]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
read-only: Another minor cleanup
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "block.h"
37 #include "scsi.h"
38 #include "scsi-defs.h"
39
40 #define SCSI_DMA_BUF_SIZE 131072
41 #define SCSI_MAX_INQUIRY_LEN 256
42
43 #define SCSI_REQ_STATUS_RETRY 0x01
44
45 typedef struct SCSIDiskState SCSIDiskState;
46
47 typedef struct SCSIDiskReq {
48 SCSIRequest req;
49 /* ??? We should probably keep track of whether the data transfer is
50 a read or a write. Currently we rely on the host getting it right. */
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 struct iovec iov;
55 QEMUIOVector qiov;
56 uint32_t status;
57 } SCSIDiskReq;
58
59 struct SCSIDiskState
60 {
61 SCSIDevice qdev;
62 BlockDriverState *bs;
63 /* The qemu block layer uses a fixed 512 byte sector size.
64 This is the number of 512 byte blocks in a single scsi sector. */
65 int cluster_size;
66 uint64_t max_lba;
67 QEMUBH *bh;
68 char *version;
69 };
70
71 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
72 {
73 SCSIRequest *req;
74 SCSIDiskReq *r;
75
76 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
77 r = DO_UPCAST(SCSIDiskReq, req, req);
78 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
79 return r;
80 }
81
82 static void scsi_remove_request(SCSIDiskReq *r)
83 {
84 qemu_vfree(r->iov.iov_base);
85 scsi_req_free(&r->req);
86 }
87
88 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
89 {
90 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
91 }
92
93 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
94 {
95 req->status = status;
96 scsi_dev_set_sense(req->dev, sense_code);
97 }
98
99 /* Helper function for command completion. */
100 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
101 {
102 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
103 r->req.tag, status, sense);
104 scsi_req_set_status(&r->req, status, sense);
105 scsi_req_complete(&r->req);
106 scsi_remove_request(r);
107 }
108
109 /* Cancel a pending data transfer. */
110 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
111 {
112 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
113 SCSIDiskReq *r;
114 DPRINTF("Cancel tag=0x%x\n", tag);
115 r = scsi_find_request(s, tag);
116 if (r) {
117 if (r->req.aiocb)
118 bdrv_aio_cancel(r->req.aiocb);
119 r->req.aiocb = NULL;
120 scsi_remove_request(r);
121 }
122 }
123
124 static void scsi_read_complete(void * opaque, int ret)
125 {
126 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
127
128 if (ret) {
129 DPRINTF("IO error\n");
130 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
131 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
132 return;
133 }
134 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
135
136 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
137 }
138
139 /* Read more data from scsi device into buffer. */
140 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
141 {
142 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
143 SCSIDiskReq *r;
144 uint32_t n;
145
146 r = scsi_find_request(s, tag);
147 if (!r) {
148 BADF("Bad read tag 0x%x\n", tag);
149 /* ??? This is the wrong error. */
150 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
151 return;
152 }
153 if (r->sector_count == (uint32_t)-1) {
154 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
155 r->sector_count = 0;
156 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
157 return;
158 }
159 DPRINTF("Read sector_count=%d\n", r->sector_count);
160 if (r->sector_count == 0) {
161 scsi_command_complete(r, GOOD, NO_SENSE);
162 return;
163 }
164
165 n = r->sector_count;
166 if (n > SCSI_DMA_BUF_SIZE / 512)
167 n = SCSI_DMA_BUF_SIZE / 512;
168
169 r->iov.iov_len = n * 512;
170 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
171 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
172 scsi_read_complete, r);
173 if (r->req.aiocb == NULL)
174 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
175 r->sector += n;
176 r->sector_count -= n;
177 }
178
179 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
180 {
181 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
182 BlockInterfaceErrorAction action = drive_get_on_error(s->bs, 0);
183
184 if (action == BLOCK_ERR_IGNORE) {
185 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
186 return 0;
187 }
188
189 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
190 || action == BLOCK_ERR_STOP_ANY) {
191 r->status |= SCSI_REQ_STATUS_RETRY;
192 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
193 vm_stop(0);
194 } else {
195 scsi_command_complete(r, CHECK_CONDITION,
196 HARDWARE_ERROR);
197 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
198 }
199
200 return 1;
201 }
202
203 static void scsi_write_complete(void * opaque, int ret)
204 {
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
206 uint32_t len;
207 uint32_t n;
208
209 r->req.aiocb = NULL;
210
211 if (ret) {
212 if (scsi_handle_write_error(r, -ret))
213 return;
214 }
215
216 n = r->iov.iov_len / 512;
217 r->sector += n;
218 r->sector_count -= n;
219 if (r->sector_count == 0) {
220 scsi_command_complete(r, GOOD, NO_SENSE);
221 } else {
222 len = r->sector_count * 512;
223 if (len > SCSI_DMA_BUF_SIZE) {
224 len = SCSI_DMA_BUF_SIZE;
225 }
226 r->iov.iov_len = len;
227 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
228 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
229 }
230 }
231
232 static void scsi_write_request(SCSIDiskReq *r)
233 {
234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
235 uint32_t n;
236
237 n = r->iov.iov_len / 512;
238 if (n) {
239 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
240 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
241 scsi_write_complete, r);
242 if (r->req.aiocb == NULL)
243 scsi_command_complete(r, CHECK_CONDITION,
244 HARDWARE_ERROR);
245 } else {
246 /* Invoke completion routine to fetch data from host. */
247 scsi_write_complete(r, 0);
248 }
249 }
250
251 /* Write data to a scsi device. Returns nonzero on failure.
252 The transfer may complete asynchronously. */
253 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
254 {
255 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
256 SCSIDiskReq *r;
257
258 DPRINTF("Write data tag=0x%x\n", tag);
259 r = scsi_find_request(s, tag);
260 if (!r) {
261 BADF("Bad write tag 0x%x\n", tag);
262 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
263 return 1;
264 }
265
266 if (r->req.aiocb)
267 BADF("Data transfer already in progress\n");
268
269 scsi_write_request(r);
270
271 return 0;
272 }
273
274 static void scsi_dma_restart_bh(void *opaque)
275 {
276 SCSIDiskState *s = opaque;
277 SCSIRequest *req;
278 SCSIDiskReq *r;
279
280 qemu_bh_delete(s->bh);
281 s->bh = NULL;
282
283 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
284 r = DO_UPCAST(SCSIDiskReq, req, req);
285 if (r->status & SCSI_REQ_STATUS_RETRY) {
286 r->status &= ~SCSI_REQ_STATUS_RETRY;
287 scsi_write_request(r);
288 }
289 }
290 }
291
292 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
293 {
294 SCSIDiskState *s = opaque;
295
296 if (!running)
297 return;
298
299 if (!s->bh) {
300 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
301 qemu_bh_schedule(s->bh);
302 }
303 }
304
305 /* Return a pointer to the data buffer. */
306 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
307 {
308 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
309 SCSIDiskReq *r;
310
311 r = scsi_find_request(s, tag);
312 if (!r) {
313 BADF("Bad buffer tag 0x%x\n", tag);
314 return NULL;
315 }
316 return (uint8_t *)r->iov.iov_base;
317 }
318
319 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
320 {
321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
322 int buflen = 0;
323
324 if (req->cmd.buf[1] & 0x2) {
325 /* Command support data - optional, not implemented */
326 BADF("optional INQUIRY command support request not implemented\n");
327 return -1;
328 }
329
330 if (req->cmd.buf[1] & 0x1) {
331 /* Vital product data */
332 uint8_t page_code = req->cmd.buf[2];
333 if (req->cmd.xfer < 4) {
334 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
335 "less than 4\n", page_code, req->cmd.xfer);
336 return -1;
337 }
338
339 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
340 outbuf[buflen++] = 5;
341 } else {
342 outbuf[buflen++] = 0;
343 }
344 outbuf[buflen++] = page_code ; // this page
345 outbuf[buflen++] = 0x00;
346
347 switch (page_code) {
348 case 0x00: /* Supported page codes, mandatory */
349 DPRINTF("Inquiry EVPD[Supported pages] "
350 "buffer size %zd\n", req->cmd.xfer);
351 outbuf[buflen++] = 4; // number of pages
352 outbuf[buflen++] = 0x00; // list of supported pages (this page)
353 outbuf[buflen++] = 0x80; // unit serial number
354 outbuf[buflen++] = 0x83; // device identification
355 outbuf[buflen++] = 0xb0; // block device characteristics
356 break;
357
358 case 0x80: /* Device serial number, optional */
359 {
360 const char *serial = req->dev->conf.dinfo->serial ?
361 req->dev->conf.dinfo->serial : "0";
362 int l = strlen(serial);
363
364 if (l > req->cmd.xfer)
365 l = req->cmd.xfer;
366 if (l > 20)
367 l = 20;
368
369 DPRINTF("Inquiry EVPD[Serial number] "
370 "buffer size %zd\n", req->cmd.xfer);
371 outbuf[buflen++] = l;
372 memcpy(outbuf+buflen, serial, l);
373 buflen += l;
374 break;
375 }
376
377 case 0x83: /* Device identification page, mandatory */
378 {
379 int max_len = 255 - 8;
380 int id_len = strlen(bdrv_get_device_name(s->bs));
381
382 if (id_len > max_len)
383 id_len = max_len;
384 DPRINTF("Inquiry EVPD[Device identification] "
385 "buffer size %zd\n", req->cmd.xfer);
386
387 outbuf[buflen++] = 3 + id_len;
388 outbuf[buflen++] = 0x2; // ASCII
389 outbuf[buflen++] = 0; // not officially assigned
390 outbuf[buflen++] = 0; // reserved
391 outbuf[buflen++] = id_len; // length of data following
392
393 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
394 buflen += id_len;
395 break;
396 }
397 case 0xb0: /* block device characteristics */
398 {
399 unsigned int min_io_size =
400 s->qdev.conf.min_io_size / s->qdev.blocksize;
401 unsigned int opt_io_size =
402 s->qdev.conf.opt_io_size / s->qdev.blocksize;
403
404 /* required VPD size with unmap support */
405 outbuf[3] = buflen = 0x3c;
406
407 memset(outbuf + 4, 0, buflen - 4);
408
409 /* optimal transfer length granularity */
410 outbuf[6] = (min_io_size >> 8) & 0xff;
411 outbuf[7] = min_io_size & 0xff;
412
413 /* optimal transfer length */
414 outbuf[12] = (opt_io_size >> 24) & 0xff;
415 outbuf[13] = (opt_io_size >> 16) & 0xff;
416 outbuf[14] = (opt_io_size >> 8) & 0xff;
417 outbuf[15] = opt_io_size & 0xff;
418 break;
419 }
420 default:
421 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
422 "buffer size %zd\n", page_code, req->cmd.xfer);
423 return -1;
424 }
425 /* done with EVPD */
426 return buflen;
427 }
428
429 /* Standard INQUIRY data */
430 if (req->cmd.buf[2] != 0) {
431 BADF("Error: Inquiry (STANDARD) page or code "
432 "is non-zero [%02X]\n", req->cmd.buf[2]);
433 return -1;
434 }
435
436 /* PAGE CODE == 0 */
437 if (req->cmd.xfer < 5) {
438 BADF("Error: Inquiry (STANDARD) buffer size %zd "
439 "is less than 5\n", req->cmd.xfer);
440 return -1;
441 }
442
443 buflen = req->cmd.xfer;
444 if (buflen > SCSI_MAX_INQUIRY_LEN)
445 buflen = SCSI_MAX_INQUIRY_LEN;
446
447 memset(outbuf, 0, buflen);
448
449 if (req->lun || req->cmd.buf[1] >> 5) {
450 outbuf[0] = 0x7f; /* LUN not supported */
451 return buflen;
452 }
453
454 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
455 outbuf[0] = 5;
456 outbuf[1] = 0x80;
457 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
458 } else {
459 outbuf[0] = 0;
460 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
461 }
462 memcpy(&outbuf[8], "QEMU ", 8);
463 memcpy(&outbuf[32], s->version ? s->version : QEMU_VERSION, 4);
464 /*
465 * We claim conformance to SPC-3, which is required for guests
466 * to ask for modern features like READ CAPACITY(16) or the
467 * block characteristics VPD page by default. Not all of SPC-3
468 * is actually implemented, but we're good enough.
469 */
470 outbuf[2] = 5;
471 outbuf[3] = 2; /* Format 2 */
472
473 if (buflen > 36) {
474 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
475 } else {
476 /* If the allocation length of CDB is too small,
477 the additional length is not adjusted */
478 outbuf[4] = 36 - 5;
479 }
480
481 /* Sync data transfer and TCQ. */
482 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
483 return buflen;
484 }
485
486 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
487 {
488 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
489 BlockDriverState *bdrv = s->bs;
490 int cylinders, heads, secs;
491
492 switch (page) {
493 case 4: /* Rigid disk device geometry page. */
494 p[0] = 4;
495 p[1] = 0x16;
496 /* if a geometry hint is available, use it */
497 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
498 p[2] = (cylinders >> 16) & 0xff;
499 p[3] = (cylinders >> 8) & 0xff;
500 p[4] = cylinders & 0xff;
501 p[5] = heads & 0xff;
502 /* Write precomp start cylinder, disabled */
503 p[6] = (cylinders >> 16) & 0xff;
504 p[7] = (cylinders >> 8) & 0xff;
505 p[8] = cylinders & 0xff;
506 /* Reduced current start cylinder, disabled */
507 p[9] = (cylinders >> 16) & 0xff;
508 p[10] = (cylinders >> 8) & 0xff;
509 p[11] = cylinders & 0xff;
510 /* Device step rate [ns], 200ns */
511 p[12] = 0;
512 p[13] = 200;
513 /* Landing zone cylinder */
514 p[14] = 0xff;
515 p[15] = 0xff;
516 p[16] = 0xff;
517 /* Medium rotation rate [rpm], 5400 rpm */
518 p[20] = (5400 >> 8) & 0xff;
519 p[21] = 5400 & 0xff;
520 return 0x16;
521
522 case 5: /* Flexible disk device geometry page. */
523 p[0] = 5;
524 p[1] = 0x1e;
525 /* Transfer rate [kbit/s], 5Mbit/s */
526 p[2] = 5000 >> 8;
527 p[3] = 5000 & 0xff;
528 /* if a geometry hint is available, use it */
529 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
530 p[4] = heads & 0xff;
531 p[5] = secs & 0xff;
532 p[6] = s->cluster_size * 2;
533 p[8] = (cylinders >> 8) & 0xff;
534 p[9] = cylinders & 0xff;
535 /* Write precomp start cylinder, disabled */
536 p[10] = (cylinders >> 8) & 0xff;
537 p[11] = cylinders & 0xff;
538 /* Reduced current start cylinder, disabled */
539 p[12] = (cylinders >> 8) & 0xff;
540 p[13] = cylinders & 0xff;
541 /* Device step rate [100us], 100us */
542 p[14] = 0;
543 p[15] = 1;
544 /* Device step pulse width [us], 1us */
545 p[16] = 1;
546 /* Device head settle delay [100us], 100us */
547 p[17] = 0;
548 p[18] = 1;
549 /* Motor on delay [0.1s], 0.1s */
550 p[19] = 1;
551 /* Motor off delay [0.1s], 0.1s */
552 p[20] = 1;
553 /* Medium rotation rate [rpm], 5400 rpm */
554 p[28] = (5400 >> 8) & 0xff;
555 p[29] = 5400 & 0xff;
556 return 0x1e;
557
558 case 8: /* Caching page. */
559 p[0] = 8;
560 p[1] = 0x12;
561 if (bdrv_enable_write_cache(s->bs)) {
562 p[2] = 4; /* WCE */
563 }
564 return 20;
565
566 case 0x2a: /* CD Capabilities and Mechanical Status page. */
567 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
568 return 0;
569 p[0] = 0x2a;
570 p[1] = 0x14;
571 p[2] = 3; // CD-R & CD-RW read
572 p[3] = 0; // Writing not supported
573 p[4] = 0x7f; /* Audio, composite, digital out,
574 mode 2 form 1&2, multi session */
575 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
576 RW corrected, C2 errors, ISRC,
577 UPC, Bar code */
578 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
579 /* Locking supported, jumper present, eject, tray */
580 p[7] = 0; /* no volume & mute control, no
581 changer */
582 p[8] = (50 * 176) >> 8; // 50x read speed
583 p[9] = (50 * 176) & 0xff;
584 p[10] = 0 >> 8; // No volume
585 p[11] = 0 & 0xff;
586 p[12] = 2048 >> 8; // 2M buffer
587 p[13] = 2048 & 0xff;
588 p[14] = (16 * 176) >> 8; // 16x read speed current
589 p[15] = (16 * 176) & 0xff;
590 p[18] = (16 * 176) >> 8; // 16x write speed
591 p[19] = (16 * 176) & 0xff;
592 p[20] = (16 * 176) >> 8; // 16x write speed current
593 p[21] = (16 * 176) & 0xff;
594 return 22;
595
596 default:
597 return 0;
598 }
599 }
600
601 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
602 {
603 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
604 uint64_t nb_sectors;
605 int page, dbd, buflen;
606 uint8_t *p;
607
608 dbd = req->cmd.buf[1] & 0x8;
609 page = req->cmd.buf[2] & 0x3f;
610 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
611 memset(outbuf, 0, req->cmd.xfer);
612 p = outbuf;
613
614 p[1] = 0; /* Default media type. */
615 p[3] = 0; /* Block descriptor length. */
616 if (bdrv_is_read_only(s->bs)) {
617 p[2] = 0x80; /* Readonly. */
618 }
619 p += 4;
620
621 bdrv_get_geometry(s->bs, &nb_sectors);
622 if ((~dbd) & nb_sectors) {
623 outbuf[3] = 8; /* Block descriptor length */
624 nb_sectors /= s->cluster_size;
625 nb_sectors--;
626 if (nb_sectors > 0xffffff)
627 nb_sectors = 0xffffff;
628 p[0] = 0; /* media density code */
629 p[1] = (nb_sectors >> 16) & 0xff;
630 p[2] = (nb_sectors >> 8) & 0xff;
631 p[3] = nb_sectors & 0xff;
632 p[4] = 0; /* reserved */
633 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
634 p[6] = s->cluster_size * 2;
635 p[7] = 0;
636 p += 8;
637 }
638
639 switch (page) {
640 case 0x04:
641 case 0x05:
642 case 0x08:
643 case 0x2a:
644 p += mode_sense_page(req, page, p);
645 break;
646 case 0x3f:
647 p += mode_sense_page(req, 0x08, p);
648 p += mode_sense_page(req, 0x2a, p);
649 break;
650 }
651
652 buflen = p - outbuf;
653 outbuf[0] = buflen - 4;
654 if (buflen > req->cmd.xfer)
655 buflen = req->cmd.xfer;
656 return buflen;
657 }
658
659 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
660 {
661 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
662 int start_track, format, msf, toclen;
663 uint64_t nb_sectors;
664
665 msf = req->cmd.buf[1] & 2;
666 format = req->cmd.buf[2] & 0xf;
667 start_track = req->cmd.buf[6];
668 bdrv_get_geometry(s->bs, &nb_sectors);
669 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
670 nb_sectors /= s->cluster_size;
671 switch (format) {
672 case 0:
673 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
674 break;
675 case 1:
676 /* multi session : only a single session defined */
677 toclen = 12;
678 memset(outbuf, 0, 12);
679 outbuf[1] = 0x0a;
680 outbuf[2] = 0x01;
681 outbuf[3] = 0x01;
682 break;
683 case 2:
684 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
685 break;
686 default:
687 return -1;
688 }
689 if (toclen > req->cmd.xfer)
690 toclen = req->cmd.xfer;
691 return toclen;
692 }
693
694 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
695 {
696 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
697 uint64_t nb_sectors;
698 int buflen = 0;
699
700 switch (req->cmd.buf[0]) {
701 case TEST_UNIT_READY:
702 if (!bdrv_is_inserted(s->bs))
703 goto not_ready;
704 break;
705 case REQUEST_SENSE:
706 if (req->cmd.xfer < 4)
707 goto illegal_request;
708 memset(outbuf, 0, 4);
709 buflen = 4;
710 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
711 memset(outbuf, 0, 18);
712 buflen = 18;
713 outbuf[7] = 10;
714 /* asc 0x3a, ascq 0: Medium not present */
715 outbuf[12] = 0x3a;
716 outbuf[13] = 0;
717 }
718 outbuf[0] = 0xf0;
719 outbuf[1] = 0;
720 outbuf[2] = req->dev->sense.key;
721 scsi_dev_clear_sense(req->dev);
722 break;
723 case INQUIRY:
724 buflen = scsi_disk_emulate_inquiry(req, outbuf);
725 if (buflen < 0)
726 goto illegal_request;
727 break;
728 case MODE_SENSE:
729 case MODE_SENSE_10:
730 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
731 if (buflen < 0)
732 goto illegal_request;
733 break;
734 case READ_TOC:
735 buflen = scsi_disk_emulate_read_toc(req, outbuf);
736 if (buflen < 0)
737 goto illegal_request;
738 break;
739 case RESERVE:
740 if (req->cmd.buf[1] & 1)
741 goto illegal_request;
742 break;
743 case RESERVE_10:
744 if (req->cmd.buf[1] & 3)
745 goto illegal_request;
746 break;
747 case RELEASE:
748 if (req->cmd.buf[1] & 1)
749 goto illegal_request;
750 break;
751 case RELEASE_10:
752 if (req->cmd.buf[1] & 3)
753 goto illegal_request;
754 break;
755 case START_STOP:
756 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
757 /* load/eject medium */
758 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
759 }
760 break;
761 case ALLOW_MEDIUM_REMOVAL:
762 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
763 break;
764 case READ_CAPACITY:
765 /* The normal LEN field for this command is zero. */
766 memset(outbuf, 0, 8);
767 bdrv_get_geometry(s->bs, &nb_sectors);
768 if (!nb_sectors)
769 goto not_ready;
770 nb_sectors /= s->cluster_size;
771 /* Returned value is the address of the last sector. */
772 nb_sectors--;
773 /* Remember the new size for read/write sanity checking. */
774 s->max_lba = nb_sectors;
775 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
776 if (nb_sectors > UINT32_MAX)
777 nb_sectors = UINT32_MAX;
778 outbuf[0] = (nb_sectors >> 24) & 0xff;
779 outbuf[1] = (nb_sectors >> 16) & 0xff;
780 outbuf[2] = (nb_sectors >> 8) & 0xff;
781 outbuf[3] = nb_sectors & 0xff;
782 outbuf[4] = 0;
783 outbuf[5] = 0;
784 outbuf[6] = s->cluster_size * 2;
785 outbuf[7] = 0;
786 buflen = 8;
787 break;
788 case SYNCHRONIZE_CACHE:
789 bdrv_flush(s->bs);
790 break;
791 case GET_CONFIGURATION:
792 memset(outbuf, 0, 8);
793 /* ??? This should probably return much more information. For now
794 just return the basic header indicating the CD-ROM profile. */
795 outbuf[7] = 8; // CD-ROM
796 buflen = 8;
797 break;
798 case SERVICE_ACTION_IN:
799 /* Service Action In subcommands. */
800 if ((req->cmd.buf[1] & 31) == 0x10) {
801 DPRINTF("SAI READ CAPACITY(16)\n");
802 memset(outbuf, 0, req->cmd.xfer);
803 bdrv_get_geometry(s->bs, &nb_sectors);
804 if (!nb_sectors)
805 goto not_ready;
806 nb_sectors /= s->cluster_size;
807 /* Returned value is the address of the last sector. */
808 nb_sectors--;
809 /* Remember the new size for read/write sanity checking. */
810 s->max_lba = nb_sectors;
811 outbuf[0] = (nb_sectors >> 56) & 0xff;
812 outbuf[1] = (nb_sectors >> 48) & 0xff;
813 outbuf[2] = (nb_sectors >> 40) & 0xff;
814 outbuf[3] = (nb_sectors >> 32) & 0xff;
815 outbuf[4] = (nb_sectors >> 24) & 0xff;
816 outbuf[5] = (nb_sectors >> 16) & 0xff;
817 outbuf[6] = (nb_sectors >> 8) & 0xff;
818 outbuf[7] = nb_sectors & 0xff;
819 outbuf[8] = 0;
820 outbuf[9] = 0;
821 outbuf[10] = s->cluster_size * 2;
822 outbuf[11] = 0;
823 outbuf[12] = 0;
824 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
825 /* Protection, exponent and lowest lba field left blank. */
826 buflen = req->cmd.xfer;
827 break;
828 }
829 DPRINTF("Unsupported Service Action In\n");
830 goto illegal_request;
831 case REPORT_LUNS:
832 if (req->cmd.xfer < 16)
833 goto illegal_request;
834 memset(outbuf, 0, 16);
835 outbuf[3] = 8;
836 buflen = 16;
837 break;
838 case VERIFY:
839 break;
840 default:
841 goto illegal_request;
842 }
843 scsi_req_set_status(req, GOOD, NO_SENSE);
844 return buflen;
845
846 not_ready:
847 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
848 return 0;
849
850 illegal_request:
851 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
852 return 0;
853 }
854
855 /* Execute a scsi command. Returns the length of the data expected by the
856 command. This will be Positive for data transfers from the device
857 (eg. disk reads), negative for transfers to the device (eg. disk writes),
858 and zero if the command does not transfer any data. */
859
860 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
861 uint8_t *buf, int lun)
862 {
863 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
864 uint64_t lba;
865 uint32_t len;
866 int cmdlen;
867 int is_write;
868 uint8_t command;
869 uint8_t *outbuf;
870 SCSIDiskReq *r;
871 int rc;
872
873 command = buf[0];
874 r = scsi_find_request(s, tag);
875 if (r) {
876 BADF("Tag 0x%x already in use\n", tag);
877 scsi_cancel_io(d, tag);
878 }
879 /* ??? Tags are not unique for different luns. We only implement a
880 single lun, so this should not matter. */
881 r = scsi_new_request(d, tag, lun);
882 outbuf = (uint8_t *)r->iov.iov_base;
883 is_write = 0;
884 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
885 switch (command >> 5) {
886 case 0:
887 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
888 (((uint64_t) buf[1] & 0x1f) << 16);
889 len = buf[4];
890 cmdlen = 6;
891 break;
892 case 1:
893 case 2:
894 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
895 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
896 len = buf[8] | (buf[7] << 8);
897 cmdlen = 10;
898 break;
899 case 4:
900 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
901 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
902 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
903 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
904 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
905 cmdlen = 16;
906 break;
907 case 5:
908 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
909 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
910 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
911 cmdlen = 12;
912 break;
913 default:
914 BADF("Unsupported command length, command %x\n", command);
915 goto fail;
916 }
917 #ifdef DEBUG_SCSI
918 {
919 int i;
920 for (i = 1; i < cmdlen; i++) {
921 printf(" 0x%02x", buf[i]);
922 }
923 printf("\n");
924 }
925 #endif
926
927 if (scsi_req_parse(&r->req, buf) != 0) {
928 BADF("Unsupported command length, command %x\n", command);
929 goto fail;
930 }
931 assert(r->req.cmd.len == cmdlen);
932 assert(r->req.cmd.lba == lba);
933
934 if (lun || buf[1] >> 5) {
935 /* Only LUN 0 supported. */
936 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
937 if (command != REQUEST_SENSE && command != INQUIRY)
938 goto fail;
939 }
940 switch (command) {
941 case TEST_UNIT_READY:
942 case REQUEST_SENSE:
943 case INQUIRY:
944 case MODE_SENSE:
945 case MODE_SENSE_10:
946 case RESERVE:
947 case RESERVE_10:
948 case RELEASE:
949 case RELEASE_10:
950 case START_STOP:
951 case ALLOW_MEDIUM_REMOVAL:
952 case READ_CAPACITY:
953 case SYNCHRONIZE_CACHE:
954 case READ_TOC:
955 case GET_CONFIGURATION:
956 case SERVICE_ACTION_IN:
957 case REPORT_LUNS:
958 case VERIFY:
959 rc = scsi_disk_emulate_command(&r->req, outbuf);
960 if (rc > 0) {
961 r->iov.iov_len = rc;
962 } else {
963 scsi_req_complete(&r->req);
964 scsi_remove_request(r);
965 return 0;
966 }
967 break;
968 case READ_6:
969 case READ_10:
970 case READ_12:
971 case READ_16:
972 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
973 if (lba > s->max_lba)
974 goto illegal_lba;
975 r->sector = lba * s->cluster_size;
976 r->sector_count = len * s->cluster_size;
977 break;
978 case WRITE_6:
979 case WRITE_10:
980 case WRITE_12:
981 case WRITE_16:
982 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
983 if (lba > s->max_lba)
984 goto illegal_lba;
985 r->sector = lba * s->cluster_size;
986 r->sector_count = len * s->cluster_size;
987 is_write = 1;
988 break;
989 default:
990 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
991 fail:
992 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
993 return 0;
994 illegal_lba:
995 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
996 return 0;
997 }
998 if (r->sector_count == 0 && r->iov.iov_len == 0) {
999 scsi_command_complete(r, GOOD, NO_SENSE);
1000 }
1001 len = r->sector_count * 512 + r->iov.iov_len;
1002 if (is_write) {
1003 return -len;
1004 } else {
1005 if (!r->sector_count)
1006 r->sector_count = -1;
1007 return len;
1008 }
1009 }
1010
1011 static void scsi_destroy(SCSIDevice *dev)
1012 {
1013 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1014 SCSIDiskReq *r;
1015
1016 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1017 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1018 scsi_remove_request(r);
1019 }
1020 drive_uninit(s->qdev.conf.dinfo);
1021 }
1022
1023 static int scsi_disk_initfn(SCSIDevice *dev)
1024 {
1025 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1026 uint64_t nb_sectors;
1027
1028 if (!s->qdev.conf.dinfo || !s->qdev.conf.dinfo->bdrv) {
1029 error_report("scsi-disk: drive property not set");
1030 return -1;
1031 }
1032 s->bs = s->qdev.conf.dinfo->bdrv;
1033
1034 if (bdrv_is_sg(s->bs)) {
1035 error_report("scsi-disk: unwanted /dev/sg*");
1036 return -1;
1037 }
1038
1039 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1040 s->qdev.blocksize = 2048;
1041 } else {
1042 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1043 }
1044 s->cluster_size = s->qdev.blocksize / 512;
1045
1046 s->qdev.type = TYPE_DISK;
1047 bdrv_get_geometry(s->bs, &nb_sectors);
1048 nb_sectors /= s->cluster_size;
1049 if (nb_sectors)
1050 nb_sectors--;
1051 s->max_lba = nb_sectors;
1052 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1053 return 0;
1054 }
1055
1056 static SCSIDeviceInfo scsi_disk_info = {
1057 .qdev.name = "scsi-disk",
1058 .qdev.desc = "virtual scsi disk or cdrom",
1059 .qdev.size = sizeof(SCSIDiskState),
1060 .init = scsi_disk_initfn,
1061 .destroy = scsi_destroy,
1062 .send_command = scsi_send_command,
1063 .read_data = scsi_read_data,
1064 .write_data = scsi_write_data,
1065 .cancel_io = scsi_cancel_io,
1066 .get_buf = scsi_get_buf,
1067 .qdev.props = (Property[]) {
1068 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1069 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1070 DEFINE_PROP_END_OF_LIST(),
1071 },
1072 };
1073
1074 static void scsi_disk_register_devices(void)
1075 {
1076 scsi_qdev_register(&scsi_disk_info);
1077 }
1078 device_init(scsi_disk_register_devices)
Qemu copy for testing