]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Use glib memory allocation and free functions
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
49
50 typedef struct SCSIDiskState SCSIDiskState;
51
52 typedef struct SCSIDiskReq {
53 SCSIRequest req;
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
55 uint64_t sector;
56 uint32_t sector_count;
57 struct iovec iov;
58 QEMUIOVector qiov;
59 uint32_t status;
60 } SCSIDiskReq;
61
62 struct SCSIDiskState
63 {
64 SCSIDevice qdev;
65 BlockDriverState *bs;
66 /* The qemu block layer uses a fixed 512 byte sector size.
67 This is the number of 512 byte blocks in a single scsi sector. */
68 int cluster_size;
69 uint32_t removable;
70 uint64_t max_lba;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 };
75
76 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
77 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf);
78
79 static void scsi_free_request(SCSIRequest *req)
80 {
81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82
83 qemu_vfree(r->iov.iov_base);
84 }
85
86 /* Helper function for command completion with sense. */
87 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
88 {
89 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
90 r->req.tag, sense.key, sense.asc, sense.ascq);
91 scsi_req_build_sense(&r->req, sense);
92 scsi_req_complete(&r->req, CHECK_CONDITION);
93 }
94
95 /* Cancel a pending data transfer. */
96 static void scsi_cancel_io(SCSIRequest *req)
97 {
98 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
99
100 DPRINTF("Cancel tag=0x%x\n", req->tag);
101 if (r->req.aiocb) {
102 bdrv_aio_cancel(r->req.aiocb);
103 }
104 r->req.aiocb = NULL;
105 }
106
107 static void scsi_read_complete(void * opaque, int ret)
108 {
109 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
110 int n;
111
112 r->req.aiocb = NULL;
113
114 if (ret) {
115 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
116 return;
117 }
118 }
119
120 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
121
122 n = r->iov.iov_len / 512;
123 r->sector += n;
124 r->sector_count -= n;
125 scsi_req_data(&r->req, r->iov.iov_len);
126 }
127
128
129 /* Read more data from scsi device into buffer. */
130 static void scsi_read_data(SCSIRequest *req)
131 {
132 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
133 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
134 uint32_t n;
135
136 if (r->sector_count == (uint32_t)-1) {
137 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
138 r->sector_count = 0;
139 scsi_req_data(&r->req, r->iov.iov_len);
140 return;
141 }
142 DPRINTF("Read sector_count=%d\n", r->sector_count);
143 if (r->sector_count == 0) {
144 /* This also clears the sense buffer for REQUEST SENSE. */
145 scsi_req_complete(&r->req, GOOD);
146 return;
147 }
148
149 /* No data transfer may already be in progress */
150 assert(r->req.aiocb == NULL);
151
152 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
153 DPRINTF("Data transfer direction invalid\n");
154 scsi_read_complete(r, -EINVAL);
155 return;
156 }
157
158 n = r->sector_count;
159 if (n > SCSI_DMA_BUF_SIZE / 512)
160 n = SCSI_DMA_BUF_SIZE / 512;
161
162 r->iov.iov_len = n * 512;
163 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
164 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
165 scsi_read_complete, r);
166 if (r->req.aiocb == NULL) {
167 scsi_read_complete(r, -EIO);
168 }
169 }
170
171 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
172 {
173 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
175 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
176
177 if (action == BLOCK_ERR_IGNORE) {
178 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
179 return 0;
180 }
181
182 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
183 || action == BLOCK_ERR_STOP_ANY) {
184
185 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
186 r->status |= SCSI_REQ_STATUS_RETRY | type;
187
188 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
189 vm_stop(VMSTOP_DISKFULL);
190 } else {
191 switch (error) {
192 case ENOMEM:
193 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
194 break;
195 case EINVAL:
196 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
197 break;
198 default:
199 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
200 break;
201 }
202 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
203 }
204 return 1;
205 }
206
207 static void scsi_write_complete(void * opaque, int ret)
208 {
209 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
210 uint32_t len;
211 uint32_t n;
212
213 r->req.aiocb = NULL;
214
215 if (ret) {
216 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
217 return;
218 }
219 }
220
221 n = r->iov.iov_len / 512;
222 r->sector += n;
223 r->sector_count -= n;
224 if (r->sector_count == 0) {
225 scsi_req_complete(&r->req, GOOD);
226 } else {
227 len = r->sector_count * 512;
228 if (len > SCSI_DMA_BUF_SIZE) {
229 len = SCSI_DMA_BUF_SIZE;
230 }
231 r->iov.iov_len = len;
232 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
233 scsi_req_data(&r->req, len);
234 }
235 }
236
237 static void scsi_write_data(SCSIRequest *req)
238 {
239 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
240 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
241 uint32_t n;
242
243 /* No data transfer may already be in progress */
244 assert(r->req.aiocb == NULL);
245
246 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
247 DPRINTF("Data transfer direction invalid\n");
248 scsi_write_complete(r, -EINVAL);
249 return;
250 }
251
252 n = r->iov.iov_len / 512;
253 if (n) {
254 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
255 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
256 scsi_write_complete, r);
257 if (r->req.aiocb == NULL) {
258 scsi_write_complete(r, -ENOMEM);
259 }
260 } else {
261 /* Invoke completion routine to fetch data from host. */
262 scsi_write_complete(r, 0);
263 }
264 }
265
266 static void scsi_dma_restart_bh(void *opaque)
267 {
268 SCSIDiskState *s = opaque;
269 SCSIRequest *req;
270 SCSIDiskReq *r;
271
272 qemu_bh_delete(s->bh);
273 s->bh = NULL;
274
275 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
276 r = DO_UPCAST(SCSIDiskReq, req, req);
277 if (r->status & SCSI_REQ_STATUS_RETRY) {
278 int status = r->status;
279 int ret;
280
281 r->status &=
282 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
283
284 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
285 case SCSI_REQ_STATUS_RETRY_READ:
286 scsi_read_data(&r->req);
287 break;
288 case SCSI_REQ_STATUS_RETRY_WRITE:
289 scsi_write_data(&r->req);
290 break;
291 case SCSI_REQ_STATUS_RETRY_FLUSH:
292 ret = scsi_disk_emulate_command(r, r->iov.iov_base);
293 if (ret == 0) {
294 scsi_req_complete(&r->req, GOOD);
295 }
296 }
297 }
298 }
299 }
300
301 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
302 {
303 SCSIDiskState *s = opaque;
304
305 if (!running)
306 return;
307
308 if (!s->bh) {
309 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
310 qemu_bh_schedule(s->bh);
311 }
312 }
313
314 /* Return a pointer to the data buffer. */
315 static uint8_t *scsi_get_buf(SCSIRequest *req)
316 {
317 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
318
319 return (uint8_t *)r->iov.iov_base;
320 }
321
322 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
323 {
324 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
325 int buflen = 0;
326
327 if (req->cmd.buf[1] & 0x2) {
328 /* Command support data - optional, not implemented */
329 BADF("optional INQUIRY command support request not implemented\n");
330 return -1;
331 }
332
333 if (req->cmd.buf[1] & 0x1) {
334 /* Vital product data */
335 uint8_t page_code = req->cmd.buf[2];
336 if (req->cmd.xfer < 4) {
337 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
338 "less than 4\n", page_code, req->cmd.xfer);
339 return -1;
340 }
341
342 if (s->qdev.type == TYPE_ROM) {
343 outbuf[buflen++] = 5;
344 } else {
345 outbuf[buflen++] = 0;
346 }
347 outbuf[buflen++] = page_code ; // this page
348 outbuf[buflen++] = 0x00;
349
350 switch (page_code) {
351 case 0x00: /* Supported page codes, mandatory */
352 {
353 int pages;
354 DPRINTF("Inquiry EVPD[Supported pages] "
355 "buffer size %zd\n", req->cmd.xfer);
356 pages = buflen++;
357 outbuf[buflen++] = 0x00; // list of supported pages (this page)
358 if (s->serial)
359 outbuf[buflen++] = 0x80; // unit serial number
360 outbuf[buflen++] = 0x83; // device identification
361 if (s->qdev.type == TYPE_DISK) {
362 outbuf[buflen++] = 0xb0; // block limits
363 outbuf[buflen++] = 0xb2; // thin provisioning
364 }
365 outbuf[pages] = buflen - pages - 1; // number of pages
366 break;
367 }
368 case 0x80: /* Device serial number, optional */
369 {
370 int l;
371
372 if (!s->serial) {
373 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
374 return -1;
375 }
376
377 l = strlen(s->serial);
378 if (l > req->cmd.xfer)
379 l = req->cmd.xfer;
380 if (l > 20)
381 l = 20;
382
383 DPRINTF("Inquiry EVPD[Serial number] "
384 "buffer size %zd\n", req->cmd.xfer);
385 outbuf[buflen++] = l;
386 memcpy(outbuf+buflen, s->serial, l);
387 buflen += l;
388 break;
389 }
390
391 case 0x83: /* Device identification page, mandatory */
392 {
393 int max_len = 255 - 8;
394 int id_len = strlen(bdrv_get_device_name(s->bs));
395
396 if (id_len > max_len)
397 id_len = max_len;
398 DPRINTF("Inquiry EVPD[Device identification] "
399 "buffer size %zd\n", req->cmd.xfer);
400
401 outbuf[buflen++] = 4 + id_len;
402 outbuf[buflen++] = 0x2; // ASCII
403 outbuf[buflen++] = 0; // not officially assigned
404 outbuf[buflen++] = 0; // reserved
405 outbuf[buflen++] = id_len; // length of data following
406
407 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
408 buflen += id_len;
409 break;
410 }
411 case 0xb0: /* block limits */
412 {
413 unsigned int unmap_sectors =
414 s->qdev.conf.discard_granularity / s->qdev.blocksize;
415 unsigned int min_io_size =
416 s->qdev.conf.min_io_size / s->qdev.blocksize;
417 unsigned int opt_io_size =
418 s->qdev.conf.opt_io_size / s->qdev.blocksize;
419
420 if (s->qdev.type == TYPE_ROM) {
421 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
422 page_code);
423 return -1;
424 }
425 /* required VPD size with unmap support */
426 outbuf[3] = buflen = 0x3c;
427
428 memset(outbuf + 4, 0, buflen - 4);
429
430 /* optimal transfer length granularity */
431 outbuf[6] = (min_io_size >> 8) & 0xff;
432 outbuf[7] = min_io_size & 0xff;
433
434 /* optimal transfer length */
435 outbuf[12] = (opt_io_size >> 24) & 0xff;
436 outbuf[13] = (opt_io_size >> 16) & 0xff;
437 outbuf[14] = (opt_io_size >> 8) & 0xff;
438 outbuf[15] = opt_io_size & 0xff;
439
440 /* optimal unmap granularity */
441 outbuf[28] = (unmap_sectors >> 24) & 0xff;
442 outbuf[29] = (unmap_sectors >> 16) & 0xff;
443 outbuf[30] = (unmap_sectors >> 8) & 0xff;
444 outbuf[31] = unmap_sectors & 0xff;
445 break;
446 }
447 case 0xb2: /* thin provisioning */
448 {
449 outbuf[3] = buflen = 8;
450 outbuf[4] = 0;
451 outbuf[5] = 0x40; /* write same with unmap supported */
452 outbuf[6] = 0;
453 outbuf[7] = 0;
454 break;
455 }
456 default:
457 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
458 "buffer size %zd\n", page_code, req->cmd.xfer);
459 return -1;
460 }
461 /* done with EVPD */
462 return buflen;
463 }
464
465 /* Standard INQUIRY data */
466 if (req->cmd.buf[2] != 0) {
467 BADF("Error: Inquiry (STANDARD) page or code "
468 "is non-zero [%02X]\n", req->cmd.buf[2]);
469 return -1;
470 }
471
472 /* PAGE CODE == 0 */
473 if (req->cmd.xfer < 5) {
474 BADF("Error: Inquiry (STANDARD) buffer size %zd "
475 "is less than 5\n", req->cmd.xfer);
476 return -1;
477 }
478
479 buflen = req->cmd.xfer;
480 if (buflen > SCSI_MAX_INQUIRY_LEN)
481 buflen = SCSI_MAX_INQUIRY_LEN;
482
483 memset(outbuf, 0, buflen);
484
485 outbuf[0] = s->qdev.type & 0x1f;
486 if (s->qdev.type == TYPE_ROM) {
487 outbuf[1] = 0x80;
488 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
489 } else {
490 outbuf[1] = s->removable ? 0x80 : 0;
491 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
492 }
493 memcpy(&outbuf[8], "QEMU ", 8);
494 memset(&outbuf[32], 0, 4);
495 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
496 /*
497 * We claim conformance to SPC-3, which is required for guests
498 * to ask for modern features like READ CAPACITY(16) or the
499 * block characteristics VPD page by default. Not all of SPC-3
500 * is actually implemented, but we're good enough.
501 */
502 outbuf[2] = 5;
503 outbuf[3] = 2; /* Format 2 */
504
505 if (buflen > 36) {
506 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
507 } else {
508 /* If the allocation length of CDB is too small,
509 the additional length is not adjusted */
510 outbuf[4] = 36 - 5;
511 }
512
513 /* Sync data transfer and TCQ. */
514 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
515 return buflen;
516 }
517
518 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
519 int page_control)
520 {
521 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
522 BlockDriverState *bdrv = s->bs;
523 int cylinders, heads, secs;
524
525 /*
526 * If Changeable Values are requested, a mask denoting those mode parameters
527 * that are changeable shall be returned. As we currently don't support
528 * parameter changes via MODE_SELECT all bits are returned set to zero.
529 * The buffer was already menset to zero by the caller of this function.
530 */
531 switch (page) {
532 case 4: /* Rigid disk device geometry page. */
533 p[0] = 4;
534 p[1] = 0x16;
535 if (page_control == 1) { /* Changeable Values */
536 return p[1] + 2;
537 }
538 /* if a geometry hint is available, use it */
539 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
540 p[2] = (cylinders >> 16) & 0xff;
541 p[3] = (cylinders >> 8) & 0xff;
542 p[4] = cylinders & 0xff;
543 p[5] = heads & 0xff;
544 /* Write precomp start cylinder, disabled */
545 p[6] = (cylinders >> 16) & 0xff;
546 p[7] = (cylinders >> 8) & 0xff;
547 p[8] = cylinders & 0xff;
548 /* Reduced current start cylinder, disabled */
549 p[9] = (cylinders >> 16) & 0xff;
550 p[10] = (cylinders >> 8) & 0xff;
551 p[11] = cylinders & 0xff;
552 /* Device step rate [ns], 200ns */
553 p[12] = 0;
554 p[13] = 200;
555 /* Landing zone cylinder */
556 p[14] = 0xff;
557 p[15] = 0xff;
558 p[16] = 0xff;
559 /* Medium rotation rate [rpm], 5400 rpm */
560 p[20] = (5400 >> 8) & 0xff;
561 p[21] = 5400 & 0xff;
562 return p[1] + 2;
563
564 case 5: /* Flexible disk device geometry page. */
565 p[0] = 5;
566 p[1] = 0x1e;
567 if (page_control == 1) { /* Changeable Values */
568 return p[1] + 2;
569 }
570 /* Transfer rate [kbit/s], 5Mbit/s */
571 p[2] = 5000 >> 8;
572 p[3] = 5000 & 0xff;
573 /* if a geometry hint is available, use it */
574 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
575 p[4] = heads & 0xff;
576 p[5] = secs & 0xff;
577 p[6] = s->cluster_size * 2;
578 p[8] = (cylinders >> 8) & 0xff;
579 p[9] = cylinders & 0xff;
580 /* Write precomp start cylinder, disabled */
581 p[10] = (cylinders >> 8) & 0xff;
582 p[11] = cylinders & 0xff;
583 /* Reduced current start cylinder, disabled */
584 p[12] = (cylinders >> 8) & 0xff;
585 p[13] = cylinders & 0xff;
586 /* Device step rate [100us], 100us */
587 p[14] = 0;
588 p[15] = 1;
589 /* Device step pulse width [us], 1us */
590 p[16] = 1;
591 /* Device head settle delay [100us], 100us */
592 p[17] = 0;
593 p[18] = 1;
594 /* Motor on delay [0.1s], 0.1s */
595 p[19] = 1;
596 /* Motor off delay [0.1s], 0.1s */
597 p[20] = 1;
598 /* Medium rotation rate [rpm], 5400 rpm */
599 p[28] = (5400 >> 8) & 0xff;
600 p[29] = 5400 & 0xff;
601 return p[1] + 2;
602
603 case 8: /* Caching page. */
604 p[0] = 8;
605 p[1] = 0x12;
606 if (page_control == 1) { /* Changeable Values */
607 return p[1] + 2;
608 }
609 if (bdrv_enable_write_cache(s->bs)) {
610 p[2] = 4; /* WCE */
611 }
612 return p[1] + 2;
613
614 case 0x2a: /* CD Capabilities and Mechanical Status page. */
615 if (s->qdev.type != TYPE_ROM)
616 return 0;
617 p[0] = 0x2a;
618 p[1] = 0x14;
619 if (page_control == 1) { /* Changeable Values */
620 return p[1] + 2;
621 }
622 p[2] = 3; // CD-R & CD-RW read
623 p[3] = 0; // Writing not supported
624 p[4] = 0x7f; /* Audio, composite, digital out,
625 mode 2 form 1&2, multi session */
626 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
627 RW corrected, C2 errors, ISRC,
628 UPC, Bar code */
629 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
630 /* Locking supported, jumper present, eject, tray */
631 p[7] = 0; /* no volume & mute control, no
632 changer */
633 p[8] = (50 * 176) >> 8; // 50x read speed
634 p[9] = (50 * 176) & 0xff;
635 p[10] = 0 >> 8; // No volume
636 p[11] = 0 & 0xff;
637 p[12] = 2048 >> 8; // 2M buffer
638 p[13] = 2048 & 0xff;
639 p[14] = (16 * 176) >> 8; // 16x read speed current
640 p[15] = (16 * 176) & 0xff;
641 p[18] = (16 * 176) >> 8; // 16x write speed
642 p[19] = (16 * 176) & 0xff;
643 p[20] = (16 * 176) >> 8; // 16x write speed current
644 p[21] = (16 * 176) & 0xff;
645 return p[1] + 2;
646
647 default:
648 return 0;
649 }
650 }
651
652 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
653 {
654 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
655 uint64_t nb_sectors;
656 int page, dbd, buflen, page_control;
657 uint8_t *p;
658 uint8_t dev_specific_param;
659
660 dbd = req->cmd.buf[1] & 0x8;
661 page = req->cmd.buf[2] & 0x3f;
662 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
663 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
664 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
665 memset(outbuf, 0, req->cmd.xfer);
666 p = outbuf;
667
668 if (bdrv_is_read_only(s->bs)) {
669 dev_specific_param = 0x80; /* Readonly. */
670 } else {
671 dev_specific_param = 0x00;
672 }
673
674 if (req->cmd.buf[0] == MODE_SENSE) {
675 p[1] = 0; /* Default media type. */
676 p[2] = dev_specific_param;
677 p[3] = 0; /* Block descriptor length. */
678 p += 4;
679 } else { /* MODE_SENSE_10 */
680 p[2] = 0; /* Default media type. */
681 p[3] = dev_specific_param;
682 p[6] = p[7] = 0; /* Block descriptor length. */
683 p += 8;
684 }
685
686 bdrv_get_geometry(s->bs, &nb_sectors);
687 if (!dbd && nb_sectors) {
688 if (req->cmd.buf[0] == MODE_SENSE) {
689 outbuf[3] = 8; /* Block descriptor length */
690 } else { /* MODE_SENSE_10 */
691 outbuf[7] = 8; /* Block descriptor length */
692 }
693 nb_sectors /= s->cluster_size;
694 if (nb_sectors > 0xffffff)
695 nb_sectors = 0;
696 p[0] = 0; /* media density code */
697 p[1] = (nb_sectors >> 16) & 0xff;
698 p[2] = (nb_sectors >> 8) & 0xff;
699 p[3] = nb_sectors & 0xff;
700 p[4] = 0; /* reserved */
701 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
702 p[6] = s->cluster_size * 2;
703 p[7] = 0;
704 p += 8;
705 }
706
707 if (page_control == 3) { /* Saved Values */
708 return -1; /* ILLEGAL_REQUEST */
709 }
710
711 switch (page) {
712 case 0x04:
713 case 0x05:
714 case 0x08:
715 case 0x2a:
716 p += mode_sense_page(req, page, p, page_control);
717 break;
718 case 0x3f:
719 p += mode_sense_page(req, 0x08, p, page_control);
720 p += mode_sense_page(req, 0x2a, p, page_control);
721 break;
722 default:
723 return -1; /* ILLEGAL_REQUEST */
724 }
725
726 buflen = p - outbuf;
727 /*
728 * The mode data length field specifies the length in bytes of the
729 * following data that is available to be transferred. The mode data
730 * length does not include itself.
731 */
732 if (req->cmd.buf[0] == MODE_SENSE) {
733 outbuf[0] = buflen - 1;
734 } else { /* MODE_SENSE_10 */
735 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
736 outbuf[1] = (buflen - 2) & 0xff;
737 }
738 if (buflen > req->cmd.xfer)
739 buflen = req->cmd.xfer;
740 return buflen;
741 }
742
743 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
744 {
745 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
746 int start_track, format, msf, toclen;
747 uint64_t nb_sectors;
748
749 msf = req->cmd.buf[1] & 2;
750 format = req->cmd.buf[2] & 0xf;
751 start_track = req->cmd.buf[6];
752 bdrv_get_geometry(s->bs, &nb_sectors);
753 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
754 nb_sectors /= s->cluster_size;
755 switch (format) {
756 case 0:
757 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
758 break;
759 case 1:
760 /* multi session : only a single session defined */
761 toclen = 12;
762 memset(outbuf, 0, 12);
763 outbuf[1] = 0x0a;
764 outbuf[2] = 0x01;
765 outbuf[3] = 0x01;
766 break;
767 case 2:
768 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
769 break;
770 default:
771 return -1;
772 }
773 if (toclen > req->cmd.xfer)
774 toclen = req->cmd.xfer;
775 return toclen;
776 }
777
778 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
779 {
780 SCSIRequest *req = &r->req;
781 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
782 uint64_t nb_sectors;
783 int buflen = 0;
784 int ret;
785
786 switch (req->cmd.buf[0]) {
787 case TEST_UNIT_READY:
788 if (!bdrv_is_inserted(s->bs))
789 goto not_ready;
790 break;
791 case INQUIRY:
792 buflen = scsi_disk_emulate_inquiry(req, outbuf);
793 if (buflen < 0)
794 goto illegal_request;
795 break;
796 case MODE_SENSE:
797 case MODE_SENSE_10:
798 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
799 if (buflen < 0)
800 goto illegal_request;
801 break;
802 case READ_TOC:
803 buflen = scsi_disk_emulate_read_toc(req, outbuf);
804 if (buflen < 0)
805 goto illegal_request;
806 break;
807 case RESERVE:
808 if (req->cmd.buf[1] & 1)
809 goto illegal_request;
810 break;
811 case RESERVE_10:
812 if (req->cmd.buf[1] & 3)
813 goto illegal_request;
814 break;
815 case RELEASE:
816 if (req->cmd.buf[1] & 1)
817 goto illegal_request;
818 break;
819 case RELEASE_10:
820 if (req->cmd.buf[1] & 3)
821 goto illegal_request;
822 break;
823 case START_STOP:
824 if (s->qdev.type == TYPE_ROM && (req->cmd.buf[4] & 2)) {
825 /* load/eject medium */
826 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
827 }
828 break;
829 case ALLOW_MEDIUM_REMOVAL:
830 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
831 break;
832 case READ_CAPACITY_10:
833 /* The normal LEN field for this command is zero. */
834 memset(outbuf, 0, 8);
835 bdrv_get_geometry(s->bs, &nb_sectors);
836 if (!nb_sectors)
837 goto not_ready;
838 nb_sectors /= s->cluster_size;
839 /* Returned value is the address of the last sector. */
840 nb_sectors--;
841 /* Remember the new size for read/write sanity checking. */
842 s->max_lba = nb_sectors;
843 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
844 if (nb_sectors > UINT32_MAX)
845 nb_sectors = UINT32_MAX;
846 outbuf[0] = (nb_sectors >> 24) & 0xff;
847 outbuf[1] = (nb_sectors >> 16) & 0xff;
848 outbuf[2] = (nb_sectors >> 8) & 0xff;
849 outbuf[3] = nb_sectors & 0xff;
850 outbuf[4] = 0;
851 outbuf[5] = 0;
852 outbuf[6] = s->cluster_size * 2;
853 outbuf[7] = 0;
854 buflen = 8;
855 break;
856 case SYNCHRONIZE_CACHE:
857 ret = bdrv_flush(s->bs);
858 if (ret < 0) {
859 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
860 return -1;
861 }
862 }
863 break;
864 case GET_CONFIGURATION:
865 memset(outbuf, 0, 8);
866 /* ??? This should probably return much more information. For now
867 just return the basic header indicating the CD-ROM profile. */
868 outbuf[7] = 8; // CD-ROM
869 buflen = 8;
870 break;
871 case SERVICE_ACTION_IN:
872 /* Service Action In subcommands. */
873 if ((req->cmd.buf[1] & 31) == 0x10) {
874 DPRINTF("SAI READ CAPACITY(16)\n");
875 memset(outbuf, 0, req->cmd.xfer);
876 bdrv_get_geometry(s->bs, &nb_sectors);
877 if (!nb_sectors)
878 goto not_ready;
879 nb_sectors /= s->cluster_size;
880 /* Returned value is the address of the last sector. */
881 nb_sectors--;
882 /* Remember the new size for read/write sanity checking. */
883 s->max_lba = nb_sectors;
884 outbuf[0] = (nb_sectors >> 56) & 0xff;
885 outbuf[1] = (nb_sectors >> 48) & 0xff;
886 outbuf[2] = (nb_sectors >> 40) & 0xff;
887 outbuf[3] = (nb_sectors >> 32) & 0xff;
888 outbuf[4] = (nb_sectors >> 24) & 0xff;
889 outbuf[5] = (nb_sectors >> 16) & 0xff;
890 outbuf[6] = (nb_sectors >> 8) & 0xff;
891 outbuf[7] = nb_sectors & 0xff;
892 outbuf[8] = 0;
893 outbuf[9] = 0;
894 outbuf[10] = s->cluster_size * 2;
895 outbuf[11] = 0;
896 outbuf[12] = 0;
897 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
898
899 /* set TPE bit if the format supports discard */
900 if (s->qdev.conf.discard_granularity) {
901 outbuf[14] = 0x80;
902 }
903
904 /* Protection, exponent and lowest lba field left blank. */
905 buflen = req->cmd.xfer;
906 break;
907 }
908 DPRINTF("Unsupported Service Action In\n");
909 goto illegal_request;
910 case VERIFY_10:
911 break;
912 default:
913 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
914 return -1;
915 }
916 return buflen;
917
918 not_ready:
919 if (!bdrv_is_inserted(s->bs)) {
920 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
921 } else {
922 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
923 }
924 return -1;
925
926 illegal_request:
927 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
928 return -1;
929 }
930
931 /* Execute a scsi command. Returns the length of the data expected by the
932 command. This will be Positive for data transfers from the device
933 (eg. disk reads), negative for transfers to the device (eg. disk writes),
934 and zero if the command does not transfer any data. */
935
936 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
937 {
938 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
939 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
940 int32_t len;
941 uint8_t command;
942 uint8_t *outbuf;
943 int rc;
944
945 command = buf[0];
946 outbuf = (uint8_t *)r->iov.iov_base;
947 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
948
949 #ifdef DEBUG_SCSI
950 {
951 int i;
952 for (i = 1; i < r->req.cmd.len; i++) {
953 printf(" 0x%02x", buf[i]);
954 }
955 printf("\n");
956 }
957 #endif
958
959 switch (command) {
960 case TEST_UNIT_READY:
961 case INQUIRY:
962 case MODE_SENSE:
963 case MODE_SENSE_10:
964 case RESERVE:
965 case RESERVE_10:
966 case RELEASE:
967 case RELEASE_10:
968 case START_STOP:
969 case ALLOW_MEDIUM_REMOVAL:
970 case READ_CAPACITY_10:
971 case SYNCHRONIZE_CACHE:
972 case READ_TOC:
973 case GET_CONFIGURATION:
974 case SERVICE_ACTION_IN:
975 case VERIFY_10:
976 rc = scsi_disk_emulate_command(r, outbuf);
977 if (rc < 0) {
978 return 0;
979 }
980
981 r->iov.iov_len = rc;
982 break;
983 case READ_6:
984 case READ_10:
985 case READ_12:
986 case READ_16:
987 len = r->req.cmd.xfer / s->qdev.blocksize;
988 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
989 if (r->req.cmd.lba > s->max_lba)
990 goto illegal_lba;
991 r->sector = r->req.cmd.lba * s->cluster_size;
992 r->sector_count = len * s->cluster_size;
993 break;
994 case WRITE_6:
995 case WRITE_10:
996 case WRITE_12:
997 case WRITE_16:
998 case WRITE_VERIFY_10:
999 case WRITE_VERIFY_12:
1000 case WRITE_VERIFY_16:
1001 len = r->req.cmd.xfer / s->qdev.blocksize;
1002 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1003 (command & 0xe) == 0xe ? "And Verify " : "",
1004 r->req.cmd.lba, len);
1005 if (r->req.cmd.lba > s->max_lba)
1006 goto illegal_lba;
1007 r->sector = r->req.cmd.lba * s->cluster_size;
1008 r->sector_count = len * s->cluster_size;
1009 break;
1010 case MODE_SELECT:
1011 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1012 /* We don't support mode parameter changes.
1013 Allow the mode parameter header + block descriptors only. */
1014 if (r->req.cmd.xfer > 12) {
1015 goto fail;
1016 }
1017 break;
1018 case MODE_SELECT_10:
1019 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1020 /* We don't support mode parameter changes.
1021 Allow the mode parameter header + block descriptors only. */
1022 if (r->req.cmd.xfer > 16) {
1023 goto fail;
1024 }
1025 break;
1026 case SEEK_6:
1027 case SEEK_10:
1028 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1029 r->req.cmd.lba);
1030 if (r->req.cmd.lba > s->max_lba) {
1031 goto illegal_lba;
1032 }
1033 break;
1034 case WRITE_SAME_16:
1035 len = r->req.cmd.xfer / s->qdev.blocksize;
1036
1037 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1038 r->req.cmd.lba, len);
1039
1040 if (r->req.cmd.lba > s->max_lba) {
1041 goto illegal_lba;
1042 }
1043
1044 /*
1045 * We only support WRITE SAME with the unmap bit set for now.
1046 */
1047 if (!(buf[1] & 0x8)) {
1048 goto fail;
1049 }
1050
1051 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1052 len * s->cluster_size);
1053 if (rc < 0) {
1054 /* XXX: better error code ?*/
1055 goto fail;
1056 }
1057
1058 break;
1059 case REQUEST_SENSE:
1060 abort();
1061 default:
1062 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1063 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1064 return 0;
1065 fail:
1066 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1067 return 0;
1068 illegal_lba:
1069 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1070 return 0;
1071 }
1072 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1073 scsi_req_complete(&r->req, GOOD);
1074 }
1075 len = r->sector_count * 512 + r->iov.iov_len;
1076 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1077 return -len;
1078 } else {
1079 if (!r->sector_count)
1080 r->sector_count = -1;
1081 return len;
1082 }
1083 }
1084
1085 static void scsi_disk_reset(DeviceState *dev)
1086 {
1087 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1088 uint64_t nb_sectors;
1089
1090 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1091
1092 bdrv_get_geometry(s->bs, &nb_sectors);
1093 nb_sectors /= s->cluster_size;
1094 if (nb_sectors) {
1095 nb_sectors--;
1096 }
1097 s->max_lba = nb_sectors;
1098 }
1099
1100 static void scsi_destroy(SCSIDevice *dev)
1101 {
1102 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1103
1104 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1105 blockdev_mark_auto_del(s->qdev.conf.bs);
1106 }
1107
1108 static int scsi_initfn(SCSIDevice *dev, uint8_t scsi_type)
1109 {
1110 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1111 DriveInfo *dinfo;
1112
1113 if (!s->qdev.conf.bs) {
1114 error_report("scsi-disk: drive property not set");
1115 return -1;
1116 }
1117 s->bs = s->qdev.conf.bs;
1118
1119 if (scsi_type == TYPE_DISK && !bdrv_is_inserted(s->bs)) {
1120 error_report("Device needs media, but drive is empty");
1121 return -1;
1122 }
1123
1124 if (!s->serial) {
1125 /* try to fall back to value set with legacy -drive serial=... */
1126 dinfo = drive_get_by_blockdev(s->bs);
1127 if (*dinfo->serial) {
1128 s->serial = g_strdup(dinfo->serial);
1129 }
1130 }
1131
1132 if (!s->version) {
1133 s->version = g_strdup(QEMU_VERSION);
1134 }
1135
1136 if (bdrv_is_sg(s->bs)) {
1137 error_report("scsi-disk: unwanted /dev/sg*");
1138 return -1;
1139 }
1140
1141 if (scsi_type == TYPE_ROM) {
1142 s->qdev.blocksize = 2048;
1143 } else if (scsi_type == TYPE_DISK) {
1144 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1145 } else {
1146 error_report("scsi-disk: Unhandled SCSI type %02x", scsi_type);
1147 return -1;
1148 }
1149 s->cluster_size = s->qdev.blocksize / 512;
1150 s->bs->buffer_alignment = s->qdev.blocksize;
1151
1152 s->qdev.type = scsi_type;
1153 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1154 bdrv_set_removable(s->bs, scsi_type == TYPE_ROM);
1155 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1156 return 0;
1157 }
1158
1159 static int scsi_hd_initfn(SCSIDevice *dev)
1160 {
1161 return scsi_initfn(dev, TYPE_DISK);
1162 }
1163
1164 static int scsi_cd_initfn(SCSIDevice *dev)
1165 {
1166 return scsi_initfn(dev, TYPE_ROM);
1167 }
1168
1169 static int scsi_disk_initfn(SCSIDevice *dev)
1170 {
1171 DriveInfo *dinfo;
1172 uint8_t scsi_type;
1173
1174 if (!dev->conf.bs) {
1175 scsi_type = TYPE_DISK; /* will die in scsi_initfn() */
1176 } else {
1177 dinfo = drive_get_by_blockdev(dev->conf.bs);
1178 scsi_type = dinfo->media_cd ? TYPE_ROM : TYPE_DISK;
1179 }
1180
1181 return scsi_initfn(dev, scsi_type);
1182 }
1183
1184 static SCSIReqOps scsi_disk_reqops = {
1185 .size = sizeof(SCSIDiskReq),
1186 .free_req = scsi_free_request,
1187 .send_command = scsi_send_command,
1188 .read_data = scsi_read_data,
1189 .write_data = scsi_write_data,
1190 .cancel_io = scsi_cancel_io,
1191 .get_buf = scsi_get_buf,
1192 };
1193
1194 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
1195 uint32_t lun, void *hba_private)
1196 {
1197 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1198 SCSIRequest *req;
1199 SCSIDiskReq *r;
1200
1201 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1202 r = DO_UPCAST(SCSIDiskReq, req, req);
1203 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
1204 return req;
1205 }
1206
1207 #define DEFINE_SCSI_DISK_PROPERTIES() \
1208 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1209 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1210 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1211
1212 static SCSIDeviceInfo scsi_disk_info[] = {
1213 {
1214 .qdev.name = "scsi-hd",
1215 .qdev.fw_name = "disk",
1216 .qdev.desc = "virtual SCSI disk",
1217 .qdev.size = sizeof(SCSIDiskState),
1218 .qdev.reset = scsi_disk_reset,
1219 .init = scsi_hd_initfn,
1220 .destroy = scsi_destroy,
1221 .alloc_req = scsi_new_request,
1222 .qdev.props = (Property[]) {
1223 DEFINE_SCSI_DISK_PROPERTIES(),
1224 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1225 DEFINE_PROP_END_OF_LIST(),
1226 }
1227 },{
1228 .qdev.name = "scsi-cd",
1229 .qdev.fw_name = "disk",
1230 .qdev.desc = "virtual SCSI CD-ROM",
1231 .qdev.size = sizeof(SCSIDiskState),
1232 .qdev.reset = scsi_disk_reset,
1233 .init = scsi_cd_initfn,
1234 .destroy = scsi_destroy,
1235 .alloc_req = scsi_new_request,
1236 .qdev.props = (Property[]) {
1237 DEFINE_SCSI_DISK_PROPERTIES(),
1238 DEFINE_PROP_END_OF_LIST(),
1239 },
1240 },{
1241 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1242 .qdev.fw_name = "disk",
1243 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1244 .qdev.size = sizeof(SCSIDiskState),
1245 .qdev.reset = scsi_disk_reset,
1246 .init = scsi_disk_initfn,
1247 .destroy = scsi_destroy,
1248 .alloc_req = scsi_new_request,
1249 .qdev.props = (Property[]) {
1250 DEFINE_SCSI_DISK_PROPERTIES(),
1251 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1252 DEFINE_PROP_END_OF_LIST(),
1253 }
1254 }
1255 };
1256
1257 static void scsi_disk_register_devices(void)
1258 {
1259 int i;
1260
1261 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1262 scsi_qdev_register(&scsi_disk_info[i]);
1263 }
1264 }
1265 device_init(scsi_disk_register_devices)
Qemu copy for testing