]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'ppc-next' of git://repo.or.cz/qemu/agraf
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #ifdef __linux
43 #include <scsi/sg.h>
44 #endif
45
46 #define SCSI_DMA_BUF_SIZE 131072
47 #define SCSI_MAX_INQUIRY_LEN 256
48
49 typedef struct SCSIDiskState SCSIDiskState;
50
51 typedef struct SCSIDiskReq {
52 SCSIRequest req;
53 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
54 uint64_t sector;
55 uint32_t sector_count;
56 uint32_t buflen;
57 struct iovec iov;
58 QEMUIOVector qiov;
59 BlockAcctCookie acct;
60 } SCSIDiskReq;
61
62 struct SCSIDiskState
63 {
64 SCSIDevice qdev;
65 uint32_t removable;
66 bool media_changed;
67 bool media_event;
68 bool eject_request;
69 QEMUBH *bh;
70 char *version;
71 char *serial;
72 bool tray_open;
73 bool tray_locked;
74 };
75
76 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
77
78 static void scsi_free_request(SCSIRequest *req)
79 {
80 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
81
82 if (r->iov.iov_base) {
83 qemu_vfree(r->iov.iov_base);
84 }
85 }
86
87 /* Helper function for command completion with sense. */
88 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
89 {
90 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
91 r->req.tag, sense.key, sense.asc, sense.ascq);
92 scsi_req_build_sense(&r->req, sense);
93 scsi_req_complete(&r->req, CHECK_CONDITION);
94 }
95
96 /* Cancel a pending data transfer. */
97 static void scsi_cancel_io(SCSIRequest *req)
98 {
99 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
100
101 DPRINTF("Cancel tag=0x%x\n", req->tag);
102 if (r->req.aiocb) {
103 bdrv_aio_cancel(r->req.aiocb);
104
105 /* This reference was left in by scsi_*_data. We take ownership of
106 * it the moment scsi_req_cancel is called, independent of whether
107 * bdrv_aio_cancel completes the request or not. */
108 scsi_req_unref(&r->req);
109 }
110 r->req.aiocb = NULL;
111 }
112
113 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
114 {
115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
116
117 if (!r->iov.iov_base) {
118 r->buflen = SCSI_DMA_BUF_SIZE;
119 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
120 }
121 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
122 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
123 return r->qiov.size / 512;
124 }
125
126 static void scsi_read_complete(void * opaque, int ret)
127 {
128 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
130 int n;
131
132 if (r->req.aiocb != NULL) {
133 r->req.aiocb = NULL;
134 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
135 }
136
137 if (ret) {
138 if (scsi_handle_rw_error(r, -ret)) {
139 goto done;
140 }
141 }
142
143 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
144
145 n = r->qiov.size / 512;
146 r->sector += n;
147 r->sector_count -= n;
148 scsi_req_data(&r->req, r->qiov.size);
149
150 done:
151 if (!r->req.io_canceled) {
152 scsi_req_unref(&r->req);
153 }
154 }
155
156 static void scsi_flush_complete(void * opaque, int ret)
157 {
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 if (r->req.aiocb != NULL) {
162 r->req.aiocb = NULL;
163 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
164 }
165
166 if (ret < 0) {
167 if (scsi_handle_rw_error(r, -ret)) {
168 goto done;
169 }
170 }
171
172 scsi_req_complete(&r->req, GOOD);
173
174 done:
175 if (!r->req.io_canceled) {
176 scsi_req_unref(&r->req);
177 }
178 }
179
180 /* Read more data from scsi device into buffer. */
181 static void scsi_read_data(SCSIRequest *req)
182 {
183 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
184 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
185 uint32_t n;
186
187 if (r->sector_count == (uint32_t)-1) {
188 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
189 r->sector_count = 0;
190 scsi_req_data(&r->req, r->iov.iov_len);
191 return;
192 }
193 DPRINTF("Read sector_count=%d\n", r->sector_count);
194 if (r->sector_count == 0) {
195 /* This also clears the sense buffer for REQUEST SENSE. */
196 scsi_req_complete(&r->req, GOOD);
197 return;
198 }
199
200 /* No data transfer may already be in progress */
201 assert(r->req.aiocb == NULL);
202
203 /* The request is used as the AIO opaque value, so add a ref. */
204 scsi_req_ref(&r->req);
205 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
206 DPRINTF("Data transfer direction invalid\n");
207 scsi_read_complete(r, -EINVAL);
208 return;
209 }
210
211 if (s->tray_open) {
212 scsi_read_complete(r, -ENOMEDIUM);
213 return;
214 }
215
216 n = scsi_init_iovec(r);
217 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
218 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
219 scsi_read_complete, r);
220 }
221
222 /*
223 * scsi_handle_rw_error has two return values. 0 means that the error
224 * must be ignored, 1 means that the error has been processed and the
225 * caller should not do anything else for this request. Note that
226 * scsi_handle_rw_error always manages its reference counts, independent
227 * of the return value.
228 */
229 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
230 {
231 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
232 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
233 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
234
235 if (action == BLOCK_ERR_IGNORE) {
236 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
237 return 0;
238 }
239
240 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
241 || action == BLOCK_ERR_STOP_ANY) {
242
243 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
244 vm_stop(RUN_STATE_IO_ERROR);
245 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
246 scsi_req_retry(&r->req);
247 } else {
248 switch (error) {
249 case ENOMEDIUM:
250 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
251 break;
252 case ENOMEM:
253 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
254 break;
255 case EINVAL:
256 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
257 break;
258 default:
259 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
260 break;
261 }
262 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
263 }
264 return 1;
265 }
266
267 static void scsi_write_complete(void * opaque, int ret)
268 {
269 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
270 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
271 uint32_t n;
272
273 if (r->req.aiocb != NULL) {
274 r->req.aiocb = NULL;
275 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
276 }
277
278 if (ret) {
279 if (scsi_handle_rw_error(r, -ret)) {
280 goto done;
281 }
282 }
283
284 n = r->qiov.size / 512;
285 r->sector += n;
286 r->sector_count -= n;
287 if (r->sector_count == 0) {
288 scsi_req_complete(&r->req, GOOD);
289 } else {
290 scsi_init_iovec(r);
291 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
292 scsi_req_data(&r->req, r->qiov.size);
293 }
294
295 done:
296 if (!r->req.io_canceled) {
297 scsi_req_unref(&r->req);
298 }
299 }
300
301 static void scsi_write_data(SCSIRequest *req)
302 {
303 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
305 uint32_t n;
306
307 /* No data transfer may already be in progress */
308 assert(r->req.aiocb == NULL);
309
310 /* The request is used as the AIO opaque value, so add a ref. */
311 scsi_req_ref(&r->req);
312 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
313 DPRINTF("Data transfer direction invalid\n");
314 scsi_write_complete(r, -EINVAL);
315 return;
316 }
317
318 n = r->qiov.size / 512;
319 if (n) {
320 if (s->tray_open) {
321 scsi_write_complete(r, -ENOMEDIUM);
322 return;
323 }
324 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
325 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
326 scsi_write_complete, r);
327 } else {
328 /* Called for the first time. Ask the driver to send us more data. */
329 scsi_write_complete(r, 0);
330 }
331 }
332
333 /* Return a pointer to the data buffer. */
334 static uint8_t *scsi_get_buf(SCSIRequest *req)
335 {
336 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
337
338 return (uint8_t *)r->iov.iov_base;
339 }
340
341 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
342 {
343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
344 int buflen = 0;
345
346 if (req->cmd.buf[1] & 0x2) {
347 /* Command support data - optional, not implemented */
348 BADF("optional INQUIRY command support request not implemented\n");
349 return -1;
350 }
351
352 if (req->cmd.buf[1] & 0x1) {
353 /* Vital product data */
354 uint8_t page_code = req->cmd.buf[2];
355 if (req->cmd.xfer < 4) {
356 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
357 "less than 4\n", page_code, req->cmd.xfer);
358 return -1;
359 }
360
361 outbuf[buflen++] = s->qdev.type & 0x1f;
362 outbuf[buflen++] = page_code ; // this page
363 outbuf[buflen++] = 0x00;
364
365 switch (page_code) {
366 case 0x00: /* Supported page codes, mandatory */
367 {
368 int pages;
369 DPRINTF("Inquiry EVPD[Supported pages] "
370 "buffer size %zd\n", req->cmd.xfer);
371 pages = buflen++;
372 outbuf[buflen++] = 0x00; // list of supported pages (this page)
373 if (s->serial) {
374 outbuf[buflen++] = 0x80; // unit serial number
375 }
376 outbuf[buflen++] = 0x83; // device identification
377 if (s->qdev.type == TYPE_DISK) {
378 outbuf[buflen++] = 0xb0; // block limits
379 outbuf[buflen++] = 0xb2; // thin provisioning
380 }
381 outbuf[pages] = buflen - pages - 1; // number of pages
382 break;
383 }
384 case 0x80: /* Device serial number, optional */
385 {
386 int l;
387
388 if (!s->serial) {
389 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
390 return -1;
391 }
392
393 l = strlen(s->serial);
394 if (l > req->cmd.xfer) {
395 l = req->cmd.xfer;
396 }
397 if (l > 20) {
398 l = 20;
399 }
400
401 DPRINTF("Inquiry EVPD[Serial number] "
402 "buffer size %zd\n", req->cmd.xfer);
403 outbuf[buflen++] = l;
404 memcpy(outbuf+buflen, s->serial, l);
405 buflen += l;
406 break;
407 }
408
409 case 0x83: /* Device identification page, mandatory */
410 {
411 int max_len = 255 - 8;
412 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
413
414 if (id_len > max_len) {
415 id_len = max_len;
416 }
417 DPRINTF("Inquiry EVPD[Device identification] "
418 "buffer size %zd\n", req->cmd.xfer);
419
420 outbuf[buflen++] = 4 + id_len;
421 outbuf[buflen++] = 0x2; // ASCII
422 outbuf[buflen++] = 0; // not officially assigned
423 outbuf[buflen++] = 0; // reserved
424 outbuf[buflen++] = id_len; // length of data following
425
426 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
427 buflen += id_len;
428 break;
429 }
430 case 0xb0: /* block limits */
431 {
432 unsigned int unmap_sectors =
433 s->qdev.conf.discard_granularity / s->qdev.blocksize;
434 unsigned int min_io_size =
435 s->qdev.conf.min_io_size / s->qdev.blocksize;
436 unsigned int opt_io_size =
437 s->qdev.conf.opt_io_size / s->qdev.blocksize;
438
439 if (s->qdev.type == TYPE_ROM) {
440 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
441 page_code);
442 return -1;
443 }
444 /* required VPD size with unmap support */
445 outbuf[3] = buflen = 0x3c;
446
447 memset(outbuf + 4, 0, buflen - 4);
448
449 /* optimal transfer length granularity */
450 outbuf[6] = (min_io_size >> 8) & 0xff;
451 outbuf[7] = min_io_size & 0xff;
452
453 /* optimal transfer length */
454 outbuf[12] = (opt_io_size >> 24) & 0xff;
455 outbuf[13] = (opt_io_size >> 16) & 0xff;
456 outbuf[14] = (opt_io_size >> 8) & 0xff;
457 outbuf[15] = opt_io_size & 0xff;
458
459 /* optimal unmap granularity */
460 outbuf[28] = (unmap_sectors >> 24) & 0xff;
461 outbuf[29] = (unmap_sectors >> 16) & 0xff;
462 outbuf[30] = (unmap_sectors >> 8) & 0xff;
463 outbuf[31] = unmap_sectors & 0xff;
464 break;
465 }
466 case 0xb2: /* thin provisioning */
467 {
468 outbuf[3] = buflen = 8;
469 outbuf[4] = 0;
470 outbuf[5] = 0x40; /* write same with unmap supported */
471 outbuf[6] = 0;
472 outbuf[7] = 0;
473 break;
474 }
475 default:
476 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
477 "buffer size %zd\n", page_code, req->cmd.xfer);
478 return -1;
479 }
480 /* done with EVPD */
481 return buflen;
482 }
483
484 /* Standard INQUIRY data */
485 if (req->cmd.buf[2] != 0) {
486 BADF("Error: Inquiry (STANDARD) page or code "
487 "is non-zero [%02X]\n", req->cmd.buf[2]);
488 return -1;
489 }
490
491 /* PAGE CODE == 0 */
492 if (req->cmd.xfer < 5) {
493 BADF("Error: Inquiry (STANDARD) buffer size %zd "
494 "is less than 5\n", req->cmd.xfer);
495 return -1;
496 }
497
498 buflen = req->cmd.xfer;
499 if (buflen > SCSI_MAX_INQUIRY_LEN) {
500 buflen = SCSI_MAX_INQUIRY_LEN;
501 }
502 memset(outbuf, 0, buflen);
503
504 outbuf[0] = s->qdev.type & 0x1f;
505 outbuf[1] = s->removable ? 0x80 : 0;
506 if (s->qdev.type == TYPE_ROM) {
507 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
508 } else {
509 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
510 }
511 memcpy(&outbuf[8], "QEMU ", 8);
512 memset(&outbuf[32], 0, 4);
513 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
514 /*
515 * We claim conformance to SPC-3, which is required for guests
516 * to ask for modern features like READ CAPACITY(16) or the
517 * block characteristics VPD page by default. Not all of SPC-3
518 * is actually implemented, but we're good enough.
519 */
520 outbuf[2] = 5;
521 outbuf[3] = 2; /* Format 2 */
522
523 if (buflen > 36) {
524 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
525 } else {
526 /* If the allocation length of CDB is too small,
527 the additional length is not adjusted */
528 outbuf[4] = 36 - 5;
529 }
530
531 /* Sync data transfer and TCQ. */
532 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
533 return buflen;
534 }
535
536 static inline bool media_is_dvd(SCSIDiskState *s)
537 {
538 uint64_t nb_sectors;
539 if (s->qdev.type != TYPE_ROM) {
540 return false;
541 }
542 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
543 return false;
544 }
545 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
546 return nb_sectors > CD_MAX_SECTORS;
547 }
548
549 static inline bool media_is_cd(SCSIDiskState *s)
550 {
551 uint64_t nb_sectors;
552 if (s->qdev.type != TYPE_ROM) {
553 return false;
554 }
555 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
556 return false;
557 }
558 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
559 return nb_sectors <= CD_MAX_SECTORS;
560 }
561
562 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
563 uint8_t *outbuf)
564 {
565 static const int rds_caps_size[5] = {
566 [0] = 2048 + 4,
567 [1] = 4 + 4,
568 [3] = 188 + 4,
569 [4] = 2048 + 4,
570 };
571
572 uint8_t media = r->req.cmd.buf[1];
573 uint8_t layer = r->req.cmd.buf[6];
574 uint8_t format = r->req.cmd.buf[7];
575 int size = -1;
576
577 if (s->qdev.type != TYPE_ROM) {
578 return -1;
579 }
580 if (media != 0) {
581 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
582 return -1;
583 }
584
585 if (format != 0xff) {
586 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
587 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
588 return -1;
589 }
590 if (media_is_cd(s)) {
591 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
592 return -1;
593 }
594 if (format >= ARRAY_SIZE(rds_caps_size)) {
595 return -1;
596 }
597 size = rds_caps_size[format];
598 memset(outbuf, 0, size);
599 }
600
601 switch (format) {
602 case 0x00: {
603 /* Physical format information */
604 uint64_t nb_sectors;
605 if (layer != 0) {
606 goto fail;
607 }
608 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
609
610 outbuf[4] = 1; /* DVD-ROM, part version 1 */
611 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
612 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
613 outbuf[7] = 0; /* default densities */
614
615 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
616 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
617 break;
618 }
619
620 case 0x01: /* DVD copyright information, all zeros */
621 break;
622
623 case 0x03: /* BCA information - invalid field for no BCA info */
624 return -1;
625
626 case 0x04: /* DVD disc manufacturing information, all zeros */
627 break;
628
629 case 0xff: { /* List capabilities */
630 int i;
631 size = 4;
632 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
633 if (!rds_caps_size[i]) {
634 continue;
635 }
636 outbuf[size] = i;
637 outbuf[size + 1] = 0x40; /* Not writable, readable */
638 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
639 size += 4;
640 }
641 break;
642 }
643
644 default:
645 return -1;
646 }
647
648 /* Size of buffer, not including 2 byte size field */
649 stw_be_p(outbuf, size - 2);
650 return size;
651
652 fail:
653 return -1;
654 }
655
656 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
657 {
658 uint8_t event_code, media_status;
659
660 media_status = 0;
661 if (s->tray_open) {
662 media_status = MS_TRAY_OPEN;
663 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
664 media_status = MS_MEDIA_PRESENT;
665 }
666
667 /* Event notification descriptor */
668 event_code = MEC_NO_CHANGE;
669 if (media_status != MS_TRAY_OPEN) {
670 if (s->media_event) {
671 event_code = MEC_NEW_MEDIA;
672 s->media_event = false;
673 } else if (s->eject_request) {
674 event_code = MEC_EJECT_REQUESTED;
675 s->eject_request = false;
676 }
677 }
678
679 outbuf[0] = event_code;
680 outbuf[1] = media_status;
681
682 /* These fields are reserved, just clear them. */
683 outbuf[2] = 0;
684 outbuf[3] = 0;
685 return 4;
686 }
687
688 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
689 uint8_t *outbuf)
690 {
691 int size;
692 uint8_t *buf = r->req.cmd.buf;
693 uint8_t notification_class_request = buf[4];
694 if (s->qdev.type != TYPE_ROM) {
695 return -1;
696 }
697 if ((buf[1] & 1) == 0) {
698 /* asynchronous */
699 return -1;
700 }
701
702 size = 4;
703 outbuf[0] = outbuf[1] = 0;
704 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
705 if (notification_class_request & (1 << GESN_MEDIA)) {
706 outbuf[2] = GESN_MEDIA;
707 size += scsi_event_status_media(s, &outbuf[size]);
708 } else {
709 outbuf[2] = 0x80;
710 }
711 stw_be_p(outbuf, size - 4);
712 return size;
713 }
714
715 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
716 {
717 int current;
718
719 if (s->qdev.type != TYPE_ROM) {
720 return -1;
721 }
722 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
723 memset(outbuf, 0, 40);
724 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
725 stw_be_p(&outbuf[6], current);
726 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
727 outbuf[10] = 0x03; /* persistent, current */
728 outbuf[11] = 8; /* two profiles */
729 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
730 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
731 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
732 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
733 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
734 stw_be_p(&outbuf[20], 1);
735 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
736 outbuf[23] = 8;
737 stl_be_p(&outbuf[24], 1); /* SCSI */
738 outbuf[28] = 1; /* DBE = 1, mandatory */
739 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
740 stw_be_p(&outbuf[32], 3);
741 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
742 outbuf[35] = 4;
743 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
744 /* TODO: Random readable, CD read, DVD read, drive serial number,
745 power management */
746 return 40;
747 }
748
749 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
750 {
751 if (s->qdev.type != TYPE_ROM) {
752 return -1;
753 }
754 memset(outbuf, 0, 8);
755 outbuf[5] = 1; /* CD-ROM */
756 return 8;
757 }
758
759 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
760 int page_control)
761 {
762 static const int mode_sense_valid[0x3f] = {
763 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
764 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
765 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
766 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
767 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
768 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
769 };
770
771 BlockDriverState *bdrv = s->qdev.conf.bs;
772 int cylinders, heads, secs;
773 uint8_t *p = *p_outbuf;
774
775 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
776 return -1;
777 }
778
779 p[0] = page;
780
781 /*
782 * If Changeable Values are requested, a mask denoting those mode parameters
783 * that are changeable shall be returned. As we currently don't support
784 * parameter changes via MODE_SELECT all bits are returned set to zero.
785 * The buffer was already menset to zero by the caller of this function.
786 */
787 switch (page) {
788 case MODE_PAGE_HD_GEOMETRY:
789 p[1] = 0x16;
790 if (page_control == 1) { /* Changeable Values */
791 break;
792 }
793 /* if a geometry hint is available, use it */
794 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
795 p[2] = (cylinders >> 16) & 0xff;
796 p[3] = (cylinders >> 8) & 0xff;
797 p[4] = cylinders & 0xff;
798 p[5] = heads & 0xff;
799 /* Write precomp start cylinder, disabled */
800 p[6] = (cylinders >> 16) & 0xff;
801 p[7] = (cylinders >> 8) & 0xff;
802 p[8] = cylinders & 0xff;
803 /* Reduced current start cylinder, disabled */
804 p[9] = (cylinders >> 16) & 0xff;
805 p[10] = (cylinders >> 8) & 0xff;
806 p[11] = cylinders & 0xff;
807 /* Device step rate [ns], 200ns */
808 p[12] = 0;
809 p[13] = 200;
810 /* Landing zone cylinder */
811 p[14] = 0xff;
812 p[15] = 0xff;
813 p[16] = 0xff;
814 /* Medium rotation rate [rpm], 5400 rpm */
815 p[20] = (5400 >> 8) & 0xff;
816 p[21] = 5400 & 0xff;
817 break;
818
819 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
820 p[1] = 0x1e;
821 if (page_control == 1) { /* Changeable Values */
822 break;
823 }
824 /* Transfer rate [kbit/s], 5Mbit/s */
825 p[2] = 5000 >> 8;
826 p[3] = 5000 & 0xff;
827 /* if a geometry hint is available, use it */
828 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
829 p[4] = heads & 0xff;
830 p[5] = secs & 0xff;
831 p[6] = s->qdev.blocksize >> 8;
832 p[8] = (cylinders >> 8) & 0xff;
833 p[9] = cylinders & 0xff;
834 /* Write precomp start cylinder, disabled */
835 p[10] = (cylinders >> 8) & 0xff;
836 p[11] = cylinders & 0xff;
837 /* Reduced current start cylinder, disabled */
838 p[12] = (cylinders >> 8) & 0xff;
839 p[13] = cylinders & 0xff;
840 /* Device step rate [100us], 100us */
841 p[14] = 0;
842 p[15] = 1;
843 /* Device step pulse width [us], 1us */
844 p[16] = 1;
845 /* Device head settle delay [100us], 100us */
846 p[17] = 0;
847 p[18] = 1;
848 /* Motor on delay [0.1s], 0.1s */
849 p[19] = 1;
850 /* Motor off delay [0.1s], 0.1s */
851 p[20] = 1;
852 /* Medium rotation rate [rpm], 5400 rpm */
853 p[28] = (5400 >> 8) & 0xff;
854 p[29] = 5400 & 0xff;
855 break;
856
857 case MODE_PAGE_CACHING:
858 p[0] = 8;
859 p[1] = 0x12;
860 if (page_control == 1) { /* Changeable Values */
861 break;
862 }
863 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
864 p[2] = 4; /* WCE */
865 }
866 break;
867
868 case MODE_PAGE_R_W_ERROR:
869 p[1] = 10;
870 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
871 if (s->qdev.type == TYPE_ROM) {
872 p[3] = 0x20; /* Read Retry Count */
873 }
874 break;
875
876 case MODE_PAGE_AUDIO_CTL:
877 p[1] = 14;
878 break;
879
880 case MODE_PAGE_CAPABILITIES:
881 p[1] = 0x14;
882 if (page_control == 1) { /* Changeable Values */
883 break;
884 }
885
886 p[2] = 0x3b; /* CD-R & CD-RW read */
887 p[3] = 0; /* Writing not supported */
888 p[4] = 0x7f; /* Audio, composite, digital out,
889 mode 2 form 1&2, multi session */
890 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
891 RW corrected, C2 errors, ISRC,
892 UPC, Bar code */
893 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
894 /* Locking supported, jumper present, eject, tray */
895 p[7] = 0; /* no volume & mute control, no
896 changer */
897 p[8] = (50 * 176) >> 8; /* 50x read speed */
898 p[9] = (50 * 176) & 0xff;
899 p[10] = 2 >> 8; /* Two volume levels */
900 p[11] = 2 & 0xff;
901 p[12] = 2048 >> 8; /* 2M buffer */
902 p[13] = 2048 & 0xff;
903 p[14] = (16 * 176) >> 8; /* 16x read speed current */
904 p[15] = (16 * 176) & 0xff;
905 p[18] = (16 * 176) >> 8; /* 16x write speed */
906 p[19] = (16 * 176) & 0xff;
907 p[20] = (16 * 176) >> 8; /* 16x write speed current */
908 p[21] = (16 * 176) & 0xff;
909 break;
910
911 default:
912 return -1;
913 }
914
915 *p_outbuf += p[1] + 2;
916 return p[1] + 2;
917 }
918
919 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
920 {
921 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
922 uint64_t nb_sectors;
923 int page, dbd, buflen, ret, page_control;
924 uint8_t *p;
925 uint8_t dev_specific_param;
926
927 dbd = r->req.cmd.buf[1] & 0x8;
928 page = r->req.cmd.buf[2] & 0x3f;
929 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
930 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
931 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
932 memset(outbuf, 0, r->req.cmd.xfer);
933 p = outbuf;
934
935 if (bdrv_is_read_only(s->qdev.conf.bs)) {
936 dev_specific_param = 0x80; /* Readonly. */
937 } else {
938 dev_specific_param = 0x00;
939 }
940
941 if (r->req.cmd.buf[0] == MODE_SENSE) {
942 p[1] = 0; /* Default media type. */
943 p[2] = dev_specific_param;
944 p[3] = 0; /* Block descriptor length. */
945 p += 4;
946 } else { /* MODE_SENSE_10 */
947 p[2] = 0; /* Default media type. */
948 p[3] = dev_specific_param;
949 p[6] = p[7] = 0; /* Block descriptor length. */
950 p += 8;
951 }
952
953 /* MMC prescribes that CD/DVD drives have no block descriptors. */
954 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
955 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
956 if (r->req.cmd.buf[0] == MODE_SENSE) {
957 outbuf[3] = 8; /* Block descriptor length */
958 } else { /* MODE_SENSE_10 */
959 outbuf[7] = 8; /* Block descriptor length */
960 }
961 nb_sectors /= (s->qdev.blocksize / 512);
962 if (nb_sectors > 0xffffff) {
963 nb_sectors = 0;
964 }
965 p[0] = 0; /* media density code */
966 p[1] = (nb_sectors >> 16) & 0xff;
967 p[2] = (nb_sectors >> 8) & 0xff;
968 p[3] = nb_sectors & 0xff;
969 p[4] = 0; /* reserved */
970 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
971 p[6] = s->qdev.blocksize >> 8;
972 p[7] = 0;
973 p += 8;
974 }
975
976 if (page_control == 3) {
977 /* Saved Values */
978 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
979 return -1;
980 }
981
982 if (page == 0x3f) {
983 for (page = 0; page <= 0x3e; page++) {
984 mode_sense_page(s, page, &p, page_control);
985 }
986 } else {
987 ret = mode_sense_page(s, page, &p, page_control);
988 if (ret == -1) {
989 return -1;
990 }
991 }
992
993 buflen = p - outbuf;
994 /*
995 * The mode data length field specifies the length in bytes of the
996 * following data that is available to be transferred. The mode data
997 * length does not include itself.
998 */
999 if (r->req.cmd.buf[0] == MODE_SENSE) {
1000 outbuf[0] = buflen - 1;
1001 } else { /* MODE_SENSE_10 */
1002 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1003 outbuf[1] = (buflen - 2) & 0xff;
1004 }
1005 if (buflen > r->req.cmd.xfer) {
1006 buflen = r->req.cmd.xfer;
1007 }
1008 return buflen;
1009 }
1010
1011 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1012 {
1013 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1014 int start_track, format, msf, toclen;
1015 uint64_t nb_sectors;
1016
1017 msf = req->cmd.buf[1] & 2;
1018 format = req->cmd.buf[2] & 0xf;
1019 start_track = req->cmd.buf[6];
1020 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1021 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1022 nb_sectors /= s->qdev.blocksize / 512;
1023 switch (format) {
1024 case 0:
1025 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1026 break;
1027 case 1:
1028 /* multi session : only a single session defined */
1029 toclen = 12;
1030 memset(outbuf, 0, 12);
1031 outbuf[1] = 0x0a;
1032 outbuf[2] = 0x01;
1033 outbuf[3] = 0x01;
1034 break;
1035 case 2:
1036 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1037 break;
1038 default:
1039 return -1;
1040 }
1041 if (toclen > req->cmd.xfer) {
1042 toclen = req->cmd.xfer;
1043 }
1044 return toclen;
1045 }
1046
1047 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1048 {
1049 SCSIRequest *req = &r->req;
1050 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1051 bool start = req->cmd.buf[4] & 1;
1052 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1053
1054 if (s->qdev.type == TYPE_ROM && loej) {
1055 if (!start && !s->tray_open && s->tray_locked) {
1056 scsi_check_condition(r,
1057 bdrv_is_inserted(s->qdev.conf.bs)
1058 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1059 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1060 return -1;
1061 }
1062 bdrv_eject(s->qdev.conf.bs, !start);
1063 s->tray_open = !start;
1064 }
1065 return 0;
1066 }
1067
1068 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1069 {
1070 SCSIRequest *req = &r->req;
1071 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1072 uint64_t nb_sectors;
1073 uint8_t *outbuf;
1074 int buflen = 0;
1075
1076 if (!r->iov.iov_base) {
1077 /*
1078 * FIXME: we shouldn't return anything bigger than 4k, but the code
1079 * requires the buffer to be as big as req->cmd.xfer in several
1080 * places. So, do not allow CDBs with a very large ALLOCATION
1081 * LENGTH. The real fix would be to modify scsi_read_data and
1082 * dma_buf_read, so that they return data beyond the buflen
1083 * as all zeros.
1084 */
1085 if (req->cmd.xfer > 65536) {
1086 goto illegal_request;
1087 }
1088 r->buflen = MAX(4096, req->cmd.xfer);
1089 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1090 }
1091
1092 outbuf = r->iov.iov_base;
1093 switch (req->cmd.buf[0]) {
1094 case TEST_UNIT_READY:
1095 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1096 goto not_ready;
1097 }
1098 break;
1099 case INQUIRY:
1100 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1101 if (buflen < 0) {
1102 goto illegal_request;
1103 }
1104 break;
1105 case MODE_SENSE:
1106 case MODE_SENSE_10:
1107 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1108 if (buflen < 0) {
1109 goto illegal_request;
1110 }
1111 break;
1112 case READ_TOC:
1113 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1114 if (buflen < 0) {
1115 goto illegal_request;
1116 }
1117 break;
1118 case RESERVE:
1119 if (req->cmd.buf[1] & 1) {
1120 goto illegal_request;
1121 }
1122 break;
1123 case RESERVE_10:
1124 if (req->cmd.buf[1] & 3) {
1125 goto illegal_request;
1126 }
1127 break;
1128 case RELEASE:
1129 if (req->cmd.buf[1] & 1) {
1130 goto illegal_request;
1131 }
1132 break;
1133 case RELEASE_10:
1134 if (req->cmd.buf[1] & 3) {
1135 goto illegal_request;
1136 }
1137 break;
1138 case START_STOP:
1139 if (scsi_disk_emulate_start_stop(r) < 0) {
1140 return -1;
1141 }
1142 break;
1143 case ALLOW_MEDIUM_REMOVAL:
1144 s->tray_locked = req->cmd.buf[4] & 1;
1145 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1146 break;
1147 case READ_CAPACITY_10:
1148 /* The normal LEN field for this command is zero. */
1149 memset(outbuf, 0, 8);
1150 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1151 if (!nb_sectors) {
1152 goto not_ready;
1153 }
1154 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1155 goto illegal_request;
1156 }
1157 nb_sectors /= s->qdev.blocksize / 512;
1158 /* Returned value is the address of the last sector. */
1159 nb_sectors--;
1160 /* Remember the new size for read/write sanity checking. */
1161 s->qdev.max_lba = nb_sectors;
1162 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1163 if (nb_sectors > UINT32_MAX) {
1164 nb_sectors = UINT32_MAX;
1165 }
1166 outbuf[0] = (nb_sectors >> 24) & 0xff;
1167 outbuf[1] = (nb_sectors >> 16) & 0xff;
1168 outbuf[2] = (nb_sectors >> 8) & 0xff;
1169 outbuf[3] = nb_sectors & 0xff;
1170 outbuf[4] = 0;
1171 outbuf[5] = 0;
1172 outbuf[6] = s->qdev.blocksize >> 8;
1173 outbuf[7] = 0;
1174 buflen = 8;
1175 break;
1176 case REQUEST_SENSE:
1177 /* Just return "NO SENSE". */
1178 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1179 (req->cmd.buf[1] & 1) == 0);
1180 break;
1181 case MECHANISM_STATUS:
1182 buflen = scsi_emulate_mechanism_status(s, outbuf);
1183 if (buflen < 0) {
1184 goto illegal_request;
1185 }
1186 break;
1187 case GET_CONFIGURATION:
1188 buflen = scsi_get_configuration(s, outbuf);
1189 if (buflen < 0) {
1190 goto illegal_request;
1191 }
1192 break;
1193 case GET_EVENT_STATUS_NOTIFICATION:
1194 buflen = scsi_get_event_status_notification(s, r, outbuf);
1195 if (buflen < 0) {
1196 goto illegal_request;
1197 }
1198 break;
1199 case READ_DVD_STRUCTURE:
1200 buflen = scsi_read_dvd_structure(s, r, outbuf);
1201 if (buflen < 0) {
1202 goto illegal_request;
1203 }
1204 break;
1205 case SERVICE_ACTION_IN_16:
1206 /* Service Action In subcommands. */
1207 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1208 DPRINTF("SAI READ CAPACITY(16)\n");
1209 memset(outbuf, 0, req->cmd.xfer);
1210 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1211 if (!nb_sectors) {
1212 goto not_ready;
1213 }
1214 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1215 goto illegal_request;
1216 }
1217 nb_sectors /= s->qdev.blocksize / 512;
1218 /* Returned value is the address of the last sector. */
1219 nb_sectors--;
1220 /* Remember the new size for read/write sanity checking. */
1221 s->qdev.max_lba = nb_sectors;
1222 outbuf[0] = (nb_sectors >> 56) & 0xff;
1223 outbuf[1] = (nb_sectors >> 48) & 0xff;
1224 outbuf[2] = (nb_sectors >> 40) & 0xff;
1225 outbuf[3] = (nb_sectors >> 32) & 0xff;
1226 outbuf[4] = (nb_sectors >> 24) & 0xff;
1227 outbuf[5] = (nb_sectors >> 16) & 0xff;
1228 outbuf[6] = (nb_sectors >> 8) & 0xff;
1229 outbuf[7] = nb_sectors & 0xff;
1230 outbuf[8] = 0;
1231 outbuf[9] = 0;
1232 outbuf[10] = s->qdev.blocksize >> 8;
1233 outbuf[11] = 0;
1234 outbuf[12] = 0;
1235 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1236
1237 /* set TPE bit if the format supports discard */
1238 if (s->qdev.conf.discard_granularity) {
1239 outbuf[14] = 0x80;
1240 }
1241
1242 /* Protection, exponent and lowest lba field left blank. */
1243 buflen = req->cmd.xfer;
1244 break;
1245 }
1246 DPRINTF("Unsupported Service Action In\n");
1247 goto illegal_request;
1248 case VERIFY_10:
1249 break;
1250 default:
1251 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1252 return -1;
1253 }
1254 return buflen;
1255
1256 not_ready:
1257 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1258 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1259 } else {
1260 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1261 }
1262 return -1;
1263
1264 illegal_request:
1265 if (r->req.status == -1) {
1266 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1267 }
1268 return -1;
1269 }
1270
1271 /* Execute a scsi command. Returns the length of the data expected by the
1272 command. This will be Positive for data transfers from the device
1273 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1274 and zero if the command does not transfer any data. */
1275
1276 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1277 {
1278 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1279 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1280 int32_t len;
1281 uint8_t command;
1282 int rc;
1283
1284 command = buf[0];
1285 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1286
1287 #ifdef DEBUG_SCSI
1288 {
1289 int i;
1290 for (i = 1; i < r->req.cmd.len; i++) {
1291 printf(" 0x%02x", buf[i]);
1292 }
1293 printf("\n");
1294 }
1295 #endif
1296
1297 switch (command) {
1298 case TEST_UNIT_READY:
1299 case INQUIRY:
1300 case MODE_SENSE:
1301 case MODE_SENSE_10:
1302 case RESERVE:
1303 case RESERVE_10:
1304 case RELEASE:
1305 case RELEASE_10:
1306 case START_STOP:
1307 case ALLOW_MEDIUM_REMOVAL:
1308 case READ_CAPACITY_10:
1309 case READ_TOC:
1310 case READ_DVD_STRUCTURE:
1311 case GET_CONFIGURATION:
1312 case GET_EVENT_STATUS_NOTIFICATION:
1313 case MECHANISM_STATUS:
1314 case SERVICE_ACTION_IN_16:
1315 case REQUEST_SENSE:
1316 case VERIFY_10:
1317 rc = scsi_disk_emulate_command(r);
1318 if (rc < 0) {
1319 return 0;
1320 }
1321
1322 r->iov.iov_len = rc;
1323 break;
1324 case SYNCHRONIZE_CACHE:
1325 /* The request is used as the AIO opaque value, so add a ref. */
1326 scsi_req_ref(&r->req);
1327 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1328 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1329 return 0;
1330 case READ_6:
1331 case READ_10:
1332 case READ_12:
1333 case READ_16:
1334 len = r->req.cmd.xfer / s->qdev.blocksize;
1335 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1336 if (r->req.cmd.lba > s->qdev.max_lba) {
1337 goto illegal_lba;
1338 }
1339 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1340 r->sector_count = len * (s->qdev.blocksize / 512);
1341 break;
1342 case WRITE_6:
1343 case WRITE_10:
1344 case WRITE_12:
1345 case WRITE_16:
1346 case WRITE_VERIFY_10:
1347 case WRITE_VERIFY_12:
1348 case WRITE_VERIFY_16:
1349 len = r->req.cmd.xfer / s->qdev.blocksize;
1350 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1351 (command & 0xe) == 0xe ? "And Verify " : "",
1352 r->req.cmd.lba, len);
1353 if (r->req.cmd.lba > s->qdev.max_lba) {
1354 goto illegal_lba;
1355 }
1356 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1357 r->sector_count = len * (s->qdev.blocksize / 512);
1358 break;
1359 case MODE_SELECT:
1360 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1361 /* We don't support mode parameter changes.
1362 Allow the mode parameter header + block descriptors only. */
1363 if (r->req.cmd.xfer > 12) {
1364 goto fail;
1365 }
1366 break;
1367 case MODE_SELECT_10:
1368 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1369 /* We don't support mode parameter changes.
1370 Allow the mode parameter header + block descriptors only. */
1371 if (r->req.cmd.xfer > 16) {
1372 goto fail;
1373 }
1374 break;
1375 case SEEK_10:
1376 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1377 if (r->req.cmd.lba > s->qdev.max_lba) {
1378 goto illegal_lba;
1379 }
1380 break;
1381 case WRITE_SAME_16:
1382 len = r->req.cmd.xfer / s->qdev.blocksize;
1383
1384 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1385 r->req.cmd.lba, len);
1386
1387 if (r->req.cmd.lba > s->qdev.max_lba) {
1388 goto illegal_lba;
1389 }
1390
1391 /*
1392 * We only support WRITE SAME with the unmap bit set for now.
1393 */
1394 if (!(buf[1] & 0x8)) {
1395 goto fail;
1396 }
1397
1398 rc = bdrv_discard(s->qdev.conf.bs,
1399 r->req.cmd.lba * (s->qdev.blocksize / 512),
1400 len * (s->qdev.blocksize / 512));
1401 if (rc < 0) {
1402 /* XXX: better error code ?*/
1403 goto fail;
1404 }
1405
1406 break;
1407 default:
1408 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1409 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1410 return 0;
1411 fail:
1412 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1413 return 0;
1414 illegal_lba:
1415 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1416 return 0;
1417 }
1418 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1419 scsi_req_complete(&r->req, GOOD);
1420 }
1421 len = r->sector_count * 512 + r->iov.iov_len;
1422 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1423 return -len;
1424 } else {
1425 if (!r->sector_count) {
1426 r->sector_count = -1;
1427 }
1428 return len;
1429 }
1430 }
1431
1432 static void scsi_disk_reset(DeviceState *dev)
1433 {
1434 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1435 uint64_t nb_sectors;
1436
1437 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1438
1439 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1440 nb_sectors /= s->qdev.blocksize / 512;
1441 if (nb_sectors) {
1442 nb_sectors--;
1443 }
1444 s->qdev.max_lba = nb_sectors;
1445 }
1446
1447 static void scsi_destroy(SCSIDevice *dev)
1448 {
1449 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1450
1451 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1452 blockdev_mark_auto_del(s->qdev.conf.bs);
1453 }
1454
1455 static void scsi_cd_change_media_cb(void *opaque, bool load)
1456 {
1457 SCSIDiskState *s = opaque;
1458
1459 /*
1460 * When a CD gets changed, we have to report an ejected state and
1461 * then a loaded state to guests so that they detect tray
1462 * open/close and media change events. Guests that do not use
1463 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1464 * states rely on this behavior.
1465 *
1466 * media_changed governs the state machine used for unit attention
1467 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1468 */
1469 s->media_changed = load;
1470 s->tray_open = !load;
1471 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1472 s->media_event = true;
1473 s->eject_request = false;
1474 }
1475
1476 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1477 {
1478 SCSIDiskState *s = opaque;
1479
1480 s->eject_request = true;
1481 if (force) {
1482 s->tray_locked = false;
1483 }
1484 }
1485
1486 static bool scsi_cd_is_tray_open(void *opaque)
1487 {
1488 return ((SCSIDiskState *)opaque)->tray_open;
1489 }
1490
1491 static bool scsi_cd_is_medium_locked(void *opaque)
1492 {
1493 return ((SCSIDiskState *)opaque)->tray_locked;
1494 }
1495
1496 static const BlockDevOps scsi_cd_block_ops = {
1497 .change_media_cb = scsi_cd_change_media_cb,
1498 .eject_request_cb = scsi_cd_eject_request_cb,
1499 .is_tray_open = scsi_cd_is_tray_open,
1500 .is_medium_locked = scsi_cd_is_medium_locked,
1501 };
1502
1503 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1504 {
1505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1506 if (s->media_changed) {
1507 s->media_changed = false;
1508 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1509 }
1510 }
1511
1512 static int scsi_initfn(SCSIDevice *dev)
1513 {
1514 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1515 DriveInfo *dinfo;
1516
1517 if (!s->qdev.conf.bs) {
1518 error_report("drive property not set");
1519 return -1;
1520 }
1521
1522 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1523 error_report("Device needs media, but drive is empty");
1524 return -1;
1525 }
1526
1527 if (!s->serial) {
1528 /* try to fall back to value set with legacy -drive serial=... */
1529 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1530 if (*dinfo->serial) {
1531 s->serial = g_strdup(dinfo->serial);
1532 }
1533 }
1534
1535 if (!s->version) {
1536 s->version = g_strdup(QEMU_VERSION);
1537 }
1538
1539 if (bdrv_is_sg(s->qdev.conf.bs)) {
1540 error_report("unwanted /dev/sg*");
1541 return -1;
1542 }
1543
1544 if (s->removable) {
1545 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1546 }
1547 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1548
1549 bdrv_iostatus_enable(s->qdev.conf.bs);
1550 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1551 return 0;
1552 }
1553
1554 static int scsi_hd_initfn(SCSIDevice *dev)
1555 {
1556 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1557 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1558 s->qdev.type = TYPE_DISK;
1559 return scsi_initfn(&s->qdev);
1560 }
1561
1562 static int scsi_cd_initfn(SCSIDevice *dev)
1563 {
1564 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1565 s->qdev.blocksize = 2048;
1566 s->qdev.type = TYPE_ROM;
1567 s->removable = true;
1568 return scsi_initfn(&s->qdev);
1569 }
1570
1571 static int scsi_disk_initfn(SCSIDevice *dev)
1572 {
1573 DriveInfo *dinfo;
1574
1575 if (!dev->conf.bs) {
1576 return scsi_initfn(dev); /* ... and die there */
1577 }
1578
1579 dinfo = drive_get_by_blockdev(dev->conf.bs);
1580 if (dinfo->media_cd) {
1581 return scsi_cd_initfn(dev);
1582 } else {
1583 return scsi_hd_initfn(dev);
1584 }
1585 }
1586
1587 static const SCSIReqOps scsi_disk_reqops = {
1588 .size = sizeof(SCSIDiskReq),
1589 .free_req = scsi_free_request,
1590 .send_command = scsi_send_command,
1591 .read_data = scsi_read_data,
1592 .write_data = scsi_write_data,
1593 .cancel_io = scsi_cancel_io,
1594 .get_buf = scsi_get_buf,
1595 };
1596
1597 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1598 uint8_t *buf, void *hba_private)
1599 {
1600 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1601 SCSIRequest *req;
1602
1603 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1604 return req;
1605 }
1606
1607 #ifdef __linux__
1608 static int get_device_type(SCSIDiskState *s)
1609 {
1610 BlockDriverState *bdrv = s->qdev.conf.bs;
1611 uint8_t cmd[16];
1612 uint8_t buf[36];
1613 uint8_t sensebuf[8];
1614 sg_io_hdr_t io_header;
1615 int ret;
1616
1617 memset(cmd, 0, sizeof(cmd));
1618 memset(buf, 0, sizeof(buf));
1619 cmd[0] = INQUIRY;
1620 cmd[4] = sizeof(buf);
1621
1622 memset(&io_header, 0, sizeof(io_header));
1623 io_header.interface_id = 'S';
1624 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1625 io_header.dxfer_len = sizeof(buf);
1626 io_header.dxferp = buf;
1627 io_header.cmdp = cmd;
1628 io_header.cmd_len = sizeof(cmd);
1629 io_header.mx_sb_len = sizeof(sensebuf);
1630 io_header.sbp = sensebuf;
1631 io_header.timeout = 6000; /* XXX */
1632
1633 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1634 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1635 return -1;
1636 }
1637 s->qdev.type = buf[0];
1638 s->removable = (buf[1] & 0x80) != 0;
1639 return 0;
1640 }
1641
1642 static int scsi_block_initfn(SCSIDevice *dev)
1643 {
1644 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1645 int sg_version;
1646 int rc;
1647
1648 if (!s->qdev.conf.bs) {
1649 error_report("scsi-block: drive property not set");
1650 return -1;
1651 }
1652
1653 /* check we are using a driver managing SG_IO (version 3 and after) */
1654 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1655 sg_version < 30000) {
1656 error_report("scsi-block: scsi generic interface too old");
1657 return -1;
1658 }
1659
1660 /* get device type from INQUIRY data */
1661 rc = get_device_type(s);
1662 if (rc < 0) {
1663 error_report("scsi-block: INQUIRY failed");
1664 return -1;
1665 }
1666
1667 /* Make a guess for the block size, we'll fix it when the guest sends.
1668 * READ CAPACITY. If they don't, they likely would assume these sizes
1669 * anyway. (TODO: check in /sys).
1670 */
1671 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1672 s->qdev.blocksize = 2048;
1673 } else {
1674 s->qdev.blocksize = 512;
1675 }
1676 return scsi_initfn(&s->qdev);
1677 }
1678
1679 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1680 uint32_t lun, uint8_t *buf,
1681 void *hba_private)
1682 {
1683 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1684
1685 switch (buf[0]) {
1686 case READ_6:
1687 case READ_10:
1688 case READ_12:
1689 case READ_16:
1690 case WRITE_6:
1691 case WRITE_10:
1692 case WRITE_12:
1693 case WRITE_16:
1694 case WRITE_VERIFY_10:
1695 case WRITE_VERIFY_12:
1696 case WRITE_VERIFY_16:
1697 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1698 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1699 * And once you do these writes, reading from the block device is
1700 * unreliable, too. It is even possible that reads deliver random data
1701 * from the host page cache (this is probably a Linux bug).
1702 *
1703 * We might use scsi_disk_reqops as long as no writing commands are
1704 * seen, but performance usually isn't paramount on optical media. So,
1705 * just make scsi-block operate the same as scsi-generic for them.
1706 */
1707 if (s->qdev.type != TYPE_ROM) {
1708 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1709 hba_private);
1710 }
1711 }
1712
1713 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1714 hba_private);
1715 }
1716 #endif
1717
1718 #define DEFINE_SCSI_DISK_PROPERTIES() \
1719 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1720 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1721 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1722
1723 static SCSIDeviceInfo scsi_disk_info[] = {
1724 {
1725 .qdev.name = "scsi-hd",
1726 .qdev.fw_name = "disk",
1727 .qdev.desc = "virtual SCSI disk",
1728 .qdev.size = sizeof(SCSIDiskState),
1729 .qdev.reset = scsi_disk_reset,
1730 .init = scsi_hd_initfn,
1731 .destroy = scsi_destroy,
1732 .alloc_req = scsi_new_request,
1733 .unit_attention_reported = scsi_disk_unit_attention_reported,
1734 .qdev.props = (Property[]) {
1735 DEFINE_SCSI_DISK_PROPERTIES(),
1736 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1737 DEFINE_PROP_END_OF_LIST(),
1738 }
1739 },{
1740 .qdev.name = "scsi-cd",
1741 .qdev.fw_name = "disk",
1742 .qdev.desc = "virtual SCSI CD-ROM",
1743 .qdev.size = sizeof(SCSIDiskState),
1744 .qdev.reset = scsi_disk_reset,
1745 .init = scsi_cd_initfn,
1746 .destroy = scsi_destroy,
1747 .alloc_req = scsi_new_request,
1748 .unit_attention_reported = scsi_disk_unit_attention_reported,
1749 .qdev.props = (Property[]) {
1750 DEFINE_SCSI_DISK_PROPERTIES(),
1751 DEFINE_PROP_END_OF_LIST(),
1752 },
1753 #ifdef __linux__
1754 },{
1755 .qdev.name = "scsi-block",
1756 .qdev.fw_name = "disk",
1757 .qdev.desc = "SCSI block device passthrough",
1758 .qdev.size = sizeof(SCSIDiskState),
1759 .qdev.reset = scsi_disk_reset,
1760 .init = scsi_block_initfn,
1761 .destroy = scsi_destroy,
1762 .alloc_req = scsi_block_new_request,
1763 .qdev.props = (Property[]) {
1764 DEFINE_SCSI_DISK_PROPERTIES(),
1765 DEFINE_PROP_END_OF_LIST(),
1766 },
1767 #endif
1768 },{
1769 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1770 .qdev.fw_name = "disk",
1771 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1772 .qdev.size = sizeof(SCSIDiskState),
1773 .qdev.reset = scsi_disk_reset,
1774 .init = scsi_disk_initfn,
1775 .destroy = scsi_destroy,
1776 .alloc_req = scsi_new_request,
1777 .unit_attention_reported = scsi_disk_unit_attention_reported,
1778 .qdev.props = (Property[]) {
1779 DEFINE_SCSI_DISK_PROPERTIES(),
1780 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1781 DEFINE_PROP_END_OF_LIST(),
1782 }
1783 }
1784 };
1785
1786 static void scsi_disk_register_devices(void)
1787 {
1788 int i;
1789
1790 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1791 scsi_qdev_register(&scsi_disk_info[i]);
1792 }
1793 }
1794 device_init(scsi_disk_register_devices)
Qemu copy for testing