
658 memset(&outbuf[32], 0, 4);
659 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
660 /*
661 * We claim conformance to SPC-3, which is required for guests
662 * to ask for modern features like READ CAPACITY(16) or the
663 * block characteristics VPD page by default. Not all of SPC-3
664 * is actually implemented, but we're good enough.
665 */
666 outbuf[2] = 5;
667 outbuf[3] = 2; /* Format 2 */
668
669 if (buflen > 36) {
670 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
671 } else {
672 /* If the allocation length of CDB is too small,
673 the additional length is not adjusted */
674 outbuf[4] = 36 - 5;
675 }
676
677 /* Sync data transfer and TCQ. */
678 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
679 return buflen;
680 }
681
682 static inline bool media_is_dvd(SCSIDiskState *s)
683 {
684 uint64_t nb_sectors;
685 if (s->qdev.type != TYPE_ROM) {
686 return false;
687 }
688 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
689 return false;
690 }
691 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
692 return nb_sectors > CD_MAX_SECTORS;
693 }
694
695 static inline bool media_is_cd(SCSIDiskState *s)
696 {
697 uint64_t nb_sectors;
698 if (s->qdev.type != TYPE_ROM) {
699 return false;
700 }
701 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
702 return false;
703 }
704 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
705 return nb_sectors <= CD_MAX_SECTORS;
706 }
707
708 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
709 uint8_t *outbuf)
710 {
711 static const int rds_caps_size[5] = {
712 [0] = 2048 + 4,
713 [1] = 4 + 4,
714 [3] = 188 + 4,
715 [4] = 2048 + 4,
716 };
717
718 uint8_t media = r->req.cmd.buf[1];
719 uint8_t layer = r->req.cmd.buf[6];
720 uint8_t format = r->req.cmd.buf[7];
721 int size = -1;
722
723 if (s->qdev.type != TYPE_ROM) {
724 return -1;
725 }
726 if (media != 0) {
727 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
728 return -1;
729 }
730
731 if (format != 0xff) {
732 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
733 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
734 return -1;
735 }
736 if (media_is_cd(s)) {
737 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
738 return -1;
739 }
740 if (format >= ARRAY_SIZE(rds_caps_size)) {
741 return -1;
742 }
743 size = rds_caps_size[format];
744 memset(outbuf, 0, size);
745 }
746
747 switch (format) {
748 case 0x00: {
749 /* Physical format information */
750 uint64_t nb_sectors;
751 if (layer != 0) {
752 goto fail;
753 }
754 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
755
756 outbuf[4] = 1; /* DVD-ROM, part version 1 */
757 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
758 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
759 outbuf[7] = 0; /* default densities */
760
761 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
762 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
763 break;
764 }
765
766 case 0x01: /* DVD copyright information, all zeros */
767 break;
768
769 case 0x03: /* BCA information - invalid field for no BCA info */
770 return -1;
771
772 case 0x04: /* DVD disc manufacturing information, all zeros */
773 break;
774
775 case 0xff: { /* List capabilities */
776 int i;
777 size = 4;
778 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
779 if (!rds_caps_size[i]) {
780 continue;
781 }
782 outbuf[size] = i;
783 outbuf[size + 1] = 0x40; /* Not writable, readable */
784 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
785 size += 4;
786 }
787 break;
788 }
789
790 default:
791 return -1;
792 }
793
794 /* Size of buffer, not including 2 byte size field */
795 stw_be_p(outbuf, size - 2);
796 return size;
797
798 fail:
799 return -1;
800 }
801
802 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
803 {
804 uint8_t event_code, media_status;
805
806 media_status = 0;
807 if (s->tray_open) {
808 media_status = MS_TRAY_OPEN;
809 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
810 media_status = MS_MEDIA_PRESENT;
811 }
812
813 /* Event notification descriptor */
814 event_code = MEC_NO_CHANGE;
815 if (media_status != MS_TRAY_OPEN) {
816 if (s->media_event) {
817 event_code = MEC_NEW_MEDIA;
818 s->media_event = false;
819 } else if (s->eject_request) {
820 event_code = MEC_EJECT_REQUESTED;
821 s->eject_request = false;
822 }
823 }
824
825 outbuf[0] = event_code;
826 outbuf[1] = media_status;
827
828 /* These fields are reserved, just clear them. */
829 outbuf[2] = 0;
830 outbuf[3] = 0;
831 return 4;
832 }
833
834 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
835 uint8_t *outbuf)
836 {
837 int size;
838 uint8_t *buf = r->req.cmd.buf;
839 uint8_t notification_class_request = buf[4];
840 if (s->qdev.type != TYPE_ROM) {
841 return -1;
842 }
843 if ((buf[1] & 1) == 0) {
844 /* asynchronous */
845 return -1;
846 }
847
848 size = 4;
849 outbuf[0] = outbuf[1] = 0;
850 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
851 if (notification_class_request & (1 << GESN_MEDIA)) {
852 outbuf[2] = GESN_MEDIA;
853 size += scsi_event_status_media(s, &outbuf[size]);
854 } else {
855 outbuf[2] = 0x80;
856 }
857 stw_be_p(outbuf, size - 4);
858 return size;
859 }
860
861 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
862 {
863 int current;
864
865 if (s->qdev.type != TYPE_ROM) {
866 return -1;
867 }
868 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
869 memset(outbuf, 0, 40);
870 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
871 stw_be_p(&outbuf[6], current);
872 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
873 outbuf[10] = 0x03; /* persistent, current */
874 outbuf[11] = 8; /* two profiles */
875 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
876 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
877 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
878 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
879 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
880 stw_be_p(&outbuf[20], 1);
881 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
882 outbuf[23] = 8;
883 stl_be_p(&outbuf[24], 1); /* SCSI */
884 outbuf[28] = 1; /* DBE = 1, mandatory */
885 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
886 stw_be_p(&outbuf[32], 3);
887 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
888 outbuf[35] = 4;
889 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
890 /* TODO: Random readable, CD read, DVD read, drive serial number,
891 power management */
892 return 40;
893 }
894
895 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
896 {
897 if (s->qdev.type != TYPE_ROM) {
898 return -1;
899 }
900 memset(outbuf, 0, 8);
901 outbuf[5] = 1; /* CD-ROM */
902 return 8;
903 }
904
905 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
906 int page_control)
907 {
908 static const int mode_sense_valid[0x3f] = {
909 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
910 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
911 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
912 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
913 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
914 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
915 };
916
917 BlockDriverState *bdrv = s->qdev.conf.bs;
918 int cylinders, heads, secs;
919 uint8_t *p = *p_outbuf;
920
921 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
922 return -1;
923 }
924
925 p[0] = page;
926
927 /*
928 * If Changeable Values are requested, a mask denoting those mode parameters
929 * that are changeable shall be returned. As we currently don't support
930 * parameter changes via MODE_SELECT all bits are returned set to zero.
931 * The buffer was already menset to zero by the caller of this function.
932 */
933 switch (page) {
934 case MODE_PAGE_HD_GEOMETRY:
935 p[1] = 0x16;
936 if (page_control == 1) { /* Changeable Values */
937 break;
938 }
939 /* if a geometry hint is available, use it */
940 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
941 p[2] = (cylinders >> 16) & 0xff;
942 p[3] = (cylinders >> 8) & 0xff;
943 p[4] = cylinders & 0xff;
944 p[5] = heads & 0xff;
945 /* Write precomp start cylinder, disabled */
946 p[6] = (cylinders >> 16) & 0xff;
947 p[7] = (cylinders >> 8) & 0xff;
948 p[8] = cylinders & 0xff;
949 /* Reduced current start cylinder, disabled */
950 p[9] = (cylinders >> 16) & 0xff;
951 p[10] = (cylinders >> 8) & 0xff;
952 p[11] = cylinders & 0xff;
953 /* Device step rate [ns], 200ns */
954 p[12] = 0;
955 p[13] = 200;
956 /* Landing zone cylinder */
957 p[14] = 0xff;
958 p[15] = 0xff;
959 p[16] = 0xff;
960 /* Medium rotation rate [rpm], 5400 rpm */
961 p[20] = (5400 >> 8) & 0xff;
962 p[21] = 5400 & 0xff;
963 break;
964
965 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
966 p[1] = 0x1e;
967 if (page_control == 1) { /* Changeable Values */
968 break;
969 }
970 /* Transfer rate [kbit/s], 5Mbit/s */
971 p[2] = 5000 >> 8;
972 p[3] = 5000 & 0xff;
973 /* if a geometry hint is available, use it */
974 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
975 p[4] = heads & 0xff;
976 p[5] = secs & 0xff;
977 p[6] = s->qdev.blocksize >> 8;
978 p[8] = (cylinders >> 8) & 0xff;
979 p[9] = cylinders & 0xff;
980 /* Write precomp start cylinder, disabled */
981 p[10] = (cylinders >> 8) & 0xff;
982 p[11] = cylinders & 0xff;
983 /* Reduced current start cylinder, disabled */
984 p[12] = (cylinders >> 8) & 0xff;
985 p[13] = cylinders & 0xff;
986 /* Device step rate [100us], 100us */
987 p[14] = 0;
988 p[15] = 1;
989 /* Device step pulse width [us], 1us */
990 p[16] = 1;
991 /* Device head settle delay [100us], 100us */
992 p[17] = 0;
993 p[18] = 1;
994 /* Motor on delay [0.1s], 0.1s */
995 p[19] = 1;
996 /* Motor off delay [0.1s], 0.1s */
997 p[20] = 1;
998 /* Medium rotation rate [rpm], 5400 rpm */
999 p[28] = (5400 >> 8) & 0xff;
1000 p[29] = 5400 & 0xff;
1001 break;
1002
1003 case MODE_PAGE_CACHING:
1004 p[0] = 8;
1005 p[1] = 0x12;
1006 if (page_control == 1) { /* Changeable Values */
1007 break;
1008 }
1009 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1010 p[2] = 4; /* WCE */
1011 }
1012 break;
1013
1014 case MODE_PAGE_R_W_ERROR:
1015 p[1] = 10;
1016 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1017 if (s->qdev.type == TYPE_ROM) {
1018 p[3] = 0x20; /* Read Retry Count */
1019 }
1020 break;
1021
1022 case MODE_PAGE_AUDIO_CTL:
1023 p[1] = 14;
1024 break;
1025
1026 case MODE_PAGE_CAPABILITIES:
1027 p[1] = 0x14;
1028 if (page_control == 1) { /* Changeable Values */
1029 break;
1030 }
1031
1032 p[2] = 0x3b; /* CD-R & CD-RW read */
1033 p[3] = 0; /* Writing not supported */
1034 p[4] = 0x7f; /* Audio, composite, digital out,
1035 mode 2 form 1&2, multi session */
1036 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1037 RW corrected, C2 errors, ISRC,
1038 UPC, Bar code */
1039 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1040 /* Locking supported, jumper present, eject, tray */
1041 p[7] = 0; /* no volume & mute control, no
1042 changer */
1043 p[8] = (50 * 176) >> 8; /* 50x read speed */
1044 p[9] = (50 * 176) & 0xff;
1045 p[10] = 2 >> 8; /* Two volume levels */
1046 p[11] = 2 & 0xff;
1047 p[12] = 2048 >> 8; /* 2M buffer */
1048 p[13] = 2048 & 0xff;
1049 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1050 p[15] = (16 * 176) & 0xff;
1051 p[18] = (16 * 176) >> 8; /* 16x write speed */
1052 p[19] = (16 * 176) & 0xff;
1053 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1054 p[21] = (16 * 176) & 0xff;
1055 break;
1056
1057 default:
1058 return -1;
1059 }
1060
1061 *p_outbuf += p[1] + 2;
1062 return p[1] + 2;
1063 }
1064
1065 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1066 {
1067 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1068 uint64_t nb_sectors;
1069 bool dbd;
1070 int page, buflen, ret, page_control;
1071 uint8_t *p;
1072 uint8_t dev_specific_param;
1073
1074 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1075 page = r->req.cmd.buf[2] & 0x3f;
1076 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1077 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1078 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1079 memset(outbuf, 0, r->req.cmd.xfer);
1080 p = outbuf;
1081
1082 if (s->qdev.type == TYPE_DISK) {
1083 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1084 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1085 dev_specific_param |= 0x80; /* Readonly. */
1086 }
1087 } else {
1088 /* MMC prescribes that CD/DVD drives have no block descriptors,
1089 * and defines no device-specific parameter. */
1090 dev_specific_param = 0x00;
1091 dbd = true;
1092 }
1093
1094 if (r->req.cmd.buf[0] == MODE_SENSE) {
1095 p[1] = 0; /* Default media type. */
1096 p[2] = dev_specific_param;
1097 p[3] = 0; /* Block descriptor length. */
1098 p += 4;
1099 } else { /* MODE_SENSE_10 */
1100 p[2] = 0; /* Default media type. */
1101 p[3] = dev_specific_param;
1102 p[6] = p[7] = 0; /* Block descriptor length. */
1103 p += 8;
1104 }
1105
1106 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1107 if (!dbd && nb_sectors) {
1108 if (r->req.cmd.buf[0] == MODE_SENSE) {
1109 outbuf[3] = 8; /* Block descriptor length */
1110 } else { /* MODE_SENSE_10 */
1111 outbuf[7] = 8; /* Block descriptor length */
1112 }
1113 nb_sectors /= (s->qdev.blocksize / 512);
1114 if (nb_sectors > 0xffffff) {
1115 nb_sectors = 0;
1116 }
1117 p[0] = 0; /* media density code */
1118 p[1] = (nb_sectors >> 16) & 0xff;
1119 p[2] = (nb_sectors >> 8) & 0xff;
1120 p[3] = nb_sectors & 0xff;
1121 p[4] = 0; /* reserved */
1122 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1123 p[6] = s->qdev.blocksize >> 8;
1124 p[7] = 0;
1125 p += 8;
1126 }
1127
1128 if (page_control == 3) {
1129 /* Saved Values */
1130 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1131 return -1;
1132 }
1133
1134 if (page == 0x3f) {
1135 for (page = 0; page <= 0x3e; page++) {
1136 mode_sense_page(s, page, &p, page_control);
1137 }
1138 } else {
1139 ret = mode_sense_page(s, page, &p, page_control);
1140 if (ret == -1) {
1141 return -1;
1142 }
1143 }
1144
1145 buflen = p - outbuf;
1146 /*
1147 * The mode data length field specifies the length in bytes of the
1148 * following data that is available to be transferred. The mode data
1149 * length does not include itself.
1150 */
1151 if (r->req.cmd.buf[0] == MODE_SENSE) {
1152 outbuf[0] = buflen - 1;
1153 } else { /* MODE_SENSE_10 */
1154 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1155 outbuf[1] = (buflen - 2) & 0xff;
1156 }
1157 return buflen;
1158 }
1159
1160 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1161 {
1162 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1163 int start_track, format, msf, toclen;
1164 uint64_t nb_sectors;
1165
1166 msf = req->cmd.buf[1] & 2;
1167 format = req->cmd.buf[2] & 0xf;
1168 start_track = req->cmd.buf[6];
1169 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1170 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1171 nb_sectors /= s->qdev.blocksize / 512;
1172 switch (format) {
1173 case 0:
1174 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1175 break;
1176 case 1:
1177 /* multi session : only a single session defined */
1178 toclen = 12;
1179 memset(outbuf, 0, 12);
1180 outbuf[1] = 0x0a;
1181 outbuf[2] = 0x01;
1182 outbuf[3] = 0x01;
1183 break;
1184 case 2:
1185 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1186 break;
1187 default:
1188 return -1;
1189 }
1190 return toclen;
1191 }
1192
1193 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1194 {
1195 SCSIRequest *req = &r->req;
1196 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1197 bool start = req->cmd.buf[4] & 1;
1198 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1199
1200 if (s->qdev.type == TYPE_ROM && loej) {
1201 if (!start && !s->tray_open && s->tray_locked) {
1202 scsi_check_condition(r,
1203 bdrv_is_inserted(s->qdev.conf.bs)
1204 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1205 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1206 return -1;
1207 }
1208
1209 if (s->tray_open != !start) {
1210 bdrv_eject(s->qdev.conf.bs, !start);
1211 s->tray_open = !start;
1212 }
1213 }
1214 return 0;
1215 }
1216
1217 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1218 {
1219 SCSIRequest *req = &r->req;
1220 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1221 uint64_t nb_sectors;
1222 uint8_t *outbuf;
1223 int buflen = 0;
1224
1225 if (!r->iov.iov_base) {
1226 /*
1227 * FIXME: we shouldn't return anything bigger than 4k, but the code
1228 * requires the buffer to be as big as req->cmd.xfer in several
1229 * places. So, do not allow CDBs with a very large ALLOCATION
1230 * LENGTH. The real fix would be to modify scsi_read_data and
1231 * dma_buf_read, so that they return data beyond the buflen
1232 * as all zeros.
1233 */
1234 if (req->cmd.xfer > 65536) {
1235 goto illegal_request;
1236 }
1237 r->buflen = MAX(4096, req->cmd.xfer);
1238 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1239 }
1240
1241 outbuf = r->iov.iov_base;
1242 switch (req->cmd.buf[0]) {
1243 case TEST_UNIT_READY:
1244 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1245 break;
1246 case INQUIRY:
1247 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1248 if (buflen < 0) {
1249 goto illegal_request;
1250 }
1251 break;
1252 case MODE_SENSE:
1253 case MODE_SENSE_10:
1254 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1255 if (buflen < 0) {
1256 goto illegal_request;
1257 }
1258 break;
1259 case READ_TOC:
1260 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1261 if (buflen < 0) {
1262 goto illegal_request;
1263 }
1264 break;
1265 case RESERVE:
1266 if (req->cmd.buf[1] & 1) {
1267 goto illegal_request;
1268 }
1269 break;
1270 case RESERVE_10:
1271 if (req->cmd.buf[1] & 3) {
1272 goto illegal_request;
1273 }
1274 break;
1275 case RELEASE:
1276 if (req->cmd.buf[1] & 1) {
1277 goto illegal_request;
1278 }
1279 break;
1280 case RELEASE_10:
1281 if (req->cmd.buf[1] & 3) {
1282 goto illegal_request;
1283 }
1284 break;
1285 case START_STOP:
1286 if (scsi_disk_emulate_start_stop(r) < 0) {
1287 return -1;
1288 }
1289 break;
1290 case ALLOW_MEDIUM_REMOVAL:
1291 s->tray_locked = req->cmd.buf[4] & 1;
1292 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1293 break;
1294 case READ_CAPACITY_10:
1295 /* The normal LEN field for this command is zero. */
1296 memset(outbuf, 0, 8);
1297 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1298 if (!nb_sectors) {
1299 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1300 return -1;
1301 }
1302 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1303 goto illegal_request;
1304 }
1305 nb_sectors /= s->qdev.blocksize / 512;
1306 /* Returned value is the address of the last sector. */
1307 nb_sectors--;
1308 /* Remember the new size for read/write sanity checking. */
1309 s->qdev.max_lba = nb_sectors;
1310 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1311 if (nb_sectors > UINT32_MAX) {
1312 nb_sectors = UINT32_MAX;
1313 }
1314 outbuf[0] = (nb_sectors >> 24) & 0xff;
1315 outbuf[1] = (nb_sectors >> 16) & 0xff;
1316 outbuf[2] = (nb_sectors >> 8) & 0xff;
1317 outbuf[3] = nb_sectors & 0xff;
1318 outbuf[4] = 0;
1319 outbuf[5] = 0;
1320 outbuf[6] = s->qdev.blocksize >> 8;
1321 outbuf[7] = 0;
1322 buflen = 8;
1323 break;
1324 case REQUEST_SENSE:
1325 /* Just return "NO SENSE". */
1326 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1327 (req->cmd.buf[1] & 1) == 0);
1328 break;
1329 case MECHANISM_STATUS:
1330 buflen = scsi_emulate_mechanism_status(s, outbuf);
1331 if (buflen < 0) {
1332 goto illegal_request;
1333 }
1334 break;
1335 case GET_CONFIGURATION:
1336 buflen = scsi_get_configuration(s, outbuf);
1337 if (buflen < 0) {
1338 goto illegal_request;
1339 }
1340 break;
1341 case GET_EVENT_STATUS_NOTIFICATION:
1342 buflen = scsi_get_event_status_notification(s, r, outbuf);
1343 if (buflen < 0) {
1344 goto illegal_request;
1345 }
1346 break;
1347 case READ_DVD_STRUCTURE:
1348 buflen = scsi_read_dvd_structure(s, r, outbuf);
1349 if (buflen < 0) {
1350 goto illegal_request;
1351 }
1352 break;
1353 case SERVICE_ACTION_IN_16:
1354 /* Service Action In subcommands. */
1355 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1356 DPRINTF("SAI READ CAPACITY(16)\n");
1357 memset(outbuf, 0, req->cmd.xfer);
1358 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1359 if (!nb_sectors) {
1360 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1361 return -1;
1362 }
1363 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1364 goto illegal_request;
1365 }
1366 nb_sectors /= s->qdev.blocksize / 512;
1367 /* Returned value is the address of the last sector. */
1368 nb_sectors--;
1369 /* Remember the new size for read/write sanity checking. */
1370 s->qdev.max_lba = nb_sectors;
1371 outbuf[0] = (nb_sectors >> 56) & 0xff;
1372 outbuf[1] = (nb_sectors >> 48) & 0xff;
1373 outbuf[2] = (nb_sectors >> 40) & 0xff;
1374 outbuf[3] = (nb_sectors >> 32) & 0xff;
1375 outbuf[4] = (nb_sectors >> 24) & 0xff;
1376 outbuf[5] = (nb_sectors >> 16) & 0xff;
1377 outbuf[6] = (nb_sectors >> 8) & 0xff;
1378 outbuf[7] = nb_sectors & 0xff;
1379 outbuf[8] = 0;
1380 outbuf[9] = 0;
1381 outbuf[10] = s->qdev.blocksize >> 8;
1382 outbuf[11] = 0;
1383 outbuf[12] = 0;
1384 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1385
1386 /* set TPE bit if the format supports discard */
1387 if (s->qdev.conf.discard_granularity) {
1388 outbuf[14] = 0x80;
1389 }
1390
1391 /* Protection, exponent and lowest lba field left blank. */
1392 buflen = req->cmd.xfer;
1393 break;
1394 }
1395 DPRINTF("Unsupported Service Action In\n");
1396 goto illegal_request;
1397 default:
1398 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1399 return -1;
1400 }
1401 buflen = MIN(buflen, req->cmd.xfer);
1402 return buflen;
1403
1404 illegal_request:
1405 if (r->req.status == -1) {
1406 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1407 }
1408 return -1;
1409 }
1410
1411 /* Execute a scsi command. Returns the length of the data expected by the
1412 command. This will be Positive for data transfers from the device
1413 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1414 and zero if the command does not transfer any data. */
1415
1416 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1417 {
1418 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1419 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1420 int32_t len;
1421 uint8_t command;
1422 int rc;
1423
1424 command = buf[0];
1425 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1426
1427 #ifdef DEBUG_SCSI
1428 {
1429 int i;
1430 for (i = 1; i < r->req.cmd.len; i++) {
1431 printf(" 0x%02x", buf[i]);
1432 }
1433 printf("\n");
1434 }
1435 #endif
1436
1437 switch (command) {
1438 case INQUIRY:
1439 case MODE_SENSE:
1440 case MODE_SENSE_10:
1441 case RESERVE:
1442 case RESERVE_10:
1443 case RELEASE:
1444 case RELEASE_10:
1445 case START_STOP:
1446 case ALLOW_MEDIUM_REMOVAL:
1447 case GET_CONFIGURATION:
1448 case GET_EVENT_STATUS_NOTIFICATION:
1449 case MECHANISM_STATUS:
1450 case REQUEST_SENSE:
1451 break;
1452
1453 default:
1454 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1455 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1456 return 0;
1457 }
1458 break;
1459 }
1460
1461 switch (command) {
1462 case TEST_UNIT_READY:
1463 case INQUIRY:
1464 case MODE_SENSE:
1465 case MODE_SENSE_10:
1466 case RESERVE:
1467 case RESERVE_10:
1468 case RELEASE:
1469 case RELEASE_10:
1470 case START_STOP:
1471 case ALLOW_MEDIUM_REMOVAL:
1472 case READ_CAPACITY_10:
1473 case READ_TOC:
1474 case READ_DVD_STRUCTURE:
1475 case GET_CONFIGURATION:
1476 case GET_EVENT_STATUS_NOTIFICATION:
1477 case MECHANISM_STATUS:
1478 case SERVICE_ACTION_IN_16:
1479 case REQUEST_SENSE:
1480 rc = scsi_disk_emulate_command(r);
1481 if (rc < 0) {
1482 return 0;
1483 }
1484
1485 r->iov.iov_len = rc;
1486 break;
1487 case SYNCHRONIZE_CACHE:
1488 /* The request is used as the AIO opaque value, so add a ref. */
1489 scsi_req_ref(&r->req);
1490 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1491 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1492 return 0;
1493 case READ_6:
1494 case READ_10:
1495 case READ_12:
1496 case READ_16:
1497 len = r->req.cmd.xfer / s->qdev.blocksize;
1498 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1499 if (r->req.cmd.lba > s->qdev.max_lba) {
1500 goto illegal_lba;
1501 }
1502 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1503 r->sector_count = len * (s->qdev.blocksize / 512);
1504 break;
1505 case VERIFY_10:
1506 case VERIFY_12:
1507 case VERIFY_16:
1508 case WRITE_6:
1509 case WRITE_10:
1510 case WRITE_12:
1511 case WRITE_16:
1512 case WRITE_VERIFY_10:
1513 case WRITE_VERIFY_12:
1514 case WRITE_VERIFY_16:
1515 len = r->req.cmd.xfer / s->qdev.blocksize;
1516 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1517 (command & 0xe) == 0xe ? "And Verify " : "",
1518 r->req.cmd.lba, len);
1519 if (r->req.cmd.lba > s->qdev.max_lba) {
1520 goto illegal_lba;
1521 }
1522 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1523 r->sector_count = len * (s->qdev.blocksize / 512);
1524 break;
1525 case MODE_SELECT:
1526 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1527 /* We don't support mode parameter changes.
1528 Allow the mode parameter header + block descriptors only. */
1529 if (r->req.cmd.xfer > 12) {
1530 goto fail;
1531 }
1532 break;
1533 case MODE_SELECT_10:
1534 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1535 /* We don't support mode parameter changes.
1536 Allow the mode parameter header + block descriptors only. */
1537 if (r->req.cmd.xfer > 16) {
1538 goto fail;
1539 }
1540 break;
1541 case SEEK_10:
1542 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1543 if (r->req.cmd.lba > s->qdev.max_lba) {
1544 goto illegal_lba;
1545 }
1546 break;
1547 case WRITE_SAME_10:
1548 len = lduw_be_p(&buf[7]);
1549 goto write_same;
1550 case WRITE_SAME_16:
1551 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1552 write_same:
1553
1554 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1555 r->req.cmd.lba, len);
1556
1557 if (r->req.cmd.lba > s->qdev.max_lba) {
1558 goto illegal_lba;
1559 }
1560
1561 /*
1562 * We only support WRITE SAME with the unmap bit set for now.
1563 */
1564 if (!(buf[1] & 0x8)) {
1565 goto fail;
1566 }
1567
1568 rc = bdrv_discard(s->qdev.conf.bs,
1569 r->req.cmd.lba * (s->qdev.blocksize / 512),
1570 len * (s->qdev.blocksize / 512));
1571 if (rc < 0) {
1572 /* XXX: better error code ?*/
1573 goto fail;
1574 }
1575
1576 break;
1577 default:
1578 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1579 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1580 return 0;
1581 fail:
1582 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1583 return 0;
1584 illegal_lba:
1585 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1586 return 0;
1587 }
1588 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1589 scsi_req_complete(&r->req, GOOD);
1590 }
1591 len = r->sector_count * 512 + r->iov.iov_len;
1592 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1593 return -len;
1594 } else {
1595 if (!r->sector_count) {
1596 r->sector_count = -1;
1597 }
1598 return len;
1599 }
1600 }
1601
1602 static void scsi_disk_reset(DeviceState *dev)
1603 {
1604 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1605 uint64_t nb_sectors;
1606
1607 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1608
1609 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1610 nb_sectors /= s->qdev.blocksize / 512;
1611 if (nb_sectors) {
1612 nb_sectors--;
1613 }
1614 s->qdev.max_lba = nb_sectors;
1615 }
1616
1617 static void scsi_destroy(SCSIDevice *dev)
1618 {
1619 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1620
1621 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1622 blockdev_mark_auto_del(s->qdev.conf.bs);
1623 }
1624
1625 static void scsi_cd_change_media_cb(void *opaque, bool load)
1626 {
1627 SCSIDiskState *s = opaque;
1628
1629 /*
1630 * When a CD gets changed, we have to report an ejected state and
1631 * then a loaded state to guests so that they detect tray
1632 * open/close and media change events. Guests that do not use
1633 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1634 * states rely on this behavior.
1635 *
1636 * media_changed governs the state machine used for unit attention
1637 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1638 */
1639 s->media_changed = load;
1640 s->tray_open = !load;
1641 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1642 s->media_event = true;
1643 s->eject_request = false;
1644 }
1645
1646 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1647 {
1648 SCSIDiskState *s = opaque;
1649
1650 s->eject_request = true;
1651 if (force) {
1652 s->tray_locked = false;
1653 }
1654 }
1655
1656 static bool scsi_cd_is_tray_open(void *opaque)
1657 {
1658 return ((SCSIDiskState *)opaque)->tray_open;
1659 }
1660
1661 static bool scsi_cd_is_medium_locked(void *opaque)
1662 {
1663 return ((SCSIDiskState *)opaque)->tray_locked;
1664 }
1665
1666 static const BlockDevOps scsi_cd_block_ops = {
1667 .change_media_cb = scsi_cd_change_media_cb,
1668 .eject_request_cb = scsi_cd_eject_request_cb,
1669 .is_tray_open = scsi_cd_is_tray_open,
1670 .is_medium_locked = scsi_cd_is_medium_locked,
1671 };
1672
1673 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1674 {
1675 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1676 if (s->media_changed) {
1677 s->media_changed = false;
1678 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1679 }
1680 }
1681
1682 static int scsi_initfn(SCSIDevice *dev)
1683 {
1684 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1685 DriveInfo *dinfo;
1686
1687 if (!s->qdev.conf.bs) {
1688 error_report("drive property not set");
1689 return -1;
1690 }
1691
1692 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1693 !bdrv_is_inserted(s->qdev.conf.bs)) {
1694 error_report("Device needs media, but drive is empty");
1695 return -1;
1696 }
1697
1698 if (!s->serial) {
1699 /* try to fall back to value set with legacy -drive serial=... */
1700 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1701 if (*dinfo->serial) {
1702 s->serial = g_strdup(dinfo->serial);
1703 }
1704 }
1705
1706 if (!s->version) {
1707 s->version = g_strdup(QEMU_VERSION);
1708 }
1709
1710 if (bdrv_is_sg(s->qdev.conf.bs)) {
1711 error_report("unwanted /dev/sg*");
1712 return -1;
1713 }
1714
1715 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1716 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1717 }
1718 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1719
1720 bdrv_iostatus_enable(s->qdev.conf.bs);
1721 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1722 return 0;
1723 }
1724
1725 static int scsi_hd_initfn(SCSIDevice *dev)
1726 {
1727 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1728 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1729 s->qdev.type = TYPE_DISK;
1730 return scsi_initfn(&s->qdev);
1731 }
1732
1733 static int scsi_cd_initfn(SCSIDevice *dev)
1734 {
1735 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1736 s->qdev.blocksize = 2048;
1737 s->qdev.type = TYPE_ROM;
1738 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1739 return scsi_initfn(&s->qdev);
1740 }
1741
1742 static int scsi_disk_initfn(SCSIDevice *dev)
1743 {
1744 DriveInfo *dinfo;
1745
1746 if (!dev->conf.bs) {
1747 return scsi_initfn(dev); /* ... and die there */
1748 }
1749
1750 dinfo = drive_get_by_blockdev(dev->conf.bs);
1751 if (dinfo->media_cd) {
1752 return scsi_cd_initfn(dev);
1753 } else {
1754 return scsi_hd_initfn(dev);
1755 }
1756 }
1757
1758 static const SCSIReqOps scsi_disk_reqops = {
1759 .size = sizeof(SCSIDiskReq),
1760 .free_req = scsi_free_request,
1761 .send_command = scsi_send_command,
1762 .read_data = scsi_read_data,
1763 .write_data = scsi_write_data,
1764 .cancel_io = scsi_cancel_io,
1765 .get_buf = scsi_get_buf,
1766 .load_request = scsi_disk_load_request,
1767 .save_request = scsi_disk_save_request,
1768 };
1769
1770 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1771 uint8_t *buf, void *hba_private)
1772 {
1773 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1774 SCSIRequest *req;
1775
1776 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1777 return req;
1778 }
1779
1780 #ifdef __linux__
1781 static int get_device_type(SCSIDiskState *s)
1782 {
1783 BlockDriverState *bdrv = s->qdev.conf.bs;
1784 uint8_t cmd[16];
1785 uint8_t buf[36];
1786 uint8_t sensebuf[8];
1787 sg_io_hdr_t io_header;
1788 int ret;
1789
1790 memset(cmd, 0, sizeof(cmd));
1791 memset(buf, 0, sizeof(buf));
1792 cmd[0] = INQUIRY;
1793 cmd[4] = sizeof(buf);
1794
1795 memset(&io_header, 0, sizeof(io_header));
1796 io_header.interface_id = 'S';
1797 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1798 io_header.dxfer_len = sizeof(buf);
1799 io_header.dxferp = buf;
1800 io_header.cmdp = cmd;
1801 io_header.cmd_len = sizeof(cmd);
1802 io_header.mx_sb_len = sizeof(sensebuf);
1803 io_header.sbp = sensebuf;
1804 io_header.timeout = 6000; /* XXX */
1805
1806 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1807 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1808 return -1;
1809 }
1810 s->qdev.type = buf[0];
1811 if (buf[1] & 0x80) {
1812 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1813 }
1814 return 0;
1815 }
1816
1817 static int scsi_block_initfn(SCSIDevice *dev)
1818 {
1819 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1820 int sg_version;
1821 int rc;
1822
1823 if (!s->qdev.conf.bs) {
1824 error_report("scsi-block: drive property not set");
1825 return -1;
1826 }
1827
1828 /* check we are using a driver managing SG_IO (version 3 and after) */
1829 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1830 sg_version < 30000) {
1831 error_report("scsi-block: scsi generic interface too old");
1832 return -1;
1833 }
1834
1835 /* get device type from INQUIRY data */
1836 rc = get_device_type(s);
1837 if (rc < 0) {
1838 error_report("scsi-block: INQUIRY failed");
1839 return -1;
1840 }
1841
1842 /* Make a guess for the block size, we'll fix it when the guest sends.
1843 * READ CAPACITY. If they don't, they likely would assume these sizes
1844 * anyway. (TODO: check in /sys).
1845 */
1846 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1847 s->qdev.blocksize = 2048;
1848 } else {
1849 s->qdev.blocksize = 512;
1850 }
1851 return scsi_initfn(&s->qdev);
1852 }
1853
1854 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1855 uint32_t lun, uint8_t *buf,
1856 void *hba_private)
1857 {
1858 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1859
1860 switch (buf[0]) {
1861 case READ_6:
1862 case READ_10:
1863 case READ_12:
1864 case READ_16:
1865 case VERIFY_10:
1866 case VERIFY_12:
1867 case VERIFY_16:
1868 case WRITE_6:
1869 case WRITE_10:
1870 case WRITE_12:
1871 case WRITE_16:
1872 case WRITE_VERIFY_10:
1873 case WRITE_VERIFY_12:
1874 case WRITE_VERIFY_16:
1875 /* If we are not using O_DIRECT, we might read stale data from the
1876 * host cache if writes were made using other commands than these
1877 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1878 * O_DIRECT everything must go through SG_IO.
1879 */
1880 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1881 break;
1882 }
1883
1884 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1885 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1886 * And once you do these writes, reading from the block device is
1887 * unreliable, too. It is even possible that reads deliver random data
1888 * from the host page cache (this is probably a Linux bug).
1889 *
1890 * We might use scsi_disk_reqops as long as no writing commands are
1891 * seen, but performance usually isn't paramount on optical media. So,
1892 * just make scsi-block operate the same as scsi-generic for them.
1893 */
1894 if (s->qdev.type == TYPE_ROM) {
1895 break;
1896 }
1897 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1898 hba_private);
1899 }
1900
1901 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1902 hba_private);
1903 }
1904 #endif
1905
1906 #define DEFINE_SCSI_DISK_PROPERTIES() \
1907 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1908 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1909 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1910
1911 static Property scsi_hd_properties[] = {
1912 DEFINE_SCSI_DISK_PROPERTIES(),
1913 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1914 SCSI_DISK_F_REMOVABLE, false),
1915 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1916 SCSI_DISK_F_DPOFUA, false),
1917 DEFINE_PROP_END_OF_LIST(),
1918 };
1919
1920 static const VMStateDescription vmstate_scsi_disk_state = {
1921 .name = "scsi-disk",
1922 .version_id = 1,
1923 .minimum_version_id = 1,
1924 .minimum_version_id_old = 1,
1925 .fields = (VMStateField[]) {
1926 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1927 VMSTATE_BOOL(media_changed, SCSIDiskState),
1928 VMSTATE_BOOL(media_event, SCSIDiskState),
1929 VMSTATE_BOOL(eject_request, SCSIDiskState),
1930 VMSTATE_BOOL(tray_open, SCSIDiskState),
1931 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1932 VMSTATE_END_OF_LIST()
1933 }
1934 };
1935
1936 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1937 {
1938 DeviceClass *dc = DEVICE_CLASS(klass);
1939 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1940
1941 sc->init = scsi_hd_initfn;
1942 sc->destroy = scsi_destroy;
1943 sc->alloc_req = scsi_new_request;
1944 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1945 dc->fw_name = "disk";
1946 dc->desc = "virtual SCSI disk";
1947 dc->reset = scsi_disk_reset;
1948 dc->props = scsi_hd_properties;
1949 dc->vmsd = &vmstate_scsi_disk_state;
1950 }
1951
1952 static TypeInfo scsi_hd_info = {
1953 .name = "scsi-hd",
1954 .parent = TYPE_SCSI_DEVICE,
1955 .instance_size = sizeof(SCSIDiskState),
1956 .class_init = scsi_hd_class_initfn,
1957 };
1958
1959 static Property scsi_cd_properties[] = {
1960 DEFINE_SCSI_DISK_PROPERTIES(),
1961 DEFINE_PROP_END_OF_LIST(),
1962 };
1963
1964 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1965 {
1966 DeviceClass *dc = DEVICE_CLASS(klass);
1967 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1968
1969 sc->init = scsi_cd_initfn;
1970 sc->destroy = scsi_destroy;
1971 sc->alloc_req = scsi_new_request;
1972 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1973 dc->fw_name = "disk";
1974 dc->desc = "virtual SCSI CD-ROM";
1975 dc->reset = scsi_disk_reset;
1976 dc->props = scsi_cd_properties;
1977 dc->vmsd = &vmstate_scsi_disk_state;
1978 }
1979
1980 static TypeInfo scsi_cd_info = {
1981 .name = "scsi-cd",
1982 .parent = TYPE_SCSI_DEVICE,
1983 .instance_size = sizeof(SCSIDiskState),
1984 .class_init = scsi_cd_class_initfn,
1985 };
1986
1987 #ifdef __linux__
1988 static Property scsi_block_properties[] = {
1989 DEFINE_SCSI_DISK_PROPERTIES(),
1990 DEFINE_PROP_END_OF_LIST(),
1991 };
1992
1993 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1994 {
1995 DeviceClass *dc = DEVICE_CLASS(klass);
1996 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1997
1998 sc->init = scsi_block_initfn;
1999 sc->destroy = scsi_destroy;
2000 sc->alloc_req = scsi_block_new_request;
2001 dc->fw_name = "disk";
2002 dc->desc = "SCSI block device passthrough";
2003 dc->reset = scsi_disk_reset;
2004 dc->props = scsi_block_properties;
2005 dc->vmsd = &vmstate_scsi_disk_state;
2006 }
2007
2008 static TypeInfo scsi_block_info = {
2009 .name = "scsi-block",
2010 .parent = TYPE_SCSI_DEVICE,
2011 .instance_size = sizeof(SCSIDiskState),
2012 .class_init = scsi_block_class_initfn,
2013 };
2014 #endif
2015
2016 static Property scsi_disk_properties[] = {
2017 DEFINE_SCSI_DISK_PROPERTIES(),
2018 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2019 SCSI_DISK_F_REMOVABLE, false),
2020 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2021 SCSI_DISK_F_DPOFUA, false),
2022 DEFINE_PROP_END_OF_LIST(),
2023 };
2024
2025 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2026 {
2027 DeviceClass *dc = DEVICE_CLASS(klass);
2028 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2029
2030 sc->init = scsi_disk_initfn;
2031 sc->destroy = scsi_destroy;
2032 sc->alloc_req = scsi_new_request;
2033 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2034 dc->fw_name = "disk";
2035 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2036 dc->reset = scsi_disk_reset;
2037 dc->props = scsi_disk_properties;
2038 dc->vmsd = &vmstate_scsi_disk_state;
2039 }
2040
2041 static TypeInfo scsi_disk_info = {
2042 .name = "scsi-disk",
2043 .parent = TYPE_SCSI_DEVICE,
2044 .instance_size = sizeof(SCSIDiskState),
2045 .class_init = scsi_disk_class_initfn,
2046 };
2047
2048 static void scsi_disk_register_types(void)
2049 {
2050 type_register_static(&scsi_hd_info);
2051 type_register_static(&scsi_cd_info);
2052 #ifdef __linux__
2053 type_register_static(&scsi_block_info);
2054 #endif
2055 type_register_static(&scsi_disk_info);
2056 }
2057
2058 type_init(scsi_disk_register_types)
Qemu copy for testing