]> git.proxmox.com Git - mirror_qemu.git/blob - hw/scsi-disk.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
atapi/scsi-disk: make mode page values coherent between the two
[mirror_qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 #define SCSI_REQ_STATUS_RETRY 0x01
46 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
47 #define SCSI_REQ_STATUS_RETRY_READ 0x00
48 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
49 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50
51 typedef struct SCSIDiskState SCSIDiskState;
52
53 typedef struct SCSIDiskReq {
54 SCSIRequest req;
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 uint32_t buflen;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 uint32_t status;
62 BlockAcctCookie acct;
63 } SCSIDiskReq;
64
65 struct SCSIDiskState
66 {
67 SCSIDevice qdev;
68 BlockDriverState *bs;
69 /* The qemu block layer uses a fixed 512 byte sector size.
70 This is the number of 512 byte blocks in a single scsi sector. */
71 int cluster_size;
72 uint32_t removable;
73 uint64_t max_lba;
74 bool media_changed;
75 QEMUBH *bh;
76 char *version;
77 char *serial;
78 bool tray_open;
79 bool tray_locked;
80 };
81
82 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
83 static int scsi_disk_emulate_command(SCSIDiskReq *r);
84
85 static void scsi_free_request(SCSIRequest *req)
86 {
87 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
88
89 if (r->iov.iov_base) {
90 qemu_vfree(r->iov.iov_base);
91 }
92 }
93
94 /* Helper function for command completion with sense. */
95 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
96 {
97 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
98 r->req.tag, sense.key, sense.asc, sense.ascq);
99 scsi_req_build_sense(&r->req, sense);
100 scsi_req_complete(&r->req, CHECK_CONDITION);
101 }
102
103 /* Cancel a pending data transfer. */
104 static void scsi_cancel_io(SCSIRequest *req)
105 {
106 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
107
108 DPRINTF("Cancel tag=0x%x\n", req->tag);
109 if (r->req.aiocb) {
110 bdrv_aio_cancel(r->req.aiocb);
111 }
112 r->req.aiocb = NULL;
113 }
114
115 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
116 {
117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118
119 if (!r->iov.iov_base) {
120 r->buflen = SCSI_DMA_BUF_SIZE;
121 r->iov.iov_base = qemu_blockalign(s->bs, r->buflen);
122 }
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
126 }
127
128 static void scsi_read_complete(void * opaque, int ret)
129 {
130 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
131 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
132 int n;
133
134 if (r->req.aiocb != NULL) {
135 r->req.aiocb = NULL;
136 bdrv_acct_done(s->bs, &r->acct);
137 }
138
139 if (ret) {
140 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
141 return;
142 }
143 }
144
145 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
146
147 n = r->qiov.size / 512;
148 r->sector += n;
149 r->sector_count -= n;
150 scsi_req_data(&r->req, r->qiov.size);
151 }
152
153 static void scsi_flush_complete(void * opaque, int ret)
154 {
155 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
156 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
157
158 if (r->req.aiocb != NULL) {
159 r->req.aiocb = NULL;
160 bdrv_acct_done(s->bs, &r->acct);
161 }
162
163 if (ret < 0) {
164 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
165 return;
166 }
167 }
168
169 scsi_req_complete(&r->req, GOOD);
170 }
171
172 /* Read more data from scsi device into buffer. */
173 static void scsi_read_data(SCSIRequest *req)
174 {
175 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
177 uint32_t n;
178
179 if (r->sector_count == (uint32_t)-1) {
180 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
181 r->sector_count = 0;
182 scsi_req_data(&r->req, r->iov.iov_len);
183 return;
184 }
185 DPRINTF("Read sector_count=%d\n", r->sector_count);
186 if (r->sector_count == 0) {
187 /* This also clears the sense buffer for REQUEST SENSE. */
188 scsi_req_complete(&r->req, GOOD);
189 return;
190 }
191
192 /* No data transfer may already be in progress */
193 assert(r->req.aiocb == NULL);
194
195 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
196 DPRINTF("Data transfer direction invalid\n");
197 scsi_read_complete(r, -EINVAL);
198 return;
199 }
200
201 if (s->tray_open) {
202 scsi_read_complete(r, -ENOMEDIUM);
203 }
204 n = scsi_init_iovec(r);
205 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
206 r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n,
207 scsi_read_complete, r);
208 if (r->req.aiocb == NULL) {
209 scsi_read_complete(r, -EIO);
210 }
211 }
212
213 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
214 {
215 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
216 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
217 BlockErrorAction action = bdrv_get_on_error(s->bs, is_read);
218
219 if (action == BLOCK_ERR_IGNORE) {
220 bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
221 return 0;
222 }
223
224 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
225 || action == BLOCK_ERR_STOP_ANY) {
226
227 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
228 r->status |= SCSI_REQ_STATUS_RETRY | type;
229
230 bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
231 vm_stop(RUN_STATE_IO_ERROR);
232 bdrv_iostatus_set_err(s->bs, error);
233 } else {
234 switch (error) {
235 case ENOMEDIUM:
236 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
237 break;
238 case ENOMEM:
239 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
240 break;
241 case EINVAL:
242 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
243 break;
244 default:
245 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
246 break;
247 }
248 bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
249 }
250 return 1;
251 }
252
253 static void scsi_write_complete(void * opaque, int ret)
254 {
255 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
257 uint32_t n;
258
259 if (r->req.aiocb != NULL) {
260 r->req.aiocb = NULL;
261 bdrv_acct_done(s->bs, &r->acct);
262 }
263
264 if (ret) {
265 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
266 return;
267 }
268 }
269
270 n = r->qiov.size / 512;
271 r->sector += n;
272 r->sector_count -= n;
273 if (r->sector_count == 0) {
274 scsi_req_complete(&r->req, GOOD);
275 } else {
276 scsi_init_iovec(r);
277 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
278 scsi_req_data(&r->req, r->qiov.size);
279 }
280 }
281
282 static void scsi_write_data(SCSIRequest *req)
283 {
284 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
286 uint32_t n;
287
288 /* No data transfer may already be in progress */
289 assert(r->req.aiocb == NULL);
290
291 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
292 DPRINTF("Data transfer direction invalid\n");
293 scsi_write_complete(r, -EINVAL);
294 return;
295 }
296
297 n = r->qiov.size / 512;
298 if (n) {
299 if (s->tray_open) {
300 scsi_write_complete(r, -ENOMEDIUM);
301 }
302 bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
303 r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n,
304 scsi_write_complete, r);
305 if (r->req.aiocb == NULL) {
306 scsi_write_complete(r, -ENOMEM);
307 }
308 } else {
309 /* Called for the first time. Ask the driver to send us more data. */
310 scsi_write_complete(r, 0);
311 }
312 }
313
314 static void scsi_dma_restart_bh(void *opaque)
315 {
316 SCSIDiskState *s = opaque;
317 SCSIRequest *req;
318 SCSIDiskReq *r;
319
320 qemu_bh_delete(s->bh);
321 s->bh = NULL;
322
323 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
324 r = DO_UPCAST(SCSIDiskReq, req, req);
325 if (r->status & SCSI_REQ_STATUS_RETRY) {
326 int status = r->status;
327 int ret;
328
329 r->status &=
330 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
331
332 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
333 case SCSI_REQ_STATUS_RETRY_READ:
334 scsi_read_data(&r->req);
335 break;
336 case SCSI_REQ_STATUS_RETRY_WRITE:
337 scsi_write_data(&r->req);
338 break;
339 case SCSI_REQ_STATUS_RETRY_FLUSH:
340 ret = scsi_disk_emulate_command(r);
341 if (ret == 0) {
342 scsi_req_complete(&r->req, GOOD);
343 }
344 }
345 }
346 }
347 }
348
349 static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
350 {
351 SCSIDiskState *s = opaque;
352
353 if (!running) {
354 return;
355 }
356 if (!s->bh) {
357 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
358 qemu_bh_schedule(s->bh);
359 }
360 }
361
362 /* Return a pointer to the data buffer. */
363 static uint8_t *scsi_get_buf(SCSIRequest *req)
364 {
365 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
366
367 return (uint8_t *)r->iov.iov_base;
368 }
369
370 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
371 {
372 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
373 int buflen = 0;
374
375 if (req->cmd.buf[1] & 0x2) {
376 /* Command support data - optional, not implemented */
377 BADF("optional INQUIRY command support request not implemented\n");
378 return -1;
379 }
380
381 if (req->cmd.buf[1] & 0x1) {
382 /* Vital product data */
383 uint8_t page_code = req->cmd.buf[2];
384 if (req->cmd.xfer < 4) {
385 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
386 "less than 4\n", page_code, req->cmd.xfer);
387 return -1;
388 }
389
390 if (s->qdev.type == TYPE_ROM) {
391 outbuf[buflen++] = 5;
392 } else {
393 outbuf[buflen++] = 0;
394 }
395 outbuf[buflen++] = page_code ; // this page
396 outbuf[buflen++] = 0x00;
397
398 switch (page_code) {
399 case 0x00: /* Supported page codes, mandatory */
400 {
401 int pages;
402 DPRINTF("Inquiry EVPD[Supported pages] "
403 "buffer size %zd\n", req->cmd.xfer);
404 pages = buflen++;
405 outbuf[buflen++] = 0x00; // list of supported pages (this page)
406 if (s->serial) {
407 outbuf[buflen++] = 0x80; // unit serial number
408 }
409 outbuf[buflen++] = 0x83; // device identification
410 if (s->qdev.type == TYPE_DISK) {
411 outbuf[buflen++] = 0xb0; // block limits
412 outbuf[buflen++] = 0xb2; // thin provisioning
413 }
414 outbuf[pages] = buflen - pages - 1; // number of pages
415 break;
416 }
417 case 0x80: /* Device serial number, optional */
418 {
419 int l;
420
421 if (!s->serial) {
422 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
423 return -1;
424 }
425
426 l = strlen(s->serial);
427 if (l > req->cmd.xfer) {
428 l = req->cmd.xfer;
429 }
430 if (l > 20) {
431 l = 20;
432 }
433
434 DPRINTF("Inquiry EVPD[Serial number] "
435 "buffer size %zd\n", req->cmd.xfer);
436 outbuf[buflen++] = l;
437 memcpy(outbuf+buflen, s->serial, l);
438 buflen += l;
439 break;
440 }
441
442 case 0x83: /* Device identification page, mandatory */
443 {
444 int max_len = 255 - 8;
445 int id_len = strlen(bdrv_get_device_name(s->bs));
446
447 if (id_len > max_len) {
448 id_len = max_len;
449 }
450 DPRINTF("Inquiry EVPD[Device identification] "
451 "buffer size %zd\n", req->cmd.xfer);
452
453 outbuf[buflen++] = 4 + id_len;
454 outbuf[buflen++] = 0x2; // ASCII
455 outbuf[buflen++] = 0; // not officially assigned
456 outbuf[buflen++] = 0; // reserved
457 outbuf[buflen++] = id_len; // length of data following
458
459 memcpy(outbuf+buflen, bdrv_get_device_name(s->bs), id_len);
460 buflen += id_len;
461 break;
462 }
463 case 0xb0: /* block limits */
464 {
465 unsigned int unmap_sectors =
466 s->qdev.conf.discard_granularity / s->qdev.blocksize;
467 unsigned int min_io_size =
468 s->qdev.conf.min_io_size / s->qdev.blocksize;
469 unsigned int opt_io_size =
470 s->qdev.conf.opt_io_size / s->qdev.blocksize;
471
472 if (s->qdev.type == TYPE_ROM) {
473 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
474 page_code);
475 return -1;
476 }
477 /* required VPD size with unmap support */
478 outbuf[3] = buflen = 0x3c;
479
480 memset(outbuf + 4, 0, buflen - 4);
481
482 /* optimal transfer length granularity */
483 outbuf[6] = (min_io_size >> 8) & 0xff;
484 outbuf[7] = min_io_size & 0xff;
485
486 /* optimal transfer length */
487 outbuf[12] = (opt_io_size >> 24) & 0xff;
488 outbuf[13] = (opt_io_size >> 16) & 0xff;
489 outbuf[14] = (opt_io_size >> 8) & 0xff;
490 outbuf[15] = opt_io_size & 0xff;
491
492 /* optimal unmap granularity */
493 outbuf[28] = (unmap_sectors >> 24) & 0xff;
494 outbuf[29] = (unmap_sectors >> 16) & 0xff;
495 outbuf[30] = (unmap_sectors >> 8) & 0xff;
496 outbuf[31] = unmap_sectors & 0xff;
497 break;
498 }
499 case 0xb2: /* thin provisioning */
500 {
501 outbuf[3] = buflen = 8;
502 outbuf[4] = 0;
503 outbuf[5] = 0x40; /* write same with unmap supported */
504 outbuf[6] = 0;
505 outbuf[7] = 0;
506 break;
507 }
508 default:
509 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
510 "buffer size %zd\n", page_code, req->cmd.xfer);
511 return -1;
512 }
513 /* done with EVPD */
514 return buflen;
515 }
516
517 /* Standard INQUIRY data */
518 if (req->cmd.buf[2] != 0) {
519 BADF("Error: Inquiry (STANDARD) page or code "
520 "is non-zero [%02X]\n", req->cmd.buf[2]);
521 return -1;
522 }
523
524 /* PAGE CODE == 0 */
525 if (req->cmd.xfer < 5) {
526 BADF("Error: Inquiry (STANDARD) buffer size %zd "
527 "is less than 5\n", req->cmd.xfer);
528 return -1;
529 }
530
531 buflen = req->cmd.xfer;
532 if (buflen > SCSI_MAX_INQUIRY_LEN) {
533 buflen = SCSI_MAX_INQUIRY_LEN;
534 }
535 memset(outbuf, 0, buflen);
536
537 outbuf[0] = s->qdev.type & 0x1f;
538 if (s->qdev.type == TYPE_ROM) {
539 outbuf[1] = 0x80;
540 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
541 } else {
542 outbuf[1] = s->removable ? 0x80 : 0;
543 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
544 }
545 memcpy(&outbuf[8], "QEMU ", 8);
546 memset(&outbuf[32], 0, 4);
547 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
548 /*
549 * We claim conformance to SPC-3, which is required for guests
550 * to ask for modern features like READ CAPACITY(16) or the
551 * block characteristics VPD page by default. Not all of SPC-3
552 * is actually implemented, but we're good enough.
553 */
554 outbuf[2] = 5;
555 outbuf[3] = 2; /* Format 2 */
556
557 if (buflen > 36) {
558 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
559 } else {
560 /* If the allocation length of CDB is too small,
561 the additional length is not adjusted */
562 outbuf[4] = 36 - 5;
563 }
564
565 /* Sync data transfer and TCQ. */
566 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
567 return buflen;
568 }
569
570 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
571 uint8_t *outbuf)
572 {
573 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
574 return -1;
575 }
576
577 static int scsi_get_event_status_notification(SCSIDiskState *s,
578 SCSIDiskReq *r, uint8_t *outbuf)
579 {
580 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
581 return -1;
582 }
583
584 static int scsi_get_configuration(SCSIDiskState *s, SCSIDiskReq *r,
585 uint8_t *outbuf)
586 {
587 if (s->qdev.type != TYPE_ROM) {
588 return -1;
589 }
590 memset(outbuf, 0, 8);
591 /* ??? This should probably return much more information. For now
592 just return the basic header indicating the CD-ROM profile. */
593 outbuf[7] = 8; /* CD-ROM */
594 return 8;
595 }
596
597 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
598 {
599 if (s->qdev.type != TYPE_ROM) {
600 return -1;
601 }
602 memset(outbuf, 0, 8);
603 outbuf[5] = 1; /* CD-ROM */
604 return 8;
605 }
606
607 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
608 int page_control)
609 {
610 static const int mode_sense_valid[0x3f] = {
611 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
612 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
613 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
614 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
615 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
616 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
617 };
618
619 BlockDriverState *bdrv = s->bs;
620 int cylinders, heads, secs;
621 uint8_t *p = *p_outbuf;
622
623 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
624 return -1;
625 }
626
627 p[0] = page;
628
629 /*
630 * If Changeable Values are requested, a mask denoting those mode parameters
631 * that are changeable shall be returned. As we currently don't support
632 * parameter changes via MODE_SELECT all bits are returned set to zero.
633 * The buffer was already menset to zero by the caller of this function.
634 */
635 switch (page) {
636 case MODE_PAGE_HD_GEOMETRY:
637 p[1] = 0x16;
638 if (page_control == 1) { /* Changeable Values */
639 break;
640 }
641 /* if a geometry hint is available, use it */
642 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
643 p[2] = (cylinders >> 16) & 0xff;
644 p[3] = (cylinders >> 8) & 0xff;
645 p[4] = cylinders & 0xff;
646 p[5] = heads & 0xff;
647 /* Write precomp start cylinder, disabled */
648 p[6] = (cylinders >> 16) & 0xff;
649 p[7] = (cylinders >> 8) & 0xff;
650 p[8] = cylinders & 0xff;
651 /* Reduced current start cylinder, disabled */
652 p[9] = (cylinders >> 16) & 0xff;
653 p[10] = (cylinders >> 8) & 0xff;
654 p[11] = cylinders & 0xff;
655 /* Device step rate [ns], 200ns */
656 p[12] = 0;
657 p[13] = 200;
658 /* Landing zone cylinder */
659 p[14] = 0xff;
660 p[15] = 0xff;
661 p[16] = 0xff;
662 /* Medium rotation rate [rpm], 5400 rpm */
663 p[20] = (5400 >> 8) & 0xff;
664 p[21] = 5400 & 0xff;
665 break;
666
667 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
668 p[1] = 0x1e;
669 if (page_control == 1) { /* Changeable Values */
670 break;
671 }
672 /* Transfer rate [kbit/s], 5Mbit/s */
673 p[2] = 5000 >> 8;
674 p[3] = 5000 & 0xff;
675 /* if a geometry hint is available, use it */
676 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
677 p[4] = heads & 0xff;
678 p[5] = secs & 0xff;
679 p[6] = s->cluster_size * 2;
680 p[8] = (cylinders >> 8) & 0xff;
681 p[9] = cylinders & 0xff;
682 /* Write precomp start cylinder, disabled */
683 p[10] = (cylinders >> 8) & 0xff;
684 p[11] = cylinders & 0xff;
685 /* Reduced current start cylinder, disabled */
686 p[12] = (cylinders >> 8) & 0xff;
687 p[13] = cylinders & 0xff;
688 /* Device step rate [100us], 100us */
689 p[14] = 0;
690 p[15] = 1;
691 /* Device step pulse width [us], 1us */
692 p[16] = 1;
693 /* Device head settle delay [100us], 100us */
694 p[17] = 0;
695 p[18] = 1;
696 /* Motor on delay [0.1s], 0.1s */
697 p[19] = 1;
698 /* Motor off delay [0.1s], 0.1s */
699 p[20] = 1;
700 /* Medium rotation rate [rpm], 5400 rpm */
701 p[28] = (5400 >> 8) & 0xff;
702 p[29] = 5400 & 0xff;
703 break;
704
705 case MODE_PAGE_CACHING:
706 p[0] = 8;
707 p[1] = 0x12;
708 if (page_control == 1) { /* Changeable Values */
709 break;
710 }
711 if (bdrv_enable_write_cache(s->bs)) {
712 p[2] = 4; /* WCE */
713 }
714 break;
715
716 case MODE_PAGE_R_W_ERROR:
717 p[1] = 10;
718 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
719 if (s->qdev.type == TYPE_ROM) {
720 p[3] = 0x20; /* Read Retry Count */
721 }
722 break;
723
724 case MODE_PAGE_AUDIO_CTL:
725 p[1] = 14;
726 break;
727
728 case MODE_PAGE_CAPABILITIES:
729 p[1] = 0x14;
730 if (page_control == 1) { /* Changeable Values */
731 break;
732 }
733
734 p[2] = 0x3b; /* CD-R & CD-RW read */
735 p[3] = 0; /* Writing not supported */
736 p[4] = 0x7f; /* Audio, composite, digital out,
737 mode 2 form 1&2, multi session */
738 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
739 RW corrected, C2 errors, ISRC,
740 UPC, Bar code */
741 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
742 /* Locking supported, jumper present, eject, tray */
743 p[7] = 0; /* no volume & mute control, no
744 changer */
745 p[8] = (50 * 176) >> 8; /* 50x read speed */
746 p[9] = (50 * 176) & 0xff;
747 p[10] = 2 >> 8; /* Two volume levels */
748 p[11] = 2 & 0xff;
749 p[12] = 2048 >> 8; /* 2M buffer */
750 p[13] = 2048 & 0xff;
751 p[14] = (16 * 176) >> 8; /* 16x read speed current */
752 p[15] = (16 * 176) & 0xff;
753 p[18] = (16 * 176) >> 8; /* 16x write speed */
754 p[19] = (16 * 176) & 0xff;
755 p[20] = (16 * 176) >> 8; /* 16x write speed current */
756 p[21] = (16 * 176) & 0xff;
757 break;
758
759 default:
760 return -1;
761 }
762
763 *p_outbuf += p[1] + 2;
764 return p[1] + 2;
765 }
766
767 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
768 {
769 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
770 uint64_t nb_sectors;
771 int page, dbd, buflen, ret, page_control;
772 uint8_t *p;
773 uint8_t dev_specific_param;
774
775 dbd = r->req.cmd.buf[1] & 0x8;
776 page = r->req.cmd.buf[2] & 0x3f;
777 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
778 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
779 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
780 memset(outbuf, 0, r->req.cmd.xfer);
781 p = outbuf;
782
783 if (bdrv_is_read_only(s->bs)) {
784 dev_specific_param = 0x80; /* Readonly. */
785 } else {
786 dev_specific_param = 0x00;
787 }
788
789 if (r->req.cmd.buf[0] == MODE_SENSE) {
790 p[1] = 0; /* Default media type. */
791 p[2] = dev_specific_param;
792 p[3] = 0; /* Block descriptor length. */
793 p += 4;
794 } else { /* MODE_SENSE_10 */
795 p[2] = 0; /* Default media type. */
796 p[3] = dev_specific_param;
797 p[6] = p[7] = 0; /* Block descriptor length. */
798 p += 8;
799 }
800
801 bdrv_get_geometry(s->bs, &nb_sectors);
802 if (!dbd && nb_sectors) {
803 if (r->req.cmd.buf[0] == MODE_SENSE) {
804 outbuf[3] = 8; /* Block descriptor length */
805 } else { /* MODE_SENSE_10 */
806 outbuf[7] = 8; /* Block descriptor length */
807 }
808 nb_sectors /= s->cluster_size;
809 if (nb_sectors > 0xffffff) {
810 nb_sectors = 0;
811 }
812 p[0] = 0; /* media density code */
813 p[1] = (nb_sectors >> 16) & 0xff;
814 p[2] = (nb_sectors >> 8) & 0xff;
815 p[3] = nb_sectors & 0xff;
816 p[4] = 0; /* reserved */
817 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
818 p[6] = s->cluster_size * 2;
819 p[7] = 0;
820 p += 8;
821 }
822
823 if (page_control == 3) {
824 /* Saved Values */
825 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
826 return -1;
827 }
828
829 if (page == 0x3f) {
830 for (page = 0; page <= 0x3e; page++) {
831 mode_sense_page(s, page, &p, page_control);
832 }
833 } else {
834 ret = mode_sense_page(s, page, &p, page_control);
835 if (ret == -1) {
836 return -1;
837 }
838 }
839
840 buflen = p - outbuf;
841 /*
842 * The mode data length field specifies the length in bytes of the
843 * following data that is available to be transferred. The mode data
844 * length does not include itself.
845 */
846 if (r->req.cmd.buf[0] == MODE_SENSE) {
847 outbuf[0] = buflen - 1;
848 } else { /* MODE_SENSE_10 */
849 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
850 outbuf[1] = (buflen - 2) & 0xff;
851 }
852 if (buflen > r->req.cmd.xfer) {
853 buflen = r->req.cmd.xfer;
854 }
855 return buflen;
856 }
857
858 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
859 {
860 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
861 int start_track, format, msf, toclen;
862 uint64_t nb_sectors;
863
864 msf = req->cmd.buf[1] & 2;
865 format = req->cmd.buf[2] & 0xf;
866 start_track = req->cmd.buf[6];
867 bdrv_get_geometry(s->bs, &nb_sectors);
868 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
869 nb_sectors /= s->cluster_size;
870 switch (format) {
871 case 0:
872 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
873 break;
874 case 1:
875 /* multi session : only a single session defined */
876 toclen = 12;
877 memset(outbuf, 0, 12);
878 outbuf[1] = 0x0a;
879 outbuf[2] = 0x01;
880 outbuf[3] = 0x01;
881 break;
882 case 2:
883 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
884 break;
885 default:
886 return -1;
887 }
888 if (toclen > req->cmd.xfer) {
889 toclen = req->cmd.xfer;
890 }
891 return toclen;
892 }
893
894 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
895 {
896 SCSIRequest *req = &r->req;
897 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
898 bool start = req->cmd.buf[4] & 1;
899 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
900
901 if (s->qdev.type == TYPE_ROM && loej) {
902 if (!start && !s->tray_open && s->tray_locked) {
903 scsi_check_condition(r,
904 bdrv_is_inserted(s->bs)
905 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
906 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
907 return -1;
908 }
909 bdrv_eject(s->bs, !start);
910 s->tray_open = !start;
911 }
912 return 0;
913 }
914
915 static int scsi_disk_emulate_command(SCSIDiskReq *r)
916 {
917 SCSIRequest *req = &r->req;
918 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
919 uint64_t nb_sectors;
920 uint8_t *outbuf;
921 int buflen = 0;
922
923 if (!r->iov.iov_base) {
924 /*
925 * FIXME: we shouldn't return anything bigger than 4k, but the code
926 * requires the buffer to be as big as req->cmd.xfer in several
927 * places. So, do not allow CDBs with a very large ALLOCATION
928 * LENGTH. The real fix would be to modify scsi_read_data and
929 * dma_buf_read, so that they return data beyond the buflen
930 * as all zeros.
931 */
932 if (req->cmd.xfer > 65536) {
933 goto illegal_request;
934 }
935 r->buflen = MAX(4096, req->cmd.xfer);
936 r->iov.iov_base = qemu_blockalign(s->bs, r->buflen);
937 }
938
939 outbuf = r->iov.iov_base;
940 switch (req->cmd.buf[0]) {
941 case TEST_UNIT_READY:
942 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
943 goto not_ready;
944 }
945 break;
946 case INQUIRY:
947 buflen = scsi_disk_emulate_inquiry(req, outbuf);
948 if (buflen < 0) {
949 goto illegal_request;
950 }
951 break;
952 case MODE_SENSE:
953 case MODE_SENSE_10:
954 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
955 if (buflen < 0) {
956 goto illegal_request;
957 }
958 break;
959 case READ_TOC:
960 buflen = scsi_disk_emulate_read_toc(req, outbuf);
961 if (buflen < 0) {
962 goto illegal_request;
963 }
964 break;
965 case RESERVE:
966 if (req->cmd.buf[1] & 1) {
967 goto illegal_request;
968 }
969 break;
970 case RESERVE_10:
971 if (req->cmd.buf[1] & 3) {
972 goto illegal_request;
973 }
974 break;
975 case RELEASE:
976 if (req->cmd.buf[1] & 1) {
977 goto illegal_request;
978 }
979 break;
980 case RELEASE_10:
981 if (req->cmd.buf[1] & 3) {
982 goto illegal_request;
983 }
984 break;
985 case START_STOP:
986 if (scsi_disk_emulate_start_stop(r) < 0) {
987 return -1;
988 }
989 break;
990 case ALLOW_MEDIUM_REMOVAL:
991 s->tray_locked = req->cmd.buf[4] & 1;
992 bdrv_lock_medium(s->bs, req->cmd.buf[4] & 1);
993 break;
994 case READ_CAPACITY_10:
995 /* The normal LEN field for this command is zero. */
996 memset(outbuf, 0, 8);
997 bdrv_get_geometry(s->bs, &nb_sectors);
998 if (!nb_sectors) {
999 goto not_ready;
1000 }
1001 nb_sectors /= s->cluster_size;
1002 /* Returned value is the address of the last sector. */
1003 nb_sectors--;
1004 /* Remember the new size for read/write sanity checking. */
1005 s->max_lba = nb_sectors;
1006 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1007 if (nb_sectors > UINT32_MAX) {
1008 nb_sectors = UINT32_MAX;
1009 }
1010 outbuf[0] = (nb_sectors >> 24) & 0xff;
1011 outbuf[1] = (nb_sectors >> 16) & 0xff;
1012 outbuf[2] = (nb_sectors >> 8) & 0xff;
1013 outbuf[3] = nb_sectors & 0xff;
1014 outbuf[4] = 0;
1015 outbuf[5] = 0;
1016 outbuf[6] = s->cluster_size * 2;
1017 outbuf[7] = 0;
1018 buflen = 8;
1019 break;
1020 case MECHANISM_STATUS:
1021 buflen = scsi_emulate_mechanism_status(s, outbuf);
1022 if (buflen < 0) {
1023 goto illegal_request;
1024 }
1025 break;
1026 case GET_CONFIGURATION:
1027 buflen = scsi_get_configuration(s, r, outbuf);
1028 if (buflen < 0) {
1029 goto illegal_request;
1030 }
1031 break;
1032 case GET_EVENT_STATUS_NOTIFICATION:
1033 buflen = scsi_get_event_status_notification(s, r, outbuf);
1034 if (buflen < 0) {
1035 goto illegal_request;
1036 }
1037 break;
1038 case READ_DVD_STRUCTURE:
1039 buflen = scsi_read_dvd_structure(s, r, outbuf);
1040 if (buflen < 0) {
1041 goto illegal_request;
1042 }
1043 break;
1044 case SERVICE_ACTION_IN_16:
1045 /* Service Action In subcommands. */
1046 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1047 DPRINTF("SAI READ CAPACITY(16)\n");
1048 memset(outbuf, 0, req->cmd.xfer);
1049 bdrv_get_geometry(s->bs, &nb_sectors);
1050 if (!nb_sectors) {
1051 goto not_ready;
1052 }
1053 nb_sectors /= s->cluster_size;
1054 /* Returned value is the address of the last sector. */
1055 nb_sectors--;
1056 /* Remember the new size for read/write sanity checking. */
1057 s->max_lba = nb_sectors;
1058 outbuf[0] = (nb_sectors >> 56) & 0xff;
1059 outbuf[1] = (nb_sectors >> 48) & 0xff;
1060 outbuf[2] = (nb_sectors >> 40) & 0xff;
1061 outbuf[3] = (nb_sectors >> 32) & 0xff;
1062 outbuf[4] = (nb_sectors >> 24) & 0xff;
1063 outbuf[5] = (nb_sectors >> 16) & 0xff;
1064 outbuf[6] = (nb_sectors >> 8) & 0xff;
1065 outbuf[7] = nb_sectors & 0xff;
1066 outbuf[8] = 0;
1067 outbuf[9] = 0;
1068 outbuf[10] = s->cluster_size * 2;
1069 outbuf[11] = 0;
1070 outbuf[12] = 0;
1071 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1072
1073 /* set TPE bit if the format supports discard */
1074 if (s->qdev.conf.discard_granularity) {
1075 outbuf[14] = 0x80;
1076 }
1077
1078 /* Protection, exponent and lowest lba field left blank. */
1079 buflen = req->cmd.xfer;
1080 break;
1081 }
1082 DPRINTF("Unsupported Service Action In\n");
1083 goto illegal_request;
1084 case VERIFY_10:
1085 break;
1086 default:
1087 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1088 return -1;
1089 }
1090 return buflen;
1091
1092 not_ready:
1093 if (s->tray_open || !bdrv_is_inserted(s->bs)) {
1094 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1095 } else {
1096 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1097 }
1098 return -1;
1099
1100 illegal_request:
1101 if (r->req.status == -1) {
1102 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1103 }
1104 return -1;
1105 }
1106
1107 /* Execute a scsi command. Returns the length of the data expected by the
1108 command. This will be Positive for data transfers from the device
1109 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1110 and zero if the command does not transfer any data. */
1111
1112 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1113 {
1114 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1115 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1116 int32_t len;
1117 uint8_t command;
1118 int rc;
1119
1120 command = buf[0];
1121 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1122
1123 #ifdef DEBUG_SCSI
1124 {
1125 int i;
1126 for (i = 1; i < r->req.cmd.len; i++) {
1127 printf(" 0x%02x", buf[i]);
1128 }
1129 printf("\n");
1130 }
1131 #endif
1132
1133 switch (command) {
1134 case TEST_UNIT_READY:
1135 case INQUIRY:
1136 case MODE_SENSE:
1137 case MODE_SENSE_10:
1138 case RESERVE:
1139 case RESERVE_10:
1140 case RELEASE:
1141 case RELEASE_10:
1142 case START_STOP:
1143 case ALLOW_MEDIUM_REMOVAL:
1144 case READ_CAPACITY_10:
1145 case READ_TOC:
1146 case READ_DVD_STRUCTURE:
1147 case GET_CONFIGURATION:
1148 case GET_EVENT_STATUS_NOTIFICATION:
1149 case MECHANISM_STATUS:
1150 case SERVICE_ACTION_IN_16:
1151 case VERIFY_10:
1152 rc = scsi_disk_emulate_command(r);
1153 if (rc < 0) {
1154 return 0;
1155 }
1156
1157 r->iov.iov_len = rc;
1158 break;
1159 case SYNCHRONIZE_CACHE:
1160 bdrv_acct_start(s->bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1161 r->req.aiocb = bdrv_aio_flush(s->bs, scsi_flush_complete, r);
1162 if (r->req.aiocb == NULL) {
1163 scsi_flush_complete(r, -EIO);
1164 }
1165 return 0;
1166 case READ_6:
1167 case READ_10:
1168 case READ_12:
1169 case READ_16:
1170 len = r->req.cmd.xfer / s->qdev.blocksize;
1171 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1172 if (r->req.cmd.lba > s->max_lba) {
1173 goto illegal_lba;
1174 }
1175 r->sector = r->req.cmd.lba * s->cluster_size;
1176 r->sector_count = len * s->cluster_size;
1177 break;
1178 case WRITE_6:
1179 case WRITE_10:
1180 case WRITE_12:
1181 case WRITE_16:
1182 case WRITE_VERIFY_10:
1183 case WRITE_VERIFY_12:
1184 case WRITE_VERIFY_16:
1185 len = r->req.cmd.xfer / s->qdev.blocksize;
1186 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1187 (command & 0xe) == 0xe ? "And Verify " : "",
1188 r->req.cmd.lba, len);
1189 if (r->req.cmd.lba > s->max_lba) {
1190 goto illegal_lba;
1191 }
1192 r->sector = r->req.cmd.lba * s->cluster_size;
1193 r->sector_count = len * s->cluster_size;
1194 break;
1195 case MODE_SELECT:
1196 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1197 /* We don't support mode parameter changes.
1198 Allow the mode parameter header + block descriptors only. */
1199 if (r->req.cmd.xfer > 12) {
1200 goto fail;
1201 }
1202 break;
1203 case MODE_SELECT_10:
1204 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1205 /* We don't support mode parameter changes.
1206 Allow the mode parameter header + block descriptors only. */
1207 if (r->req.cmd.xfer > 16) {
1208 goto fail;
1209 }
1210 break;
1211 case SEEK_6:
1212 case SEEK_10:
1213 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1214 r->req.cmd.lba);
1215 if (r->req.cmd.lba > s->max_lba) {
1216 goto illegal_lba;
1217 }
1218 break;
1219 case WRITE_SAME_16:
1220 len = r->req.cmd.xfer / s->qdev.blocksize;
1221
1222 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1223 r->req.cmd.lba, len);
1224
1225 if (r->req.cmd.lba > s->max_lba) {
1226 goto illegal_lba;
1227 }
1228
1229 /*
1230 * We only support WRITE SAME with the unmap bit set for now.
1231 */
1232 if (!(buf[1] & 0x8)) {
1233 goto fail;
1234 }
1235
1236 rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size,
1237 len * s->cluster_size);
1238 if (rc < 0) {
1239 /* XXX: better error code ?*/
1240 goto fail;
1241 }
1242
1243 break;
1244 case REQUEST_SENSE:
1245 abort();
1246 default:
1247 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1248 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1249 return 0;
1250 fail:
1251 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1252 return 0;
1253 illegal_lba:
1254 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1255 return 0;
1256 }
1257 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1258 scsi_req_complete(&r->req, GOOD);
1259 }
1260 len = r->sector_count * 512 + r->iov.iov_len;
1261 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1262 return -len;
1263 } else {
1264 if (!r->sector_count) {
1265 r->sector_count = -1;
1266 }
1267 return len;
1268 }
1269 }
1270
1271 static void scsi_disk_reset(DeviceState *dev)
1272 {
1273 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1274 uint64_t nb_sectors;
1275
1276 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1277
1278 bdrv_get_geometry(s->bs, &nb_sectors);
1279 nb_sectors /= s->cluster_size;
1280 if (nb_sectors) {
1281 nb_sectors--;
1282 }
1283 s->max_lba = nb_sectors;
1284 }
1285
1286 static void scsi_destroy(SCSIDevice *dev)
1287 {
1288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1289
1290 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1291 blockdev_mark_auto_del(s->qdev.conf.bs);
1292 }
1293
1294 static void scsi_cd_change_media_cb(void *opaque, bool load)
1295 {
1296 SCSIDiskState *s = opaque;
1297
1298 /*
1299 * When a CD gets changed, we have to report an ejected state and
1300 * then a loaded state to guests so that they detect tray
1301 * open/close and media change events. Guests that do not use
1302 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1303 * states rely on this behavior.
1304 *
1305 * media_changed governs the state machine used for unit attention
1306 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1307 */
1308 s->media_changed = load;
1309 s->tray_open = !load;
1310 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1311 }
1312
1313 static bool scsi_cd_is_tray_open(void *opaque)
1314 {
1315 return ((SCSIDiskState *)opaque)->tray_open;
1316 }
1317
1318 static bool scsi_cd_is_medium_locked(void *opaque)
1319 {
1320 return ((SCSIDiskState *)opaque)->tray_locked;
1321 }
1322
1323 static const BlockDevOps scsi_cd_block_ops = {
1324 .change_media_cb = scsi_cd_change_media_cb,
1325 .is_tray_open = scsi_cd_is_tray_open,
1326 .is_medium_locked = scsi_cd_is_medium_locked,
1327 };
1328
1329 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1330 {
1331 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1332 if (s->media_changed) {
1333 s->media_changed = false;
1334 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1335 }
1336 }
1337
1338 static int scsi_initfn(SCSIDevice *dev, uint8_t scsi_type)
1339 {
1340 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1341 DriveInfo *dinfo;
1342
1343 if (!s->qdev.conf.bs) {
1344 error_report("scsi-disk: drive property not set");
1345 return -1;
1346 }
1347 s->bs = s->qdev.conf.bs;
1348
1349 if (scsi_type == TYPE_DISK && !bdrv_is_inserted(s->bs)) {
1350 error_report("Device needs media, but drive is empty");
1351 return -1;
1352 }
1353
1354 if (!s->serial) {
1355 /* try to fall back to value set with legacy -drive serial=... */
1356 dinfo = drive_get_by_blockdev(s->bs);
1357 if (*dinfo->serial) {
1358 s->serial = g_strdup(dinfo->serial);
1359 }
1360 }
1361
1362 if (!s->version) {
1363 s->version = g_strdup(QEMU_VERSION);
1364 }
1365
1366 if (bdrv_is_sg(s->bs)) {
1367 error_report("scsi-disk: unwanted /dev/sg*");
1368 return -1;
1369 }
1370
1371 if (scsi_type == TYPE_ROM) {
1372 bdrv_set_dev_ops(s->bs, &scsi_cd_block_ops, s);
1373 s->qdev.blocksize = 2048;
1374 } else if (scsi_type == TYPE_DISK) {
1375 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1376 } else {
1377 error_report("scsi-disk: Unhandled SCSI type %02x", scsi_type);
1378 return -1;
1379 }
1380 s->cluster_size = s->qdev.blocksize / 512;
1381 bdrv_set_buffer_alignment(s->bs, s->qdev.blocksize);
1382
1383 s->qdev.type = scsi_type;
1384 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1385 bdrv_iostatus_enable(s->bs);
1386 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1387 return 0;
1388 }
1389
1390 static int scsi_hd_initfn(SCSIDevice *dev)
1391 {
1392 return scsi_initfn(dev, TYPE_DISK);
1393 }
1394
1395 static int scsi_cd_initfn(SCSIDevice *dev)
1396 {
1397 return scsi_initfn(dev, TYPE_ROM);
1398 }
1399
1400 static int scsi_disk_initfn(SCSIDevice *dev)
1401 {
1402 DriveInfo *dinfo;
1403 uint8_t scsi_type;
1404
1405 if (!dev->conf.bs) {
1406 scsi_type = TYPE_DISK; /* will die in scsi_initfn() */
1407 } else {
1408 dinfo = drive_get_by_blockdev(dev->conf.bs);
1409 scsi_type = dinfo->media_cd ? TYPE_ROM : TYPE_DISK;
1410 }
1411
1412 return scsi_initfn(dev, scsi_type);
1413 }
1414
1415 static SCSIReqOps scsi_disk_reqops = {
1416 .size = sizeof(SCSIDiskReq),
1417 .free_req = scsi_free_request,
1418 .send_command = scsi_send_command,
1419 .read_data = scsi_read_data,
1420 .write_data = scsi_write_data,
1421 .cancel_io = scsi_cancel_io,
1422 .get_buf = scsi_get_buf,
1423 };
1424
1425 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
1426 uint32_t lun, void *hba_private)
1427 {
1428 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1429 SCSIRequest *req;
1430
1431 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1432 return req;
1433 }
1434
1435 #define DEFINE_SCSI_DISK_PROPERTIES() \
1436 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1437 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1438 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1439
1440 static SCSIDeviceInfo scsi_disk_info[] = {
1441 {
1442 .qdev.name = "scsi-hd",
1443 .qdev.fw_name = "disk",
1444 .qdev.desc = "virtual SCSI disk",
1445 .qdev.size = sizeof(SCSIDiskState),
1446 .qdev.reset = scsi_disk_reset,
1447 .init = scsi_hd_initfn,
1448 .destroy = scsi_destroy,
1449 .alloc_req = scsi_new_request,
1450 .unit_attention_reported = scsi_disk_unit_attention_reported,
1451 .qdev.props = (Property[]) {
1452 DEFINE_SCSI_DISK_PROPERTIES(),
1453 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1454 DEFINE_PROP_END_OF_LIST(),
1455 }
1456 },{
1457 .qdev.name = "scsi-cd",
1458 .qdev.fw_name = "disk",
1459 .qdev.desc = "virtual SCSI CD-ROM",
1460 .qdev.size = sizeof(SCSIDiskState),
1461 .qdev.reset = scsi_disk_reset,
1462 .init = scsi_cd_initfn,
1463 .destroy = scsi_destroy,
1464 .alloc_req = scsi_new_request,
1465 .unit_attention_reported = scsi_disk_unit_attention_reported,
1466 .qdev.props = (Property[]) {
1467 DEFINE_SCSI_DISK_PROPERTIES(),
1468 DEFINE_PROP_END_OF_LIST(),
1469 },
1470 },{
1471 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1472 .qdev.fw_name = "disk",
1473 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1474 .qdev.size = sizeof(SCSIDiskState),
1475 .qdev.reset = scsi_disk_reset,
1476 .init = scsi_disk_initfn,
1477 .destroy = scsi_destroy,
1478 .alloc_req = scsi_new_request,
1479 .unit_attention_reported = scsi_disk_unit_attention_reported,
1480 .qdev.props = (Property[]) {
1481 DEFINE_SCSI_DISK_PROPERTIES(),
1482 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1483 DEFINE_PROP_END_OF_LIST(),
1484 }
1485 }
1486 };
1487
1488 static void scsi_disk_register_devices(void)
1489 {
1490 int i;
1491
1492 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1493 scsi_qdev_register(&scsi_disk_info[i]);
1494 }
1495 }
1496 device_init(scsi_disk_register_devices)
QEMU mirror