2 * SCSI Device emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
7 * Written by Paul Brook
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
15 * This code is licensed under the LGPL.
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
28 #define DPRINTF(fmt, ...) do {} while(0)
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
34 #include "qemu-common.h"
35 #include "qemu-error.h"
37 #include "scsi-defs.h"
40 #include "block_int.h"
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
50 typedef struct SCSIDiskState SCSIDiskState
;
52 typedef struct SCSIDiskReq
{
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint32_t sector_count
;
64 #define SCSI_DISK_F_REMOVABLE 0
65 #define SCSI_DISK_F_DPOFUA 1
81 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
);
83 static void scsi_free_request(SCSIRequest
*req
)
85 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
87 if (r
->iov
.iov_base
) {
88 qemu_vfree(r
->iov
.iov_base
);
92 /* Helper function for command completion with sense. */
93 static void scsi_check_condition(SCSIDiskReq
*r
, SCSISense sense
)
95 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
96 r
->req
.tag
, sense
.key
, sense
.asc
, sense
.ascq
);
97 scsi_req_build_sense(&r
->req
, sense
);
98 scsi_req_complete(&r
->req
, CHECK_CONDITION
);
101 /* Cancel a pending data transfer. */
102 static void scsi_cancel_io(SCSIRequest
*req
)
104 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
106 DPRINTF("Cancel tag=0x%x\n", req
->tag
);
108 bdrv_aio_cancel(r
->req
.aiocb
);
110 /* This reference was left in by scsi_*_data. We take ownership of
111 * it the moment scsi_req_cancel is called, independent of whether
112 * bdrv_aio_cancel completes the request or not. */
113 scsi_req_unref(&r
->req
);
118 static uint32_t scsi_init_iovec(SCSIDiskReq
*r
, size_t size
)
120 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
122 if (!r
->iov
.iov_base
) {
124 r
->iov
.iov_base
= qemu_blockalign(s
->qdev
.conf
.bs
, r
->buflen
);
126 r
->iov
.iov_len
= MIN(r
->sector_count
* 512, r
->buflen
);
127 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
128 return r
->qiov
.size
/ 512;
131 static void scsi_disk_save_request(QEMUFile
*f
, SCSIRequest
*req
)
133 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
135 qemu_put_be64s(f
, &r
->sector
);
136 qemu_put_be32s(f
, &r
->sector_count
);
137 qemu_put_be32s(f
, &r
->buflen
);
138 if (r
->buflen
&& r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
139 qemu_put_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
143 static void scsi_disk_load_request(QEMUFile
*f
, SCSIRequest
*req
)
145 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
147 qemu_get_be64s(f
, &r
->sector
);
148 qemu_get_be32s(f
, &r
->sector_count
);
149 qemu_get_be32s(f
, &r
->buflen
);
151 scsi_init_iovec(r
, r
->buflen
);
152 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
153 qemu_get_buffer(f
, r
->iov
.iov_base
, r
->iov
.iov_len
);
157 qemu_iovec_init_external(&r
->qiov
, &r
->iov
, 1);
160 static void scsi_flush_complete(void * opaque
, int ret
)
162 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
163 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
165 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
168 if (scsi_handle_rw_error(r
, -ret
)) {
173 scsi_req_complete(&r
->req
, GOOD
);
176 if (!r
->req
.io_canceled
) {
177 scsi_req_unref(&r
->req
);
181 static bool scsi_is_cmd_fua(SCSICommand
*cmd
)
183 switch (cmd
->buf
[0]) {
190 return (cmd
->buf
[1] & 8) != 0;
195 case WRITE_VERIFY_10
:
196 case WRITE_VERIFY_12
:
197 case WRITE_VERIFY_16
:
207 static void scsi_write_do_fua(SCSIDiskReq
*r
)
209 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
211 if (scsi_is_cmd_fua(&r
->req
.cmd
)) {
212 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, 0, BDRV_ACCT_FLUSH
);
213 r
->req
.aiocb
= bdrv_aio_flush(s
->qdev
.conf
.bs
, scsi_flush_complete
, r
);
217 scsi_req_complete(&r
->req
, GOOD
);
218 if (!r
->req
.io_canceled
) {
219 scsi_req_unref(&r
->req
);
223 static void scsi_dma_complete(void *opaque
, int ret
)
225 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
226 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
228 if (r
->req
.aiocb
!= NULL
) {
230 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
234 if (scsi_handle_rw_error(r
, -ret
)) {
239 r
->sector
+= r
->sector_count
;
241 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
242 scsi_write_do_fua(r
);
245 scsi_req_complete(&r
->req
, GOOD
);
249 if (!r
->req
.io_canceled
) {
250 scsi_req_unref(&r
->req
);
254 static void scsi_read_complete(void * opaque
, int ret
)
256 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
257 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
260 if (r
->req
.aiocb
!= NULL
) {
262 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
266 if (scsi_handle_rw_error(r
, -ret
)) {
271 DPRINTF("Data ready tag=0x%x len=%zd\n", r
->req
.tag
, r
->qiov
.size
);
273 n
= r
->qiov
.size
/ 512;
275 r
->sector_count
-= n
;
276 scsi_req_data(&r
->req
, r
->qiov
.size
);
279 if (!r
->req
.io_canceled
) {
280 scsi_req_unref(&r
->req
);
284 /* Actually issue a read to the block device. */
285 static void scsi_do_read(void *opaque
, int ret
)
287 SCSIDiskReq
*r
= opaque
;
288 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
291 if (r
->req
.aiocb
!= NULL
) {
293 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
297 if (scsi_handle_rw_error(r
, -ret
)) {
302 if (r
->req
.io_canceled
) {
306 /* The request is used as the AIO opaque value, so add a ref. */
307 scsi_req_ref(&r
->req
);
310 dma_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, r
->req
.sg
, BDRV_ACCT_READ
);
311 r
->req
.resid
-= r
->req
.sg
->size
;
312 r
->req
.aiocb
= dma_bdrv_read(s
->qdev
.conf
.bs
, r
->req
.sg
, r
->sector
,
313 scsi_dma_complete
, r
);
315 n
= scsi_init_iovec(r
, SCSI_DMA_BUF_SIZE
);
316 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, n
* BDRV_SECTOR_SIZE
, BDRV_ACCT_READ
);
317 r
->req
.aiocb
= bdrv_aio_readv(s
->qdev
.conf
.bs
, r
->sector
, &r
->qiov
, n
,
318 scsi_read_complete
, r
);
322 if (!r
->req
.io_canceled
) {
323 scsi_req_unref(&r
->req
);
327 /* Read more data from scsi device into buffer. */
328 static void scsi_read_data(SCSIRequest
*req
)
330 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
331 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
334 if (r
->sector_count
== (uint32_t)-1) {
335 DPRINTF("Read buf_len=%zd\n", r
->iov
.iov_len
);
338 scsi_req_data(&r
->req
, r
->iov
.iov_len
);
341 DPRINTF("Read sector_count=%d\n", r
->sector_count
);
342 if (r
->sector_count
== 0) {
343 /* This also clears the sense buffer for REQUEST SENSE. */
344 scsi_req_complete(&r
->req
, GOOD
);
348 /* No data transfer may already be in progress */
349 assert(r
->req
.aiocb
== NULL
);
351 /* The request is used as the AIO opaque value, so add a ref. */
352 scsi_req_ref(&r
->req
);
353 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
354 DPRINTF("Data transfer direction invalid\n");
355 scsi_read_complete(r
, -EINVAL
);
360 scsi_read_complete(r
, -ENOMEDIUM
);
366 if (first
&& scsi_is_cmd_fua(&r
->req
.cmd
)) {
367 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, 0, BDRV_ACCT_FLUSH
);
368 r
->req
.aiocb
= bdrv_aio_flush(s
->qdev
.conf
.bs
, scsi_do_read
, r
);
375 * scsi_handle_rw_error has two return values. 0 means that the error
376 * must be ignored, 1 means that the error has been processed and the
377 * caller should not do anything else for this request. Note that
378 * scsi_handle_rw_error always manages its reference counts, independent
379 * of the return value.
381 static int scsi_handle_rw_error(SCSIDiskReq
*r
, int error
)
383 int is_read
= (r
->req
.cmd
.xfer
== SCSI_XFER_FROM_DEV
);
384 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
385 BlockErrorAction action
= bdrv_get_on_error(s
->qdev
.conf
.bs
, is_read
);
387 if (action
== BLOCK_ERR_IGNORE
) {
388 bdrv_emit_qmp_error_event(s
->qdev
.conf
.bs
, BDRV_ACTION_IGNORE
, is_read
);
392 if ((error
== ENOSPC
&& action
== BLOCK_ERR_STOP_ENOSPC
)
393 || action
== BLOCK_ERR_STOP_ANY
) {
395 bdrv_emit_qmp_error_event(s
->qdev
.conf
.bs
, BDRV_ACTION_STOP
, is_read
);
396 vm_stop(RUN_STATE_IO_ERROR
);
397 bdrv_iostatus_set_err(s
->qdev
.conf
.bs
, error
);
398 scsi_req_retry(&r
->req
);
402 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
405 scsi_check_condition(r
, SENSE_CODE(TARGET_FAILURE
));
408 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
411 scsi_check_condition(r
, SENSE_CODE(IO_ERROR
));
414 bdrv_emit_qmp_error_event(s
->qdev
.conf
.bs
, BDRV_ACTION_REPORT
, is_read
);
419 static void scsi_write_complete(void * opaque
, int ret
)
421 SCSIDiskReq
*r
= (SCSIDiskReq
*)opaque
;
422 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
425 if (r
->req
.aiocb
!= NULL
) {
427 bdrv_acct_done(s
->qdev
.conf
.bs
, &r
->acct
);
431 if (scsi_handle_rw_error(r
, -ret
)) {
436 n
= r
->qiov
.size
/ 512;
438 r
->sector_count
-= n
;
439 if (r
->sector_count
== 0) {
440 scsi_write_do_fua(r
);
443 scsi_init_iovec(r
, SCSI_DMA_BUF_SIZE
);
444 DPRINTF("Write complete tag=0x%x more=%d\n", r
->req
.tag
, r
->qiov
.size
);
445 scsi_req_data(&r
->req
, r
->qiov
.size
);
449 if (!r
->req
.io_canceled
) {
450 scsi_req_unref(&r
->req
);
454 static void scsi_write_data(SCSIRequest
*req
)
456 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
457 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
460 /* No data transfer may already be in progress */
461 assert(r
->req
.aiocb
== NULL
);
463 /* The request is used as the AIO opaque value, so add a ref. */
464 scsi_req_ref(&r
->req
);
465 if (r
->req
.cmd
.mode
!= SCSI_XFER_TO_DEV
) {
466 DPRINTF("Data transfer direction invalid\n");
467 scsi_write_complete(r
, -EINVAL
);
471 if (!r
->req
.sg
&& !r
->qiov
.size
) {
472 /* Called for the first time. Ask the driver to send us more data. */
474 scsi_write_complete(r
, 0);
478 scsi_write_complete(r
, -ENOMEDIUM
);
482 if (r
->req
.cmd
.buf
[0] == VERIFY_10
|| r
->req
.cmd
.buf
[0] == VERIFY_12
||
483 r
->req
.cmd
.buf
[0] == VERIFY_16
) {
485 scsi_dma_complete(r
, 0);
487 scsi_write_complete(r
, 0);
493 dma_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, r
->req
.sg
, BDRV_ACCT_WRITE
);
494 r
->req
.resid
-= r
->req
.sg
->size
;
495 r
->req
.aiocb
= dma_bdrv_write(s
->qdev
.conf
.bs
, r
->req
.sg
, r
->sector
,
496 scsi_dma_complete
, r
);
498 n
= r
->qiov
.size
/ 512;
499 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, n
* BDRV_SECTOR_SIZE
, BDRV_ACCT_WRITE
);
500 r
->req
.aiocb
= bdrv_aio_writev(s
->qdev
.conf
.bs
, r
->sector
, &r
->qiov
, n
,
501 scsi_write_complete
, r
);
505 /* Return a pointer to the data buffer. */
506 static uint8_t *scsi_get_buf(SCSIRequest
*req
)
508 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
510 return (uint8_t *)r
->iov
.iov_base
;
513 static int scsi_disk_emulate_inquiry(SCSIRequest
*req
, uint8_t *outbuf
)
515 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
518 if (req
->cmd
.buf
[1] & 0x2) {
519 /* Command support data - optional, not implemented */
520 BADF("optional INQUIRY command support request not implemented\n");
524 if (req
->cmd
.buf
[1] & 0x1) {
525 /* Vital product data */
526 uint8_t page_code
= req
->cmd
.buf
[2];
527 if (req
->cmd
.xfer
< 4) {
528 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
529 "less than 4\n", page_code
, req
->cmd
.xfer
);
533 outbuf
[buflen
++] = s
->qdev
.type
& 0x1f;
534 outbuf
[buflen
++] = page_code
; // this page
535 outbuf
[buflen
++] = 0x00;
538 case 0x00: /* Supported page codes, mandatory */
541 DPRINTF("Inquiry EVPD[Supported pages] "
542 "buffer size %zd\n", req
->cmd
.xfer
);
544 outbuf
[buflen
++] = 0x00; // list of supported pages (this page)
546 outbuf
[buflen
++] = 0x80; // unit serial number
548 outbuf
[buflen
++] = 0x83; // device identification
549 if (s
->qdev
.type
== TYPE_DISK
) {
550 outbuf
[buflen
++] = 0xb0; // block limits
551 outbuf
[buflen
++] = 0xb2; // thin provisioning
553 outbuf
[pages
] = buflen
- pages
- 1; // number of pages
556 case 0x80: /* Device serial number, optional */
561 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
565 l
= strlen(s
->serial
);
570 DPRINTF("Inquiry EVPD[Serial number] "
571 "buffer size %zd\n", req
->cmd
.xfer
);
572 outbuf
[buflen
++] = l
;
573 memcpy(outbuf
+buflen
, s
->serial
, l
);
578 case 0x83: /* Device identification page, mandatory */
580 const char *str
= s
->serial
?: bdrv_get_device_name(s
->qdev
.conf
.bs
);
581 int max_len
= s
->serial
? 20 : 255 - 8;
582 int id_len
= strlen(str
);
584 if (id_len
> max_len
) {
587 DPRINTF("Inquiry EVPD[Device identification] "
588 "buffer size %zd\n", req
->cmd
.xfer
);
590 outbuf
[buflen
++] = 4 + id_len
;
591 outbuf
[buflen
++] = 0x2; // ASCII
592 outbuf
[buflen
++] = 0; // not officially assigned
593 outbuf
[buflen
++] = 0; // reserved
594 outbuf
[buflen
++] = id_len
; // length of data following
596 memcpy(outbuf
+buflen
, str
, id_len
);
600 case 0xb0: /* block limits */
602 unsigned int unmap_sectors
=
603 s
->qdev
.conf
.discard_granularity
/ s
->qdev
.blocksize
;
604 unsigned int min_io_size
=
605 s
->qdev
.conf
.min_io_size
/ s
->qdev
.blocksize
;
606 unsigned int opt_io_size
=
607 s
->qdev
.conf
.opt_io_size
/ s
->qdev
.blocksize
;
609 if (s
->qdev
.type
== TYPE_ROM
) {
610 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
614 /* required VPD size with unmap support */
615 outbuf
[3] = buflen
= 0x3c;
617 memset(outbuf
+ 4, 0, buflen
- 4);
619 /* optimal transfer length granularity */
620 outbuf
[6] = (min_io_size
>> 8) & 0xff;
621 outbuf
[7] = min_io_size
& 0xff;
623 /* optimal transfer length */
624 outbuf
[12] = (opt_io_size
>> 24) & 0xff;
625 outbuf
[13] = (opt_io_size
>> 16) & 0xff;
626 outbuf
[14] = (opt_io_size
>> 8) & 0xff;
627 outbuf
[15] = opt_io_size
& 0xff;
629 /* optimal unmap granularity */
630 outbuf
[28] = (unmap_sectors
>> 24) & 0xff;
631 outbuf
[29] = (unmap_sectors
>> 16) & 0xff;
632 outbuf
[30] = (unmap_sectors
>> 8) & 0xff;
633 outbuf
[31] = unmap_sectors
& 0xff;
636 case 0xb2: /* thin provisioning */
638 outbuf
[3] = buflen
= 8;
640 outbuf
[5] = 0x60; /* write_same 10/16 supported */
641 outbuf
[6] = s
->qdev
.conf
.discard_granularity
? 2 : 1;
646 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
647 "buffer size %zd\n", page_code
, req
->cmd
.xfer
);
654 /* Standard INQUIRY data */
655 if (req
->cmd
.buf
[2] != 0) {
656 BADF("Error: Inquiry (STANDARD) page or code "
657 "is non-zero [%02X]\n", req
->cmd
.buf
[2]);
662 if (req
->cmd
.xfer
< 5) {
663 BADF("Error: Inquiry (STANDARD) buffer size %zd "
664 "is less than 5\n", req
->cmd
.xfer
);
668 buflen
= req
->cmd
.xfer
;
669 if (buflen
> SCSI_MAX_INQUIRY_LEN
) {
670 buflen
= SCSI_MAX_INQUIRY_LEN
;
672 memset(outbuf
, 0, buflen
);
674 outbuf
[0] = s
->qdev
.type
& 0x1f;
675 outbuf
[1] = (s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) ? 0x80 : 0;
676 if (s
->qdev
.type
== TYPE_ROM
) {
677 memcpy(&outbuf
[16], "QEMU CD-ROM ", 16);
679 memcpy(&outbuf
[16], "QEMU HARDDISK ", 16);
681 memcpy(&outbuf
[8], "QEMU ", 8);
682 memset(&outbuf
[32], 0, 4);
683 memcpy(&outbuf
[32], s
->version
, MIN(4, strlen(s
->version
)));
685 * We claim conformance to SPC-3, which is required for guests
686 * to ask for modern features like READ CAPACITY(16) or the
687 * block characteristics VPD page by default. Not all of SPC-3
688 * is actually implemented, but we're good enough.
691 outbuf
[3] = 2; /* Format 2 */
694 outbuf
[4] = buflen
- 5; /* Additional Length = (Len - 1) - 4 */
696 /* If the allocation length of CDB is too small,
697 the additional length is not adjusted */
701 /* Sync data transfer and TCQ. */
702 outbuf
[7] = 0x10 | (req
->bus
->info
->tcq
? 0x02 : 0);
706 static inline bool media_is_dvd(SCSIDiskState
*s
)
709 if (s
->qdev
.type
!= TYPE_ROM
) {
712 if (!bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
715 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
716 return nb_sectors
> CD_MAX_SECTORS
;
719 static inline bool media_is_cd(SCSIDiskState
*s
)
722 if (s
->qdev
.type
!= TYPE_ROM
) {
725 if (!bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
728 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
729 return nb_sectors
<= CD_MAX_SECTORS
;
732 static int scsi_read_dvd_structure(SCSIDiskState
*s
, SCSIDiskReq
*r
,
735 static const int rds_caps_size
[5] = {
742 uint8_t media
= r
->req
.cmd
.buf
[1];
743 uint8_t layer
= r
->req
.cmd
.buf
[6];
744 uint8_t format
= r
->req
.cmd
.buf
[7];
747 if (s
->qdev
.type
!= TYPE_ROM
) {
751 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
755 if (format
!= 0xff) {
756 if (s
->tray_open
|| !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
757 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
760 if (media_is_cd(s
)) {
761 scsi_check_condition(r
, SENSE_CODE(INCOMPATIBLE_FORMAT
));
764 if (format
>= ARRAY_SIZE(rds_caps_size
)) {
767 size
= rds_caps_size
[format
];
768 memset(outbuf
, 0, size
);
773 /* Physical format information */
778 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
780 outbuf
[4] = 1; /* DVD-ROM, part version 1 */
781 outbuf
[5] = 0xf; /* 120mm disc, minimum rate unspecified */
782 outbuf
[6] = 1; /* one layer, read-only (per MMC-2 spec) */
783 outbuf
[7] = 0; /* default densities */
785 stl_be_p(&outbuf
[12], (nb_sectors
>> 2) - 1); /* end sector */
786 stl_be_p(&outbuf
[16], (nb_sectors
>> 2) - 1); /* l0 end sector */
790 case 0x01: /* DVD copyright information, all zeros */
793 case 0x03: /* BCA information - invalid field for no BCA info */
796 case 0x04: /* DVD disc manufacturing information, all zeros */
799 case 0xff: { /* List capabilities */
802 for (i
= 0; i
< ARRAY_SIZE(rds_caps_size
); i
++) {
803 if (!rds_caps_size
[i
]) {
807 outbuf
[size
+ 1] = 0x40; /* Not writable, readable */
808 stw_be_p(&outbuf
[size
+ 2], rds_caps_size
[i
]);
818 /* Size of buffer, not including 2 byte size field */
819 stw_be_p(outbuf
, size
- 2);
826 static int scsi_event_status_media(SCSIDiskState
*s
, uint8_t *outbuf
)
828 uint8_t event_code
, media_status
;
832 media_status
= MS_TRAY_OPEN
;
833 } else if (bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
834 media_status
= MS_MEDIA_PRESENT
;
837 /* Event notification descriptor */
838 event_code
= MEC_NO_CHANGE
;
839 if (media_status
!= MS_TRAY_OPEN
) {
840 if (s
->media_event
) {
841 event_code
= MEC_NEW_MEDIA
;
842 s
->media_event
= false;
843 } else if (s
->eject_request
) {
844 event_code
= MEC_EJECT_REQUESTED
;
845 s
->eject_request
= false;
849 outbuf
[0] = event_code
;
850 outbuf
[1] = media_status
;
852 /* These fields are reserved, just clear them. */
858 static int scsi_get_event_status_notification(SCSIDiskState
*s
, SCSIDiskReq
*r
,
862 uint8_t *buf
= r
->req
.cmd
.buf
;
863 uint8_t notification_class_request
= buf
[4];
864 if (s
->qdev
.type
!= TYPE_ROM
) {
867 if ((buf
[1] & 1) == 0) {
873 outbuf
[0] = outbuf
[1] = 0;
874 outbuf
[3] = 1 << GESN_MEDIA
; /* supported events */
875 if (notification_class_request
& (1 << GESN_MEDIA
)) {
876 outbuf
[2] = GESN_MEDIA
;
877 size
+= scsi_event_status_media(s
, &outbuf
[size
]);
881 stw_be_p(outbuf
, size
- 4);
885 static int scsi_get_configuration(SCSIDiskState
*s
, uint8_t *outbuf
)
889 if (s
->qdev
.type
!= TYPE_ROM
) {
892 current
= media_is_dvd(s
) ? MMC_PROFILE_DVD_ROM
: MMC_PROFILE_CD_ROM
;
893 memset(outbuf
, 0, 40);
894 stl_be_p(&outbuf
[0], 36); /* Bytes after the data length field */
895 stw_be_p(&outbuf
[6], current
);
896 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
897 outbuf
[10] = 0x03; /* persistent, current */
898 outbuf
[11] = 8; /* two profiles */
899 stw_be_p(&outbuf
[12], MMC_PROFILE_DVD_ROM
);
900 outbuf
[14] = (current
== MMC_PROFILE_DVD_ROM
);
901 stw_be_p(&outbuf
[16], MMC_PROFILE_CD_ROM
);
902 outbuf
[18] = (current
== MMC_PROFILE_CD_ROM
);
903 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
904 stw_be_p(&outbuf
[20], 1);
905 outbuf
[22] = 0x08 | 0x03; /* version 2, persistent, current */
907 stl_be_p(&outbuf
[24], 1); /* SCSI */
908 outbuf
[28] = 1; /* DBE = 1, mandatory */
909 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
910 stw_be_p(&outbuf
[32], 3);
911 outbuf
[34] = 0x08 | 0x03; /* version 2, persistent, current */
913 outbuf
[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
914 /* TODO: Random readable, CD read, DVD read, drive serial number,
919 static int scsi_emulate_mechanism_status(SCSIDiskState
*s
, uint8_t *outbuf
)
921 if (s
->qdev
.type
!= TYPE_ROM
) {
924 memset(outbuf
, 0, 8);
925 outbuf
[5] = 1; /* CD-ROM */
929 static int mode_sense_page(SCSIDiskState
*s
, int page
, uint8_t **p_outbuf
,
932 static const int mode_sense_valid
[0x3f] = {
933 [MODE_PAGE_HD_GEOMETRY
] = (1 << TYPE_DISK
),
934 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
] = (1 << TYPE_DISK
),
935 [MODE_PAGE_CACHING
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
936 [MODE_PAGE_R_W_ERROR
] = (1 << TYPE_DISK
) | (1 << TYPE_ROM
),
937 [MODE_PAGE_AUDIO_CTL
] = (1 << TYPE_ROM
),
938 [MODE_PAGE_CAPABILITIES
] = (1 << TYPE_ROM
),
941 BlockDriverState
*bdrv
= s
->qdev
.conf
.bs
;
942 int cylinders
, heads
, secs
;
943 uint8_t *p
= *p_outbuf
;
945 if ((mode_sense_valid
[page
] & (1 << s
->qdev
.type
)) == 0) {
952 * If Changeable Values are requested, a mask denoting those mode parameters
953 * that are changeable shall be returned. As we currently don't support
954 * parameter changes via MODE_SELECT all bits are returned set to zero.
955 * The buffer was already menset to zero by the caller of this function.
958 case MODE_PAGE_HD_GEOMETRY
:
960 if (page_control
== 1) { /* Changeable Values */
963 /* if a geometry hint is available, use it */
964 bdrv_guess_geometry(bdrv
, &cylinders
, &heads
, &secs
);
965 p
[2] = (cylinders
>> 16) & 0xff;
966 p
[3] = (cylinders
>> 8) & 0xff;
967 p
[4] = cylinders
& 0xff;
969 /* Write precomp start cylinder, disabled */
970 p
[6] = (cylinders
>> 16) & 0xff;
971 p
[7] = (cylinders
>> 8) & 0xff;
972 p
[8] = cylinders
& 0xff;
973 /* Reduced current start cylinder, disabled */
974 p
[9] = (cylinders
>> 16) & 0xff;
975 p
[10] = (cylinders
>> 8) & 0xff;
976 p
[11] = cylinders
& 0xff;
977 /* Device step rate [ns], 200ns */
980 /* Landing zone cylinder */
984 /* Medium rotation rate [rpm], 5400 rpm */
985 p
[20] = (5400 >> 8) & 0xff;
989 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY
:
991 if (page_control
== 1) { /* Changeable Values */
994 /* Transfer rate [kbit/s], 5Mbit/s */
997 /* if a geometry hint is available, use it */
998 bdrv_guess_geometry(bdrv
, &cylinders
, &heads
, &secs
);
1001 p
[6] = s
->qdev
.blocksize
>> 8;
1002 p
[8] = (cylinders
>> 8) & 0xff;
1003 p
[9] = cylinders
& 0xff;
1004 /* Write precomp start cylinder, disabled */
1005 p
[10] = (cylinders
>> 8) & 0xff;
1006 p
[11] = cylinders
& 0xff;
1007 /* Reduced current start cylinder, disabled */
1008 p
[12] = (cylinders
>> 8) & 0xff;
1009 p
[13] = cylinders
& 0xff;
1010 /* Device step rate [100us], 100us */
1013 /* Device step pulse width [us], 1us */
1015 /* Device head settle delay [100us], 100us */
1018 /* Motor on delay [0.1s], 0.1s */
1020 /* Motor off delay [0.1s], 0.1s */
1022 /* Medium rotation rate [rpm], 5400 rpm */
1023 p
[28] = (5400 >> 8) & 0xff;
1024 p
[29] = 5400 & 0xff;
1027 case MODE_PAGE_CACHING
:
1030 if (page_control
== 1) { /* Changeable Values */
1033 if (bdrv_enable_write_cache(s
->qdev
.conf
.bs
)) {
1038 case MODE_PAGE_R_W_ERROR
:
1040 p
[2] = 0x80; /* Automatic Write Reallocation Enabled */
1041 if (s
->qdev
.type
== TYPE_ROM
) {
1042 p
[3] = 0x20; /* Read Retry Count */
1046 case MODE_PAGE_AUDIO_CTL
:
1050 case MODE_PAGE_CAPABILITIES
:
1052 if (page_control
== 1) { /* Changeable Values */
1056 p
[2] = 0x3b; /* CD-R & CD-RW read */
1057 p
[3] = 0; /* Writing not supported */
1058 p
[4] = 0x7f; /* Audio, composite, digital out,
1059 mode 2 form 1&2, multi session */
1060 p
[5] = 0xff; /* CD DA, DA accurate, RW supported,
1061 RW corrected, C2 errors, ISRC,
1063 p
[6] = 0x2d | (s
->tray_locked
? 2 : 0);
1064 /* Locking supported, jumper present, eject, tray */
1065 p
[7] = 0; /* no volume & mute control, no
1067 p
[8] = (50 * 176) >> 8; /* 50x read speed */
1068 p
[9] = (50 * 176) & 0xff;
1069 p
[10] = 2 >> 8; /* Two volume levels */
1071 p
[12] = 2048 >> 8; /* 2M buffer */
1072 p
[13] = 2048 & 0xff;
1073 p
[14] = (16 * 176) >> 8; /* 16x read speed current */
1074 p
[15] = (16 * 176) & 0xff;
1075 p
[18] = (16 * 176) >> 8; /* 16x write speed */
1076 p
[19] = (16 * 176) & 0xff;
1077 p
[20] = (16 * 176) >> 8; /* 16x write speed current */
1078 p
[21] = (16 * 176) & 0xff;
1085 *p_outbuf
+= p
[1] + 2;
1089 static int scsi_disk_emulate_mode_sense(SCSIDiskReq
*r
, uint8_t *outbuf
)
1091 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, r
->req
.dev
);
1092 uint64_t nb_sectors
;
1094 int page
, buflen
, ret
, page_control
;
1096 uint8_t dev_specific_param
;
1098 dbd
= (r
->req
.cmd
.buf
[1] & 0x8) != 0;
1099 page
= r
->req
.cmd
.buf
[2] & 0x3f;
1100 page_control
= (r
->req
.cmd
.buf
[2] & 0xc0) >> 6;
1101 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1102 (r
->req
.cmd
.buf
[0] == MODE_SENSE
) ? 6 : 10, page
, r
->req
.cmd
.xfer
, page_control
);
1103 memset(outbuf
, 0, r
->req
.cmd
.xfer
);
1106 if (s
->qdev
.type
== TYPE_DISK
) {
1107 dev_specific_param
= s
->features
& (1 << SCSI_DISK_F_DPOFUA
) ? 0x10 : 0;
1108 if (bdrv_is_read_only(s
->qdev
.conf
.bs
)) {
1109 dev_specific_param
|= 0x80; /* Readonly. */
1112 /* MMC prescribes that CD/DVD drives have no block descriptors,
1113 * and defines no device-specific parameter. */
1114 dev_specific_param
= 0x00;
1118 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1119 p
[1] = 0; /* Default media type. */
1120 p
[2] = dev_specific_param
;
1121 p
[3] = 0; /* Block descriptor length. */
1123 } else { /* MODE_SENSE_10 */
1124 p
[2] = 0; /* Default media type. */
1125 p
[3] = dev_specific_param
;
1126 p
[6] = p
[7] = 0; /* Block descriptor length. */
1130 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1131 if (!dbd
&& nb_sectors
) {
1132 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1133 outbuf
[3] = 8; /* Block descriptor length */
1134 } else { /* MODE_SENSE_10 */
1135 outbuf
[7] = 8; /* Block descriptor length */
1137 nb_sectors
/= (s
->qdev
.blocksize
/ 512);
1138 if (nb_sectors
> 0xffffff) {
1141 p
[0] = 0; /* media density code */
1142 p
[1] = (nb_sectors
>> 16) & 0xff;
1143 p
[2] = (nb_sectors
>> 8) & 0xff;
1144 p
[3] = nb_sectors
& 0xff;
1145 p
[4] = 0; /* reserved */
1146 p
[5] = 0; /* bytes 5-7 are the sector size in bytes */
1147 p
[6] = s
->qdev
.blocksize
>> 8;
1152 if (page_control
== 3) {
1154 scsi_check_condition(r
, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED
));
1159 for (page
= 0; page
<= 0x3e; page
++) {
1160 mode_sense_page(s
, page
, &p
, page_control
);
1163 ret
= mode_sense_page(s
, page
, &p
, page_control
);
1169 buflen
= p
- outbuf
;
1171 * The mode data length field specifies the length in bytes of the
1172 * following data that is available to be transferred. The mode data
1173 * length does not include itself.
1175 if (r
->req
.cmd
.buf
[0] == MODE_SENSE
) {
1176 outbuf
[0] = buflen
- 1;
1177 } else { /* MODE_SENSE_10 */
1178 outbuf
[0] = ((buflen
- 2) >> 8) & 0xff;
1179 outbuf
[1] = (buflen
- 2) & 0xff;
1184 static int scsi_disk_emulate_read_toc(SCSIRequest
*req
, uint8_t *outbuf
)
1186 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1187 int start_track
, format
, msf
, toclen
;
1188 uint64_t nb_sectors
;
1190 msf
= req
->cmd
.buf
[1] & 2;
1191 format
= req
->cmd
.buf
[2] & 0xf;
1192 start_track
= req
->cmd
.buf
[6];
1193 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1194 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track
, format
, msf
>> 1);
1195 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1198 toclen
= cdrom_read_toc(nb_sectors
, outbuf
, msf
, start_track
);
1201 /* multi session : only a single session defined */
1203 memset(outbuf
, 0, 12);
1209 toclen
= cdrom_read_toc_raw(nb_sectors
, outbuf
, msf
, start_track
);
1217 static int scsi_disk_emulate_start_stop(SCSIDiskReq
*r
)
1219 SCSIRequest
*req
= &r
->req
;
1220 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1221 bool start
= req
->cmd
.buf
[4] & 1;
1222 bool loej
= req
->cmd
.buf
[4] & 2; /* load on start, eject on !start */
1224 if (s
->qdev
.type
== TYPE_ROM
&& loej
) {
1225 if (!start
&& !s
->tray_open
&& s
->tray_locked
) {
1226 scsi_check_condition(r
,
1227 bdrv_is_inserted(s
->qdev
.conf
.bs
)
1228 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED
)
1229 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED
));
1233 if (s
->tray_open
!= !start
) {
1234 bdrv_eject(s
->qdev
.conf
.bs
, !start
);
1235 s
->tray_open
= !start
;
1241 static int scsi_disk_emulate_command(SCSIDiskReq
*r
)
1243 SCSIRequest
*req
= &r
->req
;
1244 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1245 uint64_t nb_sectors
;
1249 if (!r
->iov
.iov_base
) {
1251 * FIXME: we shouldn't return anything bigger than 4k, but the code
1252 * requires the buffer to be as big as req->cmd.xfer in several
1253 * places. So, do not allow CDBs with a very large ALLOCATION
1254 * LENGTH. The real fix would be to modify scsi_read_data and
1255 * dma_buf_read, so that they return data beyond the buflen
1258 if (req
->cmd
.xfer
> 65536) {
1259 goto illegal_request
;
1261 r
->buflen
= MAX(4096, req
->cmd
.xfer
);
1262 r
->iov
.iov_base
= qemu_blockalign(s
->qdev
.conf
.bs
, r
->buflen
);
1265 outbuf
= r
->iov
.iov_base
;
1266 switch (req
->cmd
.buf
[0]) {
1267 case TEST_UNIT_READY
:
1268 assert(!s
->tray_open
&& bdrv_is_inserted(s
->qdev
.conf
.bs
));
1271 buflen
= scsi_disk_emulate_inquiry(req
, outbuf
);
1273 goto illegal_request
;
1278 buflen
= scsi_disk_emulate_mode_sense(r
, outbuf
);
1280 goto illegal_request
;
1284 buflen
= scsi_disk_emulate_read_toc(req
, outbuf
);
1286 goto illegal_request
;
1290 if (req
->cmd
.buf
[1] & 1) {
1291 goto illegal_request
;
1295 if (req
->cmd
.buf
[1] & 3) {
1296 goto illegal_request
;
1300 if (req
->cmd
.buf
[1] & 1) {
1301 goto illegal_request
;
1305 if (req
->cmd
.buf
[1] & 3) {
1306 goto illegal_request
;
1310 if (scsi_disk_emulate_start_stop(r
) < 0) {
1314 case ALLOW_MEDIUM_REMOVAL
:
1315 s
->tray_locked
= req
->cmd
.buf
[4] & 1;
1316 bdrv_lock_medium(s
->qdev
.conf
.bs
, req
->cmd
.buf
[4] & 1);
1318 case READ_CAPACITY_10
:
1319 /* The normal LEN field for this command is zero. */
1320 memset(outbuf
, 0, 8);
1321 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1323 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
1326 if ((req
->cmd
.buf
[8] & 1) == 0 && req
->cmd
.lba
) {
1327 goto illegal_request
;
1329 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1330 /* Returned value is the address of the last sector. */
1332 /* Remember the new size for read/write sanity checking. */
1333 s
->qdev
.max_lba
= nb_sectors
;
1334 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1335 if (nb_sectors
> UINT32_MAX
) {
1336 nb_sectors
= UINT32_MAX
;
1338 outbuf
[0] = (nb_sectors
>> 24) & 0xff;
1339 outbuf
[1] = (nb_sectors
>> 16) & 0xff;
1340 outbuf
[2] = (nb_sectors
>> 8) & 0xff;
1341 outbuf
[3] = nb_sectors
& 0xff;
1344 outbuf
[6] = s
->qdev
.blocksize
>> 8;
1349 /* Just return "NO SENSE". */
1350 buflen
= scsi_build_sense(NULL
, 0, outbuf
, r
->buflen
,
1351 (req
->cmd
.buf
[1] & 1) == 0);
1353 case MECHANISM_STATUS
:
1354 buflen
= scsi_emulate_mechanism_status(s
, outbuf
);
1356 goto illegal_request
;
1359 case GET_CONFIGURATION
:
1360 buflen
= scsi_get_configuration(s
, outbuf
);
1362 goto illegal_request
;
1365 case GET_EVENT_STATUS_NOTIFICATION
:
1366 buflen
= scsi_get_event_status_notification(s
, r
, outbuf
);
1368 goto illegal_request
;
1371 case READ_DVD_STRUCTURE
:
1372 buflen
= scsi_read_dvd_structure(s
, r
, outbuf
);
1374 goto illegal_request
;
1377 case SERVICE_ACTION_IN_16
:
1378 /* Service Action In subcommands. */
1379 if ((req
->cmd
.buf
[1] & 31) == SAI_READ_CAPACITY_16
) {
1380 DPRINTF("SAI READ CAPACITY(16)\n");
1381 memset(outbuf
, 0, req
->cmd
.xfer
);
1382 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1384 scsi_check_condition(r
, SENSE_CODE(LUN_NOT_READY
));
1387 if ((req
->cmd
.buf
[14] & 1) == 0 && req
->cmd
.lba
) {
1388 goto illegal_request
;
1390 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1391 /* Returned value is the address of the last sector. */
1393 /* Remember the new size for read/write sanity checking. */
1394 s
->qdev
.max_lba
= nb_sectors
;
1395 outbuf
[0] = (nb_sectors
>> 56) & 0xff;
1396 outbuf
[1] = (nb_sectors
>> 48) & 0xff;
1397 outbuf
[2] = (nb_sectors
>> 40) & 0xff;
1398 outbuf
[3] = (nb_sectors
>> 32) & 0xff;
1399 outbuf
[4] = (nb_sectors
>> 24) & 0xff;
1400 outbuf
[5] = (nb_sectors
>> 16) & 0xff;
1401 outbuf
[6] = (nb_sectors
>> 8) & 0xff;
1402 outbuf
[7] = nb_sectors
& 0xff;
1405 outbuf
[10] = s
->qdev
.blocksize
>> 8;
1408 outbuf
[13] = get_physical_block_exp(&s
->qdev
.conf
);
1410 /* set TPE bit if the format supports discard */
1411 if (s
->qdev
.conf
.discard_granularity
) {
1415 /* Protection, exponent and lowest lba field left blank. */
1416 buflen
= req
->cmd
.xfer
;
1419 DPRINTF("Unsupported Service Action In\n");
1420 goto illegal_request
;
1422 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
1425 buflen
= MIN(buflen
, req
->cmd
.xfer
);
1429 if (r
->req
.status
== -1) {
1430 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1435 /* Execute a scsi command. Returns the length of the data expected by the
1436 command. This will be Positive for data transfers from the device
1437 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1438 and zero if the command does not transfer any data. */
1440 static int32_t scsi_send_command(SCSIRequest
*req
, uint8_t *buf
)
1442 SCSIDiskReq
*r
= DO_UPCAST(SCSIDiskReq
, req
, req
);
1443 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, req
->dev
);
1449 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req
->lun
, req
->tag
, buf
[0]);
1454 for (i
= 1; i
< r
->req
.cmd
.len
; i
++) {
1455 printf(" 0x%02x", buf
[i
]);
1470 case ALLOW_MEDIUM_REMOVAL
:
1471 case GET_CONFIGURATION
:
1472 case GET_EVENT_STATUS_NOTIFICATION
:
1473 case MECHANISM_STATUS
:
1478 if (s
->tray_open
|| !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
1479 scsi_check_condition(r
, SENSE_CODE(NO_MEDIUM
));
1486 case TEST_UNIT_READY
:
1495 case ALLOW_MEDIUM_REMOVAL
:
1496 case READ_CAPACITY_10
:
1498 case READ_DVD_STRUCTURE
:
1499 case GET_CONFIGURATION
:
1500 case GET_EVENT_STATUS_NOTIFICATION
:
1501 case MECHANISM_STATUS
:
1502 case SERVICE_ACTION_IN_16
:
1504 rc
= scsi_disk_emulate_command(r
);
1509 r
->iov
.iov_len
= rc
;
1511 case SYNCHRONIZE_CACHE
:
1512 /* The request is used as the AIO opaque value, so add a ref. */
1513 scsi_req_ref(&r
->req
);
1514 bdrv_acct_start(s
->qdev
.conf
.bs
, &r
->acct
, 0, BDRV_ACCT_FLUSH
);
1515 r
->req
.aiocb
= bdrv_aio_flush(s
->qdev
.conf
.bs
, scsi_flush_complete
, r
);
1521 len
= r
->req
.cmd
.xfer
/ s
->qdev
.blocksize
;
1522 DPRINTF("Read (sector %" PRId64
", count %d)\n", r
->req
.cmd
.lba
, len
);
1523 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1526 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
1527 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
1536 case WRITE_VERIFY_10
:
1537 case WRITE_VERIFY_12
:
1538 case WRITE_VERIFY_16
:
1539 len
= r
->req
.cmd
.xfer
/ s
->qdev
.blocksize
;
1540 DPRINTF("Write %s(sector %" PRId64
", count %d)\n",
1541 (command
& 0xe) == 0xe ? "And Verify " : "",
1542 r
->req
.cmd
.lba
, len
);
1543 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1546 r
->sector
= r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512);
1547 r
->sector_count
= len
* (s
->qdev
.blocksize
/ 512);
1550 DPRINTF("Mode Select(6) (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1551 /* We don't support mode parameter changes.
1552 Allow the mode parameter header + block descriptors only. */
1553 if (r
->req
.cmd
.xfer
> 12) {
1557 case MODE_SELECT_10
:
1558 DPRINTF("Mode Select(10) (len %lu)\n", (long)r
->req
.cmd
.xfer
);
1559 /* We don't support mode parameter changes.
1560 Allow the mode parameter header + block descriptors only. */
1561 if (r
->req
.cmd
.xfer
> 16) {
1566 DPRINTF("Seek(10) (sector %" PRId64
")\n", r
->req
.cmd
.lba
);
1567 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1572 len
= lduw_be_p(&buf
[7]);
1575 len
= ldl_be_p(&buf
[10]) & 0xffffffffULL
;
1578 DPRINTF("WRITE SAME() (sector %" PRId64
", count %d)\n",
1579 r
->req
.cmd
.lba
, len
);
1581 if (r
->req
.cmd
.lba
> s
->qdev
.max_lba
) {
1586 * We only support WRITE SAME with the unmap bit set for now.
1588 if (!(buf
[1] & 0x8)) {
1592 rc
= bdrv_discard(s
->qdev
.conf
.bs
,
1593 r
->req
.cmd
.lba
* (s
->qdev
.blocksize
/ 512),
1594 len
* (s
->qdev
.blocksize
/ 512));
1596 /* XXX: better error code ?*/
1602 DPRINTF("Unknown SCSI command (%2.2x)\n", buf
[0]);
1603 scsi_check_condition(r
, SENSE_CODE(INVALID_OPCODE
));
1606 scsi_check_condition(r
, SENSE_CODE(INVALID_FIELD
));
1609 scsi_check_condition(r
, SENSE_CODE(LBA_OUT_OF_RANGE
));
1612 if (r
->sector_count
== 0 && r
->iov
.iov_len
== 0) {
1613 scsi_req_complete(&r
->req
, GOOD
);
1615 len
= r
->sector_count
* 512 + r
->iov
.iov_len
;
1616 if (r
->req
.cmd
.mode
== SCSI_XFER_TO_DEV
) {
1619 if (!r
->sector_count
) {
1620 r
->sector_count
= -1;
1626 static void scsi_disk_reset(DeviceState
*dev
)
1628 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
.qdev
, dev
);
1629 uint64_t nb_sectors
;
1631 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(RESET
));
1633 bdrv_get_geometry(s
->qdev
.conf
.bs
, &nb_sectors
);
1634 nb_sectors
/= s
->qdev
.blocksize
/ 512;
1638 s
->qdev
.max_lba
= nb_sectors
;
1641 static void scsi_destroy(SCSIDevice
*dev
)
1643 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1645 scsi_device_purge_requests(&s
->qdev
, SENSE_CODE(NO_SENSE
));
1646 blockdev_mark_auto_del(s
->qdev
.conf
.bs
);
1649 static void scsi_cd_change_media_cb(void *opaque
, bool load
)
1651 SCSIDiskState
*s
= opaque
;
1654 * When a CD gets changed, we have to report an ejected state and
1655 * then a loaded state to guests so that they detect tray
1656 * open/close and media change events. Guests that do not use
1657 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1658 * states rely on this behavior.
1660 * media_changed governs the state machine used for unit attention
1661 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1663 s
->media_changed
= load
;
1664 s
->tray_open
= !load
;
1665 s
->qdev
.unit_attention
= SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM
);
1666 s
->media_event
= true;
1667 s
->eject_request
= false;
1670 static void scsi_cd_eject_request_cb(void *opaque
, bool force
)
1672 SCSIDiskState
*s
= opaque
;
1674 s
->eject_request
= true;
1676 s
->tray_locked
= false;
1680 static bool scsi_cd_is_tray_open(void *opaque
)
1682 return ((SCSIDiskState
*)opaque
)->tray_open
;
1685 static bool scsi_cd_is_medium_locked(void *opaque
)
1687 return ((SCSIDiskState
*)opaque
)->tray_locked
;
1690 static const BlockDevOps scsi_cd_block_ops
= {
1691 .change_media_cb
= scsi_cd_change_media_cb
,
1692 .eject_request_cb
= scsi_cd_eject_request_cb
,
1693 .is_tray_open
= scsi_cd_is_tray_open
,
1694 .is_medium_locked
= scsi_cd_is_medium_locked
,
1697 static void scsi_disk_unit_attention_reported(SCSIDevice
*dev
)
1699 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1700 if (s
->media_changed
) {
1701 s
->media_changed
= false;
1702 s
->qdev
.unit_attention
= SENSE_CODE(MEDIUM_CHANGED
);
1706 static int scsi_initfn(SCSIDevice
*dev
)
1708 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1711 if (!s
->qdev
.conf
.bs
) {
1712 error_report("drive property not set");
1716 if (!(s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) &&
1717 !bdrv_is_inserted(s
->qdev
.conf
.bs
)) {
1718 error_report("Device needs media, but drive is empty");
1723 /* try to fall back to value set with legacy -drive serial=... */
1724 dinfo
= drive_get_by_blockdev(s
->qdev
.conf
.bs
);
1725 if (*dinfo
->serial
) {
1726 s
->serial
= g_strdup(dinfo
->serial
);
1731 s
->version
= g_strdup(QEMU_VERSION
);
1734 if (bdrv_is_sg(s
->qdev
.conf
.bs
)) {
1735 error_report("unwanted /dev/sg*");
1739 if (s
->features
& (1 << SCSI_DISK_F_REMOVABLE
)) {
1740 bdrv_set_dev_ops(s
->qdev
.conf
.bs
, &scsi_cd_block_ops
, s
);
1742 bdrv_set_buffer_alignment(s
->qdev
.conf
.bs
, s
->qdev
.blocksize
);
1744 bdrv_iostatus_enable(s
->qdev
.conf
.bs
);
1745 add_boot_device_path(s
->qdev
.conf
.bootindex
, &dev
->qdev
, NULL
);
1749 static int scsi_hd_initfn(SCSIDevice
*dev
)
1751 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1752 s
->qdev
.blocksize
= s
->qdev
.conf
.logical_block_size
;
1753 s
->qdev
.type
= TYPE_DISK
;
1754 return scsi_initfn(&s
->qdev
);
1757 static int scsi_cd_initfn(SCSIDevice
*dev
)
1759 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1760 s
->qdev
.blocksize
= 2048;
1761 s
->qdev
.type
= TYPE_ROM
;
1762 s
->features
|= 1 << SCSI_DISK_F_REMOVABLE
;
1763 return scsi_initfn(&s
->qdev
);
1766 static int scsi_disk_initfn(SCSIDevice
*dev
)
1770 if (!dev
->conf
.bs
) {
1771 return scsi_initfn(dev
); /* ... and die there */
1774 dinfo
= drive_get_by_blockdev(dev
->conf
.bs
);
1775 if (dinfo
->media_cd
) {
1776 return scsi_cd_initfn(dev
);
1778 return scsi_hd_initfn(dev
);
1782 static const SCSIReqOps scsi_disk_reqops
= {
1783 .size
= sizeof(SCSIDiskReq
),
1784 .free_req
= scsi_free_request
,
1785 .send_command
= scsi_send_command
,
1786 .read_data
= scsi_read_data
,
1787 .write_data
= scsi_write_data
,
1788 .cancel_io
= scsi_cancel_io
,
1789 .get_buf
= scsi_get_buf
,
1790 .load_request
= scsi_disk_load_request
,
1791 .save_request
= scsi_disk_save_request
,
1794 static SCSIRequest
*scsi_new_request(SCSIDevice
*d
, uint32_t tag
, uint32_t lun
,
1795 uint8_t *buf
, void *hba_private
)
1797 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
1800 req
= scsi_req_alloc(&scsi_disk_reqops
, &s
->qdev
, tag
, lun
, hba_private
);
1805 static int get_device_type(SCSIDiskState
*s
)
1807 BlockDriverState
*bdrv
= s
->qdev
.conf
.bs
;
1810 uint8_t sensebuf
[8];
1811 sg_io_hdr_t io_header
;
1814 memset(cmd
, 0, sizeof(cmd
));
1815 memset(buf
, 0, sizeof(buf
));
1817 cmd
[4] = sizeof(buf
);
1819 memset(&io_header
, 0, sizeof(io_header
));
1820 io_header
.interface_id
= 'S';
1821 io_header
.dxfer_direction
= SG_DXFER_FROM_DEV
;
1822 io_header
.dxfer_len
= sizeof(buf
);
1823 io_header
.dxferp
= buf
;
1824 io_header
.cmdp
= cmd
;
1825 io_header
.cmd_len
= sizeof(cmd
);
1826 io_header
.mx_sb_len
= sizeof(sensebuf
);
1827 io_header
.sbp
= sensebuf
;
1828 io_header
.timeout
= 6000; /* XXX */
1830 ret
= bdrv_ioctl(bdrv
, SG_IO
, &io_header
);
1831 if (ret
< 0 || io_header
.driver_status
|| io_header
.host_status
) {
1834 s
->qdev
.type
= buf
[0];
1835 if (buf
[1] & 0x80) {
1836 s
->features
|= 1 << SCSI_DISK_F_REMOVABLE
;
1841 static int scsi_block_initfn(SCSIDevice
*dev
)
1843 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, dev
);
1847 if (!s
->qdev
.conf
.bs
) {
1848 error_report("scsi-block: drive property not set");
1852 /* check we are using a driver managing SG_IO (version 3 and after) */
1853 if (bdrv_ioctl(s
->qdev
.conf
.bs
, SG_GET_VERSION_NUM
, &sg_version
) < 0 ||
1854 sg_version
< 30000) {
1855 error_report("scsi-block: scsi generic interface too old");
1859 /* get device type from INQUIRY data */
1860 rc
= get_device_type(s
);
1862 error_report("scsi-block: INQUIRY failed");
1866 /* Make a guess for the block size, we'll fix it when the guest sends.
1867 * READ CAPACITY. If they don't, they likely would assume these sizes
1868 * anyway. (TODO: check in /sys).
1870 if (s
->qdev
.type
== TYPE_ROM
|| s
->qdev
.type
== TYPE_WORM
) {
1871 s
->qdev
.blocksize
= 2048;
1873 s
->qdev
.blocksize
= 512;
1875 return scsi_initfn(&s
->qdev
);
1878 static SCSIRequest
*scsi_block_new_request(SCSIDevice
*d
, uint32_t tag
,
1879 uint32_t lun
, uint8_t *buf
,
1882 SCSIDiskState
*s
= DO_UPCAST(SCSIDiskState
, qdev
, d
);
1896 case WRITE_VERIFY_10
:
1897 case WRITE_VERIFY_12
:
1898 case WRITE_VERIFY_16
:
1899 /* If we are not using O_DIRECT, we might read stale data from the
1900 * host cache if writes were made using other commands than these
1901 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1902 * O_DIRECT everything must go through SG_IO.
1904 if (!(s
->qdev
.conf
.bs
->open_flags
& BDRV_O_NOCACHE
)) {
1908 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1909 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1910 * And once you do these writes, reading from the block device is
1911 * unreliable, too. It is even possible that reads deliver random data
1912 * from the host page cache (this is probably a Linux bug).
1914 * We might use scsi_disk_reqops as long as no writing commands are
1915 * seen, but performance usually isn't paramount on optical media. So,
1916 * just make scsi-block operate the same as scsi-generic for them.
1918 if (s
->qdev
.type
== TYPE_ROM
) {
1921 return scsi_req_alloc(&scsi_disk_reqops
, &s
->qdev
, tag
, lun
,
1925 return scsi_req_alloc(&scsi_generic_req_ops
, &s
->qdev
, tag
, lun
,
1930 #define DEFINE_SCSI_DISK_PROPERTIES() \
1931 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1932 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1933 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1935 static Property scsi_hd_properties
[] = {
1936 DEFINE_SCSI_DISK_PROPERTIES(),
1937 DEFINE_PROP_BIT("removable", SCSIDiskState
, features
,
1938 SCSI_DISK_F_REMOVABLE
, false),
1939 DEFINE_PROP_BIT("dpofua", SCSIDiskState
, features
,
1940 SCSI_DISK_F_DPOFUA
, false),
1941 DEFINE_PROP_END_OF_LIST(),
1944 static const VMStateDescription vmstate_scsi_disk_state
= {
1945 .name
= "scsi-disk",
1947 .minimum_version_id
= 1,
1948 .minimum_version_id_old
= 1,
1949 .fields
= (VMStateField
[]) {
1950 VMSTATE_SCSI_DEVICE(qdev
, SCSIDiskState
),
1951 VMSTATE_BOOL(media_changed
, SCSIDiskState
),
1952 VMSTATE_BOOL(media_event
, SCSIDiskState
),
1953 VMSTATE_BOOL(eject_request
, SCSIDiskState
),
1954 VMSTATE_BOOL(tray_open
, SCSIDiskState
),
1955 VMSTATE_BOOL(tray_locked
, SCSIDiskState
),
1956 VMSTATE_END_OF_LIST()
1960 static void scsi_hd_class_initfn(ObjectClass
*klass
, void *data
)
1962 DeviceClass
*dc
= DEVICE_CLASS(klass
);
1963 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
1965 sc
->init
= scsi_hd_initfn
;
1966 sc
->destroy
= scsi_destroy
;
1967 sc
->alloc_req
= scsi_new_request
;
1968 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
1969 dc
->fw_name
= "disk";
1970 dc
->desc
= "virtual SCSI disk";
1971 dc
->reset
= scsi_disk_reset
;
1972 dc
->props
= scsi_hd_properties
;
1973 dc
->vmsd
= &vmstate_scsi_disk_state
;
1976 static TypeInfo scsi_hd_info
= {
1978 .parent
= TYPE_SCSI_DEVICE
,
1979 .instance_size
= sizeof(SCSIDiskState
),
1980 .class_init
= scsi_hd_class_initfn
,
1983 static Property scsi_cd_properties
[] = {
1984 DEFINE_SCSI_DISK_PROPERTIES(),
1985 DEFINE_PROP_END_OF_LIST(),
1988 static void scsi_cd_class_initfn(ObjectClass
*klass
, void *data
)
1990 DeviceClass
*dc
= DEVICE_CLASS(klass
);
1991 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
1993 sc
->init
= scsi_cd_initfn
;
1994 sc
->destroy
= scsi_destroy
;
1995 sc
->alloc_req
= scsi_new_request
;
1996 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
1997 dc
->fw_name
= "disk";
1998 dc
->desc
= "virtual SCSI CD-ROM";
1999 dc
->reset
= scsi_disk_reset
;
2000 dc
->props
= scsi_cd_properties
;
2001 dc
->vmsd
= &vmstate_scsi_disk_state
;
2004 static TypeInfo scsi_cd_info
= {
2006 .parent
= TYPE_SCSI_DEVICE
,
2007 .instance_size
= sizeof(SCSIDiskState
),
2008 .class_init
= scsi_cd_class_initfn
,
2012 static Property scsi_block_properties
[] = {
2013 DEFINE_SCSI_DISK_PROPERTIES(),
2014 DEFINE_PROP_END_OF_LIST(),
2017 static void scsi_block_class_initfn(ObjectClass
*klass
, void *data
)
2019 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2020 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2022 sc
->init
= scsi_block_initfn
;
2023 sc
->destroy
= scsi_destroy
;
2024 sc
->alloc_req
= scsi_block_new_request
;
2025 dc
->fw_name
= "disk";
2026 dc
->desc
= "SCSI block device passthrough";
2027 dc
->reset
= scsi_disk_reset
;
2028 dc
->props
= scsi_block_properties
;
2029 dc
->vmsd
= &vmstate_scsi_disk_state
;
2032 static TypeInfo scsi_block_info
= {
2033 .name
= "scsi-block",
2034 .parent
= TYPE_SCSI_DEVICE
,
2035 .instance_size
= sizeof(SCSIDiskState
),
2036 .class_init
= scsi_block_class_initfn
,
2040 static Property scsi_disk_properties
[] = {
2041 DEFINE_SCSI_DISK_PROPERTIES(),
2042 DEFINE_PROP_BIT("removable", SCSIDiskState
, features
,
2043 SCSI_DISK_F_REMOVABLE
, false),
2044 DEFINE_PROP_BIT("dpofua", SCSIDiskState
, features
,
2045 SCSI_DISK_F_DPOFUA
, false),
2046 DEFINE_PROP_END_OF_LIST(),
2049 static void scsi_disk_class_initfn(ObjectClass
*klass
, void *data
)
2051 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2052 SCSIDeviceClass
*sc
= SCSI_DEVICE_CLASS(klass
);
2054 sc
->init
= scsi_disk_initfn
;
2055 sc
->destroy
= scsi_destroy
;
2056 sc
->alloc_req
= scsi_new_request
;
2057 sc
->unit_attention_reported
= scsi_disk_unit_attention_reported
;
2058 dc
->fw_name
= "disk";
2059 dc
->desc
= "virtual SCSI disk or CD-ROM (legacy)";
2060 dc
->reset
= scsi_disk_reset
;
2061 dc
->props
= scsi_disk_properties
;
2062 dc
->vmsd
= &vmstate_scsi_disk_state
;
2065 static TypeInfo scsi_disk_info
= {
2066 .name
= "scsi-disk",
2067 .parent
= TYPE_SCSI_DEVICE
,
2068 .instance_size
= sizeof(SCSIDiskState
),
2069 .class_init
= scsi_disk_class_initfn
,
2072 static void scsi_disk_register_types(void)
2074 type_register_static(&scsi_hd_info
);
2075 type_register_static(&scsi_cd_info
);
2077 type_register_static(&scsi_block_info
);
2079 type_register_static(&scsi_disk_info
);
2082 type_init(scsi_disk_register_types
)