]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi-disk: make discard asynchronous
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "hw/block-common.h"
38 #include "dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIDiskReq {
50 SCSIRequest req;
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 uint32_t buflen;
55 bool started;
56 struct iovec iov;
57 QEMUIOVector qiov;
58 BlockAcctCookie acct;
59 } SCSIDiskReq;
60
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t features;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 uint64_t wwn;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 char *vendor;
76 char *product;
77 bool tray_open;
78 bool tray_locked;
79 };
80
81 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
82
83 static void scsi_free_request(SCSIRequest *req)
84 {
85 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
86
87 if (r->iov.iov_base) {
88 qemu_vfree(r->iov.iov_base);
89 }
90 }
91
92 /* Helper function for command completion with sense. */
93 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
94 {
95 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
96 r->req.tag, sense.key, sense.asc, sense.ascq);
97 scsi_req_build_sense(&r->req, sense);
98 scsi_req_complete(&r->req, CHECK_CONDITION);
99 }
100
101 /* Cancel a pending data transfer. */
102 static void scsi_cancel_io(SCSIRequest *req)
103 {
104 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
105
106 DPRINTF("Cancel tag=0x%x\n", req->tag);
107 if (r->req.aiocb) {
108 bdrv_aio_cancel(r->req.aiocb);
109
110 /* This reference was left in by scsi_*_data. We take ownership of
111 * it the moment scsi_req_cancel is called, independent of whether
112 * bdrv_aio_cancel completes the request or not. */
113 scsi_req_unref(&r->req);
114 }
115 r->req.aiocb = NULL;
116 }
117
118 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
119 {
120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
121
122 if (!r->iov.iov_base) {
123 r->buflen = size;
124 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
125 }
126 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
127 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
128 return r->qiov.size / 512;
129 }
130
131 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
132 {
133 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
134
135 qemu_put_be64s(f, &r->sector);
136 qemu_put_be32s(f, &r->sector_count);
137 qemu_put_be32s(f, &r->buflen);
138 if (r->buflen) {
139 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
140 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
141 } else if (!req->retry) {
142 uint32_t len = r->iov.iov_len;
143 qemu_put_be32s(f, &len);
144 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
145 }
146 }
147 }
148
149 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
150 {
151 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
152
153 qemu_get_be64s(f, &r->sector);
154 qemu_get_be32s(f, &r->sector_count);
155 qemu_get_be32s(f, &r->buflen);
156 if (r->buflen) {
157 scsi_init_iovec(r, r->buflen);
158 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
159 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
160 } else if (!r->req.retry) {
161 uint32_t len;
162 qemu_get_be32s(f, &len);
163 r->iov.iov_len = len;
164 assert(r->iov.iov_len <= r->buflen);
165 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
166 }
167 }
168
169 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
170 }
171
172 static void scsi_aio_complete(void *opaque, int ret)
173 {
174 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
176
177 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
178
179 if (ret < 0) {
180 if (scsi_handle_rw_error(r, -ret)) {
181 goto done;
182 }
183 }
184
185 scsi_req_complete(&r->req, GOOD);
186
187 done:
188 if (!r->req.io_canceled) {
189 scsi_req_unref(&r->req);
190 }
191 }
192
193 static bool scsi_is_cmd_fua(SCSICommand *cmd)
194 {
195 switch (cmd->buf[0]) {
196 case READ_10:
197 case READ_12:
198 case READ_16:
199 case WRITE_10:
200 case WRITE_12:
201 case WRITE_16:
202 return (cmd->buf[1] & 8) != 0;
203
204 case VERIFY_10:
205 case VERIFY_12:
206 case VERIFY_16:
207 case WRITE_VERIFY_10:
208 case WRITE_VERIFY_12:
209 case WRITE_VERIFY_16:
210 return true;
211
212 case READ_6:
213 case WRITE_6:
214 default:
215 return false;
216 }
217 }
218
219 static void scsi_write_do_fua(SCSIDiskReq *r)
220 {
221 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
222
223 if (scsi_is_cmd_fua(&r->req.cmd)) {
224 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
225 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
226 return;
227 }
228
229 scsi_req_complete(&r->req, GOOD);
230 if (!r->req.io_canceled) {
231 scsi_req_unref(&r->req);
232 }
233 }
234
235 static void scsi_dma_complete(void *opaque, int ret)
236 {
237 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
239
240 if (r->req.aiocb != NULL) {
241 r->req.aiocb = NULL;
242 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
243 }
244
245 if (ret < 0) {
246 if (scsi_handle_rw_error(r, -ret)) {
247 goto done;
248 }
249 }
250
251 r->sector += r->sector_count;
252 r->sector_count = 0;
253 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
254 scsi_write_do_fua(r);
255 return;
256 } else {
257 scsi_req_complete(&r->req, GOOD);
258 }
259
260 done:
261 if (!r->req.io_canceled) {
262 scsi_req_unref(&r->req);
263 }
264 }
265
266 static void scsi_read_complete(void * opaque, int ret)
267 {
268 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270 int n;
271
272 if (r->req.aiocb != NULL) {
273 r->req.aiocb = NULL;
274 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
275 }
276
277 if (ret < 0) {
278 if (scsi_handle_rw_error(r, -ret)) {
279 goto done;
280 }
281 }
282
283 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
284
285 n = r->qiov.size / 512;
286 r->sector += n;
287 r->sector_count -= n;
288 scsi_req_data(&r->req, r->qiov.size);
289
290 done:
291 if (!r->req.io_canceled) {
292 scsi_req_unref(&r->req);
293 }
294 }
295
296 /* Actually issue a read to the block device. */
297 static void scsi_do_read(void *opaque, int ret)
298 {
299 SCSIDiskReq *r = opaque;
300 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
301 uint32_t n;
302
303 if (r->req.aiocb != NULL) {
304 r->req.aiocb = NULL;
305 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
306 }
307
308 if (ret < 0) {
309 if (scsi_handle_rw_error(r, -ret)) {
310 goto done;
311 }
312 }
313
314 if (r->req.io_canceled) {
315 return;
316 }
317
318 /* The request is used as the AIO opaque value, so add a ref. */
319 scsi_req_ref(&r->req);
320
321 if (r->req.sg) {
322 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
323 r->req.resid -= r->req.sg->size;
324 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
325 scsi_dma_complete, r);
326 } else {
327 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
328 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
329 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
330 scsi_read_complete, r);
331 }
332
333 done:
334 if (!r->req.io_canceled) {
335 scsi_req_unref(&r->req);
336 }
337 }
338
339 /* Read more data from scsi device into buffer. */
340 static void scsi_read_data(SCSIRequest *req)
341 {
342 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
344 bool first;
345
346 if (r->sector_count == (uint32_t)-1) {
347 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
348 r->sector_count = 0;
349 r->started = true;
350 scsi_req_data(&r->req, r->iov.iov_len);
351 return;
352 }
353 DPRINTF("Read sector_count=%d\n", r->sector_count);
354 if (r->sector_count == 0) {
355 /* This also clears the sense buffer for REQUEST SENSE. */
356 scsi_req_complete(&r->req, GOOD);
357 return;
358 }
359
360 /* No data transfer may already be in progress */
361 assert(r->req.aiocb == NULL);
362
363 /* The request is used as the AIO opaque value, so add a ref. */
364 scsi_req_ref(&r->req);
365 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
366 DPRINTF("Data transfer direction invalid\n");
367 scsi_read_complete(r, -EINVAL);
368 return;
369 }
370
371 if (s->tray_open) {
372 scsi_read_complete(r, -ENOMEDIUM);
373 return;
374 }
375
376 first = !r->started;
377 r->started = true;
378 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
379 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
380 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
381 } else {
382 scsi_do_read(r, 0);
383 }
384 }
385
386 /*
387 * scsi_handle_rw_error has two return values. 0 means that the error
388 * must be ignored, 1 means that the error has been processed and the
389 * caller should not do anything else for this request. Note that
390 * scsi_handle_rw_error always manages its reference counts, independent
391 * of the return value.
392 */
393 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
394 {
395 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
396 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
397 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
398
399 if (action == BLOCK_ERR_IGNORE) {
400 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
401 return 0;
402 }
403
404 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
405 || action == BLOCK_ERR_STOP_ANY) {
406
407 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
408 vm_stop(RUN_STATE_IO_ERROR);
409 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
410 scsi_req_retry(&r->req);
411 } else {
412 switch (error) {
413 case ENOMEDIUM:
414 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
415 break;
416 case ENOMEM:
417 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
418 break;
419 case EINVAL:
420 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
421 break;
422 default:
423 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
424 break;
425 }
426 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
427 }
428 return 1;
429 }
430
431 static void scsi_write_complete(void * opaque, int ret)
432 {
433 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
435 uint32_t n;
436
437 if (r->req.aiocb != NULL) {
438 r->req.aiocb = NULL;
439 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
440 }
441
442 if (ret < 0) {
443 if (scsi_handle_rw_error(r, -ret)) {
444 goto done;
445 }
446 }
447
448 n = r->qiov.size / 512;
449 r->sector += n;
450 r->sector_count -= n;
451 if (r->sector_count == 0) {
452 scsi_write_do_fua(r);
453 return;
454 } else {
455 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
456 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
457 scsi_req_data(&r->req, r->qiov.size);
458 }
459
460 done:
461 if (!r->req.io_canceled) {
462 scsi_req_unref(&r->req);
463 }
464 }
465
466 static void scsi_write_data(SCSIRequest *req)
467 {
468 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
470 uint32_t n;
471
472 /* No data transfer may already be in progress */
473 assert(r->req.aiocb == NULL);
474
475 /* The request is used as the AIO opaque value, so add a ref. */
476 scsi_req_ref(&r->req);
477 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
478 DPRINTF("Data transfer direction invalid\n");
479 scsi_write_complete(r, -EINVAL);
480 return;
481 }
482
483 if (!r->req.sg && !r->qiov.size) {
484 /* Called for the first time. Ask the driver to send us more data. */
485 r->started = true;
486 scsi_write_complete(r, 0);
487 return;
488 }
489 if (s->tray_open) {
490 scsi_write_complete(r, -ENOMEDIUM);
491 return;
492 }
493
494 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
495 r->req.cmd.buf[0] == VERIFY_16) {
496 if (r->req.sg) {
497 scsi_dma_complete(r, 0);
498 } else {
499 scsi_write_complete(r, 0);
500 }
501 return;
502 }
503
504 if (r->req.sg) {
505 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
506 r->req.resid -= r->req.sg->size;
507 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
508 scsi_dma_complete, r);
509 } else {
510 n = r->qiov.size / 512;
511 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
512 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
513 scsi_write_complete, r);
514 }
515 }
516
517 /* Return a pointer to the data buffer. */
518 static uint8_t *scsi_get_buf(SCSIRequest *req)
519 {
520 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
521
522 return (uint8_t *)r->iov.iov_base;
523 }
524
525 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
526 {
527 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
528 int buflen = 0;
529 int start;
530
531 if (req->cmd.buf[1] & 0x1) {
532 /* Vital product data */
533 uint8_t page_code = req->cmd.buf[2];
534
535 outbuf[buflen++] = s->qdev.type & 0x1f;
536 outbuf[buflen++] = page_code ; // this page
537 outbuf[buflen++] = 0x00;
538 outbuf[buflen++] = 0x00;
539 start = buflen;
540
541 switch (page_code) {
542 case 0x00: /* Supported page codes, mandatory */
543 {
544 DPRINTF("Inquiry EVPD[Supported pages] "
545 "buffer size %zd\n", req->cmd.xfer);
546 outbuf[buflen++] = 0x00; // list of supported pages (this page)
547 if (s->serial) {
548 outbuf[buflen++] = 0x80; // unit serial number
549 }
550 outbuf[buflen++] = 0x83; // device identification
551 if (s->qdev.type == TYPE_DISK) {
552 outbuf[buflen++] = 0xb0; // block limits
553 outbuf[buflen++] = 0xb2; // thin provisioning
554 }
555 break;
556 }
557 case 0x80: /* Device serial number, optional */
558 {
559 int l;
560
561 if (!s->serial) {
562 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
563 return -1;
564 }
565
566 l = strlen(s->serial);
567 if (l > 20) {
568 l = 20;
569 }
570
571 DPRINTF("Inquiry EVPD[Serial number] "
572 "buffer size %zd\n", req->cmd.xfer);
573 memcpy(outbuf+buflen, s->serial, l);
574 buflen += l;
575 break;
576 }
577
578 case 0x83: /* Device identification page, mandatory */
579 {
580 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
581 int max_len = s->serial ? 20 : 255 - 8;
582 int id_len = strlen(str);
583
584 if (id_len > max_len) {
585 id_len = max_len;
586 }
587 DPRINTF("Inquiry EVPD[Device identification] "
588 "buffer size %zd\n", req->cmd.xfer);
589
590 outbuf[buflen++] = 0x2; // ASCII
591 outbuf[buflen++] = 0; // not officially assigned
592 outbuf[buflen++] = 0; // reserved
593 outbuf[buflen++] = id_len; // length of data following
594 memcpy(outbuf+buflen, str, id_len);
595 buflen += id_len;
596
597 if (s->wwn) {
598 outbuf[buflen++] = 0x1; // Binary
599 outbuf[buflen++] = 0x3; // NAA
600 outbuf[buflen++] = 0; // reserved
601 outbuf[buflen++] = 8;
602 stq_be_p(&outbuf[buflen], s->wwn);
603 buflen += 8;
604 }
605 break;
606 }
607 case 0xb0: /* block limits */
608 {
609 unsigned int unmap_sectors =
610 s->qdev.conf.discard_granularity / s->qdev.blocksize;
611 unsigned int min_io_size =
612 s->qdev.conf.min_io_size / s->qdev.blocksize;
613 unsigned int opt_io_size =
614 s->qdev.conf.opt_io_size / s->qdev.blocksize;
615
616 if (s->qdev.type == TYPE_ROM) {
617 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
618 page_code);
619 return -1;
620 }
621 /* required VPD size with unmap support */
622 buflen = 0x40;
623 memset(outbuf + 4, 0, buflen - 4);
624
625 /* optimal transfer length granularity */
626 outbuf[6] = (min_io_size >> 8) & 0xff;
627 outbuf[7] = min_io_size & 0xff;
628
629 /* optimal transfer length */
630 outbuf[12] = (opt_io_size >> 24) & 0xff;
631 outbuf[13] = (opt_io_size >> 16) & 0xff;
632 outbuf[14] = (opt_io_size >> 8) & 0xff;
633 outbuf[15] = opt_io_size & 0xff;
634
635 /* optimal unmap granularity */
636 outbuf[28] = (unmap_sectors >> 24) & 0xff;
637 outbuf[29] = (unmap_sectors >> 16) & 0xff;
638 outbuf[30] = (unmap_sectors >> 8) & 0xff;
639 outbuf[31] = unmap_sectors & 0xff;
640 break;
641 }
642 case 0xb2: /* thin provisioning */
643 {
644 buflen = 8;
645 outbuf[4] = 0;
646 outbuf[5] = 0x60; /* write_same 10/16 supported */
647 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
648 outbuf[7] = 0;
649 break;
650 }
651 default:
652 return -1;
653 }
654 /* done with EVPD */
655 assert(buflen - start <= 255);
656 outbuf[start - 1] = buflen - start;
657 return buflen;
658 }
659
660 /* Standard INQUIRY data */
661 if (req->cmd.buf[2] != 0) {
662 return -1;
663 }
664
665 /* PAGE CODE == 0 */
666 buflen = req->cmd.xfer;
667 if (buflen > SCSI_MAX_INQUIRY_LEN) {
668 buflen = SCSI_MAX_INQUIRY_LEN;
669 }
670 memset(outbuf, 0, buflen);
671
672 outbuf[0] = s->qdev.type & 0x1f;
673 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
674
675 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
676 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
677
678 memset(&outbuf[32], 0, 4);
679 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
680 /*
681 * We claim conformance to SPC-3, which is required for guests
682 * to ask for modern features like READ CAPACITY(16) or the
683 * block characteristics VPD page by default. Not all of SPC-3
684 * is actually implemented, but we're good enough.
685 */
686 outbuf[2] = 5;
687 outbuf[3] = 2; /* Format 2 */
688
689 if (buflen > 36) {
690 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
691 } else {
692 /* If the allocation length of CDB is too small,
693 the additional length is not adjusted */
694 outbuf[4] = 36 - 5;
695 }
696
697 /* Sync data transfer and TCQ. */
698 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
699 return buflen;
700 }
701
702 static inline bool media_is_dvd(SCSIDiskState *s)
703 {
704 uint64_t nb_sectors;
705 if (s->qdev.type != TYPE_ROM) {
706 return false;
707 }
708 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
709 return false;
710 }
711 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
712 return nb_sectors > CD_MAX_SECTORS;
713 }
714
715 static inline bool media_is_cd(SCSIDiskState *s)
716 {
717 uint64_t nb_sectors;
718 if (s->qdev.type != TYPE_ROM) {
719 return false;
720 }
721 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
722 return false;
723 }
724 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
725 return nb_sectors <= CD_MAX_SECTORS;
726 }
727
728 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
729 uint8_t *outbuf)
730 {
731 uint8_t type = r->req.cmd.buf[1] & 7;
732
733 if (s->qdev.type != TYPE_ROM) {
734 return -1;
735 }
736
737 /* Types 1/2 are only defined for Blu-Ray. */
738 if (type != 0) {
739 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
740 return -1;
741 }
742
743 memset(outbuf, 0, 34);
744 outbuf[1] = 32;
745 outbuf[2] = 0xe; /* last session complete, disc finalized */
746 outbuf[3] = 1; /* first track on disc */
747 outbuf[4] = 1; /* # of sessions */
748 outbuf[5] = 1; /* first track of last session */
749 outbuf[6] = 1; /* last track of last session */
750 outbuf[7] = 0x20; /* unrestricted use */
751 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
752 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
753 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
754 /* 24-31: disc bar code */
755 /* 32: disc application code */
756 /* 33: number of OPC tables */
757
758 return 34;
759 }
760
761 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
762 uint8_t *outbuf)
763 {
764 static const int rds_caps_size[5] = {
765 [0] = 2048 + 4,
766 [1] = 4 + 4,
767 [3] = 188 + 4,
768 [4] = 2048 + 4,
769 };
770
771 uint8_t media = r->req.cmd.buf[1];
772 uint8_t layer = r->req.cmd.buf[6];
773 uint8_t format = r->req.cmd.buf[7];
774 int size = -1;
775
776 if (s->qdev.type != TYPE_ROM) {
777 return -1;
778 }
779 if (media != 0) {
780 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
781 return -1;
782 }
783
784 if (format != 0xff) {
785 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
786 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
787 return -1;
788 }
789 if (media_is_cd(s)) {
790 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
791 return -1;
792 }
793 if (format >= ARRAY_SIZE(rds_caps_size)) {
794 return -1;
795 }
796 size = rds_caps_size[format];
797 memset(outbuf, 0, size);
798 }
799
800 switch (format) {
801 case 0x00: {
802 /* Physical format information */
803 uint64_t nb_sectors;
804 if (layer != 0) {
805 goto fail;
806 }
807 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
808
809 outbuf[4] = 1; /* DVD-ROM, part version 1 */
810 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
811 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
812 outbuf[7] = 0; /* default densities */
813
814 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
815 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
816 break;
817 }
818
819 case 0x01: /* DVD copyright information, all zeros */
820 break;
821
822 case 0x03: /* BCA information - invalid field for no BCA info */
823 return -1;
824
825 case 0x04: /* DVD disc manufacturing information, all zeros */
826 break;
827
828 case 0xff: { /* List capabilities */
829 int i;
830 size = 4;
831 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
832 if (!rds_caps_size[i]) {
833 continue;
834 }
835 outbuf[size] = i;
836 outbuf[size + 1] = 0x40; /* Not writable, readable */
837 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
838 size += 4;
839 }
840 break;
841 }
842
843 default:
844 return -1;
845 }
846
847 /* Size of buffer, not including 2 byte size field */
848 stw_be_p(outbuf, size - 2);
849 return size;
850
851 fail:
852 return -1;
853 }
854
855 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
856 {
857 uint8_t event_code, media_status;
858
859 media_status = 0;
860 if (s->tray_open) {
861 media_status = MS_TRAY_OPEN;
862 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
863 media_status = MS_MEDIA_PRESENT;
864 }
865
866 /* Event notification descriptor */
867 event_code = MEC_NO_CHANGE;
868 if (media_status != MS_TRAY_OPEN) {
869 if (s->media_event) {
870 event_code = MEC_NEW_MEDIA;
871 s->media_event = false;
872 } else if (s->eject_request) {
873 event_code = MEC_EJECT_REQUESTED;
874 s->eject_request = false;
875 }
876 }
877
878 outbuf[0] = event_code;
879 outbuf[1] = media_status;
880
881 /* These fields are reserved, just clear them. */
882 outbuf[2] = 0;
883 outbuf[3] = 0;
884 return 4;
885 }
886
887 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
888 uint8_t *outbuf)
889 {
890 int size;
891 uint8_t *buf = r->req.cmd.buf;
892 uint8_t notification_class_request = buf[4];
893 if (s->qdev.type != TYPE_ROM) {
894 return -1;
895 }
896 if ((buf[1] & 1) == 0) {
897 /* asynchronous */
898 return -1;
899 }
900
901 size = 4;
902 outbuf[0] = outbuf[1] = 0;
903 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
904 if (notification_class_request & (1 << GESN_MEDIA)) {
905 outbuf[2] = GESN_MEDIA;
906 size += scsi_event_status_media(s, &outbuf[size]);
907 } else {
908 outbuf[2] = 0x80;
909 }
910 stw_be_p(outbuf, size - 4);
911 return size;
912 }
913
914 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
915 {
916 int current;
917
918 if (s->qdev.type != TYPE_ROM) {
919 return -1;
920 }
921 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
922 memset(outbuf, 0, 40);
923 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
924 stw_be_p(&outbuf[6], current);
925 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
926 outbuf[10] = 0x03; /* persistent, current */
927 outbuf[11] = 8; /* two profiles */
928 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
929 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
930 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
931 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
932 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
933 stw_be_p(&outbuf[20], 1);
934 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
935 outbuf[23] = 8;
936 stl_be_p(&outbuf[24], 1); /* SCSI */
937 outbuf[28] = 1; /* DBE = 1, mandatory */
938 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
939 stw_be_p(&outbuf[32], 3);
940 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
941 outbuf[35] = 4;
942 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
943 /* TODO: Random readable, CD read, DVD read, drive serial number,
944 power management */
945 return 40;
946 }
947
948 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
949 {
950 if (s->qdev.type != TYPE_ROM) {
951 return -1;
952 }
953 memset(outbuf, 0, 8);
954 outbuf[5] = 1; /* CD-ROM */
955 return 8;
956 }
957
958 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
959 int page_control)
960 {
961 static const int mode_sense_valid[0x3f] = {
962 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
963 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
964 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
965 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
966 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
967 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
968 };
969 uint8_t *p = *p_outbuf;
970
971 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
972 return -1;
973 }
974
975 p[0] = page;
976
977 /*
978 * If Changeable Values are requested, a mask denoting those mode parameters
979 * that are changeable shall be returned. As we currently don't support
980 * parameter changes via MODE_SELECT all bits are returned set to zero.
981 * The buffer was already menset to zero by the caller of this function.
982 */
983 switch (page) {
984 case MODE_PAGE_HD_GEOMETRY:
985 p[1] = 0x16;
986 if (page_control == 1) { /* Changeable Values */
987 break;
988 }
989 /* if a geometry hint is available, use it */
990 p[2] = (s->qdev.conf.cyls >> 16) & 0xff;
991 p[3] = (s->qdev.conf.cyls >> 8) & 0xff;
992 p[4] = s->qdev.conf.cyls & 0xff;
993 p[5] = s->qdev.conf.heads & 0xff;
994 /* Write precomp start cylinder, disabled */
995 p[6] = (s->qdev.conf.cyls >> 16) & 0xff;
996 p[7] = (s->qdev.conf.cyls >> 8) & 0xff;
997 p[8] = s->qdev.conf.cyls & 0xff;
998 /* Reduced current start cylinder, disabled */
999 p[9] = (s->qdev.conf.cyls >> 16) & 0xff;
1000 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1001 p[11] = s->qdev.conf.cyls & 0xff;
1002 /* Device step rate [ns], 200ns */
1003 p[12] = 0;
1004 p[13] = 200;
1005 /* Landing zone cylinder */
1006 p[14] = 0xff;
1007 p[15] = 0xff;
1008 p[16] = 0xff;
1009 /* Medium rotation rate [rpm], 5400 rpm */
1010 p[20] = (5400 >> 8) & 0xff;
1011 p[21] = 5400 & 0xff;
1012 break;
1013
1014 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1015 p[1] = 0x1e;
1016 if (page_control == 1) { /* Changeable Values */
1017 break;
1018 }
1019 /* Transfer rate [kbit/s], 5Mbit/s */
1020 p[2] = 5000 >> 8;
1021 p[3] = 5000 & 0xff;
1022 /* if a geometry hint is available, use it */
1023 p[4] = s->qdev.conf.heads & 0xff;
1024 p[5] = s->qdev.conf.secs & 0xff;
1025 p[6] = s->qdev.blocksize >> 8;
1026 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1027 p[9] = s->qdev.conf.cyls & 0xff;
1028 /* Write precomp start cylinder, disabled */
1029 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1030 p[11] = s->qdev.conf.cyls & 0xff;
1031 /* Reduced current start cylinder, disabled */
1032 p[12] = (s->qdev.conf.cyls >> 8) & 0xff;
1033 p[13] = s->qdev.conf.cyls & 0xff;
1034 /* Device step rate [100us], 100us */
1035 p[14] = 0;
1036 p[15] = 1;
1037 /* Device step pulse width [us], 1us */
1038 p[16] = 1;
1039 /* Device head settle delay [100us], 100us */
1040 p[17] = 0;
1041 p[18] = 1;
1042 /* Motor on delay [0.1s], 0.1s */
1043 p[19] = 1;
1044 /* Motor off delay [0.1s], 0.1s */
1045 p[20] = 1;
1046 /* Medium rotation rate [rpm], 5400 rpm */
1047 p[28] = (5400 >> 8) & 0xff;
1048 p[29] = 5400 & 0xff;
1049 break;
1050
1051 case MODE_PAGE_CACHING:
1052 p[0] = 8;
1053 p[1] = 0x12;
1054 if (page_control == 1) { /* Changeable Values */
1055 break;
1056 }
1057 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1058 p[2] = 4; /* WCE */
1059 }
1060 break;
1061
1062 case MODE_PAGE_R_W_ERROR:
1063 p[1] = 10;
1064 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1065 if (s->qdev.type == TYPE_ROM) {
1066 p[3] = 0x20; /* Read Retry Count */
1067 }
1068 break;
1069
1070 case MODE_PAGE_AUDIO_CTL:
1071 p[1] = 14;
1072 break;
1073
1074 case MODE_PAGE_CAPABILITIES:
1075 p[1] = 0x14;
1076 if (page_control == 1) { /* Changeable Values */
1077 break;
1078 }
1079
1080 p[2] = 0x3b; /* CD-R & CD-RW read */
1081 p[3] = 0; /* Writing not supported */
1082 p[4] = 0x7f; /* Audio, composite, digital out,
1083 mode 2 form 1&2, multi session */
1084 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1085 RW corrected, C2 errors, ISRC,
1086 UPC, Bar code */
1087 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1088 /* Locking supported, jumper present, eject, tray */
1089 p[7] = 0; /* no volume & mute control, no
1090 changer */
1091 p[8] = (50 * 176) >> 8; /* 50x read speed */
1092 p[9] = (50 * 176) & 0xff;
1093 p[10] = 2 >> 8; /* Two volume levels */
1094 p[11] = 2 & 0xff;
1095 p[12] = 2048 >> 8; /* 2M buffer */
1096 p[13] = 2048 & 0xff;
1097 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1098 p[15] = (16 * 176) & 0xff;
1099 p[18] = (16 * 176) >> 8; /* 16x write speed */
1100 p[19] = (16 * 176) & 0xff;
1101 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1102 p[21] = (16 * 176) & 0xff;
1103 break;
1104
1105 default:
1106 return -1;
1107 }
1108
1109 *p_outbuf += p[1] + 2;
1110 return p[1] + 2;
1111 }
1112
1113 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1114 {
1115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1116 uint64_t nb_sectors;
1117 bool dbd;
1118 int page, buflen, ret, page_control;
1119 uint8_t *p;
1120 uint8_t dev_specific_param;
1121
1122 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1123 page = r->req.cmd.buf[2] & 0x3f;
1124 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1125 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1126 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1127 memset(outbuf, 0, r->req.cmd.xfer);
1128 p = outbuf;
1129
1130 if (s->qdev.type == TYPE_DISK) {
1131 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1132 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1133 dev_specific_param |= 0x80; /* Readonly. */
1134 }
1135 } else {
1136 /* MMC prescribes that CD/DVD drives have no block descriptors,
1137 * and defines no device-specific parameter. */
1138 dev_specific_param = 0x00;
1139 dbd = true;
1140 }
1141
1142 if (r->req.cmd.buf[0] == MODE_SENSE) {
1143 p[1] = 0; /* Default media type. */
1144 p[2] = dev_specific_param;
1145 p[3] = 0; /* Block descriptor length. */
1146 p += 4;
1147 } else { /* MODE_SENSE_10 */
1148 p[2] = 0; /* Default media type. */
1149 p[3] = dev_specific_param;
1150 p[6] = p[7] = 0; /* Block descriptor length. */
1151 p += 8;
1152 }
1153
1154 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1155 if (!dbd && nb_sectors) {
1156 if (r->req.cmd.buf[0] == MODE_SENSE) {
1157 outbuf[3] = 8; /* Block descriptor length */
1158 } else { /* MODE_SENSE_10 */
1159 outbuf[7] = 8; /* Block descriptor length */
1160 }
1161 nb_sectors /= (s->qdev.blocksize / 512);
1162 if (nb_sectors > 0xffffff) {
1163 nb_sectors = 0;
1164 }
1165 p[0] = 0; /* media density code */
1166 p[1] = (nb_sectors >> 16) & 0xff;
1167 p[2] = (nb_sectors >> 8) & 0xff;
1168 p[3] = nb_sectors & 0xff;
1169 p[4] = 0; /* reserved */
1170 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1171 p[6] = s->qdev.blocksize >> 8;
1172 p[7] = 0;
1173 p += 8;
1174 }
1175
1176 if (page_control == 3) {
1177 /* Saved Values */
1178 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1179 return -1;
1180 }
1181
1182 if (page == 0x3f) {
1183 for (page = 0; page <= 0x3e; page++) {
1184 mode_sense_page(s, page, &p, page_control);
1185 }
1186 } else {
1187 ret = mode_sense_page(s, page, &p, page_control);
1188 if (ret == -1) {
1189 return -1;
1190 }
1191 }
1192
1193 buflen = p - outbuf;
1194 /*
1195 * The mode data length field specifies the length in bytes of the
1196 * following data that is available to be transferred. The mode data
1197 * length does not include itself.
1198 */
1199 if (r->req.cmd.buf[0] == MODE_SENSE) {
1200 outbuf[0] = buflen - 1;
1201 } else { /* MODE_SENSE_10 */
1202 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1203 outbuf[1] = (buflen - 2) & 0xff;
1204 }
1205 return buflen;
1206 }
1207
1208 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1209 {
1210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1211 int start_track, format, msf, toclen;
1212 uint64_t nb_sectors;
1213
1214 msf = req->cmd.buf[1] & 2;
1215 format = req->cmd.buf[2] & 0xf;
1216 start_track = req->cmd.buf[6];
1217 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1218 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1219 nb_sectors /= s->qdev.blocksize / 512;
1220 switch (format) {
1221 case 0:
1222 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1223 break;
1224 case 1:
1225 /* multi session : only a single session defined */
1226 toclen = 12;
1227 memset(outbuf, 0, 12);
1228 outbuf[1] = 0x0a;
1229 outbuf[2] = 0x01;
1230 outbuf[3] = 0x01;
1231 break;
1232 case 2:
1233 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1234 break;
1235 default:
1236 return -1;
1237 }
1238 return toclen;
1239 }
1240
1241 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1242 {
1243 SCSIRequest *req = &r->req;
1244 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1245 bool start = req->cmd.buf[4] & 1;
1246 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1247
1248 if (s->qdev.type == TYPE_ROM && loej) {
1249 if (!start && !s->tray_open && s->tray_locked) {
1250 scsi_check_condition(r,
1251 bdrv_is_inserted(s->qdev.conf.bs)
1252 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1253 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1254 return -1;
1255 }
1256
1257 if (s->tray_open != !start) {
1258 bdrv_eject(s->qdev.conf.bs, !start);
1259 s->tray_open = !start;
1260 }
1261 }
1262 return 0;
1263 }
1264
1265 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1266 {
1267 SCSIRequest *req = &r->req;
1268 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1269 uint64_t nb_sectors;
1270 uint8_t *outbuf;
1271 int buflen = 0;
1272
1273 if (!r->iov.iov_base) {
1274 /*
1275 * FIXME: we shouldn't return anything bigger than 4k, but the code
1276 * requires the buffer to be as big as req->cmd.xfer in several
1277 * places. So, do not allow CDBs with a very large ALLOCATION
1278 * LENGTH. The real fix would be to modify scsi_read_data and
1279 * dma_buf_read, so that they return data beyond the buflen
1280 * as all zeros.
1281 */
1282 if (req->cmd.xfer > 65536) {
1283 goto illegal_request;
1284 }
1285 r->buflen = MAX(4096, req->cmd.xfer);
1286 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1287 }
1288
1289 outbuf = r->iov.iov_base;
1290 switch (req->cmd.buf[0]) {
1291 case TEST_UNIT_READY:
1292 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1293 break;
1294 case INQUIRY:
1295 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1296 if (buflen < 0) {
1297 goto illegal_request;
1298 }
1299 break;
1300 case MODE_SENSE:
1301 case MODE_SENSE_10:
1302 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1303 if (buflen < 0) {
1304 goto illegal_request;
1305 }
1306 break;
1307 case READ_TOC:
1308 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1309 if (buflen < 0) {
1310 goto illegal_request;
1311 }
1312 break;
1313 case RESERVE:
1314 if (req->cmd.buf[1] & 1) {
1315 goto illegal_request;
1316 }
1317 break;
1318 case RESERVE_10:
1319 if (req->cmd.buf[1] & 3) {
1320 goto illegal_request;
1321 }
1322 break;
1323 case RELEASE:
1324 if (req->cmd.buf[1] & 1) {
1325 goto illegal_request;
1326 }
1327 break;
1328 case RELEASE_10:
1329 if (req->cmd.buf[1] & 3) {
1330 goto illegal_request;
1331 }
1332 break;
1333 case START_STOP:
1334 if (scsi_disk_emulate_start_stop(r) < 0) {
1335 return -1;
1336 }
1337 break;
1338 case ALLOW_MEDIUM_REMOVAL:
1339 s->tray_locked = req->cmd.buf[4] & 1;
1340 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1341 break;
1342 case READ_CAPACITY_10:
1343 /* The normal LEN field for this command is zero. */
1344 memset(outbuf, 0, 8);
1345 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1346 if (!nb_sectors) {
1347 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1348 return -1;
1349 }
1350 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1351 goto illegal_request;
1352 }
1353 nb_sectors /= s->qdev.blocksize / 512;
1354 /* Returned value is the address of the last sector. */
1355 nb_sectors--;
1356 /* Remember the new size for read/write sanity checking. */
1357 s->qdev.max_lba = nb_sectors;
1358 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1359 if (nb_sectors > UINT32_MAX) {
1360 nb_sectors = UINT32_MAX;
1361 }
1362 outbuf[0] = (nb_sectors >> 24) & 0xff;
1363 outbuf[1] = (nb_sectors >> 16) & 0xff;
1364 outbuf[2] = (nb_sectors >> 8) & 0xff;
1365 outbuf[3] = nb_sectors & 0xff;
1366 outbuf[4] = 0;
1367 outbuf[5] = 0;
1368 outbuf[6] = s->qdev.blocksize >> 8;
1369 outbuf[7] = 0;
1370 buflen = 8;
1371 break;
1372 case REQUEST_SENSE:
1373 /* Just return "NO SENSE". */
1374 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1375 (req->cmd.buf[1] & 1) == 0);
1376 break;
1377 case MECHANISM_STATUS:
1378 buflen = scsi_emulate_mechanism_status(s, outbuf);
1379 if (buflen < 0) {
1380 goto illegal_request;
1381 }
1382 break;
1383 case GET_CONFIGURATION:
1384 buflen = scsi_get_configuration(s, outbuf);
1385 if (buflen < 0) {
1386 goto illegal_request;
1387 }
1388 break;
1389 case GET_EVENT_STATUS_NOTIFICATION:
1390 buflen = scsi_get_event_status_notification(s, r, outbuf);
1391 if (buflen < 0) {
1392 goto illegal_request;
1393 }
1394 break;
1395 case READ_DISC_INFORMATION:
1396 buflen = scsi_read_disc_information(s, r, outbuf);
1397 if (buflen < 0) {
1398 goto illegal_request;
1399 }
1400 break;
1401 case READ_DVD_STRUCTURE:
1402 buflen = scsi_read_dvd_structure(s, r, outbuf);
1403 if (buflen < 0) {
1404 goto illegal_request;
1405 }
1406 break;
1407 case SERVICE_ACTION_IN_16:
1408 /* Service Action In subcommands. */
1409 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1410 DPRINTF("SAI READ CAPACITY(16)\n");
1411 memset(outbuf, 0, req->cmd.xfer);
1412 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1413 if (!nb_sectors) {
1414 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1415 return -1;
1416 }
1417 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1418 goto illegal_request;
1419 }
1420 nb_sectors /= s->qdev.blocksize / 512;
1421 /* Returned value is the address of the last sector. */
1422 nb_sectors--;
1423 /* Remember the new size for read/write sanity checking. */
1424 s->qdev.max_lba = nb_sectors;
1425 outbuf[0] = (nb_sectors >> 56) & 0xff;
1426 outbuf[1] = (nb_sectors >> 48) & 0xff;
1427 outbuf[2] = (nb_sectors >> 40) & 0xff;
1428 outbuf[3] = (nb_sectors >> 32) & 0xff;
1429 outbuf[4] = (nb_sectors >> 24) & 0xff;
1430 outbuf[5] = (nb_sectors >> 16) & 0xff;
1431 outbuf[6] = (nb_sectors >> 8) & 0xff;
1432 outbuf[7] = nb_sectors & 0xff;
1433 outbuf[8] = 0;
1434 outbuf[9] = 0;
1435 outbuf[10] = s->qdev.blocksize >> 8;
1436 outbuf[11] = 0;
1437 outbuf[12] = 0;
1438 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1439
1440 /* set TPE bit if the format supports discard */
1441 if (s->qdev.conf.discard_granularity) {
1442 outbuf[14] = 0x80;
1443 }
1444
1445 /* Protection, exponent and lowest lba field left blank. */
1446 buflen = req->cmd.xfer;
1447 break;
1448 }
1449 DPRINTF("Unsupported Service Action In\n");
1450 goto illegal_request;
1451 default:
1452 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1453 return -1;
1454 }
1455 buflen = MIN(buflen, req->cmd.xfer);
1456 return buflen;
1457
1458 illegal_request:
1459 if (r->req.status == -1) {
1460 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1461 }
1462 return -1;
1463 }
1464
1465 /* Execute a scsi command. Returns the length of the data expected by the
1466 command. This will be Positive for data transfers from the device
1467 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1468 and zero if the command does not transfer any data. */
1469
1470 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1471 {
1472 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1473 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1474 int32_t len;
1475 uint8_t command;
1476 int rc;
1477
1478 command = buf[0];
1479 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1480
1481 #ifdef DEBUG_SCSI
1482 {
1483 int i;
1484 for (i = 1; i < r->req.cmd.len; i++) {
1485 printf(" 0x%02x", buf[i]);
1486 }
1487 printf("\n");
1488 }
1489 #endif
1490
1491 switch (command) {
1492 case INQUIRY:
1493 case MODE_SENSE:
1494 case MODE_SENSE_10:
1495 case RESERVE:
1496 case RESERVE_10:
1497 case RELEASE:
1498 case RELEASE_10:
1499 case START_STOP:
1500 case ALLOW_MEDIUM_REMOVAL:
1501 case GET_CONFIGURATION:
1502 case GET_EVENT_STATUS_NOTIFICATION:
1503 case MECHANISM_STATUS:
1504 case REQUEST_SENSE:
1505 break;
1506
1507 default:
1508 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1509 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1510 return 0;
1511 }
1512 break;
1513 }
1514
1515 switch (command) {
1516 case TEST_UNIT_READY:
1517 case INQUIRY:
1518 case MODE_SENSE:
1519 case MODE_SENSE_10:
1520 case RESERVE:
1521 case RESERVE_10:
1522 case RELEASE:
1523 case RELEASE_10:
1524 case START_STOP:
1525 case ALLOW_MEDIUM_REMOVAL:
1526 case READ_CAPACITY_10:
1527 case READ_TOC:
1528 case READ_DISC_INFORMATION:
1529 case READ_DVD_STRUCTURE:
1530 case GET_CONFIGURATION:
1531 case GET_EVENT_STATUS_NOTIFICATION:
1532 case MECHANISM_STATUS:
1533 case SERVICE_ACTION_IN_16:
1534 case REQUEST_SENSE:
1535 rc = scsi_disk_emulate_command(r);
1536 if (rc < 0) {
1537 return 0;
1538 }
1539
1540 r->iov.iov_len = rc;
1541 break;
1542 case SYNCHRONIZE_CACHE:
1543 /* The request is used as the AIO opaque value, so add a ref. */
1544 scsi_req_ref(&r->req);
1545 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1546 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1547 return 0;
1548 case READ_6:
1549 case READ_10:
1550 case READ_12:
1551 case READ_16:
1552 len = r->req.cmd.xfer / s->qdev.blocksize;
1553 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1554 if (r->req.cmd.lba > s->qdev.max_lba) {
1555 goto illegal_lba;
1556 }
1557 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1558 r->sector_count = len * (s->qdev.blocksize / 512);
1559 break;
1560 case VERIFY_10:
1561 case VERIFY_12:
1562 case VERIFY_16:
1563 case WRITE_6:
1564 case WRITE_10:
1565 case WRITE_12:
1566 case WRITE_16:
1567 case WRITE_VERIFY_10:
1568 case WRITE_VERIFY_12:
1569 case WRITE_VERIFY_16:
1570 len = r->req.cmd.xfer / s->qdev.blocksize;
1571 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1572 (command & 0xe) == 0xe ? "And Verify " : "",
1573 r->req.cmd.lba, len);
1574 if (r->req.cmd.lba > s->qdev.max_lba) {
1575 goto illegal_lba;
1576 }
1577 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1578 r->sector_count = len * (s->qdev.blocksize / 512);
1579 break;
1580 case MODE_SELECT:
1581 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1582 /* We don't support mode parameter changes.
1583 Allow the mode parameter header + block descriptors only. */
1584 if (r->req.cmd.xfer > 12) {
1585 goto fail;
1586 }
1587 break;
1588 case MODE_SELECT_10:
1589 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1590 /* We don't support mode parameter changes.
1591 Allow the mode parameter header + block descriptors only. */
1592 if (r->req.cmd.xfer > 16) {
1593 goto fail;
1594 }
1595 break;
1596 case SEEK_10:
1597 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1598 if (r->req.cmd.lba > s->qdev.max_lba) {
1599 goto illegal_lba;
1600 }
1601 break;
1602 case WRITE_SAME_10:
1603 len = lduw_be_p(&buf[7]);
1604 goto write_same;
1605 case WRITE_SAME_16:
1606 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1607 write_same:
1608
1609 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1610 r->req.cmd.lba, len);
1611
1612 if (r->req.cmd.lba > s->qdev.max_lba) {
1613 goto illegal_lba;
1614 }
1615
1616 /*
1617 * We only support WRITE SAME with the unmap bit set for now.
1618 */
1619 if (!(buf[1] & 0x8)) {
1620 goto fail;
1621 }
1622
1623 /* The request is used as the AIO opaque value, so add a ref. */
1624 scsi_req_ref(&r->req);
1625 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1626 r->req.cmd.lba * (s->qdev.blocksize / 512),
1627 len * (s->qdev.blocksize / 512),
1628 scsi_aio_complete, r);
1629 return 0;
1630 default:
1631 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1632 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1633 return 0;
1634 fail:
1635 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1636 return 0;
1637 illegal_lba:
1638 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1639 return 0;
1640 }
1641 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1642 scsi_req_complete(&r->req, GOOD);
1643 }
1644 len = r->sector_count * 512 + r->iov.iov_len;
1645 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1646 return -len;
1647 } else {
1648 if (!r->sector_count) {
1649 r->sector_count = -1;
1650 }
1651 return len;
1652 }
1653 }
1654
1655 static void scsi_disk_reset(DeviceState *dev)
1656 {
1657 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1658 uint64_t nb_sectors;
1659
1660 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1661
1662 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1663 nb_sectors /= s->qdev.blocksize / 512;
1664 if (nb_sectors) {
1665 nb_sectors--;
1666 }
1667 s->qdev.max_lba = nb_sectors;
1668 }
1669
1670 static void scsi_destroy(SCSIDevice *dev)
1671 {
1672 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1673
1674 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1675 blockdev_mark_auto_del(s->qdev.conf.bs);
1676 }
1677
1678 static void scsi_cd_change_media_cb(void *opaque, bool load)
1679 {
1680 SCSIDiskState *s = opaque;
1681
1682 /*
1683 * When a CD gets changed, we have to report an ejected state and
1684 * then a loaded state to guests so that they detect tray
1685 * open/close and media change events. Guests that do not use
1686 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1687 * states rely on this behavior.
1688 *
1689 * media_changed governs the state machine used for unit attention
1690 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1691 */
1692 s->media_changed = load;
1693 s->tray_open = !load;
1694 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1695 s->media_event = true;
1696 s->eject_request = false;
1697 }
1698
1699 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1700 {
1701 SCSIDiskState *s = opaque;
1702
1703 s->eject_request = true;
1704 if (force) {
1705 s->tray_locked = false;
1706 }
1707 }
1708
1709 static bool scsi_cd_is_tray_open(void *opaque)
1710 {
1711 return ((SCSIDiskState *)opaque)->tray_open;
1712 }
1713
1714 static bool scsi_cd_is_medium_locked(void *opaque)
1715 {
1716 return ((SCSIDiskState *)opaque)->tray_locked;
1717 }
1718
1719 static const BlockDevOps scsi_cd_block_ops = {
1720 .change_media_cb = scsi_cd_change_media_cb,
1721 .eject_request_cb = scsi_cd_eject_request_cb,
1722 .is_tray_open = scsi_cd_is_tray_open,
1723 .is_medium_locked = scsi_cd_is_medium_locked,
1724 };
1725
1726 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1727 {
1728 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1729 if (s->media_changed) {
1730 s->media_changed = false;
1731 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1732 }
1733 }
1734
1735 static int scsi_initfn(SCSIDevice *dev)
1736 {
1737 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1738
1739 if (!s->qdev.conf.bs) {
1740 error_report("drive property not set");
1741 return -1;
1742 }
1743
1744 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1745 !bdrv_is_inserted(s->qdev.conf.bs)) {
1746 error_report("Device needs media, but drive is empty");
1747 return -1;
1748 }
1749
1750 blkconf_serial(&s->qdev.conf, &s->serial);
1751 if (blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
1752 return -1;
1753 }
1754
1755 if (!s->version) {
1756 s->version = g_strdup(qemu_get_version());
1757 }
1758 if (!s->vendor) {
1759 s->vendor = g_strdup("QEMU");
1760 }
1761
1762 if (bdrv_is_sg(s->qdev.conf.bs)) {
1763 error_report("unwanted /dev/sg*");
1764 return -1;
1765 }
1766
1767 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1768 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1769 }
1770 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1771
1772 bdrv_iostatus_enable(s->qdev.conf.bs);
1773 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1774 return 0;
1775 }
1776
1777 static int scsi_hd_initfn(SCSIDevice *dev)
1778 {
1779 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1780 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1781 s->qdev.type = TYPE_DISK;
1782 if (!s->product) {
1783 s->product = g_strdup("QEMU HARDDISK");
1784 }
1785 return scsi_initfn(&s->qdev);
1786 }
1787
1788 static int scsi_cd_initfn(SCSIDevice *dev)
1789 {
1790 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1791 s->qdev.blocksize = 2048;
1792 s->qdev.type = TYPE_ROM;
1793 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1794 if (!s->product) {
1795 s->product = g_strdup("QEMU CD-ROM");
1796 }
1797 return scsi_initfn(&s->qdev);
1798 }
1799
1800 static int scsi_disk_initfn(SCSIDevice *dev)
1801 {
1802 DriveInfo *dinfo;
1803
1804 if (!dev->conf.bs) {
1805 return scsi_initfn(dev); /* ... and die there */
1806 }
1807
1808 dinfo = drive_get_by_blockdev(dev->conf.bs);
1809 if (dinfo->media_cd) {
1810 return scsi_cd_initfn(dev);
1811 } else {
1812 return scsi_hd_initfn(dev);
1813 }
1814 }
1815
1816 static const SCSIReqOps scsi_disk_reqops = {
1817 .size = sizeof(SCSIDiskReq),
1818 .free_req = scsi_free_request,
1819 .send_command = scsi_send_command,
1820 .read_data = scsi_read_data,
1821 .write_data = scsi_write_data,
1822 .cancel_io = scsi_cancel_io,
1823 .get_buf = scsi_get_buf,
1824 .load_request = scsi_disk_load_request,
1825 .save_request = scsi_disk_save_request,
1826 };
1827
1828 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1829 uint8_t *buf, void *hba_private)
1830 {
1831 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1832 SCSIRequest *req;
1833
1834 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1835 return req;
1836 }
1837
1838 #ifdef __linux__
1839 static int get_device_type(SCSIDiskState *s)
1840 {
1841 BlockDriverState *bdrv = s->qdev.conf.bs;
1842 uint8_t cmd[16];
1843 uint8_t buf[36];
1844 uint8_t sensebuf[8];
1845 sg_io_hdr_t io_header;
1846 int ret;
1847
1848 memset(cmd, 0, sizeof(cmd));
1849 memset(buf, 0, sizeof(buf));
1850 cmd[0] = INQUIRY;
1851 cmd[4] = sizeof(buf);
1852
1853 memset(&io_header, 0, sizeof(io_header));
1854 io_header.interface_id = 'S';
1855 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1856 io_header.dxfer_len = sizeof(buf);
1857 io_header.dxferp = buf;
1858 io_header.cmdp = cmd;
1859 io_header.cmd_len = sizeof(cmd);
1860 io_header.mx_sb_len = sizeof(sensebuf);
1861 io_header.sbp = sensebuf;
1862 io_header.timeout = 6000; /* XXX */
1863
1864 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1865 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1866 return -1;
1867 }
1868 s->qdev.type = buf[0];
1869 if (buf[1] & 0x80) {
1870 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1871 }
1872 return 0;
1873 }
1874
1875 static int scsi_block_initfn(SCSIDevice *dev)
1876 {
1877 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1878 int sg_version;
1879 int rc;
1880
1881 if (!s->qdev.conf.bs) {
1882 error_report("scsi-block: drive property not set");
1883 return -1;
1884 }
1885
1886 /* check we are using a driver managing SG_IO (version 3 and after) */
1887 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1888 sg_version < 30000) {
1889 error_report("scsi-block: scsi generic interface too old");
1890 return -1;
1891 }
1892
1893 /* get device type from INQUIRY data */
1894 rc = get_device_type(s);
1895 if (rc < 0) {
1896 error_report("scsi-block: INQUIRY failed");
1897 return -1;
1898 }
1899
1900 /* Make a guess for the block size, we'll fix it when the guest sends.
1901 * READ CAPACITY. If they don't, they likely would assume these sizes
1902 * anyway. (TODO: check in /sys).
1903 */
1904 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1905 s->qdev.blocksize = 2048;
1906 } else {
1907 s->qdev.blocksize = 512;
1908 }
1909 return scsi_initfn(&s->qdev);
1910 }
1911
1912 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1913 uint32_t lun, uint8_t *buf,
1914 void *hba_private)
1915 {
1916 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1917
1918 switch (buf[0]) {
1919 case READ_6:
1920 case READ_10:
1921 case READ_12:
1922 case READ_16:
1923 case VERIFY_10:
1924 case VERIFY_12:
1925 case VERIFY_16:
1926 case WRITE_6:
1927 case WRITE_10:
1928 case WRITE_12:
1929 case WRITE_16:
1930 case WRITE_VERIFY_10:
1931 case WRITE_VERIFY_12:
1932 case WRITE_VERIFY_16:
1933 /* If we are not using O_DIRECT, we might read stale data from the
1934 * host cache if writes were made using other commands than these
1935 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1936 * O_DIRECT everything must go through SG_IO.
1937 */
1938 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
1939 break;
1940 }
1941
1942 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1943 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1944 * And once you do these writes, reading from the block device is
1945 * unreliable, too. It is even possible that reads deliver random data
1946 * from the host page cache (this is probably a Linux bug).
1947 *
1948 * We might use scsi_disk_reqops as long as no writing commands are
1949 * seen, but performance usually isn't paramount on optical media. So,
1950 * just make scsi-block operate the same as scsi-generic for them.
1951 */
1952 if (s->qdev.type == TYPE_ROM) {
1953 break;
1954 }
1955 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1956 hba_private);
1957 }
1958
1959 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1960 hba_private);
1961 }
1962 #endif
1963
1964 #define DEFINE_SCSI_DISK_PROPERTIES() \
1965 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1966 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1967 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
1968 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
1969 DEFINE_PROP_STRING("product", SCSIDiskState, product)
1970
1971 static Property scsi_hd_properties[] = {
1972 DEFINE_SCSI_DISK_PROPERTIES(),
1973 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1974 SCSI_DISK_F_REMOVABLE, false),
1975 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1976 SCSI_DISK_F_DPOFUA, false),
1977 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
1978 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
1979 DEFINE_PROP_END_OF_LIST(),
1980 };
1981
1982 static const VMStateDescription vmstate_scsi_disk_state = {
1983 .name = "scsi-disk",
1984 .version_id = 1,
1985 .minimum_version_id = 1,
1986 .minimum_version_id_old = 1,
1987 .fields = (VMStateField[]) {
1988 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1989 VMSTATE_BOOL(media_changed, SCSIDiskState),
1990 VMSTATE_BOOL(media_event, SCSIDiskState),
1991 VMSTATE_BOOL(eject_request, SCSIDiskState),
1992 VMSTATE_BOOL(tray_open, SCSIDiskState),
1993 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1994 VMSTATE_END_OF_LIST()
1995 }
1996 };
1997
1998 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1999 {
2000 DeviceClass *dc = DEVICE_CLASS(klass);
2001 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2002
2003 sc->init = scsi_hd_initfn;
2004 sc->destroy = scsi_destroy;
2005 sc->alloc_req = scsi_new_request;
2006 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2007 dc->fw_name = "disk";
2008 dc->desc = "virtual SCSI disk";
2009 dc->reset = scsi_disk_reset;
2010 dc->props = scsi_hd_properties;
2011 dc->vmsd = &vmstate_scsi_disk_state;
2012 }
2013
2014 static TypeInfo scsi_hd_info = {
2015 .name = "scsi-hd",
2016 .parent = TYPE_SCSI_DEVICE,
2017 .instance_size = sizeof(SCSIDiskState),
2018 .class_init = scsi_hd_class_initfn,
2019 };
2020
2021 static Property scsi_cd_properties[] = {
2022 DEFINE_SCSI_DISK_PROPERTIES(),
2023 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2024 DEFINE_PROP_END_OF_LIST(),
2025 };
2026
2027 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2028 {
2029 DeviceClass *dc = DEVICE_CLASS(klass);
2030 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2031
2032 sc->init = scsi_cd_initfn;
2033 sc->destroy = scsi_destroy;
2034 sc->alloc_req = scsi_new_request;
2035 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2036 dc->fw_name = "disk";
2037 dc->desc = "virtual SCSI CD-ROM";
2038 dc->reset = scsi_disk_reset;
2039 dc->props = scsi_cd_properties;
2040 dc->vmsd = &vmstate_scsi_disk_state;
2041 }
2042
2043 static TypeInfo scsi_cd_info = {
2044 .name = "scsi-cd",
2045 .parent = TYPE_SCSI_DEVICE,
2046 .instance_size = sizeof(SCSIDiskState),
2047 .class_init = scsi_cd_class_initfn,
2048 };
2049
2050 #ifdef __linux__
2051 static Property scsi_block_properties[] = {
2052 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
2053 DEFINE_PROP_END_OF_LIST(),
2054 };
2055
2056 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2057 {
2058 DeviceClass *dc = DEVICE_CLASS(klass);
2059 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2060
2061 sc->init = scsi_block_initfn;
2062 sc->destroy = scsi_destroy;
2063 sc->alloc_req = scsi_block_new_request;
2064 dc->fw_name = "disk";
2065 dc->desc = "SCSI block device passthrough";
2066 dc->reset = scsi_disk_reset;
2067 dc->props = scsi_block_properties;
2068 dc->vmsd = &vmstate_scsi_disk_state;
2069 }
2070
2071 static TypeInfo scsi_block_info = {
2072 .name = "scsi-block",
2073 .parent = TYPE_SCSI_DEVICE,
2074 .instance_size = sizeof(SCSIDiskState),
2075 .class_init = scsi_block_class_initfn,
2076 };
2077 #endif
2078
2079 static Property scsi_disk_properties[] = {
2080 DEFINE_SCSI_DISK_PROPERTIES(),
2081 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2082 SCSI_DISK_F_REMOVABLE, false),
2083 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2084 SCSI_DISK_F_DPOFUA, false),
2085 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2086 DEFINE_PROP_END_OF_LIST(),
2087 };
2088
2089 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2090 {
2091 DeviceClass *dc = DEVICE_CLASS(klass);
2092 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2093
2094 sc->init = scsi_disk_initfn;
2095 sc->destroy = scsi_destroy;
2096 sc->alloc_req = scsi_new_request;
2097 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2098 dc->fw_name = "disk";
2099 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2100 dc->reset = scsi_disk_reset;
2101 dc->props = scsi_disk_properties;
2102 dc->vmsd = &vmstate_scsi_disk_state;
2103 }
2104
2105 static TypeInfo scsi_disk_info = {
2106 .name = "scsi-disk",
2107 .parent = TYPE_SCSI_DEVICE,
2108 .instance_size = sizeof(SCSIDiskState),
2109 .class_init = scsi_disk_class_initfn,
2110 };
2111
2112 static void scsi_disk_register_types(void)
2113 {
2114 type_register_static(&scsi_hd_info);
2115 type_register_static(&scsi_cd_info);
2116 #ifdef __linux__
2117 type_register_static(&scsi_block_info);
2118 #endif
2119 type_register_static(&scsi_disk_info);
2120 }
2121
2122 type_init(scsi_disk_register_types)
Qemu copy for testing