]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
error: Move qemu_error & friends into their own header
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "block.h"
37 #include "scsi.h"
38 #include "scsi-defs.h"
39
40 #define SCSI_DMA_BUF_SIZE 131072
41 #define SCSI_MAX_INQUIRY_LEN 256
42
43 #define SCSI_REQ_STATUS_RETRY 0x01
44
45 typedef struct SCSIDiskState SCSIDiskState;
46
47 typedef struct SCSIDiskReq {
48 SCSIRequest req;
49 /* ??? We should probably keep track of whether the data transfer is
50 a read or a write. Currently we rely on the host getting it right. */
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 struct iovec iov;
55 QEMUIOVector qiov;
56 uint32_t status;
57 } SCSIDiskReq;
58
59 struct SCSIDiskState
60 {
61 SCSIDevice qdev;
62 BlockDriverState *bs;
63 /* The qemu block layer uses a fixed 512 byte sector size.
64 This is the number of 512 byte blocks in a single scsi sector. */
65 int cluster_size;
66 uint64_t max_lba;
67 QEMUBH *bh;
68 char *version;
69 };
70
71 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
72 {
73 SCSIRequest *req;
74 SCSIDiskReq *r;
75
76 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
77 r = DO_UPCAST(SCSIDiskReq, req, req);
78 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
79 return r;
80 }
81
82 static void scsi_remove_request(SCSIDiskReq *r)
83 {
84 qemu_vfree(r->iov.iov_base);
85 scsi_req_free(&r->req);
86 }
87
88 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
89 {
90 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
91 }
92
93 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
94 {
95 req->status = status;
96 scsi_dev_set_sense(req->dev, sense_code);
97 }
98
99 /* Helper function for command completion. */
100 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
101 {
102 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
103 r->req.tag, status, sense);
104 scsi_req_set_status(&r->req, status, sense);
105 scsi_req_complete(&r->req);
106 scsi_remove_request(r);
107 }
108
109 /* Cancel a pending data transfer. */
110 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
111 {
112 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
113 SCSIDiskReq *r;
114 DPRINTF("Cancel tag=0x%x\n", tag);
115 r = scsi_find_request(s, tag);
116 if (r) {
117 if (r->req.aiocb)
118 bdrv_aio_cancel(r->req.aiocb);
119 r->req.aiocb = NULL;
120 scsi_remove_request(r);
121 }
122 }
123
124 static void scsi_read_complete(void * opaque, int ret)
125 {
126 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
127
128 if (ret) {
129 DPRINTF("IO error\n");
130 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
131 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
132 return;
133 }
134 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
135
136 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
137 }
138
139 /* Read more data from scsi device into buffer. */
140 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
141 {
142 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
143 SCSIDiskReq *r;
144 uint32_t n;
145
146 r = scsi_find_request(s, tag);
147 if (!r) {
148 BADF("Bad read tag 0x%x\n", tag);
149 /* ??? This is the wrong error. */
150 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
151 return;
152 }
153 if (r->sector_count == (uint32_t)-1) {
154 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
155 r->sector_count = 0;
156 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
157 return;
158 }
159 DPRINTF("Read sector_count=%d\n", r->sector_count);
160 if (r->sector_count == 0) {
161 scsi_command_complete(r, GOOD, NO_SENSE);
162 return;
163 }
164
165 n = r->sector_count;
166 if (n > SCSI_DMA_BUF_SIZE / 512)
167 n = SCSI_DMA_BUF_SIZE / 512;
168
169 r->iov.iov_len = n * 512;
170 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
171 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
172 scsi_read_complete, r);
173 if (r->req.aiocb == NULL)
174 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
175 r->sector += n;
176 r->sector_count -= n;
177 }
178
179 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
180 {
181 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
182 BlockInterfaceErrorAction action = drive_get_on_error(s->bs, 0);
183
184 if (action == BLOCK_ERR_IGNORE) {
185 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
186 return 0;
187 }
188
189 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
190 || action == BLOCK_ERR_STOP_ANY) {
191 r->status |= SCSI_REQ_STATUS_RETRY;
192 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
193 vm_stop(0);
194 } else {
195 scsi_command_complete(r, CHECK_CONDITION,
196 HARDWARE_ERROR);
197 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
198 }
199
200 return 1;
201 }
202
203 static void scsi_write_complete(void * opaque, int ret)
204 {
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
206 uint32_t len;
207 uint32_t n;
208
209 r->req.aiocb = NULL;
210
211 if (ret) {
212 if (scsi_handle_write_error(r, -ret))
213 return;
214 }
215
216 n = r->iov.iov_len / 512;
217 r->sector += n;
218 r->sector_count -= n;
219 if (r->sector_count == 0) {
220 scsi_command_complete(r, GOOD, NO_SENSE);
221 } else {
222 len = r->sector_count * 512;
223 if (len > SCSI_DMA_BUF_SIZE) {
224 len = SCSI_DMA_BUF_SIZE;
225 }
226 r->iov.iov_len = len;
227 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
228 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
229 }
230 }
231
232 static void scsi_write_request(SCSIDiskReq *r)
233 {
234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
235 uint32_t n;
236
237 n = r->iov.iov_len / 512;
238 if (n) {
239 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
240 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
241 scsi_write_complete, r);
242 if (r->req.aiocb == NULL)
243 scsi_command_complete(r, CHECK_CONDITION,
244 HARDWARE_ERROR);
245 } else {
246 /* Invoke completion routine to fetch data from host. */
247 scsi_write_complete(r, 0);
248 }
249 }
250
251 /* Write data to a scsi device. Returns nonzero on failure.
252 The transfer may complete asynchronously. */
253 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
254 {
255 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
256 SCSIDiskReq *r;
257
258 DPRINTF("Write data tag=0x%x\n", tag);
259 r = scsi_find_request(s, tag);
260 if (!r) {
261 BADF("Bad write tag 0x%x\n", tag);
262 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
263 return 1;
264 }
265
266 if (r->req.aiocb)
267 BADF("Data transfer already in progress\n");
268
269 scsi_write_request(r);
270
271 return 0;
272 }
273
274 static void scsi_dma_restart_bh(void *opaque)
275 {
276 SCSIDiskState *s = opaque;
277 SCSIRequest *req;
278 SCSIDiskReq *r;
279
280 qemu_bh_delete(s->bh);
281 s->bh = NULL;
282
283 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
284 r = DO_UPCAST(SCSIDiskReq, req, req);
285 if (r->status & SCSI_REQ_STATUS_RETRY) {
286 r->status &= ~SCSI_REQ_STATUS_RETRY;
287 scsi_write_request(r);
288 }
289 }
290 }
291
292 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
293 {
294 SCSIDiskState *s = opaque;
295
296 if (!running)
297 return;
298
299 if (!s->bh) {
300 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
301 qemu_bh_schedule(s->bh);
302 }
303 }
304
305 /* Return a pointer to the data buffer. */
306 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
307 {
308 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
309 SCSIDiskReq *r;
310
311 r = scsi_find_request(s, tag);
312 if (!r) {
313 BADF("Bad buffer tag 0x%x\n", tag);
314 return NULL;
315 }
316 return (uint8_t *)r->iov.iov_base;
317 }
318
319 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
320 {
321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
322 int buflen = 0;
323
324 if (req->cmd.buf[1] & 0x2) {
325 /* Command support data - optional, not implemented */
326 BADF("optional INQUIRY command support request not implemented\n");
327 return -1;
328 }
329
330 if (req->cmd.buf[1] & 0x1) {
331 /* Vital product data */
332 uint8_t page_code = req->cmd.buf[2];
333 if (req->cmd.xfer < 4) {
334 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
335 "less than 4\n", page_code, req->cmd.xfer);
336 return -1;
337 }
338
339 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
340 outbuf[buflen++] = 5;
341 } else {
342 outbuf[buflen++] = 0;
343 }
344 outbuf[buflen++] = page_code ; // this page
345 outbuf[buflen++] = 0x00;
346
347 switch (page_code) {
348 case 0x00: /* Supported page codes, mandatory */
349 DPRINTF("Inquiry EVPD[Supported pages] "
350 "buffer size %zd\n", req->cmd.xfer);
351 outbuf[buflen++] = 4; // number of pages
352 outbuf[buflen++] = 0x00; // list of supported pages (this page)
353 outbuf[buflen++] = 0x80; // unit serial number
354 outbuf[buflen++] = 0x83; // device identification
355 outbuf[buflen++] = 0xb0; // block device characteristics
356 break;
357
358 case 0x80: /* Device serial number, optional */
359 {
360 const char *serial = req->dev->conf.dinfo->serial ?
361 req->dev->conf.dinfo->serial : "0";
362 int l = strlen(serial);
363
364 if (l > req->cmd.xfer)
365 l = req->cmd.xfer;
366 if (l > 20)
367 l = 20;
368
369 DPRINTF("Inquiry EVPD[Serial number] "
370 "buffer size %zd\n", req->cmd.xfer);
371 outbuf[buflen++] = l;
372 memcpy(outbuf+buflen, serial, l);
373 buflen += l;
374 break;
375 }
376
377 case 0x83: /* Device identification page, mandatory */
378 {
379 int max_len = 255 - 8;
380 int id_len = strlen(bdrv_get_device_name(s->bs));
381
382 if (id_len > max_len)
383 id_len = max_len;
384 DPRINTF("Inquiry EVPD[Device identification] "
385 "buffer size %zd\n", req->cmd.xfer);
386
387 outbuf[buflen++] = 3 + id_len;
388 outbuf[buflen++] = 0x2; // ASCII
389 outbuf[buflen++] = 0; // not officially assigned
390 outbuf[buflen++] = 0; // reserved
391 outbuf[buflen++] = id_len; // length of data following
392
393 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
394 buflen += id_len;
395 break;
396 }
397 case 0xb0: /* block device characteristics */
398 {
399 unsigned int min_io_size = s->qdev.conf.min_io_size >> 9;
400 unsigned int opt_io_size = s->qdev.conf.opt_io_size >> 9;
401
402 /* required VPD size with unmap support */
403 outbuf[3] = buflen = 0x3c;
404
405 memset(outbuf + 4, 0, buflen - 4);
406
407 /* optimal transfer length granularity */
408 outbuf[6] = (min_io_size >> 8) & 0xff;
409 outbuf[7] = min_io_size & 0xff;
410
411 /* optimal transfer length */
412 outbuf[12] = (opt_io_size >> 24) & 0xff;
413 outbuf[13] = (opt_io_size >> 16) & 0xff;
414 outbuf[14] = (opt_io_size >> 8) & 0xff;
415 outbuf[15] = opt_io_size & 0xff;
416 break;
417 }
418 default:
419 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
420 "buffer size %zd\n", page_code, req->cmd.xfer);
421 return -1;
422 }
423 /* done with EVPD */
424 return buflen;
425 }
426
427 /* Standard INQUIRY data */
428 if (req->cmd.buf[2] != 0) {
429 BADF("Error: Inquiry (STANDARD) page or code "
430 "is non-zero [%02X]\n", req->cmd.buf[2]);
431 return -1;
432 }
433
434 /* PAGE CODE == 0 */
435 if (req->cmd.xfer < 5) {
436 BADF("Error: Inquiry (STANDARD) buffer size %zd "
437 "is less than 5\n", req->cmd.xfer);
438 return -1;
439 }
440
441 buflen = req->cmd.xfer;
442 if (buflen > SCSI_MAX_INQUIRY_LEN)
443 buflen = SCSI_MAX_INQUIRY_LEN;
444
445 memset(outbuf, 0, buflen);
446
447 if (req->lun || req->cmd.buf[1] >> 5) {
448 outbuf[0] = 0x7f; /* LUN not supported */
449 return buflen;
450 }
451
452 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
453 outbuf[0] = 5;
454 outbuf[1] = 0x80;
455 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
456 } else {
457 outbuf[0] = 0;
458 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
459 }
460 memcpy(&outbuf[8], "QEMU ", 8);
461 memcpy(&outbuf[32], s->version ? s->version : QEMU_VERSION, 4);
462 /*
463 * We claim conformance to SPC-3, which is required for guests
464 * to ask for modern features like READ CAPACITY(16) or the
465 * block characteristics VPD page by default. Not all of SPC-3
466 * is actually implemented, but we're good enough.
467 */
468 outbuf[2] = 5;
469 outbuf[3] = 2; /* Format 2 */
470
471 if (buflen > 36) {
472 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
473 } else {
474 /* If the allocation length of CDB is too small,
475 the additional length is not adjusted */
476 outbuf[4] = 36 - 5;
477 }
478
479 /* Sync data transfer and TCQ. */
480 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
481 return buflen;
482 }
483
484 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
485 {
486 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
487 BlockDriverState *bdrv = s->bs;
488 int cylinders, heads, secs;
489
490 switch (page) {
491 case 4: /* Rigid disk device geometry page. */
492 p[0] = 4;
493 p[1] = 0x16;
494 /* if a geometry hint is available, use it */
495 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
496 p[2] = (cylinders >> 16) & 0xff;
497 p[3] = (cylinders >> 8) & 0xff;
498 p[4] = cylinders & 0xff;
499 p[5] = heads & 0xff;
500 /* Write precomp start cylinder, disabled */
501 p[6] = (cylinders >> 16) & 0xff;
502 p[7] = (cylinders >> 8) & 0xff;
503 p[8] = cylinders & 0xff;
504 /* Reduced current start cylinder, disabled */
505 p[9] = (cylinders >> 16) & 0xff;
506 p[10] = (cylinders >> 8) & 0xff;
507 p[11] = cylinders & 0xff;
508 /* Device step rate [ns], 200ns */
509 p[12] = 0;
510 p[13] = 200;
511 /* Landing zone cylinder */
512 p[14] = 0xff;
513 p[15] = 0xff;
514 p[16] = 0xff;
515 /* Medium rotation rate [rpm], 5400 rpm */
516 p[20] = (5400 >> 8) & 0xff;
517 p[21] = 5400 & 0xff;
518 return 0x16;
519
520 case 5: /* Flexible disk device geometry page. */
521 p[0] = 5;
522 p[1] = 0x1e;
523 /* Transfer rate [kbit/s], 5Mbit/s */
524 p[2] = 5000 >> 8;
525 p[3] = 5000 & 0xff;
526 /* if a geometry hint is available, use it */
527 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
528 p[4] = heads & 0xff;
529 p[5] = secs & 0xff;
530 p[6] = s->cluster_size * 2;
531 p[8] = (cylinders >> 8) & 0xff;
532 p[9] = cylinders & 0xff;
533 /* Write precomp start cylinder, disabled */
534 p[10] = (cylinders >> 8) & 0xff;
535 p[11] = cylinders & 0xff;
536 /* Reduced current start cylinder, disabled */
537 p[12] = (cylinders >> 8) & 0xff;
538 p[13] = cylinders & 0xff;
539 /* Device step rate [100us], 100us */
540 p[14] = 0;
541 p[15] = 1;
542 /* Device step pulse width [us], 1us */
543 p[16] = 1;
544 /* Device head settle delay [100us], 100us */
545 p[17] = 0;
546 p[18] = 1;
547 /* Motor on delay [0.1s], 0.1s */
548 p[19] = 1;
549 /* Motor off delay [0.1s], 0.1s */
550 p[20] = 1;
551 /* Medium rotation rate [rpm], 5400 rpm */
552 p[28] = (5400 >> 8) & 0xff;
553 p[29] = 5400 & 0xff;
554 return 0x1e;
555
556 case 8: /* Caching page. */
557 p[0] = 8;
558 p[1] = 0x12;
559 if (bdrv_enable_write_cache(s->bs)) {
560 p[2] = 4; /* WCE */
561 }
562 return 20;
563
564 case 0x2a: /* CD Capabilities and Mechanical Status page. */
565 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
566 return 0;
567 p[0] = 0x2a;
568 p[1] = 0x14;
569 p[2] = 3; // CD-R & CD-RW read
570 p[3] = 0; // Writing not supported
571 p[4] = 0x7f; /* Audio, composite, digital out,
572 mode 2 form 1&2, multi session */
573 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
574 RW corrected, C2 errors, ISRC,
575 UPC, Bar code */
576 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
577 /* Locking supported, jumper present, eject, tray */
578 p[7] = 0; /* no volume & mute control, no
579 changer */
580 p[8] = (50 * 176) >> 8; // 50x read speed
581 p[9] = (50 * 176) & 0xff;
582 p[10] = 0 >> 8; // No volume
583 p[11] = 0 & 0xff;
584 p[12] = 2048 >> 8; // 2M buffer
585 p[13] = 2048 & 0xff;
586 p[14] = (16 * 176) >> 8; // 16x read speed current
587 p[15] = (16 * 176) & 0xff;
588 p[18] = (16 * 176) >> 8; // 16x write speed
589 p[19] = (16 * 176) & 0xff;
590 p[20] = (16 * 176) >> 8; // 16x write speed current
591 p[21] = (16 * 176) & 0xff;
592 return 22;
593
594 default:
595 return 0;
596 }
597 }
598
599 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
600 {
601 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
602 uint64_t nb_sectors;
603 int page, dbd, buflen;
604 uint8_t *p;
605
606 dbd = req->cmd.buf[1] & 0x8;
607 page = req->cmd.buf[2] & 0x3f;
608 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
609 memset(outbuf, 0, req->cmd.xfer);
610 p = outbuf;
611
612 p[1] = 0; /* Default media type. */
613 p[3] = 0; /* Block descriptor length. */
614 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM ||
615 bdrv_is_read_only(s->bs)) {
616 p[2] = 0x80; /* Readonly. */
617 }
618 p += 4;
619
620 bdrv_get_geometry(s->bs, &nb_sectors);
621 if ((~dbd) & nb_sectors) {
622 outbuf[3] = 8; /* Block descriptor length */
623 nb_sectors /= s->cluster_size;
624 nb_sectors--;
625 if (nb_sectors > 0xffffff)
626 nb_sectors = 0xffffff;
627 p[0] = 0; /* media density code */
628 p[1] = (nb_sectors >> 16) & 0xff;
629 p[2] = (nb_sectors >> 8) & 0xff;
630 p[3] = nb_sectors & 0xff;
631 p[4] = 0; /* reserved */
632 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
633 p[6] = s->cluster_size * 2;
634 p[7] = 0;
635 p += 8;
636 }
637
638 switch (page) {
639 case 0x04:
640 case 0x05:
641 case 0x08:
642 case 0x2a:
643 p += mode_sense_page(req, page, p);
644 break;
645 case 0x3f:
646 p += mode_sense_page(req, 0x08, p);
647 p += mode_sense_page(req, 0x2a, p);
648 break;
649 }
650
651 buflen = p - outbuf;
652 outbuf[0] = buflen - 4;
653 if (buflen > req->cmd.xfer)
654 buflen = req->cmd.xfer;
655 return buflen;
656 }
657
658 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
659 {
660 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
661 int start_track, format, msf, toclen;
662 uint64_t nb_sectors;
663
664 msf = req->cmd.buf[1] & 2;
665 format = req->cmd.buf[2] & 0xf;
666 start_track = req->cmd.buf[6];
667 bdrv_get_geometry(s->bs, &nb_sectors);
668 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
669 nb_sectors /= s->cluster_size;
670 switch (format) {
671 case 0:
672 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
673 break;
674 case 1:
675 /* multi session : only a single session defined */
676 toclen = 12;
677 memset(outbuf, 0, 12);
678 outbuf[1] = 0x0a;
679 outbuf[2] = 0x01;
680 outbuf[3] = 0x01;
681 break;
682 case 2:
683 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
684 break;
685 default:
686 return -1;
687 }
688 if (toclen > req->cmd.xfer)
689 toclen = req->cmd.xfer;
690 return toclen;
691 }
692
693 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
694 {
695 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
696 uint64_t nb_sectors;
697 int buflen = 0;
698
699 switch (req->cmd.buf[0]) {
700 case TEST_UNIT_READY:
701 if (!bdrv_is_inserted(s->bs))
702 goto not_ready;
703 break;
704 case REQUEST_SENSE:
705 if (req->cmd.xfer < 4)
706 goto illegal_request;
707 memset(outbuf, 0, 4);
708 buflen = 4;
709 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
710 memset(outbuf, 0, 18);
711 buflen = 18;
712 outbuf[7] = 10;
713 /* asc 0x3a, ascq 0: Medium not present */
714 outbuf[12] = 0x3a;
715 outbuf[13] = 0;
716 }
717 outbuf[0] = 0xf0;
718 outbuf[1] = 0;
719 outbuf[2] = req->dev->sense.key;
720 scsi_dev_clear_sense(req->dev);
721 break;
722 case INQUIRY:
723 buflen = scsi_disk_emulate_inquiry(req, outbuf);
724 if (buflen < 0)
725 goto illegal_request;
726 break;
727 case MODE_SENSE:
728 case MODE_SENSE_10:
729 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
730 if (buflen < 0)
731 goto illegal_request;
732 break;
733 case READ_TOC:
734 buflen = scsi_disk_emulate_read_toc(req, outbuf);
735 if (buflen < 0)
736 goto illegal_request;
737 break;
738 case RESERVE:
739 if (req->cmd.buf[1] & 1)
740 goto illegal_request;
741 break;
742 case RESERVE_10:
743 if (req->cmd.buf[1] & 3)
744 goto illegal_request;
745 break;
746 case RELEASE:
747 if (req->cmd.buf[1] & 1)
748 goto illegal_request;
749 break;
750 case RELEASE_10:
751 if (req->cmd.buf[1] & 3)
752 goto illegal_request;
753 break;
754 case START_STOP:
755 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
756 /* load/eject medium */
757 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
758 }
759 break;
760 case ALLOW_MEDIUM_REMOVAL:
761 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
762 break;
763 case READ_CAPACITY:
764 /* The normal LEN field for this command is zero. */
765 memset(outbuf, 0, 8);
766 bdrv_get_geometry(s->bs, &nb_sectors);
767 if (!nb_sectors)
768 goto not_ready;
769 nb_sectors /= s->cluster_size;
770 /* Returned value is the address of the last sector. */
771 nb_sectors--;
772 /* Remember the new size for read/write sanity checking. */
773 s->max_lba = nb_sectors;
774 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
775 if (nb_sectors > UINT32_MAX)
776 nb_sectors = UINT32_MAX;
777 outbuf[0] = (nb_sectors >> 24) & 0xff;
778 outbuf[1] = (nb_sectors >> 16) & 0xff;
779 outbuf[2] = (nb_sectors >> 8) & 0xff;
780 outbuf[3] = nb_sectors & 0xff;
781 outbuf[4] = 0;
782 outbuf[5] = 0;
783 outbuf[6] = s->cluster_size * 2;
784 outbuf[7] = 0;
785 buflen = 8;
786 break;
787 case SYNCHRONIZE_CACHE:
788 bdrv_flush(s->bs);
789 break;
790 case GET_CONFIGURATION:
791 memset(outbuf, 0, 8);
792 /* ??? This should probably return much more information. For now
793 just return the basic header indicating the CD-ROM profile. */
794 outbuf[7] = 8; // CD-ROM
795 buflen = 8;
796 break;
797 case SERVICE_ACTION_IN:
798 /* Service Action In subcommands. */
799 if ((req->cmd.buf[1] & 31) == 0x10) {
800 DPRINTF("SAI READ CAPACITY(16)\n");
801 memset(outbuf, 0, req->cmd.xfer);
802 bdrv_get_geometry(s->bs, &nb_sectors);
803 if (!nb_sectors)
804 goto not_ready;
805 nb_sectors /= s->cluster_size;
806 /* Returned value is the address of the last sector. */
807 nb_sectors--;
808 /* Remember the new size for read/write sanity checking. */
809 s->max_lba = nb_sectors;
810 outbuf[0] = (nb_sectors >> 56) & 0xff;
811 outbuf[1] = (nb_sectors >> 48) & 0xff;
812 outbuf[2] = (nb_sectors >> 40) & 0xff;
813 outbuf[3] = (nb_sectors >> 32) & 0xff;
814 outbuf[4] = (nb_sectors >> 24) & 0xff;
815 outbuf[5] = (nb_sectors >> 16) & 0xff;
816 outbuf[6] = (nb_sectors >> 8) & 0xff;
817 outbuf[7] = nb_sectors & 0xff;
818 outbuf[8] = 0;
819 outbuf[9] = 0;
820 outbuf[10] = s->cluster_size * 2;
821 outbuf[11] = 0;
822 outbuf[12] = 0;
823 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
824 /* Protection, exponent and lowest lba field left blank. */
825 buflen = req->cmd.xfer;
826 break;
827 }
828 DPRINTF("Unsupported Service Action In\n");
829 goto illegal_request;
830 case REPORT_LUNS:
831 if (req->cmd.xfer < 16)
832 goto illegal_request;
833 memset(outbuf, 0, 16);
834 outbuf[3] = 8;
835 buflen = 16;
836 break;
837 case VERIFY:
838 break;
839 default:
840 goto illegal_request;
841 }
842 scsi_req_set_status(req, GOOD, NO_SENSE);
843 return buflen;
844
845 not_ready:
846 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
847 return 0;
848
849 illegal_request:
850 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
851 return 0;
852 }
853
854 /* Execute a scsi command. Returns the length of the data expected by the
855 command. This will be Positive for data transfers from the device
856 (eg. disk reads), negative for transfers to the device (eg. disk writes),
857 and zero if the command does not transfer any data. */
858
859 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
860 uint8_t *buf, int lun)
861 {
862 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
863 uint64_t lba;
864 uint32_t len;
865 int cmdlen;
866 int is_write;
867 uint8_t command;
868 uint8_t *outbuf;
869 SCSIDiskReq *r;
870 int rc;
871
872 command = buf[0];
873 r = scsi_find_request(s, tag);
874 if (r) {
875 BADF("Tag 0x%x already in use\n", tag);
876 scsi_cancel_io(d, tag);
877 }
878 /* ??? Tags are not unique for different luns. We only implement a
879 single lun, so this should not matter. */
880 r = scsi_new_request(d, tag, lun);
881 outbuf = (uint8_t *)r->iov.iov_base;
882 is_write = 0;
883 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
884 switch (command >> 5) {
885 case 0:
886 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
887 (((uint64_t) buf[1] & 0x1f) << 16);
888 len = buf[4];
889 cmdlen = 6;
890 break;
891 case 1:
892 case 2:
893 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
894 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
895 len = buf[8] | (buf[7] << 8);
896 cmdlen = 10;
897 break;
898 case 4:
899 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
900 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
901 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
902 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
903 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
904 cmdlen = 16;
905 break;
906 case 5:
907 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
908 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
909 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
910 cmdlen = 12;
911 break;
912 default:
913 BADF("Unsupported command length, command %x\n", command);
914 goto fail;
915 }
916 #ifdef DEBUG_SCSI
917 {
918 int i;
919 for (i = 1; i < cmdlen; i++) {
920 printf(" 0x%02x", buf[i]);
921 }
922 printf("\n");
923 }
924 #endif
925
926 if (scsi_req_parse(&r->req, buf) != 0) {
927 BADF("Unsupported command length, command %x\n", command);
928 goto fail;
929 }
930 assert(r->req.cmd.len == cmdlen);
931 assert(r->req.cmd.lba == lba);
932
933 if (lun || buf[1] >> 5) {
934 /* Only LUN 0 supported. */
935 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
936 if (command != REQUEST_SENSE && command != INQUIRY)
937 goto fail;
938 }
939 switch (command) {
940 case TEST_UNIT_READY:
941 case REQUEST_SENSE:
942 case INQUIRY:
943 case MODE_SENSE:
944 case MODE_SENSE_10:
945 case RESERVE:
946 case RESERVE_10:
947 case RELEASE:
948 case RELEASE_10:
949 case START_STOP:
950 case ALLOW_MEDIUM_REMOVAL:
951 case READ_CAPACITY:
952 case SYNCHRONIZE_CACHE:
953 case READ_TOC:
954 case GET_CONFIGURATION:
955 case SERVICE_ACTION_IN:
956 case REPORT_LUNS:
957 case VERIFY:
958 rc = scsi_disk_emulate_command(&r->req, outbuf);
959 if (rc > 0) {
960 r->iov.iov_len = rc;
961 } else {
962 scsi_req_complete(&r->req);
963 scsi_remove_request(r);
964 return 0;
965 }
966 break;
967 case READ_6:
968 case READ_10:
969 case READ_12:
970 case READ_16:
971 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
972 if (lba > s->max_lba)
973 goto illegal_lba;
974 r->sector = lba * s->cluster_size;
975 r->sector_count = len * s->cluster_size;
976 break;
977 case WRITE_6:
978 case WRITE_10:
979 case WRITE_12:
980 case WRITE_16:
981 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
982 if (lba > s->max_lba)
983 goto illegal_lba;
984 r->sector = lba * s->cluster_size;
985 r->sector_count = len * s->cluster_size;
986 is_write = 1;
987 break;
988 default:
989 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
990 fail:
991 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
992 return 0;
993 illegal_lba:
994 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
995 return 0;
996 }
997 if (r->sector_count == 0 && r->iov.iov_len == 0) {
998 scsi_command_complete(r, GOOD, NO_SENSE);
999 }
1000 len = r->sector_count * 512 + r->iov.iov_len;
1001 if (is_write) {
1002 return -len;
1003 } else {
1004 if (!r->sector_count)
1005 r->sector_count = -1;
1006 return len;
1007 }
1008 }
1009
1010 static void scsi_destroy(SCSIDevice *dev)
1011 {
1012 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1013 SCSIDiskReq *r;
1014
1015 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1016 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1017 scsi_remove_request(r);
1018 }
1019 drive_uninit(s->qdev.conf.dinfo);
1020 }
1021
1022 static int scsi_disk_initfn(SCSIDevice *dev)
1023 {
1024 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1025 uint64_t nb_sectors;
1026
1027 if (!s->qdev.conf.dinfo || !s->qdev.conf.dinfo->bdrv) {
1028 qemu_error("scsi-disk: drive property not set\n");
1029 return -1;
1030 }
1031 s->bs = s->qdev.conf.dinfo->bdrv;
1032
1033 if (bdrv_is_sg(s->bs)) {
1034 qemu_error("scsi-disk: unwanted /dev/sg*\n");
1035 return -1;
1036 }
1037
1038 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1039 s->cluster_size = 4;
1040 } else {
1041 s->cluster_size = 1;
1042 }
1043 s->qdev.blocksize = 512 * s->cluster_size;
1044 s->qdev.type = TYPE_DISK;
1045 bdrv_get_geometry(s->bs, &nb_sectors);
1046 nb_sectors /= s->cluster_size;
1047 if (nb_sectors)
1048 nb_sectors--;
1049 s->max_lba = nb_sectors;
1050 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1051 return 0;
1052 }
1053
1054 static SCSIDeviceInfo scsi_disk_info = {
1055 .qdev.name = "scsi-disk",
1056 .qdev.desc = "virtual scsi disk or cdrom",
1057 .qdev.size = sizeof(SCSIDiskState),
1058 .init = scsi_disk_initfn,
1059 .destroy = scsi_destroy,
1060 .send_command = scsi_send_command,
1061 .read_data = scsi_read_data,
1062 .write_data = scsi_write_data,
1063 .cancel_io = scsi_cancel_io,
1064 .get_buf = scsi_get_buf,
1065 .qdev.props = (Property[]) {
1066 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1067 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1068 DEFINE_PROP_END_OF_LIST(),
1069 },
1070 };
1071
1072 static void scsi_disk_register_devices(void)
1073 {
1074 scsi_qdev_register(&scsi_disk_info);
1075 }
1076 device_init(scsi_disk_register_devices)
Qemu copy for testing