]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi: force unit access on VERIFY
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41 #include "dma.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
49
50 typedef struct SCSIDiskState SCSIDiskState;
51
52 typedef struct SCSIDiskReq {
53 SCSIRequest req;
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
55 uint64_t sector;
56 uint32_t sector_count;
57 uint32_t buflen;
58 struct iovec iov;
59 QEMUIOVector qiov;
60 BlockAcctCookie acct;
61 } SCSIDiskReq;
62
63 struct SCSIDiskState
64 {
65 SCSIDevice qdev;
66 uint32_t removable;
67 bool media_changed;
68 bool media_event;
69 bool eject_request;
70 QEMUBH *bh;
71 char *version;
72 char *serial;
73 bool tray_open;
74 bool tray_locked;
75 };
76
77 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
78
79 static void scsi_free_request(SCSIRequest *req)
80 {
81 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
82
83 if (r->iov.iov_base) {
84 qemu_vfree(r->iov.iov_base);
85 }
86 }
87
88 /* Helper function for command completion with sense. */
89 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
90 {
91 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
92 r->req.tag, sense.key, sense.asc, sense.ascq);
93 scsi_req_build_sense(&r->req, sense);
94 scsi_req_complete(&r->req, CHECK_CONDITION);
95 }
96
97 /* Cancel a pending data transfer. */
98 static void scsi_cancel_io(SCSIRequest *req)
99 {
100 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
101
102 DPRINTF("Cancel tag=0x%x\n", req->tag);
103 if (r->req.aiocb) {
104 bdrv_aio_cancel(r->req.aiocb);
105
106 /* This reference was left in by scsi_*_data. We take ownership of
107 * it the moment scsi_req_cancel is called, independent of whether
108 * bdrv_aio_cancel completes the request or not. */
109 scsi_req_unref(&r->req);
110 }
111 r->req.aiocb = NULL;
112 }
113
114 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
115 {
116 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
117
118 if (!r->iov.iov_base) {
119 r->buflen = size;
120 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
121 }
122 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
123 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
124 return r->qiov.size / 512;
125 }
126
127 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
128 {
129 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
130
131 qemu_put_be64s(f, &r->sector);
132 qemu_put_be32s(f, &r->sector_count);
133 qemu_put_be32s(f, &r->buflen);
134 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
135 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
136 }
137 }
138
139 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
140 {
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_get_be64s(f, &r->sector);
144 qemu_get_be32s(f, &r->sector_count);
145 qemu_get_be32s(f, &r->buflen);
146 if (r->buflen) {
147 scsi_init_iovec(r, r->buflen);
148 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
149 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
150 }
151 }
152
153 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
154 }
155
156 static void scsi_flush_complete(void * opaque, int ret)
157 {
158 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
159 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
160
161 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
162
163 if (ret < 0) {
164 if (scsi_handle_rw_error(r, -ret)) {
165 goto done;
166 }
167 }
168
169 scsi_req_complete(&r->req, GOOD);
170
171 done:
172 if (!r->req.io_canceled) {
173 scsi_req_unref(&r->req);
174 }
175 }
176
177 static bool scsi_is_cmd_fua(SCSICommand *cmd)
178 {
179 switch (cmd->buf[0]) {
180 case READ_10:
181 case READ_12:
182 case READ_16:
183 case WRITE_10:
184 case WRITE_12:
185 case WRITE_16:
186 return (cmd->buf[1] & 8) != 0;
187
188 case VERIFY_10:
189 case VERIFY_12:
190 case VERIFY_16:
191 case WRITE_VERIFY_10:
192 case WRITE_VERIFY_12:
193 case WRITE_VERIFY_16:
194 return true;
195
196 case READ_6:
197 case WRITE_6:
198 default:
199 return false;
200 }
201 }
202
203 static void scsi_write_do_fua(SCSIDiskReq *r)
204 {
205 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
206
207 if (scsi_is_cmd_fua(&r->req.cmd)) {
208 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
209 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
210 return;
211 }
212
213 scsi_req_complete(&r->req, GOOD);
214 if (!r->req.io_canceled) {
215 scsi_req_unref(&r->req);
216 }
217 }
218
219 static void scsi_dma_complete(void *opaque, int ret)
220 {
221 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
222 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
223
224 if (r->req.aiocb != NULL) {
225 r->req.aiocb = NULL;
226 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
227 }
228
229 if (ret < 0) {
230 if (scsi_handle_rw_error(r, -ret)) {
231 goto done;
232 }
233 }
234
235 r->sector += r->sector_count;
236 r->sector_count = 0;
237 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
238 scsi_write_do_fua(r);
239 return;
240 } else {
241 scsi_req_complete(&r->req, GOOD);
242 }
243
244 done:
245 if (!r->req.io_canceled) {
246 scsi_req_unref(&r->req);
247 }
248 }
249
250 static void scsi_read_complete(void * opaque, int ret)
251 {
252 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
253 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
254 int n;
255
256 if (r->req.aiocb != NULL) {
257 r->req.aiocb = NULL;
258 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
259 }
260
261 if (ret < 0) {
262 if (scsi_handle_rw_error(r, -ret)) {
263 goto done;
264 }
265 }
266
267 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
268
269 n = r->qiov.size / 512;
270 r->sector += n;
271 r->sector_count -= n;
272 scsi_req_data(&r->req, r->qiov.size);
273
274 done:
275 if (!r->req.io_canceled) {
276 scsi_req_unref(&r->req);
277 }
278 }
279
280 /* Read more data from scsi device into buffer. */
281 static void scsi_read_data(SCSIRequest *req)
282 {
283 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
284 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
285 uint32_t n;
286
287 if (r->sector_count == (uint32_t)-1) {
288 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
289 r->sector_count = 0;
290 scsi_req_data(&r->req, r->iov.iov_len);
291 return;
292 }
293 DPRINTF("Read sector_count=%d\n", r->sector_count);
294 if (r->sector_count == 0) {
295 /* This also clears the sense buffer for REQUEST SENSE. */
296 scsi_req_complete(&r->req, GOOD);
297 return;
298 }
299
300 /* No data transfer may already be in progress */
301 assert(r->req.aiocb == NULL);
302
303 /* The request is used as the AIO opaque value, so add a ref. */
304 scsi_req_ref(&r->req);
305 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
306 DPRINTF("Data transfer direction invalid\n");
307 scsi_read_complete(r, -EINVAL);
308 return;
309 }
310
311 if (s->tray_open) {
312 scsi_read_complete(r, -ENOMEDIUM);
313 return;
314 }
315
316 if (r->req.sg) {
317 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
318 r->req.resid -= r->req.sg->size;
319 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
320 scsi_dma_complete, r);
321 } else {
322 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
323 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
324 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
325 scsi_read_complete, r);
326 }
327 }
328
329 /*
330 * scsi_handle_rw_error has two return values. 0 means that the error
331 * must be ignored, 1 means that the error has been processed and the
332 * caller should not do anything else for this request. Note that
333 * scsi_handle_rw_error always manages its reference counts, independent
334 * of the return value.
335 */
336 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
337 {
338 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
339 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
340 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
341
342 if (action == BLOCK_ERR_IGNORE) {
343 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
344 return 0;
345 }
346
347 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
348 || action == BLOCK_ERR_STOP_ANY) {
349
350 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
351 vm_stop(RUN_STATE_IO_ERROR);
352 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
353 scsi_req_retry(&r->req);
354 } else {
355 switch (error) {
356 case ENOMEDIUM:
357 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
358 break;
359 case ENOMEM:
360 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
361 break;
362 case EINVAL:
363 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
364 break;
365 default:
366 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
367 break;
368 }
369 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
370 }
371 return 1;
372 }
373
374 static void scsi_write_complete(void * opaque, int ret)
375 {
376 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
377 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
378 uint32_t n;
379
380 if (r->req.aiocb != NULL) {
381 r->req.aiocb = NULL;
382 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
383 }
384
385 if (ret < 0) {
386 if (scsi_handle_rw_error(r, -ret)) {
387 goto done;
388 }
389 }
390
391 n = r->qiov.size / 512;
392 r->sector += n;
393 r->sector_count -= n;
394 if (r->sector_count == 0) {
395 scsi_write_do_fua(r);
396 return;
397 } else {
398 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
399 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
400 scsi_req_data(&r->req, r->qiov.size);
401 }
402
403 done:
404 if (!r->req.io_canceled) {
405 scsi_req_unref(&r->req);
406 }
407 }
408
409 static void scsi_write_data(SCSIRequest *req)
410 {
411 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
412 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
413 uint32_t n;
414
415 /* No data transfer may already be in progress */
416 assert(r->req.aiocb == NULL);
417
418 /* The request is used as the AIO opaque value, so add a ref. */
419 scsi_req_ref(&r->req);
420 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
421 DPRINTF("Data transfer direction invalid\n");
422 scsi_write_complete(r, -EINVAL);
423 return;
424 }
425
426 if (!r->req.sg && !r->qiov.size) {
427 /* Called for the first time. Ask the driver to send us more data. */
428 scsi_write_complete(r, 0);
429 return;
430 }
431 if (s->tray_open) {
432 scsi_write_complete(r, -ENOMEDIUM);
433 return;
434 }
435
436 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
437 r->req.cmd.buf[0] == VERIFY_16) {
438 if (r->req.sg) {
439 scsi_dma_complete(r, 0);
440 } else {
441 scsi_write_complete(r, 0);
442 }
443 return;
444 }
445
446 if (r->req.sg) {
447 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
448 r->req.resid -= r->req.sg->size;
449 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
450 scsi_dma_complete, r);
451 } else {
452 n = r->qiov.size / 512;
453 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
454 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
455 scsi_write_complete, r);
456 }
457 }
458
459 /* Return a pointer to the data buffer. */
460 static uint8_t *scsi_get_buf(SCSIRequest *req)
461 {
462 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
463
464 return (uint8_t *)r->iov.iov_base;
465 }
466
467 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
468 {
469 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
470 int buflen = 0;
471
472 if (req->cmd.buf[1] & 0x2) {
473 /* Command support data - optional, not implemented */
474 BADF("optional INQUIRY command support request not implemented\n");
475 return -1;
476 }
477
478 if (req->cmd.buf[1] & 0x1) {
479 /* Vital product data */
480 uint8_t page_code = req->cmd.buf[2];
481 if (req->cmd.xfer < 4) {
482 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
483 "less than 4\n", page_code, req->cmd.xfer);
484 return -1;
485 }
486
487 outbuf[buflen++] = s->qdev.type & 0x1f;
488 outbuf[buflen++] = page_code ; // this page
489 outbuf[buflen++] = 0x00;
490
491 switch (page_code) {
492 case 0x00: /* Supported page codes, mandatory */
493 {
494 int pages;
495 DPRINTF("Inquiry EVPD[Supported pages] "
496 "buffer size %zd\n", req->cmd.xfer);
497 pages = buflen++;
498 outbuf[buflen++] = 0x00; // list of supported pages (this page)
499 if (s->serial) {
500 outbuf[buflen++] = 0x80; // unit serial number
501 }
502 outbuf[buflen++] = 0x83; // device identification
503 if (s->qdev.type == TYPE_DISK) {
504 outbuf[buflen++] = 0xb0; // block limits
505 outbuf[buflen++] = 0xb2; // thin provisioning
506 }
507 outbuf[pages] = buflen - pages - 1; // number of pages
508 break;
509 }
510 case 0x80: /* Device serial number, optional */
511 {
512 int l;
513
514 if (!s->serial) {
515 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
516 return -1;
517 }
518
519 l = strlen(s->serial);
520 if (l > 20) {
521 l = 20;
522 }
523
524 DPRINTF("Inquiry EVPD[Serial number] "
525 "buffer size %zd\n", req->cmd.xfer);
526 outbuf[buflen++] = l;
527 memcpy(outbuf+buflen, s->serial, l);
528 buflen += l;
529 break;
530 }
531
532 case 0x83: /* Device identification page, mandatory */
533 {
534 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
535 int max_len = s->serial ? 20 : 255 - 8;
536 int id_len = strlen(str);
537
538 if (id_len > max_len) {
539 id_len = max_len;
540 }
541 DPRINTF("Inquiry EVPD[Device identification] "
542 "buffer size %zd\n", req->cmd.xfer);
543
544 outbuf[buflen++] = 4 + id_len;
545 outbuf[buflen++] = 0x2; // ASCII
546 outbuf[buflen++] = 0; // not officially assigned
547 outbuf[buflen++] = 0; // reserved
548 outbuf[buflen++] = id_len; // length of data following
549
550 memcpy(outbuf+buflen, str, id_len);
551 buflen += id_len;
552 break;
553 }
554 case 0xb0: /* block limits */
555 {
556 unsigned int unmap_sectors =
557 s->qdev.conf.discard_granularity / s->qdev.blocksize;
558 unsigned int min_io_size =
559 s->qdev.conf.min_io_size / s->qdev.blocksize;
560 unsigned int opt_io_size =
561 s->qdev.conf.opt_io_size / s->qdev.blocksize;
562
563 if (s->qdev.type == TYPE_ROM) {
564 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
565 page_code);
566 return -1;
567 }
568 /* required VPD size with unmap support */
569 outbuf[3] = buflen = 0x3c;
570
571 memset(outbuf + 4, 0, buflen - 4);
572
573 /* optimal transfer length granularity */
574 outbuf[6] = (min_io_size >> 8) & 0xff;
575 outbuf[7] = min_io_size & 0xff;
576
577 /* optimal transfer length */
578 outbuf[12] = (opt_io_size >> 24) & 0xff;
579 outbuf[13] = (opt_io_size >> 16) & 0xff;
580 outbuf[14] = (opt_io_size >> 8) & 0xff;
581 outbuf[15] = opt_io_size & 0xff;
582
583 /* optimal unmap granularity */
584 outbuf[28] = (unmap_sectors >> 24) & 0xff;
585 outbuf[29] = (unmap_sectors >> 16) & 0xff;
586 outbuf[30] = (unmap_sectors >> 8) & 0xff;
587 outbuf[31] = unmap_sectors & 0xff;
588 break;
589 }
590 case 0xb2: /* thin provisioning */
591 {
592 outbuf[3] = buflen = 8;
593 outbuf[4] = 0;
594 outbuf[5] = 0x40; /* write same with unmap supported */
595 outbuf[6] = 0;
596 outbuf[7] = 0;
597 break;
598 }
599 default:
600 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
601 "buffer size %zd\n", page_code, req->cmd.xfer);
602 return -1;
603 }
604 /* done with EVPD */
605 return buflen;
606 }
607
608 /* Standard INQUIRY data */
609 if (req->cmd.buf[2] != 0) {
610 BADF("Error: Inquiry (STANDARD) page or code "
611 "is non-zero [%02X]\n", req->cmd.buf[2]);
612 return -1;
613 }
614
615 /* PAGE CODE == 0 */
616 if (req->cmd.xfer < 5) {
617 BADF("Error: Inquiry (STANDARD) buffer size %zd "
618 "is less than 5\n", req->cmd.xfer);
619 return -1;
620 }
621
622 buflen = req->cmd.xfer;
623 if (buflen > SCSI_MAX_INQUIRY_LEN) {
624 buflen = SCSI_MAX_INQUIRY_LEN;
625 }
626 memset(outbuf, 0, buflen);
627
628 outbuf[0] = s->qdev.type & 0x1f;
629 outbuf[1] = s->removable ? 0x80 : 0;
630 if (s->qdev.type == TYPE_ROM) {
631 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
632 } else {
633 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
634 }
635 memcpy(&outbuf[8], "QEMU ", 8);
636 memset(&outbuf[32], 0, 4);
637 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
638 /*
639 * We claim conformance to SPC-3, which is required for guests
640 * to ask for modern features like READ CAPACITY(16) or the
641 * block characteristics VPD page by default. Not all of SPC-3
642 * is actually implemented, but we're good enough.
643 */
644 outbuf[2] = 5;
645 outbuf[3] = 2; /* Format 2 */
646
647 if (buflen > 36) {
648 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
649 } else {
650 /* If the allocation length of CDB is too small,
651 the additional length is not adjusted */
652 outbuf[4] = 36 - 5;
653 }
654
655 /* Sync data transfer and TCQ. */
656 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
657 return buflen;
658 }
659
660 static inline bool media_is_dvd(SCSIDiskState *s)
661 {
662 uint64_t nb_sectors;
663 if (s->qdev.type != TYPE_ROM) {
664 return false;
665 }
666 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
667 return false;
668 }
669 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
670 return nb_sectors > CD_MAX_SECTORS;
671 }
672
673 static inline bool media_is_cd(SCSIDiskState *s)
674 {
675 uint64_t nb_sectors;
676 if (s->qdev.type != TYPE_ROM) {
677 return false;
678 }
679 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
680 return false;
681 }
682 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
683 return nb_sectors <= CD_MAX_SECTORS;
684 }
685
686 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
687 uint8_t *outbuf)
688 {
689 static const int rds_caps_size[5] = {
690 [0] = 2048 + 4,
691 [1] = 4 + 4,
692 [3] = 188 + 4,
693 [4] = 2048 + 4,
694 };
695
696 uint8_t media = r->req.cmd.buf[1];
697 uint8_t layer = r->req.cmd.buf[6];
698 uint8_t format = r->req.cmd.buf[7];
699 int size = -1;
700
701 if (s->qdev.type != TYPE_ROM) {
702 return -1;
703 }
704 if (media != 0) {
705 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
706 return -1;
707 }
708
709 if (format != 0xff) {
710 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
711 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
712 return -1;
713 }
714 if (media_is_cd(s)) {
715 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
716 return -1;
717 }
718 if (format >= ARRAY_SIZE(rds_caps_size)) {
719 return -1;
720 }
721 size = rds_caps_size[format];
722 memset(outbuf, 0, size);
723 }
724
725 switch (format) {
726 case 0x00: {
727 /* Physical format information */
728 uint64_t nb_sectors;
729 if (layer != 0) {
730 goto fail;
731 }
732 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
733
734 outbuf[4] = 1; /* DVD-ROM, part version 1 */
735 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
736 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
737 outbuf[7] = 0; /* default densities */
738
739 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
740 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
741 break;
742 }
743
744 case 0x01: /* DVD copyright information, all zeros */
745 break;
746
747 case 0x03: /* BCA information - invalid field for no BCA info */
748 return -1;
749
750 case 0x04: /* DVD disc manufacturing information, all zeros */
751 break;
752
753 case 0xff: { /* List capabilities */
754 int i;
755 size = 4;
756 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
757 if (!rds_caps_size[i]) {
758 continue;
759 }
760 outbuf[size] = i;
761 outbuf[size + 1] = 0x40; /* Not writable, readable */
762 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
763 size += 4;
764 }
765 break;
766 }
767
768 default:
769 return -1;
770 }
771
772 /* Size of buffer, not including 2 byte size field */
773 stw_be_p(outbuf, size - 2);
774 return size;
775
776 fail:
777 return -1;
778 }
779
780 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
781 {
782 uint8_t event_code, media_status;
783
784 media_status = 0;
785 if (s->tray_open) {
786 media_status = MS_TRAY_OPEN;
787 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
788 media_status = MS_MEDIA_PRESENT;
789 }
790
791 /* Event notification descriptor */
792 event_code = MEC_NO_CHANGE;
793 if (media_status != MS_TRAY_OPEN) {
794 if (s->media_event) {
795 event_code = MEC_NEW_MEDIA;
796 s->media_event = false;
797 } else if (s->eject_request) {
798 event_code = MEC_EJECT_REQUESTED;
799 s->eject_request = false;
800 }
801 }
802
803 outbuf[0] = event_code;
804 outbuf[1] = media_status;
805
806 /* These fields are reserved, just clear them. */
807 outbuf[2] = 0;
808 outbuf[3] = 0;
809 return 4;
810 }
811
812 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
813 uint8_t *outbuf)
814 {
815 int size;
816 uint8_t *buf = r->req.cmd.buf;
817 uint8_t notification_class_request = buf[4];
818 if (s->qdev.type != TYPE_ROM) {
819 return -1;
820 }
821 if ((buf[1] & 1) == 0) {
822 /* asynchronous */
823 return -1;
824 }
825
826 size = 4;
827 outbuf[0] = outbuf[1] = 0;
828 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
829 if (notification_class_request & (1 << GESN_MEDIA)) {
830 outbuf[2] = GESN_MEDIA;
831 size += scsi_event_status_media(s, &outbuf[size]);
832 } else {
833 outbuf[2] = 0x80;
834 }
835 stw_be_p(outbuf, size - 4);
836 return size;
837 }
838
839 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
840 {
841 int current;
842
843 if (s->qdev.type != TYPE_ROM) {
844 return -1;
845 }
846 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
847 memset(outbuf, 0, 40);
848 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
849 stw_be_p(&outbuf[6], current);
850 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
851 outbuf[10] = 0x03; /* persistent, current */
852 outbuf[11] = 8; /* two profiles */
853 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
854 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
855 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
856 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
857 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
858 stw_be_p(&outbuf[20], 1);
859 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
860 outbuf[23] = 8;
861 stl_be_p(&outbuf[24], 1); /* SCSI */
862 outbuf[28] = 1; /* DBE = 1, mandatory */
863 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
864 stw_be_p(&outbuf[32], 3);
865 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
866 outbuf[35] = 4;
867 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
868 /* TODO: Random readable, CD read, DVD read, drive serial number,
869 power management */
870 return 40;
871 }
872
873 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
874 {
875 if (s->qdev.type != TYPE_ROM) {
876 return -1;
877 }
878 memset(outbuf, 0, 8);
879 outbuf[5] = 1; /* CD-ROM */
880 return 8;
881 }
882
883 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
884 int page_control)
885 {
886 static const int mode_sense_valid[0x3f] = {
887 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
888 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
889 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
890 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
891 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
892 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
893 };
894
895 BlockDriverState *bdrv = s->qdev.conf.bs;
896 int cylinders, heads, secs;
897 uint8_t *p = *p_outbuf;
898
899 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
900 return -1;
901 }
902
903 p[0] = page;
904
905 /*
906 * If Changeable Values are requested, a mask denoting those mode parameters
907 * that are changeable shall be returned. As we currently don't support
908 * parameter changes via MODE_SELECT all bits are returned set to zero.
909 * The buffer was already menset to zero by the caller of this function.
910 */
911 switch (page) {
912 case MODE_PAGE_HD_GEOMETRY:
913 p[1] = 0x16;
914 if (page_control == 1) { /* Changeable Values */
915 break;
916 }
917 /* if a geometry hint is available, use it */
918 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
919 p[2] = (cylinders >> 16) & 0xff;
920 p[3] = (cylinders >> 8) & 0xff;
921 p[4] = cylinders & 0xff;
922 p[5] = heads & 0xff;
923 /* Write precomp start cylinder, disabled */
924 p[6] = (cylinders >> 16) & 0xff;
925 p[7] = (cylinders >> 8) & 0xff;
926 p[8] = cylinders & 0xff;
927 /* Reduced current start cylinder, disabled */
928 p[9] = (cylinders >> 16) & 0xff;
929 p[10] = (cylinders >> 8) & 0xff;
930 p[11] = cylinders & 0xff;
931 /* Device step rate [ns], 200ns */
932 p[12] = 0;
933 p[13] = 200;
934 /* Landing zone cylinder */
935 p[14] = 0xff;
936 p[15] = 0xff;
937 p[16] = 0xff;
938 /* Medium rotation rate [rpm], 5400 rpm */
939 p[20] = (5400 >> 8) & 0xff;
940 p[21] = 5400 & 0xff;
941 break;
942
943 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
944 p[1] = 0x1e;
945 if (page_control == 1) { /* Changeable Values */
946 break;
947 }
948 /* Transfer rate [kbit/s], 5Mbit/s */
949 p[2] = 5000 >> 8;
950 p[3] = 5000 & 0xff;
951 /* if a geometry hint is available, use it */
952 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
953 p[4] = heads & 0xff;
954 p[5] = secs & 0xff;
955 p[6] = s->qdev.blocksize >> 8;
956 p[8] = (cylinders >> 8) & 0xff;
957 p[9] = cylinders & 0xff;
958 /* Write precomp start cylinder, disabled */
959 p[10] = (cylinders >> 8) & 0xff;
960 p[11] = cylinders & 0xff;
961 /* Reduced current start cylinder, disabled */
962 p[12] = (cylinders >> 8) & 0xff;
963 p[13] = cylinders & 0xff;
964 /* Device step rate [100us], 100us */
965 p[14] = 0;
966 p[15] = 1;
967 /* Device step pulse width [us], 1us */
968 p[16] = 1;
969 /* Device head settle delay [100us], 100us */
970 p[17] = 0;
971 p[18] = 1;
972 /* Motor on delay [0.1s], 0.1s */
973 p[19] = 1;
974 /* Motor off delay [0.1s], 0.1s */
975 p[20] = 1;
976 /* Medium rotation rate [rpm], 5400 rpm */
977 p[28] = (5400 >> 8) & 0xff;
978 p[29] = 5400 & 0xff;
979 break;
980
981 case MODE_PAGE_CACHING:
982 p[0] = 8;
983 p[1] = 0x12;
984 if (page_control == 1) { /* Changeable Values */
985 break;
986 }
987 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
988 p[2] = 4; /* WCE */
989 }
990 break;
991
992 case MODE_PAGE_R_W_ERROR:
993 p[1] = 10;
994 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
995 if (s->qdev.type == TYPE_ROM) {
996 p[3] = 0x20; /* Read Retry Count */
997 }
998 break;
999
1000 case MODE_PAGE_AUDIO_CTL:
1001 p[1] = 14;
1002 break;
1003
1004 case MODE_PAGE_CAPABILITIES:
1005 p[1] = 0x14;
1006 if (page_control == 1) { /* Changeable Values */
1007 break;
1008 }
1009
1010 p[2] = 0x3b; /* CD-R & CD-RW read */
1011 p[3] = 0; /* Writing not supported */
1012 p[4] = 0x7f; /* Audio, composite, digital out,
1013 mode 2 form 1&2, multi session */
1014 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1015 RW corrected, C2 errors, ISRC,
1016 UPC, Bar code */
1017 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1018 /* Locking supported, jumper present, eject, tray */
1019 p[7] = 0; /* no volume & mute control, no
1020 changer */
1021 p[8] = (50 * 176) >> 8; /* 50x read speed */
1022 p[9] = (50 * 176) & 0xff;
1023 p[10] = 2 >> 8; /* Two volume levels */
1024 p[11] = 2 & 0xff;
1025 p[12] = 2048 >> 8; /* 2M buffer */
1026 p[13] = 2048 & 0xff;
1027 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1028 p[15] = (16 * 176) & 0xff;
1029 p[18] = (16 * 176) >> 8; /* 16x write speed */
1030 p[19] = (16 * 176) & 0xff;
1031 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1032 p[21] = (16 * 176) & 0xff;
1033 break;
1034
1035 default:
1036 return -1;
1037 }
1038
1039 *p_outbuf += p[1] + 2;
1040 return p[1] + 2;
1041 }
1042
1043 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1044 {
1045 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1046 uint64_t nb_sectors;
1047 int page, dbd, buflen, ret, page_control;
1048 uint8_t *p;
1049 uint8_t dev_specific_param;
1050
1051 dbd = r->req.cmd.buf[1] & 0x8;
1052 page = r->req.cmd.buf[2] & 0x3f;
1053 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1054 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1055 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1056 memset(outbuf, 0, r->req.cmd.xfer);
1057 p = outbuf;
1058
1059 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1060 dev_specific_param = 0x80; /* Readonly. */
1061 } else {
1062 dev_specific_param = 0x00;
1063 }
1064
1065 if (r->req.cmd.buf[0] == MODE_SENSE) {
1066 p[1] = 0; /* Default media type. */
1067 p[2] = dev_specific_param;
1068 p[3] = 0; /* Block descriptor length. */
1069 p += 4;
1070 } else { /* MODE_SENSE_10 */
1071 p[2] = 0; /* Default media type. */
1072 p[3] = dev_specific_param;
1073 p[6] = p[7] = 0; /* Block descriptor length. */
1074 p += 8;
1075 }
1076
1077 /* MMC prescribes that CD/DVD drives have no block descriptors. */
1078 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1079 if (!dbd && s->qdev.type == TYPE_DISK && nb_sectors) {
1080 if (r->req.cmd.buf[0] == MODE_SENSE) {
1081 outbuf[3] = 8; /* Block descriptor length */
1082 } else { /* MODE_SENSE_10 */
1083 outbuf[7] = 8; /* Block descriptor length */
1084 }
1085 nb_sectors /= (s->qdev.blocksize / 512);
1086 if (nb_sectors > 0xffffff) {
1087 nb_sectors = 0;
1088 }
1089 p[0] = 0; /* media density code */
1090 p[1] = (nb_sectors >> 16) & 0xff;
1091 p[2] = (nb_sectors >> 8) & 0xff;
1092 p[3] = nb_sectors & 0xff;
1093 p[4] = 0; /* reserved */
1094 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1095 p[6] = s->qdev.blocksize >> 8;
1096 p[7] = 0;
1097 p += 8;
1098 }
1099
1100 if (page_control == 3) {
1101 /* Saved Values */
1102 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1103 return -1;
1104 }
1105
1106 if (page == 0x3f) {
1107 for (page = 0; page <= 0x3e; page++) {
1108 mode_sense_page(s, page, &p, page_control);
1109 }
1110 } else {
1111 ret = mode_sense_page(s, page, &p, page_control);
1112 if (ret == -1) {
1113 return -1;
1114 }
1115 }
1116
1117 buflen = p - outbuf;
1118 /*
1119 * The mode data length field specifies the length in bytes of the
1120 * following data that is available to be transferred. The mode data
1121 * length does not include itself.
1122 */
1123 if (r->req.cmd.buf[0] == MODE_SENSE) {
1124 outbuf[0] = buflen - 1;
1125 } else { /* MODE_SENSE_10 */
1126 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1127 outbuf[1] = (buflen - 2) & 0xff;
1128 }
1129 return buflen;
1130 }
1131
1132 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1133 {
1134 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1135 int start_track, format, msf, toclen;
1136 uint64_t nb_sectors;
1137
1138 msf = req->cmd.buf[1] & 2;
1139 format = req->cmd.buf[2] & 0xf;
1140 start_track = req->cmd.buf[6];
1141 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1142 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1143 nb_sectors /= s->qdev.blocksize / 512;
1144 switch (format) {
1145 case 0:
1146 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1147 break;
1148 case 1:
1149 /* multi session : only a single session defined */
1150 toclen = 12;
1151 memset(outbuf, 0, 12);
1152 outbuf[1] = 0x0a;
1153 outbuf[2] = 0x01;
1154 outbuf[3] = 0x01;
1155 break;
1156 case 2:
1157 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1158 break;
1159 default:
1160 return -1;
1161 }
1162 return toclen;
1163 }
1164
1165 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1166 {
1167 SCSIRequest *req = &r->req;
1168 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1169 bool start = req->cmd.buf[4] & 1;
1170 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1171
1172 if (s->qdev.type == TYPE_ROM && loej) {
1173 if (!start && !s->tray_open && s->tray_locked) {
1174 scsi_check_condition(r,
1175 bdrv_is_inserted(s->qdev.conf.bs)
1176 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1177 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1178 return -1;
1179 }
1180
1181 if (s->tray_open != !start) {
1182 bdrv_eject(s->qdev.conf.bs, !start);
1183 s->tray_open = !start;
1184 }
1185 }
1186 return 0;
1187 }
1188
1189 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1190 {
1191 SCSIRequest *req = &r->req;
1192 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1193 uint64_t nb_sectors;
1194 uint8_t *outbuf;
1195 int buflen = 0;
1196
1197 if (!r->iov.iov_base) {
1198 /*
1199 * FIXME: we shouldn't return anything bigger than 4k, but the code
1200 * requires the buffer to be as big as req->cmd.xfer in several
1201 * places. So, do not allow CDBs with a very large ALLOCATION
1202 * LENGTH. The real fix would be to modify scsi_read_data and
1203 * dma_buf_read, so that they return data beyond the buflen
1204 * as all zeros.
1205 */
1206 if (req->cmd.xfer > 65536) {
1207 goto illegal_request;
1208 }
1209 r->buflen = MAX(4096, req->cmd.xfer);
1210 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1211 }
1212
1213 outbuf = r->iov.iov_base;
1214 switch (req->cmd.buf[0]) {
1215 case TEST_UNIT_READY:
1216 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1217 break;
1218 case INQUIRY:
1219 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1220 if (buflen < 0) {
1221 goto illegal_request;
1222 }
1223 break;
1224 case MODE_SENSE:
1225 case MODE_SENSE_10:
1226 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1227 if (buflen < 0) {
1228 goto illegal_request;
1229 }
1230 break;
1231 case READ_TOC:
1232 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1233 if (buflen < 0) {
1234 goto illegal_request;
1235 }
1236 break;
1237 case RESERVE:
1238 if (req->cmd.buf[1] & 1) {
1239 goto illegal_request;
1240 }
1241 break;
1242 case RESERVE_10:
1243 if (req->cmd.buf[1] & 3) {
1244 goto illegal_request;
1245 }
1246 break;
1247 case RELEASE:
1248 if (req->cmd.buf[1] & 1) {
1249 goto illegal_request;
1250 }
1251 break;
1252 case RELEASE_10:
1253 if (req->cmd.buf[1] & 3) {
1254 goto illegal_request;
1255 }
1256 break;
1257 case START_STOP:
1258 if (scsi_disk_emulate_start_stop(r) < 0) {
1259 return -1;
1260 }
1261 break;
1262 case ALLOW_MEDIUM_REMOVAL:
1263 s->tray_locked = req->cmd.buf[4] & 1;
1264 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1265 break;
1266 case READ_CAPACITY_10:
1267 /* The normal LEN field for this command is zero. */
1268 memset(outbuf, 0, 8);
1269 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1270 if (!nb_sectors) {
1271 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1272 return -1;
1273 }
1274 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1275 goto illegal_request;
1276 }
1277 nb_sectors /= s->qdev.blocksize / 512;
1278 /* Returned value is the address of the last sector. */
1279 nb_sectors--;
1280 /* Remember the new size for read/write sanity checking. */
1281 s->qdev.max_lba = nb_sectors;
1282 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1283 if (nb_sectors > UINT32_MAX) {
1284 nb_sectors = UINT32_MAX;
1285 }
1286 outbuf[0] = (nb_sectors >> 24) & 0xff;
1287 outbuf[1] = (nb_sectors >> 16) & 0xff;
1288 outbuf[2] = (nb_sectors >> 8) & 0xff;
1289 outbuf[3] = nb_sectors & 0xff;
1290 outbuf[4] = 0;
1291 outbuf[5] = 0;
1292 outbuf[6] = s->qdev.blocksize >> 8;
1293 outbuf[7] = 0;
1294 buflen = 8;
1295 break;
1296 case REQUEST_SENSE:
1297 /* Just return "NO SENSE". */
1298 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1299 (req->cmd.buf[1] & 1) == 0);
1300 break;
1301 case MECHANISM_STATUS:
1302 buflen = scsi_emulate_mechanism_status(s, outbuf);
1303 if (buflen < 0) {
1304 goto illegal_request;
1305 }
1306 break;
1307 case GET_CONFIGURATION:
1308 buflen = scsi_get_configuration(s, outbuf);
1309 if (buflen < 0) {
1310 goto illegal_request;
1311 }
1312 break;
1313 case GET_EVENT_STATUS_NOTIFICATION:
1314 buflen = scsi_get_event_status_notification(s, r, outbuf);
1315 if (buflen < 0) {
1316 goto illegal_request;
1317 }
1318 break;
1319 case READ_DVD_STRUCTURE:
1320 buflen = scsi_read_dvd_structure(s, r, outbuf);
1321 if (buflen < 0) {
1322 goto illegal_request;
1323 }
1324 break;
1325 case SERVICE_ACTION_IN_16:
1326 /* Service Action In subcommands. */
1327 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1328 DPRINTF("SAI READ CAPACITY(16)\n");
1329 memset(outbuf, 0, req->cmd.xfer);
1330 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1331 if (!nb_sectors) {
1332 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1333 return -1;
1334 }
1335 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1336 goto illegal_request;
1337 }
1338 nb_sectors /= s->qdev.blocksize / 512;
1339 /* Returned value is the address of the last sector. */
1340 nb_sectors--;
1341 /* Remember the new size for read/write sanity checking. */
1342 s->qdev.max_lba = nb_sectors;
1343 outbuf[0] = (nb_sectors >> 56) & 0xff;
1344 outbuf[1] = (nb_sectors >> 48) & 0xff;
1345 outbuf[2] = (nb_sectors >> 40) & 0xff;
1346 outbuf[3] = (nb_sectors >> 32) & 0xff;
1347 outbuf[4] = (nb_sectors >> 24) & 0xff;
1348 outbuf[5] = (nb_sectors >> 16) & 0xff;
1349 outbuf[6] = (nb_sectors >> 8) & 0xff;
1350 outbuf[7] = nb_sectors & 0xff;
1351 outbuf[8] = 0;
1352 outbuf[9] = 0;
1353 outbuf[10] = s->qdev.blocksize >> 8;
1354 outbuf[11] = 0;
1355 outbuf[12] = 0;
1356 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1357
1358 /* set TPE bit if the format supports discard */
1359 if (s->qdev.conf.discard_granularity) {
1360 outbuf[14] = 0x80;
1361 }
1362
1363 /* Protection, exponent and lowest lba field left blank. */
1364 buflen = req->cmd.xfer;
1365 break;
1366 }
1367 DPRINTF("Unsupported Service Action In\n");
1368 goto illegal_request;
1369 default:
1370 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1371 return -1;
1372 }
1373 buflen = MIN(buflen, req->cmd.xfer);
1374 return buflen;
1375
1376 illegal_request:
1377 if (r->req.status == -1) {
1378 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1379 }
1380 return -1;
1381 }
1382
1383 /* Execute a scsi command. Returns the length of the data expected by the
1384 command. This will be Positive for data transfers from the device
1385 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1386 and zero if the command does not transfer any data. */
1387
1388 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1389 {
1390 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1391 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1392 int32_t len;
1393 uint8_t command;
1394 int rc;
1395
1396 command = buf[0];
1397 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1398
1399 #ifdef DEBUG_SCSI
1400 {
1401 int i;
1402 for (i = 1; i < r->req.cmd.len; i++) {
1403 printf(" 0x%02x", buf[i]);
1404 }
1405 printf("\n");
1406 }
1407 #endif
1408
1409 switch (command) {
1410 case INQUIRY:
1411 case MODE_SENSE:
1412 case MODE_SENSE_10:
1413 case RESERVE:
1414 case RESERVE_10:
1415 case RELEASE:
1416 case RELEASE_10:
1417 case START_STOP:
1418 case ALLOW_MEDIUM_REMOVAL:
1419 case GET_CONFIGURATION:
1420 case GET_EVENT_STATUS_NOTIFICATION:
1421 case MECHANISM_STATUS:
1422 case REQUEST_SENSE:
1423 break;
1424
1425 default:
1426 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1427 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1428 return 0;
1429 }
1430 break;
1431 }
1432
1433 switch (command) {
1434 case TEST_UNIT_READY:
1435 case INQUIRY:
1436 case MODE_SENSE:
1437 case MODE_SENSE_10:
1438 case RESERVE:
1439 case RESERVE_10:
1440 case RELEASE:
1441 case RELEASE_10:
1442 case START_STOP:
1443 case ALLOW_MEDIUM_REMOVAL:
1444 case READ_CAPACITY_10:
1445 case READ_TOC:
1446 case READ_DVD_STRUCTURE:
1447 case GET_CONFIGURATION:
1448 case GET_EVENT_STATUS_NOTIFICATION:
1449 case MECHANISM_STATUS:
1450 case SERVICE_ACTION_IN_16:
1451 case REQUEST_SENSE:
1452 rc = scsi_disk_emulate_command(r);
1453 if (rc < 0) {
1454 return 0;
1455 }
1456
1457 r->iov.iov_len = rc;
1458 break;
1459 case SYNCHRONIZE_CACHE:
1460 /* The request is used as the AIO opaque value, so add a ref. */
1461 scsi_req_ref(&r->req);
1462 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1463 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1464 return 0;
1465 case READ_6:
1466 case READ_10:
1467 case READ_12:
1468 case READ_16:
1469 len = r->req.cmd.xfer / s->qdev.blocksize;
1470 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1471 if (r->req.cmd.lba > s->qdev.max_lba) {
1472 goto illegal_lba;
1473 }
1474 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1475 r->sector_count = len * (s->qdev.blocksize / 512);
1476 break;
1477 case VERIFY_10:
1478 case VERIFY_12:
1479 case VERIFY_16:
1480 case WRITE_6:
1481 case WRITE_10:
1482 case WRITE_12:
1483 case WRITE_16:
1484 case WRITE_VERIFY_10:
1485 case WRITE_VERIFY_12:
1486 case WRITE_VERIFY_16:
1487 len = r->req.cmd.xfer / s->qdev.blocksize;
1488 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1489 (command & 0xe) == 0xe ? "And Verify " : "",
1490 r->req.cmd.lba, len);
1491 if (r->req.cmd.lba > s->qdev.max_lba) {
1492 goto illegal_lba;
1493 }
1494 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1495 r->sector_count = len * (s->qdev.blocksize / 512);
1496 break;
1497 case MODE_SELECT:
1498 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1499 /* We don't support mode parameter changes.
1500 Allow the mode parameter header + block descriptors only. */
1501 if (r->req.cmd.xfer > 12) {
1502 goto fail;
1503 }
1504 break;
1505 case MODE_SELECT_10:
1506 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1507 /* We don't support mode parameter changes.
1508 Allow the mode parameter header + block descriptors only. */
1509 if (r->req.cmd.xfer > 16) {
1510 goto fail;
1511 }
1512 break;
1513 case SEEK_10:
1514 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1515 if (r->req.cmd.lba > s->qdev.max_lba) {
1516 goto illegal_lba;
1517 }
1518 break;
1519 case WRITE_SAME_16:
1520 len = r->req.cmd.xfer / s->qdev.blocksize;
1521
1522 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1523 r->req.cmd.lba, len);
1524
1525 if (r->req.cmd.lba > s->qdev.max_lba) {
1526 goto illegal_lba;
1527 }
1528
1529 /*
1530 * We only support WRITE SAME with the unmap bit set for now.
1531 */
1532 if (!(buf[1] & 0x8)) {
1533 goto fail;
1534 }
1535
1536 rc = bdrv_discard(s->qdev.conf.bs,
1537 r->req.cmd.lba * (s->qdev.blocksize / 512),
1538 len * (s->qdev.blocksize / 512));
1539 if (rc < 0) {
1540 /* XXX: better error code ?*/
1541 goto fail;
1542 }
1543
1544 break;
1545 default:
1546 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1547 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1548 return 0;
1549 fail:
1550 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1551 return 0;
1552 illegal_lba:
1553 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1554 return 0;
1555 }
1556 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1557 scsi_req_complete(&r->req, GOOD);
1558 }
1559 len = r->sector_count * 512 + r->iov.iov_len;
1560 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1561 return -len;
1562 } else {
1563 if (!r->sector_count) {
1564 r->sector_count = -1;
1565 }
1566 return len;
1567 }
1568 }
1569
1570 static void scsi_disk_reset(DeviceState *dev)
1571 {
1572 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1573 uint64_t nb_sectors;
1574
1575 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1576
1577 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1578 nb_sectors /= s->qdev.blocksize / 512;
1579 if (nb_sectors) {
1580 nb_sectors--;
1581 }
1582 s->qdev.max_lba = nb_sectors;
1583 }
1584
1585 static void scsi_destroy(SCSIDevice *dev)
1586 {
1587 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1588
1589 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1590 blockdev_mark_auto_del(s->qdev.conf.bs);
1591 }
1592
1593 static void scsi_cd_change_media_cb(void *opaque, bool load)
1594 {
1595 SCSIDiskState *s = opaque;
1596
1597 /*
1598 * When a CD gets changed, we have to report an ejected state and
1599 * then a loaded state to guests so that they detect tray
1600 * open/close and media change events. Guests that do not use
1601 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1602 * states rely on this behavior.
1603 *
1604 * media_changed governs the state machine used for unit attention
1605 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1606 */
1607 s->media_changed = load;
1608 s->tray_open = !load;
1609 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1610 s->media_event = true;
1611 s->eject_request = false;
1612 }
1613
1614 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1615 {
1616 SCSIDiskState *s = opaque;
1617
1618 s->eject_request = true;
1619 if (force) {
1620 s->tray_locked = false;
1621 }
1622 }
1623
1624 static bool scsi_cd_is_tray_open(void *opaque)
1625 {
1626 return ((SCSIDiskState *)opaque)->tray_open;
1627 }
1628
1629 static bool scsi_cd_is_medium_locked(void *opaque)
1630 {
1631 return ((SCSIDiskState *)opaque)->tray_locked;
1632 }
1633
1634 static const BlockDevOps scsi_cd_block_ops = {
1635 .change_media_cb = scsi_cd_change_media_cb,
1636 .eject_request_cb = scsi_cd_eject_request_cb,
1637 .is_tray_open = scsi_cd_is_tray_open,
1638 .is_medium_locked = scsi_cd_is_medium_locked,
1639 };
1640
1641 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1642 {
1643 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1644 if (s->media_changed) {
1645 s->media_changed = false;
1646 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1647 }
1648 }
1649
1650 static int scsi_initfn(SCSIDevice *dev)
1651 {
1652 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1653 DriveInfo *dinfo;
1654
1655 if (!s->qdev.conf.bs) {
1656 error_report("drive property not set");
1657 return -1;
1658 }
1659
1660 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1661 error_report("Device needs media, but drive is empty");
1662 return -1;
1663 }
1664
1665 if (!s->serial) {
1666 /* try to fall back to value set with legacy -drive serial=... */
1667 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1668 if (*dinfo->serial) {
1669 s->serial = g_strdup(dinfo->serial);
1670 }
1671 }
1672
1673 if (!s->version) {
1674 s->version = g_strdup(QEMU_VERSION);
1675 }
1676
1677 if (bdrv_is_sg(s->qdev.conf.bs)) {
1678 error_report("unwanted /dev/sg*");
1679 return -1;
1680 }
1681
1682 if (s->removable) {
1683 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1684 }
1685 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1686
1687 bdrv_iostatus_enable(s->qdev.conf.bs);
1688 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1689 return 0;
1690 }
1691
1692 static int scsi_hd_initfn(SCSIDevice *dev)
1693 {
1694 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1695 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1696 s->qdev.type = TYPE_DISK;
1697 return scsi_initfn(&s->qdev);
1698 }
1699
1700 static int scsi_cd_initfn(SCSIDevice *dev)
1701 {
1702 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1703 s->qdev.blocksize = 2048;
1704 s->qdev.type = TYPE_ROM;
1705 s->removable = true;
1706 return scsi_initfn(&s->qdev);
1707 }
1708
1709 static int scsi_disk_initfn(SCSIDevice *dev)
1710 {
1711 DriveInfo *dinfo;
1712
1713 if (!dev->conf.bs) {
1714 return scsi_initfn(dev); /* ... and die there */
1715 }
1716
1717 dinfo = drive_get_by_blockdev(dev->conf.bs);
1718 if (dinfo->media_cd) {
1719 return scsi_cd_initfn(dev);
1720 } else {
1721 return scsi_hd_initfn(dev);
1722 }
1723 }
1724
1725 static const SCSIReqOps scsi_disk_reqops = {
1726 .size = sizeof(SCSIDiskReq),
1727 .free_req = scsi_free_request,
1728 .send_command = scsi_send_command,
1729 .read_data = scsi_read_data,
1730 .write_data = scsi_write_data,
1731 .cancel_io = scsi_cancel_io,
1732 .get_buf = scsi_get_buf,
1733 .load_request = scsi_disk_load_request,
1734 .save_request = scsi_disk_save_request,
1735 };
1736
1737 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1738 uint8_t *buf, void *hba_private)
1739 {
1740 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1741 SCSIRequest *req;
1742
1743 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1744 return req;
1745 }
1746
1747 #ifdef __linux__
1748 static int get_device_type(SCSIDiskState *s)
1749 {
1750 BlockDriverState *bdrv = s->qdev.conf.bs;
1751 uint8_t cmd[16];
1752 uint8_t buf[36];
1753 uint8_t sensebuf[8];
1754 sg_io_hdr_t io_header;
1755 int ret;
1756
1757 memset(cmd, 0, sizeof(cmd));
1758 memset(buf, 0, sizeof(buf));
1759 cmd[0] = INQUIRY;
1760 cmd[4] = sizeof(buf);
1761
1762 memset(&io_header, 0, sizeof(io_header));
1763 io_header.interface_id = 'S';
1764 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1765 io_header.dxfer_len = sizeof(buf);
1766 io_header.dxferp = buf;
1767 io_header.cmdp = cmd;
1768 io_header.cmd_len = sizeof(cmd);
1769 io_header.mx_sb_len = sizeof(sensebuf);
1770 io_header.sbp = sensebuf;
1771 io_header.timeout = 6000; /* XXX */
1772
1773 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1774 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1775 return -1;
1776 }
1777 s->qdev.type = buf[0];
1778 s->removable = (buf[1] & 0x80) != 0;
1779 return 0;
1780 }
1781
1782 static int scsi_block_initfn(SCSIDevice *dev)
1783 {
1784 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1785 int sg_version;
1786 int rc;
1787
1788 if (!s->qdev.conf.bs) {
1789 error_report("scsi-block: drive property not set");
1790 return -1;
1791 }
1792
1793 /* check we are using a driver managing SG_IO (version 3 and after) */
1794 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1795 sg_version < 30000) {
1796 error_report("scsi-block: scsi generic interface too old");
1797 return -1;
1798 }
1799
1800 /* get device type from INQUIRY data */
1801 rc = get_device_type(s);
1802 if (rc < 0) {
1803 error_report("scsi-block: INQUIRY failed");
1804 return -1;
1805 }
1806
1807 /* Make a guess for the block size, we'll fix it when the guest sends.
1808 * READ CAPACITY. If they don't, they likely would assume these sizes
1809 * anyway. (TODO: check in /sys).
1810 */
1811 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1812 s->qdev.blocksize = 2048;
1813 } else {
1814 s->qdev.blocksize = 512;
1815 }
1816 return scsi_initfn(&s->qdev);
1817 }
1818
1819 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1820 uint32_t lun, uint8_t *buf,
1821 void *hba_private)
1822 {
1823 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1824
1825 switch (buf[0]) {
1826 case READ_6:
1827 case READ_10:
1828 case READ_12:
1829 case READ_16:
1830 case VERIFY_10:
1831 case VERIFY_12:
1832 case VERIFY_16:
1833 case WRITE_6:
1834 case WRITE_10:
1835 case WRITE_12:
1836 case WRITE_16:
1837 case WRITE_VERIFY_10:
1838 case WRITE_VERIFY_12:
1839 case WRITE_VERIFY_16:
1840 /* If we are not using O_DIRECT, we might read stale data from the
1841 * host cache if writes were made using other commands than these
1842 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1843 * O_DIRECT everything must go through SG_IO.
1844 */
1845 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1846 break;
1847 }
1848
1849 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1850 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1851 * And once you do these writes, reading from the block device is
1852 * unreliable, too. It is even possible that reads deliver random data
1853 * from the host page cache (this is probably a Linux bug).
1854 *
1855 * We might use scsi_disk_reqops as long as no writing commands are
1856 * seen, but performance usually isn't paramount on optical media. So,
1857 * just make scsi-block operate the same as scsi-generic for them.
1858 */
1859 if (s->qdev.type == TYPE_ROM) {
1860 break;
1861 }
1862 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1863 hba_private);
1864 }
1865
1866 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1867 hba_private);
1868 }
1869 #endif
1870
1871 #define DEFINE_SCSI_DISK_PROPERTIES() \
1872 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1873 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1874 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1875
1876 static Property scsi_hd_properties[] = {
1877 DEFINE_SCSI_DISK_PROPERTIES(),
1878 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1879 DEFINE_PROP_END_OF_LIST(),
1880 };
1881
1882 static const VMStateDescription vmstate_scsi_disk_state = {
1883 .name = "scsi-disk",
1884 .version_id = 1,
1885 .minimum_version_id = 1,
1886 .minimum_version_id_old = 1,
1887 .fields = (VMStateField[]) {
1888 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1889 VMSTATE_BOOL(media_changed, SCSIDiskState),
1890 VMSTATE_BOOL(media_event, SCSIDiskState),
1891 VMSTATE_BOOL(eject_request, SCSIDiskState),
1892 VMSTATE_BOOL(tray_open, SCSIDiskState),
1893 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1894 VMSTATE_END_OF_LIST()
1895 }
1896 };
1897
1898 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1899 {
1900 DeviceClass *dc = DEVICE_CLASS(klass);
1901 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1902
1903 sc->init = scsi_hd_initfn;
1904 sc->destroy = scsi_destroy;
1905 sc->alloc_req = scsi_new_request;
1906 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1907 dc->fw_name = "disk";
1908 dc->desc = "virtual SCSI disk";
1909 dc->reset = scsi_disk_reset;
1910 dc->props = scsi_hd_properties;
1911 dc->vmsd = &vmstate_scsi_disk_state;
1912 }
1913
1914 static TypeInfo scsi_hd_info = {
1915 .name = "scsi-hd",
1916 .parent = TYPE_SCSI_DEVICE,
1917 .instance_size = sizeof(SCSIDiskState),
1918 .class_init = scsi_hd_class_initfn,
1919 };
1920
1921 static Property scsi_cd_properties[] = {
1922 DEFINE_SCSI_DISK_PROPERTIES(),
1923 DEFINE_PROP_END_OF_LIST(),
1924 };
1925
1926 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1927 {
1928 DeviceClass *dc = DEVICE_CLASS(klass);
1929 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1930
1931 sc->init = scsi_cd_initfn;
1932 sc->destroy = scsi_destroy;
1933 sc->alloc_req = scsi_new_request;
1934 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1935 dc->fw_name = "disk";
1936 dc->desc = "virtual SCSI CD-ROM";
1937 dc->reset = scsi_disk_reset;
1938 dc->props = scsi_cd_properties;
1939 dc->vmsd = &vmstate_scsi_disk_state;
1940 }
1941
1942 static TypeInfo scsi_cd_info = {
1943 .name = "scsi-cd",
1944 .parent = TYPE_SCSI_DEVICE,
1945 .instance_size = sizeof(SCSIDiskState),
1946 .class_init = scsi_cd_class_initfn,
1947 };
1948
1949 #ifdef __linux__
1950 static Property scsi_block_properties[] = {
1951 DEFINE_SCSI_DISK_PROPERTIES(),
1952 DEFINE_PROP_END_OF_LIST(),
1953 };
1954
1955 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1956 {
1957 DeviceClass *dc = DEVICE_CLASS(klass);
1958 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1959
1960 sc->init = scsi_block_initfn;
1961 sc->destroy = scsi_destroy;
1962 sc->alloc_req = scsi_block_new_request;
1963 dc->fw_name = "disk";
1964 dc->desc = "SCSI block device passthrough";
1965 dc->reset = scsi_disk_reset;
1966 dc->props = scsi_block_properties;
1967 dc->vmsd = &vmstate_scsi_disk_state;
1968 }
1969
1970 static TypeInfo scsi_block_info = {
1971 .name = "scsi-block",
1972 .parent = TYPE_SCSI_DEVICE,
1973 .instance_size = sizeof(SCSIDiskState),
1974 .class_init = scsi_block_class_initfn,
1975 };
1976 #endif
1977
1978 static Property scsi_disk_properties[] = {
1979 DEFINE_SCSI_DISK_PROPERTIES(),
1980 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1981 DEFINE_PROP_END_OF_LIST(),
1982 };
1983
1984 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
1985 {
1986 DeviceClass *dc = DEVICE_CLASS(klass);
1987 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1988
1989 sc->init = scsi_disk_initfn;
1990 sc->destroy = scsi_destroy;
1991 sc->alloc_req = scsi_new_request;
1992 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1993 dc->fw_name = "disk";
1994 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
1995 dc->reset = scsi_disk_reset;
1996 dc->props = scsi_disk_properties;
1997 dc->vmsd = &vmstate_scsi_disk_state;
1998 }
1999
2000 static TypeInfo scsi_disk_info = {
2001 .name = "scsi-disk",
2002 .parent = TYPE_SCSI_DEVICE,
2003 .instance_size = sizeof(SCSIDiskState),
2004 .class_init = scsi_disk_class_initfn,
2005 };
2006
2007 static void scsi_disk_register_types(void)
2008 {
2009 type_register_static(&scsi_hd_info);
2010 type_register_static(&scsi_cd_info);
2011 #ifdef __linux__
2012 type_register_static(&scsi_block_info);
2013 #endif
2014 type_register_static(&scsi_disk_info);
2015 }
2016
2017 type_init(scsi_disk_register_types)
Qemu copy for testing