]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi-disk: fix changeable values for MODE_PAGE_R_W_ERROR
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #include "qemu-common.h"
32 #include "qemu-error.h"
33 #include "scsi.h"
34 #include "scsi-defs.h"
35 #include "sysemu.h"
36 #include "blockdev.h"
37 #include "hw/block-common.h"
38 #include "dma.h"
39
40 #ifdef __linux
41 #include <scsi/sg.h>
42 #endif
43
44 #define SCSI_DMA_BUF_SIZE 131072
45 #define SCSI_MAX_INQUIRY_LEN 256
46
47 typedef struct SCSIDiskState SCSIDiskState;
48
49 typedef struct SCSIDiskReq {
50 SCSIRequest req;
51 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
52 uint64_t sector;
53 uint32_t sector_count;
54 uint32_t buflen;
55 bool started;
56 struct iovec iov;
57 QEMUIOVector qiov;
58 BlockAcctCookie acct;
59 } SCSIDiskReq;
60
61 #define SCSI_DISK_F_REMOVABLE 0
62 #define SCSI_DISK_F_DPOFUA 1
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t features;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 uint64_t wwn;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 char *vendor;
76 char *product;
77 bool tray_open;
78 bool tray_locked;
79 };
80
81 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
82
83 static void scsi_free_request(SCSIRequest *req)
84 {
85 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
86
87 if (r->iov.iov_base) {
88 qemu_vfree(r->iov.iov_base);
89 }
90 }
91
92 /* Helper function for command completion with sense. */
93 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
94 {
95 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
96 r->req.tag, sense.key, sense.asc, sense.ascq);
97 scsi_req_build_sense(&r->req, sense);
98 scsi_req_complete(&r->req, CHECK_CONDITION);
99 }
100
101 /* Cancel a pending data transfer. */
102 static void scsi_cancel_io(SCSIRequest *req)
103 {
104 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
105
106 DPRINTF("Cancel tag=0x%x\n", req->tag);
107 if (r->req.aiocb) {
108 bdrv_aio_cancel(r->req.aiocb);
109
110 /* This reference was left in by scsi_*_data. We take ownership of
111 * it the moment scsi_req_cancel is called, independent of whether
112 * bdrv_aio_cancel completes the request or not. */
113 scsi_req_unref(&r->req);
114 }
115 r->req.aiocb = NULL;
116 }
117
118 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
119 {
120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
121
122 if (!r->iov.iov_base) {
123 r->buflen = size;
124 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
125 }
126 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
127 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
128 return r->qiov.size / 512;
129 }
130
131 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
132 {
133 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
134
135 qemu_put_be64s(f, &r->sector);
136 qemu_put_be32s(f, &r->sector_count);
137 qemu_put_be32s(f, &r->buflen);
138 if (r->buflen) {
139 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
140 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
141 } else if (!req->retry) {
142 uint32_t len = r->iov.iov_len;
143 qemu_put_be32s(f, &len);
144 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
145 }
146 }
147 }
148
149 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
150 {
151 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
152
153 qemu_get_be64s(f, &r->sector);
154 qemu_get_be32s(f, &r->sector_count);
155 qemu_get_be32s(f, &r->buflen);
156 if (r->buflen) {
157 scsi_init_iovec(r, r->buflen);
158 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
159 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
160 } else if (!r->req.retry) {
161 uint32_t len;
162 qemu_get_be32s(f, &len);
163 r->iov.iov_len = len;
164 assert(r->iov.iov_len <= r->buflen);
165 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
166 }
167 }
168
169 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
170 }
171
172 static void scsi_aio_complete(void *opaque, int ret)
173 {
174 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
176
177 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
178
179 if (ret < 0) {
180 if (scsi_handle_rw_error(r, -ret)) {
181 goto done;
182 }
183 }
184
185 scsi_req_complete(&r->req, GOOD);
186
187 done:
188 if (!r->req.io_canceled) {
189 scsi_req_unref(&r->req);
190 }
191 }
192
193 static bool scsi_is_cmd_fua(SCSICommand *cmd)
194 {
195 switch (cmd->buf[0]) {
196 case READ_10:
197 case READ_12:
198 case READ_16:
199 case WRITE_10:
200 case WRITE_12:
201 case WRITE_16:
202 return (cmd->buf[1] & 8) != 0;
203
204 case VERIFY_10:
205 case VERIFY_12:
206 case VERIFY_16:
207 case WRITE_VERIFY_10:
208 case WRITE_VERIFY_12:
209 case WRITE_VERIFY_16:
210 return true;
211
212 case READ_6:
213 case WRITE_6:
214 default:
215 return false;
216 }
217 }
218
219 static void scsi_write_do_fua(SCSIDiskReq *r)
220 {
221 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
222
223 if (scsi_is_cmd_fua(&r->req.cmd)) {
224 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
225 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
226 return;
227 }
228
229 scsi_req_complete(&r->req, GOOD);
230 if (!r->req.io_canceled) {
231 scsi_req_unref(&r->req);
232 }
233 }
234
235 static void scsi_dma_complete(void *opaque, int ret)
236 {
237 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
238 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
239
240 if (r->req.aiocb != NULL) {
241 r->req.aiocb = NULL;
242 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
243 }
244
245 if (ret < 0) {
246 if (scsi_handle_rw_error(r, -ret)) {
247 goto done;
248 }
249 }
250
251 r->sector += r->sector_count;
252 r->sector_count = 0;
253 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
254 scsi_write_do_fua(r);
255 return;
256 } else {
257 scsi_req_complete(&r->req, GOOD);
258 }
259
260 done:
261 if (!r->req.io_canceled) {
262 scsi_req_unref(&r->req);
263 }
264 }
265
266 static void scsi_read_complete(void * opaque, int ret)
267 {
268 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
269 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
270 int n;
271
272 if (r->req.aiocb != NULL) {
273 r->req.aiocb = NULL;
274 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
275 }
276
277 if (ret < 0) {
278 if (scsi_handle_rw_error(r, -ret)) {
279 goto done;
280 }
281 }
282
283 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
284
285 n = r->qiov.size / 512;
286 r->sector += n;
287 r->sector_count -= n;
288 scsi_req_data(&r->req, r->qiov.size);
289
290 done:
291 if (!r->req.io_canceled) {
292 scsi_req_unref(&r->req);
293 }
294 }
295
296 /* Actually issue a read to the block device. */
297 static void scsi_do_read(void *opaque, int ret)
298 {
299 SCSIDiskReq *r = opaque;
300 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
301 uint32_t n;
302
303 if (r->req.aiocb != NULL) {
304 r->req.aiocb = NULL;
305 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
306 }
307
308 if (ret < 0) {
309 if (scsi_handle_rw_error(r, -ret)) {
310 goto done;
311 }
312 }
313
314 if (r->req.io_canceled) {
315 return;
316 }
317
318 /* The request is used as the AIO opaque value, so add a ref. */
319 scsi_req_ref(&r->req);
320
321 if (r->req.sg) {
322 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
323 r->req.resid -= r->req.sg->size;
324 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
325 scsi_dma_complete, r);
326 } else {
327 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
328 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
329 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
330 scsi_read_complete, r);
331 }
332
333 done:
334 if (!r->req.io_canceled) {
335 scsi_req_unref(&r->req);
336 }
337 }
338
339 /* Read more data from scsi device into buffer. */
340 static void scsi_read_data(SCSIRequest *req)
341 {
342 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
343 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
344 bool first;
345
346 DPRINTF("Read sector_count=%d\n", r->sector_count);
347 if (r->sector_count == 0) {
348 /* This also clears the sense buffer for REQUEST SENSE. */
349 scsi_req_complete(&r->req, GOOD);
350 return;
351 }
352
353 /* No data transfer may already be in progress */
354 assert(r->req.aiocb == NULL);
355
356 /* The request is used as the AIO opaque value, so add a ref. */
357 scsi_req_ref(&r->req);
358 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
359 DPRINTF("Data transfer direction invalid\n");
360 scsi_read_complete(r, -EINVAL);
361 return;
362 }
363
364 if (s->tray_open) {
365 scsi_read_complete(r, -ENOMEDIUM);
366 return;
367 }
368
369 first = !r->started;
370 r->started = true;
371 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
372 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
373 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
374 } else {
375 scsi_do_read(r, 0);
376 }
377 }
378
379 /*
380 * scsi_handle_rw_error has two return values. 0 means that the error
381 * must be ignored, 1 means that the error has been processed and the
382 * caller should not do anything else for this request. Note that
383 * scsi_handle_rw_error always manages its reference counts, independent
384 * of the return value.
385 */
386 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
387 {
388 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
389 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
390 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
391
392 if (action == BLOCK_ERR_IGNORE) {
393 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
394 return 0;
395 }
396
397 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
398 || action == BLOCK_ERR_STOP_ANY) {
399
400 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
401 vm_stop(RUN_STATE_IO_ERROR);
402 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
403 scsi_req_retry(&r->req);
404 } else {
405 switch (error) {
406 case ENOMEDIUM:
407 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
408 break;
409 case ENOMEM:
410 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
411 break;
412 case EINVAL:
413 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
414 break;
415 default:
416 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
417 break;
418 }
419 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
420 }
421 return 1;
422 }
423
424 static void scsi_write_complete(void * opaque, int ret)
425 {
426 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
427 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
428 uint32_t n;
429
430 if (r->req.aiocb != NULL) {
431 r->req.aiocb = NULL;
432 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
433 }
434
435 if (ret < 0) {
436 if (scsi_handle_rw_error(r, -ret)) {
437 goto done;
438 }
439 }
440
441 n = r->qiov.size / 512;
442 r->sector += n;
443 r->sector_count -= n;
444 if (r->sector_count == 0) {
445 scsi_write_do_fua(r);
446 return;
447 } else {
448 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
449 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
450 scsi_req_data(&r->req, r->qiov.size);
451 }
452
453 done:
454 if (!r->req.io_canceled) {
455 scsi_req_unref(&r->req);
456 }
457 }
458
459 static void scsi_write_data(SCSIRequest *req)
460 {
461 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
462 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
463 uint32_t n;
464
465 /* No data transfer may already be in progress */
466 assert(r->req.aiocb == NULL);
467
468 /* The request is used as the AIO opaque value, so add a ref. */
469 scsi_req_ref(&r->req);
470 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
471 DPRINTF("Data transfer direction invalid\n");
472 scsi_write_complete(r, -EINVAL);
473 return;
474 }
475
476 if (!r->req.sg && !r->qiov.size) {
477 /* Called for the first time. Ask the driver to send us more data. */
478 r->started = true;
479 scsi_write_complete(r, 0);
480 return;
481 }
482 if (s->tray_open) {
483 scsi_write_complete(r, -ENOMEDIUM);
484 return;
485 }
486
487 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
488 r->req.cmd.buf[0] == VERIFY_16) {
489 if (r->req.sg) {
490 scsi_dma_complete(r, 0);
491 } else {
492 scsi_write_complete(r, 0);
493 }
494 return;
495 }
496
497 if (r->req.sg) {
498 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
499 r->req.resid -= r->req.sg->size;
500 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
501 scsi_dma_complete, r);
502 } else {
503 n = r->qiov.size / 512;
504 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
505 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
506 scsi_write_complete, r);
507 }
508 }
509
510 /* Return a pointer to the data buffer. */
511 static uint8_t *scsi_get_buf(SCSIRequest *req)
512 {
513 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
514
515 return (uint8_t *)r->iov.iov_base;
516 }
517
518 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
519 {
520 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
521 int buflen = 0;
522 int start;
523
524 if (req->cmd.buf[1] & 0x1) {
525 /* Vital product data */
526 uint8_t page_code = req->cmd.buf[2];
527
528 outbuf[buflen++] = s->qdev.type & 0x1f;
529 outbuf[buflen++] = page_code ; // this page
530 outbuf[buflen++] = 0x00;
531 outbuf[buflen++] = 0x00;
532 start = buflen;
533
534 switch (page_code) {
535 case 0x00: /* Supported page codes, mandatory */
536 {
537 DPRINTF("Inquiry EVPD[Supported pages] "
538 "buffer size %zd\n", req->cmd.xfer);
539 outbuf[buflen++] = 0x00; // list of supported pages (this page)
540 if (s->serial) {
541 outbuf[buflen++] = 0x80; // unit serial number
542 }
543 outbuf[buflen++] = 0x83; // device identification
544 if (s->qdev.type == TYPE_DISK) {
545 outbuf[buflen++] = 0xb0; // block limits
546 outbuf[buflen++] = 0xb2; // thin provisioning
547 }
548 break;
549 }
550 case 0x80: /* Device serial number, optional */
551 {
552 int l;
553
554 if (!s->serial) {
555 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
556 return -1;
557 }
558
559 l = strlen(s->serial);
560 if (l > 20) {
561 l = 20;
562 }
563
564 DPRINTF("Inquiry EVPD[Serial number] "
565 "buffer size %zd\n", req->cmd.xfer);
566 memcpy(outbuf+buflen, s->serial, l);
567 buflen += l;
568 break;
569 }
570
571 case 0x83: /* Device identification page, mandatory */
572 {
573 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
574 int max_len = s->serial ? 20 : 255 - 8;
575 int id_len = strlen(str);
576
577 if (id_len > max_len) {
578 id_len = max_len;
579 }
580 DPRINTF("Inquiry EVPD[Device identification] "
581 "buffer size %zd\n", req->cmd.xfer);
582
583 outbuf[buflen++] = 0x2; // ASCII
584 outbuf[buflen++] = 0; // not officially assigned
585 outbuf[buflen++] = 0; // reserved
586 outbuf[buflen++] = id_len; // length of data following
587 memcpy(outbuf+buflen, str, id_len);
588 buflen += id_len;
589
590 if (s->wwn) {
591 outbuf[buflen++] = 0x1; // Binary
592 outbuf[buflen++] = 0x3; // NAA
593 outbuf[buflen++] = 0; // reserved
594 outbuf[buflen++] = 8;
595 stq_be_p(&outbuf[buflen], s->wwn);
596 buflen += 8;
597 }
598 break;
599 }
600 case 0xb0: /* block limits */
601 {
602 unsigned int unmap_sectors =
603 s->qdev.conf.discard_granularity / s->qdev.blocksize;
604 unsigned int min_io_size =
605 s->qdev.conf.min_io_size / s->qdev.blocksize;
606 unsigned int opt_io_size =
607 s->qdev.conf.opt_io_size / s->qdev.blocksize;
608
609 if (s->qdev.type == TYPE_ROM) {
610 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
611 page_code);
612 return -1;
613 }
614 /* required VPD size with unmap support */
615 buflen = 0x40;
616 memset(outbuf + 4, 0, buflen - 4);
617
618 /* optimal transfer length granularity */
619 outbuf[6] = (min_io_size >> 8) & 0xff;
620 outbuf[7] = min_io_size & 0xff;
621
622 /* optimal transfer length */
623 outbuf[12] = (opt_io_size >> 24) & 0xff;
624 outbuf[13] = (opt_io_size >> 16) & 0xff;
625 outbuf[14] = (opt_io_size >> 8) & 0xff;
626 outbuf[15] = opt_io_size & 0xff;
627
628 /* optimal unmap granularity */
629 outbuf[28] = (unmap_sectors >> 24) & 0xff;
630 outbuf[29] = (unmap_sectors >> 16) & 0xff;
631 outbuf[30] = (unmap_sectors >> 8) & 0xff;
632 outbuf[31] = unmap_sectors & 0xff;
633 break;
634 }
635 case 0xb2: /* thin provisioning */
636 {
637 buflen = 8;
638 outbuf[4] = 0;
639 outbuf[5] = 0x60; /* write_same 10/16 supported */
640 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
641 outbuf[7] = 0;
642 break;
643 }
644 default:
645 return -1;
646 }
647 /* done with EVPD */
648 assert(buflen - start <= 255);
649 outbuf[start - 1] = buflen - start;
650 return buflen;
651 }
652
653 /* Standard INQUIRY data */
654 if (req->cmd.buf[2] != 0) {
655 return -1;
656 }
657
658 /* PAGE CODE == 0 */
659 buflen = req->cmd.xfer;
660 if (buflen > SCSI_MAX_INQUIRY_LEN) {
661 buflen = SCSI_MAX_INQUIRY_LEN;
662 }
663 memset(outbuf, 0, buflen);
664
665 outbuf[0] = s->qdev.type & 0x1f;
666 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
667
668 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
669 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
670
671 memset(&outbuf[32], 0, 4);
672 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
673 /*
674 * We claim conformance to SPC-3, which is required for guests
675 * to ask for modern features like READ CAPACITY(16) or the
676 * block characteristics VPD page by default. Not all of SPC-3
677 * is actually implemented, but we're good enough.
678 */
679 outbuf[2] = 5;
680 outbuf[3] = 2; /* Format 2 */
681
682 if (buflen > 36) {
683 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
684 } else {
685 /* If the allocation length of CDB is too small,
686 the additional length is not adjusted */
687 outbuf[4] = 36 - 5;
688 }
689
690 /* Sync data transfer and TCQ. */
691 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
692 return buflen;
693 }
694
695 static inline bool media_is_dvd(SCSIDiskState *s)
696 {
697 uint64_t nb_sectors;
698 if (s->qdev.type != TYPE_ROM) {
699 return false;
700 }
701 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
702 return false;
703 }
704 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
705 return nb_sectors > CD_MAX_SECTORS;
706 }
707
708 static inline bool media_is_cd(SCSIDiskState *s)
709 {
710 uint64_t nb_sectors;
711 if (s->qdev.type != TYPE_ROM) {
712 return false;
713 }
714 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
715 return false;
716 }
717 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
718 return nb_sectors <= CD_MAX_SECTORS;
719 }
720
721 static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
722 uint8_t *outbuf)
723 {
724 uint8_t type = r->req.cmd.buf[1] & 7;
725
726 if (s->qdev.type != TYPE_ROM) {
727 return -1;
728 }
729
730 /* Types 1/2 are only defined for Blu-Ray. */
731 if (type != 0) {
732 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
733 return -1;
734 }
735
736 memset(outbuf, 0, 34);
737 outbuf[1] = 32;
738 outbuf[2] = 0xe; /* last session complete, disc finalized */
739 outbuf[3] = 1; /* first track on disc */
740 outbuf[4] = 1; /* # of sessions */
741 outbuf[5] = 1; /* first track of last session */
742 outbuf[6] = 1; /* last track of last session */
743 outbuf[7] = 0x20; /* unrestricted use */
744 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
745 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
746 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
747 /* 24-31: disc bar code */
748 /* 32: disc application code */
749 /* 33: number of OPC tables */
750
751 return 34;
752 }
753
754 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
755 uint8_t *outbuf)
756 {
757 static const int rds_caps_size[5] = {
758 [0] = 2048 + 4,
759 [1] = 4 + 4,
760 [3] = 188 + 4,
761 [4] = 2048 + 4,
762 };
763
764 uint8_t media = r->req.cmd.buf[1];
765 uint8_t layer = r->req.cmd.buf[6];
766 uint8_t format = r->req.cmd.buf[7];
767 int size = -1;
768
769 if (s->qdev.type != TYPE_ROM) {
770 return -1;
771 }
772 if (media != 0) {
773 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
774 return -1;
775 }
776
777 if (format != 0xff) {
778 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
779 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
780 return -1;
781 }
782 if (media_is_cd(s)) {
783 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
784 return -1;
785 }
786 if (format >= ARRAY_SIZE(rds_caps_size)) {
787 return -1;
788 }
789 size = rds_caps_size[format];
790 memset(outbuf, 0, size);
791 }
792
793 switch (format) {
794 case 0x00: {
795 /* Physical format information */
796 uint64_t nb_sectors;
797 if (layer != 0) {
798 goto fail;
799 }
800 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
801
802 outbuf[4] = 1; /* DVD-ROM, part version 1 */
803 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
804 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
805 outbuf[7] = 0; /* default densities */
806
807 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
808 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
809 break;
810 }
811
812 case 0x01: /* DVD copyright information, all zeros */
813 break;
814
815 case 0x03: /* BCA information - invalid field for no BCA info */
816 return -1;
817
818 case 0x04: /* DVD disc manufacturing information, all zeros */
819 break;
820
821 case 0xff: { /* List capabilities */
822 int i;
823 size = 4;
824 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
825 if (!rds_caps_size[i]) {
826 continue;
827 }
828 outbuf[size] = i;
829 outbuf[size + 1] = 0x40; /* Not writable, readable */
830 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
831 size += 4;
832 }
833 break;
834 }
835
836 default:
837 return -1;
838 }
839
840 /* Size of buffer, not including 2 byte size field */
841 stw_be_p(outbuf, size - 2);
842 return size;
843
844 fail:
845 return -1;
846 }
847
848 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
849 {
850 uint8_t event_code, media_status;
851
852 media_status = 0;
853 if (s->tray_open) {
854 media_status = MS_TRAY_OPEN;
855 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
856 media_status = MS_MEDIA_PRESENT;
857 }
858
859 /* Event notification descriptor */
860 event_code = MEC_NO_CHANGE;
861 if (media_status != MS_TRAY_OPEN) {
862 if (s->media_event) {
863 event_code = MEC_NEW_MEDIA;
864 s->media_event = false;
865 } else if (s->eject_request) {
866 event_code = MEC_EJECT_REQUESTED;
867 s->eject_request = false;
868 }
869 }
870
871 outbuf[0] = event_code;
872 outbuf[1] = media_status;
873
874 /* These fields are reserved, just clear them. */
875 outbuf[2] = 0;
876 outbuf[3] = 0;
877 return 4;
878 }
879
880 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
881 uint8_t *outbuf)
882 {
883 int size;
884 uint8_t *buf = r->req.cmd.buf;
885 uint8_t notification_class_request = buf[4];
886 if (s->qdev.type != TYPE_ROM) {
887 return -1;
888 }
889 if ((buf[1] & 1) == 0) {
890 /* asynchronous */
891 return -1;
892 }
893
894 size = 4;
895 outbuf[0] = outbuf[1] = 0;
896 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
897 if (notification_class_request & (1 << GESN_MEDIA)) {
898 outbuf[2] = GESN_MEDIA;
899 size += scsi_event_status_media(s, &outbuf[size]);
900 } else {
901 outbuf[2] = 0x80;
902 }
903 stw_be_p(outbuf, size - 4);
904 return size;
905 }
906
907 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
908 {
909 int current;
910
911 if (s->qdev.type != TYPE_ROM) {
912 return -1;
913 }
914 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
915 memset(outbuf, 0, 40);
916 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
917 stw_be_p(&outbuf[6], current);
918 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
919 outbuf[10] = 0x03; /* persistent, current */
920 outbuf[11] = 8; /* two profiles */
921 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
922 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
923 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
924 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
925 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
926 stw_be_p(&outbuf[20], 1);
927 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
928 outbuf[23] = 8;
929 stl_be_p(&outbuf[24], 1); /* SCSI */
930 outbuf[28] = 1; /* DBE = 1, mandatory */
931 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
932 stw_be_p(&outbuf[32], 3);
933 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
934 outbuf[35] = 4;
935 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
936 /* TODO: Random readable, CD read, DVD read, drive serial number,
937 power management */
938 return 40;
939 }
940
941 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
942 {
943 if (s->qdev.type != TYPE_ROM) {
944 return -1;
945 }
946 memset(outbuf, 0, 8);
947 outbuf[5] = 1; /* CD-ROM */
948 return 8;
949 }
950
951 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
952 int page_control)
953 {
954 static const int mode_sense_valid[0x3f] = {
955 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
956 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
957 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
958 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
959 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
960 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
961 };
962
963 uint8_t *p = *p_outbuf + 2;
964 int length;
965
966 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
967 return -1;
968 }
969
970 /*
971 * If Changeable Values are requested, a mask denoting those mode parameters
972 * that are changeable shall be returned. As we currently don't support
973 * parameter changes via MODE_SELECT all bits are returned set to zero.
974 * The buffer was already menset to zero by the caller of this function.
975 *
976 * The offsets here are off by two compared to the descriptions in the
977 * SCSI specs, because those include a 2-byte header. This is unfortunate,
978 * but it is done so that offsets are consistent within our implementation
979 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
980 * 2-byte and 4-byte headers.
981 */
982 switch (page) {
983 case MODE_PAGE_HD_GEOMETRY:
984 length = 0x16;
985 if (page_control == 1) { /* Changeable Values */
986 break;
987 }
988 /* if a geometry hint is available, use it */
989 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
990 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
991 p[2] = s->qdev.conf.cyls & 0xff;
992 p[3] = s->qdev.conf.heads & 0xff;
993 /* Write precomp start cylinder, disabled */
994 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
995 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
996 p[6] = s->qdev.conf.cyls & 0xff;
997 /* Reduced current start cylinder, disabled */
998 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
999 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1000 p[9] = s->qdev.conf.cyls & 0xff;
1001 /* Device step rate [ns], 200ns */
1002 p[10] = 0;
1003 p[11] = 200;
1004 /* Landing zone cylinder */
1005 p[12] = 0xff;
1006 p[13] = 0xff;
1007 p[14] = 0xff;
1008 /* Medium rotation rate [rpm], 5400 rpm */
1009 p[18] = (5400 >> 8) & 0xff;
1010 p[19] = 5400 & 0xff;
1011 break;
1012
1013 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
1014 length = 0x1e;
1015 if (page_control == 1) { /* Changeable Values */
1016 break;
1017 }
1018 /* Transfer rate [kbit/s], 5Mbit/s */
1019 p[0] = 5000 >> 8;
1020 p[1] = 5000 & 0xff;
1021 /* if a geometry hint is available, use it */
1022 p[2] = s->qdev.conf.heads & 0xff;
1023 p[3] = s->qdev.conf.secs & 0xff;
1024 p[4] = s->qdev.blocksize >> 8;
1025 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1026 p[7] = s->qdev.conf.cyls & 0xff;
1027 /* Write precomp start cylinder, disabled */
1028 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1029 p[9] = s->qdev.conf.cyls & 0xff;
1030 /* Reduced current start cylinder, disabled */
1031 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1032 p[11] = s->qdev.conf.cyls & 0xff;
1033 /* Device step rate [100us], 100us */
1034 p[12] = 0;
1035 p[13] = 1;
1036 /* Device step pulse width [us], 1us */
1037 p[14] = 1;
1038 /* Device head settle delay [100us], 100us */
1039 p[15] = 0;
1040 p[16] = 1;
1041 /* Motor on delay [0.1s], 0.1s */
1042 p[17] = 1;
1043 /* Motor off delay [0.1s], 0.1s */
1044 p[18] = 1;
1045 /* Medium rotation rate [rpm], 5400 rpm */
1046 p[26] = (5400 >> 8) & 0xff;
1047 p[27] = 5400 & 0xff;
1048 break;
1049
1050 case MODE_PAGE_CACHING:
1051 length = 0x12;
1052 if (page_control == 1) { /* Changeable Values */
1053 break;
1054 }
1055 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1056 p[0] = 4; /* WCE */
1057 }
1058 break;
1059
1060 case MODE_PAGE_R_W_ERROR:
1061 length = 10;
1062 if (page_control == 1) { /* Changeable Values */
1063 break;
1064 }
1065 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
1066 if (s->qdev.type == TYPE_ROM) {
1067 p[1] = 0x20; /* Read Retry Count */
1068 }
1069 break;
1070
1071 case MODE_PAGE_AUDIO_CTL:
1072 length = 14;
1073 break;
1074
1075 case MODE_PAGE_CAPABILITIES:
1076 length = 0x14;
1077 if (page_control == 1) { /* Changeable Values */
1078 break;
1079 }
1080
1081 p[0] = 0x3b; /* CD-R & CD-RW read */
1082 p[1] = 0; /* Writing not supported */
1083 p[2] = 0x7f; /* Audio, composite, digital out,
1084 mode 2 form 1&2, multi session */
1085 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
1086 RW corrected, C2 errors, ISRC,
1087 UPC, Bar code */
1088 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
1089 /* Locking supported, jumper present, eject, tray */
1090 p[5] = 0; /* no volume & mute control, no
1091 changer */
1092 p[6] = (50 * 176) >> 8; /* 50x read speed */
1093 p[7] = (50 * 176) & 0xff;
1094 p[8] = 2 >> 8; /* Two volume levels */
1095 p[9] = 2 & 0xff;
1096 p[10] = 2048 >> 8; /* 2M buffer */
1097 p[11] = 2048 & 0xff;
1098 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1099 p[13] = (16 * 176) & 0xff;
1100 p[16] = (16 * 176) >> 8; /* 16x write speed */
1101 p[17] = (16 * 176) & 0xff;
1102 p[18] = (16 * 176) >> 8; /* 16x write speed current */
1103 p[19] = (16 * 176) & 0xff;
1104 break;
1105
1106 default:
1107 return -1;
1108 }
1109
1110 assert(length < 256);
1111 (*p_outbuf)[0] = page;
1112 (*p_outbuf)[1] = length;
1113 *p_outbuf += length + 2;
1114 return length + 2;
1115 }
1116
1117 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1118 {
1119 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1120 uint64_t nb_sectors;
1121 bool dbd;
1122 int page, buflen, ret, page_control;
1123 uint8_t *p;
1124 uint8_t dev_specific_param;
1125
1126 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1127 page = r->req.cmd.buf[2] & 0x3f;
1128 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1129 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1130 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1131 memset(outbuf, 0, r->req.cmd.xfer);
1132 p = outbuf;
1133
1134 if (s->qdev.type == TYPE_DISK) {
1135 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
1136 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1137 dev_specific_param |= 0x80; /* Readonly. */
1138 }
1139 } else {
1140 /* MMC prescribes that CD/DVD drives have no block descriptors,
1141 * and defines no device-specific parameter. */
1142 dev_specific_param = 0x00;
1143 dbd = true;
1144 }
1145
1146 if (r->req.cmd.buf[0] == MODE_SENSE) {
1147 p[1] = 0; /* Default media type. */
1148 p[2] = dev_specific_param;
1149 p[3] = 0; /* Block descriptor length. */
1150 p += 4;
1151 } else { /* MODE_SENSE_10 */
1152 p[2] = 0; /* Default media type. */
1153 p[3] = dev_specific_param;
1154 p[6] = p[7] = 0; /* Block descriptor length. */
1155 p += 8;
1156 }
1157
1158 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1159 if (!dbd && nb_sectors) {
1160 if (r->req.cmd.buf[0] == MODE_SENSE) {
1161 outbuf[3] = 8; /* Block descriptor length */
1162 } else { /* MODE_SENSE_10 */
1163 outbuf[7] = 8; /* Block descriptor length */
1164 }
1165 nb_sectors /= (s->qdev.blocksize / 512);
1166 if (nb_sectors > 0xffffff) {
1167 nb_sectors = 0;
1168 }
1169 p[0] = 0; /* media density code */
1170 p[1] = (nb_sectors >> 16) & 0xff;
1171 p[2] = (nb_sectors >> 8) & 0xff;
1172 p[3] = nb_sectors & 0xff;
1173 p[4] = 0; /* reserved */
1174 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1175 p[6] = s->qdev.blocksize >> 8;
1176 p[7] = 0;
1177 p += 8;
1178 }
1179
1180 if (page_control == 3) {
1181 /* Saved Values */
1182 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1183 return -1;
1184 }
1185
1186 if (page == 0x3f) {
1187 for (page = 0; page <= 0x3e; page++) {
1188 mode_sense_page(s, page, &p, page_control);
1189 }
1190 } else {
1191 ret = mode_sense_page(s, page, &p, page_control);
1192 if (ret == -1) {
1193 return -1;
1194 }
1195 }
1196
1197 buflen = p - outbuf;
1198 /*
1199 * The mode data length field specifies the length in bytes of the
1200 * following data that is available to be transferred. The mode data
1201 * length does not include itself.
1202 */
1203 if (r->req.cmd.buf[0] == MODE_SENSE) {
1204 outbuf[0] = buflen - 1;
1205 } else { /* MODE_SENSE_10 */
1206 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1207 outbuf[1] = (buflen - 2) & 0xff;
1208 }
1209 return buflen;
1210 }
1211
1212 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1213 {
1214 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1215 int start_track, format, msf, toclen;
1216 uint64_t nb_sectors;
1217
1218 msf = req->cmd.buf[1] & 2;
1219 format = req->cmd.buf[2] & 0xf;
1220 start_track = req->cmd.buf[6];
1221 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1222 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1223 nb_sectors /= s->qdev.blocksize / 512;
1224 switch (format) {
1225 case 0:
1226 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1227 break;
1228 case 1:
1229 /* multi session : only a single session defined */
1230 toclen = 12;
1231 memset(outbuf, 0, 12);
1232 outbuf[1] = 0x0a;
1233 outbuf[2] = 0x01;
1234 outbuf[3] = 0x01;
1235 break;
1236 case 2:
1237 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1238 break;
1239 default:
1240 return -1;
1241 }
1242 return toclen;
1243 }
1244
1245 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1246 {
1247 SCSIRequest *req = &r->req;
1248 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1249 bool start = req->cmd.buf[4] & 1;
1250 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1251
1252 if (s->qdev.type == TYPE_ROM && loej) {
1253 if (!start && !s->tray_open && s->tray_locked) {
1254 scsi_check_condition(r,
1255 bdrv_is_inserted(s->qdev.conf.bs)
1256 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1257 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1258 return -1;
1259 }
1260
1261 if (s->tray_open != !start) {
1262 bdrv_eject(s->qdev.conf.bs, !start);
1263 s->tray_open = !start;
1264 }
1265 }
1266 return 0;
1267 }
1268
1269 static void scsi_disk_emulate_read_data(SCSIRequest *req)
1270 {
1271 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1272 int buflen = r->iov.iov_len;
1273
1274 if (buflen) {
1275 DPRINTF("Read buf_len=%zd\n", buflen);
1276 r->iov.iov_len = 0;
1277 r->started = true;
1278 scsi_req_data(&r->req, buflen);
1279 return;
1280 }
1281
1282 /* This also clears the sense buffer for REQUEST SENSE. */
1283 scsi_req_complete(&r->req, GOOD);
1284 }
1285
1286 static void scsi_disk_emulate_write_data(SCSIRequest *req)
1287 {
1288 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1289
1290 if (r->iov.iov_len) {
1291 int buflen = r->iov.iov_len;
1292 DPRINTF("Write buf_len=%zd\n", buflen);
1293 r->iov.iov_len = 0;
1294 scsi_req_data(&r->req, buflen);
1295 return;
1296 }
1297
1298 switch (req->cmd.buf[0]) {
1299 case MODE_SELECT:
1300 case MODE_SELECT_10:
1301 /* This also clears the sense buffer for REQUEST SENSE. */
1302 scsi_req_complete(&r->req, GOOD);
1303 break;
1304
1305 default:
1306 abort();
1307 }
1308 }
1309
1310 static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
1311 {
1312 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1313 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1314 uint64_t nb_sectors;
1315 uint8_t *outbuf;
1316 int buflen;
1317
1318 switch (req->cmd.buf[0]) {
1319 case INQUIRY:
1320 case MODE_SENSE:
1321 case MODE_SENSE_10:
1322 case RESERVE:
1323 case RESERVE_10:
1324 case RELEASE:
1325 case RELEASE_10:
1326 case START_STOP:
1327 case ALLOW_MEDIUM_REMOVAL:
1328 case GET_CONFIGURATION:
1329 case GET_EVENT_STATUS_NOTIFICATION:
1330 case MECHANISM_STATUS:
1331 case REQUEST_SENSE:
1332 break;
1333
1334 default:
1335 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1336 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1337 return 0;
1338 }
1339 break;
1340 }
1341
1342 if (!r->iov.iov_base) {
1343 /*
1344 * FIXME: we shouldn't return anything bigger than 4k, but the code
1345 * requires the buffer to be as big as req->cmd.xfer in several
1346 * places. So, do not allow CDBs with a very large ALLOCATION
1347 * LENGTH. The real fix would be to modify scsi_read_data and
1348 * dma_buf_read, so that they return data beyond the buflen
1349 * as all zeros.
1350 */
1351 if (req->cmd.xfer > 65536) {
1352 goto illegal_request;
1353 }
1354 r->buflen = MAX(4096, req->cmd.xfer);
1355 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1356 }
1357
1358 buflen = req->cmd.xfer;
1359 outbuf = r->iov.iov_base;
1360 switch (req->cmd.buf[0]) {
1361 case TEST_UNIT_READY:
1362 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1363 break;
1364 case INQUIRY:
1365 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1366 if (buflen < 0) {
1367 goto illegal_request;
1368 }
1369 break;
1370 case MODE_SENSE:
1371 case MODE_SENSE_10:
1372 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1373 if (buflen < 0) {
1374 goto illegal_request;
1375 }
1376 break;
1377 case READ_TOC:
1378 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1379 if (buflen < 0) {
1380 goto illegal_request;
1381 }
1382 break;
1383 case RESERVE:
1384 if (req->cmd.buf[1] & 1) {
1385 goto illegal_request;
1386 }
1387 break;
1388 case RESERVE_10:
1389 if (req->cmd.buf[1] & 3) {
1390 goto illegal_request;
1391 }
1392 break;
1393 case RELEASE:
1394 if (req->cmd.buf[1] & 1) {
1395 goto illegal_request;
1396 }
1397 break;
1398 case RELEASE_10:
1399 if (req->cmd.buf[1] & 3) {
1400 goto illegal_request;
1401 }
1402 break;
1403 case START_STOP:
1404 if (scsi_disk_emulate_start_stop(r) < 0) {
1405 return 0;
1406 }
1407 break;
1408 case ALLOW_MEDIUM_REMOVAL:
1409 s->tray_locked = req->cmd.buf[4] & 1;
1410 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1411 break;
1412 case READ_CAPACITY_10:
1413 /* The normal LEN field for this command is zero. */
1414 memset(outbuf, 0, 8);
1415 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1416 if (!nb_sectors) {
1417 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1418 return -1;
1419 }
1420 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1421 goto illegal_request;
1422 }
1423 nb_sectors /= s->qdev.blocksize / 512;
1424 /* Returned value is the address of the last sector. */
1425 nb_sectors--;
1426 /* Remember the new size for read/write sanity checking. */
1427 s->qdev.max_lba = nb_sectors;
1428 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1429 if (nb_sectors > UINT32_MAX) {
1430 nb_sectors = UINT32_MAX;
1431 }
1432 outbuf[0] = (nb_sectors >> 24) & 0xff;
1433 outbuf[1] = (nb_sectors >> 16) & 0xff;
1434 outbuf[2] = (nb_sectors >> 8) & 0xff;
1435 outbuf[3] = nb_sectors & 0xff;
1436 outbuf[4] = 0;
1437 outbuf[5] = 0;
1438 outbuf[6] = s->qdev.blocksize >> 8;
1439 outbuf[7] = 0;
1440 buflen = 8;
1441 break;
1442 case REQUEST_SENSE:
1443 /* Just return "NO SENSE". */
1444 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1445 (req->cmd.buf[1] & 1) == 0);
1446 break;
1447 case MECHANISM_STATUS:
1448 buflen = scsi_emulate_mechanism_status(s, outbuf);
1449 if (buflen < 0) {
1450 goto illegal_request;
1451 }
1452 break;
1453 case GET_CONFIGURATION:
1454 buflen = scsi_get_configuration(s, outbuf);
1455 if (buflen < 0) {
1456 goto illegal_request;
1457 }
1458 break;
1459 case GET_EVENT_STATUS_NOTIFICATION:
1460 buflen = scsi_get_event_status_notification(s, r, outbuf);
1461 if (buflen < 0) {
1462 goto illegal_request;
1463 }
1464 break;
1465 case READ_DISC_INFORMATION:
1466 buflen = scsi_read_disc_information(s, r, outbuf);
1467 if (buflen < 0) {
1468 goto illegal_request;
1469 }
1470 break;
1471 case READ_DVD_STRUCTURE:
1472 buflen = scsi_read_dvd_structure(s, r, outbuf);
1473 if (buflen < 0) {
1474 goto illegal_request;
1475 }
1476 break;
1477 case SERVICE_ACTION_IN_16:
1478 /* Service Action In subcommands. */
1479 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1480 DPRINTF("SAI READ CAPACITY(16)\n");
1481 memset(outbuf, 0, req->cmd.xfer);
1482 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1483 if (!nb_sectors) {
1484 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1485 return -1;
1486 }
1487 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1488 goto illegal_request;
1489 }
1490 nb_sectors /= s->qdev.blocksize / 512;
1491 /* Returned value is the address of the last sector. */
1492 nb_sectors--;
1493 /* Remember the new size for read/write sanity checking. */
1494 s->qdev.max_lba = nb_sectors;
1495 outbuf[0] = (nb_sectors >> 56) & 0xff;
1496 outbuf[1] = (nb_sectors >> 48) & 0xff;
1497 outbuf[2] = (nb_sectors >> 40) & 0xff;
1498 outbuf[3] = (nb_sectors >> 32) & 0xff;
1499 outbuf[4] = (nb_sectors >> 24) & 0xff;
1500 outbuf[5] = (nb_sectors >> 16) & 0xff;
1501 outbuf[6] = (nb_sectors >> 8) & 0xff;
1502 outbuf[7] = nb_sectors & 0xff;
1503 outbuf[8] = 0;
1504 outbuf[9] = 0;
1505 outbuf[10] = s->qdev.blocksize >> 8;
1506 outbuf[11] = 0;
1507 outbuf[12] = 0;
1508 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1509
1510 /* set TPE bit if the format supports discard */
1511 if (s->qdev.conf.discard_granularity) {
1512 outbuf[14] = 0x80;
1513 }
1514
1515 /* Protection, exponent and lowest lba field left blank. */
1516 buflen = req->cmd.xfer;
1517 break;
1518 }
1519 DPRINTF("Unsupported Service Action In\n");
1520 goto illegal_request;
1521 case SYNCHRONIZE_CACHE:
1522 /* The request is used as the AIO opaque value, so add a ref. */
1523 scsi_req_ref(&r->req);
1524 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1525 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_aio_complete, r);
1526 return 0;
1527 case SEEK_10:
1528 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1529 if (r->req.cmd.lba > s->qdev.max_lba) {
1530 goto illegal_lba;
1531 }
1532 break;
1533 case MODE_SELECT:
1534 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1535 /* We don't support mode parameter changes.
1536 Allow the mode parameter header + block descriptors only. */
1537 if (r->req.cmd.xfer > 12) {
1538 goto illegal_request;
1539 }
1540 break;
1541 case MODE_SELECT_10:
1542 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1543 /* We don't support mode parameter changes.
1544 Allow the mode parameter header + block descriptors only. */
1545 if (r->req.cmd.xfer > 16) {
1546 goto illegal_request;
1547 }
1548 break;
1549 case WRITE_SAME_10:
1550 nb_sectors = lduw_be_p(&req->cmd.buf[7]);
1551 goto write_same;
1552 case WRITE_SAME_16:
1553 nb_sectors = ldl_be_p(&req->cmd.buf[10]) & 0xffffffffULL;
1554 write_same:
1555 if (r->req.cmd.lba > s->qdev.max_lba) {
1556 goto illegal_lba;
1557 }
1558
1559 /*
1560 * We only support WRITE SAME with the unmap bit set for now.
1561 */
1562 if (!(req->cmd.buf[1] & 0x8)) {
1563 goto illegal_request;
1564 }
1565
1566 /* The request is used as the AIO opaque value, so add a ref. */
1567 scsi_req_ref(&r->req);
1568 r->req.aiocb = bdrv_aio_discard(s->qdev.conf.bs,
1569 r->req.cmd.lba * (s->qdev.blocksize / 512),
1570 nb_sectors * (s->qdev.blocksize / 512),
1571 scsi_aio_complete, r);
1572 return 0;
1573 default:
1574 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1575 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1576 return 0;
1577 }
1578 assert(!r->req.aiocb);
1579 r->iov.iov_len = MIN(buflen, req->cmd.xfer);
1580 if (r->iov.iov_len == 0) {
1581 scsi_req_complete(&r->req, GOOD);
1582 }
1583 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1584 assert(r->iov.iov_len == req->cmd.xfer);
1585 return -r->iov.iov_len;
1586 } else {
1587 return r->iov.iov_len;
1588 }
1589
1590 illegal_request:
1591 if (r->req.status == -1) {
1592 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1593 }
1594 return 0;
1595
1596 illegal_lba:
1597 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1598 return 0;
1599 }
1600
1601 /* Execute a scsi command. Returns the length of the data expected by the
1602 command. This will be Positive for data transfers from the device
1603 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1604 and zero if the command does not transfer any data. */
1605
1606 static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
1607 {
1608 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1609 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1610 int32_t len;
1611 uint8_t command;
1612
1613 command = buf[0];
1614
1615 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1616 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1617 return 0;
1618 }
1619
1620 switch (command) {
1621 case READ_6:
1622 case READ_10:
1623 case READ_12:
1624 case READ_16:
1625 len = r->req.cmd.xfer / s->qdev.blocksize;
1626 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1627 if (r->req.cmd.lba > s->qdev.max_lba) {
1628 goto illegal_lba;
1629 }
1630 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1631 r->sector_count = len * (s->qdev.blocksize / 512);
1632 break;
1633 case VERIFY_10:
1634 case VERIFY_12:
1635 case VERIFY_16:
1636 case WRITE_6:
1637 case WRITE_10:
1638 case WRITE_12:
1639 case WRITE_16:
1640 case WRITE_VERIFY_10:
1641 case WRITE_VERIFY_12:
1642 case WRITE_VERIFY_16:
1643 len = r->req.cmd.xfer / s->qdev.blocksize;
1644 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1645 (command & 0xe) == 0xe ? "And Verify " : "",
1646 r->req.cmd.lba, len);
1647 if (r->req.cmd.lba > s->qdev.max_lba) {
1648 goto illegal_lba;
1649 }
1650 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1651 r->sector_count = len * (s->qdev.blocksize / 512);
1652 break;
1653 default:
1654 abort();
1655 illegal_lba:
1656 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1657 return 0;
1658 }
1659 if (r->sector_count == 0) {
1660 scsi_req_complete(&r->req, GOOD);
1661 }
1662 assert(r->iov.iov_len == 0);
1663 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1664 return -r->sector_count * 512;
1665 } else {
1666 return r->sector_count * 512;
1667 }
1668 }
1669
1670 static void scsi_disk_reset(DeviceState *dev)
1671 {
1672 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1673 uint64_t nb_sectors;
1674
1675 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1676
1677 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1678 nb_sectors /= s->qdev.blocksize / 512;
1679 if (nb_sectors) {
1680 nb_sectors--;
1681 }
1682 s->qdev.max_lba = nb_sectors;
1683 }
1684
1685 static void scsi_destroy(SCSIDevice *dev)
1686 {
1687 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1688
1689 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1690 blockdev_mark_auto_del(s->qdev.conf.bs);
1691 }
1692
1693 static void scsi_cd_change_media_cb(void *opaque, bool load)
1694 {
1695 SCSIDiskState *s = opaque;
1696
1697 /*
1698 * When a CD gets changed, we have to report an ejected state and
1699 * then a loaded state to guests so that they detect tray
1700 * open/close and media change events. Guests that do not use
1701 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1702 * states rely on this behavior.
1703 *
1704 * media_changed governs the state machine used for unit attention
1705 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1706 */
1707 s->media_changed = load;
1708 s->tray_open = !load;
1709 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1710 s->media_event = true;
1711 s->eject_request = false;
1712 }
1713
1714 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1715 {
1716 SCSIDiskState *s = opaque;
1717
1718 s->eject_request = true;
1719 if (force) {
1720 s->tray_locked = false;
1721 }
1722 }
1723
1724 static bool scsi_cd_is_tray_open(void *opaque)
1725 {
1726 return ((SCSIDiskState *)opaque)->tray_open;
1727 }
1728
1729 static bool scsi_cd_is_medium_locked(void *opaque)
1730 {
1731 return ((SCSIDiskState *)opaque)->tray_locked;
1732 }
1733
1734 static const BlockDevOps scsi_cd_block_ops = {
1735 .change_media_cb = scsi_cd_change_media_cb,
1736 .eject_request_cb = scsi_cd_eject_request_cb,
1737 .is_tray_open = scsi_cd_is_tray_open,
1738 .is_medium_locked = scsi_cd_is_medium_locked,
1739 };
1740
1741 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1742 {
1743 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1744 if (s->media_changed) {
1745 s->media_changed = false;
1746 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1747 }
1748 }
1749
1750 static int scsi_initfn(SCSIDevice *dev)
1751 {
1752 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1753
1754 if (!s->qdev.conf.bs) {
1755 error_report("drive property not set");
1756 return -1;
1757 }
1758
1759 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1760 !bdrv_is_inserted(s->qdev.conf.bs)) {
1761 error_report("Device needs media, but drive is empty");
1762 return -1;
1763 }
1764
1765 blkconf_serial(&s->qdev.conf, &s->serial);
1766 if (blkconf_geometry(&dev->conf, NULL, 65535, 255, 255) < 0) {
1767 return -1;
1768 }
1769
1770 if (!s->version) {
1771 s->version = g_strdup(qemu_get_version());
1772 }
1773 if (!s->vendor) {
1774 s->vendor = g_strdup("QEMU");
1775 }
1776
1777 if (bdrv_is_sg(s->qdev.conf.bs)) {
1778 error_report("unwanted /dev/sg*");
1779 return -1;
1780 }
1781
1782 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1783 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1784 }
1785 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1786
1787 bdrv_iostatus_enable(s->qdev.conf.bs);
1788 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1789 return 0;
1790 }
1791
1792 static int scsi_hd_initfn(SCSIDevice *dev)
1793 {
1794 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1795 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1796 s->qdev.type = TYPE_DISK;
1797 if (!s->product) {
1798 s->product = g_strdup("QEMU HARDDISK");
1799 }
1800 return scsi_initfn(&s->qdev);
1801 }
1802
1803 static int scsi_cd_initfn(SCSIDevice *dev)
1804 {
1805 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1806 s->qdev.blocksize = 2048;
1807 s->qdev.type = TYPE_ROM;
1808 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1809 if (!s->product) {
1810 s->product = g_strdup("QEMU CD-ROM");
1811 }
1812 return scsi_initfn(&s->qdev);
1813 }
1814
1815 static int scsi_disk_initfn(SCSIDevice *dev)
1816 {
1817 DriveInfo *dinfo;
1818
1819 if (!dev->conf.bs) {
1820 return scsi_initfn(dev); /* ... and die there */
1821 }
1822
1823 dinfo = drive_get_by_blockdev(dev->conf.bs);
1824 if (dinfo->media_cd) {
1825 return scsi_cd_initfn(dev);
1826 } else {
1827 return scsi_hd_initfn(dev);
1828 }
1829 }
1830
1831 static const SCSIReqOps scsi_disk_emulate_reqops = {
1832 .size = sizeof(SCSIDiskReq),
1833 .free_req = scsi_free_request,
1834 .send_command = scsi_disk_emulate_command,
1835 .read_data = scsi_disk_emulate_read_data,
1836 .write_data = scsi_disk_emulate_write_data,
1837 .get_buf = scsi_get_buf,
1838 };
1839
1840 static const SCSIReqOps scsi_disk_dma_reqops = {
1841 .size = sizeof(SCSIDiskReq),
1842 .free_req = scsi_free_request,
1843 .send_command = scsi_disk_dma_command,
1844 .read_data = scsi_read_data,
1845 .write_data = scsi_write_data,
1846 .cancel_io = scsi_cancel_io,
1847 .get_buf = scsi_get_buf,
1848 .load_request = scsi_disk_load_request,
1849 .save_request = scsi_disk_save_request,
1850 };
1851
1852 static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
1853 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
1854 [INQUIRY] = &scsi_disk_emulate_reqops,
1855 [MODE_SENSE] = &scsi_disk_emulate_reqops,
1856 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
1857 [START_STOP] = &scsi_disk_emulate_reqops,
1858 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
1859 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
1860 [READ_TOC] = &scsi_disk_emulate_reqops,
1861 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
1862 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
1863 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
1864 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
1865 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
1866 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
1867 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
1868 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
1869 [SEEK_10] = &scsi_disk_emulate_reqops,
1870 [MODE_SELECT] = &scsi_disk_emulate_reqops,
1871 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
1872 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
1873 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
1874
1875 [READ_6] = &scsi_disk_dma_reqops,
1876 [READ_10] = &scsi_disk_dma_reqops,
1877 [READ_12] = &scsi_disk_dma_reqops,
1878 [READ_16] = &scsi_disk_dma_reqops,
1879 [VERIFY_10] = &scsi_disk_dma_reqops,
1880 [VERIFY_12] = &scsi_disk_dma_reqops,
1881 [VERIFY_16] = &scsi_disk_dma_reqops,
1882 [WRITE_6] = &scsi_disk_dma_reqops,
1883 [WRITE_10] = &scsi_disk_dma_reqops,
1884 [WRITE_12] = &scsi_disk_dma_reqops,
1885 [WRITE_16] = &scsi_disk_dma_reqops,
1886 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
1887 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
1888 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
1889 };
1890
1891 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1892 uint8_t *buf, void *hba_private)
1893 {
1894 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1895 SCSIRequest *req;
1896 const SCSIReqOps *ops;
1897 uint8_t command;
1898
1899 #ifdef DEBUG_SCSI
1900 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, buf[0]);
1901 {
1902 int i;
1903 for (i = 1; i < r->req.cmd.len; i++) {
1904 printf(" 0x%02x", buf[i]);
1905 }
1906 printf("\n");
1907 }
1908 #endif
1909
1910 command = buf[0];
1911 ops = scsi_disk_reqops_dispatch[command];
1912 if (!ops) {
1913 ops = &scsi_disk_emulate_reqops;
1914 }
1915 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
1916 return req;
1917 }
1918
1919 #ifdef __linux__
1920 static int get_device_type(SCSIDiskState *s)
1921 {
1922 BlockDriverState *bdrv = s->qdev.conf.bs;
1923 uint8_t cmd[16];
1924 uint8_t buf[36];
1925 uint8_t sensebuf[8];
1926 sg_io_hdr_t io_header;
1927 int ret;
1928
1929 memset(cmd, 0, sizeof(cmd));
1930 memset(buf, 0, sizeof(buf));
1931 cmd[0] = INQUIRY;
1932 cmd[4] = sizeof(buf);
1933
1934 memset(&io_header, 0, sizeof(io_header));
1935 io_header.interface_id = 'S';
1936 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1937 io_header.dxfer_len = sizeof(buf);
1938 io_header.dxferp = buf;
1939 io_header.cmdp = cmd;
1940 io_header.cmd_len = sizeof(cmd);
1941 io_header.mx_sb_len = sizeof(sensebuf);
1942 io_header.sbp = sensebuf;
1943 io_header.timeout = 6000; /* XXX */
1944
1945 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1946 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1947 return -1;
1948 }
1949 s->qdev.type = buf[0];
1950 if (buf[1] & 0x80) {
1951 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1952 }
1953 return 0;
1954 }
1955
1956 static int scsi_block_initfn(SCSIDevice *dev)
1957 {
1958 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1959 int sg_version;
1960 int rc;
1961
1962 if (!s->qdev.conf.bs) {
1963 error_report("scsi-block: drive property not set");
1964 return -1;
1965 }
1966
1967 /* check we are using a driver managing SG_IO (version 3 and after) */
1968 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1969 sg_version < 30000) {
1970 error_report("scsi-block: scsi generic interface too old");
1971 return -1;
1972 }
1973
1974 /* get device type from INQUIRY data */
1975 rc = get_device_type(s);
1976 if (rc < 0) {
1977 error_report("scsi-block: INQUIRY failed");
1978 return -1;
1979 }
1980
1981 /* Make a guess for the block size, we'll fix it when the guest sends.
1982 * READ CAPACITY. If they don't, they likely would assume these sizes
1983 * anyway. (TODO: check in /sys).
1984 */
1985 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1986 s->qdev.blocksize = 2048;
1987 } else {
1988 s->qdev.blocksize = 512;
1989 }
1990 return scsi_initfn(&s->qdev);
1991 }
1992
1993 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1994 uint32_t lun, uint8_t *buf,
1995 void *hba_private)
1996 {
1997 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1998
1999 switch (buf[0]) {
2000 case READ_6:
2001 case READ_10:
2002 case READ_12:
2003 case READ_16:
2004 case VERIFY_10:
2005 case VERIFY_12:
2006 case VERIFY_16:
2007 case WRITE_6:
2008 case WRITE_10:
2009 case WRITE_12:
2010 case WRITE_16:
2011 case WRITE_VERIFY_10:
2012 case WRITE_VERIFY_12:
2013 case WRITE_VERIFY_16:
2014 /* If we are not using O_DIRECT, we might read stale data from the
2015 * host cache if writes were made using other commands than these
2016 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
2017 * O_DIRECT everything must go through SG_IO.
2018 */
2019 if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) {
2020 break;
2021 }
2022
2023 /* MMC writing cannot be done via pread/pwrite, because it sometimes
2024 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
2025 * And once you do these writes, reading from the block device is
2026 * unreliable, too. It is even possible that reads deliver random data
2027 * from the host page cache (this is probably a Linux bug).
2028 *
2029 * We might use scsi_disk_dma_reqops as long as no writing commands are
2030 * seen, but performance usually isn't paramount on optical media. So,
2031 * just make scsi-block operate the same as scsi-generic for them.
2032 */
2033 if (s->qdev.type != TYPE_ROM) {
2034 return scsi_req_alloc(&scsi_disk_dma_reqops, &s->qdev, tag, lun,
2035 hba_private);
2036 }
2037 }
2038
2039 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2040 hba_private);
2041 }
2042 #endif
2043
2044 #define DEFINE_SCSI_DISK_PROPERTIES() \
2045 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
2046 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2047 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2048 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2049 DEFINE_PROP_STRING("product", SCSIDiskState, product)
2050
2051 static Property scsi_hd_properties[] = {
2052 DEFINE_SCSI_DISK_PROPERTIES(),
2053 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2054 SCSI_DISK_F_REMOVABLE, false),
2055 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2056 SCSI_DISK_F_DPOFUA, false),
2057 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2058 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
2059 DEFINE_PROP_END_OF_LIST(),
2060 };
2061
2062 static const VMStateDescription vmstate_scsi_disk_state = {
2063 .name = "scsi-disk",
2064 .version_id = 1,
2065 .minimum_version_id = 1,
2066 .minimum_version_id_old = 1,
2067 .fields = (VMStateField[]) {
2068 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2069 VMSTATE_BOOL(media_changed, SCSIDiskState),
2070 VMSTATE_BOOL(media_event, SCSIDiskState),
2071 VMSTATE_BOOL(eject_request, SCSIDiskState),
2072 VMSTATE_BOOL(tray_open, SCSIDiskState),
2073 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2074 VMSTATE_END_OF_LIST()
2075 }
2076 };
2077
2078 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2079 {
2080 DeviceClass *dc = DEVICE_CLASS(klass);
2081 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2082
2083 sc->init = scsi_hd_initfn;
2084 sc->destroy = scsi_destroy;
2085 sc->alloc_req = scsi_new_request;
2086 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2087 dc->fw_name = "disk";
2088 dc->desc = "virtual SCSI disk";
2089 dc->reset = scsi_disk_reset;
2090 dc->props = scsi_hd_properties;
2091 dc->vmsd = &vmstate_scsi_disk_state;
2092 }
2093
2094 static TypeInfo scsi_hd_info = {
2095 .name = "scsi-hd",
2096 .parent = TYPE_SCSI_DEVICE,
2097 .instance_size = sizeof(SCSIDiskState),
2098 .class_init = scsi_hd_class_initfn,
2099 };
2100
2101 static Property scsi_cd_properties[] = {
2102 DEFINE_SCSI_DISK_PROPERTIES(),
2103 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2104 DEFINE_PROP_END_OF_LIST(),
2105 };
2106
2107 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2108 {
2109 DeviceClass *dc = DEVICE_CLASS(klass);
2110 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2111
2112 sc->init = scsi_cd_initfn;
2113 sc->destroy = scsi_destroy;
2114 sc->alloc_req = scsi_new_request;
2115 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2116 dc->fw_name = "disk";
2117 dc->desc = "virtual SCSI CD-ROM";
2118 dc->reset = scsi_disk_reset;
2119 dc->props = scsi_cd_properties;
2120 dc->vmsd = &vmstate_scsi_disk_state;
2121 }
2122
2123 static TypeInfo scsi_cd_info = {
2124 .name = "scsi-cd",
2125 .parent = TYPE_SCSI_DEVICE,
2126 .instance_size = sizeof(SCSIDiskState),
2127 .class_init = scsi_cd_class_initfn,
2128 };
2129
2130 #ifdef __linux__
2131 static Property scsi_block_properties[] = {
2132 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs),
2133 DEFINE_PROP_END_OF_LIST(),
2134 };
2135
2136 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2137 {
2138 DeviceClass *dc = DEVICE_CLASS(klass);
2139 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2140
2141 sc->init = scsi_block_initfn;
2142 sc->destroy = scsi_destroy;
2143 sc->alloc_req = scsi_block_new_request;
2144 dc->fw_name = "disk";
2145 dc->desc = "SCSI block device passthrough";
2146 dc->reset = scsi_disk_reset;
2147 dc->props = scsi_block_properties;
2148 dc->vmsd = &vmstate_scsi_disk_state;
2149 }
2150
2151 static TypeInfo scsi_block_info = {
2152 .name = "scsi-block",
2153 .parent = TYPE_SCSI_DEVICE,
2154 .instance_size = sizeof(SCSIDiskState),
2155 .class_init = scsi_block_class_initfn,
2156 };
2157 #endif
2158
2159 static Property scsi_disk_properties[] = {
2160 DEFINE_SCSI_DISK_PROPERTIES(),
2161 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2162 SCSI_DISK_F_REMOVABLE, false),
2163 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2164 SCSI_DISK_F_DPOFUA, false),
2165 DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0),
2166 DEFINE_PROP_END_OF_LIST(),
2167 };
2168
2169 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2170 {
2171 DeviceClass *dc = DEVICE_CLASS(klass);
2172 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2173
2174 sc->init = scsi_disk_initfn;
2175 sc->destroy = scsi_destroy;
2176 sc->alloc_req = scsi_new_request;
2177 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2178 dc->fw_name = "disk";
2179 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2180 dc->reset = scsi_disk_reset;
2181 dc->props = scsi_disk_properties;
2182 dc->vmsd = &vmstate_scsi_disk_state;
2183 }
2184
2185 static TypeInfo scsi_disk_info = {
2186 .name = "scsi-disk",
2187 .parent = TYPE_SCSI_DEVICE,
2188 .instance_size = sizeof(SCSIDiskState),
2189 .class_init = scsi_disk_class_initfn,
2190 };
2191
2192 static void scsi_disk_register_types(void)
2193 {
2194 type_register_static(&scsi_hd_info);
2195 type_register_static(&scsi_cd_info);
2196 #ifdef __linux__
2197 type_register_static(&scsi_block_info);
2198 #endif
2199 type_register_static(&scsi_disk_info);
2200 }
2201
2202 type_init(scsi_disk_register_types)
Qemu copy for testing