]> git.proxmox.com Git - mirror_qemu.git/blob - hw/scsi-disk.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hw/block-common: Factor out fall back to legacy -drive serial=...
[mirror_qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "hw/block-common.h"
38 #include "dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIDiskReq {
50 SCSIRequest req;
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 uint32_t buflen;
55 bool started;
56 struct iovec iov;
57 QEMUIOVector qiov;
58 BlockAcctCookie acct;
59 } SCSIDiskReq;
60
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t features;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 uint64_t wwn;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 bool tray_open;
76 bool tray_locked;
77 };
78
79 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
80
81 static void scsi_free_request(SCSIRequest *req)
82 {
83 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
84
85 if (r->iov.iov_base) {
86 qemu_vfree(r->iov.iov_base);
87 }
88 }
89
90 /* Helper function for command completion with sense. */
91 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
92 {
93 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
94 r->req.tag, sense.key, sense.asc, sense.ascq);
95 scsi_req_build_sense(&r->req, sense);
96 scsi_req_complete(&r->req, CHECK_CONDITION);
97 }
98
99 /* Cancel a pending data transfer. */
100 static void scsi_cancel_io(SCSIRequest *req)
101 {
102 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
103
104 DPRINTF("Cancel tag=0x%x\n", req->tag);
105 if (r->req.aiocb) {
106 bdrv_aio_cancel(r->req.aiocb);
107
108 /* This reference was left in by scsi_*_data. We take ownership of
109 * it the moment scsi_req_cancel is called, independent of whether
110 * bdrv_aio_cancel completes the request or not. */
111 scsi_req_unref(&r->req);
112 }
113 r->req.aiocb = NULL;
114 }
115
116 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
117 {
118 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
119
120 if (!r->iov.iov_base) {
121 r->buflen = size;
122 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
123 }
124 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
125 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
126 return r->qiov.size / 512;
127 }
128
129 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
130 {
131 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
132
133 qemu_put_be64s(f, &r->sector);
134 qemu_put_be32s(f, &r->sector_count);
135 qemu_put_be32s(f, &r->buflen);
136 if (r->buflen) {
137 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
138 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 } else if (!req->retry) {
140 uint32_t len = r->iov.iov_len;
141 qemu_put_be32s(f, &len);
142 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
143 }
144 }
145 }
146
147 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
148 {
149 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
150
151 qemu_get_be64s(f, &r->sector);
152 qemu_get_be32s(f, &r->sector_count);
153 qemu_get_be32s(f, &r->buflen);
154 if (r->buflen) {
155 scsi_init_iovec(r, r->buflen);
156 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
157 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
158 } else if (!r->req.retry) {
159 uint32_t len;
160 qemu_get_be32s(f, &len);
161 r->iov.iov_len = len;
162 assert(r->iov.iov_len <= r->buflen);
163 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
164 }
165 }
166
167 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
168 }
169
170 static void scsi_flush_complete(void * opaque, int ret)
171 {
172 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
173 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
174
175 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
176
177 if (ret < 0) {
178 if (scsi_handle_rw_error(r, -ret)) {
179 goto done;
180 }
181 }
182
183 scsi_req_complete(&r->req, GOOD);
184
185 done:
186 if (!r->req.io_canceled) {
187 scsi_req_unref(&r->req);
188 }
189 }
190
191 static bool scsi_is_cmd_fua(SCSICommand *cmd)
192 {
193 switch (cmd->buf[0]) {
194 case READ_10:
195 case READ_12:
196 case READ_16:
197 case WRITE_10:
198 case WRITE_12:
199 case WRITE_16:
200 return (cmd->buf[1] & 8) != 0;
201
202 case VERIFY_10:
203 case VERIFY_12:
204 case VERIFY_16:
205 case WRITE_VERIFY_10:
206 case WRITE_VERIFY_12:
207 case WRITE_VERIFY_16:
208 return true;
209
210 case READ_6:
211 case WRITE_6:
212 default:
213 return false;
214 }
215 }
216
217 static void scsi_write_do_fua(SCSIDiskReq *r)
218 {
219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
220
221 if (scsi_is_cmd_fua(&r->req.cmd)) {
222 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
223 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
224 return;
225 }
226
227 scsi_req_complete(&r->req, GOOD);
228 if (!r->req.io_canceled) {
229 scsi_req_unref(&r->req);
230 }
231 }
232
233 static void scsi_dma_complete(void *opaque, int ret)
234 {
235 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
236 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
237
238 if (r->req.aiocb != NULL) {
239 r->req.aiocb = NULL;
240 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
241 }
242
243 if (ret < 0) {
244 if (scsi_handle_rw_error(r, -ret)) {
245 goto done;
246 }
247 }
248
249 r->sector += r->sector_count;
250 r->sector_count = 0;
251 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
252 scsi_write_do_fua(r);
253 return;
254 } else {
255 scsi_req_complete(&r->req, GOOD);
256 }
257
258 done:
259 if (!r->req.io_canceled) {
260 scsi_req_unref(&r->req);
261 }
262 }
263
264 static void scsi_read_complete(void * opaque, int ret)
265 {
266 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
267 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
268 int n;
269
270 if (r->req.aiocb != NULL) {
271 r->req.aiocb = NULL;
272 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
273 }
274
275 if (ret < 0) {
276 if (scsi_handle_rw_error(r, -ret)) {
277 goto done;
278 }
279 }
280
281 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
282
283 n = r->qiov.size / 512;
284 r->sector += n;
285 r->sector_count -= n;
286 scsi_req_data(&r->req, r->qiov.size);
287
288 done:
289 if (!r->req.io_canceled) {
290 scsi_req_unref(&r->req);
291 }
292 }
293
294 /* Actually issue a read to the block device. */
295 static void scsi_do_read(void *opaque, int ret)
296 {
297 SCSIDiskReq *r = opaque;
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
299 uint32_t n;
300
301 if (r->req.aiocb != NULL) {
302 r->req.aiocb = NULL;
303 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
304 }
305
306 if (ret < 0) {
307 if (scsi_handle_rw_error(r, -ret)) {
308 goto done;
309 }
310 }
311
312 if (r->req.io_canceled) {
313 return;
314 }
315
316 /* The request is used as the AIO opaque value, so add a ref. */
317 scsi_req_ref(&r->req);
318
319 if (r->req.sg) {
320 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
321 r->req.resid -= r->req.sg->size;
322 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
323 scsi_dma_complete, r);
324 } else {
325 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
326 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
327 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
328 scsi_read_complete, r);
329 }
330
331 done:
332 if (!r->req.io_canceled) {
333 scsi_req_unref(&r->req);
334 }
335 }
336
337 /* Read more data from scsi device into buffer. */
338 static void scsi_read_data(SCSIRequest *req)
339 {
340 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
341 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
342 bool first;
343
344 if (r->sector_count == (uint32_t)-1) {
345 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
346 r->sector_count = 0;
347 r->started = true;
348 scsi_req_data(&r->req, r->iov.iov_len);
349 return;
350 }
351 DPRINTF("Read sector_count=%d\n", r->sector_count);
352 if (r->sector_count == 0) {
353 /* This also clears the sense buffer for REQUEST SENSE. */
354 scsi_req_complete(&r->req, GOOD);
355 return;
356 }
357
358 /* No data transfer may already be in progress */
359 assert(r->req.aiocb == NULL);
360
361 /* The request is used as the AIO opaque value, so add a ref. */
362 scsi_req_ref(&r->req);
363 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
364 DPRINTF("Data transfer direction invalid\n");
365 scsi_read_complete(r, -EINVAL);
366 return;
367 }
368
369 if (s->tray_open) {
370 scsi_read_complete(r, -ENOMEDIUM);
371 return;
372 }
373
374 first = !r->started;
375 r->started = true;
376 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
377 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
378 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
379 } else {
380 scsi_do_read(r, 0);
381 }
382 }
383
384 /*
385 * scsi_handle_rw_error has two return values. 0 means that the error
386 * must be ignored, 1 means that the error has been processed and the
387 * caller should not do anything else for this request. Note that
388 * scsi_handle_rw_error always manages its reference counts, independent
389 * of the return value.
390 */
391 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
392 {
393 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
394 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
395 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
396
397 if (action == BLOCK_ERR_IGNORE) {
398 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
399 return 0;
400 }
401
402 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
403 || action == BLOCK_ERR_STOP_ANY) {
404
405 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
406 vm_stop(RUN_STATE_IO_ERROR);
407 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
408 scsi_req_retry(&r->req);
409 } else {
410 switch (error) {
411 case ENOMEDIUM:
412 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
413 break;
414 case ENOMEM:
415 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
416 break;
417 case EINVAL:
418 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
419 break;
420 default:
421 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
422 break;
423 }
424 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
425 }
426 return 1;
427 }
428
429 static void scsi_write_complete(void * opaque, int ret)
430 {
431 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
432 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
433 uint32_t n;
434
435 if (r->req.aiocb != NULL) {
436 r->req.aiocb = NULL;
437 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
438 }
439
440 if (ret < 0) {
441 if (scsi_handle_rw_error(r, -ret)) {
442 goto done;
443 }
444 }
445
446 n = r->qiov.size / 512;
447 r->sector += n;
448 r->sector_count -= n;
449 if (r->sector_count == 0) {
450 scsi_write_do_fua(r);
451 return;
452 } else {
453 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
454 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
455 scsi_req_data(&r->req, r->qiov.size);
456 }
457
458 done:
459 if (!r->req.io_canceled) {
460 scsi_req_unref(&r->req);
461 }
462 }
463
464 static void scsi_write_data(SCSIRequest *req)
465 {
466 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
467 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
468 uint32_t n;
469
470 /* No data transfer may already be in progress */
471 assert(r->req.aiocb == NULL);
472
473 /* The request is used as the AIO opaque value, so add a ref. */
474 scsi_req_ref(&r->req);
475 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
476 DPRINTF("Data transfer direction invalid\n");
477 scsi_write_complete(r, -EINVAL);
478 return;
479 }
480
481 if (!r->req.sg && !r->qiov.size) {
482 /* Called for the first time. Ask the driver to send us more data. */
483 r->started = true;
484 scsi_write_complete(r, 0);
485 return;
486 }
487 if (s->tray_open) {
488 scsi_write_complete(r, -ENOMEDIUM);
489 return;
490 }
491
492 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
493 r->req.cmd.buf[0] == VERIFY_16) {
494 if (r->req.sg) {
495 scsi_dma_complete(r, 0);
496 } else {
497 scsi_write_complete(r, 0);
498 }
499 return;
500 }
501
502 if (r->req.sg) {
503 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
504 r->req.resid -= r->req.sg->size;
505 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
506 scsi_dma_complete, r);
507 } else {
508 n = r->qiov.size / 512;
509 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
510 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
511 scsi_write_complete, r);
512 }
513 }
514
515 /* Return a pointer to the data buffer. */
516 static uint8_t *scsi_get_buf(SCSIRequest *req)
517 {
518 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
519
520 return (uint8_t *)r->iov.iov_base;
521 }
522
523 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
524 {
525 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
526 int buflen = 0;
527 int start;
528
529 if (req->cmd.buf[1] & 0x1) {
530 /* Vital product data */
531 uint8_t page_code = req->cmd.buf[2];
532
533 outbuf[buflen++] = s->qdev.type & 0x1f;
534 outbuf[buflen++] = page_code ; // this page
535 outbuf[buflen++] = 0x00;
536 outbuf[buflen++] = 0x00;
537 start = buflen;
538
539 switch (page_code) {
540 case 0x00: /* Supported page codes, mandatory */
541 {
542 DPRINTF("Inquiry EVPD[Supported pages] "
543 "buffer size %zd\n", req->cmd.xfer);
544 outbuf[buflen++] = 0x00; // list of supported pages (this page)
545 if (s->serial) {
546 outbuf[buflen++] = 0x80; // unit serial number
547 }
548 outbuf[buflen++] = 0x83; // device identification
549 if (s->qdev.type == TYPE_DISK) {
550 outbuf[buflen++] = 0xb0; // block limits
551 outbuf[buflen++] = 0xb2; // thin provisioning
552 }
553 break;
554 }
555 case 0x80: /* Device serial number, optional */
556 {
557 int l;
558
559 if (!s->serial) {
560 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
561 return -1;
562 }
563
564 l = strlen(s->serial);
565 if (l > 20) {
566 l = 20;
567 }
568
569 DPRINTF("Inquiry EVPD[Serial number] "
570 "buffer size %zd\n", req->cmd.xfer);
571 memcpy(outbuf+buflen, s->serial, l);
572 buflen += l;
573 break;
574 }
575
576 case 0x83: /* Device identification page, mandatory */
577 {
578 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
579 int max_len = s->serial ? 20 : 255 - 8;
580 int id_len = strlen(str);
581
582 if (id_len > max_len) {
583 id_len = max_len;
584 }
585 DPRINTF("Inquiry EVPD[Device identification] "
586 "buffer size %zd\n", req->cmd.xfer);
587
588 outbuf[buflen++] = 0x2; // ASCII
589 outbuf[buflen++] = 0; // not officially assigned
590 outbuf[buflen++] = 0; // reserved
591 outbuf[buflen++] = id_len; // length of data following
592 memcpy(outbuf+buflen, str, id_len);
593 buflen += id_len;
594
595 if (s->wwn) {
596 outbuf[buflen++] = 0x1; // Binary
597 outbuf[buflen++] = 0x3; // NAA
598 outbuf[buflen++] = 0; // reserved
599 outbuf[buflen++] = 8;
600 stq_be_p(&outbuf[buflen], s->wwn);
601 buflen += 8;
602 }
603 break;
604 }
605 case 0xb0: /* block limits */
606 {
607 unsigned int unmap_sectors =
608 s->qdev.conf.discard_granularity / s->qdev.blocksize;
609 unsigned int min_io_size =
610 s->qdev.conf.min_io_size / s->qdev.blocksize;
611 unsigned int opt_io_size =
612 s->qdev.conf.opt_io_size / s->qdev.blocksize;
613
614 if (s->qdev.type == TYPE_ROM) {
615 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
616 page_code);
617 return -1;
618 }
619 /* required VPD size with unmap support */
620 buflen = 0x40;
621 memset(outbuf + 4, 0, buflen - 4);
622
623 /* optimal transfer length granularity */
624 outbuf[6] = (min_io_size >> 8) & 0xff;
625 outbuf[7] = min_io_size & 0xff;
626
627 /* optimal transfer length */
628 outbuf[12] = (opt_io_size >> 24) & 0xff;
629 outbuf[13] = (opt_io_size >> 16) & 0xff;
630 outbuf[14] = (opt_io_size >> 8) & 0xff;
631 outbuf[15] = opt_io_size & 0xff;
632
633 /* optimal unmap granularity */
634 outbuf[28] = (unmap_sectors >> 24) & 0xff;
635 outbuf[29] = (unmap_sectors >> 16) & 0xff;
636 outbuf[30] = (unmap_sectors >> 8) & 0xff;
637 outbuf[31] = unmap_sectors & 0xff;
638 break;
639 }
640 case 0xb2: /* thin provisioning */
641 {
642 buflen = 8;
643 outbuf[4] = 0;
644 outbuf[5] = 0x60; /* write_same 10/16 supported */
645 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
646 outbuf[7] = 0;
647 break;
648 }
649 default:
650 return -1;
651 }
652 /* done with EVPD */
653 assert(buflen - start <= 255);
654 outbuf[start - 1] = buflen - start;
655 return buflen;
656 }
657
658 /* Standard INQUIRY data */
659 if (req->cmd.buf[2] != 0) {
660 return -1;
661 }
662
663 /* PAGE CODE == 0 */
664 buflen = req->cmd.xfer;
665 if (buflen > SCSI_MAX_INQUIRY_LEN) {
666 buflen = SCSI_MAX_INQUIRY_LEN;
667 }
668 memset(outbuf, 0, buflen);
669
670 outbuf[0] = s->qdev.type & 0x1f;
671 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
672 if (s->qdev.type == TYPE_ROM) {
673 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
674 } else {
675 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
676 }
677 memcpy(&outbuf[8], "QEMU ", 8);
678 memset(&outbuf[32], 0, 4);
679 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
680 /*
681 * We claim conformance to SPC-3, which is required for guests
682 * to ask for modern features like READ CAPACITY(16) or the
683 * block characteristics VPD page by default. Not all of SPC-3
684 * is actually implemented, but we're good enough.
685 */
686 outbuf[2] = 5;
687 outbuf[3] = 2; /* Format 2 */
688
689 if (buflen > 36) {
690 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
691 } else {
692 /* If the allocation length of CDB is too small,
693 the additional length is not adjusted */
694 outbuf[4] = 36 - 5;
695 }
696
697 /* Sync data transfer and TCQ. */
698 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
699 return buflen;
700 }
701
702 static inline bool media_is_dvd(SCSIDiskState *s)
703 {
704 uint64_t nb_sectors;
705 if (s->qdev.type != TYPE_ROM) {
706 return false;
707 }
708 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
709 return false;
710 }
711 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
712 return nb_sectors > CD_MAX_SECTORS;
713 }
714
715 static inline bool media_is_cd(SCSIDiskState *s)
716 {
717 uint64_t nb_sectors;
718 if (s->qdev.type != TYPE_ROM) {
719 return false;
720 }
721 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
722 return false;
723 }
724 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
725 return nb_sectors <= CD_MAX_SECTORS;
726 }
727
728 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
729 uint8_t *outbuf)
730 {
731 uint8_t type = r->req.cmd.buf[1] & 7;
732
733 if (s->qdev.type != TYPE_ROM) {
734 return -1;
735 }
736
737 /* Types 1/2 are only defined for Blu-Ray. */
738 if (type != 0) {
739 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
740 return -1;
741 }
742
743 memset(outbuf, 0, 34);
744 outbuf[1] = 32;
745 outbuf[2] = 0xe; /* last session complete, disc finalized */
746 outbuf[3] = 1; /* first track on disc */
747 outbuf[4] = 1; /* # of sessions */
748 outbuf[5] = 1; /* first track of last session */
749 outbuf[6] = 1; /* last track of last session */
750 outbuf[7] = 0x20; /* unrestricted use */
751 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
752 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
753 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
754 /* 24-31: disc bar code */
755 /* 32: disc application code */
756 /* 33: number of OPC tables */
757
758 return 34;
759 }
760
761 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
762 uint8_t *outbuf)
763 {
764 static const int rds_caps_size[5] = {
765 [0] = 2048 + 4,
766 [1] = 4 + 4,
767 [3] = 188 + 4,
768 [4] = 2048 + 4,
769 };
770
771 uint8_t media = r->req.cmd.buf[1];
772 uint8_t layer = r->req.cmd.buf[6];
773 uint8_t format = r->req.cmd.buf[7];
774 int size = -1;
775
776 if (s->qdev.type != TYPE_ROM) {
777 return -1;
778 }
779 if (media != 0) {
780 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
781 return -1;
782 }
783
784 if (format != 0xff) {
785 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
786 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
787 return -1;
788 }
789 if (media_is_cd(s)) {
790 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
791 return -1;
792 }
793 if (format >= ARRAY_SIZE(rds_caps_size)) {
794 return -1;
795 }
796 size = rds_caps_size[format];
797 memset(outbuf, 0, size);
798 }
799
800 switch (format) {
801 case 0x00: {
802 /* Physical format information */
803 uint64_t nb_sectors;
804 if (layer != 0) {
805 goto fail;
806 }
807 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
808
809 outbuf[4] = 1; /* DVD-ROM, part version 1 */
810 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
811 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
812 outbuf[7] = 0; /* default densities */
813
814 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
815 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
816 break;
817 }
818
819 case 0x01: /* DVD copyright information, all zeros */
820 break;
821
822 case 0x03: /* BCA information - invalid field for no BCA info */
823 return -1;
824
825 case 0x04: /* DVD disc manufacturing information, all zeros */
826 break;
827
828 case 0xff: { /* List capabilities */
829 int i;
830 size = 4;
831 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
832 if (!rds_caps_size[i]) {
833 continue;
834 }
835 outbuf[size] = i;
836 outbuf[size + 1] = 0x40; /* Not writable, readable */
837 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
838 size += 4;
839 }
840 break;
841 }
842
843 default:
844 return -1;
845 }
846
847 /* Size of buffer, not including 2 byte size field */
848 stw_be_p(outbuf, size - 2);
849 return size;
850
851 fail:
852 return -1;
853 }
854
855 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
856 {
857 uint8_t event_code, media_status;
858
859 media_status = 0;
860 if (s->tray_open) {
861 media_status = MS_TRAY_OPEN;
862 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
863 media_status = MS_MEDIA_PRESENT;
864 }
865
866 /* Event notification descriptor */
867 event_code = MEC_NO_CHANGE;
868 if (media_status != MS_TRAY_OPEN) {
869 if (s->media_event) {
870 event_code = MEC_NEW_MEDIA;
871 s->media_event = false;
872 } else if (s->eject_request) {
873 event_code = MEC_EJECT_REQUESTED;
874 s->eject_request = false;
875 }
876 }
877
878 outbuf[0] = event_code;
879 outbuf[1] = media_status;
880
881 /* These fields are reserved, just clear them. */
882 outbuf[2] = 0;
883 outbuf[3] = 0;
884 return 4;
885 }
886
887 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
888 uint8_t *outbuf)
889 {
890 int size;
891 uint8_t *buf = r->req.cmd.buf;
892 uint8_t notification_class_request = buf[4];
893 if (s->qdev.type != TYPE_ROM) {
894 return -1;
895 }
896 if ((buf[1] & 1) == 0) {
897 /* asynchronous */
898 return -1;
899 }
900
901 size = 4;
902 outbuf[0] = outbuf[1] = 0;
903 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
904 if (notification_class_request & (1 << GESN_MEDIA)) {
905 outbuf[2] = GESN_MEDIA;
906 size += scsi_event_status_media(s, &outbuf[size]);
907 } else {
908 outbuf[2] = 0x80;
909 }
910 stw_be_p(outbuf, size - 4);
911 return size;
912 }
913
914 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
915 {
916 int current;
917
918 if (s->qdev.type != TYPE_ROM) {
919 return -1;
920 }
921 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
922 memset(outbuf, 0, 40);
923 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
924 stw_be_p(&outbuf[6], current);
925 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
926 outbuf[10] = 0x03; /* persistent, current */
927 outbuf[11] = 8; /* two profiles */
928 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
929 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
930 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
931 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
932 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
933 stw_be_p(&outbuf[20], 1);
934 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
935 outbuf[23] = 8;
936 stl_be_p(&outbuf[24], 1); /* SCSI */
937 outbuf[28] = 1; /* DBE = 1, mandatory */
938 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
939 stw_be_p(&outbuf[32], 3);
940 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
941 outbuf[35] = 4;
942 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
943 /* TODO: Random readable, CD read, DVD read, drive serial number,
944 power management */
945 return 40;
946 }
947
948 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
949 {
950 if (s->qdev.type != TYPE_ROM) {
951 return -1;
952 }
953 memset(outbuf, 0, 8);
954 outbuf[5] = 1; /* CD-ROM */
955 return 8;
956 }
957
958 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
959 int page_control)
960 {
961 static const int mode_sense_valid[0x3f] = {
962 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
963 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
964 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
965 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
966 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
967 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
968 };
969 uint8_t *p = *p_outbuf;
970
971 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
972 return -1;
973 }
974
975 p[0] = page;
976
977 /*
978 * If Changeable Values are requested, a mask denoting those mode parameters
979 * that are changeable shall be returned. As we currently don't support
980 * parameter changes via MODE_SELECT all bits are returned set to zero.
981 * The buffer was already menset to zero by the caller of this function.
982 */
983 switch (page) {
984 case MODE_PAGE_HD_GEOMETRY:
985 p[1] = 0x16;
986 if (page_control == 1) { /* Changeable Values */
987 break;
988 }
989 /* if a geometry hint is available, use it */
990 p[2] = (s->qdev.conf.cyls >> 16) & 0xff;
991 p[3] = (s->qdev.conf.cyls >> 8) & 0xff;
992 p[4] = s->qdev.conf.cyls & 0xff;
993 p[5] = s->qdev.conf.heads & 0xff;
994 /* Write precomp start cylinder, disabled */
995 p[6] = (s->qdev.conf.cyls >> 16) & 0xff;
996 p[7] = (s->qdev.conf.cyls >> 8) & 0xff;
997 p[8] = s->qdev.conf.cyls & 0xff;
998 /* Reduced current start cylinder, disabled */
999 p[9] = (s->qdev.conf.cyls >> 16) & 0xff;
1000 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1001 p[11] = s->qdev.conf.cyls & 0xff;
1002 /* Device step rate [ns], 200ns */
1003 p[12] = 0;
1004 p[13] = 200;
1005 /* Landing zone cylinder */
1006 p[14] = 0xff;
1007 p[15] = 0xff;
1008 p[16] = 0xff;
1009 /* Medium rotation rate [rpm], 5400 rpm */
1010 p[20] = (5400 >> 8) & 0xff;
1011 p[21] = 5400 & 0xff;
1012 break;
1013
1014 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1015 p[1] = 0x1e;
1016 if (page_control == 1) { /* Changeable Values */
1017 break;
1018 }
1019 /* Transfer rate [kbit/s], 5Mbit/s */
1020 p[2] = 5000 >> 8;
1021 p[3] = 5000 & 0xff;
1022 /* if a geometry hint is available, use it */
1023 p[4] = s->qdev.conf.heads & 0xff;
1024 p[5] = s->qdev.conf.secs & 0xff;
1025 p[6] = s->qdev.blocksize >> 8;
1026 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1027 p[9] = s->qdev.conf.cyls & 0xff;
1028 /* Write precomp start cylinder, disabled */
1029 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1030 p[11] = s->qdev.conf.cyls & 0xff;
1031 /* Reduced current start cylinder, disabled */
1032 p[12] = (s->qdev.conf.cyls >> 8) & 0xff;
1033 p[13] = s->qdev.conf.cyls & 0xff;
1034 /* Device step rate [100us], 100us */
1035 p[14] = 0;
1036 p[15] = 1;
1037 /* Device step pulse width [us], 1us */
1038 p[16] = 1;
1039 /* Device head settle delay [100us], 100us */
1040 p[17] = 0;
1041 p[18] = 1;
1042 /* Motor on delay [0.1s], 0.1s */
1043 p[19] = 1;
1044 /* Motor off delay [0.1s], 0.1s */
1045 p[20] = 1;
1046 /* Medium rotation rate [rpm], 5400 rpm */
1047 p[28] = (5400 >> 8) & 0xff;
1048 p[29] = 5400 & 0xff;
1049 break;
1050
1051 case MODE_PAGE_CACHING:
1052 p[0] = 8;
1053 p[1] = 0x12;
1054 if (page_control == 1) { /* Changeable Values */
1055 break;
1056 }
1057 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1058 p[2] = 4; /* WCE */
1059 }
1060 break;
1061
1062 case MODE_PAGE_R_W_ERROR:
1063 p[1] = 10;
1064 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1065 if (s->qdev.type == TYPE_ROM) {
1066 p[3] = 0x20; /* Read Retry Count */
1067 }
1068 break;
1069
1070 case MODE_PAGE_AUDIO_CTL:
1071 p[1] = 14;
1072 break;
1073
1074 case MODE_PAGE_CAPABILITIES:
1075 p[1] = 0x14;
1076 if (page_control == 1) { /* Changeable Values */
1077 break;
1078 }
1079
1080 p[2] = 0x3b; /* CD-R & CD-RW read */
1081 p[3] = 0; /* Writing not supported */
1082 p[4] = 0x7f; /* Audio, composite, digital out,
1083 mode 2 form 1&2, multi session */
1084 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1085 RW corrected, C2 errors, ISRC,
1086 UPC, Bar code */
1087 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1088 /* Locking supported, jumper present, eject, tray */
1089 p[7] = 0; /* no volume & mute control, no
1090 changer */
1091 p[8] = (50 * 176) >> 8; /* 50x read speed */
1092 p[9] = (50 * 176) & 0xff;
1093 p[10] = 2 >> 8; /* Two volume levels */
1094 p[11] = 2 & 0xff;
1095 p[12] = 2048 >> 8; /* 2M buffer */
1096 p[13] = 2048 & 0xff;
1097 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1098 p[15] = (16 * 176) & 0xff;
1099 p[18] = (16 * 176) >> 8; /* 16x write speed */
1100 p[19] = (16 * 176) & 0xff;
1101 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1102 p[21] = (16 * 176) & 0xff;
1103 break;
1104
1105 default:
1106 return -1;
1107 }
1108
1109 *p_outbuf += p[1] + 2;
1110 return p[1] + 2;
1111 }
1112
1113 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1114 {
1115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1116 uint64_t nb_sectors;
1117 bool dbd;
1118 int page, buflen, ret, page_control;
1119 uint8_t *p;
1120 uint8_t dev_specific_param;
1121
1122 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1123 page = r->req.cmd.buf[2] & 0x3f;
1124 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1125 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1126 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1127 memset(outbuf, 0, r->req.cmd.xfer);
1128 p = outbuf;
1129
1130 if (s->qdev.type == TYPE_DISK) {
1131 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1132 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1133 dev_specific_param |= 0x80; /* Readonly. */
1134 }
1135 } else {
1136 /* MMC prescribes that CD/DVD drives have no block descriptors,
1137 * and defines no device-specific parameter. */
1138 dev_specific_param = 0x00;
1139 dbd = true;
1140 }
1141
1142 if (r->req.cmd.buf[0] == MODE_SENSE) {
1143 p[1] = 0; /* Default media type. */
1144 p[2] = dev_specific_param;
1145 p[3] = 0; /* Block descriptor length. */
1146 p += 4;
1147 } else { /* MODE_SENSE_10 */
1148 p[2] = 0; /* Default media type. */
1149 p[3] = dev_specific_param;
1150 p[6] = p[7] = 0; /* Block descriptor length. */
1151 p += 8;
1152 }
1153
1154 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1155 if (!dbd && nb_sectors) {
1156 if (r->req.cmd.buf[0] == MODE_SENSE) {
1157 outbuf[3] = 8; /* Block descriptor length */
1158 } else { /* MODE_SENSE_10 */
1159 outbuf[7] = 8; /* Block descriptor length */
1160 }
1161 nb_sectors /= (s->qdev.blocksize / 512);
1162 if (nb_sectors > 0xffffff) {
1163 nb_sectors = 0;
1164 }
1165 p[0] = 0; /* media density code */
1166 p[1] = (nb_sectors >> 16) & 0xff;
1167 p[2] = (nb_sectors >> 8) & 0xff;
1168 p[3] = nb_sectors & 0xff;
1169 p[4] = 0; /* reserved */
1170 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1171 p[6] = s->qdev.blocksize >> 8;
1172 p[7] = 0;
1173 p += 8;
1174 }
1175
1176 if (page_control == 3) {
1177 /* Saved Values */
1178 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1179 return -1;
1180 }
1181
1182 if (page == 0x3f) {
1183 for (page = 0; page <= 0x3e; page++) {
1184 mode_sense_page(s, page, &p, page_control);
1185 }
1186 } else {
1187 ret = mode_sense_page(s, page, &p, page_control);
1188 if (ret == -1) {
1189 return -1;
1190 }
1191 }
1192
1193 buflen = p - outbuf;
1194 /*
1195 * The mode data length field specifies the length in bytes of the
1196 * following data that is available to be transferred. The mode data
1197 * length does not include itself.
1198 */
1199 if (r->req.cmd.buf[0] == MODE_SENSE) {
1200 outbuf[0] = buflen - 1;
1201 } else { /* MODE_SENSE_10 */
1202 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1203 outbuf[1] = (buflen - 2) & 0xff;
1204 }
1205 return buflen;
1206 }
1207
1208 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1209 {
1210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1211 int start_track, format, msf, toclen;
1212 uint64_t nb_sectors;
1213
1214 msf = req->cmd.buf[1] & 2;
1215 format = req->cmd.buf[2] & 0xf;
1216 start_track = req->cmd.buf[6];
1217 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1218 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1219 nb_sectors /= s->qdev.blocksize / 512;
1220 switch (format) {
1221 case 0:
1222 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1223 break;
1224 case 1:
1225 /* multi session : only a single session defined */
1226 toclen = 12;
1227 memset(outbuf, 0, 12);
1228 outbuf[1] = 0x0a;
1229 outbuf[2] = 0x01;
1230 outbuf[3] = 0x01;
1231 break;
1232 case 2:
1233 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1234 break;
1235 default:
1236 return -1;
1237 }
1238 return toclen;
1239 }
1240
1241 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1242 {
1243 SCSIRequest *req = &r->req;
1244 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1245 bool start = req->cmd.buf[4] & 1;
1246 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1247
1248 if (s->qdev.type == TYPE_ROM && loej) {
1249 if (!start && !s->tray_open && s->tray_locked) {
1250 scsi_check_condition(r,
1251 bdrv_is_inserted(s->qdev.conf.bs)
1252 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1253 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1254 return -1;
1255 }
1256
1257 if (s->tray_open != !start) {
1258 bdrv_eject(s->qdev.conf.bs, !start);
1259 s->tray_open = !start;
1260 }
1261 }
1262 return 0;
1263 }
1264
1265 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1266 {
1267 SCSIRequest *req = &r->req;
1268 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1269 uint64_t nb_sectors;
1270 uint8_t *outbuf;
1271 int buflen = 0;
1272
1273 if (!r->iov.iov_base) {
1274 /*
1275 * FIXME: we shouldn't return anything bigger than 4k, but the code
1276 * requires the buffer to be as big as req->cmd.xfer in several
1277 * places. So, do not allow CDBs with a very large ALLOCATION
1278 * LENGTH. The real fix would be to modify scsi_read_data and
1279 * dma_buf_read, so that they return data beyond the buflen
1280 * as all zeros.
1281 */
1282 if (req->cmd.xfer > 65536) {
1283 goto illegal_request;
1284 }
1285 r->buflen = MAX(4096, req->cmd.xfer);
1286 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1287 }
1288
1289 outbuf = r->iov.iov_base;
1290 switch (req->cmd.buf[0]) {
1291 case TEST_UNIT_READY:
1292 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1293 break;
1294 case INQUIRY:
1295 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1296 if (buflen < 0) {
1297 goto illegal_request;
1298 }
1299 break;
1300 case MODE_SENSE:
1301 case MODE_SENSE_10:
1302 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1303 if (buflen < 0) {
1304 goto illegal_request;
1305 }
1306 break;
1307 case READ_TOC:
1308 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1309 if (buflen < 0) {
1310 goto illegal_request;
1311 }
1312 break;
1313 case RESERVE:
1314 if (req->cmd.buf[1] & 1) {
1315 goto illegal_request;
1316 }
1317 break;
1318 case RESERVE_10:
1319 if (req->cmd.buf[1] & 3) {
1320 goto illegal_request;
1321 }
1322 break;
1323 case RELEASE:
1324 if (req->cmd.buf[1] & 1) {
1325 goto illegal_request;
1326 }
1327 break;
1328 case RELEASE_10:
1329 if (req->cmd.buf[1] & 3) {
1330 goto illegal_request;
1331 }
1332 break;
1333 case START_STOP:
1334 if (scsi_disk_emulate_start_stop(r) < 0) {
1335 return -1;
1336 }
1337 break;
1338 case ALLOW_MEDIUM_REMOVAL:
1339 s->tray_locked = req->cmd.buf[4] & 1;
1340 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1341 break;
1342 case READ_CAPACITY_10:
1343 /* The normal LEN field for this command is zero. */
1344 memset(outbuf, 0, 8);
1345 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1346 if (!nb_sectors) {
1347 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1348 return -1;
1349 }
1350 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1351 goto illegal_request;
1352 }
1353 nb_sectors /= s->qdev.blocksize / 512;
1354 /* Returned value is the address of the last sector. */
1355 nb_sectors--;
1356 /* Remember the new size for read/write sanity checking. */
1357 s->qdev.max_lba = nb_sectors;
1358 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1359 if (nb_sectors > UINT32_MAX) {
1360 nb_sectors = UINT32_MAX;
1361 }
1362 outbuf[0] = (nb_sectors >> 24) & 0xff;
1363 outbuf[1] = (nb_sectors >> 16) & 0xff;
1364 outbuf[2] = (nb_sectors >> 8) & 0xff;
1365 outbuf[3] = nb_sectors & 0xff;
1366 outbuf[4] = 0;
1367 outbuf[5] = 0;
1368 outbuf[6] = s->qdev.blocksize >> 8;
1369 outbuf[7] = 0;
1370 buflen = 8;
1371 break;
1372 case REQUEST_SENSE:
1373 /* Just return "NO SENSE". */
1374 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1375 (req->cmd.buf[1] & 1) == 0);
1376 break;
1377 case MECHANISM_STATUS:
1378 buflen = scsi_emulate_mechanism_status(s, outbuf);
1379 if (buflen < 0) {
1380 goto illegal_request;
1381 }
1382 break;
1383 case GET_CONFIGURATION:
1384 buflen = scsi_get_configuration(s, outbuf);
1385 if (buflen < 0) {
1386 goto illegal_request;
1387 }
1388 break;
1389 case GET_EVENT_STATUS_NOTIFICATION:
1390 buflen = scsi_get_event_status_notification(s, r, outbuf);
1391 if (buflen < 0) {
1392 goto illegal_request;
1393 }
1394 break;
1395 case READ_DISC_INFORMATION:
1396 buflen = scsi_read_disc_information(s, r, outbuf);
1397 if (buflen < 0) {
1398 goto illegal_request;
1399 }
1400 break;
1401 case READ_DVD_STRUCTURE:
1402 buflen = scsi_read_dvd_structure(s, r, outbuf);
1403 if (buflen < 0) {
1404 goto illegal_request;
1405 }
1406 break;
1407 case SERVICE_ACTION_IN_16:
1408 /* Service Action In subcommands. */
1409 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1410 DPRINTF("SAI READ CAPACITY(16)\n");
1411 memset(outbuf, 0, req->cmd.xfer);
1412 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1413 if (!nb_sectors) {
1414 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1415 return -1;
1416 }
1417 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1418 goto illegal_request;
1419 }
1420 nb_sectors /= s->qdev.blocksize / 512;
1421 /* Returned value is the address of the last sector. */
1422 nb_sectors--;
1423 /* Remember the new size for read/write sanity checking. */
1424 s->qdev.max_lba = nb_sectors;
1425 outbuf[0] = (nb_sectors >> 56) & 0xff;
1426 outbuf[1] = (nb_sectors >> 48) & 0xff;
1427 outbuf[2] = (nb_sectors >> 40) & 0xff;
1428 outbuf[3] = (nb_sectors >> 32) & 0xff;
1429 outbuf[4] = (nb_sectors >> 24) & 0xff;
1430 outbuf[5] = (nb_sectors >> 16) & 0xff;
1431 outbuf[6] = (nb_sectors >> 8) & 0xff;
1432 outbuf[7] = nb_sectors & 0xff;
1433 outbuf[8] = 0;
1434 outbuf[9] = 0;
1435 outbuf[10] = s->qdev.blocksize >> 8;
1436 outbuf[11] = 0;
1437 outbuf[12] = 0;
1438 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1439
1440 /* set TPE bit if the format supports discard */
1441 if (s->qdev.conf.discard_granularity) {
1442 outbuf[14] = 0x80;
1443 }
1444
1445 /* Protection, exponent and lowest lba field left blank. */
1446 buflen = req->cmd.xfer;
1447 break;
1448 }
1449 DPRINTF("Unsupported Service Action In\n");
1450 goto illegal_request;
1451 default:
1452 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1453 return -1;
1454 }
1455 buflen = MIN(buflen, req->cmd.xfer);
1456 return buflen;
1457
1458 illegal_request:
1459 if (r->req.status == -1) {
1460 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1461 }
1462 return -1;
1463 }
1464
1465 /* Execute a scsi command. Returns the length of the data expected by the
1466 command. This will be Positive for data transfers from the device
1467 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1468 and zero if the command does not transfer any data. */
1469
1470 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1471 {
1472 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1473 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1474 int32_t len;
1475 uint8_t command;
1476 int rc;
1477
1478 command = buf[0];
1479 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1480
1481 #ifdef DEBUG_SCSI
1482 {
1483 int i;
1484 for (i = 1; i < r->req.cmd.len; i++) {
1485 printf(" 0x%02x", buf[i]);
1486 }
1487 printf("\n");
1488 }
1489 #endif
1490
1491 switch (command) {
1492 case INQUIRY:
1493 case MODE_SENSE:
1494 case MODE_SENSE_10:
1495 case RESERVE:
1496 case RESERVE_10:
1497 case RELEASE:
1498 case RELEASE_10:
1499 case START_STOP:
1500 case ALLOW_MEDIUM_REMOVAL:
1501 case GET_CONFIGURATION:
1502 case GET_EVENT_STATUS_NOTIFICATION:
1503 case MECHANISM_STATUS:
1504 case REQUEST_SENSE:
1505 break;
1506
1507 default:
1508 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1509 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1510 return 0;
1511 }
1512 break;
1513 }
1514
1515 switch (command) {
1516 case TEST_UNIT_READY:
1517 case INQUIRY:
1518 case MODE_SENSE:
1519 case MODE_SENSE_10:
1520 case RESERVE:
1521 case RESERVE_10:
1522 case RELEASE:
1523 case RELEASE_10:
1524 case START_STOP:
1525 case ALLOW_MEDIUM_REMOVAL:
1526 case READ_CAPACITY_10:
1527 case READ_TOC:
1528 case READ_DISC_INFORMATION:
1529 case READ_DVD_STRUCTURE:
1530 case GET_CONFIGURATION:
1531 case GET_EVENT_STATUS_NOTIFICATION:
1532 case MECHANISM_STATUS:
1533 case SERVICE_ACTION_IN_16:
1534 case REQUEST_SENSE:
1535 rc = scsi_disk_emulate_command(r);
1536 if (rc < 0) {
1537 return 0;
1538 }
1539
1540 r->iov.iov_len = rc;
1541 break;
1542 case SYNCHRONIZE_CACHE:
1543 /* The request is used as the AIO opaque value, so add a ref. */
1544 scsi_req_ref(&r->req);
1545 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1546 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1547 return 0;
1548 case READ_6:
1549 case READ_10:
1550 case READ_12:
1551 case READ_16:
1552 len = r->req.cmd.xfer / s->qdev.blocksize;
1553 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1554 if (r->req.cmd.lba > s->qdev.max_lba) {
1555 goto illegal_lba;
1556 }
1557 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1558 r->sector_count = len * (s->qdev.blocksize / 512);
1559 break;
1560 case VERIFY_10:
1561 case VERIFY_12:
1562 case VERIFY_16:
1563 case WRITE_6:
1564 case WRITE_10:
1565 case WRITE_12:
1566 case WRITE_16:
1567 case WRITE_VERIFY_10:
1568 case WRITE_VERIFY_12:
1569 case WRITE_VERIFY_16:
1570 len = r->req.cmd.xfer / s->qdev.blocksize;
1571 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1572 (command & 0xe) == 0xe ? "And Verify " : "",
1573 r->req.cmd.lba, len);
1574 if (r->req.cmd.lba > s->qdev.max_lba) {
1575 goto illegal_lba;
1576 }
1577 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1578 r->sector_count = len * (s->qdev.blocksize / 512);
1579 break;
1580 case MODE_SELECT:
1581 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1582 /* We don't support mode parameter changes.
1583 Allow the mode parameter header + block descriptors only. */
1584 if (r->req.cmd.xfer > 12) {
1585 goto fail;
1586 }
1587 break;
1588 case MODE_SELECT_10:
1589 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1590 /* We don't support mode parameter changes.
1591 Allow the mode parameter header + block descriptors only. */
1592 if (r->req.cmd.xfer > 16) {
1593 goto fail;
1594 }
1595 break;
1596 case SEEK_10:
1597 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1598 if (r->req.cmd.lba > s->qdev.max_lba) {
1599 goto illegal_lba;
1600 }
1601 break;
1602 case WRITE_SAME_10:
1603 len = lduw_be_p(&buf[7]);
1604 goto write_same;
1605 case WRITE_SAME_16:
1606 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1607 write_same:
1608
1609 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1610 r->req.cmd.lba, len);
1611
1612 if (r->req.cmd.lba > s->qdev.max_lba) {
1613 goto illegal_lba;
1614 }
1615
1616 /*
1617 * We only support WRITE SAME with the unmap bit set for now.
1618 */
1619 if (!(buf[1] & 0x8)) {
1620 goto fail;
1621 }
1622
1623 rc = bdrv_discard(s->qdev.conf.bs,
1624 r->req.cmd.lba * (s->qdev.blocksize / 512),
1625 len * (s->qdev.blocksize / 512));
1626 if (rc < 0) {
1627 /* XXX: better error code ?*/
1628 goto fail;
1629 }
1630
1631 break;
1632 default:
1633 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1634 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1635 return 0;
1636 fail:
1637 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1638 return 0;
1639 illegal_lba:
1640 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1641 return 0;
1642 }
1643 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1644 scsi_req_complete(&r->req, GOOD);
1645 }
1646 len = r->sector_count * 512 + r->iov.iov_len;
1647 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1648 return -len;
1649 } else {
1650 if (!r->sector_count) {
1651 r->sector_count = -1;
1652 }
1653 return len;
1654 }
1655 }
1656
1657 static void scsi_disk_reset(DeviceState *dev)
1658 {
1659 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1660 uint64_t nb_sectors;
1661
1662 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1663
1664 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1665 nb_sectors /= s->qdev.blocksize / 512;
1666 if (nb_sectors) {
1667 nb_sectors--;
1668 }
1669 s->qdev.max_lba = nb_sectors;
1670 }
1671
1672 static void scsi_destroy(SCSIDevice *dev)
1673 {
1674 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1675
1676 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1677 blockdev_mark_auto_del(s->qdev.conf.bs);
1678 }
1679
1680 static void scsi_cd_change_media_cb(void *opaque, bool load)
1681 {
1682 SCSIDiskState *s = opaque;
1683
1684 /*
1685 * When a CD gets changed, we have to report an ejected state and
1686 * then a loaded state to guests so that they detect tray
1687 * open/close and media change events. Guests that do not use
1688 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1689 * states rely on this behavior.
1690 *
1691 * media_changed governs the state machine used for unit attention
1692 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1693 */
1694 s->media_changed = load;
1695 s->tray_open = !load;
1696 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1697 s->media_event = true;
1698 s->eject_request = false;
1699 }
1700
1701 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1702 {
1703 SCSIDiskState *s = opaque;
1704
1705 s->eject_request = true;
1706 if (force) {
1707 s->tray_locked = false;
1708 }
1709 }
1710
1711 static bool scsi_cd_is_tray_open(void *opaque)
1712 {
1713 return ((SCSIDiskState *)opaque)->tray_open;
1714 }
1715
1716 static bool scsi_cd_is_medium_locked(void *opaque)
1717 {
1718 return ((SCSIDiskState *)opaque)->tray_locked;
1719 }
1720
1721 static const BlockDevOps scsi_cd_block_ops = {
1722 .change_media_cb = scsi_cd_change_media_cb,
1723 .eject_request_cb = scsi_cd_eject_request_cb,
1724 .is_tray_open = scsi_cd_is_tray_open,
1725 .is_medium_locked = scsi_cd_is_medium_locked,
1726 };
1727
1728 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1729 {
1730 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1731 if (s->media_changed) {
1732 s->media_changed = false;
1733 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1734 }
1735 }
1736
1737 static int scsi_initfn(SCSIDevice *dev)
1738 {
1739 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1740 DriveInfo *dinfo;
1741
1742 if (!s->qdev.conf.bs) {
1743 error_report("drive property not set");
1744 return -1;
1745 }
1746
1747 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1748 !bdrv_is_inserted(s->qdev.conf.bs)) {
1749 error_report("Device needs media, but drive is empty");
1750 return -1;
1751 }
1752
1753 if (!dev->conf.cyls && !dev->conf.heads && !dev->conf.secs) {
1754 /* try to fall back to value set with legacy -drive cyls=... */
1755 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1756 dev->conf.cyls = dinfo->cyls;
1757 dev->conf.heads = dinfo->heads;
1758 dev->conf.secs = dinfo->secs;
1759 }
1760 if (!dev->conf.cyls && !dev->conf.heads && !dev->conf.secs) {
1761 hd_geometry_guess(s->qdev.conf.bs,
1762 &dev->conf.cyls, &dev->conf.heads, &dev->conf.secs,
1763 NULL);
1764 }
1765 if (dev->conf.cyls || dev->conf.heads || dev->conf.secs) {
1766 if (dev->conf.cyls < 1 || dev->conf.cyls > 65535) {
1767 error_report("cyls must be between 1 and 65535");
1768 return -1;
1769 }
1770 if (dev->conf.heads < 1 || dev->conf.heads > 255) {
1771 error_report("heads must be between 1 and 255");
1772 return -1;
1773 }
1774 if (dev->conf.secs < 1 || dev->conf.secs > 255) {
1775 error_report("secs must be between 1 and 255");
1776 return -1;
1777 }
1778 }
1779
1780 blkconf_serial(&s->qdev.conf, &s->serial);
1781
1782 if (!s->version) {
1783 s->version = g_strdup(qemu_get_version());
1784 }
1785
1786 if (bdrv_is_sg(s->qdev.conf.bs)) {
1787 error_report("unwanted /dev/sg*");
1788 return -1;
1789 }
1790
1791 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1792 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1793 }
1794 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1795
1796 bdrv_iostatus_enable(s->qdev.conf.bs);
1797 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1798 return 0;
1799 }
1800
1801 static int scsi_hd_initfn(SCSIDevice *dev)
1802 {
1803 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1804 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1805 s->qdev.type = TYPE_DISK;
1806 return scsi_initfn(&s->qdev);
1807 }
1808
1809 static int scsi_cd_initfn(SCSIDevice *dev)
1810 {
1811 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1812 s->qdev.blocksize = 2048;
1813 s->qdev.type = TYPE_ROM;
1814 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1815 return scsi_initfn(&s->qdev);
1816 }
1817
1818 static int scsi_disk_initfn(SCSIDevice *dev)
1819 {
1820 DriveInfo *dinfo;
1821
1822 if (!dev->conf.bs) {
1823 return scsi_initfn(dev); /* ... and die there */
1824 }
1825
1826 dinfo = drive_get_by_blockdev(dev->conf.bs);
1827 if (dinfo->media_cd) {
1828 return scsi_cd_initfn(dev);
1829 } else {
1830 return scsi_hd_initfn(dev);
1831 }
1832 }
1833
1834 static const SCSIReqOps scsi_disk_reqops = {
1835 .size = sizeof(SCSIDiskReq),
1836 .free_req = scsi_free_request,
1837 .send_command = scsi_send_command,
1838 .read_data = scsi_read_data,
1839 .write_data = scsi_write_data,
1840 .cancel_io = scsi_cancel_io,
1841 .get_buf = scsi_get_buf,
1842 .load_request = scsi_disk_load_request,
1843 .save_request = scsi_disk_save_request,
1844 };
1845
1846 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1847 uint8_t *buf, void *hba_private)
1848 {
1849 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1850 SCSIRequest *req;
1851
1852 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1853 return req;
1854 }
1855
1856 #ifdef __linux__
1857 static int get_device_type(SCSIDiskState *s)
1858 {
1859 BlockDriverState *bdrv = s->qdev.conf.bs;
1860 uint8_t cmd[16];
1861 uint8_t buf[36];
1862 uint8_t sensebuf[8];
1863 sg_io_hdr_t io_header;
1864 int ret;
1865
1866 memset(cmd, 0, sizeof(cmd));
1867 memset(buf, 0, sizeof(buf));
1868 cmd[0] = INQUIRY;
1869 cmd[4] = sizeof(buf);
1870
1871 memset(&io_header, 0, sizeof(io_header));
1872 io_header.interface_id = 'S';
1873 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1874 io_header.dxfer_len = sizeof(buf);
1875 io_header.dxferp = buf;
1876 io_header.cmdp = cmd;
1877 io_header.cmd_len = sizeof(cmd);
1878 io_header.mx_sb_len = sizeof(sensebuf);
1879 io_header.sbp = sensebuf;
1880 io_header.timeout = 6000; /* XXX */
1881
1882 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1883 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1884 return -1;
1885 }
1886 s->qdev.type = buf[0];
1887 if (buf[1] & 0x80) {
1888 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1889 }
1890 return 0;
1891 }
1892
1893 static int scsi_block_initfn(SCSIDevice *dev)
1894 {
1895 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1896 int sg_version;
1897 int rc;
1898
1899 if (!s->qdev.conf.bs) {
1900 error_report("scsi-block: drive property not set");
1901 return -1;
1902 }
1903
1904 /* check we are using a driver managing SG_IO (version 3 and after) */
1905 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1906 sg_version < 30000) {
1907 error_report("scsi-block: scsi generic interface too old");
1908 return -1;
1909 }
1910
1911 /* get device type from INQUIRY data */
1912 rc = get_device_type(s);
1913 if (rc < 0) {
1914 error_report("scsi-block: INQUIRY failed");
1915 return -1;
1916 }
1917
1918 /* Make a guess for the block size, we'll fix it when the guest sends.
1919 * READ CAPACITY. If they don't, they likely would assume these sizes
1920 * anyway. (TODO: check in /sys).
1921 */
1922 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1923 s->qdev.blocksize = 2048;
1924 } else {
1925 s->qdev.blocksize = 512;
1926 }
1927 return scsi_initfn(&s->qdev);
1928 }
1929
1930 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1931 uint32_t lun, uint8_t *buf,
1932 void *hba_private)
1933 {
1934 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1935
1936 switch (buf[0]) {
1937 case READ_6:
1938 case READ_10:
1939 case READ_12:
1940 case READ_16:
1941 case VERIFY_10:
1942 case VERIFY_12:
1943 case VERIFY_16:
1944 case WRITE_6:
1945 case WRITE_10:
1946 case WRITE_12:
1947 case WRITE_16:
1948 case WRITE_VERIFY_10:
1949 case WRITE_VERIFY_12:
1950 case WRITE_VERIFY_16:
1951 /* If we are not using O_DIRECT, we might read stale data from the
1952 * host cache if writes were made using other commands than these
1953 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1954 * O_DIRECT everything must go through SG_IO.
1955 */
1956 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
1957 break;
1958 }
1959
1960 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1961 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1962 * And once you do these writes, reading from the block device is
1963 * unreliable, too. It is even possible that reads deliver random data
1964 * from the host page cache (this is probably a Linux bug).
1965 *
1966 * We might use scsi_disk_reqops as long as no writing commands are
1967 * seen, but performance usually isn't paramount on optical media. So,
1968 * just make scsi-block operate the same as scsi-generic for them.
1969 */
1970 if (s->qdev.type == TYPE_ROM) {
1971 break;
1972 }
1973 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1974 hba_private);
1975 }
1976
1977 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1978 hba_private);
1979 }
1980 #endif
1981
1982 #define DEFINE_SCSI_DISK_PROPERTIES() \
1983 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1984 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1985 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1986
1987 static Property scsi_hd_properties[] = {
1988 DEFINE_SCSI_DISK_PROPERTIES(),
1989 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1990 SCSI_DISK_F_REMOVABLE, false),
1991 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1992 SCSI_DISK_F_DPOFUA, false),
1993 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
1994 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
1995 DEFINE_PROP_END_OF_LIST(),
1996 };
1997
1998 static const VMStateDescription vmstate_scsi_disk_state = {
1999 .name = "scsi-disk",
2000 .version_id = 1,
2001 .minimum_version_id = 1,
2002 .minimum_version_id_old = 1,
2003 .fields = (VMStateField[]) {
2004 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2005 VMSTATE_BOOL(media_changed, SCSIDiskState),
2006 VMSTATE_BOOL(media_event, SCSIDiskState),
2007 VMSTATE_BOOL(eject_request, SCSIDiskState),
2008 VMSTATE_BOOL(tray_open, SCSIDiskState),
2009 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2010 VMSTATE_END_OF_LIST()
2011 }
2012 };
2013
2014 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2015 {
2016 DeviceClass *dc = DEVICE_CLASS(klass);
2017 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2018
2019 sc->init = scsi_hd_initfn;
2020 sc->destroy = scsi_destroy;
2021 sc->alloc_req = scsi_new_request;
2022 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2023 dc->fw_name = "disk";
2024 dc->desc = "virtual SCSI disk";
2025 dc->reset = scsi_disk_reset;
2026 dc->props = scsi_hd_properties;
2027 dc->vmsd = &vmstate_scsi_disk_state;
2028 }
2029
2030 static TypeInfo scsi_hd_info = {
2031 .name = "scsi-hd",
2032 .parent = TYPE_SCSI_DEVICE,
2033 .instance_size = sizeof(SCSIDiskState),
2034 .class_init = scsi_hd_class_initfn,
2035 };
2036
2037 static Property scsi_cd_properties[] = {
2038 DEFINE_SCSI_DISK_PROPERTIES(),
2039 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2040 DEFINE_PROP_END_OF_LIST(),
2041 };
2042
2043 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2044 {
2045 DeviceClass *dc = DEVICE_CLASS(klass);
2046 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2047
2048 sc->init = scsi_cd_initfn;
2049 sc->destroy = scsi_destroy;
2050 sc->alloc_req = scsi_new_request;
2051 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2052 dc->fw_name = "disk";
2053 dc->desc = "virtual SCSI CD-ROM";
2054 dc->reset = scsi_disk_reset;
2055 dc->props = scsi_cd_properties;
2056 dc->vmsd = &vmstate_scsi_disk_state;
2057 }
2058
2059 static TypeInfo scsi_cd_info = {
2060 .name = "scsi-cd",
2061 .parent = TYPE_SCSI_DEVICE,
2062 .instance_size = sizeof(SCSIDiskState),
2063 .class_init = scsi_cd_class_initfn,
2064 };
2065
2066 #ifdef __linux__
2067 static Property scsi_block_properties[] = {
2068 DEFINE_SCSI_DISK_PROPERTIES(),
2069 DEFINE_PROP_END_OF_LIST(),
2070 };
2071
2072 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2073 {
2074 DeviceClass *dc = DEVICE_CLASS(klass);
2075 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2076
2077 sc->init = scsi_block_initfn;
2078 sc->destroy = scsi_destroy;
2079 sc->alloc_req = scsi_block_new_request;
2080 dc->fw_name = "disk";
2081 dc->desc = "SCSI block device passthrough";
2082 dc->reset = scsi_disk_reset;
2083 dc->props = scsi_block_properties;
2084 dc->vmsd = &vmstate_scsi_disk_state;
2085 }
2086
2087 static TypeInfo scsi_block_info = {
2088 .name = "scsi-block",
2089 .parent = TYPE_SCSI_DEVICE,
2090 .instance_size = sizeof(SCSIDiskState),
2091 .class_init = scsi_block_class_initfn,
2092 };
2093 #endif
2094
2095 static Property scsi_disk_properties[] = {
2096 DEFINE_SCSI_DISK_PROPERTIES(),
2097 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2098 SCSI_DISK_F_REMOVABLE, false),
2099 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2100 SCSI_DISK_F_DPOFUA, false),
2101 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2102 DEFINE_PROP_END_OF_LIST(),
2103 };
2104
2105 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2106 {
2107 DeviceClass *dc = DEVICE_CLASS(klass);
2108 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2109
2110 sc->init = scsi_disk_initfn;
2111 sc->destroy = scsi_destroy;
2112 sc->alloc_req = scsi_new_request;
2113 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2114 dc->fw_name = "disk";
2115 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2116 dc->reset = scsi_disk_reset;
2117 dc->props = scsi_disk_properties;
2118 dc->vmsd = &vmstate_scsi_disk_state;
2119 }
2120
2121 static TypeInfo scsi_disk_info = {
2122 .name = "scsi-disk",
2123 .parent = TYPE_SCSI_DEVICE,
2124 .instance_size = sizeof(SCSIDiskState),
2125 .class_init = scsi_disk_class_initfn,
2126 };
2127
2128 static void scsi_disk_register_types(void)
2129 {
2130 type_register_static(&scsi_hd_info);
2131 type_register_static(&scsi_cd_info);
2132 #ifdef __linux__
2133 type_register_static(&scsi_block_info);
2134 #endif
2135 type_register_static(&scsi_disk_info);
2136 }
2137
2138 type_init(scsi_disk_register_types)
QEMU mirror