]> git.proxmox.com Git - mirror_qemu.git/blob - hw/scsi-disk.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
drive cleanup fixes.
[mirror_qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi-disk.h"
33
34 #define SENSE_NO_SENSE 0
35 #define SENSE_NOT_READY 2
36 #define SENSE_HARDWARE_ERROR 4
37 #define SENSE_ILLEGAL_REQUEST 5
38
39 #define STATUS_GOOD 0
40 #define STATUS_CHECK_CONDITION 2
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 #define SCSI_REQ_STATUS_RETRY 0x01
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIRequest {
50 SCSIBus *bus;
51 SCSIDiskState *dev;
52 uint32_t tag;
53 /* ??? We should probably keep track of whether the data transfer is
54 a read or a write. Currently we rely on the host getting it right. */
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 struct iovec iov;
59 QEMUIOVector qiov;
60 BlockDriverAIOCB *aiocb;
61 struct SCSIRequest *next;
62 uint32_t status;
63 } SCSIRequest;
64
65 struct SCSIDiskState
66 {
67 SCSIDevice qdev;
68 DriveInfo *dinfo;
69 SCSIRequest *requests;
70 /* The qemu block layer uses a fixed 512 byte sector size.
71 This is the number of 512 byte blocks in a single scsi sector. */
72 int cluster_size;
73 uint64_t max_lba;
74 int sense;
75 char drive_serial_str[21];
76 QEMUBH *bh;
77 };
78
79 /* Global pool of SCSIRequest structures. */
80 static SCSIRequest *free_requests = NULL;
81
82 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag)
83 {
84 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
85 SCSIRequest *r;
86
87 if (free_requests) {
88 r = free_requests;
89 free_requests = r->next;
90 } else {
91 r = qemu_malloc(sizeof(SCSIRequest));
92 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
93 }
94 r->bus = scsi_bus_from_device(d);
95 r->dev = s;
96 r->tag = tag;
97 r->sector_count = 0;
98 r->iov.iov_len = 0;
99 r->aiocb = NULL;
100 r->status = 0;
101
102 r->next = s->requests;
103 s->requests = r;
104 return r;
105 }
106
107 static void scsi_remove_request(SCSIRequest *r)
108 {
109 SCSIRequest *last;
110 SCSIDiskState *s = r->dev;
111
112 if (s->requests == r) {
113 s->requests = r->next;
114 } else {
115 last = s->requests;
116 while (last && last->next != r)
117 last = last->next;
118 if (last) {
119 last->next = r->next;
120 } else {
121 BADF("Orphaned request\n");
122 }
123 }
124 r->next = free_requests;
125 free_requests = r;
126 }
127
128 static SCSIRequest *scsi_find_request(SCSIDiskState *s, uint32_t tag)
129 {
130 SCSIRequest *r;
131
132 r = s->requests;
133 while (r && r->tag != tag)
134 r = r->next;
135
136 return r;
137 }
138
139 /* Helper function for command completion. */
140 static void scsi_command_complete(SCSIRequest *r, int status, int sense)
141 {
142 SCSIDiskState *s = r->dev;
143 uint32_t tag;
144 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n", r->tag, status, sense);
145 s->sense = sense;
146 tag = r->tag;
147 scsi_remove_request(r);
148 r->bus->complete(r->bus, SCSI_REASON_DONE, tag, status);
149 }
150
151 /* Cancel a pending data transfer. */
152 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
153 {
154 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
155 SCSIRequest *r;
156 DPRINTF("Cancel tag=0x%x\n", tag);
157 r = scsi_find_request(s, tag);
158 if (r) {
159 if (r->aiocb)
160 bdrv_aio_cancel(r->aiocb);
161 r->aiocb = NULL;
162 scsi_remove_request(r);
163 }
164 }
165
166 static void scsi_read_complete(void * opaque, int ret)
167 {
168 SCSIRequest *r = (SCSIRequest *)opaque;
169
170 if (ret) {
171 DPRINTF("IO error\n");
172 r->bus->complete(r->bus, SCSI_REASON_DATA, r->tag, 0);
173 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NO_SENSE);
174 return;
175 }
176 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->tag, r->iov.iov_len);
177
178 r->bus->complete(r->bus, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
179 }
180
181 /* Read more data from scsi device into buffer. */
182 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
183 {
184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
185 SCSIRequest *r;
186 uint32_t n;
187
188 r = scsi_find_request(s, tag);
189 if (!r) {
190 BADF("Bad read tag 0x%x\n", tag);
191 /* ??? This is the wrong error. */
192 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
193 return;
194 }
195 if (r->sector_count == (uint32_t)-1) {
196 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
197 r->sector_count = 0;
198 r->bus->complete(r->bus, SCSI_REASON_DATA, r->tag, r->iov.iov_len);
199 return;
200 }
201 DPRINTF("Read sector_count=%d\n", r->sector_count);
202 if (r->sector_count == 0) {
203 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
204 return;
205 }
206
207 n = r->sector_count;
208 if (n > SCSI_DMA_BUF_SIZE / 512)
209 n = SCSI_DMA_BUF_SIZE / 512;
210
211 r->iov.iov_len = n * 512;
212 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
213 r->aiocb = bdrv_aio_readv(s->dinfo->bdrv, r->sector, &r->qiov, n,
214 scsi_read_complete, r);
215 if (r->aiocb == NULL)
216 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
217 r->sector += n;
218 r->sector_count -= n;
219 }
220
221 static int scsi_handle_write_error(SCSIRequest *r, int error)
222 {
223 BlockInterfaceErrorAction action = drive_get_onerror(r->dev->dinfo->bdrv);
224
225 if (action == BLOCK_ERR_IGNORE)
226 return 0;
227
228 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
229 || action == BLOCK_ERR_STOP_ANY) {
230 r->status |= SCSI_REQ_STATUS_RETRY;
231 vm_stop(0);
232 } else {
233 scsi_command_complete(r, STATUS_CHECK_CONDITION,
234 SENSE_HARDWARE_ERROR);
235 }
236
237 return 1;
238 }
239
240 static void scsi_write_complete(void * opaque, int ret)
241 {
242 SCSIRequest *r = (SCSIRequest *)opaque;
243 uint32_t len;
244 uint32_t n;
245
246 r->aiocb = NULL;
247
248 if (ret) {
249 if (scsi_handle_write_error(r, -ret))
250 return;
251 }
252
253 n = r->iov.iov_len / 512;
254 r->sector += n;
255 r->sector_count -= n;
256 if (r->sector_count == 0) {
257 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
258 } else {
259 len = r->sector_count * 512;
260 if (len > SCSI_DMA_BUF_SIZE) {
261 len = SCSI_DMA_BUF_SIZE;
262 }
263 r->iov.iov_len = len;
264 DPRINTF("Write complete tag=0x%x more=%d\n", r->tag, len);
265 r->bus->complete(r->bus, SCSI_REASON_DATA, r->tag, len);
266 }
267 }
268
269 static void scsi_write_request(SCSIRequest *r)
270 {
271 SCSIDiskState *s = r->dev;
272 uint32_t n;
273
274 n = r->iov.iov_len / 512;
275 if (n) {
276 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
277 r->aiocb = bdrv_aio_writev(s->dinfo->bdrv, r->sector, &r->qiov, n,
278 scsi_write_complete, r);
279 if (r->aiocb == NULL)
280 scsi_command_complete(r, STATUS_CHECK_CONDITION,
281 SENSE_HARDWARE_ERROR);
282 } else {
283 /* Invoke completion routine to fetch data from host. */
284 scsi_write_complete(r, 0);
285 }
286 }
287
288 /* Write data to a scsi device. Returns nonzero on failure.
289 The transfer may complete asynchronously. */
290 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
291 {
292 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
293 SCSIRequest *r;
294
295 DPRINTF("Write data tag=0x%x\n", tag);
296 r = scsi_find_request(s, tag);
297 if (!r) {
298 BADF("Bad write tag 0x%x\n", tag);
299 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
300 return 1;
301 }
302
303 if (r->aiocb)
304 BADF("Data transfer already in progress\n");
305
306 scsi_write_request(r);
307
308 return 0;
309 }
310
311 static void scsi_dma_restart_bh(void *opaque)
312 {
313 SCSIDiskState *s = opaque;
314 SCSIRequest *r = s->requests;
315
316 qemu_bh_delete(s->bh);
317 s->bh = NULL;
318
319 while (r) {
320 if (r->status & SCSI_REQ_STATUS_RETRY) {
321 r->status &= ~SCSI_REQ_STATUS_RETRY;
322 scsi_write_request(r);
323 }
324 r = r->next;
325 }
326 }
327
328 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
329 {
330 SCSIDiskState *s = opaque;
331
332 if (!running)
333 return;
334
335 if (!s->bh) {
336 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
337 qemu_bh_schedule(s->bh);
338 }
339 }
340
341 /* Return a pointer to the data buffer. */
342 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
343 {
344 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
345 SCSIRequest *r;
346
347 r = scsi_find_request(s, tag);
348 if (!r) {
349 BADF("Bad buffer tag 0x%x\n", tag);
350 return NULL;
351 }
352 return (uint8_t *)r->iov.iov_base;
353 }
354
355 /* Execute a scsi command. Returns the length of the data expected by the
356 command. This will be Positive for data transfers from the device
357 (eg. disk reads), negative for transfers to the device (eg. disk writes),
358 and zero if the command does not transfer any data. */
359
360 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
361 uint8_t *buf, int lun)
362 {
363 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
364 uint64_t nb_sectors;
365 uint64_t lba;
366 uint32_t len;
367 int cmdlen;
368 int is_write;
369 uint8_t command;
370 uint8_t *outbuf;
371 SCSIRequest *r;
372
373 command = buf[0];
374 r = scsi_find_request(s, tag);
375 if (r) {
376 BADF("Tag 0x%x already in use\n", tag);
377 scsi_cancel_io(d, tag);
378 }
379 /* ??? Tags are not unique for different luns. We only implement a
380 single lun, so this should not matter. */
381 r = scsi_new_request(d, tag);
382 outbuf = (uint8_t *)r->iov.iov_base;
383 is_write = 0;
384 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
385 switch (command >> 5) {
386 case 0:
387 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
388 (((uint64_t) buf[1] & 0x1f) << 16);
389 len = buf[4];
390 cmdlen = 6;
391 break;
392 case 1:
393 case 2:
394 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
395 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
396 len = buf[8] | (buf[7] << 8);
397 cmdlen = 10;
398 break;
399 case 4:
400 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
401 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
402 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
403 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
404 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
405 cmdlen = 16;
406 break;
407 case 5:
408 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
409 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
410 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
411 cmdlen = 12;
412 break;
413 default:
414 BADF("Unsupported command length, command %x\n", command);
415 goto fail;
416 }
417 #ifdef DEBUG_SCSI
418 {
419 int i;
420 for (i = 1; i < cmdlen; i++) {
421 printf(" 0x%02x", buf[i]);
422 }
423 printf("\n");
424 }
425 #endif
426 if (lun || buf[1] >> 5) {
427 /* Only LUN 0 supported. */
428 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
429 if (command != 0x03 && command != 0x12) /* REQUEST SENSE and INQUIRY */
430 goto fail;
431 }
432 switch (command) {
433 case 0x0:
434 DPRINTF("Test Unit Ready\n");
435 if (!bdrv_is_inserted(s->dinfo->bdrv))
436 goto notready;
437 break;
438 case 0x03:
439 DPRINTF("Request Sense (len %d)\n", len);
440 if (len < 4)
441 goto fail;
442 memset(outbuf, 0, 4);
443 r->iov.iov_len = 4;
444 if (s->sense == SENSE_NOT_READY && len >= 18) {
445 memset(outbuf, 0, 18);
446 r->iov.iov_len = 18;
447 outbuf[7] = 10;
448 /* asc 0x3a, ascq 0: Medium not present */
449 outbuf[12] = 0x3a;
450 outbuf[13] = 0;
451 }
452 outbuf[0] = 0xf0;
453 outbuf[1] = 0;
454 outbuf[2] = s->sense;
455 break;
456 case 0x12:
457 DPRINTF("Inquiry (len %d)\n", len);
458 if (buf[1] & 0x2) {
459 /* Command support data - optional, not implemented */
460 BADF("optional INQUIRY command support request not implemented\n");
461 goto fail;
462 }
463 else if (buf[1] & 0x1) {
464 /* Vital product data */
465 uint8_t page_code = buf[2];
466 if (len < 4) {
467 BADF("Error: Inquiry (EVPD[%02X]) buffer size %d is "
468 "less than 4\n", page_code, len);
469 goto fail;
470 }
471
472 switch (page_code) {
473 case 0x00:
474 {
475 /* Supported page codes, mandatory */
476 DPRINTF("Inquiry EVPD[Supported pages] "
477 "buffer size %d\n", len);
478
479 r->iov.iov_len = 0;
480
481 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
482 outbuf[r->iov.iov_len++] = 5;
483 } else {
484 outbuf[r->iov.iov_len++] = 0;
485 }
486
487 outbuf[r->iov.iov_len++] = 0x00; // this page
488 outbuf[r->iov.iov_len++] = 0x00;
489 outbuf[r->iov.iov_len++] = 3; // number of pages
490 outbuf[r->iov.iov_len++] = 0x00; // list of supported pages (this page)
491 outbuf[r->iov.iov_len++] = 0x80; // unit serial number
492 outbuf[r->iov.iov_len++] = 0x83; // device identification
493 }
494 break;
495 case 0x80:
496 {
497 int l;
498
499 /* Device serial number, optional */
500 if (len < 4) {
501 BADF("Error: EVPD[Serial number] Inquiry buffer "
502 "size %d too small, %d needed\n", len, 4);
503 goto fail;
504 }
505
506 DPRINTF("Inquiry EVPD[Serial number] buffer size %d\n", len);
507 l = MIN(len, strlen(s->drive_serial_str));
508
509 r->iov.iov_len = 0;
510
511 /* Supported page codes */
512 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
513 outbuf[r->iov.iov_len++] = 5;
514 } else {
515 outbuf[r->iov.iov_len++] = 0;
516 }
517
518 outbuf[r->iov.iov_len++] = 0x80; // this page
519 outbuf[r->iov.iov_len++] = 0x00;
520 outbuf[r->iov.iov_len++] = l;
521 memcpy(&outbuf[r->iov.iov_len], s->drive_serial_str, l);
522 r->iov.iov_len += l;
523 }
524
525 break;
526 case 0x83:
527 {
528 /* Device identification page, mandatory */
529 int max_len = 255 - 8;
530 int id_len = strlen(bdrv_get_device_name(s->dinfo->bdrv));
531 if (id_len > max_len)
532 id_len = max_len;
533
534 DPRINTF("Inquiry EVPD[Device identification] "
535 "buffer size %d\n", len);
536 r->iov.iov_len = 0;
537 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
538 outbuf[r->iov.iov_len++] = 5;
539 } else {
540 outbuf[r->iov.iov_len++] = 0;
541 }
542
543 outbuf[r->iov.iov_len++] = 0x83; // this page
544 outbuf[r->iov.iov_len++] = 0x00;
545 outbuf[r->iov.iov_len++] = 3 + id_len;
546
547 outbuf[r->iov.iov_len++] = 0x2; // ASCII
548 outbuf[r->iov.iov_len++] = 0; // not officially assigned
549 outbuf[r->iov.iov_len++] = 0; // reserved
550 outbuf[r->iov.iov_len++] = id_len; // length of data following
551
552 memcpy(&outbuf[r->iov.iov_len],
553 bdrv_get_device_name(s->dinfo->bdrv), id_len);
554 r->iov.iov_len += id_len;
555 }
556 break;
557 default:
558 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
559 "buffer size %d\n", page_code, len);
560 goto fail;
561 }
562 /* done with EVPD */
563 break;
564 }
565 else {
566 /* Standard INQUIRY data */
567 if (buf[2] != 0) {
568 BADF("Error: Inquiry (STANDARD) page or code "
569 "is non-zero [%02X]\n", buf[2]);
570 goto fail;
571 }
572
573 /* PAGE CODE == 0 */
574 if (len < 5) {
575 BADF("Error: Inquiry (STANDARD) buffer size %d "
576 "is less than 5\n", len);
577 goto fail;
578 }
579
580 if (len < 36) {
581 BADF("Error: Inquiry (STANDARD) buffer size %d "
582 "is less than 36 (TODO: only 5 required)\n", len);
583 }
584 }
585
586 if(len > SCSI_MAX_INQUIRY_LEN)
587 len = SCSI_MAX_INQUIRY_LEN;
588
589 memset(outbuf, 0, len);
590
591 if (lun || buf[1] >> 5) {
592 outbuf[0] = 0x7f; /* LUN not supported */
593 } else if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
594 outbuf[0] = 5;
595 outbuf[1] = 0x80;
596 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
597 } else {
598 outbuf[0] = 0;
599 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
600 }
601 memcpy(&outbuf[8], "QEMU ", 8);
602 memcpy(&outbuf[32], QEMU_VERSION, 4);
603 /* Identify device as SCSI-3 rev 1.
604 Some later commands are also implemented. */
605 outbuf[2] = 3;
606 outbuf[3] = 2; /* Format 2 */
607 outbuf[4] = len - 5; /* Additional Length = (Len - 1) - 4 */
608 /* Sync data transfer and TCQ. */
609 outbuf[7] = 0x10 | (r->bus->tcq ? 0x02 : 0);
610 r->iov.iov_len = len;
611 break;
612 case 0x16:
613 DPRINTF("Reserve(6)\n");
614 if (buf[1] & 1)
615 goto fail;
616 break;
617 case 0x17:
618 DPRINTF("Release(6)\n");
619 if (buf[1] & 1)
620 goto fail;
621 break;
622 case 0x1a:
623 case 0x5a:
624 {
625 uint8_t *p;
626 int page;
627
628 page = buf[2] & 0x3f;
629 DPRINTF("Mode Sense (page %d, len %d)\n", page, len);
630 p = outbuf;
631 memset(p, 0, 4);
632 outbuf[1] = 0; /* Default media type. */
633 outbuf[3] = 0; /* Block descriptor length. */
634 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
635 outbuf[2] = 0x80; /* Readonly. */
636 }
637 p += 4;
638 if (page == 4) {
639 int cylinders, heads, secs;
640
641 /* Rigid disk device geometry page. */
642 p[0] = 4;
643 p[1] = 0x16;
644 /* if a geometry hint is available, use it */
645 bdrv_get_geometry_hint(s->dinfo->bdrv, &cylinders, &heads, &secs);
646 p[2] = (cylinders >> 16) & 0xff;
647 p[3] = (cylinders >> 8) & 0xff;
648 p[4] = cylinders & 0xff;
649 p[5] = heads & 0xff;
650 /* Write precomp start cylinder, disabled */
651 p[6] = (cylinders >> 16) & 0xff;
652 p[7] = (cylinders >> 8) & 0xff;
653 p[8] = cylinders & 0xff;
654 /* Reduced current start cylinder, disabled */
655 p[9] = (cylinders >> 16) & 0xff;
656 p[10] = (cylinders >> 8) & 0xff;
657 p[11] = cylinders & 0xff;
658 /* Device step rate [ns], 200ns */
659 p[12] = 0;
660 p[13] = 200;
661 /* Landing zone cylinder */
662 p[14] = 0xff;
663 p[15] = 0xff;
664 p[16] = 0xff;
665 /* Medium rotation rate [rpm], 5400 rpm */
666 p[20] = (5400 >> 8) & 0xff;
667 p[21] = 5400 & 0xff;
668 p += 0x16;
669 } else if (page == 5) {
670 int cylinders, heads, secs;
671
672 /* Flexible disk device geometry page. */
673 p[0] = 5;
674 p[1] = 0x1e;
675 /* Transfer rate [kbit/s], 5Mbit/s */
676 p[2] = 5000 >> 8;
677 p[3] = 5000 & 0xff;
678 /* if a geometry hint is available, use it */
679 bdrv_get_geometry_hint(s->dinfo->bdrv, &cylinders, &heads, &secs);
680 p[4] = heads & 0xff;
681 p[5] = secs & 0xff;
682 p[6] = s->cluster_size * 2;
683 p[8] = (cylinders >> 8) & 0xff;
684 p[9] = cylinders & 0xff;
685 /* Write precomp start cylinder, disabled */
686 p[10] = (cylinders >> 8) & 0xff;
687 p[11] = cylinders & 0xff;
688 /* Reduced current start cylinder, disabled */
689 p[12] = (cylinders >> 8) & 0xff;
690 p[13] = cylinders & 0xff;
691 /* Device step rate [100us], 100us */
692 p[14] = 0;
693 p[15] = 1;
694 /* Device step pulse width [us], 1us */
695 p[16] = 1;
696 /* Device head settle delay [100us], 100us */
697 p[17] = 0;
698 p[18] = 1;
699 /* Motor on delay [0.1s], 0.1s */
700 p[19] = 1;
701 /* Motor off delay [0.1s], 0.1s */
702 p[20] = 1;
703 /* Medium rotation rate [rpm], 5400 rpm */
704 p[28] = (5400 >> 8) & 0xff;
705 p[29] = 5400 & 0xff;
706 p += 0x1e;
707 } else if ((page == 8 || page == 0x3f)) {
708 /* Caching page. */
709 memset(p,0,20);
710 p[0] = 8;
711 p[1] = 0x12;
712 if (bdrv_enable_write_cache(s->dinfo->bdrv)) {
713 p[2] = 4; /* WCE */
714 }
715 p += 20;
716 }
717 if ((page == 0x3f || page == 0x2a)
718 && (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM)) {
719 /* CD Capabilities and Mechanical Status page. */
720 p[0] = 0x2a;
721 p[1] = 0x14;
722 p[2] = 3; // CD-R & CD-RW read
723 p[3] = 0; // Writing not supported
724 p[4] = 0x7f; /* Audio, composite, digital out,
725 mode 2 form 1&2, multi session */
726 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
727 RW corrected, C2 errors, ISRC,
728 UPC, Bar code */
729 p[6] = 0x2d | (bdrv_is_locked(s->dinfo->bdrv)? 2 : 0);
730 /* Locking supported, jumper present, eject, tray */
731 p[7] = 0; /* no volume & mute control, no
732 changer */
733 p[8] = (50 * 176) >> 8; // 50x read speed
734 p[9] = (50 * 176) & 0xff;
735 p[10] = 0 >> 8; // No volume
736 p[11] = 0 & 0xff;
737 p[12] = 2048 >> 8; // 2M buffer
738 p[13] = 2048 & 0xff;
739 p[14] = (16 * 176) >> 8; // 16x read speed current
740 p[15] = (16 * 176) & 0xff;
741 p[18] = (16 * 176) >> 8; // 16x write speed
742 p[19] = (16 * 176) & 0xff;
743 p[20] = (16 * 176) >> 8; // 16x write speed current
744 p[21] = (16 * 176) & 0xff;
745 p += 22;
746 }
747 r->iov.iov_len = p - outbuf;
748 outbuf[0] = r->iov.iov_len - 4;
749 if (r->iov.iov_len > len)
750 r->iov.iov_len = len;
751 }
752 break;
753 case 0x1b:
754 DPRINTF("Start Stop Unit\n");
755 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM &&
756 (buf[4] & 2))
757 /* load/eject medium */
758 bdrv_eject(s->dinfo->bdrv, !(buf[4] & 1));
759 break;
760 case 0x1e:
761 DPRINTF("Prevent Allow Medium Removal (prevent = %d)\n", buf[4] & 3);
762 bdrv_set_locked(s->dinfo->bdrv, buf[4] & 1);
763 break;
764 case 0x25:
765 DPRINTF("Read Capacity\n");
766 /* The normal LEN field for this command is zero. */
767 memset(outbuf, 0, 8);
768 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
769 nb_sectors /= s->cluster_size;
770 /* Returned value is the address of the last sector. */
771 if (nb_sectors) {
772 nb_sectors--;
773 /* Remember the new size for read/write sanity checking. */
774 s->max_lba = nb_sectors;
775 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
776 if (nb_sectors > UINT32_MAX)
777 nb_sectors = UINT32_MAX;
778 outbuf[0] = (nb_sectors >> 24) & 0xff;
779 outbuf[1] = (nb_sectors >> 16) & 0xff;
780 outbuf[2] = (nb_sectors >> 8) & 0xff;
781 outbuf[3] = nb_sectors & 0xff;
782 outbuf[4] = 0;
783 outbuf[5] = 0;
784 outbuf[6] = s->cluster_size * 2;
785 outbuf[7] = 0;
786 r->iov.iov_len = 8;
787 } else {
788 notready:
789 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
790 return 0;
791 }
792 break;
793 case 0x08:
794 case 0x28:
795 case 0x88:
796 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
797 if (lba > s->max_lba)
798 goto illegal_lba;
799 r->sector = lba * s->cluster_size;
800 r->sector_count = len * s->cluster_size;
801 break;
802 case 0x0a:
803 case 0x2a:
804 case 0x8a:
805 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
806 if (lba > s->max_lba)
807 goto illegal_lba;
808 r->sector = lba * s->cluster_size;
809 r->sector_count = len * s->cluster_size;
810 is_write = 1;
811 break;
812 case 0x35:
813 DPRINTF("Synchronise cache (sector %" PRId64 ", count %d)\n", lba, len);
814 bdrv_flush(s->dinfo->bdrv);
815 break;
816 case 0x43:
817 {
818 int start_track, format, msf, toclen;
819
820 msf = buf[1] & 2;
821 format = buf[2] & 0xf;
822 start_track = buf[6];
823 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
824 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
825 nb_sectors /= s->cluster_size;
826 switch(format) {
827 case 0:
828 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
829 break;
830 case 1:
831 /* multi session : only a single session defined */
832 toclen = 12;
833 memset(outbuf, 0, 12);
834 outbuf[1] = 0x0a;
835 outbuf[2] = 0x01;
836 outbuf[3] = 0x01;
837 break;
838 case 2:
839 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
840 break;
841 default:
842 goto error_cmd;
843 }
844 if (toclen > 0) {
845 if (len > toclen)
846 len = toclen;
847 r->iov.iov_len = len;
848 break;
849 }
850 error_cmd:
851 DPRINTF("Read TOC error\n");
852 goto fail;
853 }
854 case 0x46:
855 DPRINTF("Get Configuration (rt %d, maxlen %d)\n", buf[1] & 3, len);
856 memset(outbuf, 0, 8);
857 /* ??? This should probably return much more information. For now
858 just return the basic header indicating the CD-ROM profile. */
859 outbuf[7] = 8; // CD-ROM
860 r->iov.iov_len = 8;
861 break;
862 case 0x56:
863 DPRINTF("Reserve(10)\n");
864 if (buf[1] & 3)
865 goto fail;
866 break;
867 case 0x57:
868 DPRINTF("Release(10)\n");
869 if (buf[1] & 3)
870 goto fail;
871 break;
872 case 0x9e:
873 /* Service Action In subcommands. */
874 if ((buf[1] & 31) == 0x10) {
875 DPRINTF("SAI READ CAPACITY(16)\n");
876 memset(outbuf, 0, len);
877 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
878 nb_sectors /= s->cluster_size;
879 /* Returned value is the address of the last sector. */
880 if (nb_sectors) {
881 nb_sectors--;
882 /* Remember the new size for read/write sanity checking. */
883 s->max_lba = nb_sectors;
884 outbuf[0] = (nb_sectors >> 56) & 0xff;
885 outbuf[1] = (nb_sectors >> 48) & 0xff;
886 outbuf[2] = (nb_sectors >> 40) & 0xff;
887 outbuf[3] = (nb_sectors >> 32) & 0xff;
888 outbuf[4] = (nb_sectors >> 24) & 0xff;
889 outbuf[5] = (nb_sectors >> 16) & 0xff;
890 outbuf[6] = (nb_sectors >> 8) & 0xff;
891 outbuf[7] = nb_sectors & 0xff;
892 outbuf[8] = 0;
893 outbuf[9] = 0;
894 outbuf[10] = s->cluster_size * 2;
895 outbuf[11] = 0;
896 /* Protection, exponent and lowest lba field left blank. */
897 r->iov.iov_len = len;
898 } else {
899 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_NOT_READY);
900 return 0;
901 }
902 break;
903 }
904 DPRINTF("Unsupported Service Action In\n");
905 goto fail;
906 case 0xa0:
907 DPRINTF("Report LUNs (len %d)\n", len);
908 if (len < 16)
909 goto fail;
910 memset(outbuf, 0, 16);
911 outbuf[3] = 8;
912 r->iov.iov_len = 16;
913 break;
914 case 0x2f:
915 DPRINTF("Verify (sector %" PRId64 ", count %d)\n", lba, len);
916 break;
917 default:
918 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
919 fail:
920 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_ILLEGAL_REQUEST);
921 return 0;
922 illegal_lba:
923 scsi_command_complete(r, STATUS_CHECK_CONDITION, SENSE_HARDWARE_ERROR);
924 return 0;
925 }
926 if (r->sector_count == 0 && r->iov.iov_len == 0) {
927 scsi_command_complete(r, STATUS_GOOD, SENSE_NO_SENSE);
928 }
929 len = r->sector_count * 512 + r->iov.iov_len;
930 if (is_write) {
931 return -len;
932 } else {
933 if (!r->sector_count)
934 r->sector_count = -1;
935 return len;
936 }
937 }
938
939 static void scsi_destroy(SCSIDevice *dev)
940 {
941 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
942
943 drive_uninit(s->dinfo);
944 }
945
946 static int scsi_disk_initfn(SCSIDevice *dev)
947 {
948 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
949 uint64_t nb_sectors;
950
951 if (!s->dinfo || !s->dinfo->bdrv) {
952 qemu_error("scsi-disk: drive property not set\n");
953 return -1;
954 }
955
956 if (bdrv_get_type_hint(s->dinfo->bdrv) == BDRV_TYPE_CDROM) {
957 s->cluster_size = 4;
958 } else {
959 s->cluster_size = 1;
960 }
961 bdrv_get_geometry(s->dinfo->bdrv, &nb_sectors);
962 nb_sectors /= s->cluster_size;
963 if (nb_sectors)
964 nb_sectors--;
965 s->max_lba = nb_sectors;
966 strncpy(s->drive_serial_str, drive_get_serial(s->dinfo->bdrv),
967 sizeof(s->drive_serial_str));
968 if (strlen(s->drive_serial_str) == 0)
969 pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), "0");
970 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
971 return 0;
972 }
973
974 static SCSIDeviceInfo scsi_disk_info = {
975 .qdev.name = "scsi-disk",
976 .qdev.desc = "virtual scsi disk or cdrom",
977 .qdev.size = sizeof(SCSIDiskState),
978 .init = scsi_disk_initfn,
979 .destroy = scsi_destroy,
980 .send_command = scsi_send_command,
981 .read_data = scsi_read_data,
982 .write_data = scsi_write_data,
983 .cancel_io = scsi_cancel_io,
984 .get_buf = scsi_get_buf,
985 .qdev.props = (Property[]) {
986 DEFINE_PROP_DRIVE("drive", SCSIDiskState, dinfo),
987 DEFINE_PROP_END_OF_LIST(),
988 },
989 };
990
991 static void scsi_disk_register_devices(void)
992 {
993 scsi_qdev_register(&scsi_disk_info);
994 }
995 device_init(scsi_disk_register_devices)
QEMU mirror