]> git.proxmox.com Git - mirror_qemu.git/blob - hw/scsi-disk.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Rearrange block headers
[mirror_qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45
46 typedef struct SCSIDiskState SCSIDiskState;
47
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 uint32_t status;
58 } SCSIDiskReq;
59
60 struct SCSIDiskState
61 {
62 SCSIDevice qdev;
63 BlockDriverState *bs;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
67 uint64_t max_lba;
68 QEMUBH *bh;
69 char *version;
70 char *serial;
71 };
72
73 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
74 {
75 SCSIRequest *req;
76 SCSIDiskReq *r;
77
78 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
79 r = DO_UPCAST(SCSIDiskReq, req, req);
80 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
81 return r;
82 }
83
84 static void scsi_remove_request(SCSIDiskReq *r)
85 {
86 qemu_vfree(r->iov.iov_base);
87 scsi_req_free(&r->req);
88 }
89
90 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
91 {
92 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
93 }
94
95 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
96 {
97 req->status = status;
98 scsi_dev_set_sense(req->dev, sense_code);
99 }
100
101 /* Helper function for command completion. */
102 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
103 {
104 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
105 r->req.tag, status, sense);
106 scsi_req_set_status(&r->req, status, sense);
107 scsi_req_complete(&r->req);
108 scsi_remove_request(r);
109 }
110
111 /* Cancel a pending data transfer. */
112 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
113 {
114 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
115 SCSIDiskReq *r;
116 DPRINTF("Cancel tag=0x%x\n", tag);
117 r = scsi_find_request(s, tag);
118 if (r) {
119 if (r->req.aiocb)
120 bdrv_aio_cancel(r->req.aiocb);
121 r->req.aiocb = NULL;
122 scsi_remove_request(r);
123 }
124 }
125
126 static void scsi_read_complete(void * opaque, int ret)
127 {
128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129
130 r->req.aiocb = NULL;
131
132 if (ret) {
133 DPRINTF("IO error\n");
134 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
135 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
136 return;
137 }
138 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
139
140 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
141 }
142
143 /* Read more data from scsi device into buffer. */
144 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
145 {
146 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
147 SCSIDiskReq *r;
148 uint32_t n;
149
150 r = scsi_find_request(s, tag);
151 if (!r) {
152 BADF("Bad read tag 0x%x\n", tag);
153 /* ??? This is the wrong error. */
154 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
155 return;
156 }
157 if (r->sector_count == (uint32_t)-1) {
158 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
159 r->sector_count = 0;
160 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
161 return;
162 }
163 DPRINTF("Read sector_count=%d\n", r->sector_count);
164 if (r->sector_count == 0) {
165 scsi_command_complete(r, GOOD, NO_SENSE);
166 return;
167 }
168
169 n = r->sector_count;
170 if (n > SCSI_DMA_BUF_SIZE / 512)
171 n = SCSI_DMA_BUF_SIZE / 512;
172
173 r->iov.iov_len = n * 512;
174 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
175 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
176 scsi_read_complete, r);
177 if (r->req.aiocb == NULL)
178 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
179 r->sector += n;
180 r->sector_count -= n;
181 }
182
183 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
184 {
185 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
186 BlockErrorAction action = bdrv_get_on_error(s->bs, 0);
187
188 if (action == BLOCK_ERR_IGNORE) {
189 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
190 return 0;
191 }
192
193 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
194 || action == BLOCK_ERR_STOP_ANY) {
195 r->status |= SCSI_REQ_STATUS_RETRY;
196 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
197 vm_stop(0);
198 } else {
199 scsi_command_complete(r, CHECK_CONDITION,
200 HARDWARE_ERROR);
201 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
202 }
203
204 return 1;
205 }
206
207 static void scsi_write_complete(void * opaque, int ret)
208 {
209 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
210 uint32_t len;
211 uint32_t n;
212
213 r->req.aiocb = NULL;
214
215 if (ret) {
216 if (scsi_handle_write_error(r, -ret))
217 return;
218 }
219
220 n = r->iov.iov_len / 512;
221 r->sector += n;
222 r->sector_count -= n;
223 if (r->sector_count == 0) {
224 scsi_command_complete(r, GOOD, NO_SENSE);
225 } else {
226 len = r->sector_count * 512;
227 if (len > SCSI_DMA_BUF_SIZE) {
228 len = SCSI_DMA_BUF_SIZE;
229 }
230 r->iov.iov_len = len;
231 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
232 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
233 }
234 }
235
236 static void scsi_write_request(SCSIDiskReq *r)
237 {
238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
239 uint32_t n;
240
241 n = r->iov.iov_len / 512;
242 if (n) {
243 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
244 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
245 scsi_write_complete, r);
246 if (r->req.aiocb == NULL)
247 scsi_command_complete(r, CHECK_CONDITION,
248 HARDWARE_ERROR);
249 } else {
250 /* Invoke completion routine to fetch data from host. */
251 scsi_write_complete(r, 0);
252 }
253 }
254
255 /* Write data to a scsi device. Returns nonzero on failure.
256 The transfer may complete asynchronously. */
257 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
258 {
259 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
260 SCSIDiskReq *r;
261
262 DPRINTF("Write data tag=0x%x\n", tag);
263 r = scsi_find_request(s, tag);
264 if (!r) {
265 BADF("Bad write tag 0x%x\n", tag);
266 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
267 return 1;
268 }
269
270 if (r->req.aiocb)
271 BADF("Data transfer already in progress\n");
272
273 scsi_write_request(r);
274
275 return 0;
276 }
277
278 static void scsi_dma_restart_bh(void *opaque)
279 {
280 SCSIDiskState *s = opaque;
281 SCSIRequest *req;
282 SCSIDiskReq *r;
283
284 qemu_bh_delete(s->bh);
285 s->bh = NULL;
286
287 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
288 r = DO_UPCAST(SCSIDiskReq, req, req);
289 if (r->status & SCSI_REQ_STATUS_RETRY) {
290 r->status &= ~SCSI_REQ_STATUS_RETRY;
291 scsi_write_request(r);
292 }
293 }
294 }
295
296 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
297 {
298 SCSIDiskState *s = opaque;
299
300 if (!running)
301 return;
302
303 if (!s->bh) {
304 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
305 qemu_bh_schedule(s->bh);
306 }
307 }
308
309 /* Return a pointer to the data buffer. */
310 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
311 {
312 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
313 SCSIDiskReq *r;
314
315 r = scsi_find_request(s, tag);
316 if (!r) {
317 BADF("Bad buffer tag 0x%x\n", tag);
318 return NULL;
319 }
320 return (uint8_t *)r->iov.iov_base;
321 }
322
323 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
324 {
325 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
326 int buflen = 0;
327
328 if (req->cmd.buf[1] & 0x2) {
329 /* Command support data - optional, not implemented */
330 BADF("optional INQUIRY command support request not implemented\n");
331 return -1;
332 }
333
334 if (req->cmd.buf[1] & 0x1) {
335 /* Vital product data */
336 uint8_t page_code = req->cmd.buf[2];
337 if (req->cmd.xfer < 4) {
338 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
339 "less than 4\n", page_code, req->cmd.xfer);
340 return -1;
341 }
342
343 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
344 outbuf[buflen++] = 5;
345 } else {
346 outbuf[buflen++] = 0;
347 }
348 outbuf[buflen++] = page_code ; // this page
349 outbuf[buflen++] = 0x00;
350
351 switch (page_code) {
352 case 0x00: /* Supported page codes, mandatory */
353 DPRINTF("Inquiry EVPD[Supported pages] "
354 "buffer size %zd\n", req->cmd.xfer);
355 outbuf[buflen++] = 4; // number of pages
356 outbuf[buflen++] = 0x00; // list of supported pages (this page)
357 outbuf[buflen++] = 0x80; // unit serial number
358 outbuf[buflen++] = 0x83; // device identification
359 outbuf[buflen++] = 0xb0; // block device characteristics
360 break;
361
362 case 0x80: /* Device serial number, optional */
363 {
364 int l = strlen(s->serial);
365
366 if (l > req->cmd.xfer)
367 l = req->cmd.xfer;
368 if (l > 20)
369 l = 20;
370
371 DPRINTF("Inquiry EVPD[Serial number] "
372 "buffer size %zd\n", req->cmd.xfer);
373 outbuf[buflen++] = l;
374 memcpy(outbuf+buflen, s->serial, l);
375 buflen += l;
376 break;
377 }
378
379 case 0x83: /* Device identification page, mandatory */
380 {
381 int max_len = 255 - 8;
382 int id_len = strlen(bdrv_get_device_name(s->bs));
383
384 if (id_len > max_len)
385 id_len = max_len;
386 DPRINTF("Inquiry EVPD[Device identification] "
387 "buffer size %zd\n", req->cmd.xfer);
388
389 outbuf[buflen++] = 3 + id_len;
390 outbuf[buflen++] = 0x2; // ASCII
391 outbuf[buflen++] = 0; // not officially assigned
392 outbuf[buflen++] = 0; // reserved
393 outbuf[buflen++] = id_len; // length of data following
394
395 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
396 buflen += id_len;
397 break;
398 }
399 case 0xb0: /* block device characteristics */
400 {
401 unsigned int min_io_size =
402 s->qdev.conf.min_io_size / s->qdev.blocksize;
403 unsigned int opt_io_size =
404 s->qdev.conf.opt_io_size / s->qdev.blocksize;
405
406 /* required VPD size with unmap support */
407 outbuf[3] = buflen = 0x3c;
408
409 memset(outbuf + 4, 0, buflen - 4);
410
411 /* optimal transfer length granularity */
412 outbuf[6] = (min_io_size >> 8) & 0xff;
413 outbuf[7] = min_io_size & 0xff;
414
415 /* optimal transfer length */
416 outbuf[12] = (opt_io_size >> 24) & 0xff;
417 outbuf[13] = (opt_io_size >> 16) & 0xff;
418 outbuf[14] = (opt_io_size >> 8) & 0xff;
419 outbuf[15] = opt_io_size & 0xff;
420 break;
421 }
422 default:
423 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
424 "buffer size %zd\n", page_code, req->cmd.xfer);
425 return -1;
426 }
427 /* done with EVPD */
428 return buflen;
429 }
430
431 /* Standard INQUIRY data */
432 if (req->cmd.buf[2] != 0) {
433 BADF("Error: Inquiry (STANDARD) page or code "
434 "is non-zero [%02X]\n", req->cmd.buf[2]);
435 return -1;
436 }
437
438 /* PAGE CODE == 0 */
439 if (req->cmd.xfer < 5) {
440 BADF("Error: Inquiry (STANDARD) buffer size %zd "
441 "is less than 5\n", req->cmd.xfer);
442 return -1;
443 }
444
445 buflen = req->cmd.xfer;
446 if (buflen > SCSI_MAX_INQUIRY_LEN)
447 buflen = SCSI_MAX_INQUIRY_LEN;
448
449 memset(outbuf, 0, buflen);
450
451 if (req->lun || req->cmd.buf[1] >> 5) {
452 outbuf[0] = 0x7f; /* LUN not supported */
453 return buflen;
454 }
455
456 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
457 outbuf[0] = 5;
458 outbuf[1] = 0x80;
459 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
460 } else {
461 outbuf[0] = 0;
462 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
463 }
464 memcpy(&outbuf[8], "QEMU ", 8);
465 memset(&outbuf[32], 0, 4);
466 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
467 /*
468 * We claim conformance to SPC-3, which is required for guests
469 * to ask for modern features like READ CAPACITY(16) or the
470 * block characteristics VPD page by default. Not all of SPC-3
471 * is actually implemented, but we're good enough.
472 */
473 outbuf[2] = 5;
474 outbuf[3] = 2; /* Format 2 */
475
476 if (buflen > 36) {
477 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
478 } else {
479 /* If the allocation length of CDB is too small,
480 the additional length is not adjusted */
481 outbuf[4] = 36 - 5;
482 }
483
484 /* Sync data transfer and TCQ. */
485 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
486 return buflen;
487 }
488
489 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
490 {
491 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
492 BlockDriverState *bdrv = s->bs;
493 int cylinders, heads, secs;
494
495 switch (page) {
496 case 4: /* Rigid disk device geometry page. */
497 p[0] = 4;
498 p[1] = 0x16;
499 /* if a geometry hint is available, use it */
500 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
501 p[2] = (cylinders >> 16) & 0xff;
502 p[3] = (cylinders >> 8) & 0xff;
503 p[4] = cylinders & 0xff;
504 p[5] = heads & 0xff;
505 /* Write precomp start cylinder, disabled */
506 p[6] = (cylinders >> 16) & 0xff;
507 p[7] = (cylinders >> 8) & 0xff;
508 p[8] = cylinders & 0xff;
509 /* Reduced current start cylinder, disabled */
510 p[9] = (cylinders >> 16) & 0xff;
511 p[10] = (cylinders >> 8) & 0xff;
512 p[11] = cylinders & 0xff;
513 /* Device step rate [ns], 200ns */
514 p[12] = 0;
515 p[13] = 200;
516 /* Landing zone cylinder */
517 p[14] = 0xff;
518 p[15] = 0xff;
519 p[16] = 0xff;
520 /* Medium rotation rate [rpm], 5400 rpm */
521 p[20] = (5400 >> 8) & 0xff;
522 p[21] = 5400 & 0xff;
523 return 0x16;
524
525 case 5: /* Flexible disk device geometry page. */
526 p[0] = 5;
527 p[1] = 0x1e;
528 /* Transfer rate [kbit/s], 5Mbit/s */
529 p[2] = 5000 >> 8;
530 p[3] = 5000 & 0xff;
531 /* if a geometry hint is available, use it */
532 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
533 p[4] = heads & 0xff;
534 p[5] = secs & 0xff;
535 p[6] = s->cluster_size * 2;
536 p[8] = (cylinders >> 8) & 0xff;
537 p[9] = cylinders & 0xff;
538 /* Write precomp start cylinder, disabled */
539 p[10] = (cylinders >> 8) & 0xff;
540 p[11] = cylinders & 0xff;
541 /* Reduced current start cylinder, disabled */
542 p[12] = (cylinders >> 8) & 0xff;
543 p[13] = cylinders & 0xff;
544 /* Device step rate [100us], 100us */
545 p[14] = 0;
546 p[15] = 1;
547 /* Device step pulse width [us], 1us */
548 p[16] = 1;
549 /* Device head settle delay [100us], 100us */
550 p[17] = 0;
551 p[18] = 1;
552 /* Motor on delay [0.1s], 0.1s */
553 p[19] = 1;
554 /* Motor off delay [0.1s], 0.1s */
555 p[20] = 1;
556 /* Medium rotation rate [rpm], 5400 rpm */
557 p[28] = (5400 >> 8) & 0xff;
558 p[29] = 5400 & 0xff;
559 return 0x1e;
560
561 case 8: /* Caching page. */
562 p[0] = 8;
563 p[1] = 0x12;
564 if (bdrv_enable_write_cache(s->bs)) {
565 p[2] = 4; /* WCE */
566 }
567 return 20;
568
569 case 0x2a: /* CD Capabilities and Mechanical Status page. */
570 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
571 return 0;
572 p[0] = 0x2a;
573 p[1] = 0x14;
574 p[2] = 3; // CD-R & CD-RW read
575 p[3] = 0; // Writing not supported
576 p[4] = 0x7f; /* Audio, composite, digital out,
577 mode 2 form 1&2, multi session */
578 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
579 RW corrected, C2 errors, ISRC,
580 UPC, Bar code */
581 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
582 /* Locking supported, jumper present, eject, tray */
583 p[7] = 0; /* no volume & mute control, no
584 changer */
585 p[8] = (50 * 176) >> 8; // 50x read speed
586 p[9] = (50 * 176) & 0xff;
587 p[10] = 0 >> 8; // No volume
588 p[11] = 0 & 0xff;
589 p[12] = 2048 >> 8; // 2M buffer
590 p[13] = 2048 & 0xff;
591 p[14] = (16 * 176) >> 8; // 16x read speed current
592 p[15] = (16 * 176) & 0xff;
593 p[18] = (16 * 176) >> 8; // 16x write speed
594 p[19] = (16 * 176) & 0xff;
595 p[20] = (16 * 176) >> 8; // 16x write speed current
596 p[21] = (16 * 176) & 0xff;
597 return 22;
598
599 default:
600 return 0;
601 }
602 }
603
604 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
605 {
606 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
607 uint64_t nb_sectors;
608 int page, dbd, buflen;
609 uint8_t *p;
610
611 dbd = req->cmd.buf[1] & 0x8;
612 page = req->cmd.buf[2] & 0x3f;
613 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
614 memset(outbuf, 0, req->cmd.xfer);
615 p = outbuf;
616
617 p[1] = 0; /* Default media type. */
618 p[3] = 0; /* Block descriptor length. */
619 if (bdrv_is_read_only(s->bs)) {
620 p[2] = 0x80; /* Readonly. */
621 }
622 p += 4;
623
624 bdrv_get_geometry(s->bs, &nb_sectors);
625 if ((~dbd) & nb_sectors) {
626 outbuf[3] = 8; /* Block descriptor length */
627 nb_sectors /= s->cluster_size;
628 nb_sectors--;
629 if (nb_sectors > 0xffffff)
630 nb_sectors = 0xffffff;
631 p[0] = 0; /* media density code */
632 p[1] = (nb_sectors >> 16) & 0xff;
633 p[2] = (nb_sectors >> 8) & 0xff;
634 p[3] = nb_sectors & 0xff;
635 p[4] = 0; /* reserved */
636 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
637 p[6] = s->cluster_size * 2;
638 p[7] = 0;
639 p += 8;
640 }
641
642 switch (page) {
643 case 0x04:
644 case 0x05:
645 case 0x08:
646 case 0x2a:
647 p += mode_sense_page(req, page, p);
648 break;
649 case 0x3f:
650 p += mode_sense_page(req, 0x08, p);
651 p += mode_sense_page(req, 0x2a, p);
652 break;
653 }
654
655 buflen = p - outbuf;
656 outbuf[0] = buflen - 4;
657 if (buflen > req->cmd.xfer)
658 buflen = req->cmd.xfer;
659 return buflen;
660 }
661
662 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
663 {
664 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
665 int start_track, format, msf, toclen;
666 uint64_t nb_sectors;
667
668 msf = req->cmd.buf[1] & 2;
669 format = req->cmd.buf[2] & 0xf;
670 start_track = req->cmd.buf[6];
671 bdrv_get_geometry(s->bs, &nb_sectors);
672 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
673 nb_sectors /= s->cluster_size;
674 switch (format) {
675 case 0:
676 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
677 break;
678 case 1:
679 /* multi session : only a single session defined */
680 toclen = 12;
681 memset(outbuf, 0, 12);
682 outbuf[1] = 0x0a;
683 outbuf[2] = 0x01;
684 outbuf[3] = 0x01;
685 break;
686 case 2:
687 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
688 break;
689 default:
690 return -1;
691 }
692 if (toclen > req->cmd.xfer)
693 toclen = req->cmd.xfer;
694 return toclen;
695 }
696
697 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
698 {
699 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
700 uint64_t nb_sectors;
701 int buflen = 0;
702
703 switch (req->cmd.buf[0]) {
704 case TEST_UNIT_READY:
705 if (!bdrv_is_inserted(s->bs))
706 goto not_ready;
707 break;
708 case REQUEST_SENSE:
709 if (req->cmd.xfer < 4)
710 goto illegal_request;
711 memset(outbuf, 0, 4);
712 buflen = 4;
713 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
714 memset(outbuf, 0, 18);
715 buflen = 18;
716 outbuf[7] = 10;
717 /* asc 0x3a, ascq 0: Medium not present */
718 outbuf[12] = 0x3a;
719 outbuf[13] = 0;
720 }
721 outbuf[0] = 0xf0;
722 outbuf[1] = 0;
723 outbuf[2] = req->dev->sense.key;
724 scsi_dev_clear_sense(req->dev);
725 break;
726 case INQUIRY:
727 buflen = scsi_disk_emulate_inquiry(req, outbuf);
728 if (buflen < 0)
729 goto illegal_request;
730 break;
731 case MODE_SENSE:
732 case MODE_SENSE_10:
733 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
734 if (buflen < 0)
735 goto illegal_request;
736 break;
737 case READ_TOC:
738 buflen = scsi_disk_emulate_read_toc(req, outbuf);
739 if (buflen < 0)
740 goto illegal_request;
741 break;
742 case RESERVE:
743 if (req->cmd.buf[1] & 1)
744 goto illegal_request;
745 break;
746 case RESERVE_10:
747 if (req->cmd.buf[1] & 3)
748 goto illegal_request;
749 break;
750 case RELEASE:
751 if (req->cmd.buf[1] & 1)
752 goto illegal_request;
753 break;
754 case RELEASE_10:
755 if (req->cmd.buf[1] & 3)
756 goto illegal_request;
757 break;
758 case START_STOP:
759 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
760 /* load/eject medium */
761 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
762 }
763 break;
764 case ALLOW_MEDIUM_REMOVAL:
765 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
766 break;
767 case READ_CAPACITY:
768 /* The normal LEN field for this command is zero. */
769 memset(outbuf, 0, 8);
770 bdrv_get_geometry(s->bs, &nb_sectors);
771 if (!nb_sectors)
772 goto not_ready;
773 nb_sectors /= s->cluster_size;
774 /* Returned value is the address of the last sector. */
775 nb_sectors--;
776 /* Remember the new size for read/write sanity checking. */
777 s->max_lba = nb_sectors;
778 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
779 if (nb_sectors > UINT32_MAX)
780 nb_sectors = UINT32_MAX;
781 outbuf[0] = (nb_sectors >> 24) & 0xff;
782 outbuf[1] = (nb_sectors >> 16) & 0xff;
783 outbuf[2] = (nb_sectors >> 8) & 0xff;
784 outbuf[3] = nb_sectors & 0xff;
785 outbuf[4] = 0;
786 outbuf[5] = 0;
787 outbuf[6] = s->cluster_size * 2;
788 outbuf[7] = 0;
789 buflen = 8;
790 break;
791 case SYNCHRONIZE_CACHE:
792 bdrv_flush(s->bs);
793 break;
794 case GET_CONFIGURATION:
795 memset(outbuf, 0, 8);
796 /* ??? This should probably return much more information. For now
797 just return the basic header indicating the CD-ROM profile. */
798 outbuf[7] = 8; // CD-ROM
799 buflen = 8;
800 break;
801 case SERVICE_ACTION_IN:
802 /* Service Action In subcommands. */
803 if ((req->cmd.buf[1] & 31) == 0x10) {
804 DPRINTF("SAI READ CAPACITY(16)\n");
805 memset(outbuf, 0, req->cmd.xfer);
806 bdrv_get_geometry(s->bs, &nb_sectors);
807 if (!nb_sectors)
808 goto not_ready;
809 nb_sectors /= s->cluster_size;
810 /* Returned value is the address of the last sector. */
811 nb_sectors--;
812 /* Remember the new size for read/write sanity checking. */
813 s->max_lba = nb_sectors;
814 outbuf[0] = (nb_sectors >> 56) & 0xff;
815 outbuf[1] = (nb_sectors >> 48) & 0xff;
816 outbuf[2] = (nb_sectors >> 40) & 0xff;
817 outbuf[3] = (nb_sectors >> 32) & 0xff;
818 outbuf[4] = (nb_sectors >> 24) & 0xff;
819 outbuf[5] = (nb_sectors >> 16) & 0xff;
820 outbuf[6] = (nb_sectors >> 8) & 0xff;
821 outbuf[7] = nb_sectors & 0xff;
822 outbuf[8] = 0;
823 outbuf[9] = 0;
824 outbuf[10] = s->cluster_size * 2;
825 outbuf[11] = 0;
826 outbuf[12] = 0;
827 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
828 /* Protection, exponent and lowest lba field left blank. */
829 buflen = req->cmd.xfer;
830 break;
831 }
832 DPRINTF("Unsupported Service Action In\n");
833 goto illegal_request;
834 case REPORT_LUNS:
835 if (req->cmd.xfer < 16)
836 goto illegal_request;
837 memset(outbuf, 0, 16);
838 outbuf[3] = 8;
839 buflen = 16;
840 break;
841 case VERIFY:
842 break;
843 default:
844 goto illegal_request;
845 }
846 scsi_req_set_status(req, GOOD, NO_SENSE);
847 return buflen;
848
849 not_ready:
850 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
851 return 0;
852
853 illegal_request:
854 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
855 return 0;
856 }
857
858 /* Execute a scsi command. Returns the length of the data expected by the
859 command. This will be Positive for data transfers from the device
860 (eg. disk reads), negative for transfers to the device (eg. disk writes),
861 and zero if the command does not transfer any data. */
862
863 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
864 uint8_t *buf, int lun)
865 {
866 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
867 uint64_t lba;
868 uint32_t len;
869 int cmdlen;
870 int is_write;
871 uint8_t command;
872 uint8_t *outbuf;
873 SCSIDiskReq *r;
874 int rc;
875
876 command = buf[0];
877 r = scsi_find_request(s, tag);
878 if (r) {
879 BADF("Tag 0x%x already in use\n", tag);
880 scsi_cancel_io(d, tag);
881 }
882 /* ??? Tags are not unique for different luns. We only implement a
883 single lun, so this should not matter. */
884 r = scsi_new_request(d, tag, lun);
885 outbuf = (uint8_t *)r->iov.iov_base;
886 is_write = 0;
887 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
888 switch (command >> 5) {
889 case 0:
890 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
891 (((uint64_t) buf[1] & 0x1f) << 16);
892 len = buf[4];
893 cmdlen = 6;
894 break;
895 case 1:
896 case 2:
897 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
898 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
899 len = buf[8] | (buf[7] << 8);
900 cmdlen = 10;
901 break;
902 case 4:
903 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
904 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
905 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
906 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
907 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
908 cmdlen = 16;
909 break;
910 case 5:
911 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
912 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
913 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
914 cmdlen = 12;
915 break;
916 default:
917 BADF("Unsupported command length, command %x\n", command);
918 goto fail;
919 }
920 #ifdef DEBUG_SCSI
921 {
922 int i;
923 for (i = 1; i < cmdlen; i++) {
924 printf(" 0x%02x", buf[i]);
925 }
926 printf("\n");
927 }
928 #endif
929
930 if (scsi_req_parse(&r->req, buf) != 0) {
931 BADF("Unsupported command length, command %x\n", command);
932 goto fail;
933 }
934 assert(r->req.cmd.len == cmdlen);
935 assert(r->req.cmd.lba == lba);
936
937 if (lun || buf[1] >> 5) {
938 /* Only LUN 0 supported. */
939 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
940 if (command != REQUEST_SENSE && command != INQUIRY)
941 goto fail;
942 }
943 switch (command) {
944 case TEST_UNIT_READY:
945 case REQUEST_SENSE:
946 case INQUIRY:
947 case MODE_SENSE:
948 case MODE_SENSE_10:
949 case RESERVE:
950 case RESERVE_10:
951 case RELEASE:
952 case RELEASE_10:
953 case START_STOP:
954 case ALLOW_MEDIUM_REMOVAL:
955 case READ_CAPACITY:
956 case SYNCHRONIZE_CACHE:
957 case READ_TOC:
958 case GET_CONFIGURATION:
959 case SERVICE_ACTION_IN:
960 case REPORT_LUNS:
961 case VERIFY:
962 rc = scsi_disk_emulate_command(&r->req, outbuf);
963 if (rc > 0) {
964 r->iov.iov_len = rc;
965 } else {
966 scsi_req_complete(&r->req);
967 scsi_remove_request(r);
968 return 0;
969 }
970 break;
971 case READ_6:
972 case READ_10:
973 case READ_12:
974 case READ_16:
975 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
976 if (lba > s->max_lba)
977 goto illegal_lba;
978 r->sector = lba * s->cluster_size;
979 r->sector_count = len * s->cluster_size;
980 break;
981 case WRITE_6:
982 case WRITE_10:
983 case WRITE_12:
984 case WRITE_16:
985 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
986 if (lba > s->max_lba)
987 goto illegal_lba;
988 r->sector = lba * s->cluster_size;
989 r->sector_count = len * s->cluster_size;
990 is_write = 1;
991 break;
992 default:
993 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
994 fail:
995 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
996 return 0;
997 illegal_lba:
998 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
999 return 0;
1000 }
1001 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1002 scsi_command_complete(r, GOOD, NO_SENSE);
1003 }
1004 len = r->sector_count * 512 + r->iov.iov_len;
1005 if (is_write) {
1006 return -len;
1007 } else {
1008 if (!r->sector_count)
1009 r->sector_count = -1;
1010 return len;
1011 }
1012 }
1013
1014 static void scsi_disk_purge_requests(SCSIDiskState *s)
1015 {
1016 SCSIDiskReq *r;
1017
1018 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1019 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1020 if (r->req.aiocb) {
1021 bdrv_aio_cancel(r->req.aiocb);
1022 }
1023 scsi_remove_request(r);
1024 }
1025 }
1026
1027 static void scsi_disk_reset(DeviceState *dev)
1028 {
1029 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1030 uint64_t nb_sectors;
1031
1032 scsi_disk_purge_requests(s);
1033
1034 bdrv_get_geometry(s->bs, &nb_sectors);
1035 nb_sectors /= s->cluster_size;
1036 if (nb_sectors) {
1037 nb_sectors--;
1038 }
1039 s->max_lba = nb_sectors;
1040 }
1041
1042 static void scsi_destroy(SCSIDevice *dev)
1043 {
1044 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1045
1046 scsi_disk_purge_requests(s);
1047 blockdev_mark_auto_del(s->qdev.conf.bs);
1048 }
1049
1050 static int scsi_disk_initfn(SCSIDevice *dev)
1051 {
1052 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1053 int is_cd;
1054 DriveInfo *dinfo;
1055
1056 if (!s->qdev.conf.bs) {
1057 error_report("scsi-disk: drive property not set");
1058 return -1;
1059 }
1060 s->bs = s->qdev.conf.bs;
1061 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1062
1063 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1064 error_report("Device needs media, but drive is empty");
1065 return -1;
1066 }
1067
1068 if (bdrv_get_on_error(s->bs, 1) != BLOCK_ERR_REPORT) {
1069 error_report("Device doesn't support drive option rerror");
1070 return -1;
1071 }
1072
1073 if (!s->serial) {
1074 /* try to fall back to value set with legacy -drive serial=... */
1075 dinfo = drive_get_by_blockdev(s->bs);
1076 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1077 }
1078
1079 if (!s->version) {
1080 s->version = qemu_strdup(QEMU_VERSION);
1081 }
1082
1083 if (bdrv_is_sg(s->bs)) {
1084 error_report("scsi-disk: unwanted /dev/sg*");
1085 return -1;
1086 }
1087
1088 if (is_cd) {
1089 s->qdev.blocksize = 2048;
1090 } else {
1091 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1092 }
1093 s->cluster_size = s->qdev.blocksize / 512;
1094
1095 s->qdev.type = TYPE_DISK;
1096 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1097 bdrv_set_removable(s->bs, is_cd);
1098 return 0;
1099 }
1100
1101 static SCSIDeviceInfo scsi_disk_info = {
1102 .qdev.name = "scsi-disk",
1103 .qdev.desc = "virtual scsi disk or cdrom",
1104 .qdev.size = sizeof(SCSIDiskState),
1105 .qdev.reset = scsi_disk_reset,
1106 .init = scsi_disk_initfn,
1107 .destroy = scsi_destroy,
1108 .send_command = scsi_send_command,
1109 .read_data = scsi_read_data,
1110 .write_data = scsi_write_data,
1111 .cancel_io = scsi_cancel_io,
1112 .get_buf = scsi_get_buf,
1113 .qdev.props = (Property[]) {
1114 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1115 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1116 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1117 DEFINE_PROP_END_OF_LIST(),
1118 },
1119 };
1120
1121 static void scsi_disk_register_devices(void)
1122 {
1123 scsi_qdev_register(&scsi_disk_info);
1124 }
1125 device_init(scsi_disk_register_devices)
QEMU mirror