]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi-disk: Implement rerror option
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48
49 typedef struct SCSIDiskState SCSIDiskState;
50
51 typedef struct SCSIDiskReq {
52 SCSIRequest req;
53 /* ??? We should probably keep track of whether the data transfer is
54 a read or a write. Currently we rely on the host getting it right. */
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 struct iovec iov;
59 QEMUIOVector qiov;
60 uint32_t status;
61 } SCSIDiskReq;
62
63 struct SCSIDiskState
64 {
65 SCSIDevice qdev;
66 BlockDriverState *bs;
67 /* The qemu block layer uses a fixed 512 byte sector size.
68 This is the number of 512 byte blocks in a single scsi sector. */
69 int cluster_size;
70 uint64_t max_lba;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 };
75
76 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
77
78 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
79 uint32_t lun)
80 {
81 SCSIRequest *req;
82 SCSIDiskReq *r;
83
84 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
85 r = DO_UPCAST(SCSIDiskReq, req, req);
86 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
87 return r;
88 }
89
90 static void scsi_remove_request(SCSIDiskReq *r)
91 {
92 qemu_vfree(r->iov.iov_base);
93 scsi_req_free(&r->req);
94 }
95
96 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
97 {
98 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
99 }
100
101 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
102 {
103 req->status = status;
104 scsi_dev_set_sense(req->dev, sense_code);
105 }
106
107 /* Helper function for command completion. */
108 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
109 {
110 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
111 r->req.tag, status, sense);
112 scsi_req_set_status(&r->req, status, sense);
113 scsi_req_complete(&r->req);
114 scsi_remove_request(r);
115 }
116
117 /* Cancel a pending data transfer. */
118 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
119 {
120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
121 SCSIDiskReq *r;
122 DPRINTF("Cancel tag=0x%x\n", tag);
123 r = scsi_find_request(s, tag);
124 if (r) {
125 if (r->req.aiocb)
126 bdrv_aio_cancel(r->req.aiocb);
127 r->req.aiocb = NULL;
128 scsi_remove_request(r);
129 }
130 }
131
132 static void scsi_read_complete(void * opaque, int ret)
133 {
134 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
135 int n;
136
137 r->req.aiocb = NULL;
138
139 if (ret) {
140 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
141 return;
142 }
143 }
144
145 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
146
147 n = r->iov.iov_len / 512;
148 r->sector += n;
149 r->sector_count -= n;
150 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
151 }
152
153
154 static void scsi_read_request(SCSIDiskReq *r)
155 {
156 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
157 uint32_t n;
158
159 if (r->sector_count == (uint32_t)-1) {
160 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
161 r->sector_count = 0;
162 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
163 return;
164 }
165 DPRINTF("Read sector_count=%d\n", r->sector_count);
166 if (r->sector_count == 0) {
167 scsi_command_complete(r, GOOD, NO_SENSE);
168 return;
169 }
170
171 n = r->sector_count;
172 if (n > SCSI_DMA_BUF_SIZE / 512)
173 n = SCSI_DMA_BUF_SIZE / 512;
174
175 r->iov.iov_len = n * 512;
176 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
177 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
178 scsi_read_complete, r);
179 if (r->req.aiocb == NULL)
180 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
181 }
182
183 /* Read more data from scsi device into buffer. */
184 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
185 {
186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
187 SCSIDiskReq *r;
188
189 r = scsi_find_request(s, tag);
190 if (!r) {
191 BADF("Bad read tag 0x%x\n", tag);
192 /* ??? This is the wrong error. */
193 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
194 return;
195 }
196
197 /* No data transfer may already be in progress */
198 assert(r->req.aiocb == NULL);
199
200 scsi_read_request(r);
201 }
202
203 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
204 {
205 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
208
209 if (action == BLOCK_ERR_IGNORE) {
210 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
211 return 0;
212 }
213
214 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
215 || action == BLOCK_ERR_STOP_ANY) {
216
217 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
218 r->status |= SCSI_REQ_STATUS_RETRY | type;
219
220 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
221 vm_stop(0);
222 } else {
223 if (type == SCSI_REQ_STATUS_RETRY_READ) {
224 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
225 }
226 scsi_command_complete(r, CHECK_CONDITION,
227 HARDWARE_ERROR);
228 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
229 }
230
231 return 1;
232 }
233
234 static void scsi_write_complete(void * opaque, int ret)
235 {
236 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
237 uint32_t len;
238 uint32_t n;
239
240 r->req.aiocb = NULL;
241
242 if (ret) {
243 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
244 return;
245 }
246 }
247
248 n = r->iov.iov_len / 512;
249 r->sector += n;
250 r->sector_count -= n;
251 if (r->sector_count == 0) {
252 scsi_command_complete(r, GOOD, NO_SENSE);
253 } else {
254 len = r->sector_count * 512;
255 if (len > SCSI_DMA_BUF_SIZE) {
256 len = SCSI_DMA_BUF_SIZE;
257 }
258 r->iov.iov_len = len;
259 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
260 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
261 }
262 }
263
264 static void scsi_write_request(SCSIDiskReq *r)
265 {
266 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
267 uint32_t n;
268
269 n = r->iov.iov_len / 512;
270 if (n) {
271 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
272 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
273 scsi_write_complete, r);
274 if (r->req.aiocb == NULL)
275 scsi_command_complete(r, CHECK_CONDITION,
276 HARDWARE_ERROR);
277 } else {
278 /* Invoke completion routine to fetch data from host. */
279 scsi_write_complete(r, 0);
280 }
281 }
282
283 /* Write data to a scsi device. Returns nonzero on failure.
284 The transfer may complete asynchronously. */
285 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
286 {
287 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
288 SCSIDiskReq *r;
289
290 DPRINTF("Write data tag=0x%x\n", tag);
291 r = scsi_find_request(s, tag);
292 if (!r) {
293 BADF("Bad write tag 0x%x\n", tag);
294 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
295 return 1;
296 }
297
298 /* No data transfer may already be in progress */
299 assert(r->req.aiocb == NULL);
300
301 scsi_write_request(r);
302
303 return 0;
304 }
305
306 static void scsi_dma_restart_bh(void *opaque)
307 {
308 SCSIDiskState *s = opaque;
309 SCSIRequest *req;
310 SCSIDiskReq *r;
311
312 qemu_bh_delete(s->bh);
313 s->bh = NULL;
314
315 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
316 r = DO_UPCAST(SCSIDiskReq, req, req);
317 if (r->status & SCSI_REQ_STATUS_RETRY) {
318 int status = r->status;
319 r->status &=
320 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
321
322 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
323 case SCSI_REQ_STATUS_RETRY_READ:
324 scsi_read_request(r);
325 break;
326 case SCSI_REQ_STATUS_RETRY_WRITE:
327 scsi_write_request(r);
328 break;
329 }
330 }
331 }
332 }
333
334 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
335 {
336 SCSIDiskState *s = opaque;
337
338 if (!running)
339 return;
340
341 if (!s->bh) {
342 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
343 qemu_bh_schedule(s->bh);
344 }
345 }
346
347 /* Return a pointer to the data buffer. */
348 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
349 {
350 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
351 SCSIDiskReq *r;
352
353 r = scsi_find_request(s, tag);
354 if (!r) {
355 BADF("Bad buffer tag 0x%x\n", tag);
356 return NULL;
357 }
358 return (uint8_t *)r->iov.iov_base;
359 }
360
361 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
362 {
363 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
364 int buflen = 0;
365
366 if (req->cmd.buf[1] & 0x2) {
367 /* Command support data - optional, not implemented */
368 BADF("optional INQUIRY command support request not implemented\n");
369 return -1;
370 }
371
372 if (req->cmd.buf[1] & 0x1) {
373 /* Vital product data */
374 uint8_t page_code = req->cmd.buf[2];
375 if (req->cmd.xfer < 4) {
376 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
377 "less than 4\n", page_code, req->cmd.xfer);
378 return -1;
379 }
380
381 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
382 outbuf[buflen++] = 5;
383 } else {
384 outbuf[buflen++] = 0;
385 }
386 outbuf[buflen++] = page_code ; // this page
387 outbuf[buflen++] = 0x00;
388
389 switch (page_code) {
390 case 0x00: /* Supported page codes, mandatory */
391 DPRINTF("Inquiry EVPD[Supported pages] "
392 "buffer size %zd\n", req->cmd.xfer);
393 outbuf[buflen++] = 4; // number of pages
394 outbuf[buflen++] = 0x00; // list of supported pages (this page)
395 outbuf[buflen++] = 0x80; // unit serial number
396 outbuf[buflen++] = 0x83; // device identification
397 outbuf[buflen++] = 0xb0; // block device characteristics
398 break;
399
400 case 0x80: /* Device serial number, optional */
401 {
402 int l = strlen(s->serial);
403
404 if (l > req->cmd.xfer)
405 l = req->cmd.xfer;
406 if (l > 20)
407 l = 20;
408
409 DPRINTF("Inquiry EVPD[Serial number] "
410 "buffer size %zd\n", req->cmd.xfer);
411 outbuf[buflen++] = l;
412 memcpy(outbuf+buflen, s->serial, l);
413 buflen += l;
414 break;
415 }
416
417 case 0x83: /* Device identification page, mandatory */
418 {
419 int max_len = 255 - 8;
420 int id_len = strlen(bdrv_get_device_name(s->bs));
421
422 if (id_len > max_len)
423 id_len = max_len;
424 DPRINTF("Inquiry EVPD[Device identification] "
425 "buffer size %zd\n", req->cmd.xfer);
426
427 outbuf[buflen++] = 3 + id_len;
428 outbuf[buflen++] = 0x2; // ASCII
429 outbuf[buflen++] = 0; // not officially assigned
430 outbuf[buflen++] = 0; // reserved
431 outbuf[buflen++] = id_len; // length of data following
432
433 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
434 buflen += id_len;
435 break;
436 }
437 case 0xb0: /* block device characteristics */
438 {
439 unsigned int min_io_size =
440 s->qdev.conf.min_io_size / s->qdev.blocksize;
441 unsigned int opt_io_size =
442 s->qdev.conf.opt_io_size / s->qdev.blocksize;
443
444 /* required VPD size with unmap support */
445 outbuf[3] = buflen = 0x3c;
446
447 memset(outbuf + 4, 0, buflen - 4);
448
449 /* optimal transfer length granularity */
450 outbuf[6] = (min_io_size >> 8) & 0xff;
451 outbuf[7] = min_io_size & 0xff;
452
453 /* optimal transfer length */
454 outbuf[12] = (opt_io_size >> 24) & 0xff;
455 outbuf[13] = (opt_io_size >> 16) & 0xff;
456 outbuf[14] = (opt_io_size >> 8) & 0xff;
457 outbuf[15] = opt_io_size & 0xff;
458 break;
459 }
460 default:
461 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
462 "buffer size %zd\n", page_code, req->cmd.xfer);
463 return -1;
464 }
465 /* done with EVPD */
466 return buflen;
467 }
468
469 /* Standard INQUIRY data */
470 if (req->cmd.buf[2] != 0) {
471 BADF("Error: Inquiry (STANDARD) page or code "
472 "is non-zero [%02X]\n", req->cmd.buf[2]);
473 return -1;
474 }
475
476 /* PAGE CODE == 0 */
477 if (req->cmd.xfer < 5) {
478 BADF("Error: Inquiry (STANDARD) buffer size %zd "
479 "is less than 5\n", req->cmd.xfer);
480 return -1;
481 }
482
483 buflen = req->cmd.xfer;
484 if (buflen > SCSI_MAX_INQUIRY_LEN)
485 buflen = SCSI_MAX_INQUIRY_LEN;
486
487 memset(outbuf, 0, buflen);
488
489 if (req->lun || req->cmd.buf[1] >> 5) {
490 outbuf[0] = 0x7f; /* LUN not supported */
491 return buflen;
492 }
493
494 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
495 outbuf[0] = 5;
496 outbuf[1] = 0x80;
497 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
498 } else {
499 outbuf[0] = 0;
500 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
501 }
502 memcpy(&outbuf[8], "QEMU ", 8);
503 memset(&outbuf[32], 0, 4);
504 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
505 /*
506 * We claim conformance to SPC-3, which is required for guests
507 * to ask for modern features like READ CAPACITY(16) or the
508 * block characteristics VPD page by default. Not all of SPC-3
509 * is actually implemented, but we're good enough.
510 */
511 outbuf[2] = 5;
512 outbuf[3] = 2; /* Format 2 */
513
514 if (buflen > 36) {
515 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
516 } else {
517 /* If the allocation length of CDB is too small,
518 the additional length is not adjusted */
519 outbuf[4] = 36 - 5;
520 }
521
522 /* Sync data transfer and TCQ. */
523 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
524 return buflen;
525 }
526
527 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
528 int page_control)
529 {
530 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
531 BlockDriverState *bdrv = s->bs;
532 int cylinders, heads, secs;
533
534 /*
535 * If Changeable Values are requested, a mask denoting those mode parameters
536 * that are changeable shall be returned. As we currently don't support
537 * parameter changes via MODE_SELECT all bits are returned set to zero.
538 * The buffer was already menset to zero by the caller of this function.
539 */
540 switch (page) {
541 case 4: /* Rigid disk device geometry page. */
542 p[0] = 4;
543 p[1] = 0x16;
544 if (page_control == 1) { /* Changeable Values */
545 return p[1] + 2;
546 }
547 /* if a geometry hint is available, use it */
548 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
549 p[2] = (cylinders >> 16) & 0xff;
550 p[3] = (cylinders >> 8) & 0xff;
551 p[4] = cylinders & 0xff;
552 p[5] = heads & 0xff;
553 /* Write precomp start cylinder, disabled */
554 p[6] = (cylinders >> 16) & 0xff;
555 p[7] = (cylinders >> 8) & 0xff;
556 p[8] = cylinders & 0xff;
557 /* Reduced current start cylinder, disabled */
558 p[9] = (cylinders >> 16) & 0xff;
559 p[10] = (cylinders >> 8) & 0xff;
560 p[11] = cylinders & 0xff;
561 /* Device step rate [ns], 200ns */
562 p[12] = 0;
563 p[13] = 200;
564 /* Landing zone cylinder */
565 p[14] = 0xff;
566 p[15] = 0xff;
567 p[16] = 0xff;
568 /* Medium rotation rate [rpm], 5400 rpm */
569 p[20] = (5400 >> 8) & 0xff;
570 p[21] = 5400 & 0xff;
571 return p[1] + 2;
572
573 case 5: /* Flexible disk device geometry page. */
574 p[0] = 5;
575 p[1] = 0x1e;
576 if (page_control == 1) { /* Changeable Values */
577 return p[1] + 2;
578 }
579 /* Transfer rate [kbit/s], 5Mbit/s */
580 p[2] = 5000 >> 8;
581 p[3] = 5000 & 0xff;
582 /* if a geometry hint is available, use it */
583 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
584 p[4] = heads & 0xff;
585 p[5] = secs & 0xff;
586 p[6] = s->cluster_size * 2;
587 p[8] = (cylinders >> 8) & 0xff;
588 p[9] = cylinders & 0xff;
589 /* Write precomp start cylinder, disabled */
590 p[10] = (cylinders >> 8) & 0xff;
591 p[11] = cylinders & 0xff;
592 /* Reduced current start cylinder, disabled */
593 p[12] = (cylinders >> 8) & 0xff;
594 p[13] = cylinders & 0xff;
595 /* Device step rate [100us], 100us */
596 p[14] = 0;
597 p[15] = 1;
598 /* Device step pulse width [us], 1us */
599 p[16] = 1;
600 /* Device head settle delay [100us], 100us */
601 p[17] = 0;
602 p[18] = 1;
603 /* Motor on delay [0.1s], 0.1s */
604 p[19] = 1;
605 /* Motor off delay [0.1s], 0.1s */
606 p[20] = 1;
607 /* Medium rotation rate [rpm], 5400 rpm */
608 p[28] = (5400 >> 8) & 0xff;
609 p[29] = 5400 & 0xff;
610 return p[1] + 2;
611
612 case 8: /* Caching page. */
613 p[0] = 8;
614 p[1] = 0x12;
615 if (page_control == 1) { /* Changeable Values */
616 return p[1] + 2;
617 }
618 if (bdrv_enable_write_cache(s->bs)) {
619 p[2] = 4; /* WCE */
620 }
621 return p[1] + 2;
622
623 case 0x2a: /* CD Capabilities and Mechanical Status page. */
624 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
625 return 0;
626 p[0] = 0x2a;
627 p[1] = 0x14;
628 if (page_control == 1) { /* Changeable Values */
629 return p[1] + 2;
630 }
631 p[2] = 3; // CD-R & CD-RW read
632 p[3] = 0; // Writing not supported
633 p[4] = 0x7f; /* Audio, composite, digital out,
634 mode 2 form 1&2, multi session */
635 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
636 RW corrected, C2 errors, ISRC,
637 UPC, Bar code */
638 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
639 /* Locking supported, jumper present, eject, tray */
640 p[7] = 0; /* no volume & mute control, no
641 changer */
642 p[8] = (50 * 176) >> 8; // 50x read speed
643 p[9] = (50 * 176) & 0xff;
644 p[10] = 0 >> 8; // No volume
645 p[11] = 0 & 0xff;
646 p[12] = 2048 >> 8; // 2M buffer
647 p[13] = 2048 & 0xff;
648 p[14] = (16 * 176) >> 8; // 16x read speed current
649 p[15] = (16 * 176) & 0xff;
650 p[18] = (16 * 176) >> 8; // 16x write speed
651 p[19] = (16 * 176) & 0xff;
652 p[20] = (16 * 176) >> 8; // 16x write speed current
653 p[21] = (16 * 176) & 0xff;
654 return p[1] + 2;
655
656 default:
657 return 0;
658 }
659 }
660
661 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
662 {
663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
664 uint64_t nb_sectors;
665 int page, dbd, buflen, page_control;
666 uint8_t *p;
667 uint8_t dev_specific_param;
668
669 dbd = req->cmd.buf[1] & 0x8;
670 page = req->cmd.buf[2] & 0x3f;
671 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
672 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
673 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
674 memset(outbuf, 0, req->cmd.xfer);
675 p = outbuf;
676
677 if (bdrv_is_read_only(s->bs)) {
678 dev_specific_param = 0x80; /* Readonly. */
679 } else {
680 dev_specific_param = 0x00;
681 }
682
683 if (req->cmd.buf[0] == MODE_SENSE) {
684 p[1] = 0; /* Default media type. */
685 p[2] = dev_specific_param;
686 p[3] = 0; /* Block descriptor length. */
687 p += 4;
688 } else { /* MODE_SENSE_10 */
689 p[2] = 0; /* Default media type. */
690 p[3] = dev_specific_param;
691 p[6] = p[7] = 0; /* Block descriptor length. */
692 p += 8;
693 }
694
695 bdrv_get_geometry(s->bs, &nb_sectors);
696 if (!dbd && nb_sectors) {
697 if (req->cmd.buf[0] == MODE_SENSE) {
698 outbuf[3] = 8; /* Block descriptor length */
699 } else { /* MODE_SENSE_10 */
700 outbuf[7] = 8; /* Block descriptor length */
701 }
702 nb_sectors /= s->cluster_size;
703 if (nb_sectors > 0xffffff)
704 nb_sectors = 0;
705 p[0] = 0; /* media density code */
706 p[1] = (nb_sectors >> 16) & 0xff;
707 p[2] = (nb_sectors >> 8) & 0xff;
708 p[3] = nb_sectors & 0xff;
709 p[4] = 0; /* reserved */
710 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
711 p[6] = s->cluster_size * 2;
712 p[7] = 0;
713 p += 8;
714 }
715
716 if (page_control == 3) { /* Saved Values */
717 return -1; /* ILLEGAL_REQUEST */
718 }
719
720 switch (page) {
721 case 0x04:
722 case 0x05:
723 case 0x08:
724 case 0x2a:
725 p += mode_sense_page(req, page, p, page_control);
726 break;
727 case 0x3f:
728 p += mode_sense_page(req, 0x08, p, page_control);
729 p += mode_sense_page(req, 0x2a, p, page_control);
730 break;
731 default:
732 return -1; /* ILLEGAL_REQUEST */
733 }
734
735 buflen = p - outbuf;
736 /*
737 * The mode data length field specifies the length in bytes of the
738 * following data that is available to be transferred. The mode data
739 * length does not include itself.
740 */
741 if (req->cmd.buf[0] == MODE_SENSE) {
742 outbuf[0] = buflen - 1;
743 } else { /* MODE_SENSE_10 */
744 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
745 outbuf[1] = (buflen - 2) & 0xff;
746 }
747 if (buflen > req->cmd.xfer)
748 buflen = req->cmd.xfer;
749 return buflen;
750 }
751
752 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
753 {
754 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
755 int start_track, format, msf, toclen;
756 uint64_t nb_sectors;
757
758 msf = req->cmd.buf[1] & 2;
759 format = req->cmd.buf[2] & 0xf;
760 start_track = req->cmd.buf[6];
761 bdrv_get_geometry(s->bs, &nb_sectors);
762 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
763 nb_sectors /= s->cluster_size;
764 switch (format) {
765 case 0:
766 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
767 break;
768 case 1:
769 /* multi session : only a single session defined */
770 toclen = 12;
771 memset(outbuf, 0, 12);
772 outbuf[1] = 0x0a;
773 outbuf[2] = 0x01;
774 outbuf[3] = 0x01;
775 break;
776 case 2:
777 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
778 break;
779 default:
780 return -1;
781 }
782 if (toclen > req->cmd.xfer)
783 toclen = req->cmd.xfer;
784 return toclen;
785 }
786
787 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
788 {
789 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
790 uint64_t nb_sectors;
791 int buflen = 0;
792
793 switch (req->cmd.buf[0]) {
794 case TEST_UNIT_READY:
795 if (!bdrv_is_inserted(s->bs))
796 goto not_ready;
797 break;
798 case REQUEST_SENSE:
799 if (req->cmd.xfer < 4)
800 goto illegal_request;
801 memset(outbuf, 0, 4);
802 buflen = 4;
803 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
804 memset(outbuf, 0, 18);
805 buflen = 18;
806 outbuf[7] = 10;
807 /* asc 0x3a, ascq 0: Medium not present */
808 outbuf[12] = 0x3a;
809 outbuf[13] = 0;
810 }
811 outbuf[0] = 0xf0;
812 outbuf[1] = 0;
813 outbuf[2] = req->dev->sense.key;
814 scsi_dev_clear_sense(req->dev);
815 break;
816 case INQUIRY:
817 buflen = scsi_disk_emulate_inquiry(req, outbuf);
818 if (buflen < 0)
819 goto illegal_request;
820 break;
821 case MODE_SENSE:
822 case MODE_SENSE_10:
823 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
824 if (buflen < 0)
825 goto illegal_request;
826 break;
827 case READ_TOC:
828 buflen = scsi_disk_emulate_read_toc(req, outbuf);
829 if (buflen < 0)
830 goto illegal_request;
831 break;
832 case RESERVE:
833 if (req->cmd.buf[1] & 1)
834 goto illegal_request;
835 break;
836 case RESERVE_10:
837 if (req->cmd.buf[1] & 3)
838 goto illegal_request;
839 break;
840 case RELEASE:
841 if (req->cmd.buf[1] & 1)
842 goto illegal_request;
843 break;
844 case RELEASE_10:
845 if (req->cmd.buf[1] & 3)
846 goto illegal_request;
847 break;
848 case START_STOP:
849 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
850 /* load/eject medium */
851 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
852 }
853 break;
854 case ALLOW_MEDIUM_REMOVAL:
855 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
856 break;
857 case READ_CAPACITY:
858 /* The normal LEN field for this command is zero. */
859 memset(outbuf, 0, 8);
860 bdrv_get_geometry(s->bs, &nb_sectors);
861 if (!nb_sectors)
862 goto not_ready;
863 nb_sectors /= s->cluster_size;
864 /* Returned value is the address of the last sector. */
865 nb_sectors--;
866 /* Remember the new size for read/write sanity checking. */
867 s->max_lba = nb_sectors;
868 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
869 if (nb_sectors > UINT32_MAX)
870 nb_sectors = UINT32_MAX;
871 outbuf[0] = (nb_sectors >> 24) & 0xff;
872 outbuf[1] = (nb_sectors >> 16) & 0xff;
873 outbuf[2] = (nb_sectors >> 8) & 0xff;
874 outbuf[3] = nb_sectors & 0xff;
875 outbuf[4] = 0;
876 outbuf[5] = 0;
877 outbuf[6] = s->cluster_size * 2;
878 outbuf[7] = 0;
879 buflen = 8;
880 break;
881 case SYNCHRONIZE_CACHE:
882 bdrv_flush(s->bs);
883 break;
884 case GET_CONFIGURATION:
885 memset(outbuf, 0, 8);
886 /* ??? This should probably return much more information. For now
887 just return the basic header indicating the CD-ROM profile. */
888 outbuf[7] = 8; // CD-ROM
889 buflen = 8;
890 break;
891 case SERVICE_ACTION_IN:
892 /* Service Action In subcommands. */
893 if ((req->cmd.buf[1] & 31) == 0x10) {
894 DPRINTF("SAI READ CAPACITY(16)\n");
895 memset(outbuf, 0, req->cmd.xfer);
896 bdrv_get_geometry(s->bs, &nb_sectors);
897 if (!nb_sectors)
898 goto not_ready;
899 nb_sectors /= s->cluster_size;
900 /* Returned value is the address of the last sector. */
901 nb_sectors--;
902 /* Remember the new size for read/write sanity checking. */
903 s->max_lba = nb_sectors;
904 outbuf[0] = (nb_sectors >> 56) & 0xff;
905 outbuf[1] = (nb_sectors >> 48) & 0xff;
906 outbuf[2] = (nb_sectors >> 40) & 0xff;
907 outbuf[3] = (nb_sectors >> 32) & 0xff;
908 outbuf[4] = (nb_sectors >> 24) & 0xff;
909 outbuf[5] = (nb_sectors >> 16) & 0xff;
910 outbuf[6] = (nb_sectors >> 8) & 0xff;
911 outbuf[7] = nb_sectors & 0xff;
912 outbuf[8] = 0;
913 outbuf[9] = 0;
914 outbuf[10] = s->cluster_size * 2;
915 outbuf[11] = 0;
916 outbuf[12] = 0;
917 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
918 /* Protection, exponent and lowest lba field left blank. */
919 buflen = req->cmd.xfer;
920 break;
921 }
922 DPRINTF("Unsupported Service Action In\n");
923 goto illegal_request;
924 case REPORT_LUNS:
925 if (req->cmd.xfer < 16)
926 goto illegal_request;
927 memset(outbuf, 0, 16);
928 outbuf[3] = 8;
929 buflen = 16;
930 break;
931 case VERIFY:
932 break;
933 case REZERO_UNIT:
934 DPRINTF("Rezero Unit\n");
935 if (!bdrv_is_inserted(s->bs)) {
936 goto not_ready;
937 }
938 break;
939 default:
940 goto illegal_request;
941 }
942 scsi_req_set_status(req, GOOD, NO_SENSE);
943 return buflen;
944
945 not_ready:
946 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
947 return 0;
948
949 illegal_request:
950 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
951 return 0;
952 }
953
954 /* Execute a scsi command. Returns the length of the data expected by the
955 command. This will be Positive for data transfers from the device
956 (eg. disk reads), negative for transfers to the device (eg. disk writes),
957 and zero if the command does not transfer any data. */
958
959 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
960 uint8_t *buf, int lun)
961 {
962 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
963 uint64_t lba;
964 uint32_t len;
965 int cmdlen;
966 int is_write;
967 uint8_t command;
968 uint8_t *outbuf;
969 SCSIDiskReq *r;
970 int rc;
971
972 command = buf[0];
973 r = scsi_find_request(s, tag);
974 if (r) {
975 BADF("Tag 0x%x already in use\n", tag);
976 scsi_cancel_io(d, tag);
977 }
978 /* ??? Tags are not unique for different luns. We only implement a
979 single lun, so this should not matter. */
980 r = scsi_new_request(s, tag, lun);
981 outbuf = (uint8_t *)r->iov.iov_base;
982 is_write = 0;
983 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
984 switch (command >> 5) {
985 case 0:
986 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
987 (((uint64_t) buf[1] & 0x1f) << 16);
988 len = buf[4];
989 cmdlen = 6;
990 break;
991 case 1:
992 case 2:
993 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
994 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
995 len = buf[8] | (buf[7] << 8);
996 cmdlen = 10;
997 break;
998 case 4:
999 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
1000 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
1001 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
1002 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
1003 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
1004 cmdlen = 16;
1005 break;
1006 case 5:
1007 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1008 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1009 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
1010 cmdlen = 12;
1011 break;
1012 default:
1013 BADF("Unsupported command length, command %x\n", command);
1014 goto fail;
1015 }
1016 #ifdef DEBUG_SCSI
1017 {
1018 int i;
1019 for (i = 1; i < cmdlen; i++) {
1020 printf(" 0x%02x", buf[i]);
1021 }
1022 printf("\n");
1023 }
1024 #endif
1025
1026 if (scsi_req_parse(&r->req, buf) != 0) {
1027 BADF("Unsupported command length, command %x\n", command);
1028 goto fail;
1029 }
1030 assert(r->req.cmd.len == cmdlen);
1031 assert(r->req.cmd.lba == lba);
1032
1033 if (lun || buf[1] >> 5) {
1034 /* Only LUN 0 supported. */
1035 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1036 if (command != REQUEST_SENSE && command != INQUIRY)
1037 goto fail;
1038 }
1039 switch (command) {
1040 case TEST_UNIT_READY:
1041 case REQUEST_SENSE:
1042 case INQUIRY:
1043 case MODE_SENSE:
1044 case MODE_SENSE_10:
1045 case RESERVE:
1046 case RESERVE_10:
1047 case RELEASE:
1048 case RELEASE_10:
1049 case START_STOP:
1050 case ALLOW_MEDIUM_REMOVAL:
1051 case READ_CAPACITY:
1052 case SYNCHRONIZE_CACHE:
1053 case READ_TOC:
1054 case GET_CONFIGURATION:
1055 case SERVICE_ACTION_IN:
1056 case REPORT_LUNS:
1057 case VERIFY:
1058 case REZERO_UNIT:
1059 rc = scsi_disk_emulate_command(&r->req, outbuf);
1060 if (rc > 0) {
1061 r->iov.iov_len = rc;
1062 } else {
1063 scsi_req_complete(&r->req);
1064 scsi_remove_request(r);
1065 return 0;
1066 }
1067 break;
1068 case READ_6:
1069 case READ_10:
1070 case READ_12:
1071 case READ_16:
1072 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1073 if (lba > s->max_lba)
1074 goto illegal_lba;
1075 r->sector = lba * s->cluster_size;
1076 r->sector_count = len * s->cluster_size;
1077 break;
1078 case WRITE_6:
1079 case WRITE_10:
1080 case WRITE_12:
1081 case WRITE_16:
1082 case WRITE_VERIFY:
1083 case WRITE_VERIFY_12:
1084 case WRITE_VERIFY_16:
1085 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1086 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1087 if (lba > s->max_lba)
1088 goto illegal_lba;
1089 r->sector = lba * s->cluster_size;
1090 r->sector_count = len * s->cluster_size;
1091 is_write = 1;
1092 break;
1093 case MODE_SELECT:
1094 DPRINTF("Mode Select(6) (len %d)\n", len);
1095 /* We don't support mode parameter changes.
1096 Allow the mode parameter header + block descriptors only. */
1097 if (len > 12) {
1098 goto fail;
1099 }
1100 break;
1101 case MODE_SELECT_10:
1102 DPRINTF("Mode Select(10) (len %d)\n", len);
1103 /* We don't support mode parameter changes.
1104 Allow the mode parameter header + block descriptors only. */
1105 if (len > 16) {
1106 goto fail;
1107 }
1108 break;
1109 case SEEK_6:
1110 case SEEK_10:
1111 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1112 if (lba > s->max_lba) {
1113 goto illegal_lba;
1114 }
1115 break;
1116 default:
1117 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1118 fail:
1119 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1120 return 0;
1121 illegal_lba:
1122 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1123 return 0;
1124 }
1125 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1126 scsi_command_complete(r, GOOD, NO_SENSE);
1127 }
1128 len = r->sector_count * 512 + r->iov.iov_len;
1129 if (is_write) {
1130 return -len;
1131 } else {
1132 if (!r->sector_count)
1133 r->sector_count = -1;
1134 return len;
1135 }
1136 }
1137
1138 static void scsi_disk_purge_requests(SCSIDiskState *s)
1139 {
1140 SCSIDiskReq *r;
1141
1142 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1143 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1144 if (r->req.aiocb) {
1145 bdrv_aio_cancel(r->req.aiocb);
1146 }
1147 scsi_remove_request(r);
1148 }
1149 }
1150
1151 static void scsi_disk_reset(DeviceState *dev)
1152 {
1153 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1154 uint64_t nb_sectors;
1155
1156 scsi_disk_purge_requests(s);
1157
1158 bdrv_get_geometry(s->bs, &nb_sectors);
1159 nb_sectors /= s->cluster_size;
1160 if (nb_sectors) {
1161 nb_sectors--;
1162 }
1163 s->max_lba = nb_sectors;
1164 }
1165
1166 static void scsi_destroy(SCSIDevice *dev)
1167 {
1168 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1169
1170 scsi_disk_purge_requests(s);
1171 blockdev_mark_auto_del(s->qdev.conf.bs);
1172 }
1173
1174 static int scsi_disk_initfn(SCSIDevice *dev)
1175 {
1176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1177 int is_cd;
1178 DriveInfo *dinfo;
1179
1180 if (!s->qdev.conf.bs) {
1181 error_report("scsi-disk: drive property not set");
1182 return -1;
1183 }
1184 s->bs = s->qdev.conf.bs;
1185 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1186
1187 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1188 error_report("Device needs media, but drive is empty");
1189 return -1;
1190 }
1191
1192 if (!s->serial) {
1193 /* try to fall back to value set with legacy -drive serial=... */
1194 dinfo = drive_get_by_blockdev(s->bs);
1195 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1196 }
1197
1198 if (!s->version) {
1199 s->version = qemu_strdup(QEMU_VERSION);
1200 }
1201
1202 if (bdrv_is_sg(s->bs)) {
1203 error_report("scsi-disk: unwanted /dev/sg*");
1204 return -1;
1205 }
1206
1207 if (is_cd) {
1208 s->qdev.blocksize = 2048;
1209 } else {
1210 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1211 }
1212 s->cluster_size = s->qdev.blocksize / 512;
1213 s->bs->buffer_alignment = s->qdev.blocksize;
1214
1215 s->qdev.type = TYPE_DISK;
1216 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1217 bdrv_set_removable(s->bs, is_cd);
1218 return 0;
1219 }
1220
1221 static SCSIDeviceInfo scsi_disk_info = {
1222 .qdev.name = "scsi-disk",
1223 .qdev.desc = "virtual scsi disk or cdrom",
1224 .qdev.size = sizeof(SCSIDiskState),
1225 .qdev.reset = scsi_disk_reset,
1226 .init = scsi_disk_initfn,
1227 .destroy = scsi_destroy,
1228 .send_command = scsi_send_command,
1229 .read_data = scsi_read_data,
1230 .write_data = scsi_write_data,
1231 .cancel_io = scsi_cancel_io,
1232 .get_buf = scsi_get_buf,
1233 .qdev.props = (Property[]) {
1234 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1235 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1236 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1237 DEFINE_PROP_END_OF_LIST(),
1238 },
1239 };
1240
1241 static void scsi_disk_register_devices(void)
1242 {
1243 scsi_qdev_register(&scsi_disk_info);
1244 }
1245 device_init(scsi_disk_register_devices)
Qemu copy for testing