]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi: add a qdev property for the disk's WWN
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "dma.h"
38
39 #ifdef __linux
40 #include <scsi/sg.h>
41 #endif
42
43 #define SCSI_DMA_BUF_SIZE 131072
44 #define SCSI_MAX_INQUIRY_LEN 256
45
46 typedef struct SCSIDiskState SCSIDiskState;
47
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
51 uint64_t sector;
52 uint32_t sector_count;
53 uint32_t buflen;
54 bool started;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 BlockAcctCookie acct;
58 } SCSIDiskReq;
59
60 #define SCSI_DISK_F_REMOVABLE 0
61 #define SCSI_DISK_F_DPOFUA 1
62
63 struct SCSIDiskState
64 {
65 SCSIDevice qdev;
66 uint32_t features;
67 bool media_changed;
68 bool media_event;
69 bool eject_request;
70 uint64_t wwn;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 bool tray_open;
75 bool tray_locked;
76 };
77
78 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79
80 static void scsi_free_request(SCSIRequest *req)
81 {
82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83
84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
86 }
87 }
88
89 /* Helper function for command completion with sense. */
90 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 {
92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
96 }
97
98 /* Cancel a pending data transfer. */
99 static void scsi_cancel_io(SCSIRequest *req)
100 {
101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 if (r->req.aiocb) {
105 bdrv_aio_cancel(r->req.aiocb);
106
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
111 }
112 r->req.aiocb = NULL;
113 }
114
115 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 {
117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118
119 if (!r->iov.iov_base) {
120 r->buflen = size;
121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 }
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
126 }
127
128 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 {
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen) {
136 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
137 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
138 } else if (!req->retry) {
139 uint32_t len = r->iov.iov_len;
140 qemu_put_be32s(f, &len);
141 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
142 }
143 }
144 }
145
146 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
147 {
148 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
149
150 qemu_get_be64s(f, &r->sector);
151 qemu_get_be32s(f, &r->sector_count);
152 qemu_get_be32s(f, &r->buflen);
153 if (r->buflen) {
154 scsi_init_iovec(r, r->buflen);
155 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
156 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
157 } else if (!r->req.retry) {
158 uint32_t len;
159 qemu_get_be32s(f, &len);
160 r->iov.iov_len = len;
161 assert(r->iov.iov_len <= r->buflen);
162 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
163 }
164 }
165
166 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
167 }
168
169 static void scsi_flush_complete(void * opaque, int ret)
170 {
171 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
172 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
173
174 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
175
176 if (ret < 0) {
177 if (scsi_handle_rw_error(r, -ret)) {
178 goto done;
179 }
180 }
181
182 scsi_req_complete(&r->req, GOOD);
183
184 done:
185 if (!r->req.io_canceled) {
186 scsi_req_unref(&r->req);
187 }
188 }
189
190 static bool scsi_is_cmd_fua(SCSICommand *cmd)
191 {
192 switch (cmd->buf[0]) {
193 case READ_10:
194 case READ_12:
195 case READ_16:
196 case WRITE_10:
197 case WRITE_12:
198 case WRITE_16:
199 return (cmd->buf[1] & 8) != 0;
200
201 case VERIFY_10:
202 case VERIFY_12:
203 case VERIFY_16:
204 case WRITE_VERIFY_10:
205 case WRITE_VERIFY_12:
206 case WRITE_VERIFY_16:
207 return true;
208
209 case READ_6:
210 case WRITE_6:
211 default:
212 return false;
213 }
214 }
215
216 static void scsi_write_do_fua(SCSIDiskReq *r)
217 {
218 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
219
220 if (scsi_is_cmd_fua(&r->req.cmd)) {
221 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
222 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
223 return;
224 }
225
226 scsi_req_complete(&r->req, GOOD);
227 if (!r->req.io_canceled) {
228 scsi_req_unref(&r->req);
229 }
230 }
231
232 static void scsi_dma_complete(void *opaque, int ret)
233 {
234 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
236
237 if (r->req.aiocb != NULL) {
238 r->req.aiocb = NULL;
239 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
240 }
241
242 if (ret < 0) {
243 if (scsi_handle_rw_error(r, -ret)) {
244 goto done;
245 }
246 }
247
248 r->sector += r->sector_count;
249 r->sector_count = 0;
250 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
251 scsi_write_do_fua(r);
252 return;
253 } else {
254 scsi_req_complete(&r->req, GOOD);
255 }
256
257 done:
258 if (!r->req.io_canceled) {
259 scsi_req_unref(&r->req);
260 }
261 }
262
263 static void scsi_read_complete(void * opaque, int ret)
264 {
265 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
266 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
267 int n;
268
269 if (r->req.aiocb != NULL) {
270 r->req.aiocb = NULL;
271 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
272 }
273
274 if (ret < 0) {
275 if (scsi_handle_rw_error(r, -ret)) {
276 goto done;
277 }
278 }
279
280 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
281
282 n = r->qiov.size / 512;
283 r->sector += n;
284 r->sector_count -= n;
285 scsi_req_data(&r->req, r->qiov.size);
286
287 done:
288 if (!r->req.io_canceled) {
289 scsi_req_unref(&r->req);
290 }
291 }
292
293 /* Actually issue a read to the block device. */
294 static void scsi_do_read(void *opaque, int ret)
295 {
296 SCSIDiskReq *r = opaque;
297 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
298 uint32_t n;
299
300 if (r->req.aiocb != NULL) {
301 r->req.aiocb = NULL;
302 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
303 }
304
305 if (ret < 0) {
306 if (scsi_handle_rw_error(r, -ret)) {
307 goto done;
308 }
309 }
310
311 if (r->req.io_canceled) {
312 return;
313 }
314
315 /* The request is used as the AIO opaque value, so add a ref. */
316 scsi_req_ref(&r->req);
317
318 if (r->req.sg) {
319 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
320 r->req.resid -= r->req.sg->size;
321 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
322 scsi_dma_complete, r);
323 } else {
324 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
325 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
326 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
327 scsi_read_complete, r);
328 }
329
330 done:
331 if (!r->req.io_canceled) {
332 scsi_req_unref(&r->req);
333 }
334 }
335
336 /* Read more data from scsi device into buffer. */
337 static void scsi_read_data(SCSIRequest *req)
338 {
339 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
341 bool first;
342
343 if (r->sector_count == (uint32_t)-1) {
344 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
345 r->sector_count = 0;
346 r->started = true;
347 scsi_req_data(&r->req, r->iov.iov_len);
348 return;
349 }
350 DPRINTF("Read sector_count=%d\n", r->sector_count);
351 if (r->sector_count == 0) {
352 /* This also clears the sense buffer for REQUEST SENSE. */
353 scsi_req_complete(&r->req, GOOD);
354 return;
355 }
356
357 /* No data transfer may already be in progress */
358 assert(r->req.aiocb == NULL);
359
360 /* The request is used as the AIO opaque value, so add a ref. */
361 scsi_req_ref(&r->req);
362 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
363 DPRINTF("Data transfer direction invalid\n");
364 scsi_read_complete(r, -EINVAL);
365 return;
366 }
367
368 if (s->tray_open) {
369 scsi_read_complete(r, -ENOMEDIUM);
370 return;
371 }
372
373 first = !r->started;
374 r->started = true;
375 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
376 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
377 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
378 } else {
379 scsi_do_read(r, 0);
380 }
381 }
382
383 /*
384 * scsi_handle_rw_error has two return values. 0 means that the error
385 * must be ignored, 1 means that the error has been processed and the
386 * caller should not do anything else for this request. Note that
387 * scsi_handle_rw_error always manages its reference counts, independent
388 * of the return value.
389 */
390 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
391 {
392 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
393 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
394 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
395
396 if (action == BLOCK_ERR_IGNORE) {
397 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
398 return 0;
399 }
400
401 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
402 || action == BLOCK_ERR_STOP_ANY) {
403
404 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
405 vm_stop(RUN_STATE_IO_ERROR);
406 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
407 scsi_req_retry(&r->req);
408 } else {
409 switch (error) {
410 case ENOMEDIUM:
411 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
412 break;
413 case ENOMEM:
414 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
415 break;
416 case EINVAL:
417 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
418 break;
419 default:
420 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
421 break;
422 }
423 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
424 }
425 return 1;
426 }
427
428 static void scsi_write_complete(void * opaque, int ret)
429 {
430 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
431 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
432 uint32_t n;
433
434 if (r->req.aiocb != NULL) {
435 r->req.aiocb = NULL;
436 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
437 }
438
439 if (ret < 0) {
440 if (scsi_handle_rw_error(r, -ret)) {
441 goto done;
442 }
443 }
444
445 n = r->qiov.size / 512;
446 r->sector += n;
447 r->sector_count -= n;
448 if (r->sector_count == 0) {
449 scsi_write_do_fua(r);
450 return;
451 } else {
452 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
453 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
454 scsi_req_data(&r->req, r->qiov.size);
455 }
456
457 done:
458 if (!r->req.io_canceled) {
459 scsi_req_unref(&r->req);
460 }
461 }
462
463 static void scsi_write_data(SCSIRequest *req)
464 {
465 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
466 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
467 uint32_t n;
468
469 /* No data transfer may already be in progress */
470 assert(r->req.aiocb == NULL);
471
472 /* The request is used as the AIO opaque value, so add a ref. */
473 scsi_req_ref(&r->req);
474 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
475 DPRINTF("Data transfer direction invalid\n");
476 scsi_write_complete(r, -EINVAL);
477 return;
478 }
479
480 if (!r->req.sg && !r->qiov.size) {
481 /* Called for the first time. Ask the driver to send us more data. */
482 r->started = true;
483 scsi_write_complete(r, 0);
484 return;
485 }
486 if (s->tray_open) {
487 scsi_write_complete(r, -ENOMEDIUM);
488 return;
489 }
490
491 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
492 r->req.cmd.buf[0] == VERIFY_16) {
493 if (r->req.sg) {
494 scsi_dma_complete(r, 0);
495 } else {
496 scsi_write_complete(r, 0);
497 }
498 return;
499 }
500
501 if (r->req.sg) {
502 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
503 r->req.resid -= r->req.sg->size;
504 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
505 scsi_dma_complete, r);
506 } else {
507 n = r->qiov.size / 512;
508 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
509 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
510 scsi_write_complete, r);
511 }
512 }
513
514 /* Return a pointer to the data buffer. */
515 static uint8_t *scsi_get_buf(SCSIRequest *req)
516 {
517 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
518
519 return (uint8_t *)r->iov.iov_base;
520 }
521
522 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
523 {
524 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
525 int buflen = 0;
526 int start;
527
528 if (req->cmd.buf[1] & 0x1) {
529 /* Vital product data */
530 uint8_t page_code = req->cmd.buf[2];
531
532 outbuf[buflen++] = s->qdev.type & 0x1f;
533 outbuf[buflen++] = page_code ; // this page
534 outbuf[buflen++] = 0x00;
535 outbuf[buflen++] = 0x00;
536 start = buflen;
537
538 switch (page_code) {
539 case 0x00: /* Supported page codes, mandatory */
540 {
541 DPRINTF("Inquiry EVPD[Supported pages] "
542 "buffer size %zd\n", req->cmd.xfer);
543 outbuf[buflen++] = 0x00; // list of supported pages (this page)
544 if (s->serial) {
545 outbuf[buflen++] = 0x80; // unit serial number
546 }
547 outbuf[buflen++] = 0x83; // device identification
548 if (s->qdev.type == TYPE_DISK) {
549 outbuf[buflen++] = 0xb0; // block limits
550 outbuf[buflen++] = 0xb2; // thin provisioning
551 }
552 break;
553 }
554 case 0x80: /* Device serial number, optional */
555 {
556 int l;
557
558 if (!s->serial) {
559 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
560 return -1;
561 }
562
563 l = strlen(s->serial);
564 if (l > 20) {
565 l = 20;
566 }
567
568 DPRINTF("Inquiry EVPD[Serial number] "
569 "buffer size %zd\n", req->cmd.xfer);
570 memcpy(outbuf+buflen, s->serial, l);
571 buflen += l;
572 break;
573 }
574
575 case 0x83: /* Device identification page, mandatory */
576 {
577 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
578 int max_len = s->serial ? 20 : 255 - 8;
579 int id_len = strlen(str);
580
581 if (id_len > max_len) {
582 id_len = max_len;
583 }
584 DPRINTF("Inquiry EVPD[Device identification] "
585 "buffer size %zd\n", req->cmd.xfer);
586
587 outbuf[buflen++] = 0x2; // ASCII
588 outbuf[buflen++] = 0; // not officially assigned
589 outbuf[buflen++] = 0; // reserved
590 outbuf[buflen++] = id_len; // length of data following
591 memcpy(outbuf+buflen, str, id_len);
592 buflen += id_len;
593
594 if (s->wwn) {
595 outbuf[buflen++] = 0x1; // Binary
596 outbuf[buflen++] = 0x3; // NAA
597 outbuf[buflen++] = 0; // reserved
598 outbuf[buflen++] = 8;
599 stq_be_p(&outbuf[buflen], s->wwn);
600 buflen += 8;
601 }
602 break;
603 }
604 case 0xb0: /* block limits */
605 {
606 unsigned int unmap_sectors =
607 s->qdev.conf.discard_granularity / s->qdev.blocksize;
608 unsigned int min_io_size =
609 s->qdev.conf.min_io_size / s->qdev.blocksize;
610 unsigned int opt_io_size =
611 s->qdev.conf.opt_io_size / s->qdev.blocksize;
612
613 if (s->qdev.type == TYPE_ROM) {
614 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
615 page_code);
616 return -1;
617 }
618 /* required VPD size with unmap support */
619 buflen = 0x40;
620 memset(outbuf + 4, 0, buflen - 4);
621
622 /* optimal transfer length granularity */
623 outbuf[6] = (min_io_size >> 8) & 0xff;
624 outbuf[7] = min_io_size & 0xff;
625
626 /* optimal transfer length */
627 outbuf[12] = (opt_io_size >> 24) & 0xff;
628 outbuf[13] = (opt_io_size >> 16) & 0xff;
629 outbuf[14] = (opt_io_size >> 8) & 0xff;
630 outbuf[15] = opt_io_size & 0xff;
631
632 /* optimal unmap granularity */
633 outbuf[28] = (unmap_sectors >> 24) & 0xff;
634 outbuf[29] = (unmap_sectors >> 16) & 0xff;
635 outbuf[30] = (unmap_sectors >> 8) & 0xff;
636 outbuf[31] = unmap_sectors & 0xff;
637 break;
638 }
639 case 0xb2: /* thin provisioning */
640 {
641 buflen = 8;
642 outbuf[4] = 0;
643 outbuf[5] = 0x60; /* write_same 10/16 supported */
644 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
645 outbuf[7] = 0;
646 break;
647 }
648 default:
649 return -1;
650 }
651 /* done with EVPD */
652 assert(buflen - start <= 255);
653 outbuf[start - 1] = buflen - start;
654 return buflen;
655 }
656
657 /* Standard INQUIRY data */
658 if (req->cmd.buf[2] != 0) {
659 return -1;
660 }
661
662 /* PAGE CODE == 0 */
663 buflen = req->cmd.xfer;
664 if (buflen > SCSI_MAX_INQUIRY_LEN) {
665 buflen = SCSI_MAX_INQUIRY_LEN;
666 }
667 memset(outbuf, 0, buflen);
668
669 outbuf[0] = s->qdev.type & 0x1f;
670 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
671 if (s->qdev.type == TYPE_ROM) {
672 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
673 } else {
674 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
675 }
676 memcpy(&outbuf[8], "QEMU ", 8);
677 memset(&outbuf[32], 0, 4);
678 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
679 /*
680 * We claim conformance to SPC-3, which is required for guests
681 * to ask for modern features like READ CAPACITY(16) or the
682 * block characteristics VPD page by default. Not all of SPC-3
683 * is actually implemented, but we're good enough.
684 */
685 outbuf[2] = 5;
686 outbuf[3] = 2; /* Format 2 */
687
688 if (buflen > 36) {
689 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
690 } else {
691 /* If the allocation length of CDB is too small,
692 the additional length is not adjusted */
693 outbuf[4] = 36 - 5;
694 }
695
696 /* Sync data transfer and TCQ. */
697 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
698 return buflen;
699 }
700
701 static inline bool media_is_dvd(SCSIDiskState *s)
702 {
703 uint64_t nb_sectors;
704 if (s->qdev.type != TYPE_ROM) {
705 return false;
706 }
707 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
708 return false;
709 }
710 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
711 return nb_sectors > CD_MAX_SECTORS;
712 }
713
714 static inline bool media_is_cd(SCSIDiskState *s)
715 {
716 uint64_t nb_sectors;
717 if (s->qdev.type != TYPE_ROM) {
718 return false;
719 }
720 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
721 return false;
722 }
723 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
724 return nb_sectors <= CD_MAX_SECTORS;
725 }
726
727 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
728 uint8_t *outbuf)
729 {
730 static const int rds_caps_size[5] = {
731 [0] = 2048 + 4,
732 [1] = 4 + 4,
733 [3] = 188 + 4,
734 [4] = 2048 + 4,
735 };
736
737 uint8_t media = r->req.cmd.buf[1];
738 uint8_t layer = r->req.cmd.buf[6];
739 uint8_t format = r->req.cmd.buf[7];
740 int size = -1;
741
742 if (s->qdev.type != TYPE_ROM) {
743 return -1;
744 }
745 if (media != 0) {
746 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
747 return -1;
748 }
749
750 if (format != 0xff) {
751 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
752 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
753 return -1;
754 }
755 if (media_is_cd(s)) {
756 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
757 return -1;
758 }
759 if (format >= ARRAY_SIZE(rds_caps_size)) {
760 return -1;
761 }
762 size = rds_caps_size[format];
763 memset(outbuf, 0, size);
764 }
765
766 switch (format) {
767 case 0x00: {
768 /* Physical format information */
769 uint64_t nb_sectors;
770 if (layer != 0) {
771 goto fail;
772 }
773 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
774
775 outbuf[4] = 1; /* DVD-ROM, part version 1 */
776 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
777 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
778 outbuf[7] = 0; /* default densities */
779
780 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
781 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
782 break;
783 }
784
785 case 0x01: /* DVD copyright information, all zeros */
786 break;
787
788 case 0x03: /* BCA information - invalid field for no BCA info */
789 return -1;
790
791 case 0x04: /* DVD disc manufacturing information, all zeros */
792 break;
793
794 case 0xff: { /* List capabilities */
795 int i;
796 size = 4;
797 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
798 if (!rds_caps_size[i]) {
799 continue;
800 }
801 outbuf[size] = i;
802 outbuf[size + 1] = 0x40; /* Not writable, readable */
803 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
804 size += 4;
805 }
806 break;
807 }
808
809 default:
810 return -1;
811 }
812
813 /* Size of buffer, not including 2 byte size field */
814 stw_be_p(outbuf, size - 2);
815 return size;
816
817 fail:
818 return -1;
819 }
820
821 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
822 {
823 uint8_t event_code, media_status;
824
825 media_status = 0;
826 if (s->tray_open) {
827 media_status = MS_TRAY_OPEN;
828 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
829 media_status = MS_MEDIA_PRESENT;
830 }
831
832 /* Event notification descriptor */
833 event_code = MEC_NO_CHANGE;
834 if (media_status != MS_TRAY_OPEN) {
835 if (s->media_event) {
836 event_code = MEC_NEW_MEDIA;
837 s->media_event = false;
838 } else if (s->eject_request) {
839 event_code = MEC_EJECT_REQUESTED;
840 s->eject_request = false;
841 }
842 }
843
844 outbuf[0] = event_code;
845 outbuf[1] = media_status;
846
847 /* These fields are reserved, just clear them. */
848 outbuf[2] = 0;
849 outbuf[3] = 0;
850 return 4;
851 }
852
853 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
854 uint8_t *outbuf)
855 {
856 int size;
857 uint8_t *buf = r->req.cmd.buf;
858 uint8_t notification_class_request = buf[4];
859 if (s->qdev.type != TYPE_ROM) {
860 return -1;
861 }
862 if ((buf[1] & 1) == 0) {
863 /* asynchronous */
864 return -1;
865 }
866
867 size = 4;
868 outbuf[0] = outbuf[1] = 0;
869 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
870 if (notification_class_request & (1 << GESN_MEDIA)) {
871 outbuf[2] = GESN_MEDIA;
872 size += scsi_event_status_media(s, &outbuf[size]);
873 } else {
874 outbuf[2] = 0x80;
875 }
876 stw_be_p(outbuf, size - 4);
877 return size;
878 }
879
880 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
881 {
882 int current;
883
884 if (s->qdev.type != TYPE_ROM) {
885 return -1;
886 }
887 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
888 memset(outbuf, 0, 40);
889 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
890 stw_be_p(&outbuf[6], current);
891 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
892 outbuf[10] = 0x03; /* persistent, current */
893 outbuf[11] = 8; /* two profiles */
894 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
895 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
896 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
897 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
898 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
899 stw_be_p(&outbuf[20], 1);
900 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
901 outbuf[23] = 8;
902 stl_be_p(&outbuf[24], 1); /* SCSI */
903 outbuf[28] = 1; /* DBE = 1, mandatory */
904 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
905 stw_be_p(&outbuf[32], 3);
906 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
907 outbuf[35] = 4;
908 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
909 /* TODO: Random readable, CD read, DVD read, drive serial number,
910 power management */
911 return 40;
912 }
913
914 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
915 {
916 if (s->qdev.type != TYPE_ROM) {
917 return -1;
918 }
919 memset(outbuf, 0, 8);
920 outbuf[5] = 1; /* CD-ROM */
921 return 8;
922 }
923
924 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
925 int page_control)
926 {
927 static const int mode_sense_valid[0x3f] = {
928 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
929 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
930 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
931 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
932 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
933 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
934 };
935
936 BlockDriverState *bdrv = s->qdev.conf.bs;
937 int cylinders, heads, secs;
938 uint8_t *p = *p_outbuf;
939
940 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
941 return -1;
942 }
943
944 p[0] = page;
945
946 /*
947 * If Changeable Values are requested, a mask denoting those mode parameters
948 * that are changeable shall be returned. As we currently don't support
949 * parameter changes via MODE_SELECT all bits are returned set to zero.
950 * The buffer was already menset to zero by the caller of this function.
951 */
952 switch (page) {
953 case MODE_PAGE_HD_GEOMETRY:
954 p[1] = 0x16;
955 if (page_control == 1) { /* Changeable Values */
956 break;
957 }
958 /* if a geometry hint is available, use it */
959 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
960 p[2] = (cylinders >> 16) & 0xff;
961 p[3] = (cylinders >> 8) & 0xff;
962 p[4] = cylinders & 0xff;
963 p[5] = heads & 0xff;
964 /* Write precomp start cylinder, disabled */
965 p[6] = (cylinders >> 16) & 0xff;
966 p[7] = (cylinders >> 8) & 0xff;
967 p[8] = cylinders & 0xff;
968 /* Reduced current start cylinder, disabled */
969 p[9] = (cylinders >> 16) & 0xff;
970 p[10] = (cylinders >> 8) & 0xff;
971 p[11] = cylinders & 0xff;
972 /* Device step rate [ns], 200ns */
973 p[12] = 0;
974 p[13] = 200;
975 /* Landing zone cylinder */
976 p[14] = 0xff;
977 p[15] = 0xff;
978 p[16] = 0xff;
979 /* Medium rotation rate [rpm], 5400 rpm */
980 p[20] = (5400 >> 8) & 0xff;
981 p[21] = 5400 & 0xff;
982 break;
983
984 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
985 p[1] = 0x1e;
986 if (page_control == 1) { /* Changeable Values */
987 break;
988 }
989 /* Transfer rate [kbit/s], 5Mbit/s */
990 p[2] = 5000 >> 8;
991 p[3] = 5000 & 0xff;
992 /* if a geometry hint is available, use it */
993 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
994 p[4] = heads & 0xff;
995 p[5] = secs & 0xff;
996 p[6] = s->qdev.blocksize >> 8;
997 p[8] = (cylinders >> 8) & 0xff;
998 p[9] = cylinders & 0xff;
999 /* Write precomp start cylinder, disabled */
1000 p[10] = (cylinders >> 8) & 0xff;
1001 p[11] = cylinders & 0xff;
1002 /* Reduced current start cylinder, disabled */
1003 p[12] = (cylinders >> 8) & 0xff;
1004 p[13] = cylinders & 0xff;
1005 /* Device step rate [100us], 100us */
1006 p[14] = 0;
1007 p[15] = 1;
1008 /* Device step pulse width [us], 1us */
1009 p[16] = 1;
1010 /* Device head settle delay [100us], 100us */
1011 p[17] = 0;
1012 p[18] = 1;
1013 /* Motor on delay [0.1s], 0.1s */
1014 p[19] = 1;
1015 /* Motor off delay [0.1s], 0.1s */
1016 p[20] = 1;
1017 /* Medium rotation rate [rpm], 5400 rpm */
1018 p[28] = (5400 >> 8) & 0xff;
1019 p[29] = 5400 & 0xff;
1020 break;
1021
1022 case MODE_PAGE_CACHING:
1023 p[0] = 8;
1024 p[1] = 0x12;
1025 if (page_control == 1) { /* Changeable Values */
1026 break;
1027 }
1028 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1029 p[2] = 4; /* WCE */
1030 }
1031 break;
1032
1033 case MODE_PAGE_R_W_ERROR:
1034 p[1] = 10;
1035 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1036 if (s->qdev.type == TYPE_ROM) {
1037 p[3] = 0x20; /* Read Retry Count */
1038 }
1039 break;
1040
1041 case MODE_PAGE_AUDIO_CTL:
1042 p[1] = 14;
1043 break;
1044
1045 case MODE_PAGE_CAPABILITIES:
1046 p[1] = 0x14;
1047 if (page_control == 1) { /* Changeable Values */
1048 break;
1049 }
1050
1051 p[2] = 0x3b; /* CD-R & CD-RW read */
1052 p[3] = 0; /* Writing not supported */
1053 p[4] = 0x7f; /* Audio, composite, digital out,
1054 mode 2 form 1&2, multi session */
1055 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1056 RW corrected, C2 errors, ISRC,
1057 UPC, Bar code */
1058 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1059 /* Locking supported, jumper present, eject, tray */
1060 p[7] = 0; /* no volume & mute control, no
1061 changer */
1062 p[8] = (50 * 176) >> 8; /* 50x read speed */
1063 p[9] = (50 * 176) & 0xff;
1064 p[10] = 2 >> 8; /* Two volume levels */
1065 p[11] = 2 & 0xff;
1066 p[12] = 2048 >> 8; /* 2M buffer */
1067 p[13] = 2048 & 0xff;
1068 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1069 p[15] = (16 * 176) & 0xff;
1070 p[18] = (16 * 176) >> 8; /* 16x write speed */
1071 p[19] = (16 * 176) & 0xff;
1072 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1073 p[21] = (16 * 176) & 0xff;
1074 break;
1075
1076 default:
1077 return -1;
1078 }
1079
1080 *p_outbuf += p[1] + 2;
1081 return p[1] + 2;
1082 }
1083
1084 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1085 {
1086 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1087 uint64_t nb_sectors;
1088 bool dbd;
1089 int page, buflen, ret, page_control;
1090 uint8_t *p;
1091 uint8_t dev_specific_param;
1092
1093 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1094 page = r->req.cmd.buf[2] & 0x3f;
1095 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1096 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1097 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1098 memset(outbuf, 0, r->req.cmd.xfer);
1099 p = outbuf;
1100
1101 if (s->qdev.type == TYPE_DISK) {
1102 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1103 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1104 dev_specific_param |= 0x80; /* Readonly. */
1105 }
1106 } else {
1107 /* MMC prescribes that CD/DVD drives have no block descriptors,
1108 * and defines no device-specific parameter. */
1109 dev_specific_param = 0x00;
1110 dbd = true;
1111 }
1112
1113 if (r->req.cmd.buf[0] == MODE_SENSE) {
1114 p[1] = 0; /* Default media type. */
1115 p[2] = dev_specific_param;
1116 p[3] = 0; /* Block descriptor length. */
1117 p += 4;
1118 } else { /* MODE_SENSE_10 */
1119 p[2] = 0; /* Default media type. */
1120 p[3] = dev_specific_param;
1121 p[6] = p[7] = 0; /* Block descriptor length. */
1122 p += 8;
1123 }
1124
1125 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1126 if (!dbd && nb_sectors) {
1127 if (r->req.cmd.buf[0] == MODE_SENSE) {
1128 outbuf[3] = 8; /* Block descriptor length */
1129 } else { /* MODE_SENSE_10 */
1130 outbuf[7] = 8; /* Block descriptor length */
1131 }
1132 nb_sectors /= (s->qdev.blocksize / 512);
1133 if (nb_sectors > 0xffffff) {
1134 nb_sectors = 0;
1135 }
1136 p[0] = 0; /* media density code */
1137 p[1] = (nb_sectors >> 16) & 0xff;
1138 p[2] = (nb_sectors >> 8) & 0xff;
1139 p[3] = nb_sectors & 0xff;
1140 p[4] = 0; /* reserved */
1141 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1142 p[6] = s->qdev.blocksize >> 8;
1143 p[7] = 0;
1144 p += 8;
1145 }
1146
1147 if (page_control == 3) {
1148 /* Saved Values */
1149 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1150 return -1;
1151 }
1152
1153 if (page == 0x3f) {
1154 for (page = 0; page <= 0x3e; page++) {
1155 mode_sense_page(s, page, &p, page_control);
1156 }
1157 } else {
1158 ret = mode_sense_page(s, page, &p, page_control);
1159 if (ret == -1) {
1160 return -1;
1161 }
1162 }
1163
1164 buflen = p - outbuf;
1165 /*
1166 * The mode data length field specifies the length in bytes of the
1167 * following data that is available to be transferred. The mode data
1168 * length does not include itself.
1169 */
1170 if (r->req.cmd.buf[0] == MODE_SENSE) {
1171 outbuf[0] = buflen - 1;
1172 } else { /* MODE_SENSE_10 */
1173 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1174 outbuf[1] = (buflen - 2) & 0xff;
1175 }
1176 return buflen;
1177 }
1178
1179 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1180 {
1181 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1182 int start_track, format, msf, toclen;
1183 uint64_t nb_sectors;
1184
1185 msf = req->cmd.buf[1] & 2;
1186 format = req->cmd.buf[2] & 0xf;
1187 start_track = req->cmd.buf[6];
1188 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1189 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1190 nb_sectors /= s->qdev.blocksize / 512;
1191 switch (format) {
1192 case 0:
1193 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1194 break;
1195 case 1:
1196 /* multi session : only a single session defined */
1197 toclen = 12;
1198 memset(outbuf, 0, 12);
1199 outbuf[1] = 0x0a;
1200 outbuf[2] = 0x01;
1201 outbuf[3] = 0x01;
1202 break;
1203 case 2:
1204 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1205 break;
1206 default:
1207 return -1;
1208 }
1209 return toclen;
1210 }
1211
1212 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1213 {
1214 SCSIRequest *req = &r->req;
1215 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1216 bool start = req->cmd.buf[4] & 1;
1217 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1218
1219 if (s->qdev.type == TYPE_ROM && loej) {
1220 if (!start && !s->tray_open && s->tray_locked) {
1221 scsi_check_condition(r,
1222 bdrv_is_inserted(s->qdev.conf.bs)
1223 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1224 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1225 return -1;
1226 }
1227
1228 if (s->tray_open != !start) {
1229 bdrv_eject(s->qdev.conf.bs, !start);
1230 s->tray_open = !start;
1231 }
1232 }
1233 return 0;
1234 }
1235
1236 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1237 {
1238 SCSIRequest *req = &r->req;
1239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1240 uint64_t nb_sectors;
1241 uint8_t *outbuf;
1242 int buflen = 0;
1243
1244 if (!r->iov.iov_base) {
1245 /*
1246 * FIXME: we shouldn't return anything bigger than 4k, but the code
1247 * requires the buffer to be as big as req->cmd.xfer in several
1248 * places. So, do not allow CDBs with a very large ALLOCATION
1249 * LENGTH. The real fix would be to modify scsi_read_data and
1250 * dma_buf_read, so that they return data beyond the buflen
1251 * as all zeros.
1252 */
1253 if (req->cmd.xfer > 65536) {
1254 goto illegal_request;
1255 }
1256 r->buflen = MAX(4096, req->cmd.xfer);
1257 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1258 }
1259
1260 outbuf = r->iov.iov_base;
1261 switch (req->cmd.buf[0]) {
1262 case TEST_UNIT_READY:
1263 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1264 break;
1265 case INQUIRY:
1266 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1267 if (buflen < 0) {
1268 goto illegal_request;
1269 }
1270 break;
1271 case MODE_SENSE:
1272 case MODE_SENSE_10:
1273 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1274 if (buflen < 0) {
1275 goto illegal_request;
1276 }
1277 break;
1278 case READ_TOC:
1279 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1280 if (buflen < 0) {
1281 goto illegal_request;
1282 }
1283 break;
1284 case RESERVE:
1285 if (req->cmd.buf[1] & 1) {
1286 goto illegal_request;
1287 }
1288 break;
1289 case RESERVE_10:
1290 if (req->cmd.buf[1] & 3) {
1291 goto illegal_request;
1292 }
1293 break;
1294 case RELEASE:
1295 if (req->cmd.buf[1] & 1) {
1296 goto illegal_request;
1297 }
1298 break;
1299 case RELEASE_10:
1300 if (req->cmd.buf[1] & 3) {
1301 goto illegal_request;
1302 }
1303 break;
1304 case START_STOP:
1305 if (scsi_disk_emulate_start_stop(r) < 0) {
1306 return -1;
1307 }
1308 break;
1309 case ALLOW_MEDIUM_REMOVAL:
1310 s->tray_locked = req->cmd.buf[4] & 1;
1311 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1312 break;
1313 case READ_CAPACITY_10:
1314 /* The normal LEN field for this command is zero. */
1315 memset(outbuf, 0, 8);
1316 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1317 if (!nb_sectors) {
1318 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1319 return -1;
1320 }
1321 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1322 goto illegal_request;
1323 }
1324 nb_sectors /= s->qdev.blocksize / 512;
1325 /* Returned value is the address of the last sector. */
1326 nb_sectors--;
1327 /* Remember the new size for read/write sanity checking. */
1328 s->qdev.max_lba = nb_sectors;
1329 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1330 if (nb_sectors > UINT32_MAX) {
1331 nb_sectors = UINT32_MAX;
1332 }
1333 outbuf[0] = (nb_sectors >> 24) & 0xff;
1334 outbuf[1] = (nb_sectors >> 16) & 0xff;
1335 outbuf[2] = (nb_sectors >> 8) & 0xff;
1336 outbuf[3] = nb_sectors & 0xff;
1337 outbuf[4] = 0;
1338 outbuf[5] = 0;
1339 outbuf[6] = s->qdev.blocksize >> 8;
1340 outbuf[7] = 0;
1341 buflen = 8;
1342 break;
1343 case REQUEST_SENSE:
1344 /* Just return "NO SENSE". */
1345 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1346 (req->cmd.buf[1] & 1) == 0);
1347 break;
1348 case MECHANISM_STATUS:
1349 buflen = scsi_emulate_mechanism_status(s, outbuf);
1350 if (buflen < 0) {
1351 goto illegal_request;
1352 }
1353 break;
1354 case GET_CONFIGURATION:
1355 buflen = scsi_get_configuration(s, outbuf);
1356 if (buflen < 0) {
1357 goto illegal_request;
1358 }
1359 break;
1360 case GET_EVENT_STATUS_NOTIFICATION:
1361 buflen = scsi_get_event_status_notification(s, r, outbuf);
1362 if (buflen < 0) {
1363 goto illegal_request;
1364 }
1365 break;
1366 case READ_DVD_STRUCTURE:
1367 buflen = scsi_read_dvd_structure(s, r, outbuf);
1368 if (buflen < 0) {
1369 goto illegal_request;
1370 }
1371 break;
1372 case SERVICE_ACTION_IN_16:
1373 /* Service Action In subcommands. */
1374 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1375 DPRINTF("SAI READ CAPACITY(16)\n");
1376 memset(outbuf, 0, req->cmd.xfer);
1377 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1378 if (!nb_sectors) {
1379 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1380 return -1;
1381 }
1382 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1383 goto illegal_request;
1384 }
1385 nb_sectors /= s->qdev.blocksize / 512;
1386 /* Returned value is the address of the last sector. */
1387 nb_sectors--;
1388 /* Remember the new size for read/write sanity checking. */
1389 s->qdev.max_lba = nb_sectors;
1390 outbuf[0] = (nb_sectors >> 56) & 0xff;
1391 outbuf[1] = (nb_sectors >> 48) & 0xff;
1392 outbuf[2] = (nb_sectors >> 40) & 0xff;
1393 outbuf[3] = (nb_sectors >> 32) & 0xff;
1394 outbuf[4] = (nb_sectors >> 24) & 0xff;
1395 outbuf[5] = (nb_sectors >> 16) & 0xff;
1396 outbuf[6] = (nb_sectors >> 8) & 0xff;
1397 outbuf[7] = nb_sectors & 0xff;
1398 outbuf[8] = 0;
1399 outbuf[9] = 0;
1400 outbuf[10] = s->qdev.blocksize >> 8;
1401 outbuf[11] = 0;
1402 outbuf[12] = 0;
1403 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1404
1405 /* set TPE bit if the format supports discard */
1406 if (s->qdev.conf.discard_granularity) {
1407 outbuf[14] = 0x80;
1408 }
1409
1410 /* Protection, exponent and lowest lba field left blank. */
1411 buflen = req->cmd.xfer;
1412 break;
1413 }
1414 DPRINTF("Unsupported Service Action In\n");
1415 goto illegal_request;
1416 default:
1417 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1418 return -1;
1419 }
1420 buflen = MIN(buflen, req->cmd.xfer);
1421 return buflen;
1422
1423 illegal_request:
1424 if (r->req.status == -1) {
1425 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1426 }
1427 return -1;
1428 }
1429
1430 /* Execute a scsi command. Returns the length of the data expected by the
1431 command. This will be Positive for data transfers from the device
1432 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1433 and zero if the command does not transfer any data. */
1434
1435 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1436 {
1437 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1438 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1439 int32_t len;
1440 uint8_t command;
1441 int rc;
1442
1443 command = buf[0];
1444 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1445
1446 #ifdef DEBUG_SCSI
1447 {
1448 int i;
1449 for (i = 1; i < r->req.cmd.len; i++) {
1450 printf(" 0x%02x", buf[i]);
1451 }
1452 printf("\n");
1453 }
1454 #endif
1455
1456 switch (command) {
1457 case INQUIRY:
1458 case MODE_SENSE:
1459 case MODE_SENSE_10:
1460 case RESERVE:
1461 case RESERVE_10:
1462 case RELEASE:
1463 case RELEASE_10:
1464 case START_STOP:
1465 case ALLOW_MEDIUM_REMOVAL:
1466 case GET_CONFIGURATION:
1467 case GET_EVENT_STATUS_NOTIFICATION:
1468 case MECHANISM_STATUS:
1469 case REQUEST_SENSE:
1470 break;
1471
1472 default:
1473 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1474 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1475 return 0;
1476 }
1477 break;
1478 }
1479
1480 switch (command) {
1481 case TEST_UNIT_READY:
1482 case INQUIRY:
1483 case MODE_SENSE:
1484 case MODE_SENSE_10:
1485 case RESERVE:
1486 case RESERVE_10:
1487 case RELEASE:
1488 case RELEASE_10:
1489 case START_STOP:
1490 case ALLOW_MEDIUM_REMOVAL:
1491 case READ_CAPACITY_10:
1492 case READ_TOC:
1493 case READ_DVD_STRUCTURE:
1494 case GET_CONFIGURATION:
1495 case GET_EVENT_STATUS_NOTIFICATION:
1496 case MECHANISM_STATUS:
1497 case SERVICE_ACTION_IN_16:
1498 case REQUEST_SENSE:
1499 rc = scsi_disk_emulate_command(r);
1500 if (rc < 0) {
1501 return 0;
1502 }
1503
1504 r->iov.iov_len = rc;
1505 break;
1506 case SYNCHRONIZE_CACHE:
1507 /* The request is used as the AIO opaque value, so add a ref. */
1508 scsi_req_ref(&r->req);
1509 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1510 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1511 return 0;
1512 case READ_6:
1513 case READ_10:
1514 case READ_12:
1515 case READ_16:
1516 len = r->req.cmd.xfer / s->qdev.blocksize;
1517 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1518 if (r->req.cmd.lba > s->qdev.max_lba) {
1519 goto illegal_lba;
1520 }
1521 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1522 r->sector_count = len * (s->qdev.blocksize / 512);
1523 break;
1524 case VERIFY_10:
1525 case VERIFY_12:
1526 case VERIFY_16:
1527 case WRITE_6:
1528 case WRITE_10:
1529 case WRITE_12:
1530 case WRITE_16:
1531 case WRITE_VERIFY_10:
1532 case WRITE_VERIFY_12:
1533 case WRITE_VERIFY_16:
1534 len = r->req.cmd.xfer / s->qdev.blocksize;
1535 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1536 (command & 0xe) == 0xe ? "And Verify " : "",
1537 r->req.cmd.lba, len);
1538 if (r->req.cmd.lba > s->qdev.max_lba) {
1539 goto illegal_lba;
1540 }
1541 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1542 r->sector_count = len * (s->qdev.blocksize / 512);
1543 break;
1544 case MODE_SELECT:
1545 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1546 /* We don't support mode parameter changes.
1547 Allow the mode parameter header + block descriptors only. */
1548 if (r->req.cmd.xfer > 12) {
1549 goto fail;
1550 }
1551 break;
1552 case MODE_SELECT_10:
1553 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1554 /* We don't support mode parameter changes.
1555 Allow the mode parameter header + block descriptors only. */
1556 if (r->req.cmd.xfer > 16) {
1557 goto fail;
1558 }
1559 break;
1560 case SEEK_10:
1561 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1562 if (r->req.cmd.lba > s->qdev.max_lba) {
1563 goto illegal_lba;
1564 }
1565 break;
1566 case WRITE_SAME_10:
1567 len = lduw_be_p(&buf[7]);
1568 goto write_same;
1569 case WRITE_SAME_16:
1570 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1571 write_same:
1572
1573 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1574 r->req.cmd.lba, len);
1575
1576 if (r->req.cmd.lba > s->qdev.max_lba) {
1577 goto illegal_lba;
1578 }
1579
1580 /*
1581 * We only support WRITE SAME with the unmap bit set for now.
1582 */
1583 if (!(buf[1] & 0x8)) {
1584 goto fail;
1585 }
1586
1587 rc = bdrv_discard(s->qdev.conf.bs,
1588 r->req.cmd.lba * (s->qdev.blocksize / 512),
1589 len * (s->qdev.blocksize / 512));
1590 if (rc < 0) {
1591 /* XXX: better error code ?*/
1592 goto fail;
1593 }
1594
1595 break;
1596 default:
1597 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1598 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1599 return 0;
1600 fail:
1601 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1602 return 0;
1603 illegal_lba:
1604 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1605 return 0;
1606 }
1607 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1608 scsi_req_complete(&r->req, GOOD);
1609 }
1610 len = r->sector_count * 512 + r->iov.iov_len;
1611 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1612 return -len;
1613 } else {
1614 if (!r->sector_count) {
1615 r->sector_count = -1;
1616 }
1617 return len;
1618 }
1619 }
1620
1621 static void scsi_disk_reset(DeviceState *dev)
1622 {
1623 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1624 uint64_t nb_sectors;
1625
1626 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1627
1628 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1629 nb_sectors /= s->qdev.blocksize / 512;
1630 if (nb_sectors) {
1631 nb_sectors--;
1632 }
1633 s->qdev.max_lba = nb_sectors;
1634 }
1635
1636 static void scsi_destroy(SCSIDevice *dev)
1637 {
1638 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1639
1640 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1641 blockdev_mark_auto_del(s->qdev.conf.bs);
1642 }
1643
1644 static void scsi_cd_change_media_cb(void *opaque, bool load)
1645 {
1646 SCSIDiskState *s = opaque;
1647
1648 /*
1649 * When a CD gets changed, we have to report an ejected state and
1650 * then a loaded state to guests so that they detect tray
1651 * open/close and media change events. Guests that do not use
1652 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1653 * states rely on this behavior.
1654 *
1655 * media_changed governs the state machine used for unit attention
1656 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1657 */
1658 s->media_changed = load;
1659 s->tray_open = !load;
1660 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1661 s->media_event = true;
1662 s->eject_request = false;
1663 }
1664
1665 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1666 {
1667 SCSIDiskState *s = opaque;
1668
1669 s->eject_request = true;
1670 if (force) {
1671 s->tray_locked = false;
1672 }
1673 }
1674
1675 static bool scsi_cd_is_tray_open(void *opaque)
1676 {
1677 return ((SCSIDiskState *)opaque)->tray_open;
1678 }
1679
1680 static bool scsi_cd_is_medium_locked(void *opaque)
1681 {
1682 return ((SCSIDiskState *)opaque)->tray_locked;
1683 }
1684
1685 static const BlockDevOps scsi_cd_block_ops = {
1686 .change_media_cb = scsi_cd_change_media_cb,
1687 .eject_request_cb = scsi_cd_eject_request_cb,
1688 .is_tray_open = scsi_cd_is_tray_open,
1689 .is_medium_locked = scsi_cd_is_medium_locked,
1690 };
1691
1692 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1693 {
1694 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1695 if (s->media_changed) {
1696 s->media_changed = false;
1697 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1698 }
1699 }
1700
1701 static int scsi_initfn(SCSIDevice *dev)
1702 {
1703 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1704 DriveInfo *dinfo;
1705
1706 if (!s->qdev.conf.bs) {
1707 error_report("drive property not set");
1708 return -1;
1709 }
1710
1711 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1712 !bdrv_is_inserted(s->qdev.conf.bs)) {
1713 error_report("Device needs media, but drive is empty");
1714 return -1;
1715 }
1716
1717 if (!s->serial) {
1718 /* try to fall back to value set with legacy -drive serial=... */
1719 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1720 if (*dinfo->serial) {
1721 s->serial = g_strdup(dinfo->serial);
1722 }
1723 }
1724
1725 if (!s->version) {
1726 s->version = g_strdup(qemu_get_version());
1727 }
1728
1729 if (bdrv_is_sg(s->qdev.conf.bs)) {
1730 error_report("unwanted /dev/sg*");
1731 return -1;
1732 }
1733
1734 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1735 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1736 }
1737 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1738
1739 bdrv_iostatus_enable(s->qdev.conf.bs);
1740 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1741 return 0;
1742 }
1743
1744 static int scsi_hd_initfn(SCSIDevice *dev)
1745 {
1746 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1747 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1748 s->qdev.type = TYPE_DISK;
1749 return scsi_initfn(&s->qdev);
1750 }
1751
1752 static int scsi_cd_initfn(SCSIDevice *dev)
1753 {
1754 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1755 s->qdev.blocksize = 2048;
1756 s->qdev.type = TYPE_ROM;
1757 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1758 return scsi_initfn(&s->qdev);
1759 }
1760
1761 static int scsi_disk_initfn(SCSIDevice *dev)
1762 {
1763 DriveInfo *dinfo;
1764
1765 if (!dev->conf.bs) {
1766 return scsi_initfn(dev); /* ... and die there */
1767 }
1768
1769 dinfo = drive_get_by_blockdev(dev->conf.bs);
1770 if (dinfo->media_cd) {
1771 return scsi_cd_initfn(dev);
1772 } else {
1773 return scsi_hd_initfn(dev);
1774 }
1775 }
1776
1777 static const SCSIReqOps scsi_disk_reqops = {
1778 .size = sizeof(SCSIDiskReq),
1779 .free_req = scsi_free_request,
1780 .send_command = scsi_send_command,
1781 .read_data = scsi_read_data,
1782 .write_data = scsi_write_data,
1783 .cancel_io = scsi_cancel_io,
1784 .get_buf = scsi_get_buf,
1785 .load_request = scsi_disk_load_request,
1786 .save_request = scsi_disk_save_request,
1787 };
1788
1789 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1790 uint8_t *buf, void *hba_private)
1791 {
1792 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1793 SCSIRequest *req;
1794
1795 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1796 return req;
1797 }
1798
1799 #ifdef __linux__
1800 static int get_device_type(SCSIDiskState *s)
1801 {
1802 BlockDriverState *bdrv = s->qdev.conf.bs;
1803 uint8_t cmd[16];
1804 uint8_t buf[36];
1805 uint8_t sensebuf[8];
1806 sg_io_hdr_t io_header;
1807 int ret;
1808
1809 memset(cmd, 0, sizeof(cmd));
1810 memset(buf, 0, sizeof(buf));
1811 cmd[0] = INQUIRY;
1812 cmd[4] = sizeof(buf);
1813
1814 memset(&io_header, 0, sizeof(io_header));
1815 io_header.interface_id = 'S';
1816 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1817 io_header.dxfer_len = sizeof(buf);
1818 io_header.dxferp = buf;
1819 io_header.cmdp = cmd;
1820 io_header.cmd_len = sizeof(cmd);
1821 io_header.mx_sb_len = sizeof(sensebuf);
1822 io_header.sbp = sensebuf;
1823 io_header.timeout = 6000; /* XXX */
1824
1825 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1826 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1827 return -1;
1828 }
1829 s->qdev.type = buf[0];
1830 if (buf[1] & 0x80) {
1831 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1832 }
1833 return 0;
1834 }
1835
1836 static int scsi_block_initfn(SCSIDevice *dev)
1837 {
1838 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1839 int sg_version;
1840 int rc;
1841
1842 if (!s->qdev.conf.bs) {
1843 error_report("scsi-block: drive property not set");
1844 return -1;
1845 }
1846
1847 /* check we are using a driver managing SG_IO (version 3 and after) */
1848 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1849 sg_version < 30000) {
1850 error_report("scsi-block: scsi generic interface too old");
1851 return -1;
1852 }
1853
1854 /* get device type from INQUIRY data */
1855 rc = get_device_type(s);
1856 if (rc < 0) {
1857 error_report("scsi-block: INQUIRY failed");
1858 return -1;
1859 }
1860
1861 /* Make a guess for the block size, we'll fix it when the guest sends.
1862 * READ CAPACITY. If they don't, they likely would assume these sizes
1863 * anyway. (TODO: check in /sys).
1864 */
1865 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1866 s->qdev.blocksize = 2048;
1867 } else {
1868 s->qdev.blocksize = 512;
1869 }
1870 return scsi_initfn(&s->qdev);
1871 }
1872
1873 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1874 uint32_t lun, uint8_t *buf,
1875 void *hba_private)
1876 {
1877 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1878
1879 switch (buf[0]) {
1880 case READ_6:
1881 case READ_10:
1882 case READ_12:
1883 case READ_16:
1884 case VERIFY_10:
1885 case VERIFY_12:
1886 case VERIFY_16:
1887 case WRITE_6:
1888 case WRITE_10:
1889 case WRITE_12:
1890 case WRITE_16:
1891 case WRITE_VERIFY_10:
1892 case WRITE_VERIFY_12:
1893 case WRITE_VERIFY_16:
1894 /* If we are not using O_DIRECT, we might read stale data from the
1895 * host cache if writes were made using other commands than these
1896 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1897 * O_DIRECT everything must go through SG_IO.
1898 */
1899 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
1900 break;
1901 }
1902
1903 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1904 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1905 * And once you do these writes, reading from the block device is
1906 * unreliable, too. It is even possible that reads deliver random data
1907 * from the host page cache (this is probably a Linux bug).
1908 *
1909 * We might use scsi_disk_reqops as long as no writing commands are
1910 * seen, but performance usually isn't paramount on optical media. So,
1911 * just make scsi-block operate the same as scsi-generic for them.
1912 */
1913 if (s->qdev.type == TYPE_ROM) {
1914 break;
1915 }
1916 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1917 hba_private);
1918 }
1919
1920 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1921 hba_private);
1922 }
1923 #endif
1924
1925 #define DEFINE_SCSI_DISK_PROPERTIES() \
1926 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1927 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1928 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1929
1930 static Property scsi_hd_properties[] = {
1931 DEFINE_SCSI_DISK_PROPERTIES(),
1932 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1933 SCSI_DISK_F_REMOVABLE, false),
1934 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
1935 SCSI_DISK_F_DPOFUA, false),
1936 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
1937 DEFINE_PROP_END_OF_LIST(),
1938 };
1939
1940 static const VMStateDescription vmstate_scsi_disk_state = {
1941 .name = "scsi-disk",
1942 .version_id = 1,
1943 .minimum_version_id = 1,
1944 .minimum_version_id_old = 1,
1945 .fields = (VMStateField[]) {
1946 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1947 VMSTATE_BOOL(media_changed, SCSIDiskState),
1948 VMSTATE_BOOL(media_event, SCSIDiskState),
1949 VMSTATE_BOOL(eject_request, SCSIDiskState),
1950 VMSTATE_BOOL(tray_open, SCSIDiskState),
1951 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1952 VMSTATE_END_OF_LIST()
1953 }
1954 };
1955
1956 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1957 {
1958 DeviceClass *dc = DEVICE_CLASS(klass);
1959 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1960
1961 sc->init = scsi_hd_initfn;
1962 sc->destroy = scsi_destroy;
1963 sc->alloc_req = scsi_new_request;
1964 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1965 dc->fw_name = "disk";
1966 dc->desc = "virtual SCSI disk";
1967 dc->reset = scsi_disk_reset;
1968 dc->props = scsi_hd_properties;
1969 dc->vmsd = &vmstate_scsi_disk_state;
1970 }
1971
1972 static TypeInfo scsi_hd_info = {
1973 .name = "scsi-hd",
1974 .parent = TYPE_SCSI_DEVICE,
1975 .instance_size = sizeof(SCSIDiskState),
1976 .class_init = scsi_hd_class_initfn,
1977 };
1978
1979 static Property scsi_cd_properties[] = {
1980 DEFINE_SCSI_DISK_PROPERTIES(),
1981 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
1982 DEFINE_PROP_END_OF_LIST(),
1983 };
1984
1985 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1986 {
1987 DeviceClass *dc = DEVICE_CLASS(klass);
1988 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1989
1990 sc->init = scsi_cd_initfn;
1991 sc->destroy = scsi_destroy;
1992 sc->alloc_req = scsi_new_request;
1993 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1994 dc->fw_name = "disk";
1995 dc->desc = "virtual SCSI CD-ROM";
1996 dc->reset = scsi_disk_reset;
1997 dc->props = scsi_cd_properties;
1998 dc->vmsd = &vmstate_scsi_disk_state;
1999 }
2000
2001 static TypeInfo scsi_cd_info = {
2002 .name = "scsi-cd",
2003 .parent = TYPE_SCSI_DEVICE,
2004 .instance_size = sizeof(SCSIDiskState),
2005 .class_init = scsi_cd_class_initfn,
2006 };
2007
2008 #ifdef __linux__
2009 static Property scsi_block_properties[] = {
2010 DEFINE_SCSI_DISK_PROPERTIES(),
2011 DEFINE_PROP_END_OF_LIST(),
2012 };
2013
2014 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2015 {
2016 DeviceClass *dc = DEVICE_CLASS(klass);
2017 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2018
2019 sc->init = scsi_block_initfn;
2020 sc->destroy = scsi_destroy;
2021 sc->alloc_req = scsi_block_new_request;
2022 dc->fw_name = "disk";
2023 dc->desc = "SCSI block device passthrough";
2024 dc->reset = scsi_disk_reset;
2025 dc->props = scsi_block_properties;
2026 dc->vmsd = &vmstate_scsi_disk_state;
2027 }
2028
2029 static TypeInfo scsi_block_info = {
2030 .name = "scsi-block",
2031 .parent = TYPE_SCSI_DEVICE,
2032 .instance_size = sizeof(SCSIDiskState),
2033 .class_init = scsi_block_class_initfn,
2034 };
2035 #endif
2036
2037 static Property scsi_disk_properties[] = {
2038 DEFINE_SCSI_DISK_PROPERTIES(),
2039 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2040 SCSI_DISK_F_REMOVABLE, false),
2041 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2042 SCSI_DISK_F_DPOFUA, false),
2043 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2044 DEFINE_PROP_END_OF_LIST(),
2045 };
2046
2047 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2048 {
2049 DeviceClass *dc = DEVICE_CLASS(klass);
2050 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2051
2052 sc->init = scsi_disk_initfn;
2053 sc->destroy = scsi_destroy;
2054 sc->alloc_req = scsi_new_request;
2055 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2056 dc->fw_name = "disk";
2057 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2058 dc->reset = scsi_disk_reset;
2059 dc->props = scsi_disk_properties;
2060 dc->vmsd = &vmstate_scsi_disk_state;
2061 }
2062
2063 static TypeInfo scsi_disk_info = {
2064 .name = "scsi-disk",
2065 .parent = TYPE_SCSI_DEVICE,
2066 .instance_size = sizeof(SCSIDiskState),
2067 .class_init = scsi_disk_class_initfn,
2068 };
2069
2070 static void scsi_disk_register_types(void)
2071 {
2072 type_register_static(&scsi_hd_info);
2073 type_register_static(&scsi_cd_info);
2074 #ifdef __linux__
2075 type_register_static(&scsi_block_info);
2076 #endif
2077 type_register_static(&scsi_disk_info);
2078 }
2079
2080 type_init(scsi_disk_register_types)
Qemu copy for testing