]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
block: Emit BLOCK_IO_ERROR before vm_stop() call
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 #include <qemu-common.h>
23 #include <sysemu.h>
24 //#define DEBUG_SCSI
25
26 #ifdef DEBUG_SCSI
27 #define DPRINTF(fmt, ...) \
28 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29 #else
30 #define DPRINTF(fmt, ...) do {} while(0)
31 #endif
32
33 #define BADF(fmt, ...) \
34 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
35
36 #include "qemu-common.h"
37 #include "block.h"
38 #include "scsi.h"
39 #include "scsi-defs.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45
46 typedef struct SCSIDiskState SCSIDiskState;
47
48 typedef struct SCSIDiskReq {
49 SCSIRequest req;
50 /* ??? We should probably keep track of whether the data transfer is
51 a read or a write. Currently we rely on the host getting it right. */
52 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
53 uint64_t sector;
54 uint32_t sector_count;
55 struct iovec iov;
56 QEMUIOVector qiov;
57 uint32_t status;
58 } SCSIDiskReq;
59
60 struct SCSIDiskState
61 {
62 SCSIDevice qdev;
63 BlockDriverState *bs;
64 /* The qemu block layer uses a fixed 512 byte sector size.
65 This is the number of 512 byte blocks in a single scsi sector. */
66 int cluster_size;
67 uint64_t max_lba;
68 QEMUBH *bh;
69 char *version;
70 };
71
72 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
73 {
74 SCSIRequest *req;
75 SCSIDiskReq *r;
76
77 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
78 r = DO_UPCAST(SCSIDiskReq, req, req);
79 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
80 return r;
81 }
82
83 static void scsi_remove_request(SCSIDiskReq *r)
84 {
85 qemu_vfree(r->iov.iov_base);
86 scsi_req_free(&r->req);
87 }
88
89 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
90 {
91 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
92 }
93
94 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
95 {
96 req->status = status;
97 scsi_dev_set_sense(req->dev, sense_code);
98 }
99
100 /* Helper function for command completion. */
101 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
102 {
103 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
104 r->req.tag, status, sense);
105 scsi_req_set_status(&r->req, status, sense);
106 scsi_req_complete(&r->req);
107 scsi_remove_request(r);
108 }
109
110 /* Cancel a pending data transfer. */
111 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
112 {
113 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
114 SCSIDiskReq *r;
115 DPRINTF("Cancel tag=0x%x\n", tag);
116 r = scsi_find_request(s, tag);
117 if (r) {
118 if (r->req.aiocb)
119 bdrv_aio_cancel(r->req.aiocb);
120 r->req.aiocb = NULL;
121 scsi_remove_request(r);
122 }
123 }
124
125 static void scsi_read_complete(void * opaque, int ret)
126 {
127 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
128
129 if (ret) {
130 DPRINTF("IO error\n");
131 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
132 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
133 return;
134 }
135 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
136
137 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
138 }
139
140 /* Read more data from scsi device into buffer. */
141 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
142 {
143 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
144 SCSIDiskReq *r;
145 uint32_t n;
146
147 r = scsi_find_request(s, tag);
148 if (!r) {
149 BADF("Bad read tag 0x%x\n", tag);
150 /* ??? This is the wrong error. */
151 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
152 return;
153 }
154 if (r->sector_count == (uint32_t)-1) {
155 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
156 r->sector_count = 0;
157 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
158 return;
159 }
160 DPRINTF("Read sector_count=%d\n", r->sector_count);
161 if (r->sector_count == 0) {
162 scsi_command_complete(r, GOOD, NO_SENSE);
163 return;
164 }
165
166 n = r->sector_count;
167 if (n > SCSI_DMA_BUF_SIZE / 512)
168 n = SCSI_DMA_BUF_SIZE / 512;
169
170 r->iov.iov_len = n * 512;
171 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
172 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
173 scsi_read_complete, r);
174 if (r->req.aiocb == NULL)
175 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
176 r->sector += n;
177 r->sector_count -= n;
178 }
179
180 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
181 {
182 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
183 BlockInterfaceErrorAction action = drive_get_on_error(s->bs, 0);
184
185 if (action == BLOCK_ERR_IGNORE) {
186 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, 0);
187 return 0;
188 }
189
190 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
191 || action == BLOCK_ERR_STOP_ANY) {
192 r->status |= SCSI_REQ_STATUS_RETRY;
193 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, 0);
194 vm_stop(0);
195 } else {
196 scsi_command_complete(r, CHECK_CONDITION,
197 HARDWARE_ERROR);
198 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, 0);
199 }
200
201 return 1;
202 }
203
204 static void scsi_write_complete(void * opaque, int ret)
205 {
206 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
207 uint32_t len;
208 uint32_t n;
209
210 r->req.aiocb = NULL;
211
212 if (ret) {
213 if (scsi_handle_write_error(r, -ret))
214 return;
215 }
216
217 n = r->iov.iov_len / 512;
218 r->sector += n;
219 r->sector_count -= n;
220 if (r->sector_count == 0) {
221 scsi_command_complete(r, GOOD, NO_SENSE);
222 } else {
223 len = r->sector_count * 512;
224 if (len > SCSI_DMA_BUF_SIZE) {
225 len = SCSI_DMA_BUF_SIZE;
226 }
227 r->iov.iov_len = len;
228 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
229 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
230 }
231 }
232
233 static void scsi_write_request(SCSIDiskReq *r)
234 {
235 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
236 uint32_t n;
237
238 n = r->iov.iov_len / 512;
239 if (n) {
240 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
241 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
242 scsi_write_complete, r);
243 if (r->req.aiocb == NULL)
244 scsi_command_complete(r, CHECK_CONDITION,
245 HARDWARE_ERROR);
246 } else {
247 /* Invoke completion routine to fetch data from host. */
248 scsi_write_complete(r, 0);
249 }
250 }
251
252 /* Write data to a scsi device. Returns nonzero on failure.
253 The transfer may complete asynchronously. */
254 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
255 {
256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
257 SCSIDiskReq *r;
258
259 DPRINTF("Write data tag=0x%x\n", tag);
260 r = scsi_find_request(s, tag);
261 if (!r) {
262 BADF("Bad write tag 0x%x\n", tag);
263 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
264 return 1;
265 }
266
267 if (r->req.aiocb)
268 BADF("Data transfer already in progress\n");
269
270 scsi_write_request(r);
271
272 return 0;
273 }
274
275 static void scsi_dma_restart_bh(void *opaque)
276 {
277 SCSIDiskState *s = opaque;
278 SCSIRequest *req;
279 SCSIDiskReq *r;
280
281 qemu_bh_delete(s->bh);
282 s->bh = NULL;
283
284 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
285 r = DO_UPCAST(SCSIDiskReq, req, req);
286 if (r->status & SCSI_REQ_STATUS_RETRY) {
287 r->status &= ~SCSI_REQ_STATUS_RETRY;
288 scsi_write_request(r);
289 }
290 }
291 }
292
293 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
294 {
295 SCSIDiskState *s = opaque;
296
297 if (!running)
298 return;
299
300 if (!s->bh) {
301 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
302 qemu_bh_schedule(s->bh);
303 }
304 }
305
306 /* Return a pointer to the data buffer. */
307 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
308 {
309 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
310 SCSIDiskReq *r;
311
312 r = scsi_find_request(s, tag);
313 if (!r) {
314 BADF("Bad buffer tag 0x%x\n", tag);
315 return NULL;
316 }
317 return (uint8_t *)r->iov.iov_base;
318 }
319
320 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
321 {
322 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
323 int buflen = 0;
324
325 if (req->cmd.buf[1] & 0x2) {
326 /* Command support data - optional, not implemented */
327 BADF("optional INQUIRY command support request not implemented\n");
328 return -1;
329 }
330
331 if (req->cmd.buf[1] & 0x1) {
332 /* Vital product data */
333 uint8_t page_code = req->cmd.buf[2];
334 if (req->cmd.xfer < 4) {
335 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
336 "less than 4\n", page_code, req->cmd.xfer);
337 return -1;
338 }
339
340 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
341 outbuf[buflen++] = 5;
342 } else {
343 outbuf[buflen++] = 0;
344 }
345 outbuf[buflen++] = page_code ; // this page
346 outbuf[buflen++] = 0x00;
347
348 switch (page_code) {
349 case 0x00: /* Supported page codes, mandatory */
350 DPRINTF("Inquiry EVPD[Supported pages] "
351 "buffer size %zd\n", req->cmd.xfer);
352 outbuf[buflen++] = 4; // number of pages
353 outbuf[buflen++] = 0x00; // list of supported pages (this page)
354 outbuf[buflen++] = 0x80; // unit serial number
355 outbuf[buflen++] = 0x83; // device identification
356 outbuf[buflen++] = 0xb0; // block device characteristics
357 break;
358
359 case 0x80: /* Device serial number, optional */
360 {
361 const char *serial = req->dev->conf.dinfo->serial ?
362 req->dev->conf.dinfo->serial : "0";
363 int l = strlen(serial);
364
365 if (l > req->cmd.xfer)
366 l = req->cmd.xfer;
367 if (l > 20)
368 l = 20;
369
370 DPRINTF("Inquiry EVPD[Serial number] "
371 "buffer size %zd\n", req->cmd.xfer);
372 outbuf[buflen++] = l;
373 memcpy(outbuf+buflen, serial, l);
374 buflen += l;
375 break;
376 }
377
378 case 0x83: /* Device identification page, mandatory */
379 {
380 int max_len = 255 - 8;
381 int id_len = strlen(bdrv_get_device_name(s->bs));
382
383 if (id_len > max_len)
384 id_len = max_len;
385 DPRINTF("Inquiry EVPD[Device identification] "
386 "buffer size %zd\n", req->cmd.xfer);
387
388 outbuf[buflen++] = 3 + id_len;
389 outbuf[buflen++] = 0x2; // ASCII
390 outbuf[buflen++] = 0; // not officially assigned
391 outbuf[buflen++] = 0; // reserved
392 outbuf[buflen++] = id_len; // length of data following
393
394 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
395 buflen += id_len;
396 break;
397 }
398 case 0xb0: /* block device characteristics */
399 {
400 unsigned int min_io_size = s->qdev.conf.min_io_size >> 9;
401 unsigned int opt_io_size = s->qdev.conf.opt_io_size >> 9;
402
403 /* required VPD size with unmap support */
404 outbuf[3] = buflen = 0x3c;
405
406 memset(outbuf + 4, 0, buflen - 4);
407
408 /* optimal transfer length granularity */
409 outbuf[6] = (min_io_size >> 8) & 0xff;
410 outbuf[7] = min_io_size & 0xff;
411
412 /* optimal transfer length */
413 outbuf[12] = (opt_io_size >> 24) & 0xff;
414 outbuf[13] = (opt_io_size >> 16) & 0xff;
415 outbuf[14] = (opt_io_size >> 8) & 0xff;
416 outbuf[15] = opt_io_size & 0xff;
417 break;
418 }
419 default:
420 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
421 "buffer size %zd\n", page_code, req->cmd.xfer);
422 return -1;
423 }
424 /* done with EVPD */
425 return buflen;
426 }
427
428 /* Standard INQUIRY data */
429 if (req->cmd.buf[2] != 0) {
430 BADF("Error: Inquiry (STANDARD) page or code "
431 "is non-zero [%02X]\n", req->cmd.buf[2]);
432 return -1;
433 }
434
435 /* PAGE CODE == 0 */
436 if (req->cmd.xfer < 5) {
437 BADF("Error: Inquiry (STANDARD) buffer size %zd "
438 "is less than 5\n", req->cmd.xfer);
439 return -1;
440 }
441
442 buflen = req->cmd.xfer;
443 if (buflen > SCSI_MAX_INQUIRY_LEN)
444 buflen = SCSI_MAX_INQUIRY_LEN;
445
446 memset(outbuf, 0, buflen);
447
448 if (req->lun || req->cmd.buf[1] >> 5) {
449 outbuf[0] = 0x7f; /* LUN not supported */
450 return buflen;
451 }
452
453 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
454 outbuf[0] = 5;
455 outbuf[1] = 0x80;
456 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
457 } else {
458 outbuf[0] = 0;
459 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
460 }
461 memcpy(&outbuf[8], "QEMU ", 8);
462 memcpy(&outbuf[32], s->version ? s->version : QEMU_VERSION, 4);
463 /*
464 * We claim conformance to SPC-3, which is required for guests
465 * to ask for modern features like READ CAPACITY(16) or the
466 * block characteristics VPD page by default. Not all of SPC-3
467 * is actually implemented, but we're good enough.
468 */
469 outbuf[2] = 5;
470 outbuf[3] = 2; /* Format 2 */
471
472 if (buflen > 36) {
473 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
474 } else {
475 /* If the allocation length of CDB is too small,
476 the additional length is not adjusted */
477 outbuf[4] = 36 - 5;
478 }
479
480 /* Sync data transfer and TCQ. */
481 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
482 return buflen;
483 }
484
485 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
486 {
487 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
488 BlockDriverState *bdrv = s->bs;
489 int cylinders, heads, secs;
490
491 switch (page) {
492 case 4: /* Rigid disk device geometry page. */
493 p[0] = 4;
494 p[1] = 0x16;
495 /* if a geometry hint is available, use it */
496 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
497 p[2] = (cylinders >> 16) & 0xff;
498 p[3] = (cylinders >> 8) & 0xff;
499 p[4] = cylinders & 0xff;
500 p[5] = heads & 0xff;
501 /* Write precomp start cylinder, disabled */
502 p[6] = (cylinders >> 16) & 0xff;
503 p[7] = (cylinders >> 8) & 0xff;
504 p[8] = cylinders & 0xff;
505 /* Reduced current start cylinder, disabled */
506 p[9] = (cylinders >> 16) & 0xff;
507 p[10] = (cylinders >> 8) & 0xff;
508 p[11] = cylinders & 0xff;
509 /* Device step rate [ns], 200ns */
510 p[12] = 0;
511 p[13] = 200;
512 /* Landing zone cylinder */
513 p[14] = 0xff;
514 p[15] = 0xff;
515 p[16] = 0xff;
516 /* Medium rotation rate [rpm], 5400 rpm */
517 p[20] = (5400 >> 8) & 0xff;
518 p[21] = 5400 & 0xff;
519 return 0x16;
520
521 case 5: /* Flexible disk device geometry page. */
522 p[0] = 5;
523 p[1] = 0x1e;
524 /* Transfer rate [kbit/s], 5Mbit/s */
525 p[2] = 5000 >> 8;
526 p[3] = 5000 & 0xff;
527 /* if a geometry hint is available, use it */
528 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
529 p[4] = heads & 0xff;
530 p[5] = secs & 0xff;
531 p[6] = s->cluster_size * 2;
532 p[8] = (cylinders >> 8) & 0xff;
533 p[9] = cylinders & 0xff;
534 /* Write precomp start cylinder, disabled */
535 p[10] = (cylinders >> 8) & 0xff;
536 p[11] = cylinders & 0xff;
537 /* Reduced current start cylinder, disabled */
538 p[12] = (cylinders >> 8) & 0xff;
539 p[13] = cylinders & 0xff;
540 /* Device step rate [100us], 100us */
541 p[14] = 0;
542 p[15] = 1;
543 /* Device step pulse width [us], 1us */
544 p[16] = 1;
545 /* Device head settle delay [100us], 100us */
546 p[17] = 0;
547 p[18] = 1;
548 /* Motor on delay [0.1s], 0.1s */
549 p[19] = 1;
550 /* Motor off delay [0.1s], 0.1s */
551 p[20] = 1;
552 /* Medium rotation rate [rpm], 5400 rpm */
553 p[28] = (5400 >> 8) & 0xff;
554 p[29] = 5400 & 0xff;
555 return 0x1e;
556
557 case 8: /* Caching page. */
558 p[0] = 8;
559 p[1] = 0x12;
560 if (bdrv_enable_write_cache(s->bs)) {
561 p[2] = 4; /* WCE */
562 }
563 return 20;
564
565 case 0x2a: /* CD Capabilities and Mechanical Status page. */
566 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
567 return 0;
568 p[0] = 0x2a;
569 p[1] = 0x14;
570 p[2] = 3; // CD-R & CD-RW read
571 p[3] = 0; // Writing not supported
572 p[4] = 0x7f; /* Audio, composite, digital out,
573 mode 2 form 1&2, multi session */
574 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
575 RW corrected, C2 errors, ISRC,
576 UPC, Bar code */
577 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
578 /* Locking supported, jumper present, eject, tray */
579 p[7] = 0; /* no volume & mute control, no
580 changer */
581 p[8] = (50 * 176) >> 8; // 50x read speed
582 p[9] = (50 * 176) & 0xff;
583 p[10] = 0 >> 8; // No volume
584 p[11] = 0 & 0xff;
585 p[12] = 2048 >> 8; // 2M buffer
586 p[13] = 2048 & 0xff;
587 p[14] = (16 * 176) >> 8; // 16x read speed current
588 p[15] = (16 * 176) & 0xff;
589 p[18] = (16 * 176) >> 8; // 16x write speed
590 p[19] = (16 * 176) & 0xff;
591 p[20] = (16 * 176) >> 8; // 16x write speed current
592 p[21] = (16 * 176) & 0xff;
593 return 22;
594
595 default:
596 return 0;
597 }
598 }
599
600 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
601 {
602 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
603 uint64_t nb_sectors;
604 int page, dbd, buflen;
605 uint8_t *p;
606
607 dbd = req->cmd.buf[1] & 0x8;
608 page = req->cmd.buf[2] & 0x3f;
609 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
610 memset(outbuf, 0, req->cmd.xfer);
611 p = outbuf;
612
613 p[1] = 0; /* Default media type. */
614 p[3] = 0; /* Block descriptor length. */
615 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM ||
616 bdrv_is_read_only(s->bs)) {
617 p[2] = 0x80; /* Readonly. */
618 }
619 p += 4;
620
621 bdrv_get_geometry(s->bs, &nb_sectors);
622 if ((~dbd) & nb_sectors) {
623 outbuf[3] = 8; /* Block descriptor length */
624 nb_sectors /= s->cluster_size;
625 nb_sectors--;
626 if (nb_sectors > 0xffffff)
627 nb_sectors = 0xffffff;
628 p[0] = 0; /* media density code */
629 p[1] = (nb_sectors >> 16) & 0xff;
630 p[2] = (nb_sectors >> 8) & 0xff;
631 p[3] = nb_sectors & 0xff;
632 p[4] = 0; /* reserved */
633 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
634 p[6] = s->cluster_size * 2;
635 p[7] = 0;
636 p += 8;
637 }
638
639 switch (page) {
640 case 0x04:
641 case 0x05:
642 case 0x08:
643 case 0x2a:
644 p += mode_sense_page(req, page, p);
645 break;
646 case 0x3f:
647 p += mode_sense_page(req, 0x08, p);
648 p += mode_sense_page(req, 0x2a, p);
649 break;
650 }
651
652 buflen = p - outbuf;
653 outbuf[0] = buflen - 4;
654 if (buflen > req->cmd.xfer)
655 buflen = req->cmd.xfer;
656 return buflen;
657 }
658
659 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
660 {
661 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
662 int start_track, format, msf, toclen;
663 uint64_t nb_sectors;
664
665 msf = req->cmd.buf[1] & 2;
666 format = req->cmd.buf[2] & 0xf;
667 start_track = req->cmd.buf[6];
668 bdrv_get_geometry(s->bs, &nb_sectors);
669 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
670 nb_sectors /= s->cluster_size;
671 switch (format) {
672 case 0:
673 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
674 break;
675 case 1:
676 /* multi session : only a single session defined */
677 toclen = 12;
678 memset(outbuf, 0, 12);
679 outbuf[1] = 0x0a;
680 outbuf[2] = 0x01;
681 outbuf[3] = 0x01;
682 break;
683 case 2:
684 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
685 break;
686 default:
687 return -1;
688 }
689 if (toclen > req->cmd.xfer)
690 toclen = req->cmd.xfer;
691 return toclen;
692 }
693
694 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
695 {
696 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
697 uint64_t nb_sectors;
698 int buflen = 0;
699
700 switch (req->cmd.buf[0]) {
701 case TEST_UNIT_READY:
702 if (!bdrv_is_inserted(s->bs))
703 goto not_ready;
704 break;
705 case REQUEST_SENSE:
706 if (req->cmd.xfer < 4)
707 goto illegal_request;
708 memset(outbuf, 0, 4);
709 buflen = 4;
710 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
711 memset(outbuf, 0, 18);
712 buflen = 18;
713 outbuf[7] = 10;
714 /* asc 0x3a, ascq 0: Medium not present */
715 outbuf[12] = 0x3a;
716 outbuf[13] = 0;
717 }
718 outbuf[0] = 0xf0;
719 outbuf[1] = 0;
720 outbuf[2] = req->dev->sense.key;
721 scsi_dev_clear_sense(req->dev);
722 break;
723 case INQUIRY:
724 buflen = scsi_disk_emulate_inquiry(req, outbuf);
725 if (buflen < 0)
726 goto illegal_request;
727 break;
728 case MODE_SENSE:
729 case MODE_SENSE_10:
730 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
731 if (buflen < 0)
732 goto illegal_request;
733 break;
734 case READ_TOC:
735 buflen = scsi_disk_emulate_read_toc(req, outbuf);
736 if (buflen < 0)
737 goto illegal_request;
738 break;
739 case RESERVE:
740 if (req->cmd.buf[1] & 1)
741 goto illegal_request;
742 break;
743 case RESERVE_10:
744 if (req->cmd.buf[1] & 3)
745 goto illegal_request;
746 break;
747 case RELEASE:
748 if (req->cmd.buf[1] & 1)
749 goto illegal_request;
750 break;
751 case RELEASE_10:
752 if (req->cmd.buf[1] & 3)
753 goto illegal_request;
754 break;
755 case START_STOP:
756 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
757 /* load/eject medium */
758 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
759 }
760 break;
761 case ALLOW_MEDIUM_REMOVAL:
762 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
763 break;
764 case READ_CAPACITY:
765 /* The normal LEN field for this command is zero. */
766 memset(outbuf, 0, 8);
767 bdrv_get_geometry(s->bs, &nb_sectors);
768 if (!nb_sectors)
769 goto not_ready;
770 nb_sectors /= s->cluster_size;
771 /* Returned value is the address of the last sector. */
772 nb_sectors--;
773 /* Remember the new size for read/write sanity checking. */
774 s->max_lba = nb_sectors;
775 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
776 if (nb_sectors > UINT32_MAX)
777 nb_sectors = UINT32_MAX;
778 outbuf[0] = (nb_sectors >> 24) & 0xff;
779 outbuf[1] = (nb_sectors >> 16) & 0xff;
780 outbuf[2] = (nb_sectors >> 8) & 0xff;
781 outbuf[3] = nb_sectors & 0xff;
782 outbuf[4] = 0;
783 outbuf[5] = 0;
784 outbuf[6] = s->cluster_size * 2;
785 outbuf[7] = 0;
786 buflen = 8;
787 break;
788 case SYNCHRONIZE_CACHE:
789 bdrv_flush(s->bs);
790 break;
791 case GET_CONFIGURATION:
792 memset(outbuf, 0, 8);
793 /* ??? This should probably return much more information. For now
794 just return the basic header indicating the CD-ROM profile. */
795 outbuf[7] = 8; // CD-ROM
796 buflen = 8;
797 break;
798 case SERVICE_ACTION_IN:
799 /* Service Action In subcommands. */
800 if ((req->cmd.buf[1] & 31) == 0x10) {
801 DPRINTF("SAI READ CAPACITY(16)\n");
802 memset(outbuf, 0, req->cmd.xfer);
803 bdrv_get_geometry(s->bs, &nb_sectors);
804 if (!nb_sectors)
805 goto not_ready;
806 nb_sectors /= s->cluster_size;
807 /* Returned value is the address of the last sector. */
808 nb_sectors--;
809 /* Remember the new size for read/write sanity checking. */
810 s->max_lba = nb_sectors;
811 outbuf[0] = (nb_sectors >> 56) & 0xff;
812 outbuf[1] = (nb_sectors >> 48) & 0xff;
813 outbuf[2] = (nb_sectors >> 40) & 0xff;
814 outbuf[3] = (nb_sectors >> 32) & 0xff;
815 outbuf[4] = (nb_sectors >> 24) & 0xff;
816 outbuf[5] = (nb_sectors >> 16) & 0xff;
817 outbuf[6] = (nb_sectors >> 8) & 0xff;
818 outbuf[7] = nb_sectors & 0xff;
819 outbuf[8] = 0;
820 outbuf[9] = 0;
821 outbuf[10] = s->cluster_size * 2;
822 outbuf[11] = 0;
823 outbuf[12] = 0;
824 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
825 /* Protection, exponent and lowest lba field left blank. */
826 buflen = req->cmd.xfer;
827 break;
828 }
829 DPRINTF("Unsupported Service Action In\n");
830 goto illegal_request;
831 case REPORT_LUNS:
832 if (req->cmd.xfer < 16)
833 goto illegal_request;
834 memset(outbuf, 0, 16);
835 outbuf[3] = 8;
836 buflen = 16;
837 break;
838 case VERIFY:
839 break;
840 default:
841 goto illegal_request;
842 }
843 scsi_req_set_status(req, GOOD, NO_SENSE);
844 return buflen;
845
846 not_ready:
847 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
848 return 0;
849
850 illegal_request:
851 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
852 return 0;
853 }
854
855 /* Execute a scsi command. Returns the length of the data expected by the
856 command. This will be Positive for data transfers from the device
857 (eg. disk reads), negative for transfers to the device (eg. disk writes),
858 and zero if the command does not transfer any data. */
859
860 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
861 uint8_t *buf, int lun)
862 {
863 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
864 uint64_t lba;
865 uint32_t len;
866 int cmdlen;
867 int is_write;
868 uint8_t command;
869 uint8_t *outbuf;
870 SCSIDiskReq *r;
871 int rc;
872
873 command = buf[0];
874 r = scsi_find_request(s, tag);
875 if (r) {
876 BADF("Tag 0x%x already in use\n", tag);
877 scsi_cancel_io(d, tag);
878 }
879 /* ??? Tags are not unique for different luns. We only implement a
880 single lun, so this should not matter. */
881 r = scsi_new_request(d, tag, lun);
882 outbuf = (uint8_t *)r->iov.iov_base;
883 is_write = 0;
884 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
885 switch (command >> 5) {
886 case 0:
887 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
888 (((uint64_t) buf[1] & 0x1f) << 16);
889 len = buf[4];
890 cmdlen = 6;
891 break;
892 case 1:
893 case 2:
894 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
895 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
896 len = buf[8] | (buf[7] << 8);
897 cmdlen = 10;
898 break;
899 case 4:
900 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
901 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
902 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
903 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
904 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
905 cmdlen = 16;
906 break;
907 case 5:
908 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
909 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
910 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
911 cmdlen = 12;
912 break;
913 default:
914 BADF("Unsupported command length, command %x\n", command);
915 goto fail;
916 }
917 #ifdef DEBUG_SCSI
918 {
919 int i;
920 for (i = 1; i < cmdlen; i++) {
921 printf(" 0x%02x", buf[i]);
922 }
923 printf("\n");
924 }
925 #endif
926
927 if (scsi_req_parse(&r->req, buf) != 0) {
928 BADF("Unsupported command length, command %x\n", command);
929 goto fail;
930 }
931 assert(r->req.cmd.len == cmdlen);
932 assert(r->req.cmd.lba == lba);
933
934 if (lun || buf[1] >> 5) {
935 /* Only LUN 0 supported. */
936 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
937 if (command != REQUEST_SENSE && command != INQUIRY)
938 goto fail;
939 }
940 switch (command) {
941 case TEST_UNIT_READY:
942 case REQUEST_SENSE:
943 case INQUIRY:
944 case MODE_SENSE:
945 case MODE_SENSE_10:
946 case RESERVE:
947 case RESERVE_10:
948 case RELEASE:
949 case RELEASE_10:
950 case START_STOP:
951 case ALLOW_MEDIUM_REMOVAL:
952 case READ_CAPACITY:
953 case SYNCHRONIZE_CACHE:
954 case READ_TOC:
955 case GET_CONFIGURATION:
956 case SERVICE_ACTION_IN:
957 case REPORT_LUNS:
958 case VERIFY:
959 rc = scsi_disk_emulate_command(&r->req, outbuf);
960 if (rc > 0) {
961 r->iov.iov_len = rc;
962 } else {
963 scsi_req_complete(&r->req);
964 scsi_remove_request(r);
965 return 0;
966 }
967 break;
968 case READ_6:
969 case READ_10:
970 case READ_12:
971 case READ_16:
972 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
973 if (lba > s->max_lba)
974 goto illegal_lba;
975 r->sector = lba * s->cluster_size;
976 r->sector_count = len * s->cluster_size;
977 break;
978 case WRITE_6:
979 case WRITE_10:
980 case WRITE_12:
981 case WRITE_16:
982 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
983 if (lba > s->max_lba)
984 goto illegal_lba;
985 r->sector = lba * s->cluster_size;
986 r->sector_count = len * s->cluster_size;
987 is_write = 1;
988 break;
989 default:
990 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
991 fail:
992 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
993 return 0;
994 illegal_lba:
995 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
996 return 0;
997 }
998 if (r->sector_count == 0 && r->iov.iov_len == 0) {
999 scsi_command_complete(r, GOOD, NO_SENSE);
1000 }
1001 len = r->sector_count * 512 + r->iov.iov_len;
1002 if (is_write) {
1003 return -len;
1004 } else {
1005 if (!r->sector_count)
1006 r->sector_count = -1;
1007 return len;
1008 }
1009 }
1010
1011 static void scsi_destroy(SCSIDevice *dev)
1012 {
1013 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1014 SCSIDiskReq *r;
1015
1016 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1017 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1018 scsi_remove_request(r);
1019 }
1020 drive_uninit(s->qdev.conf.dinfo);
1021 }
1022
1023 static int scsi_disk_initfn(SCSIDevice *dev)
1024 {
1025 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1026 uint64_t nb_sectors;
1027
1028 if (!s->qdev.conf.dinfo || !s->qdev.conf.dinfo->bdrv) {
1029 qemu_error("scsi-disk: drive property not set\n");
1030 return -1;
1031 }
1032 s->bs = s->qdev.conf.dinfo->bdrv;
1033
1034 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
1035 s->cluster_size = 4;
1036 } else {
1037 s->cluster_size = 1;
1038 }
1039 s->qdev.blocksize = 512 * s->cluster_size;
1040 s->qdev.type = TYPE_DISK;
1041 bdrv_get_geometry(s->bs, &nb_sectors);
1042 nb_sectors /= s->cluster_size;
1043 if (nb_sectors)
1044 nb_sectors--;
1045 s->max_lba = nb_sectors;
1046 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1047 return 0;
1048 }
1049
1050 static SCSIDeviceInfo scsi_disk_info = {
1051 .qdev.name = "scsi-disk",
1052 .qdev.desc = "virtual scsi disk or cdrom",
1053 .qdev.size = sizeof(SCSIDiskState),
1054 .init = scsi_disk_initfn,
1055 .destroy = scsi_destroy,
1056 .send_command = scsi_send_command,
1057 .read_data = scsi_read_data,
1058 .write_data = scsi_write_data,
1059 .cancel_io = scsi_cancel_io,
1060 .get_buf = scsi_get_buf,
1061 .qdev.props = (Property[]) {
1062 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1063 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1064 DEFINE_PROP_END_OF_LIST(),
1065 },
1066 };
1067
1068 static void scsi_disk_register_devices(void)
1069 {
1070 scsi_qdev_register(&scsi_disk_info);
1071 }
1072 device_init(scsi_disk_register_devices)
Qemu copy for testing