]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #ifdef __linux
43 #include <scsi/sg.h>
44 #endif
45
46 #define SCSI_DMA_BUF_SIZE 131072
47 #define SCSI_MAX_INQUIRY_LEN 256
48
49 typedef struct SCSIDiskState SCSIDiskState;
50
51 typedef struct SCSIDiskReq {
52 SCSIRequest req;
53 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint64_t sector;
55 uint32_t sector_count;
56 uint32_t buflen;
57 struct iovec iov;
58 QEMUIOVector qiov;
59 BlockAcctCookie acct;
60 } SCSIDiskReq;
61
62 struct SCSIDiskState
63 {
64 SCSIDevice qdev;
65 uint32_t removable;
66 bool media_changed;
67 bool media_event;
68 bool eject_request;
69 QEMUBH *bh;
70 char *version;
71 char *serial;
72 bool tray_open;
73 bool tray_locked;
74 };
75
76 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
77
78 static void scsi_free_request(SCSIRequest *req)
79 {
80 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
81
82 if (r->iov.iov_base) {
83 qemu_vfree(r->iov.iov_base);
84 }
85 }
86
87 /* Helper function for command completion with sense. */
88 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
89 {
90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r->req.tag, sense.key, sense.asc, sense.ascq);
92 scsi_req_build_sense(&r->req, sense);
93 scsi_req_complete(&r->req, CHECK_CONDITION);
94 }
95
96 /* Cancel a pending data transfer. */
97 static void scsi_cancel_io(SCSIRequest *req)
98 {
99 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
100
101 DPRINTF("Cancel tag=0x%x\n", req->tag);
102 if (r->req.aiocb) {
103 bdrv_aio_cancel(r->req.aiocb);
104
105 /* This reference was left in by scsi_*_data. We take ownership of
106 * it the moment scsi_req_cancel is called, independent of whether
107 * bdrv_aio_cancel completes the request or not. */
108 scsi_req_unref(&r->req);
109 }
110 r->req.aiocb = NULL;
111 }
112
113 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
114 {
115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
116
117 if (!r->iov.iov_base) {
118 r->buflen = SCSI_DMA_BUF_SIZE;
119 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
120 }
121 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
122 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
123 return r->qiov.size / 512;
124 }
125
126 static void scsi_read_complete(void * opaque, int ret)
127 {
128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
130 int n;
131
132 if (r->req.aiocb != NULL) {
133 r->req.aiocb = NULL;
134 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
135 }
136
137 if (ret) {
138 if (scsi_handle_rw_error(r, -ret)) {
139 goto done;
140 }
141 }
142
143 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
144
145 n = r->qiov.size / 512;
146 r->sector += n;
147 r->sector_count -= n;
148 scsi_req_data(&r->req, r->qiov.size);
149
150 done:
151 if (!r->req.io_canceled) {
152 scsi_req_unref(&r->req);
153 }
154 }
155
156 static void scsi_flush_complete(void * opaque, int ret)
157 {
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 if (r->req.aiocb != NULL) {
162 r->req.aiocb = NULL;
163 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
164 }
165
166 if (ret < 0) {
167 if (scsi_handle_rw_error(r, -ret)) {
168 goto done;
169 }
170 }
171
172 scsi_req_complete(&r->req, GOOD);
173
174 done:
175 if (!r->req.io_canceled) {
176 scsi_req_unref(&r->req);
177 }
178 }
179
180 /* Read more data from scsi device into buffer. */
181 static void scsi_read_data(SCSIRequest *req)
182 {
183 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
185 uint32_t n;
186
187 if (r->sector_count == (uint32_t)-1) {
188 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
189 r->sector_count = 0;
190 scsi_req_data(&r->req, r->iov.iov_len);
191 return;
192 }
193 DPRINTF("Read sector_count=%d\n", r->sector_count);
194 if (r->sector_count == 0) {
195 /* This also clears the sense buffer for REQUEST SENSE. */
196 scsi_req_complete(&r->req, GOOD);
197 return;
198 }
199
200 /* No data transfer may already be in progress */
201 assert(r->req.aiocb == NULL);
202
203 /* The request is used as the AIO opaque value, so add a ref. */
204 scsi_req_ref(&r->req);
205 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
206 DPRINTF("Data transfer direction invalid\n");
207 scsi_read_complete(r, -EINVAL);
208 return;
209 }
210
211 if (s->tray_open) {
212 scsi_read_complete(r, -ENOMEDIUM);
213 return;
214 }
215
216 n = scsi_init_iovec(r);
217 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
218 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
219 scsi_read_complete, r);
220 }
221
222 /*
223 * scsi_handle_rw_error has two return values. 0 means that the error
224 * must be ignored, 1 means that the error has been processed and the
225 * caller should not do anything else for this request. Note that
226 * scsi_handle_rw_error always manages its reference counts, independent
227 * of the return value.
228 */
229 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
230 {
231 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
232 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
233 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
234
235 if (action == BLOCK_ERR_IGNORE) {
236 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
237 return 0;
238 }
239
240 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
241 || action == BLOCK_ERR_STOP_ANY) {
242
243 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
244 vm_stop(RUN_STATE_IO_ERROR);
245 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
246 scsi_req_retry(&r->req);
247 } else {
248 switch (error) {
249 case ENOMEDIUM:
250 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
251 break;
252 case ENOMEM:
253 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
254 break;
255 case EINVAL:
256 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
257 break;
258 default:
259 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
260 break;
261 }
262 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
263 }
264 return 1;
265 }
266
267 static void scsi_write_complete(void * opaque, int ret)
268 {
269 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
271 uint32_t n;
272
273 if (r->req.aiocb != NULL) {
274 r->req.aiocb = NULL;
275 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
276 }
277
278 if (ret) {
279 if (scsi_handle_rw_error(r, -ret)) {
280 goto done;
281 }
282 }
283
284 n = r->qiov.size / 512;
285 r->sector += n;
286 r->sector_count -= n;
287 if (r->sector_count == 0) {
288 scsi_req_complete(&r->req, GOOD);
289 } else {
290 scsi_init_iovec(r);
291 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
292 scsi_req_data(&r->req, r->qiov.size);
293 }
294
295 done:
296 if (!r->req.io_canceled) {
297 scsi_req_unref(&r->req);
298 }
299 }
300
301 static void scsi_write_data(SCSIRequest *req)
302 {
303 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
305 uint32_t n;
306
307 /* No data transfer may already be in progress */
308 assert(r->req.aiocb == NULL);
309
310 /* The request is used as the AIO opaque value, so add a ref. */
311 scsi_req_ref(&r->req);
312 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
313 DPRINTF("Data transfer direction invalid\n");
314 scsi_write_complete(r, -EINVAL);
315 return;
316 }
317
318 n = r->qiov.size / 512;
319 if (n) {
320 if (s->tray_open) {
321 scsi_write_complete(r, -ENOMEDIUM);
322 return;
323 }
324 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
325 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
326 scsi_write_complete, r);
327 } else {
328 /* Called for the first time. Ask the driver to send us more data. */
329 scsi_write_complete(r, 0);
330 }
331 }
332
333 /* Return a pointer to the data buffer. */
334 static uint8_t *scsi_get_buf(SCSIRequest *req)
335 {
336 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
337
338 return (uint8_t *)r->iov.iov_base;
339 }
340
341 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
342 {
343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
344 int buflen = 0;
345
346 if (req->cmd.buf[1] & 0x2) {
347 /* Command support data - optional, not implemented */
348 BADF("optional INQUIRY command support request not implemented\n");
349 return -1;
350 }
351
352 if (req->cmd.buf[1] & 0x1) {
353 /* Vital product data */
354 uint8_t page_code = req->cmd.buf[2];
355 if (req->cmd.xfer < 4) {
356 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
357 "less than 4\n", page_code, req->cmd.xfer);
358 return -1;
359 }
360
361 outbuf[buflen++] = s->qdev.type & 0x1f;
362 outbuf[buflen++] = page_code ; // this page
363 outbuf[buflen++] = 0x00;
364
365 switch (page_code) {
366 case 0x00: /* Supported page codes, mandatory */
367 {
368 int pages;
369 DPRINTF("Inquiry EVPD[Supported pages] "
370 "buffer size %zd\n", req->cmd.xfer);
371 pages = buflen++;
372 outbuf[buflen++] = 0x00; // list of supported pages (this page)
373 if (s->serial) {
374 outbuf[buflen++] = 0x80; // unit serial number
375 }
376 outbuf[buflen++] = 0x83; // device identification
377 if (s->qdev.type == TYPE_DISK) {
378 outbuf[buflen++] = 0xb0; // block limits
379 outbuf[buflen++] = 0xb2; // thin provisioning
380 }
381 outbuf[pages] = buflen - pages - 1; // number of pages
382 break;
383 }
384 case 0x80: /* Device serial number, optional */
385 {
386 int l;
387
388 if (!s->serial) {
389 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
390 return -1;
391 }
392
393 l = strlen(s->serial);
394 if (l > 20) {
395 l = 20;
396 }
397
398 DPRINTF("Inquiry EVPD[Serial number] "
399 "buffer size %zd\n", req->cmd.xfer);
400 outbuf[buflen++] = l;
401 memcpy(outbuf+buflen, s->serial, l);
402 buflen += l;
403 break;
404 }
405
406 case 0x83: /* Device identification page, mandatory */
407 {
408 int max_len = 255 - 8;
409 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
410
411 if (id_len > max_len) {
412 id_len = max_len;
413 }
414 DPRINTF("Inquiry EVPD[Device identification] "
415 "buffer size %zd\n", req->cmd.xfer);
416
417 outbuf[buflen++] = 4 + id_len;
418 outbuf[buflen++] = 0x2; // ASCII
419 outbuf[buflen++] = 0; // not officially assigned
420 outbuf[buflen++] = 0; // reserved
421 outbuf[buflen++] = id_len; // length of data following
422
423 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
424 buflen += id_len;
425 break;
426 }
427 case 0xb0: /* block limits */
428 {
429 unsigned int unmap_sectors =
430 s->qdev.conf.discard_granularity / s->qdev.blocksize;
431 unsigned int min_io_size =
432 s->qdev.conf.min_io_size / s->qdev.blocksize;
433 unsigned int opt_io_size =
434 s->qdev.conf.opt_io_size / s->qdev.blocksize;
435
436 if (s->qdev.type == TYPE_ROM) {
437 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
438 page_code);
439 return -1;
440 }
441 /* required VPD size with unmap support */
442 outbuf[3] = buflen = 0x3c;
443
444 memset(outbuf + 4, 0, buflen - 4);
445
446 /* optimal transfer length granularity */
447 outbuf[6] = (min_io_size >> 8) & 0xff;
448 outbuf[7] = min_io_size & 0xff;
449
450 /* optimal transfer length */
451 outbuf[12] = (opt_io_size >> 24) & 0xff;
452 outbuf[13] = (opt_io_size >> 16) & 0xff;
453 outbuf[14] = (opt_io_size >> 8) & 0xff;
454 outbuf[15] = opt_io_size & 0xff;
455
456 /* optimal unmap granularity */
457 outbuf[28] = (unmap_sectors >> 24) & 0xff;
458 outbuf[29] = (unmap_sectors >> 16) & 0xff;
459 outbuf[30] = (unmap_sectors >> 8) & 0xff;
460 outbuf[31] = unmap_sectors & 0xff;
461 break;
462 }
463 case 0xb2: /* thin provisioning */
464 {
465 outbuf[3] = buflen = 8;
466 outbuf[4] = 0;
467 outbuf[5] = 0x40; /* write same with unmap supported */
468 outbuf[6] = 0;
469 outbuf[7] = 0;
470 break;
471 }
472 default:
473 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
474 "buffer size %zd\n", page_code, req->cmd.xfer);
475 return -1;
476 }
477 /* done with EVPD */
478 return buflen;
479 }
480
481 /* Standard INQUIRY data */
482 if (req->cmd.buf[2] != 0) {
483 BADF("Error: Inquiry (STANDARD) page or code "
484 "is non-zero [%02X]\n", req->cmd.buf[2]);
485 return -1;
486 }
487
488 /* PAGE CODE == 0 */
489 if (req->cmd.xfer < 5) {
490 BADF("Error: Inquiry (STANDARD) buffer size %zd "
491 "is less than 5\n", req->cmd.xfer);
492 return -1;
493 }
494
495 buflen = req->cmd.xfer;
496 if (buflen > SCSI_MAX_INQUIRY_LEN) {
497 buflen = SCSI_MAX_INQUIRY_LEN;
498 }
499 memset(outbuf, 0, buflen);
500
501 outbuf[0] = s->qdev.type & 0x1f;
502 outbuf[1] = s->removable ? 0x80 : 0;
503 if (s->qdev.type == TYPE_ROM) {
504 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
505 } else {
506 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
507 }
508 memcpy(&outbuf[8], "QEMU ", 8);
509 memset(&outbuf[32], 0, 4);
510 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
511 /*
512 * We claim conformance to SPC-3, which is required for guests
513 * to ask for modern features like READ CAPACITY(16) or the
514 * block characteristics VPD page by default. Not all of SPC-3
515 * is actually implemented, but we're good enough.
516 */
517 outbuf[2] = 5;
518 outbuf[3] = 2; /* Format 2 */
519
520 if (buflen > 36) {
521 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
522 } else {
523 /* If the allocation length of CDB is too small,
524 the additional length is not adjusted */
525 outbuf[4] = 36 - 5;
526 }
527
528 /* Sync data transfer and TCQ. */
529 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
530 return buflen;
531 }
532
533 static inline bool media_is_dvd(SCSIDiskState *s)
534 {
535 uint64_t nb_sectors;
536 if (s->qdev.type != TYPE_ROM) {
537 return false;
538 }
539 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
540 return false;
541 }
542 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
543 return nb_sectors > CD_MAX_SECTORS;
544 }
545
546 static inline bool media_is_cd(SCSIDiskState *s)
547 {
548 uint64_t nb_sectors;
549 if (s->qdev.type != TYPE_ROM) {
550 return false;
551 }
552 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
553 return false;
554 }
555 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
556 return nb_sectors <= CD_MAX_SECTORS;
557 }
558
559 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
560 uint8_t *outbuf)
561 {
562 static const int rds_caps_size[5] = {
563 [0] = 2048 + 4,
564 [1] = 4 + 4,
565 [3] = 188 + 4,
566 [4] = 2048 + 4,
567 };
568
569 uint8_t media = r->req.cmd.buf[1];
570 uint8_t layer = r->req.cmd.buf[6];
571 uint8_t format = r->req.cmd.buf[7];
572 int size = -1;
573
574 if (s->qdev.type != TYPE_ROM) {
575 return -1;
576 }
577 if (media != 0) {
578 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
579 return -1;
580 }
581
582 if (format != 0xff) {
583 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
584 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
585 return -1;
586 }
587 if (media_is_cd(s)) {
588 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
589 return -1;
590 }
591 if (format >= ARRAY_SIZE(rds_caps_size)) {
592 return -1;
593 }
594 size = rds_caps_size[format];
595 memset(outbuf, 0, size);
596 }
597
598 switch (format) {
599 case 0x00: {
600 /* Physical format information */
601 uint64_t nb_sectors;
602 if (layer != 0) {
603 goto fail;
604 }
605 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
606
607 outbuf[4] = 1; /* DVD-ROM, part version 1 */
608 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
609 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
610 outbuf[7] = 0; /* default densities */
611
612 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
613 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
614 break;
615 }
616
617 case 0x01: /* DVD copyright information, all zeros */
618 break;
619
620 case 0x03: /* BCA information - invalid field for no BCA info */
621 return -1;
622
623 case 0x04: /* DVD disc manufacturing information, all zeros */
624 break;
625
626 case 0xff: { /* List capabilities */
627 int i;
628 size = 4;
629 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
630 if (!rds_caps_size[i]) {
631 continue;
632 }
633 outbuf[size] = i;
634 outbuf[size + 1] = 0x40; /* Not writable, readable */
635 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
636 size += 4;
637 }
638 break;
639 }
640
641 default:
642 return -1;
643 }
644
645 /* Size of buffer, not including 2 byte size field */
646 stw_be_p(outbuf, size - 2);
647 return size;
648
649 fail:
650 return -1;
651 }
652
653 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
654 {
655 uint8_t event_code, media_status;
656
657 media_status = 0;
658 if (s->tray_open) {
659 media_status = MS_TRAY_OPEN;
660 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
661 media_status = MS_MEDIA_PRESENT;
662 }
663
664 /* Event notification descriptor */
665 event_code = MEC_NO_CHANGE;
666 if (media_status != MS_TRAY_OPEN) {
667 if (s->media_event) {
668 event_code = MEC_NEW_MEDIA;
669 s->media_event = false;
670 } else if (s->eject_request) {
671 event_code = MEC_EJECT_REQUESTED;
672 s->eject_request = false;
673 }
674 }
675
676 outbuf[0] = event_code;
677 outbuf[1] = media_status;
678
679 /* These fields are reserved, just clear them. */
680 outbuf[2] = 0;
681 outbuf[3] = 0;
682 return 4;
683 }
684
685 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
686 uint8_t *outbuf)
687 {
688 int size;
689 uint8_t *buf = r->req.cmd.buf;
690 uint8_t notification_class_request = buf[4];
691 if (s->qdev.type != TYPE_ROM) {
692 return -1;
693 }
694 if ((buf[1] & 1) == 0) {
695 /* asynchronous */
696 return -1;
697 }
698
699 size = 4;
700 outbuf[0] = outbuf[1] = 0;
701 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
702 if (notification_class_request & (1 << GESN_MEDIA)) {
703 outbuf[2] = GESN_MEDIA;
704 size += scsi_event_status_media(s, &outbuf[size]);
705 } else {
706 outbuf[2] = 0x80;
707 }
708 stw_be_p(outbuf, size - 4);
709 return size;
710 }
711
712 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
713 {
714 int current;
715
716 if (s->qdev.type != TYPE_ROM) {
717 return -1;
718 }
719 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
720 memset(outbuf, 0, 40);
721 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
722 stw_be_p(&outbuf[6], current);
723 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
724 outbuf[10] = 0x03; /* persistent, current */
725 outbuf[11] = 8; /* two profiles */
726 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
727 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
728 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
729 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
730 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
731 stw_be_p(&outbuf[20], 1);
732 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
733 outbuf[23] = 8;
734 stl_be_p(&outbuf[24], 1); /* SCSI */
735 outbuf[28] = 1; /* DBE = 1, mandatory */
736 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
737 stw_be_p(&outbuf[32], 3);
738 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
739 outbuf[35] = 4;
740 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
741 /* TODO: Random readable, CD read, DVD read, drive serial number,
742 power management */
743 return 40;
744 }
745
746 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
747 {
748 if (s->qdev.type != TYPE_ROM) {
749 return -1;
750 }
751 memset(outbuf, 0, 8);
752 outbuf[5] = 1; /* CD-ROM */
753 return 8;
754 }
755
756 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
757 int page_control)
758 {
759 static const int mode_sense_valid[0x3f] = {
760 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
761 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
762 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
763 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
764 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
765 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
766 };
767
768 BlockDriverState *bdrv = s->qdev.conf.bs;
769 int cylinders, heads, secs;
770 uint8_t *p = *p_outbuf;
771
772 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
773 return -1;
774 }
775
776 p[0] = page;
777
778 /*
779 * If Changeable Values are requested, a mask denoting those mode parameters
780 * that are changeable shall be returned. As we currently don't support
781 * parameter changes via MODE_SELECT all bits are returned set to zero.
782 * The buffer was already menset to zero by the caller of this function.
783 */
784 switch (page) {
785 case MODE_PAGE_HD_GEOMETRY:
786 p[1] = 0x16;
787 if (page_control == 1) { /* Changeable Values */
788 break;
789 }
790 /* if a geometry hint is available, use it */
791 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
792 p[2] = (cylinders >> 16) & 0xff;
793 p[3] = (cylinders >> 8) & 0xff;
794 p[4] = cylinders & 0xff;
795 p[5] = heads & 0xff;
796 /* Write precomp start cylinder, disabled */
797 p[6] = (cylinders >> 16) & 0xff;
798 p[7] = (cylinders >> 8) & 0xff;
799 p[8] = cylinders & 0xff;
800 /* Reduced current start cylinder, disabled */
801 p[9] = (cylinders >> 16) & 0xff;
802 p[10] = (cylinders >> 8) & 0xff;
803 p[11] = cylinders & 0xff;
804 /* Device step rate [ns], 200ns */
805 p[12] = 0;
806 p[13] = 200;
807 /* Landing zone cylinder */
808 p[14] = 0xff;
809 p[15] = 0xff;
810 p[16] = 0xff;
811 /* Medium rotation rate [rpm], 5400 rpm */
812 p[20] = (5400 >> 8) & 0xff;
813 p[21] = 5400 & 0xff;
814 break;
815
816 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
817 p[1] = 0x1e;
818 if (page_control == 1) { /* Changeable Values */
819 break;
820 }
821 /* Transfer rate [kbit/s], 5Mbit/s */
822 p[2] = 5000 >> 8;
823 p[3] = 5000 & 0xff;
824 /* if a geometry hint is available, use it */
825 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
826 p[4] = heads & 0xff;
827 p[5] = secs & 0xff;
828 p[6] = s->qdev.blocksize >> 8;
829 p[8] = (cylinders >> 8) & 0xff;
830 p[9] = cylinders & 0xff;
831 /* Write precomp start cylinder, disabled */
832 p[10] = (cylinders >> 8) & 0xff;
833 p[11] = cylinders & 0xff;
834 /* Reduced current start cylinder, disabled */
835 p[12] = (cylinders >> 8) & 0xff;
836 p[13] = cylinders & 0xff;
837 /* Device step rate [100us], 100us */
838 p[14] = 0;
839 p[15] = 1;
840 /* Device step pulse width [us], 1us */
841 p[16] = 1;
842 /* Device head settle delay [100us], 100us */
843 p[17] = 0;
844 p[18] = 1;
845 /* Motor on delay [0.1s], 0.1s */
846 p[19] = 1;
847 /* Motor off delay [0.1s], 0.1s */
848 p[20] = 1;
849 /* Medium rotation rate [rpm], 5400 rpm */
850 p[28] = (5400 >> 8) & 0xff;
851 p[29] = 5400 & 0xff;
852 break;
853
854 case MODE_PAGE_CACHING:
855 p[0] = 8;
856 p[1] = 0x12;
857 if (page_control == 1) { /* Changeable Values */
858 break;
859 }
860 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
861 p[2] = 4; /* WCE */
862 }
863 break;
864
865 case MODE_PAGE_R_W_ERROR:
866 p[1] = 10;
867 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
868 if (s->qdev.type == TYPE_ROM) {
869 p[3] = 0x20; /* Read Retry Count */
870 }
871 break;
872
873 case MODE_PAGE_AUDIO_CTL:
874 p[1] = 14;
875 break;
876
877 case MODE_PAGE_CAPABILITIES:
878 p[1] = 0x14;
879 if (page_control == 1) { /* Changeable Values */
880 break;
881 }
882
883 p[2] = 0x3b; /* CD-R & CD-RW read */
884 p[3] = 0; /* Writing not supported */
885 p[4] = 0x7f; /* Audio, composite, digital out,
886 mode 2 form 1&2, multi session */
887 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
888 RW corrected, C2 errors, ISRC,
889 UPC, Bar code */
890 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
891 /* Locking supported, jumper present, eject, tray */
892 p[7] = 0; /* no volume & mute control, no
893 changer */
894 p[8] = (50 * 176) >> 8; /* 50x read speed */
895 p[9] = (50 * 176) & 0xff;
896 p[10] = 2 >> 8; /* Two volume levels */
897 p[11] = 2 & 0xff;
898 p[12] = 2048 >> 8; /* 2M buffer */
899 p[13] = 2048 & 0xff;
900 p[14] = (16 * 176) >> 8; /* 16x read speed current */
901 p[15] = (16 * 176) & 0xff;
902 p[18] = (16 * 176) >> 8; /* 16x write speed */
903 p[19] = (16 * 176) & 0xff;
904 p[20] = (16 * 176) >> 8; /* 16x write speed current */
905 p[21] = (16 * 176) & 0xff;
906 break;
907
908 default:
909 return -1;
910 }
911
912 *p_outbuf += p[1] + 2;
913 return p[1] + 2;
914 }
915
916 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
917 {
918 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
919 uint64_t nb_sectors;
920 int page, dbd, buflen, ret, page_control;
921 uint8_t *p;
922 uint8_t dev_specific_param;
923
924 dbd = r->req.cmd.buf[1] & 0x8;
925 page = r->req.cmd.buf[2] & 0x3f;
926 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
927 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
928 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
929 memset(outbuf, 0, r->req.cmd.xfer);
930 p = outbuf;
931
932 if (bdrv_is_read_only(s->qdev.conf.bs)) {
933 dev_specific_param = 0x80; /* Readonly. */
934 } else {
935 dev_specific_param = 0x00;
936 }
937
938 if (r->req.cmd.buf[0] == MODE_SENSE) {
939 p[1] = 0; /* Default media type. */
940 p[2] = dev_specific_param;
941 p[3] = 0; /* Block descriptor length. */
942 p += 4;
943 } else { /* MODE_SENSE_10 */
944 p[2] = 0; /* Default media type. */
945 p[3] = dev_specific_param;
946 p[6] = p[7] = 0; /* Block descriptor length. */
947 p += 8;
948 }
949
950 /* MMC prescribes that CD/DVD drives have no block descriptors. */
951 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
952 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
953 if (r->req.cmd.buf[0] == MODE_SENSE) {
954 outbuf[3] = 8; /* Block descriptor length */
955 } else { /* MODE_SENSE_10 */
956 outbuf[7] = 8; /* Block descriptor length */
957 }
958 nb_sectors /= (s->qdev.blocksize / 512);
959 if (nb_sectors > 0xffffff) {
960 nb_sectors = 0;
961 }
962 p[0] = 0; /* media density code */
963 p[1] = (nb_sectors >> 16) & 0xff;
964 p[2] = (nb_sectors >> 8) & 0xff;
965 p[3] = nb_sectors & 0xff;
966 p[4] = 0; /* reserved */
967 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
968 p[6] = s->qdev.blocksize >> 8;
969 p[7] = 0;
970 p += 8;
971 }
972
973 if (page_control == 3) {
974 /* Saved Values */
975 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
976 return -1;
977 }
978
979 if (page == 0x3f) {
980 for (page = 0; page <= 0x3e; page++) {
981 mode_sense_page(s, page, &p, page_control);
982 }
983 } else {
984 ret = mode_sense_page(s, page, &p, page_control);
985 if (ret == -1) {
986 return -1;
987 }
988 }
989
990 buflen = p - outbuf;
991 /*
992 * The mode data length field specifies the length in bytes of the
993 * following data that is available to be transferred. The mode data
994 * length does not include itself.
995 */
996 if (r->req.cmd.buf[0] == MODE_SENSE) {
997 outbuf[0] = buflen - 1;
998 } else { /* MODE_SENSE_10 */
999 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1000 outbuf[1] = (buflen - 2) & 0xff;
1001 }
1002 return buflen;
1003 }
1004
1005 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1006 {
1007 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1008 int start_track, format, msf, toclen;
1009 uint64_t nb_sectors;
1010
1011 msf = req->cmd.buf[1] & 2;
1012 format = req->cmd.buf[2] & 0xf;
1013 start_track = req->cmd.buf[6];
1014 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1015 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1016 nb_sectors /= s->qdev.blocksize / 512;
1017 switch (format) {
1018 case 0:
1019 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1020 break;
1021 case 1:
1022 /* multi session : only a single session defined */
1023 toclen = 12;
1024 memset(outbuf, 0, 12);
1025 outbuf[1] = 0x0a;
1026 outbuf[2] = 0x01;
1027 outbuf[3] = 0x01;
1028 break;
1029 case 2:
1030 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1031 break;
1032 default:
1033 return -1;
1034 }
1035 return toclen;
1036 }
1037
1038 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1039 {
1040 SCSIRequest *req = &r->req;
1041 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1042 bool start = req->cmd.buf[4] & 1;
1043 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1044
1045 if (s->qdev.type == TYPE_ROM && loej) {
1046 if (!start && !s->tray_open && s->tray_locked) {
1047 scsi_check_condition(r,
1048 bdrv_is_inserted(s->qdev.conf.bs)
1049 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1050 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1051 return -1;
1052 }
1053 bdrv_eject(s->qdev.conf.bs, !start);
1054 s->tray_open = !start;
1055 }
1056 return 0;
1057 }
1058
1059 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1060 {
1061 SCSIRequest *req = &r->req;
1062 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1063 uint64_t nb_sectors;
1064 uint8_t *outbuf;
1065 int buflen = 0;
1066
1067 if (!r->iov.iov_base) {
1068 /*
1069 * FIXME: we shouldn't return anything bigger than 4k, but the code
1070 * requires the buffer to be as big as req->cmd.xfer in several
1071 * places. So, do not allow CDBs with a very large ALLOCATION
1072 * LENGTH. The real fix would be to modify scsi_read_data and
1073 * dma_buf_read, so that they return data beyond the buflen
1074 * as all zeros.
1075 */
1076 if (req->cmd.xfer > 65536) {
1077 goto illegal_request;
1078 }
1079 r->buflen = MAX(4096, req->cmd.xfer);
1080 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1081 }
1082
1083 outbuf = r->iov.iov_base;
1084 switch (req->cmd.buf[0]) {
1085 case TEST_UNIT_READY:
1086 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1087 goto not_ready;
1088 }
1089 break;
1090 case INQUIRY:
1091 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1092 if (buflen < 0) {
1093 goto illegal_request;
1094 }
1095 break;
1096 case MODE_SENSE:
1097 case MODE_SENSE_10:
1098 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1099 if (buflen < 0) {
1100 goto illegal_request;
1101 }
1102 break;
1103 case READ_TOC:
1104 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1105 if (buflen < 0) {
1106 goto illegal_request;
1107 }
1108 break;
1109 case RESERVE:
1110 if (req->cmd.buf[1] & 1) {
1111 goto illegal_request;
1112 }
1113 break;
1114 case RESERVE_10:
1115 if (req->cmd.buf[1] & 3) {
1116 goto illegal_request;
1117 }
1118 break;
1119 case RELEASE:
1120 if (req->cmd.buf[1] & 1) {
1121 goto illegal_request;
1122 }
1123 break;
1124 case RELEASE_10:
1125 if (req->cmd.buf[1] & 3) {
1126 goto illegal_request;
1127 }
1128 break;
1129 case START_STOP:
1130 if (scsi_disk_emulate_start_stop(r) < 0) {
1131 return -1;
1132 }
1133 break;
1134 case ALLOW_MEDIUM_REMOVAL:
1135 s->tray_locked = req->cmd.buf[4] & 1;
1136 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1137 break;
1138 case READ_CAPACITY_10:
1139 /* The normal LEN field for this command is zero. */
1140 memset(outbuf, 0, 8);
1141 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1142 if (!nb_sectors) {
1143 goto not_ready;
1144 }
1145 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1146 goto illegal_request;
1147 }
1148 nb_sectors /= s->qdev.blocksize / 512;
1149 /* Returned value is the address of the last sector. */
1150 nb_sectors--;
1151 /* Remember the new size for read/write sanity checking. */
1152 s->qdev.max_lba = nb_sectors;
1153 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1154 if (nb_sectors > UINT32_MAX) {
1155 nb_sectors = UINT32_MAX;
1156 }
1157 outbuf[0] = (nb_sectors >> 24) & 0xff;
1158 outbuf[1] = (nb_sectors >> 16) & 0xff;
1159 outbuf[2] = (nb_sectors >> 8) & 0xff;
1160 outbuf[3] = nb_sectors & 0xff;
1161 outbuf[4] = 0;
1162 outbuf[5] = 0;
1163 outbuf[6] = s->qdev.blocksize >> 8;
1164 outbuf[7] = 0;
1165 buflen = 8;
1166 break;
1167 case REQUEST_SENSE:
1168 /* Just return "NO SENSE". */
1169 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1170 (req->cmd.buf[1] & 1) == 0);
1171 break;
1172 case MECHANISM_STATUS:
1173 buflen = scsi_emulate_mechanism_status(s, outbuf);
1174 if (buflen < 0) {
1175 goto illegal_request;
1176 }
1177 break;
1178 case GET_CONFIGURATION:
1179 buflen = scsi_get_configuration(s, outbuf);
1180 if (buflen < 0) {
1181 goto illegal_request;
1182 }
1183 break;
1184 case GET_EVENT_STATUS_NOTIFICATION:
1185 buflen = scsi_get_event_status_notification(s, r, outbuf);
1186 if (buflen < 0) {
1187 goto illegal_request;
1188 }
1189 break;
1190 case READ_DVD_STRUCTURE:
1191 buflen = scsi_read_dvd_structure(s, r, outbuf);
1192 if (buflen < 0) {
1193 goto illegal_request;
1194 }
1195 break;
1196 case SERVICE_ACTION_IN_16:
1197 /* Service Action In subcommands. */
1198 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1199 DPRINTF("SAI READ CAPACITY(16)\n");
1200 memset(outbuf, 0, req->cmd.xfer);
1201 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1202 if (!nb_sectors) {
1203 goto not_ready;
1204 }
1205 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1206 goto illegal_request;
1207 }
1208 nb_sectors /= s->qdev.blocksize / 512;
1209 /* Returned value is the address of the last sector. */
1210 nb_sectors--;
1211 /* Remember the new size for read/write sanity checking. */
1212 s->qdev.max_lba = nb_sectors;
1213 outbuf[0] = (nb_sectors >> 56) & 0xff;
1214 outbuf[1] = (nb_sectors >> 48) & 0xff;
1215 outbuf[2] = (nb_sectors >> 40) & 0xff;
1216 outbuf[3] = (nb_sectors >> 32) & 0xff;
1217 outbuf[4] = (nb_sectors >> 24) & 0xff;
1218 outbuf[5] = (nb_sectors >> 16) & 0xff;
1219 outbuf[6] = (nb_sectors >> 8) & 0xff;
1220 outbuf[7] = nb_sectors & 0xff;
1221 outbuf[8] = 0;
1222 outbuf[9] = 0;
1223 outbuf[10] = s->qdev.blocksize >> 8;
1224 outbuf[11] = 0;
1225 outbuf[12] = 0;
1226 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1227
1228 /* set TPE bit if the format supports discard */
1229 if (s->qdev.conf.discard_granularity) {
1230 outbuf[14] = 0x80;
1231 }
1232
1233 /* Protection, exponent and lowest lba field left blank. */
1234 buflen = req->cmd.xfer;
1235 break;
1236 }
1237 DPRINTF("Unsupported Service Action In\n");
1238 goto illegal_request;
1239 case VERIFY_10:
1240 break;
1241 default:
1242 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1243 return -1;
1244 }
1245 buflen = MIN(buflen, req->cmd.xfer);
1246 return buflen;
1247
1248 not_ready:
1249 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1250 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1251 } else {
1252 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1253 }
1254 return -1;
1255
1256 illegal_request:
1257 if (r->req.status == -1) {
1258 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1259 }
1260 return -1;
1261 }
1262
1263 /* Execute a scsi command. Returns the length of the data expected by the
1264 command. This will be Positive for data transfers from the device
1265 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1266 and zero if the command does not transfer any data. */
1267
1268 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1269 {
1270 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1271 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1272 int32_t len;
1273 uint8_t command;
1274 int rc;
1275
1276 command = buf[0];
1277 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1278
1279 #ifdef DEBUG_SCSI
1280 {
1281 int i;
1282 for (i = 1; i < r->req.cmd.len; i++) {
1283 printf(" 0x%02x", buf[i]);
1284 }
1285 printf("\n");
1286 }
1287 #endif
1288
1289 switch (command) {
1290 case TEST_UNIT_READY:
1291 case INQUIRY:
1292 case MODE_SENSE:
1293 case MODE_SENSE_10:
1294 case RESERVE:
1295 case RESERVE_10:
1296 case RELEASE:
1297 case RELEASE_10:
1298 case START_STOP:
1299 case ALLOW_MEDIUM_REMOVAL:
1300 case READ_CAPACITY_10:
1301 case READ_TOC:
1302 case READ_DVD_STRUCTURE:
1303 case GET_CONFIGURATION:
1304 case GET_EVENT_STATUS_NOTIFICATION:
1305 case MECHANISM_STATUS:
1306 case SERVICE_ACTION_IN_16:
1307 case REQUEST_SENSE:
1308 case VERIFY_10:
1309 rc = scsi_disk_emulate_command(r);
1310 if (rc < 0) {
1311 return 0;
1312 }
1313
1314 r->iov.iov_len = rc;
1315 break;
1316 case SYNCHRONIZE_CACHE:
1317 /* The request is used as the AIO opaque value, so add a ref. */
1318 scsi_req_ref(&r->req);
1319 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1320 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1321 return 0;
1322 case READ_6:
1323 case READ_10:
1324 case READ_12:
1325 case READ_16:
1326 len = r->req.cmd.xfer / s->qdev.blocksize;
1327 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1328 if (r->req.cmd.lba > s->qdev.max_lba) {
1329 goto illegal_lba;
1330 }
1331 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1332 r->sector_count = len * (s->qdev.blocksize / 512);
1333 break;
1334 case WRITE_6:
1335 case WRITE_10:
1336 case WRITE_12:
1337 case WRITE_16:
1338 case WRITE_VERIFY_10:
1339 case WRITE_VERIFY_12:
1340 case WRITE_VERIFY_16:
1341 len = r->req.cmd.xfer / s->qdev.blocksize;
1342 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1343 (command & 0xe) == 0xe ? "And Verify " : "",
1344 r->req.cmd.lba, len);
1345 if (r->req.cmd.lba > s->qdev.max_lba) {
1346 goto illegal_lba;
1347 }
1348 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1349 r->sector_count = len * (s->qdev.blocksize / 512);
1350 break;
1351 case MODE_SELECT:
1352 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1353 /* We don't support mode parameter changes.
1354 Allow the mode parameter header + block descriptors only. */
1355 if (r->req.cmd.xfer > 12) {
1356 goto fail;
1357 }
1358 break;
1359 case MODE_SELECT_10:
1360 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1361 /* We don't support mode parameter changes.
1362 Allow the mode parameter header + block descriptors only. */
1363 if (r->req.cmd.xfer > 16) {
1364 goto fail;
1365 }
1366 break;
1367 case SEEK_10:
1368 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1369 if (r->req.cmd.lba > s->qdev.max_lba) {
1370 goto illegal_lba;
1371 }
1372 break;
1373 case WRITE_SAME_16:
1374 len = r->req.cmd.xfer / s->qdev.blocksize;
1375
1376 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1377 r->req.cmd.lba, len);
1378
1379 if (r->req.cmd.lba > s->qdev.max_lba) {
1380 goto illegal_lba;
1381 }
1382
1383 /*
1384 * We only support WRITE SAME with the unmap bit set for now.
1385 */
1386 if (!(buf[1] & 0x8)) {
1387 goto fail;
1388 }
1389
1390 rc = bdrv_discard(s->qdev.conf.bs,
1391 r->req.cmd.lba * (s->qdev.blocksize / 512),
1392 len * (s->qdev.blocksize / 512));
1393 if (rc < 0) {
1394 /* XXX: better error code ?*/
1395 goto fail;
1396 }
1397
1398 break;
1399 default:
1400 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1401 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1402 return 0;
1403 fail:
1404 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1405 return 0;
1406 illegal_lba:
1407 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1408 return 0;
1409 }
1410 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1411 scsi_req_complete(&r->req, GOOD);
1412 }
1413 len = r->sector_count * 512 + r->iov.iov_len;
1414 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1415 return -len;
1416 } else {
1417 if (!r->sector_count) {
1418 r->sector_count = -1;
1419 }
1420 return len;
1421 }
1422 }
1423
1424 static void scsi_disk_reset(DeviceState *dev)
1425 {
1426 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1427 uint64_t nb_sectors;
1428
1429 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1430
1431 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1432 nb_sectors /= s->qdev.blocksize / 512;
1433 if (nb_sectors) {
1434 nb_sectors--;
1435 }
1436 s->qdev.max_lba = nb_sectors;
1437 }
1438
1439 static void scsi_destroy(SCSIDevice *dev)
1440 {
1441 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1442
1443 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1444 blockdev_mark_auto_del(s->qdev.conf.bs);
1445 }
1446
1447 static void scsi_cd_change_media_cb(void *opaque, bool load)
1448 {
1449 SCSIDiskState *s = opaque;
1450
1451 /*
1452 * When a CD gets changed, we have to report an ejected state and
1453 * then a loaded state to guests so that they detect tray
1454 * open/close and media change events. Guests that do not use
1455 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1456 * states rely on this behavior.
1457 *
1458 * media_changed governs the state machine used for unit attention
1459 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1460 */
1461 s->media_changed = load;
1462 s->tray_open = !load;
1463 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1464 s->media_event = true;
1465 s->eject_request = false;
1466 }
1467
1468 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1469 {
1470 SCSIDiskState *s = opaque;
1471
1472 s->eject_request = true;
1473 if (force) {
1474 s->tray_locked = false;
1475 }
1476 }
1477
1478 static bool scsi_cd_is_tray_open(void *opaque)
1479 {
1480 return ((SCSIDiskState *)opaque)->tray_open;
1481 }
1482
1483 static bool scsi_cd_is_medium_locked(void *opaque)
1484 {
1485 return ((SCSIDiskState *)opaque)->tray_locked;
1486 }
1487
1488 static const BlockDevOps scsi_cd_block_ops = {
1489 .change_media_cb = scsi_cd_change_media_cb,
1490 .eject_request_cb = scsi_cd_eject_request_cb,
1491 .is_tray_open = scsi_cd_is_tray_open,
1492 .is_medium_locked = scsi_cd_is_medium_locked,
1493 };
1494
1495 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1496 {
1497 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1498 if (s->media_changed) {
1499 s->media_changed = false;
1500 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1501 }
1502 }
1503
1504 static int scsi_initfn(SCSIDevice *dev)
1505 {
1506 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1507 DriveInfo *dinfo;
1508
1509 if (!s->qdev.conf.bs) {
1510 error_report("drive property not set");
1511 return -1;
1512 }
1513
1514 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1515 error_report("Device needs media, but drive is empty");
1516 return -1;
1517 }
1518
1519 if (!s->serial) {
1520 /* try to fall back to value set with legacy -drive serial=... */
1521 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1522 if (*dinfo->serial) {
1523 s->serial = g_strdup(dinfo->serial);
1524 }
1525 }
1526
1527 if (!s->version) {
1528 s->version = g_strdup(QEMU_VERSION);
1529 }
1530
1531 if (bdrv_is_sg(s->qdev.conf.bs)) {
1532 error_report("unwanted /dev/sg*");
1533 return -1;
1534 }
1535
1536 if (s->removable) {
1537 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1538 }
1539 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1540
1541 bdrv_iostatus_enable(s->qdev.conf.bs);
1542 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1543 return 0;
1544 }
1545
1546 static int scsi_hd_initfn(SCSIDevice *dev)
1547 {
1548 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1549 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1550 s->qdev.type = TYPE_DISK;
1551 return scsi_initfn(&s->qdev);
1552 }
1553
1554 static int scsi_cd_initfn(SCSIDevice *dev)
1555 {
1556 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1557 s->qdev.blocksize = 2048;
1558 s->qdev.type = TYPE_ROM;
1559 s->removable = true;
1560 return scsi_initfn(&s->qdev);
1561 }
1562
1563 static int scsi_disk_initfn(SCSIDevice *dev)
1564 {
1565 DriveInfo *dinfo;
1566
1567 if (!dev->conf.bs) {
1568 return scsi_initfn(dev); /* ... and die there */
1569 }
1570
1571 dinfo = drive_get_by_blockdev(dev->conf.bs);
1572 if (dinfo->media_cd) {
1573 return scsi_cd_initfn(dev);
1574 } else {
1575 return scsi_hd_initfn(dev);
1576 }
1577 }
1578
1579 static const SCSIReqOps scsi_disk_reqops = {
1580 .size = sizeof(SCSIDiskReq),
1581 .free_req = scsi_free_request,
1582 .send_command = scsi_send_command,
1583 .read_data = scsi_read_data,
1584 .write_data = scsi_write_data,
1585 .cancel_io = scsi_cancel_io,
1586 .get_buf = scsi_get_buf,
1587 };
1588
1589 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1590 uint8_t *buf, void *hba_private)
1591 {
1592 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1593 SCSIRequest *req;
1594
1595 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1596 return req;
1597 }
1598
1599 #ifdef __linux__
1600 static int get_device_type(SCSIDiskState *s)
1601 {
1602 BlockDriverState *bdrv = s->qdev.conf.bs;
1603 uint8_t cmd[16];
1604 uint8_t buf[36];
1605 uint8_t sensebuf[8];
1606 sg_io_hdr_t io_header;
1607 int ret;
1608
1609 memset(cmd, 0, sizeof(cmd));
1610 memset(buf, 0, sizeof(buf));
1611 cmd[0] = INQUIRY;
1612 cmd[4] = sizeof(buf);
1613
1614 memset(&io_header, 0, sizeof(io_header));
1615 io_header.interface_id = 'S';
1616 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1617 io_header.dxfer_len = sizeof(buf);
1618 io_header.dxferp = buf;
1619 io_header.cmdp = cmd;
1620 io_header.cmd_len = sizeof(cmd);
1621 io_header.mx_sb_len = sizeof(sensebuf);
1622 io_header.sbp = sensebuf;
1623 io_header.timeout = 6000; /* XXX */
1624
1625 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1626 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1627 return -1;
1628 }
1629 s->qdev.type = buf[0];
1630 s->removable = (buf[1] & 0x80) != 0;
1631 return 0;
1632 }
1633
1634 static int scsi_block_initfn(SCSIDevice *dev)
1635 {
1636 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1637 int sg_version;
1638 int rc;
1639
1640 if (!s->qdev.conf.bs) {
1641 error_report("scsi-block: drive property not set");
1642 return -1;
1643 }
1644
1645 /* check we are using a driver managing SG_IO (version 3 and after) */
1646 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1647 sg_version < 30000) {
1648 error_report("scsi-block: scsi generic interface too old");
1649 return -1;
1650 }
1651
1652 /* get device type from INQUIRY data */
1653 rc = get_device_type(s);
1654 if (rc < 0) {
1655 error_report("scsi-block: INQUIRY failed");
1656 return -1;
1657 }
1658
1659 /* Make a guess for the block size, we'll fix it when the guest sends.
1660 * READ CAPACITY. If they don't, they likely would assume these sizes
1661 * anyway. (TODO: check in /sys).
1662 */
1663 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1664 s->qdev.blocksize = 2048;
1665 } else {
1666 s->qdev.blocksize = 512;
1667 }
1668 return scsi_initfn(&s->qdev);
1669 }
1670
1671 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1672 uint32_t lun, uint8_t *buf,
1673 void *hba_private)
1674 {
1675 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1676
1677 switch (buf[0]) {
1678 case READ_6:
1679 case READ_10:
1680 case READ_12:
1681 case READ_16:
1682 case WRITE_6:
1683 case WRITE_10:
1684 case WRITE_12:
1685 case WRITE_16:
1686 case WRITE_VERIFY_10:
1687 case WRITE_VERIFY_12:
1688 case WRITE_VERIFY_16:
1689 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1690 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1691 * And once you do these writes, reading from the block device is
1692 * unreliable, too. It is even possible that reads deliver random data
1693 * from the host page cache (this is probably a Linux bug).
1694 *
1695 * We might use scsi_disk_reqops as long as no writing commands are
1696 * seen, but performance usually isn't paramount on optical media. So,
1697 * just make scsi-block operate the same as scsi-generic for them.
1698 */
1699 if (s->qdev.type != TYPE_ROM) {
1700 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1701 hba_private);
1702 }
1703 }
1704
1705 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1706 hba_private);
1707 }
1708 #endif
1709
1710 #define DEFINE_SCSI_DISK_PROPERTIES() \
1711 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1712 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1713 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1714
1715 static Property scsi_hd_properties[] = {
1716 DEFINE_SCSI_DISK_PROPERTIES(),
1717 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1718 DEFINE_PROP_END_OF_LIST(),
1719 };
1720
1721 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1722 {
1723 DeviceClass *dc = DEVICE_CLASS(klass);
1724 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1725
1726 sc->init = scsi_hd_initfn;
1727 sc->destroy = scsi_destroy;
1728 sc->alloc_req = scsi_new_request;
1729 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1730 dc->fw_name = "disk";
1731 dc->desc = "virtual SCSI disk";
1732 dc->reset = scsi_disk_reset;
1733 dc->props = scsi_hd_properties;
1734 }
1735
1736 static TypeInfo scsi_hd_info = {
1737 .name = "scsi-hd",
1738 .parent = TYPE_SCSI_DEVICE,
1739 .instance_size = sizeof(SCSIDiskState),
1740 .class_init = scsi_hd_class_initfn,
1741 };
1742
1743 static Property scsi_cd_properties[] = {
1744 DEFINE_SCSI_DISK_PROPERTIES(),
1745 DEFINE_PROP_END_OF_LIST(),
1746 };
1747
1748 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1749 {
1750 DeviceClass *dc = DEVICE_CLASS(klass);
1751 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1752
1753 sc->init = scsi_cd_initfn;
1754 sc->destroy = scsi_destroy;
1755 sc->alloc_req = scsi_new_request;
1756 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1757 dc->fw_name = "disk";
1758 dc->desc = "virtual SCSI CD-ROM";
1759 dc->reset = scsi_disk_reset;
1760 dc->props = scsi_cd_properties;
1761 }
1762
1763 static TypeInfo scsi_cd_info = {
1764 .name = "scsi-cd",
1765 .parent = TYPE_SCSI_DEVICE,
1766 .instance_size = sizeof(SCSIDiskState),
1767 .class_init = scsi_cd_class_initfn,
1768 };
1769
1770 #ifdef __linux__
1771 static Property scsi_block_properties[] = {
1772 DEFINE_SCSI_DISK_PROPERTIES(),
1773 DEFINE_PROP_END_OF_LIST(),
1774 };
1775
1776 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1777 {
1778 DeviceClass *dc = DEVICE_CLASS(klass);
1779 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1780
1781 sc->init = scsi_block_initfn;
1782 sc->destroy = scsi_destroy;
1783 sc->alloc_req = scsi_block_new_request;
1784 dc->fw_name = "disk";
1785 dc->desc = "SCSI block device passthrough";
1786 dc->reset = scsi_disk_reset;
1787 dc->props = scsi_block_properties;
1788 }
1789
1790 static TypeInfo scsi_block_info = {
1791 .name = "scsi-block",
1792 .parent = TYPE_SCSI_DEVICE,
1793 .instance_size = sizeof(SCSIDiskState),
1794 .class_init = scsi_block_class_initfn,
1795 };
1796 #endif
1797
1798 static Property scsi_disk_properties[] = {
1799 DEFINE_SCSI_DISK_PROPERTIES(),
1800 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1801 DEFINE_PROP_END_OF_LIST(),
1802 };
1803
1804 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1805 {
1806 DeviceClass *dc = DEVICE_CLASS(klass);
1807 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1808
1809 sc->init = scsi_disk_initfn;
1810 sc->destroy = scsi_destroy;
1811 sc->alloc_req = scsi_new_request;
1812 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1813 dc->fw_name = "disk";
1814 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1815 dc->reset = scsi_disk_reset;
1816 dc->props = scsi_disk_properties;
1817 }
1818
1819 static TypeInfo scsi_disk_info = {
1820 .name = "scsi-disk",
1821 .parent = TYPE_SCSI_DEVICE,
1822 .instance_size = sizeof(SCSIDiskState),
1823 .class_init = scsi_disk_class_initfn,
1824 };
1825
1826 static void scsi_disk_register_types(void)
1827 {
1828 type_register_static(&scsi_hd_info);
1829 type_register_static(&scsi_cd_info);
1830 #ifdef __linux__
1831 type_register_static(&scsi_block_info);
1832 #endif
1833 type_register_static(&scsi_disk_info);
1834 }
1835
1836 type_init(scsi_disk_register_types)
Qemu copy for testing