]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi-disk: Complete failed requests in scsi_disk_emulate_command
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licenced under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40
41 #define SCSI_DMA_BUF_SIZE 131072
42 #define SCSI_MAX_INQUIRY_LEN 256
43
44 #define SCSI_REQ_STATUS_RETRY 0x01
45 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
46 #define SCSI_REQ_STATUS_RETRY_READ 0x00
47 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
48
49 typedef struct SCSIDiskState SCSIDiskState;
50
51 typedef struct SCSIDiskReq {
52 SCSIRequest req;
53 /* ??? We should probably keep track of whether the data transfer is
54 a read or a write. Currently we rely on the host getting it right. */
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 struct iovec iov;
59 QEMUIOVector qiov;
60 uint32_t status;
61 } SCSIDiskReq;
62
63 struct SCSIDiskState
64 {
65 SCSIDevice qdev;
66 BlockDriverState *bs;
67 /* The qemu block layer uses a fixed 512 byte sector size.
68 This is the number of 512 byte blocks in a single scsi sector. */
69 int cluster_size;
70 uint64_t max_lba;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 };
75
76 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
77
78 static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, uint32_t tag,
79 uint32_t lun)
80 {
81 SCSIRequest *req;
82 SCSIDiskReq *r;
83
84 req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
85 r = DO_UPCAST(SCSIDiskReq, req, req);
86 r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
87 return r;
88 }
89
90 static void scsi_remove_request(SCSIDiskReq *r)
91 {
92 qemu_vfree(r->iov.iov_base);
93 scsi_req_free(&r->req);
94 }
95
96 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
97 {
98 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
99 }
100
101 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
102 {
103 req->status = status;
104 scsi_dev_set_sense(req->dev, sense_code);
105 }
106
107 /* Helper function for command completion. */
108 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
109 {
110 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
111 r->req.tag, status, sense);
112 scsi_req_set_status(&r->req, status, sense);
113 scsi_req_complete(&r->req);
114 scsi_remove_request(r);
115 }
116
117 /* Cancel a pending data transfer. */
118 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
119 {
120 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
121 SCSIDiskReq *r;
122 DPRINTF("Cancel tag=0x%x\n", tag);
123 r = scsi_find_request(s, tag);
124 if (r) {
125 if (r->req.aiocb)
126 bdrv_aio_cancel(r->req.aiocb);
127 r->req.aiocb = NULL;
128 scsi_remove_request(r);
129 }
130 }
131
132 static void scsi_read_complete(void * opaque, int ret)
133 {
134 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
135 int n;
136
137 r->req.aiocb = NULL;
138
139 if (ret) {
140 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
141 return;
142 }
143 }
144
145 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->iov.iov_len);
146
147 n = r->iov.iov_len / 512;
148 r->sector += n;
149 r->sector_count -= n;
150 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
151 }
152
153
154 static void scsi_read_request(SCSIDiskReq *r)
155 {
156 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
157 uint32_t n;
158
159 if (r->sector_count == (uint32_t)-1) {
160 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
161 r->sector_count = 0;
162 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
163 return;
164 }
165 DPRINTF("Read sector_count=%d\n", r->sector_count);
166 if (r->sector_count == 0) {
167 scsi_command_complete(r, GOOD, NO_SENSE);
168 return;
169 }
170
171 n = r->sector_count;
172 if (n > SCSI_DMA_BUF_SIZE / 512)
173 n = SCSI_DMA_BUF_SIZE / 512;
174
175 r->iov.iov_len = n * 512;
176 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
177 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
178 scsi_read_complete, r);
179 if (r->req.aiocb == NULL)
180 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
181 }
182
183 /* Read more data from scsi device into buffer. */
184 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
185 {
186 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
187 SCSIDiskReq *r;
188
189 r = scsi_find_request(s, tag);
190 if (!r) {
191 BADF("Bad read tag 0x%x\n", tag);
192 /* ??? This is the wrong error. */
193 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
194 return;
195 }
196
197 /* No data transfer may already be in progress */
198 assert(r->req.aiocb == NULL);
199
200 scsi_read_request(r);
201 }
202
203 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
204 {
205 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
208
209 if (action == BLOCK_ERR_IGNORE) {
210 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
211 return 0;
212 }
213
214 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
215 || action == BLOCK_ERR_STOP_ANY) {
216
217 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
218 r->status |= SCSI_REQ_STATUS_RETRY | type;
219
220 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
221 vm_stop(0);
222 } else {
223 if (type == SCSI_REQ_STATUS_RETRY_READ) {
224 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
225 }
226 scsi_command_complete(r, CHECK_CONDITION,
227 HARDWARE_ERROR);
228 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
229 }
230
231 return 1;
232 }
233
234 static void scsi_write_complete(void * opaque, int ret)
235 {
236 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
237 uint32_t len;
238 uint32_t n;
239
240 r->req.aiocb = NULL;
241
242 if (ret) {
243 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
244 return;
245 }
246 }
247
248 n = r->iov.iov_len / 512;
249 r->sector += n;
250 r->sector_count -= n;
251 if (r->sector_count == 0) {
252 scsi_command_complete(r, GOOD, NO_SENSE);
253 } else {
254 len = r->sector_count * 512;
255 if (len > SCSI_DMA_BUF_SIZE) {
256 len = SCSI_DMA_BUF_SIZE;
257 }
258 r->iov.iov_len = len;
259 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
260 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
261 }
262 }
263
264 static void scsi_write_request(SCSIDiskReq *r)
265 {
266 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
267 uint32_t n;
268
269 n = r->iov.iov_len / 512;
270 if (n) {
271 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
272 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
273 scsi_write_complete, r);
274 if (r->req.aiocb == NULL)
275 scsi_command_complete(r, CHECK_CONDITION,
276 HARDWARE_ERROR);
277 } else {
278 /* Invoke completion routine to fetch data from host. */
279 scsi_write_complete(r, 0);
280 }
281 }
282
283 /* Write data to a scsi device. Returns nonzero on failure.
284 The transfer may complete asynchronously. */
285 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
286 {
287 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
288 SCSIDiskReq *r;
289
290 DPRINTF("Write data tag=0x%x\n", tag);
291 r = scsi_find_request(s, tag);
292 if (!r) {
293 BADF("Bad write tag 0x%x\n", tag);
294 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
295 return 1;
296 }
297
298 /* No data transfer may already be in progress */
299 assert(r->req.aiocb == NULL);
300
301 scsi_write_request(r);
302
303 return 0;
304 }
305
306 static void scsi_dma_restart_bh(void *opaque)
307 {
308 SCSIDiskState *s = opaque;
309 SCSIRequest *req;
310 SCSIDiskReq *r;
311
312 qemu_bh_delete(s->bh);
313 s->bh = NULL;
314
315 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
316 r = DO_UPCAST(SCSIDiskReq, req, req);
317 if (r->status & SCSI_REQ_STATUS_RETRY) {
318 int status = r->status;
319 r->status &=
320 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
321
322 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
323 case SCSI_REQ_STATUS_RETRY_READ:
324 scsi_read_request(r);
325 break;
326 case SCSI_REQ_STATUS_RETRY_WRITE:
327 scsi_write_request(r);
328 break;
329 }
330 }
331 }
332 }
333
334 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
335 {
336 SCSIDiskState *s = opaque;
337
338 if (!running)
339 return;
340
341 if (!s->bh) {
342 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
343 qemu_bh_schedule(s->bh);
344 }
345 }
346
347 /* Return a pointer to the data buffer. */
348 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
349 {
350 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
351 SCSIDiskReq *r;
352
353 r = scsi_find_request(s, tag);
354 if (!r) {
355 BADF("Bad buffer tag 0x%x\n", tag);
356 return NULL;
357 }
358 return (uint8_t *)r->iov.iov_base;
359 }
360
361 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
362 {
363 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
364 int buflen = 0;
365
366 if (req->cmd.buf[1] & 0x2) {
367 /* Command support data - optional, not implemented */
368 BADF("optional INQUIRY command support request not implemented\n");
369 return -1;
370 }
371
372 if (req->cmd.buf[1] & 0x1) {
373 /* Vital product data */
374 uint8_t page_code = req->cmd.buf[2];
375 if (req->cmd.xfer < 4) {
376 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
377 "less than 4\n", page_code, req->cmd.xfer);
378 return -1;
379 }
380
381 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
382 outbuf[buflen++] = 5;
383 } else {
384 outbuf[buflen++] = 0;
385 }
386 outbuf[buflen++] = page_code ; // this page
387 outbuf[buflen++] = 0x00;
388
389 switch (page_code) {
390 case 0x00: /* Supported page codes, mandatory */
391 DPRINTF("Inquiry EVPD[Supported pages] "
392 "buffer size %zd\n", req->cmd.xfer);
393 outbuf[buflen++] = 4; // number of pages
394 outbuf[buflen++] = 0x00; // list of supported pages (this page)
395 outbuf[buflen++] = 0x80; // unit serial number
396 outbuf[buflen++] = 0x83; // device identification
397 outbuf[buflen++] = 0xb0; // block device characteristics
398 break;
399
400 case 0x80: /* Device serial number, optional */
401 {
402 int l = strlen(s->serial);
403
404 if (l > req->cmd.xfer)
405 l = req->cmd.xfer;
406 if (l > 20)
407 l = 20;
408
409 DPRINTF("Inquiry EVPD[Serial number] "
410 "buffer size %zd\n", req->cmd.xfer);
411 outbuf[buflen++] = l;
412 memcpy(outbuf+buflen, s->serial, l);
413 buflen += l;
414 break;
415 }
416
417 case 0x83: /* Device identification page, mandatory */
418 {
419 int max_len = 255 - 8;
420 int id_len = strlen(bdrv_get_device_name(s->bs));
421
422 if (id_len > max_len)
423 id_len = max_len;
424 DPRINTF("Inquiry EVPD[Device identification] "
425 "buffer size %zd\n", req->cmd.xfer);
426
427 outbuf[buflen++] = 3 + id_len;
428 outbuf[buflen++] = 0x2; // ASCII
429 outbuf[buflen++] = 0; // not officially assigned
430 outbuf[buflen++] = 0; // reserved
431 outbuf[buflen++] = id_len; // length of data following
432
433 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
434 buflen += id_len;
435 break;
436 }
437 case 0xb0: /* block device characteristics */
438 {
439 unsigned int min_io_size =
440 s->qdev.conf.min_io_size / s->qdev.blocksize;
441 unsigned int opt_io_size =
442 s->qdev.conf.opt_io_size / s->qdev.blocksize;
443
444 /* required VPD size with unmap support */
445 outbuf[3] = buflen = 0x3c;
446
447 memset(outbuf + 4, 0, buflen - 4);
448
449 /* optimal transfer length granularity */
450 outbuf[6] = (min_io_size >> 8) & 0xff;
451 outbuf[7] = min_io_size & 0xff;
452
453 /* optimal transfer length */
454 outbuf[12] = (opt_io_size >> 24) & 0xff;
455 outbuf[13] = (opt_io_size >> 16) & 0xff;
456 outbuf[14] = (opt_io_size >> 8) & 0xff;
457 outbuf[15] = opt_io_size & 0xff;
458 break;
459 }
460 default:
461 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
462 "buffer size %zd\n", page_code, req->cmd.xfer);
463 return -1;
464 }
465 /* done with EVPD */
466 return buflen;
467 }
468
469 /* Standard INQUIRY data */
470 if (req->cmd.buf[2] != 0) {
471 BADF("Error: Inquiry (STANDARD) page or code "
472 "is non-zero [%02X]\n", req->cmd.buf[2]);
473 return -1;
474 }
475
476 /* PAGE CODE == 0 */
477 if (req->cmd.xfer < 5) {
478 BADF("Error: Inquiry (STANDARD) buffer size %zd "
479 "is less than 5\n", req->cmd.xfer);
480 return -1;
481 }
482
483 buflen = req->cmd.xfer;
484 if (buflen > SCSI_MAX_INQUIRY_LEN)
485 buflen = SCSI_MAX_INQUIRY_LEN;
486
487 memset(outbuf, 0, buflen);
488
489 if (req->lun || req->cmd.buf[1] >> 5) {
490 outbuf[0] = 0x7f; /* LUN not supported */
491 return buflen;
492 }
493
494 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM) {
495 outbuf[0] = 5;
496 outbuf[1] = 0x80;
497 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
498 } else {
499 outbuf[0] = 0;
500 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
501 }
502 memcpy(&outbuf[8], "QEMU ", 8);
503 memset(&outbuf[32], 0, 4);
504 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
505 /*
506 * We claim conformance to SPC-3, which is required for guests
507 * to ask for modern features like READ CAPACITY(16) or the
508 * block characteristics VPD page by default. Not all of SPC-3
509 * is actually implemented, but we're good enough.
510 */
511 outbuf[2] = 5;
512 outbuf[3] = 2; /* Format 2 */
513
514 if (buflen > 36) {
515 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
516 } else {
517 /* If the allocation length of CDB is too small,
518 the additional length is not adjusted */
519 outbuf[4] = 36 - 5;
520 }
521
522 /* Sync data transfer and TCQ. */
523 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
524 return buflen;
525 }
526
527 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p,
528 int page_control)
529 {
530 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
531 BlockDriverState *bdrv = s->bs;
532 int cylinders, heads, secs;
533
534 /*
535 * If Changeable Values are requested, a mask denoting those mode parameters
536 * that are changeable shall be returned. As we currently don't support
537 * parameter changes via MODE_SELECT all bits are returned set to zero.
538 * The buffer was already menset to zero by the caller of this function.
539 */
540 switch (page) {
541 case 4: /* Rigid disk device geometry page. */
542 p[0] = 4;
543 p[1] = 0x16;
544 if (page_control == 1) { /* Changeable Values */
545 return p[1] + 2;
546 }
547 /* if a geometry hint is available, use it */
548 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
549 p[2] = (cylinders >> 16) & 0xff;
550 p[3] = (cylinders >> 8) & 0xff;
551 p[4] = cylinders & 0xff;
552 p[5] = heads & 0xff;
553 /* Write precomp start cylinder, disabled */
554 p[6] = (cylinders >> 16) & 0xff;
555 p[7] = (cylinders >> 8) & 0xff;
556 p[8] = cylinders & 0xff;
557 /* Reduced current start cylinder, disabled */
558 p[9] = (cylinders >> 16) & 0xff;
559 p[10] = (cylinders >> 8) & 0xff;
560 p[11] = cylinders & 0xff;
561 /* Device step rate [ns], 200ns */
562 p[12] = 0;
563 p[13] = 200;
564 /* Landing zone cylinder */
565 p[14] = 0xff;
566 p[15] = 0xff;
567 p[16] = 0xff;
568 /* Medium rotation rate [rpm], 5400 rpm */
569 p[20] = (5400 >> 8) & 0xff;
570 p[21] = 5400 & 0xff;
571 return p[1] + 2;
572
573 case 5: /* Flexible disk device geometry page. */
574 p[0] = 5;
575 p[1] = 0x1e;
576 if (page_control == 1) { /* Changeable Values */
577 return p[1] + 2;
578 }
579 /* Transfer rate [kbit/s], 5Mbit/s */
580 p[2] = 5000 >> 8;
581 p[3] = 5000 & 0xff;
582 /* if a geometry hint is available, use it */
583 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
584 p[4] = heads & 0xff;
585 p[5] = secs & 0xff;
586 p[6] = s->cluster_size * 2;
587 p[8] = (cylinders >> 8) & 0xff;
588 p[9] = cylinders & 0xff;
589 /* Write precomp start cylinder, disabled */
590 p[10] = (cylinders >> 8) & 0xff;
591 p[11] = cylinders & 0xff;
592 /* Reduced current start cylinder, disabled */
593 p[12] = (cylinders >> 8) & 0xff;
594 p[13] = cylinders & 0xff;
595 /* Device step rate [100us], 100us */
596 p[14] = 0;
597 p[15] = 1;
598 /* Device step pulse width [us], 1us */
599 p[16] = 1;
600 /* Device head settle delay [100us], 100us */
601 p[17] = 0;
602 p[18] = 1;
603 /* Motor on delay [0.1s], 0.1s */
604 p[19] = 1;
605 /* Motor off delay [0.1s], 0.1s */
606 p[20] = 1;
607 /* Medium rotation rate [rpm], 5400 rpm */
608 p[28] = (5400 >> 8) & 0xff;
609 p[29] = 5400 & 0xff;
610 return p[1] + 2;
611
612 case 8: /* Caching page. */
613 p[0] = 8;
614 p[1] = 0x12;
615 if (page_control == 1) { /* Changeable Values */
616 return p[1] + 2;
617 }
618 if (bdrv_enable_write_cache(s->bs)) {
619 p[2] = 4; /* WCE */
620 }
621 return p[1] + 2;
622
623 case 0x2a: /* CD Capabilities and Mechanical Status page. */
624 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
625 return 0;
626 p[0] = 0x2a;
627 p[1] = 0x14;
628 if (page_control == 1) { /* Changeable Values */
629 return p[1] + 2;
630 }
631 p[2] = 3; // CD-R & CD-RW read
632 p[3] = 0; // Writing not supported
633 p[4] = 0x7f; /* Audio, composite, digital out,
634 mode 2 form 1&2, multi session */
635 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
636 RW corrected, C2 errors, ISRC,
637 UPC, Bar code */
638 p[6] = 0x2d | (bdrv_is_locked(s->bs)? 2 : 0);
639 /* Locking supported, jumper present, eject, tray */
640 p[7] = 0; /* no volume & mute control, no
641 changer */
642 p[8] = (50 * 176) >> 8; // 50x read speed
643 p[9] = (50 * 176) & 0xff;
644 p[10] = 0 >> 8; // No volume
645 p[11] = 0 & 0xff;
646 p[12] = 2048 >> 8; // 2M buffer
647 p[13] = 2048 & 0xff;
648 p[14] = (16 * 176) >> 8; // 16x read speed current
649 p[15] = (16 * 176) & 0xff;
650 p[18] = (16 * 176) >> 8; // 16x write speed
651 p[19] = (16 * 176) & 0xff;
652 p[20] = (16 * 176) >> 8; // 16x write speed current
653 p[21] = (16 * 176) & 0xff;
654 return p[1] + 2;
655
656 default:
657 return 0;
658 }
659 }
660
661 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
662 {
663 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
664 uint64_t nb_sectors;
665 int page, dbd, buflen, page_control;
666 uint8_t *p;
667 uint8_t dev_specific_param;
668
669 dbd = req->cmd.buf[1] & 0x8;
670 page = req->cmd.buf[2] & 0x3f;
671 page_control = (req->cmd.buf[2] & 0xc0) >> 6;
672 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
673 (req->cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, req->cmd.xfer, page_control);
674 memset(outbuf, 0, req->cmd.xfer);
675 p = outbuf;
676
677 if (bdrv_is_read_only(s->bs)) {
678 dev_specific_param = 0x80; /* Readonly. */
679 } else {
680 dev_specific_param = 0x00;
681 }
682
683 if (req->cmd.buf[0] == MODE_SENSE) {
684 p[1] = 0; /* Default media type. */
685 p[2] = dev_specific_param;
686 p[3] = 0; /* Block descriptor length. */
687 p += 4;
688 } else { /* MODE_SENSE_10 */
689 p[2] = 0; /* Default media type. */
690 p[3] = dev_specific_param;
691 p[6] = p[7] = 0; /* Block descriptor length. */
692 p += 8;
693 }
694
695 bdrv_get_geometry(s->bs, &nb_sectors);
696 if (!dbd && nb_sectors) {
697 if (req->cmd.buf[0] == MODE_SENSE) {
698 outbuf[3] = 8; /* Block descriptor length */
699 } else { /* MODE_SENSE_10 */
700 outbuf[7] = 8; /* Block descriptor length */
701 }
702 nb_sectors /= s->cluster_size;
703 if (nb_sectors > 0xffffff)
704 nb_sectors = 0;
705 p[0] = 0; /* media density code */
706 p[1] = (nb_sectors >> 16) & 0xff;
707 p[2] = (nb_sectors >> 8) & 0xff;
708 p[3] = nb_sectors & 0xff;
709 p[4] = 0; /* reserved */
710 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
711 p[6] = s->cluster_size * 2;
712 p[7] = 0;
713 p += 8;
714 }
715
716 if (page_control == 3) { /* Saved Values */
717 return -1; /* ILLEGAL_REQUEST */
718 }
719
720 switch (page) {
721 case 0x04:
722 case 0x05:
723 case 0x08:
724 case 0x2a:
725 p += mode_sense_page(req, page, p, page_control);
726 break;
727 case 0x3f:
728 p += mode_sense_page(req, 0x08, p, page_control);
729 p += mode_sense_page(req, 0x2a, p, page_control);
730 break;
731 default:
732 return -1; /* ILLEGAL_REQUEST */
733 }
734
735 buflen = p - outbuf;
736 /*
737 * The mode data length field specifies the length in bytes of the
738 * following data that is available to be transferred. The mode data
739 * length does not include itself.
740 */
741 if (req->cmd.buf[0] == MODE_SENSE) {
742 outbuf[0] = buflen - 1;
743 } else { /* MODE_SENSE_10 */
744 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
745 outbuf[1] = (buflen - 2) & 0xff;
746 }
747 if (buflen > req->cmd.xfer)
748 buflen = req->cmd.xfer;
749 return buflen;
750 }
751
752 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
753 {
754 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
755 int start_track, format, msf, toclen;
756 uint64_t nb_sectors;
757
758 msf = req->cmd.buf[1] & 2;
759 format = req->cmd.buf[2] & 0xf;
760 start_track = req->cmd.buf[6];
761 bdrv_get_geometry(s->bs, &nb_sectors);
762 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
763 nb_sectors /= s->cluster_size;
764 switch (format) {
765 case 0:
766 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
767 break;
768 case 1:
769 /* multi session : only a single session defined */
770 toclen = 12;
771 memset(outbuf, 0, 12);
772 outbuf[1] = 0x0a;
773 outbuf[2] = 0x01;
774 outbuf[3] = 0x01;
775 break;
776 case 2:
777 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
778 break;
779 default:
780 return -1;
781 }
782 if (toclen > req->cmd.xfer)
783 toclen = req->cmd.xfer;
784 return toclen;
785 }
786
787 static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf)
788 {
789 SCSIRequest *req = &r->req;
790 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
791 uint64_t nb_sectors;
792 int buflen = 0;
793
794 switch (req->cmd.buf[0]) {
795 case TEST_UNIT_READY:
796 if (!bdrv_is_inserted(s->bs))
797 goto not_ready;
798 break;
799 case REQUEST_SENSE:
800 if (req->cmd.xfer < 4)
801 goto illegal_request;
802 memset(outbuf, 0, 4);
803 buflen = 4;
804 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
805 memset(outbuf, 0, 18);
806 buflen = 18;
807 outbuf[7] = 10;
808 /* asc 0x3a, ascq 0: Medium not present */
809 outbuf[12] = 0x3a;
810 outbuf[13] = 0;
811 }
812 outbuf[0] = 0xf0;
813 outbuf[1] = 0;
814 outbuf[2] = req->dev->sense.key;
815 scsi_dev_clear_sense(req->dev);
816 break;
817 case INQUIRY:
818 buflen = scsi_disk_emulate_inquiry(req, outbuf);
819 if (buflen < 0)
820 goto illegal_request;
821 break;
822 case MODE_SENSE:
823 case MODE_SENSE_10:
824 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
825 if (buflen < 0)
826 goto illegal_request;
827 break;
828 case READ_TOC:
829 buflen = scsi_disk_emulate_read_toc(req, outbuf);
830 if (buflen < 0)
831 goto illegal_request;
832 break;
833 case RESERVE:
834 if (req->cmd.buf[1] & 1)
835 goto illegal_request;
836 break;
837 case RESERVE_10:
838 if (req->cmd.buf[1] & 3)
839 goto illegal_request;
840 break;
841 case RELEASE:
842 if (req->cmd.buf[1] & 1)
843 goto illegal_request;
844 break;
845 case RELEASE_10:
846 if (req->cmd.buf[1] & 3)
847 goto illegal_request;
848 break;
849 case START_STOP:
850 if (bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
851 /* load/eject medium */
852 bdrv_eject(s->bs, !(req->cmd.buf[4] & 1));
853 }
854 break;
855 case ALLOW_MEDIUM_REMOVAL:
856 bdrv_set_locked(s->bs, req->cmd.buf[4] & 1);
857 break;
858 case READ_CAPACITY:
859 /* The normal LEN field for this command is zero. */
860 memset(outbuf, 0, 8);
861 bdrv_get_geometry(s->bs, &nb_sectors);
862 if (!nb_sectors)
863 goto not_ready;
864 nb_sectors /= s->cluster_size;
865 /* Returned value is the address of the last sector. */
866 nb_sectors--;
867 /* Remember the new size for read/write sanity checking. */
868 s->max_lba = nb_sectors;
869 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
870 if (nb_sectors > UINT32_MAX)
871 nb_sectors = UINT32_MAX;
872 outbuf[0] = (nb_sectors >> 24) & 0xff;
873 outbuf[1] = (nb_sectors >> 16) & 0xff;
874 outbuf[2] = (nb_sectors >> 8) & 0xff;
875 outbuf[3] = nb_sectors & 0xff;
876 outbuf[4] = 0;
877 outbuf[5] = 0;
878 outbuf[6] = s->cluster_size * 2;
879 outbuf[7] = 0;
880 buflen = 8;
881 break;
882 case SYNCHRONIZE_CACHE:
883 bdrv_flush(s->bs);
884 break;
885 case GET_CONFIGURATION:
886 memset(outbuf, 0, 8);
887 /* ??? This should probably return much more information. For now
888 just return the basic header indicating the CD-ROM profile. */
889 outbuf[7] = 8; // CD-ROM
890 buflen = 8;
891 break;
892 case SERVICE_ACTION_IN:
893 /* Service Action In subcommands. */
894 if ((req->cmd.buf[1] & 31) == 0x10) {
895 DPRINTF("SAI READ CAPACITY(16)\n");
896 memset(outbuf, 0, req->cmd.xfer);
897 bdrv_get_geometry(s->bs, &nb_sectors);
898 if (!nb_sectors)
899 goto not_ready;
900 nb_sectors /= s->cluster_size;
901 /* Returned value is the address of the last sector. */
902 nb_sectors--;
903 /* Remember the new size for read/write sanity checking. */
904 s->max_lba = nb_sectors;
905 outbuf[0] = (nb_sectors >> 56) & 0xff;
906 outbuf[1] = (nb_sectors >> 48) & 0xff;
907 outbuf[2] = (nb_sectors >> 40) & 0xff;
908 outbuf[3] = (nb_sectors >> 32) & 0xff;
909 outbuf[4] = (nb_sectors >> 24) & 0xff;
910 outbuf[5] = (nb_sectors >> 16) & 0xff;
911 outbuf[6] = (nb_sectors >> 8) & 0xff;
912 outbuf[7] = nb_sectors & 0xff;
913 outbuf[8] = 0;
914 outbuf[9] = 0;
915 outbuf[10] = s->cluster_size * 2;
916 outbuf[11] = 0;
917 outbuf[12] = 0;
918 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
919 /* Protection, exponent and lowest lba field left blank. */
920 buflen = req->cmd.xfer;
921 break;
922 }
923 DPRINTF("Unsupported Service Action In\n");
924 goto illegal_request;
925 case REPORT_LUNS:
926 if (req->cmd.xfer < 16)
927 goto illegal_request;
928 memset(outbuf, 0, 16);
929 outbuf[3] = 8;
930 buflen = 16;
931 break;
932 case VERIFY:
933 break;
934 case REZERO_UNIT:
935 DPRINTF("Rezero Unit\n");
936 if (!bdrv_is_inserted(s->bs)) {
937 goto not_ready;
938 }
939 break;
940 default:
941 goto illegal_request;
942 }
943 scsi_req_set_status(req, GOOD, NO_SENSE);
944 return buflen;
945
946 not_ready:
947 scsi_command_complete(r, CHECK_CONDITION, NOT_READY);
948 return -1;
949
950 illegal_request:
951 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
952 return -1;
953 }
954
955 /* Execute a scsi command. Returns the length of the data expected by the
956 command. This will be Positive for data transfers from the device
957 (eg. disk reads), negative for transfers to the device (eg. disk writes),
958 and zero if the command does not transfer any data. */
959
960 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
961 uint8_t *buf, int lun)
962 {
963 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
964 uint64_t lba;
965 uint32_t len;
966 int cmdlen;
967 int is_write;
968 uint8_t command;
969 uint8_t *outbuf;
970 SCSIDiskReq *r;
971 int rc;
972
973 command = buf[0];
974 r = scsi_find_request(s, tag);
975 if (r) {
976 BADF("Tag 0x%x already in use\n", tag);
977 scsi_cancel_io(d, tag);
978 }
979 /* ??? Tags are not unique for different luns. We only implement a
980 single lun, so this should not matter. */
981 r = scsi_new_request(s, tag, lun);
982 outbuf = (uint8_t *)r->iov.iov_base;
983 is_write = 0;
984 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
985 switch (command >> 5) {
986 case 0:
987 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
988 (((uint64_t) buf[1] & 0x1f) << 16);
989 len = buf[4];
990 cmdlen = 6;
991 break;
992 case 1:
993 case 2:
994 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
995 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
996 len = buf[8] | (buf[7] << 8);
997 cmdlen = 10;
998 break;
999 case 4:
1000 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
1001 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
1002 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
1003 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
1004 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
1005 cmdlen = 16;
1006 break;
1007 case 5:
1008 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
1009 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
1010 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
1011 cmdlen = 12;
1012 break;
1013 default:
1014 BADF("Unsupported command length, command %x\n", command);
1015 goto fail;
1016 }
1017 #ifdef DEBUG_SCSI
1018 {
1019 int i;
1020 for (i = 1; i < cmdlen; i++) {
1021 printf(" 0x%02x", buf[i]);
1022 }
1023 printf("\n");
1024 }
1025 #endif
1026
1027 if (scsi_req_parse(&r->req, buf) != 0) {
1028 BADF("Unsupported command length, command %x\n", command);
1029 goto fail;
1030 }
1031 assert(r->req.cmd.len == cmdlen);
1032 assert(r->req.cmd.lba == lba);
1033
1034 if (lun || buf[1] >> 5) {
1035 /* Only LUN 0 supported. */
1036 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
1037 if (command != REQUEST_SENSE && command != INQUIRY)
1038 goto fail;
1039 }
1040 switch (command) {
1041 case TEST_UNIT_READY:
1042 case REQUEST_SENSE:
1043 case INQUIRY:
1044 case MODE_SENSE:
1045 case MODE_SENSE_10:
1046 case RESERVE:
1047 case RESERVE_10:
1048 case RELEASE:
1049 case RELEASE_10:
1050 case START_STOP:
1051 case ALLOW_MEDIUM_REMOVAL:
1052 case READ_CAPACITY:
1053 case SYNCHRONIZE_CACHE:
1054 case READ_TOC:
1055 case GET_CONFIGURATION:
1056 case SERVICE_ACTION_IN:
1057 case REPORT_LUNS:
1058 case VERIFY:
1059 case REZERO_UNIT:
1060 rc = scsi_disk_emulate_command(r, outbuf);
1061 if (rc < 0) {
1062 return 0;
1063 }
1064
1065 r->iov.iov_len = rc;
1066 break;
1067 case READ_6:
1068 case READ_10:
1069 case READ_12:
1070 case READ_16:
1071 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
1072 if (lba > s->max_lba)
1073 goto illegal_lba;
1074 r->sector = lba * s->cluster_size;
1075 r->sector_count = len * s->cluster_size;
1076 break;
1077 case WRITE_6:
1078 case WRITE_10:
1079 case WRITE_12:
1080 case WRITE_16:
1081 case WRITE_VERIFY:
1082 case WRITE_VERIFY_12:
1083 case WRITE_VERIFY_16:
1084 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1085 (command & 0xe) == 0xe ? "And Verify " : "", lba, len);
1086 if (lba > s->max_lba)
1087 goto illegal_lba;
1088 r->sector = lba * s->cluster_size;
1089 r->sector_count = len * s->cluster_size;
1090 is_write = 1;
1091 break;
1092 case MODE_SELECT:
1093 DPRINTF("Mode Select(6) (len %d)\n", len);
1094 /* We don't support mode parameter changes.
1095 Allow the mode parameter header + block descriptors only. */
1096 if (len > 12) {
1097 goto fail;
1098 }
1099 break;
1100 case MODE_SELECT_10:
1101 DPRINTF("Mode Select(10) (len %d)\n", len);
1102 /* We don't support mode parameter changes.
1103 Allow the mode parameter header + block descriptors only. */
1104 if (len > 16) {
1105 goto fail;
1106 }
1107 break;
1108 case SEEK_6:
1109 case SEEK_10:
1110 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10, lba);
1111 if (lba > s->max_lba) {
1112 goto illegal_lba;
1113 }
1114 break;
1115 default:
1116 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1117 fail:
1118 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
1119 return 0;
1120 illegal_lba:
1121 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
1122 return 0;
1123 }
1124 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1125 scsi_command_complete(r, GOOD, NO_SENSE);
1126 }
1127 len = r->sector_count * 512 + r->iov.iov_len;
1128 if (is_write) {
1129 return -len;
1130 } else {
1131 if (!r->sector_count)
1132 r->sector_count = -1;
1133 return len;
1134 }
1135 }
1136
1137 static void scsi_disk_purge_requests(SCSIDiskState *s)
1138 {
1139 SCSIDiskReq *r;
1140
1141 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
1142 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
1143 if (r->req.aiocb) {
1144 bdrv_aio_cancel(r->req.aiocb);
1145 }
1146 scsi_remove_request(r);
1147 }
1148 }
1149
1150 static void scsi_disk_reset(DeviceState *dev)
1151 {
1152 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1153 uint64_t nb_sectors;
1154
1155 scsi_disk_purge_requests(s);
1156
1157 bdrv_get_geometry(s->bs, &nb_sectors);
1158 nb_sectors /= s->cluster_size;
1159 if (nb_sectors) {
1160 nb_sectors--;
1161 }
1162 s->max_lba = nb_sectors;
1163 }
1164
1165 static void scsi_destroy(SCSIDevice *dev)
1166 {
1167 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1168
1169 scsi_disk_purge_requests(s);
1170 blockdev_mark_auto_del(s->qdev.conf.bs);
1171 }
1172
1173 static int scsi_disk_initfn(SCSIDevice *dev)
1174 {
1175 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1176 int is_cd;
1177 DriveInfo *dinfo;
1178
1179 if (!s->qdev.conf.bs) {
1180 error_report("scsi-disk: drive property not set");
1181 return -1;
1182 }
1183 s->bs = s->qdev.conf.bs;
1184 is_cd = bdrv_get_type_hint(s->bs) == BDRV_TYPE_CDROM;
1185
1186 if (!is_cd && !bdrv_is_inserted(s->bs)) {
1187 error_report("Device needs media, but drive is empty");
1188 return -1;
1189 }
1190
1191 if (!s->serial) {
1192 /* try to fall back to value set with legacy -drive serial=... */
1193 dinfo = drive_get_by_blockdev(s->bs);
1194 s->serial = qemu_strdup(*dinfo->serial ? dinfo->serial : "0");
1195 }
1196
1197 if (!s->version) {
1198 s->version = qemu_strdup(QEMU_VERSION);
1199 }
1200
1201 if (bdrv_is_sg(s->bs)) {
1202 error_report("scsi-disk: unwanted /dev/sg*");
1203 return -1;
1204 }
1205
1206 if (is_cd) {
1207 s->qdev.blocksize = 2048;
1208 } else {
1209 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1210 }
1211 s->cluster_size = s->qdev.blocksize / 512;
1212 s->bs->buffer_alignment = s->qdev.blocksize;
1213
1214 s->qdev.type = TYPE_DISK;
1215 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1216 bdrv_set_removable(s->bs, is_cd);
1217 return 0;
1218 }
1219
1220 static SCSIDeviceInfo scsi_disk_info = {
1221 .qdev.name = "scsi-disk",
1222 .qdev.desc = "virtual scsi disk or cdrom",
1223 .qdev.size = sizeof(SCSIDiskState),
1224 .qdev.reset = scsi_disk_reset,
1225 .init = scsi_disk_initfn,
1226 .destroy = scsi_destroy,
1227 .send_command = scsi_send_command,
1228 .read_data = scsi_read_data,
1229 .write_data = scsi_write_data,
1230 .cancel_io = scsi_cancel_io,
1231 .get_buf = scsi_get_buf,
1232 .qdev.props = (Property[]) {
1233 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf),
1234 DEFINE_PROP_STRING("ver", SCSIDiskState, version),
1235 DEFINE_PROP_STRING("serial", SCSIDiskState, serial),
1236 DEFINE_PROP_END_OF_LIST(),
1237 },
1238 };
1239
1240 static void scsi_disk_register_devices(void)
1241 {
1242 scsi_qdev_register(&scsi_disk_info);
1243 }
1244 device_init(scsi_disk_register_devices)
Qemu copy for testing