]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:


ea0b05e48a7610c37121824d5f8242df6ec23feb
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "hw/block-common.h"
38 #include "dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIDiskReq {
50 SCSIRequest req;
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 uint32_t buflen;
55 bool started;
56 struct iovec iov;
57 QEMUIOVector qiov;
58 BlockAcctCookie acct;
59 } SCSIDiskReq;
60
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t features;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 uint64_t wwn;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 char *vendor;
76 char *product;
77 bool tray_open;
78 bool tray_locked;
79 };
80
81 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
82
83 static void scsi_free_request(SCSIRequest *req)
84 {
85 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
86
87 if (r->iov.iov_base) {
88 qemu_vfree(r->iov.iov_base);
89 }
90 }
91
92 /* Helper function for command completion with sense. */
93 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
94 {
95 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
96 r->req.tag, sense.key, sense.asc, sense.ascq);
97 scsi_req_build_sense(&r->req, sense);
98 scsi_req_complete(&r->req, CHECK_CONDITION);
99 }
100
101 /* Cancel a pending data transfer. */
102 static void scsi_cancel_io(SCSIRequest *req)
103 {
104 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
105
106 DPRINTF("Cancel tag=0x%x\n", req->tag);
107 if (r->req.aiocb) {
108 bdrv_aio_cancel(r->req.aiocb);
109
110 /* This reference was left in by scsi_*_data. We take ownership of
111 * it the moment scsi_req_cancel is called, independent of whether
112 * bdrv_aio_cancel completes the request or not. */
113 scsi_req_unref(&r->req);
114 }
115 r->req.aiocb = NULL;
116 }
117
118 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
119 {
120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
121
122 if (!r->iov.iov_base) {
123 r->buflen = size;
124 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
125 }
126 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
127 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
128 return r->qiov.size / 512;
129 }
130
131 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
132 {
133 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
134
135 qemu_put_be64s(f, &r->sector);
136 qemu_put_be32s(f, &r->sector_count);
137 qemu_put_be32s(f, &r->buflen);
138 if (r->buflen) {
139 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
140 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
141 } else if (!req->retry) {
142 uint32_t len = r->iov.iov_len;
143 qemu_put_be32s(f, &len);
144 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
145 }
146 }
147 }
148
149 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
150 {
151 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
152
153 qemu_get_be64s(f, &r->sector);
154 qemu_get_be32s(f, &r->sector_count);
155 qemu_get_be32s(f, &r->buflen);
156 if (r->buflen) {
157 scsi_init_iovec(r, r->buflen);
158 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
159 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
160 } else if (!r->req.retry) {
161 uint32_t len;
162 qemu_get_be32s(f, &len);
163 r->iov.iov_len = len;
164 assert(r->iov.iov_len <= r->buflen);
165 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
166 }
167 }
168
169 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
170 }
171
172 static void scsi_aio_complete(void *opaque, int ret)
173 {
174 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
176
177 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
178
179 if (ret < 0) {
180 if (scsi_handle_rw_error(r, -ret)) {
181 goto done;
182 }
183 }
184
185 scsi_req_complete(&r->req, GOOD);
186
187 done:
188 if (!r->req.io_canceled) {
189 scsi_req_unref(&r->req);
190 }
191 }
192
193 static bool scsi_is_cmd_fua(SCSICommand *cmd)
194 {
195 switch (cmd->buf[0]) {
196 case READ_10:
197 case READ_12:
198 case READ_16:
199 case WRITE_10:
200 case WRITE_12:
201 case WRITE_16:
202 return (cmd->buf[1] & 8) != 0;
203
204 case VERIFY_10:
205 case VERIFY_12:
206 case VERIFY_16:
207 case WRITE_VERIFY_10:
208 case WRITE_VERIFY_12:
209 case WRITE_VERIFY_16:
210 return true;
211
212 case READ_6:
213 case WRITE_6:
214 default:
215 return false;
216 }
217 }
218
219 static void scsi_write_do_fua(SCSIDiskReq *r)
220 {
221 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
222
223 if (scsi_is_cmd_fua(&r->req.cmd)) {
224 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
225 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
226 return;
227 }
228
229 scsi_req_complete(&r->req, GOOD);
230 if (!r->req.io_canceled) {
231 scsi_req_unref(&r->req);
232 }
233 }
234
235 static void scsi_dma_complete(void *opaque, int ret)
236 {
237 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
239
240 if (r->req.aiocb != NULL) {
241 r->req.aiocb = NULL;
242 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
243 }
244
245 if (ret < 0) {
246 if (scsi_handle_rw_error(r, -ret)) {
247 goto done;
248 }
249 }
250
251 r->sector += r->sector_count;
252 r->sector_count = 0;
253 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
254 scsi_write_do_fua(r);
255 return;
256 } else {
257 scsi_req_complete(&r->req, GOOD);
258 }
259
260 done:
261 if (!r->req.io_canceled) {
262 scsi_req_unref(&r->req);
263 }
264 }
265
266 static void scsi_read_complete(void * opaque, int ret)
267 {
268 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270 int n;
271
272 if (r->req.aiocb != NULL) {
273 r->req.aiocb = NULL;
274 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
275 }
276
277 if (ret < 0) {
278 if (scsi_handle_rw_error(r, -ret)) {
279 goto done;
280 }
281 }
282
283 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
284
285 n = r->qiov.size / 512;
286 r->sector += n;
287 r->sector_count -= n;
288 scsi_req_data(&r->req, r->qiov.size);
289
290 done:
291 if (!r->req.io_canceled) {
292 scsi_req_unref(&r->req);
293 }
294 }
295
296 /* Actually issue a read to the block device. */
297 static void scsi_do_read(void *opaque, int ret)
298 {
299 SCSIDiskReq *r = opaque;
300 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
301 uint32_t n;
302
303 if (r->req.aiocb != NULL) {
304 r->req.aiocb = NULL;
305 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
306 }
307
308 if (ret < 0) {
309 if (scsi_handle_rw_error(r, -ret)) {
310 goto done;
311 }
312 }
313
314 if (r->req.io_canceled) {
315 return;
316 }
317
318 /* The request is used as the AIO opaque value, so add a ref. */
319 scsi_req_ref(&r->req);
320
321 if (r->req.sg) {
322 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
323 r->req.resid -= r->req.sg->size;
324 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
325 scsi_dma_complete, r);
326 } else {
327 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
328 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
329 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
330 scsi_read_complete, r);
331 }
332
333 done:
334 if (!r->req.io_canceled) {
335 scsi_req_unref(&r->req);
336 }
337 }
338
339 /* Read more data from scsi device into buffer. */
340 static void scsi_read_data(SCSIRequest *req)
341 {
342 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
344 bool first;
345
346 if (r->sector_count == (uint32_t)-1) {
347 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
348 r->sector_count = 0;
349 r->started = true;
350 scsi_req_data(&r->req, r->iov.iov_len);
351 return;
352 }
353 DPRINTF("Read sector_count=%d\n", r->sector_count);
354 if (r->sector_count == 0) {
355 /* This also clears the sense buffer for REQUEST SENSE. */
356 scsi_req_complete(&r->req, GOOD);
357 return;
358 }
359
360 /* No data transfer may already be in progress */
361 assert(r->req.aiocb == NULL);
362
363 /* The request is used as the AIO opaque value, so add a ref. */
364 scsi_req_ref(&r->req);
365 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
366 DPRINTF("Data transfer direction invalid\n");
367 scsi_read_complete(r, -EINVAL);
368 return;
369 }
370
371 if (s->tray_open) {
372 scsi_read_complete(r, -ENOMEDIUM);
373 return;
374 }
375
376 first = !r->started;
377 r->started = true;
378 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
379 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
380 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
381 } else {
382 scsi_do_read(r, 0);
383 }
384 }
385
386 /*
387 * scsi_handle_rw_error has two return values. 0 means that the error
388 * must be ignored, 1 means that the error has been processed and the
389 * caller should not do anything else for this request. Note that
390 * scsi_handle_rw_error always manages its reference counts, independent
391 * of the return value.
392 */
393 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
394 {
395 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
396 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
397 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
398
399 if (action == BLOCK_ERR_IGNORE) {
400 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
401 return 0;
402 }
403
404 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
405 || action == BLOCK_ERR_STOP_ANY) {
406
407 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
408 vm_stop(RUN_STATE_IO_ERROR);
409 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
410 scsi_req_retry(&r->req);
411 } else {
412 switch (error) {
413 case ENOMEDIUM:
414 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
415 break;
416 case ENOMEM:
417 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
418 break;
419 case EINVAL:
420 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
421 break;
422 default:
423 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
424 break;
425 }
426 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
427 }
428 return 1;
429 }
430
431 static void scsi_write_complete(void * opaque, int ret)
432 {
433 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
435 uint32_t n;
436
437 if (r->req.aiocb != NULL) {
438 r->req.aiocb = NULL;
439 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
440 }
441
442 if (ret < 0) {
443 if (scsi_handle_rw_error(r, -ret)) {
444 goto done;
445 }
446 }
447
448 n = r->qiov.size / 512;
449 r->sector += n;
450 r->sector_count -= n;
451 if (r->sector_count == 0) {
452 scsi_write_do_fua(r);
453 return;
454 } else {
455 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
456 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
457 scsi_req_data(&r->req, r->qiov.size);
458 }
459
460 done:
461 if (!r->req.io_canceled) {
462 scsi_req_unref(&r->req);
463 }
464 }
465
466 static void scsi_write_data(SCSIRequest *req)
467 {
468 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
470 uint32_t n;
471
472 /* No data transfer may already be in progress */
473 assert(r->req.aiocb == NULL);
474
475 /* The request is used as the AIO opaque value, so add a ref. */
476 scsi_req_ref(&r->req);
477 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
478 DPRINTF("Data transfer direction invalid\n");
479 scsi_write_complete(r, -EINVAL);
480 return;
481 }
482
483 if (!r->req.sg && !r->qiov.size) {
484 /* Called for the first time. Ask the driver to send us more data. */
485 r->started = true;
486 scsi_write_complete(r, 0);
487 return;
488 }
489 if (s->tray_open) {
490 scsi_write_complete(r, -ENOMEDIUM);
491 return;
492 }
493
494 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
495 r->req.cmd.buf[0] == VERIFY_16) {
496 if (r->req.sg) {
497 scsi_dma_complete(r, 0);
498 } else {
499 scsi_write_complete(r, 0);
500 }
501 return;
502 }
503
504 if (r->req.sg) {
505 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
506 r->req.resid -= r->req.sg->size;
507 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
508 scsi_dma_complete, r);
509 } else {
510 n = r->qiov.size / 512;
511 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
512 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
513 scsi_write_complete, r);
514 }
515 }
516
517 /* Return a pointer to the data buffer. */
518 static uint8_t *scsi_get_buf(SCSIRequest *req)
519 {
520 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
521
522 return (uint8_t *)r->iov.iov_base;
523 }
524
525 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
526 {
527 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
528 int buflen = 0;
529 int start;
530
531 if (req->cmd.buf[1] & 0x1) {
532 /* Vital product data */
533 uint8_t page_code = req->cmd.buf[2];
534
535 outbuf[buflen++] = s->qdev.type & 0x1f;
536 outbuf[buflen++] = page_code ; // this page
537 outbuf[buflen++] = 0x00;
538 outbuf[buflen++] = 0x00;
539 start = buflen;
540
541 switch (page_code) {
542 case 0x00: /* Supported page codes, mandatory */
543 {
544 DPRINTF("Inquiry EVPD[Supported pages] "
545 "buffer size %zd\n", req->cmd.xfer);
546 outbuf[buflen++] = 0x00; // list of supported pages (this page)
547 if (s->serial) {
548 outbuf[buflen++] = 0x80; // unit serial number
549 }
550 outbuf[buflen++] = 0x83; // device identification
551 if (s->qdev.type == TYPE_DISK) {
552 outbuf[buflen++] = 0xb0; // block limits
553 outbuf[buflen++] = 0xb2; // thin provisioning
554 }
555 break;
556 }
557 case 0x80: /* Device serial number, optional */
558 {
559 int l;
560
561 if (!s->serial) {
562 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
563 return -1;
564 }
565
566 l = strlen(s->serial);
567 if (l > 20) {
568 l = 20;
569 }
570
571 DPRINTF("Inquiry EVPD[Serial number] "
572 "buffer size %zd\n", req->cmd.xfer);
573 memcpy(outbuf+buflen, s->serial, l);
574 buflen += l;
575 break;
576 }
577
578 case 0x83: /* Device identification page, mandatory */
579 {
580 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
581 int max_len = s->serial ? 20 : 255 - 8;
582 int id_len = strlen(str);
583
584 if (id_len > max_len) {
585 id_len = max_len;
586 }
587 DPRINTF("Inquiry EVPD[Device identification] "
588 "buffer size %zd\n", req->cmd.xfer);
589
590 outbuf[buflen++] = 0x2; // ASCII
591 outbuf[buflen++] = 0; // not officially assigned
592 outbuf[buflen++] = 0; // reserved
593 outbuf[buflen++] = id_len; // length of data following
594 memcpy(outbuf+buflen, str, id_len);
595 buflen += id_len;
596
597 if (s->wwn) {
598 outbuf[buflen++] = 0x1; // Binary
599 outbuf[buflen++] = 0x3; // NAA
600 outbuf[buflen++] = 0; // reserved
601 outbuf[buflen++] = 8;
602 stq_be_p(&outbuf[buflen], s->wwn);
603 buflen += 8;
604 }
605 break;
606 }
607 case 0xb0: /* block limits */
608 {
609 unsigned int unmap_sectors =
610 s->qdev.conf.discard_granularity / s->qdev.blocksize;
611 unsigned int min_io_size =
612 s->qdev.conf.min_io_size / s->qdev.blocksize;
613 unsigned int opt_io_size =
614 s->qdev.conf.opt_io_size / s->qdev.blocksize;
615
616 if (s->qdev.type == TYPE_ROM) {
617 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
618 page_code);
619 return -1;
620 }
621 /* required VPD size with unmap support */
622 buflen = 0x40;
623 memset(outbuf + 4, 0, buflen - 4);
624
625 /* optimal transfer length granularity */
626 outbuf[6] = (min_io_size >> 8) & 0xff;
627 outbuf[7] = min_io_size & 0xff;
628
629 /* optimal transfer length */
630 outbuf[12] = (opt_io_size >> 24) & 0xff;
631 outbuf[13] = (opt_io_size >> 16) & 0xff;
632 outbuf[14] = (opt_io_size >> 8) & 0xff;
633 outbuf[15] = opt_io_size & 0xff;
634
635 /* optimal unmap granularity */
636 outbuf[28] = (unmap_sectors >> 24) & 0xff;
637 outbuf[29] = (unmap_sectors >> 16) & 0xff;
638 outbuf[30] = (unmap_sectors >> 8) & 0xff;
639 outbuf[31] = unmap_sectors & 0xff;
640 break;
641 }
642 case 0xb2: /* thin provisioning */
643 {
644 buflen = 8;
645 outbuf[4] = 0;
646 outbuf[5] = 0x60; /* write_same 10/16 supported */
647 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
648 outbuf[7] = 0;
649 break;
650 }
651 default:
652 return -1;
653 }
654 /* done with EVPD */
655 assert(buflen - start <= 255);
656 outbuf[start - 1] = buflen - start;
657 return buflen;
658 }
659
660 /* Standard INQUIRY data */
661 if (req->cmd.buf[2] != 0) {
662 return -1;
663 }
664
665 /* PAGE CODE == 0 */
666 buflen = req->cmd.xfer;
667 if (buflen > SCSI_MAX_INQUIRY_LEN) {
668 buflen = SCSI_MAX_INQUIRY_LEN;
669 }
670 memset(outbuf, 0, buflen);
671
672 outbuf[0] = s->qdev.type & 0x1f;
673 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
674
675 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
676 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
677
678 memset(&outbuf[32], 0, 4);
679 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
680 /*
681 * We claim conformance to SPC-3, which is required for guests
682 * to ask for modern features like READ CAPACITY(16) or the
683 * block characteristics VPD page by default. Not all of SPC-3
684 * is actually implemented, but we're good enough.
685 */
686 outbuf[2] = 5;
687 outbuf[3] = 2; /* Format 2 */
688
689 if (buflen > 36) {
690 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
691 } else {
692 /* If the allocation length of CDB is too small,
693 the additional length is not adjusted */
694 outbuf[4] = 36 - 5;
695 }
696
697 /* Sync data transfer and TCQ. */
698 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
699 return buflen;
700 }
701
702 static inline bool media_is_dvd(SCSIDiskState *s)
703 {
704 uint64_t nb_sectors;
705 if (s->qdev.type != TYPE_ROM) {
706 return false;
707 }
708 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
709 return false;
710 }
711 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
712 return nb_sectors > CD_MAX_SECTORS;
713 }
714
715 static inline bool media_is_cd(SCSIDiskState *s)
716 {
717 uint64_t nb_sectors;
718 if (s->qdev.type != TYPE_ROM) {
719 return false;
720 }
721 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
722 return false;
723 }
724 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
725 return nb_sectors <= CD_MAX_SECTORS;
726 }
727
728 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
729 uint8_t *outbuf)
730 {
731 uint8_t type = r->req.cmd.buf[1] & 7;
732
733 if (s->qdev.type != TYPE_ROM) {
734 return -1;
735 }
736
737 /* Types 1/2 are only defined for Blu-Ray. */
738 if (type != 0) {
739 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
740 return -1;
741 }
742
743 memset(outbuf, 0, 34);
744 outbuf[1] = 32;
745 outbuf[2] = 0xe; /* last session complete, disc finalized */
746 outbuf[3] = 1; /* first track on disc */
747 outbuf[4] = 1; /* # of sessions */
748 outbuf[5] = 1; /* first track of last session */
749 outbuf[6] = 1; /* last track of last session */
750 outbuf[7] = 0x20; /* unrestricted use */
751 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
752 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
753 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
754 /* 24-31: disc bar code */
755 /* 32: disc application code */
756 /* 33: number of OPC tables */
757
758 return 34;
759 }
760
761 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
762 uint8_t *outbuf)
763 {
764 static const int rds_caps_size[5] = {
765 [0] = 2048 + 4,
766 [1] = 4 + 4,
767 [3] = 188 + 4,
768 [4] = 2048 + 4,
769 };
770
771 uint8_t media = r->req.cmd.buf[1];
772 uint8_t layer = r->req.cmd.buf[6];
773 uint8_t format = r->req.cmd.buf[7];
774 int size = -1;
775
776 if (s->qdev.type != TYPE_ROM) {
777 return -1;
778 }
779 if (media != 0) {
780 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
781 return -1;
782 }
783
784 if (format != 0xff) {
785 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
786 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
787 return -1;
788 }
789 if (media_is_cd(s)) {
790 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
791 return -1;
792 }
793 if (format >= ARRAY_SIZE(rds_caps_size)) {
794 return -1;
795 }
796 size = rds_caps_size[format];
797 memset(outbuf, 0, size);
798 }
799
800 switch (format) {
801 case 0x00: {
802 /* Physical format information */
803 uint64_t nb_sectors;
804 if (layer != 0) {
805 goto fail;
806 }
807 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
808
809 outbuf[4] = 1; /* DVD-ROM, part version 1 */
810 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
811 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
812 outbuf[7] = 0; /* default densities */
813
814 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
815 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
816 break;
817 }
818
819 case 0x01: /* DVD copyright information, all zeros */
820 break;
821
822 case 0x03: /* BCA information - invalid field for no BCA info */
823 return -1;
824
825 case 0x04: /* DVD disc manufacturing information, all zeros */
826 break;
827
828 case 0xff: { /* List capabilities */
829 int i;
830 size = 4;
831 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
832 if (!rds_caps_size[i]) {
833 continue;
834 }
835 outbuf[size] = i;
836 outbuf[size + 1] = 0x40; /* Not writable, readable */
837 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
838 size += 4;
839 }
840 break;
841 }
842
843 default:
844 return -1;
845 }
846
847 /* Size of buffer, not including 2 byte size field */
848 stw_be_p(outbuf, size - 2);
849 return size;
850
851 fail:
852 return -1;
853 }
854
855 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
856 {
857 uint8_t event_code, media_status;
858
859 media_status = 0;
860 if (s->tray_open) {
861 media_status = MS_TRAY_OPEN;
862 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
863 media_status = MS_MEDIA_PRESENT;
864 }
865
866 /* Event notification descriptor */
867 event_code = MEC_NO_CHANGE;
868 if (media_status != MS_TRAY_OPEN) {
869 if (s->media_event) {
870 event_code = MEC_NEW_MEDIA;
871 s->media_event = false;
872 } else if (s->eject_request) {
873 event_code = MEC_EJECT_REQUESTED;
874 s->eject_request = false;
875 }
876 }
877
878 outbuf[0] = event_code;
879 outbuf[1] = media_status;
880
881 /* These fields are reserved, just clear them. */
882 outbuf[2] = 0;
883 outbuf[3] = 0;
884 return 4;
885 }
886
887 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
888 uint8_t *outbuf)
889 {
890 int size;
891 uint8_t *buf = r->req.cmd.buf;
892 uint8_t notification_class_request = buf[4];
893 if (s->qdev.type != TYPE_ROM) {
894 return -1;
895 }
896 if ((buf[1] & 1) == 0) {
897 /* asynchronous */
898 return -1;
899 }
900
901 size = 4;
902 outbuf[0] = outbuf[1] = 0;
903 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
904 if (notification_class_request & (1 << GESN_MEDIA)) {
905 outbuf[2] = GESN_MEDIA;
906 size += scsi_event_status_media(s, &outbuf[size]);
907 } else {
908 outbuf[2] = 0x80;
909 }
910 stw_be_p(outbuf, size - 4);
911 return size;
912 }
913
914 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
915 {
916 int current;
917
918 if (s->qdev.type != TYPE_ROM) {
919 return -1;
920 }
921 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
922 memset(outbuf, 0, 40);
923 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
924 stw_be_p(&outbuf[6], current);
925 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
926 outbuf[10] = 0x03; /* persistent, current */
927 outbuf[11] = 8; /* two profiles */
928 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
929 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
930 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
931 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
932 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
933 stw_be_p(&outbuf[20], 1);
934 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
935 outbuf[23] = 8;
936 stl_be_p(&outbuf[24], 1); /* SCSI */
937 outbuf[28] = 1; /* DBE = 1, mandatory */
938 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
939 stw_be_p(&outbuf[32], 3);
940 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
941 outbuf[35] = 4;
942 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
943 /* TODO: Random readable, CD read, DVD read, drive serial number,
944 power management */
945 return 40;
946 }
947
948 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
949 {
950 if (s->qdev.type != TYPE_ROM) {
951 return -1;
952 }
953 memset(outbuf, 0, 8);
954 outbuf[5] = 1; /* CD-ROM */
955 return 8;
956 }
957
958 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
959 int page_control)
960 {
961 static const int mode_sense_valid[0x3f] = {
962 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
963 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
964 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
965 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
966 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
967 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
968 };
969 uint8_t *p = *p_outbuf;
970
971 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
972 return -1;
973 }
974
975 p[0] = page;
976
977 /*
978 * If Changeable Values are requested, a mask denoting those mode parameters
979 * that are changeable shall be returned. As we currently don't support
980 * parameter changes via MODE_SELECT all bits are returned set to zero.
981 * The buffer was already menset to zero by the caller of this function.
982 */
983 switch (page) {
984 case MODE_PAGE_HD_GEOMETRY:
985 p[1] = 0x16;
986 if (page_control == 1) { /* Changeable Values */
987 break;
988 }
989 /* if a geometry hint is available, use it */
990 p[2] = (s->qdev.conf.cyls >> 16) & 0xff;
991 p[3] = (s->qdev.conf.cyls >> 8) & 0xff;
992 p[4] = s->qdev.conf.cyls & 0xff;
993 p[5] = s->qdev.conf.heads & 0xff;
994 /* Write precomp start cylinder, disabled */
995 p[6] = (s->qdev.conf.cyls >> 16) & 0xff;
996 p[7] = (s->qdev.conf.cyls >> 8) & 0xff;
997 p[8] = s->qdev.conf.cyls & 0xff;
998 /* Reduced current start cylinder, disabled */
999 p[9] = (s->qdev.conf.cyls >> 16) & 0xff;
1000 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1001 p[11] = s->qdev.conf.cyls & 0xff;
1002 /* Device step rate [ns], 200ns */
1003 p[12] = 0;
1004 p[13] = 200;
1005 /* Landing zone cylinder */
1006 p[14] = 0xff;
1007 p[15] = 0xff;
1008 p[16] = 0xff;
1009 /* Medium rotation rate [rpm], 5400 rpm */
1010 p[20] = (5400 >> 8) & 0xff;
1011 p[21] = 5400 & 0xff;
1012 break;
1013
1014 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1015 p[1] = 0x1e;
1016 if (page_control == 1) { /* Changeable Values */
1017 break;
1018 }
1019 /* Transfer rate [kbit/s], 5Mbit/s */
1020 p[2] = 5000 >> 8;
1021 p[3] = 5000 & 0xff;
1022 /* if a geometry hint is available, use it */
1023 p[4] = s->qdev.conf.heads & 0xff;
1024 p[5] = s->qdev.conf.secs & 0xff;
1025 p[6] = s->qdev.blocksize >> 8;
1026 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1027 p[9] = s->qdev.conf.cyls & 0xff;
1028 /* Write precomp start cylinder, disabled */
1029 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1030 p[11] = s->qdev.conf.cyls & 0xff;
1031 /* Reduced current start cylinder, disabled */
1032 p[12] = (s->qdev.conf.cyls >> 8) & 0xff;
1033 p[13] = s->qdev.conf.cyls & 0xff;
1034 /* Device step rate [100us], 100us */
1035 p[14] = 0;
1036 p[15] = 1;
1037 /* Device step pulse width [us], 1us */
1038 p[16] = 1;
1039 /* Device head settle delay [100us], 100us */
1040 p[17] = 0;
1041 p[18] = 1;
1042 /* Motor on delay [0.1s], 0.1s */
1043 p[19] = 1;
1044 /* Motor off delay [0.1s], 0.1s */
1045 p[20] = 1;
1046 /* Medium rotation rate [rpm], 5400 rpm */
1047 p[28] = (5400 >> 8) & 0xff;
1048 p[29] = 5400 & 0xff;
1049 break;
1050
1051 case MODE_PAGE_CACHING:
1052 p[0] = 8;
1053 p[1] = 0x12;
1054 if (page_control == 1) { /* Changeable Values */
1055 break;
1056 }
1057 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1058 p[2] = 4; /* WCE */
1059 }
1060 break;
1061
1062 case MODE_PAGE_R_W_ERROR:
1063 p[1] = 10;
1064 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1065 if (s->qdev.type == TYPE_ROM) {
1066 p[3] = 0x20; /* Read Retry Count */
1067 }
1068 break;
1069
1070 case MODE_PAGE_AUDIO_CTL:
1071 p[1] = 14;
1072 break;
1073
1074 case MODE_PAGE_CAPABILITIES:
1075 p[1] = 0x14;
1076 if (page_control == 1) { /* Changeable Values */
1077 break;
1078 }
1079
1080 p[2] = 0x3b; /* CD-R & CD-RW read */
1081 p[3] = 0; /* Writing not supported */
1082 p[4] = 0x7f; /* Audio, composite, digital out,
1083 mode 2 form 1&2, multi session */
1084 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1085 RW corrected, C2 errors, ISRC,
1086 UPC, Bar code */
1087 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1088 /* Locking supported, jumper present, eject, tray */
1089 p[7] = 0; /* no volume & mute control, no
1090 changer */
1091 p[8] = (50 * 176) >> 8; /* 50x read speed */
1092 p[9] = (50 * 176) & 0xff;
1093 p[10] = 2 >> 8; /* Two volume levels */
1094 p[11] = 2 & 0xff;
1095 p[12] = 2048 >> 8; /* 2M buffer */
1096 p[13] = 2048 & 0xff;
1097 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1098 p[15] = (16 * 176) & 0xff;
1099 p[18] = (16 * 176) >> 8; /* 16x write speed */
1100 p[19] = (16 * 176) & 0xff;
1101 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1102 p[21] = (16 * 176) & 0xff;
1103 break;
1104
1105 default:
1106 return -1;
1107 }
1108
1109 *p_outbuf += p[1] + 2;
1110 return p[1] + 2;
1111 }
1112
1113 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1114 {
1115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1116 uint64_t nb_sectors;
1117 bool dbd;
1118 int page, buflen, ret, page_control;
1119 uint8_t *p;
1120 uint8_t dev_specific_param;
1121
1122 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1123 page = r->req.cmd.buf[2] & 0x3f;
1124 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1125 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1126 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1127 memset(outbuf, 0, r->req.cmd.xfer);
1128 p = outbuf;
1129
1130 if (s->qdev.type == TYPE_DISK) {
1131 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1132 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1133 dev_specific_param |= 0x80; /* Readonly. */
1134 }
1135 } else {
1136 /* MMC prescribes that CD/DVD drives have no block descriptors,
1137 * and defines no device-specific parameter. */
1138 dev_specific_param = 0x00;
1139 dbd = true;
1140 }
1141
1142 if (r->req.cmd.buf[0] == MODE_SENSE) {
1143 p[1] = 0; /* Default media type. */
1144 p[2] = dev_specific_param;
1145 p[3] = 0; /* Block descriptor length. */
1146 p += 4;
1147 } else { /* MODE_SENSE_10 */
1148 p[2] = 0; /* Default media type. */
1149 p[3] = dev_specific_param;
1150 p[6] = p[7] = 0; /* Block descriptor length. */
1151 p += 8;
1152 }
1153
1154 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1155 if (!dbd && nb_sectors) {
1156 if (r->req.cmd.buf[0] == MODE_SENSE) {
1157 outbuf[3] = 8; /* Block descriptor length */
1158 } else { /* MODE_SENSE_10 */
1159 outbuf[7] = 8; /* Block descriptor length */
1160 }
1161 nb_sectors /= (s->qdev.blocksize / 512);
1162 if (nb_sectors > 0xffffff) {
1163 nb_sectors = 0;
1164 }
1165 p[0] = 0; /* media density code */
1166 p[1] = (nb_sectors >> 16) & 0xff;
1167 p[2] = (nb_sectors >> 8) & 0xff;
1168 p[3] = nb_sectors & 0xff;
1169 p[4] = 0; /* reserved */
1170 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1171 p[6] = s->qdev.blocksize >> 8;
1172 p[7] = 0;
1173 p += 8;
1174 }
1175
1176 if (page_control == 3) {
1177 /* Saved Values */
1178 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1179 return -1;
1180 }
1181
1182 if (page == 0x3f) {
1183 for (page = 0; page <= 0x3e; page++) {
1184 mode_sense_page(s, page, &p, page_control);
1185 }
1186 } else {
1187 ret = mode_sense_page(s, page, &p, page_control);
1188 if (ret == -1) {
1189 return -1;
1190 }
1191 }
1192
1193 buflen = p - outbuf;
1194 /*
1195 * The mode data length field specifies the length in bytes of the
1196 * following data that is available to be transferred. The mode data
1197 * length does not include itself.
1198 */
1199 if (r->req.cmd.buf[0] == MODE_SENSE) {
1200 outbuf[0] = buflen - 1;
1201 } else { /* MODE_SENSE_10 */
1202 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1203 outbuf[1] = (buflen - 2) & 0xff;
1204 }
1205 return buflen;
1206 }
1207
1208 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1209 {
1210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1211 int start_track, format, msf, toclen;
1212 uint64_t nb_sectors;
1213
1214 msf = req->cmd.buf[1] & 2;
1215 format = req->cmd.buf[2] & 0xf;
1216 start_track = req->cmd.buf[6];
1217 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1218 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1219 nb_sectors /= s->qdev.blocksize / 512;
1220 switch (format) {
1221 case 0:
1222 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1223 break;
1224 case 1:
1225 /* multi session : only a single session defined */
1226 toclen = 12;
1227 memset(outbuf, 0, 12);
1228 outbuf[1] = 0x0a;
1229 outbuf[2] = 0x01;
1230 outbuf[3] = 0x01;
1231 break;
1232 case 2:
1233 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1234 break;
1235 default:
1236 return -1;
1237 }
1238 return toclen;
1239 }
1240
1241 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1242 {
1243 SCSIRequest *req = &r->req;
1244 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1245 bool start = req->cmd.buf[4] & 1;
1246 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1247
1248 if (s->qdev.type == TYPE_ROM && loej) {
1249 if (!start && !s->tray_open && s->tray_locked) {
1250 scsi_check_condition(r,
1251 bdrv_is_inserted(s->qdev.conf.bs)
1252 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1253 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1254 return -1;
1255 }
1256
1257 if (s->tray_open != !start) {
1258 bdrv_eject(s->qdev.conf.bs, !start);
1259 s->tray_open = !start;
1260 }
1261 }
1262 return 0;
1263 }
1264
1265 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1266 {
1267 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1268 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1269 uint64_t nb_sectors;
1270 uint8_t *outbuf;
1271 int buflen = 0;
1272
1273 switch (req->cmd.buf[0]) {
1274 case INQUIRY:
1275 case MODE_SENSE:
1276 case MODE_SENSE_10:
1277 case RESERVE:
1278 case RESERVE_10:
1279 case RELEASE:
1280 case RELEASE_10:
1281 case START_STOP:
1282 case ALLOW_MEDIUM_REMOVAL:
1283 case GET_CONFIGURATION:
1284 case GET_EVENT_STATUS_NOTIFICATION:
1285 case MECHANISM_STATUS:
1286 case REQUEST_SENSE:
1287 break;
1288
1289 default:
1290 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1291 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1292 return 0;
1293 }
1294 break;
1295 }
1296
1297 assert(req->cmd.mode != SCSI_XFER_TO_DEV);
1298 if (!r->iov.iov_base) {
1299 /*
1300 * FIXME: we shouldn't return anything bigger than 4k, but the code
1301 * requires the buffer to be as big as req->cmd.xfer in several
1302 * places. So, do not allow CDBs with a very large ALLOCATION
1303 * LENGTH. The real fix would be to modify scsi_read_data and
1304 * dma_buf_read, so that they return data beyond the buflen
1305 * as all zeros.
1306 */
1307 if (req->cmd.xfer > 65536) {
1308 goto illegal_request;
1309 }
1310 r->buflen = MAX(4096, req->cmd.xfer);
1311 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1312 }
1313
1314 outbuf = r->iov.iov_base;
1315 switch (req->cmd.buf[0]) {
1316 case TEST_UNIT_READY:
1317 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1318 break;
1319 case INQUIRY:
1320 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1321 if (buflen < 0) {
1322 goto illegal_request;
1323 }
1324 break;
1325 case MODE_SENSE:
1326 case MODE_SENSE_10:
1327 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1328 if (buflen < 0) {
1329 goto illegal_request;
1330 }
1331 break;
1332 case READ_TOC:
1333 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1334 if (buflen < 0) {
1335 goto illegal_request;
1336 }
1337 break;
1338 case RESERVE:
1339 if (req->cmd.buf[1] & 1) {
1340 goto illegal_request;
1341 }
1342 break;
1343 case RESERVE_10:
1344 if (req->cmd.buf[1] & 3) {
1345 goto illegal_request;
1346 }
1347 break;
1348 case RELEASE:
1349 if (req->cmd.buf[1] & 1) {
1350 goto illegal_request;
1351 }
1352 break;
1353 case RELEASE_10:
1354 if (req->cmd.buf[1] & 3) {
1355 goto illegal_request;
1356 }
1357 break;
1358 case START_STOP:
1359 if (scsi_disk_emulate_start_stop(r) < 0) {
1360 return 0;
1361 }
1362 break;
1363 case ALLOW_MEDIUM_REMOVAL:
1364 s->tray_locked = req->cmd.buf[4] & 1;
1365 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1366 break;
1367 case READ_CAPACITY_10:
1368 /* The normal LEN field for this command is zero. */
1369 memset(outbuf, 0, 8);
1370 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1371 if (!nb_sectors) {
1372 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1373 return -1;
1374 }
1375 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1376 goto illegal_request;
1377 }
1378 nb_sectors /= s->qdev.blocksize / 512;
1379 /* Returned value is the address of the last sector. */
1380 nb_sectors--;
1381 /* Remember the new size for read/write sanity checking. */
1382 s->qdev.max_lba = nb_sectors;
1383 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1384 if (nb_sectors > UINT32_MAX) {
1385 nb_sectors = UINT32_MAX;
1386 }
1387 outbuf[0] = (nb_sectors >> 24) & 0xff;
1388 outbuf[1] = (nb_sectors >> 16) & 0xff;
1389 outbuf[2] = (nb_sectors >> 8) & 0xff;
1390 outbuf[3] = nb_sectors & 0xff;
1391 outbuf[4] = 0;
1392 outbuf[5] = 0;
1393 outbuf[6] = s->qdev.blocksize >> 8;
1394 outbuf[7] = 0;
1395 buflen = 8;
1396 break;
1397 case REQUEST_SENSE:
1398 /* Just return "NO SENSE". */
1399 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1400 (req->cmd.buf[1] & 1) == 0);
1401 break;
1402 case MECHANISM_STATUS:
1403 buflen = scsi_emulate_mechanism_status(s, outbuf);
1404 if (buflen < 0) {
1405 goto illegal_request;
1406 }
1407 break;
1408 case GET_CONFIGURATION:
1409 buflen = scsi_get_configuration(s, outbuf);
1410 if (buflen < 0) {
1411 goto illegal_request;
1412 }
1413 break;
1414 case GET_EVENT_STATUS_NOTIFICATION:
1415 buflen = scsi_get_event_status_notification(s, r, outbuf);
1416 if (buflen < 0) {
1417 goto illegal_request;
1418 }
1419 break;
1420 case READ_DISC_INFORMATION:
1421 buflen = scsi_read_disc_information(s, r, outbuf);
1422 if (buflen < 0) {
1423 goto illegal_request;
1424 }
1425 break;
1426 case READ_DVD_STRUCTURE:
1427 buflen = scsi_read_dvd_structure(s, r, outbuf);
1428 if (buflen < 0) {
1429 goto illegal_request;
1430 }
1431 break;
1432 case SERVICE_ACTION_IN_16:
1433 /* Service Action In subcommands. */
1434 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1435 DPRINTF("SAI READ CAPACITY(16)\n");
1436 memset(outbuf, 0, req->cmd.xfer);
1437 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1438 if (!nb_sectors) {
1439 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1440 return -1;
1441 }
1442 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1443 goto illegal_request;
1444 }
1445 nb_sectors /= s->qdev.blocksize / 512;
1446 /* Returned value is the address of the last sector. */
1447 nb_sectors--;
1448 /* Remember the new size for read/write sanity checking. */
1449 s->qdev.max_lba = nb_sectors;
1450 outbuf[0] = (nb_sectors >> 56) & 0xff;
1451 outbuf[1] = (nb_sectors >> 48) & 0xff;
1452 outbuf[2] = (nb_sectors >> 40) & 0xff;
1453 outbuf[3] = (nb_sectors >> 32) & 0xff;
1454 outbuf[4] = (nb_sectors >> 24) & 0xff;
1455 outbuf[5] = (nb_sectors >> 16) & 0xff;
1456 outbuf[6] = (nb_sectors >> 8) & 0xff;
1457 outbuf[7] = nb_sectors & 0xff;
1458 outbuf[8] = 0;
1459 outbuf[9] = 0;
1460 outbuf[10] = s->qdev.blocksize >> 8;
1461 outbuf[11] = 0;
1462 outbuf[12] = 0;
1463 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1464
1465 /* set TPE bit if the format supports discard */
1466 if (s->qdev.conf.discard_granularity) {
1467 outbuf[14] = 0x80;
1468 }
1469
1470 /* Protection, exponent and lowest lba field left blank. */
1471 buflen = req->cmd.xfer;
1472 break;
1473 }
1474 DPRINTF("Unsupported Service Action In\n");
1475 goto illegal_request;
1476 case SYNCHRONIZE_CACHE:
1477 /* The request is used as the AIO opaque value, so add a ref. */
1478 scsi_req_ref(&r->req);
1479 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1480 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1481 return 0;
1482 case SEEK_10:
1483 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1484 if (r->req.cmd.lba > s->qdev.max_lba) {
1485 goto illegal_lba;
1486 }
1487 break;
1488 #if 0
1489 case MODE_SELECT:
1490 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1491 /* We don't support mode parameter changes.
1492 Allow the mode parameter header + block descriptors only. */
1493 if (r->req.cmd.xfer > 12) {
1494 goto illegal_request;
1495 }
1496 break;
1497 case MODE_SELECT_10:
1498 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1499 /* We don't support mode parameter changes.
1500 Allow the mode parameter header + block descriptors only. */
1501 if (r->req.cmd.xfer > 16) {
1502 goto illegal_request;
1503 }
1504 break;
1505 #endif
1506 case WRITE_SAME_10:
1507 nb_sectors = lduw_be_p(&req->cmd.buf[7]);
1508 goto write_same;
1509 case WRITE_SAME_16:
1510 nb_sectors = ldl_be_p(&req->cmd.buf[10]) & 0xffffffffULL;
1511 write_same:
1512 if (r->req.cmd.lba > s->qdev.max_lba) {
1513 goto illegal_lba;
1514 }
1515
1516 /*
1517 * We only support WRITE SAME with the unmap bit set for now.
1518 */
1519 if (!(req->cmd.buf[1] & 0x8)) {
1520 goto illegal_request;
1521 }
1522
1523 /* The request is used as the AIO opaque value, so add a ref. */
1524 scsi_req_ref(&r->req);
1525 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1526 r->req.cmd.lba * (s->qdev.blocksize / 512),
1527 nb_sectors * (s->qdev.blocksize / 512),
1528 scsi_aio_complete, r);
1529 return 0;
1530 default:
1531 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1532 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1533 return 0;
1534 }
1535 assert(!r->req.aiocb && r->sector_count == 0);
1536 r->iov.iov_len = MIN(buflen, req->cmd.xfer);
1537 r->sector_count = -1;
1538 if (r->iov.iov_len == 0) {
1539 scsi_req_complete(&r->req, GOOD);
1540 }
1541 return r->iov.iov_len;
1542
1543 illegal_request:
1544 if (r->req.status == -1) {
1545 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1546 }
1547 return 0;
1548
1549 illegal_lba:
1550 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1551 return 0;
1552 }
1553
1554 /* Execute a scsi command. Returns the length of the data expected by the
1555 command. This will be Positive for data transfers from the device
1556 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1557 and zero if the command does not transfer any data. */
1558
1559 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
1560 {
1561 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1562 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1563 int32_t len;
1564 uint8_t command;
1565
1566 command = buf[0];
1567
1568 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1569 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1570 return 0;
1571 }
1572
1573 switch (command) {
1574 case READ_6:
1575 case READ_10:
1576 case READ_12:
1577 case READ_16:
1578 len = r->req.cmd.xfer / s->qdev.blocksize;
1579 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1580 if (r->req.cmd.lba > s->qdev.max_lba) {
1581 goto illegal_lba;
1582 }
1583 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1584 r->sector_count = len * (s->qdev.blocksize / 512);
1585 break;
1586 case VERIFY_10:
1587 case VERIFY_12:
1588 case VERIFY_16:
1589 case WRITE_6:
1590 case WRITE_10:
1591 case WRITE_12:
1592 case WRITE_16:
1593 case WRITE_VERIFY_10:
1594 case WRITE_VERIFY_12:
1595 case WRITE_VERIFY_16:
1596 len = r->req.cmd.xfer / s->qdev.blocksize;
1597 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1598 (command & 0xe) == 0xe ? "And Verify " : "",
1599 r->req.cmd.lba, len);
1600 if (r->req.cmd.lba > s->qdev.max_lba) {
1601 goto illegal_lba;
1602 }
1603 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1604 r->sector_count = len * (s->qdev.blocksize / 512);
1605 break;
1606 default:
1607 abort();
1608 illegal_lba:
1609 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1610 return 0;
1611 }
1612 if (r->sector_count == 0) {
1613 scsi_req_complete(&r->req, GOOD);
1614 }
1615 assert(r->iov.iov_len == 0);
1616 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1617 return -r->sector_count * 512;
1618 } else {
1619 return r->sector_count * 512;
1620 }
1621 }
1622
1623 static void scsi_disk_reset(DeviceState *dev)
1624 {
1625 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1626 uint64_t nb_sectors;
1627
1628 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1629
1630 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1631 nb_sectors /= s->qdev.blocksize / 512;
1632 if (nb_sectors) {
1633 nb_sectors--;
1634 }
1635 s->qdev.max_lba = nb_sectors;
1636 }
1637
1638 static void scsi_destroy(SCSIDevice *dev)
1639 {
1640 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1641
1642 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1643 blockdev_mark_auto_del(s->qdev.conf.bs);
1644 }
1645
1646 static void scsi_cd_change_media_cb(void *opaque, bool load)
1647 {
1648 SCSIDiskState *s = opaque;
1649
1650 /*
1651 * When a CD gets changed, we have to report an ejected state and
1652 * then a loaded state to guests so that they detect tray
1653 * open/close and media change events. Guests that do not use
1654 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1655 * states rely on this behavior.
1656 *
1657 * media_changed governs the state machine used for unit attention
1658 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1659 */
1660 s->media_changed = load;
1661 s->tray_open = !load;
1662 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1663 s->media_event = true;
1664 s->eject_request = false;
1665 }
1666
1667 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1668 {
1669 SCSIDiskState *s = opaque;
1670
1671 s->eject_request = true;
1672 if (force) {
1673 s->tray_locked = false;
1674 }
1675 }
1676
1677 static bool scsi_cd_is_tray_open(void *opaque)
1678 {
1679 return ((SCSIDiskState *)opaque)->tray_open;
1680 }
1681
1682 static bool scsi_cd_is_medium_locked(void *opaque)
1683 {
1684 return ((SCSIDiskState *)opaque)->tray_locked;
1685 }
1686
1687 static const BlockDevOps scsi_cd_block_ops = {
1688 .change_media_cb = scsi_cd_change_media_cb,
1689 .eject_request_cb = scsi_cd_eject_request_cb,
1690 .is_tray_open = scsi_cd_is_tray_open,
1691 .is_medium_locked = scsi_cd_is_medium_locked,
1692 };
1693
1694 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1695 {
1696 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1697 if (s->media_changed) {
1698 s->media_changed = false;
1699 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1700 }
1701 }
1702
1703 static int scsi_initfn(SCSIDevice *dev)
1704 {
1705 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1706
1707 if (!s->qdev.conf.bs) {
1708 error_report("drive property not set");
1709 return -1;
1710 }
1711
1712 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1713 !bdrv_is_inserted(s->qdev.conf.bs)) {
1714 error_report("Device needs media, but drive is empty");
1715 return -1;
1716 }
1717
1718 blkconf_serial(&s->qdev.conf, &s->serial);
1719 if (blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
1720 return -1;
1721 }
1722
1723 if (!s->version) {
1724 s->version = g_strdup(qemu_get_version());
1725 }
1726 if (!s->vendor) {
1727 s->vendor = g_strdup("QEMU");
1728 }
1729
1730 if (bdrv_is_sg(s->qdev.conf.bs)) {
1731 error_report("unwanted /dev/sg*");
1732 return -1;
1733 }
1734
1735 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1736 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1737 }
1738 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1739
1740 bdrv_iostatus_enable(s->qdev.conf.bs);
1741 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1742 return 0;
1743 }
1744
1745 static int scsi_hd_initfn(SCSIDevice *dev)
1746 {
1747 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1748 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1749 s->qdev.type = TYPE_DISK;
1750 if (!s->product) {
1751 s->product = g_strdup("QEMU HARDDISK");
1752 }
1753 return scsi_initfn(&s->qdev);
1754 }
1755
1756 static int scsi_cd_initfn(SCSIDevice *dev)
1757 {
1758 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1759 s->qdev.blocksize = 2048;
1760 s->qdev.type = TYPE_ROM;
1761 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1762 if (!s->product) {
1763 s->product = g_strdup("QEMU CD-ROM");
1764 }
1765 return scsi_initfn(&s->qdev);
1766 }
1767
1768 static int scsi_disk_initfn(SCSIDevice *dev)
1769 {
1770 DriveInfo *dinfo;
1771
1772 if (!dev->conf.bs) {
1773 return scsi_initfn(dev); /* ... and die there */
1774 }
1775
1776 dinfo = drive_get_by_blockdev(dev->conf.bs);
1777 if (dinfo->media_cd) {
1778 return scsi_cd_initfn(dev);
1779 } else {
1780 return scsi_hd_initfn(dev);
1781 }
1782 }
1783
1784 static const SCSIReqOps scsi_disk_emulate_reqops = {
1785 .size = sizeof(SCSIDiskReq),
1786 .free_req = scsi_free_request,
1787 .send_command = scsi_disk_emulate_command,
1788 .read_data = scsi_read_data,
1789 .write_data = scsi_write_data,
1790 .get_buf = scsi_get_buf,
1791 };
1792
1793 static const SCSIReqOps scsi_disk_dma_reqops = {
1794 .size = sizeof(SCSIDiskReq),
1795 .free_req = scsi_free_request,
1796 .send_command = scsi_disk_dma_command,
1797 .read_data = scsi_read_data,
1798 .write_data = scsi_write_data,
1799 .cancel_io = scsi_cancel_io,
1800 .get_buf = scsi_get_buf,
1801 .load_request = scsi_disk_load_request,
1802 .save_request = scsi_disk_save_request,
1803 };
1804
1805 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
1806 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
1807 [INQUIRY] = &scsi_disk_emulate_reqops,
1808 [MODE_SENSE] = &scsi_disk_emulate_reqops,
1809 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
1810 [START_STOP] = &scsi_disk_emulate_reqops,
1811 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
1812 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
1813 [READ_TOC] = &scsi_disk_emulate_reqops,
1814 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
1815 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
1816 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
1817 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
1818 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
1819 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
1820 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
1821 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
1822 [SEEK_10] = &scsi_disk_emulate_reqops,
1823 #if 0
1824 [MODE_SELECT] = &scsi_disk_emulate_reqops,
1825 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
1826 #endif
1827 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
1828 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
1829
1830 [READ_6] = &scsi_disk_dma_reqops,
1831 [READ_10] = &scsi_disk_dma_reqops,
1832 [READ_12] = &scsi_disk_dma_reqops,
1833 [READ_16] = &scsi_disk_dma_reqops,
1834 [VERIFY_10] = &scsi_disk_dma_reqops,
1835 [VERIFY_12] = &scsi_disk_dma_reqops,
1836 [VERIFY_16] = &scsi_disk_dma_reqops,
1837 [WRITE_6] = &scsi_disk_dma_reqops,
1838 [WRITE_10] = &scsi_disk_dma_reqops,
1839 [WRITE_12] = &scsi_disk_dma_reqops,
1840 [WRITE_16] = &scsi_disk_dma_reqops,
1841 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
1842 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
1843 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
1844 };
1845
1846 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1847 uint8_t *buf, void *hba_private)
1848 {
1849 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1850 SCSIRequest *req;
1851 const SCSIReqOps *ops;
1852 uint8_t command;
1853
1854 #ifdef DEBUG_SCSI
1855 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, buf[0]);
1856 {
1857 int i;
1858 for (i = 1; i < r->req.cmd.len; i++) {
1859 printf(" 0x%02x", buf[i]);
1860 }
1861 printf("\n");
1862 }
1863 #endif
1864
1865 command = buf[0];
1866 ops = scsi_disk_reqops_dispatch[command];
1867 if (!ops) {
1868 ops = &scsi_disk_emulate_reqops;
1869 }
1870 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
1871 return req;
1872 }
1873
1874 #ifdef __linux__
1875 static int get_device_type(SCSIDiskState *s)
1876 {
1877 BlockDriverState *bdrv = s->qdev.conf.bs;
1878 uint8_t cmd[16];
1879 uint8_t buf[36];
1880 uint8_t sensebuf[8];
1881 sg_io_hdr_t io_header;
1882 int ret;
1883
1884 memset(cmd, 0, sizeof(cmd));
1885 memset(buf, 0, sizeof(buf));
1886 cmd[0] = INQUIRY;
1887 cmd[4] = sizeof(buf);
1888
1889 memset(&io_header, 0, sizeof(io_header));
1890 io_header.interface_id = 'S';
1891 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1892 io_header.dxfer_len = sizeof(buf);
1893 io_header.dxferp = buf;
1894 io_header.cmdp = cmd;
1895 io_header.cmd_len = sizeof(cmd);
1896 io_header.mx_sb_len = sizeof(sensebuf);
1897 io_header.sbp = sensebuf;
1898 io_header.timeout = 6000; /* XXX */
1899
1900 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1901 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1902 return -1;
1903 }
1904 s->qdev.type = buf[0];
1905 if (buf[1] & 0x80) {
1906 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1907 }
1908 return 0;
1909 }
1910
1911 static int scsi_block_initfn(SCSIDevice *dev)
1912 {
1913 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1914 int sg_version;
1915 int rc;
1916
1917 if (!s->qdev.conf.bs) {
1918 error_report("scsi-block: drive property not set");
1919 return -1;
1920 }
1921
1922 /* check we are using a driver managing SG_IO (version 3 and after) */
1923 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1924 sg_version < 30000) {
1925 error_report("scsi-block: scsi generic interface too old");
1926 return -1;
1927 }
1928
1929 /* get device type from INQUIRY data */
1930 rc = get_device_type(s);
1931 if (rc < 0) {
1932 error_report("scsi-block: INQUIRY failed");
1933 return -1;
1934 }
1935
1936 /* Make a guess for the block size, we'll fix it when the guest sends.
1937 * READ CAPACITY. If they don't, they likely would assume these sizes
1938 * anyway. (TODO: check in /sys).
1939 */
1940 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1941 s->qdev.blocksize = 2048;
1942 } else {
1943 s->qdev.blocksize = 512;
1944 }
1945 return scsi_initfn(&s->qdev);
1946 }
1947
1948 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1949 uint32_t lun, uint8_t *buf,
1950 void *hba_private)
1951 {
1952 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1953
1954 switch (buf[0]) {
1955 case READ_6:
1956 case READ_10:
1957 case READ_12:
1958 case READ_16:
1959 case VERIFY_10:
1960 case VERIFY_12:
1961 case VERIFY_16:
1962 case WRITE_6:
1963 case WRITE_10:
1964 case WRITE_12:
1965 case WRITE_16:
1966 case WRITE_VERIFY_10:
1967 case WRITE_VERIFY_12:
1968 case WRITE_VERIFY_16:
1969 /* If we are not using O_DIRECT, we might read stale data from the
1970 * host cache if writes were made using other commands than these
1971 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1972 * O_DIRECT everything must go through SG_IO.
1973 */
1974 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
1975 break;
1976 }
1977
1978 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1979 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1980 * And once you do these writes, reading from the block device is
1981 * unreliable, too. It is even possible that reads deliver random data
1982 * from the host page cache (this is probably a Linux bug).
1983 *
1984 * We might use scsi_disk_dma_reqops as long as no writing commands are
1985 * seen, but performance usually isn't paramount on optical media. So,
1986 * just make scsi-block operate the same as scsi-generic for them.
1987 */
1988 if (s->qdev.type != TYPE_ROM) {
1989 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
1990 hba_private);
1991 }
1992 }
1993
1994 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1995 hba_private);
1996 }
1997 #endif
1998
1999 #define DEFINE_SCSI_DISK_PROPERTIES() \
2000 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2001 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2002 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2003 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2004 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2005
2006 static Property scsi_hd_properties[] = {
2007 DEFINE_SCSI_DISK_PROPERTIES(),
2008 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2009 SCSI_DISK_F_REMOVABLE, false),
2010 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2011 SCSI_DISK_F_DPOFUA, false),
2012 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2013 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2014 DEFINE_PROP_END_OF_LIST(),
2015 };
2016
2017 static const VMStateDescription vmstate_scsi_disk_state = {
2018 .name = "scsi-disk",
2019 .version_id = 1,
2020 .minimum_version_id = 1,
2021 .minimum_version_id_old = 1,
2022 .fields = (VMStateField[]) {
2023 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2024 VMSTATE_BOOL(media_changed, SCSIDiskState),
2025 VMSTATE_BOOL(media_event, SCSIDiskState),
2026 VMSTATE_BOOL(eject_request, SCSIDiskState),
2027 VMSTATE_BOOL(tray_open, SCSIDiskState),
2028 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2029 VMSTATE_END_OF_LIST()
2030 }
2031 };
2032
2033 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2034 {
2035 DeviceClass *dc = DEVICE_CLASS(klass);
2036 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2037
2038 sc->init = scsi_hd_initfn;
2039 sc->destroy = scsi_destroy;
2040 sc->alloc_req = scsi_new_request;
2041 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2042 dc->fw_name = "disk";
2043 dc->desc = "virtual SCSI disk";
2044 dc->reset = scsi_disk_reset;
2045 dc->props = scsi_hd_properties;
2046 dc->vmsd = &vmstate_scsi_disk_state;
2047 }
2048
2049 static TypeInfo scsi_hd_info = {
2050 .name = "scsi-hd",
2051 .parent = TYPE_SCSI_DEVICE,
2052 .instance_size = sizeof(SCSIDiskState),
2053 .class_init = scsi_hd_class_initfn,
2054 };
2055
2056 static Property scsi_cd_properties[] = {
2057 DEFINE_SCSI_DISK_PROPERTIES(),
2058 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2059 DEFINE_PROP_END_OF_LIST(),
2060 };
2061
2062 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2063 {
2064 DeviceClass *dc = DEVICE_CLASS(klass);
2065 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2066
2067 sc->init = scsi_cd_initfn;
2068 sc->destroy = scsi_destroy;
2069 sc->alloc_req = scsi_new_request;
2070 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2071 dc->fw_name = "disk";
2072 dc->desc = "virtual SCSI CD-ROM";
2073 dc->reset = scsi_disk_reset;
2074 dc->props = scsi_cd_properties;
2075 dc->vmsd = &vmstate_scsi_disk_state;
2076 }
2077
2078 static TypeInfo scsi_cd_info = {
2079 .name = "scsi-cd",
2080 .parent = TYPE_SCSI_DEVICE,
2081 .instance_size = sizeof(SCSIDiskState),
2082 .class_init = scsi_cd_class_initfn,
2083 };
2084
2085 #ifdef __linux__
2086 static Property scsi_block_properties[] = {
2087 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
2088 DEFINE_PROP_END_OF_LIST(),
2089 };
2090
2091 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2092 {
2093 DeviceClass *dc = DEVICE_CLASS(klass);
2094 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2095
2096 sc->init = scsi_block_initfn;
2097 sc->destroy = scsi_destroy;
2098 sc->alloc_req = scsi_block_new_request;
2099 dc->fw_name = "disk";
2100 dc->desc = "SCSI block device passthrough";
2101 dc->reset = scsi_disk_reset;
2102 dc->props = scsi_block_properties;
2103 dc->vmsd = &vmstate_scsi_disk_state;
2104 }
2105
2106 static TypeInfo scsi_block_info = {
2107 .name = "scsi-block",
2108 .parent = TYPE_SCSI_DEVICE,
2109 .instance_size = sizeof(SCSIDiskState),
2110 .class_init = scsi_block_class_initfn,
2111 };
2112 #endif
2113
2114 static Property scsi_disk_properties[] = {
2115 DEFINE_SCSI_DISK_PROPERTIES(),
2116 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2117 SCSI_DISK_F_REMOVABLE, false),
2118 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2119 SCSI_DISK_F_DPOFUA, false),
2120 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2121 DEFINE_PROP_END_OF_LIST(),
2122 };
2123
2124 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2125 {
2126 DeviceClass *dc = DEVICE_CLASS(klass);
2127 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2128
2129 sc->init = scsi_disk_initfn;
2130 sc->destroy = scsi_destroy;
2131 sc->alloc_req = scsi_new_request;
2132 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2133 dc->fw_name = "disk";
2134 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2135 dc->reset = scsi_disk_reset;
2136 dc->props = scsi_disk_properties;
2137 dc->vmsd = &vmstate_scsi_disk_state;
2138 }
2139
2140 static TypeInfo scsi_disk_info = {
2141 .name = "scsi-disk",
2142 .parent = TYPE_SCSI_DEVICE,
2143 .instance_size = sizeof(SCSIDiskState),
2144 .class_init = scsi_disk_class_initfn,
2145 };
2146
2147 static void scsi_disk_register_types(void)
2148 {
2149 type_register_static(&scsi_hd_info);
2150 type_register_static(&scsi_cd_info);
2151 #ifdef __linux__
2152 type_register_static(&scsi_block_info);
2153 #endif
2154 type_register_static(&scsi_disk_info);
2155 }
2156
2157 type_init(scsi_disk_register_types)
Qemu copy for testing