]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'bonzini/nbd-next' into staging
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41 #include "dma.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
49
50 typedef struct SCSIDiskState SCSIDiskState;
51
52 typedef struct SCSIDiskReq {
53 SCSIRequest req;
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
55 uint64_t sector;
56 uint32_t sector_count;
57 uint32_t buflen;
58 bool started;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 BlockAcctCookie acct;
62 } SCSIDiskReq;
63
64 struct SCSIDiskState
65 {
66 SCSIDevice qdev;
67 uint32_t removable;
68 bool media_changed;
69 bool media_event;
70 bool eject_request;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 bool tray_open;
75 bool tray_locked;
76 };
77
78 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
79
80 static void scsi_free_request(SCSIRequest *req)
81 {
82 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
83
84 if (r->iov.iov_base) {
85 qemu_vfree(r->iov.iov_base);
86 }
87 }
88
89 /* Helper function for command completion with sense. */
90 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
91 {
92 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
93 r->req.tag, sense.key, sense.asc, sense.ascq);
94 scsi_req_build_sense(&r->req, sense);
95 scsi_req_complete(&r->req, CHECK_CONDITION);
96 }
97
98 /* Cancel a pending data transfer. */
99 static void scsi_cancel_io(SCSIRequest *req)
100 {
101 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
102
103 DPRINTF("Cancel tag=0x%x\n", req->tag);
104 if (r->req.aiocb) {
105 bdrv_aio_cancel(r->req.aiocb);
106
107 /* This reference was left in by scsi_*_data. We take ownership of
108 * it the moment scsi_req_cancel is called, independent of whether
109 * bdrv_aio_cancel completes the request or not. */
110 scsi_req_unref(&r->req);
111 }
112 r->req.aiocb = NULL;
113 }
114
115 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
116 {
117 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
118
119 if (!r->iov.iov_base) {
120 r->buflen = size;
121 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
122 }
123 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
124 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
125 return r->qiov.size / 512;
126 }
127
128 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
129 {
130 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
131
132 qemu_put_be64s(f, &r->sector);
133 qemu_put_be32s(f, &r->sector_count);
134 qemu_put_be32s(f, &r->buflen);
135 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
136 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
137 }
138 }
139
140 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
141 {
142 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
143
144 qemu_get_be64s(f, &r->sector);
145 qemu_get_be32s(f, &r->sector_count);
146 qemu_get_be32s(f, &r->buflen);
147 if (r->buflen) {
148 scsi_init_iovec(r, r->buflen);
149 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
150 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
151 }
152 }
153
154 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
155 }
156
157 static void scsi_flush_complete(void * opaque, int ret)
158 {
159 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
160 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
161
162 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
163
164 if (ret < 0) {
165 if (scsi_handle_rw_error(r, -ret)) {
166 goto done;
167 }
168 }
169
170 scsi_req_complete(&r->req, GOOD);
171
172 done:
173 if (!r->req.io_canceled) {
174 scsi_req_unref(&r->req);
175 }
176 }
177
178 static bool scsi_is_cmd_fua(SCSICommand *cmd)
179 {
180 switch (cmd->buf[0]) {
181 case READ_10:
182 case READ_12:
183 case READ_16:
184 case WRITE_10:
185 case WRITE_12:
186 case WRITE_16:
187 return (cmd->buf[1] & 8) != 0;
188
189 case VERIFY_10:
190 case VERIFY_12:
191 case VERIFY_16:
192 case WRITE_VERIFY_10:
193 case WRITE_VERIFY_12:
194 case WRITE_VERIFY_16:
195 return true;
196
197 case READ_6:
198 case WRITE_6:
199 default:
200 return false;
201 }
202 }
203
204 static void scsi_write_do_fua(SCSIDiskReq *r)
205 {
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
208 if (scsi_is_cmd_fua(&r->req.cmd)) {
209 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
210 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
211 return;
212 }
213
214 scsi_req_complete(&r->req, GOOD);
215 if (!r->req.io_canceled) {
216 scsi_req_unref(&r->req);
217 }
218 }
219
220 static void scsi_dma_complete(void *opaque, int ret)
221 {
222 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
223 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
224
225 if (r->req.aiocb != NULL) {
226 r->req.aiocb = NULL;
227 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
228 }
229
230 if (ret < 0) {
231 if (scsi_handle_rw_error(r, -ret)) {
232 goto done;
233 }
234 }
235
236 r->sector += r->sector_count;
237 r->sector_count = 0;
238 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
239 scsi_write_do_fua(r);
240 return;
241 } else {
242 scsi_req_complete(&r->req, GOOD);
243 }
244
245 done:
246 if (!r->req.io_canceled) {
247 scsi_req_unref(&r->req);
248 }
249 }
250
251 static void scsi_read_complete(void * opaque, int ret)
252 {
253 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
254 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
255 int n;
256
257 if (r->req.aiocb != NULL) {
258 r->req.aiocb = NULL;
259 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
260 }
261
262 if (ret < 0) {
263 if (scsi_handle_rw_error(r, -ret)) {
264 goto done;
265 }
266 }
267
268 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
269
270 n = r->qiov.size / 512;
271 r->sector += n;
272 r->sector_count -= n;
273 scsi_req_data(&r->req, r->qiov.size);
274
275 done:
276 if (!r->req.io_canceled) {
277 scsi_req_unref(&r->req);
278 }
279 }
280
281 /* Actually issue a read to the block device. */
282 static void scsi_do_read(void *opaque, int ret)
283 {
284 SCSIDiskReq *r = opaque;
285 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
286 uint32_t n;
287
288 if (r->req.aiocb != NULL) {
289 r->req.aiocb = NULL;
290 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
291 }
292
293 if (ret < 0) {
294 if (scsi_handle_rw_error(r, -ret)) {
295 goto done;
296 }
297 }
298
299 if (r->req.sg) {
300 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
301 r->req.resid -= r->req.sg->size;
302 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
303 scsi_dma_complete, r);
304 } else {
305 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
306 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
307 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
308 scsi_read_complete, r);
309 }
310
311 done:
312 if (!r->req.io_canceled) {
313 scsi_req_unref(&r->req);
314 }
315 }
316
317 /* Read more data from scsi device into buffer. */
318 static void scsi_read_data(SCSIRequest *req)
319 {
320 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
321 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
322 bool first;
323
324 if (r->sector_count == (uint32_t)-1) {
325 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
326 r->sector_count = 0;
327 r->started = true;
328 scsi_req_data(&r->req, r->iov.iov_len);
329 return;
330 }
331 DPRINTF("Read sector_count=%d\n", r->sector_count);
332 if (r->sector_count == 0) {
333 /* This also clears the sense buffer for REQUEST SENSE. */
334 scsi_req_complete(&r->req, GOOD);
335 return;
336 }
337
338 /* No data transfer may already be in progress */
339 assert(r->req.aiocb == NULL);
340
341 /* The request is used as the AIO opaque value, so add a ref. */
342 scsi_req_ref(&r->req);
343 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
344 DPRINTF("Data transfer direction invalid\n");
345 scsi_read_complete(r, -EINVAL);
346 return;
347 }
348
349 if (s->tray_open) {
350 scsi_read_complete(r, -ENOMEDIUM);
351 return;
352 }
353
354 first = !r->started;
355 r->started = true;
356 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
357 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
358 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
359 } else {
360 scsi_do_read(r, 0);
361 }
362 }
363
364 /*
365 * scsi_handle_rw_error has two return values. 0 means that the error
366 * must be ignored, 1 means that the error has been processed and the
367 * caller should not do anything else for this request. Note that
368 * scsi_handle_rw_error always manages its reference counts, independent
369 * of the return value.
370 */
371 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
372 {
373 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
374 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
375 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
376
377 if (action == BLOCK_ERR_IGNORE) {
378 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
379 return 0;
380 }
381
382 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
383 || action == BLOCK_ERR_STOP_ANY) {
384
385 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
386 vm_stop(RUN_STATE_IO_ERROR);
387 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
388 scsi_req_retry(&r->req);
389 } else {
390 switch (error) {
391 case ENOMEDIUM:
392 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
393 break;
394 case ENOMEM:
395 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
396 break;
397 case EINVAL:
398 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
399 break;
400 default:
401 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
402 break;
403 }
404 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
405 }
406 return 1;
407 }
408
409 static void scsi_write_complete(void * opaque, int ret)
410 {
411 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
412 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
413 uint32_t n;
414
415 if (r->req.aiocb != NULL) {
416 r->req.aiocb = NULL;
417 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
418 }
419
420 if (ret < 0) {
421 if (scsi_handle_rw_error(r, -ret)) {
422 goto done;
423 }
424 }
425
426 n = r->qiov.size / 512;
427 r->sector += n;
428 r->sector_count -= n;
429 if (r->sector_count == 0) {
430 scsi_write_do_fua(r);
431 return;
432 } else {
433 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
434 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
435 scsi_req_data(&r->req, r->qiov.size);
436 }
437
438 done:
439 if (!r->req.io_canceled) {
440 scsi_req_unref(&r->req);
441 }
442 }
443
444 static void scsi_write_data(SCSIRequest *req)
445 {
446 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
447 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
448 uint32_t n;
449
450 /* No data transfer may already be in progress */
451 assert(r->req.aiocb == NULL);
452
453 /* The request is used as the AIO opaque value, so add a ref. */
454 scsi_req_ref(&r->req);
455 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
456 DPRINTF("Data transfer direction invalid\n");
457 scsi_write_complete(r, -EINVAL);
458 return;
459 }
460
461 if (!r->req.sg && !r->qiov.size) {
462 /* Called for the first time. Ask the driver to send us more data. */
463 r->started = true;
464 scsi_write_complete(r, 0);
465 return;
466 }
467 if (s->tray_open) {
468 scsi_write_complete(r, -ENOMEDIUM);
469 return;
470 }
471
472 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
473 r->req.cmd.buf[0] == VERIFY_16) {
474 if (r->req.sg) {
475 scsi_dma_complete(r, 0);
476 } else {
477 scsi_write_complete(r, 0);
478 }
479 return;
480 }
481
482 if (r->req.sg) {
483 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
484 r->req.resid -= r->req.sg->size;
485 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
486 scsi_dma_complete, r);
487 } else {
488 n = r->qiov.size / 512;
489 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
490 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
491 scsi_write_complete, r);
492 }
493 }
494
495 /* Return a pointer to the data buffer. */
496 static uint8_t *scsi_get_buf(SCSIRequest *req)
497 {
498 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
499
500 return (uint8_t *)r->iov.iov_base;
501 }
502
503 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
504 {
505 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
506 int buflen = 0;
507
508 if (req->cmd.buf[1] & 0x2) {
509 /* Command support data - optional, not implemented */
510 BADF("optional INQUIRY command support request not implemented\n");
511 return -1;
512 }
513
514 if (req->cmd.buf[1] & 0x1) {
515 /* Vital product data */
516 uint8_t page_code = req->cmd.buf[2];
517 if (req->cmd.xfer < 4) {
518 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
519 "less than 4\n", page_code, req->cmd.xfer);
520 return -1;
521 }
522
523 outbuf[buflen++] = s->qdev.type & 0x1f;
524 outbuf[buflen++] = page_code ; // this page
525 outbuf[buflen++] = 0x00;
526
527 switch (page_code) {
528 case 0x00: /* Supported page codes, mandatory */
529 {
530 int pages;
531 DPRINTF("Inquiry EVPD[Supported pages] "
532 "buffer size %zd\n", req->cmd.xfer);
533 pages = buflen++;
534 outbuf[buflen++] = 0x00; // list of supported pages (this page)
535 if (s->serial) {
536 outbuf[buflen++] = 0x80; // unit serial number
537 }
538 outbuf[buflen++] = 0x83; // device identification
539 if (s->qdev.type == TYPE_DISK) {
540 outbuf[buflen++] = 0xb0; // block limits
541 outbuf[buflen++] = 0xb2; // thin provisioning
542 }
543 outbuf[pages] = buflen - pages - 1; // number of pages
544 break;
545 }
546 case 0x80: /* Device serial number, optional */
547 {
548 int l;
549
550 if (!s->serial) {
551 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
552 return -1;
553 }
554
555 l = strlen(s->serial);
556 if (l > 20) {
557 l = 20;
558 }
559
560 DPRINTF("Inquiry EVPD[Serial number] "
561 "buffer size %zd\n", req->cmd.xfer);
562 outbuf[buflen++] = l;
563 memcpy(outbuf+buflen, s->serial, l);
564 buflen += l;
565 break;
566 }
567
568 case 0x83: /* Device identification page, mandatory */
569 {
570 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
571 int max_len = s->serial ? 20 : 255 - 8;
572 int id_len = strlen(str);
573
574 if (id_len > max_len) {
575 id_len = max_len;
576 }
577 DPRINTF("Inquiry EVPD[Device identification] "
578 "buffer size %zd\n", req->cmd.xfer);
579
580 outbuf[buflen++] = 4 + id_len;
581 outbuf[buflen++] = 0x2; // ASCII
582 outbuf[buflen++] = 0; // not officially assigned
583 outbuf[buflen++] = 0; // reserved
584 outbuf[buflen++] = id_len; // length of data following
585
586 memcpy(outbuf+buflen, str, id_len);
587 buflen += id_len;
588 break;
589 }
590 case 0xb0: /* block limits */
591 {
592 unsigned int unmap_sectors =
593 s->qdev.conf.discard_granularity / s->qdev.blocksize;
594 unsigned int min_io_size =
595 s->qdev.conf.min_io_size / s->qdev.blocksize;
596 unsigned int opt_io_size =
597 s->qdev.conf.opt_io_size / s->qdev.blocksize;
598
599 if (s->qdev.type == TYPE_ROM) {
600 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
601 page_code);
602 return -1;
603 }
604 /* required VPD size with unmap support */
605 outbuf[3] = buflen = 0x3c;
606
607 memset(outbuf + 4, 0, buflen - 4);
608
609 /* optimal transfer length granularity */
610 outbuf[6] = (min_io_size >> 8) & 0xff;
611 outbuf[7] = min_io_size & 0xff;
612
613 /* optimal transfer length */
614 outbuf[12] = (opt_io_size >> 24) & 0xff;
615 outbuf[13] = (opt_io_size >> 16) & 0xff;
616 outbuf[14] = (opt_io_size >> 8) & 0xff;
617 outbuf[15] = opt_io_size & 0xff;
618
619 /* optimal unmap granularity */
620 outbuf[28] = (unmap_sectors >> 24) & 0xff;
621 outbuf[29] = (unmap_sectors >> 16) & 0xff;
622 outbuf[30] = (unmap_sectors >> 8) & 0xff;
623 outbuf[31] = unmap_sectors & 0xff;
624 break;
625 }
626 case 0xb2: /* thin provisioning */
627 {
628 outbuf[3] = buflen = 8;
629 outbuf[4] = 0;
630 outbuf[5] = 0x60; /* write_same 10/16 supported */
631 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
632 outbuf[7] = 0;
633 break;
634 }
635 default:
636 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
637 "buffer size %zd\n", page_code, req->cmd.xfer);
638 return -1;
639 }
640 /* done with EVPD */
641 return buflen;
642 }
643
644 /* Standard INQUIRY data */
645 if (req->cmd.buf[2] != 0) {
646 BADF("Error: Inquiry (STANDARD) page or code "
647 "is non-zero [%02X]\n", req->cmd.buf[2]);
648 return -1;
649 }
650
651 /* PAGE CODE == 0 */
652 if (req->cmd.xfer < 5) {
653 BADF("Error: Inquiry (STANDARD) buffer size %zd "
654 "is less than 5\n", req->cmd.xfer);
655 return -1;
656 }
657
658 buflen = req->cmd.xfer;
659 if (buflen > SCSI_MAX_INQUIRY_LEN) {
660 buflen = SCSI_MAX_INQUIRY_LEN;
661 }
662 memset(outbuf, 0, buflen);
663
664 outbuf[0] = s->qdev.type & 0x1f;
665 outbuf[1] = s->removable ? 0x80 : 0;
666 if (s->qdev.type == TYPE_ROM) {
667 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
668 } else {
669 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
670 }
671 memcpy(&outbuf[8], "QEMU ", 8);
672 memset(&outbuf[32], 0, 4);
673 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
674 /*
675 * We claim conformance to SPC-3, which is required for guests
676 * to ask for modern features like READ CAPACITY(16) or the
677 * block characteristics VPD page by default. Not all of SPC-3
678 * is actually implemented, but we're good enough.
679 */
680 outbuf[2] = 5;
681 outbuf[3] = 2; /* Format 2 */
682
683 if (buflen > 36) {
684 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
685 } else {
686 /* If the allocation length of CDB is too small,
687 the additional length is not adjusted */
688 outbuf[4] = 36 - 5;
689 }
690
691 /* Sync data transfer and TCQ. */
692 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
693 return buflen;
694 }
695
696 static inline bool media_is_dvd(SCSIDiskState *s)
697 {
698 uint64_t nb_sectors;
699 if (s->qdev.type != TYPE_ROM) {
700 return false;
701 }
702 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
703 return false;
704 }
705 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
706 return nb_sectors > CD_MAX_SECTORS;
707 }
708
709 static inline bool media_is_cd(SCSIDiskState *s)
710 {
711 uint64_t nb_sectors;
712 if (s->qdev.type != TYPE_ROM) {
713 return false;
714 }
715 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
716 return false;
717 }
718 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
719 return nb_sectors <= CD_MAX_SECTORS;
720 }
721
722 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
723 uint8_t *outbuf)
724 {
725 static const int rds_caps_size[5] = {
726 [0] = 2048 + 4,
727 [1] = 4 + 4,
728 [3] = 188 + 4,
729 [4] = 2048 + 4,
730 };
731
732 uint8_t media = r->req.cmd.buf[1];
733 uint8_t layer = r->req.cmd.buf[6];
734 uint8_t format = r->req.cmd.buf[7];
735 int size = -1;
736
737 if (s->qdev.type != TYPE_ROM) {
738 return -1;
739 }
740 if (media != 0) {
741 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
742 return -1;
743 }
744
745 if (format != 0xff) {
746 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
747 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
748 return -1;
749 }
750 if (media_is_cd(s)) {
751 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
752 return -1;
753 }
754 if (format >= ARRAY_SIZE(rds_caps_size)) {
755 return -1;
756 }
757 size = rds_caps_size[format];
758 memset(outbuf, 0, size);
759 }
760
761 switch (format) {
762 case 0x00: {
763 /* Physical format information */
764 uint64_t nb_sectors;
765 if (layer != 0) {
766 goto fail;
767 }
768 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
769
770 outbuf[4] = 1; /* DVD-ROM, part version 1 */
771 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
772 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
773 outbuf[7] = 0; /* default densities */
774
775 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
776 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
777 break;
778 }
779
780 case 0x01: /* DVD copyright information, all zeros */
781 break;
782
783 case 0x03: /* BCA information - invalid field for no BCA info */
784 return -1;
785
786 case 0x04: /* DVD disc manufacturing information, all zeros */
787 break;
788
789 case 0xff: { /* List capabilities */
790 int i;
791 size = 4;
792 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
793 if (!rds_caps_size[i]) {
794 continue;
795 }
796 outbuf[size] = i;
797 outbuf[size + 1] = 0x40; /* Not writable, readable */
798 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
799 size += 4;
800 }
801 break;
802 }
803
804 default:
805 return -1;
806 }
807
808 /* Size of buffer, not including 2 byte size field */
809 stw_be_p(outbuf, size - 2);
810 return size;
811
812 fail:
813 return -1;
814 }
815
816 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
817 {
818 uint8_t event_code, media_status;
819
820 media_status = 0;
821 if (s->tray_open) {
822 media_status = MS_TRAY_OPEN;
823 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
824 media_status = MS_MEDIA_PRESENT;
825 }
826
827 /* Event notification descriptor */
828 event_code = MEC_NO_CHANGE;
829 if (media_status != MS_TRAY_OPEN) {
830 if (s->media_event) {
831 event_code = MEC_NEW_MEDIA;
832 s->media_event = false;
833 } else if (s->eject_request) {
834 event_code = MEC_EJECT_REQUESTED;
835 s->eject_request = false;
836 }
837 }
838
839 outbuf[0] = event_code;
840 outbuf[1] = media_status;
841
842 /* These fields are reserved, just clear them. */
843 outbuf[2] = 0;
844 outbuf[3] = 0;
845 return 4;
846 }
847
848 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
849 uint8_t *outbuf)
850 {
851 int size;
852 uint8_t *buf = r->req.cmd.buf;
853 uint8_t notification_class_request = buf[4];
854 if (s->qdev.type != TYPE_ROM) {
855 return -1;
856 }
857 if ((buf[1] & 1) == 0) {
858 /* asynchronous */
859 return -1;
860 }
861
862 size = 4;
863 outbuf[0] = outbuf[1] = 0;
864 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
865 if (notification_class_request & (1 << GESN_MEDIA)) {
866 outbuf[2] = GESN_MEDIA;
867 size += scsi_event_status_media(s, &outbuf[size]);
868 } else {
869 outbuf[2] = 0x80;
870 }
871 stw_be_p(outbuf, size - 4);
872 return size;
873 }
874
875 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
876 {
877 int current;
878
879 if (s->qdev.type != TYPE_ROM) {
880 return -1;
881 }
882 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
883 memset(outbuf, 0, 40);
884 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
885 stw_be_p(&outbuf[6], current);
886 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
887 outbuf[10] = 0x03; /* persistent, current */
888 outbuf[11] = 8; /* two profiles */
889 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
890 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
891 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
892 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
893 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
894 stw_be_p(&outbuf[20], 1);
895 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
896 outbuf[23] = 8;
897 stl_be_p(&outbuf[24], 1); /* SCSI */
898 outbuf[28] = 1; /* DBE = 1, mandatory */
899 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
900 stw_be_p(&outbuf[32], 3);
901 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
902 outbuf[35] = 4;
903 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
904 /* TODO: Random readable, CD read, DVD read, drive serial number,
905 power management */
906 return 40;
907 }
908
909 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
910 {
911 if (s->qdev.type != TYPE_ROM) {
912 return -1;
913 }
914 memset(outbuf, 0, 8);
915 outbuf[5] = 1; /* CD-ROM */
916 return 8;
917 }
918
919 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
920 int page_control)
921 {
922 static const int mode_sense_valid[0x3f] = {
923 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
924 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
925 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
926 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
927 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
928 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
929 };
930
931 BlockDriverState *bdrv = s->qdev.conf.bs;
932 int cylinders, heads, secs;
933 uint8_t *p = *p_outbuf;
934
935 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
936 return -1;
937 }
938
939 p[0] = page;
940
941 /*
942 * If Changeable Values are requested, a mask denoting those mode parameters
943 * that are changeable shall be returned. As we currently don't support
944 * parameter changes via MODE_SELECT all bits are returned set to zero.
945 * The buffer was already menset to zero by the caller of this function.
946 */
947 switch (page) {
948 case MODE_PAGE_HD_GEOMETRY:
949 p[1] = 0x16;
950 if (page_control == 1) { /* Changeable Values */
951 break;
952 }
953 /* if a geometry hint is available, use it */
954 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
955 p[2] = (cylinders >> 16) & 0xff;
956 p[3] = (cylinders >> 8) & 0xff;
957 p[4] = cylinders & 0xff;
958 p[5] = heads & 0xff;
959 /* Write precomp start cylinder, disabled */
960 p[6] = (cylinders >> 16) & 0xff;
961 p[7] = (cylinders >> 8) & 0xff;
962 p[8] = cylinders & 0xff;
963 /* Reduced current start cylinder, disabled */
964 p[9] = (cylinders >> 16) & 0xff;
965 p[10] = (cylinders >> 8) & 0xff;
966 p[11] = cylinders & 0xff;
967 /* Device step rate [ns], 200ns */
968 p[12] = 0;
969 p[13] = 200;
970 /* Landing zone cylinder */
971 p[14] = 0xff;
972 p[15] = 0xff;
973 p[16] = 0xff;
974 /* Medium rotation rate [rpm], 5400 rpm */
975 p[20] = (5400 >> 8) & 0xff;
976 p[21] = 5400 & 0xff;
977 break;
978
979 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
980 p[1] = 0x1e;
981 if (page_control == 1) { /* Changeable Values */
982 break;
983 }
984 /* Transfer rate [kbit/s], 5Mbit/s */
985 p[2] = 5000 >> 8;
986 p[3] = 5000 & 0xff;
987 /* if a geometry hint is available, use it */
988 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
989 p[4] = heads & 0xff;
990 p[5] = secs & 0xff;
991 p[6] = s->qdev.blocksize >> 8;
992 p[8] = (cylinders >> 8) & 0xff;
993 p[9] = cylinders & 0xff;
994 /* Write precomp start cylinder, disabled */
995 p[10] = (cylinders >> 8) & 0xff;
996 p[11] = cylinders & 0xff;
997 /* Reduced current start cylinder, disabled */
998 p[12] = (cylinders >> 8) & 0xff;
999 p[13] = cylinders & 0xff;
1000 /* Device step rate [100us], 100us */
1001 p[14] = 0;
1002 p[15] = 1;
1003 /* Device step pulse width [us], 1us */
1004 p[16] = 1;
1005 /* Device head settle delay [100us], 100us */
1006 p[17] = 0;
1007 p[18] = 1;
1008 /* Motor on delay [0.1s], 0.1s */
1009 p[19] = 1;
1010 /* Motor off delay [0.1s], 0.1s */
1011 p[20] = 1;
1012 /* Medium rotation rate [rpm], 5400 rpm */
1013 p[28] = (5400 >> 8) & 0xff;
1014 p[29] = 5400 & 0xff;
1015 break;
1016
1017 case MODE_PAGE_CACHING:
1018 p[0] = 8;
1019 p[1] = 0x12;
1020 if (page_control == 1) { /* Changeable Values */
1021 break;
1022 }
1023 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1024 p[2] = 4; /* WCE */
1025 }
1026 break;
1027
1028 case MODE_PAGE_R_W_ERROR:
1029 p[1] = 10;
1030 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1031 if (s->qdev.type == TYPE_ROM) {
1032 p[3] = 0x20; /* Read Retry Count */
1033 }
1034 break;
1035
1036 case MODE_PAGE_AUDIO_CTL:
1037 p[1] = 14;
1038 break;
1039
1040 case MODE_PAGE_CAPABILITIES:
1041 p[1] = 0x14;
1042 if (page_control == 1) { /* Changeable Values */
1043 break;
1044 }
1045
1046 p[2] = 0x3b; /* CD-R & CD-RW read */
1047 p[3] = 0; /* Writing not supported */
1048 p[4] = 0x7f; /* Audio, composite, digital out,
1049 mode 2 form 1&2, multi session */
1050 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1051 RW corrected, C2 errors, ISRC,
1052 UPC, Bar code */
1053 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1054 /* Locking supported, jumper present, eject, tray */
1055 p[7] = 0; /* no volume & mute control, no
1056 changer */
1057 p[8] = (50 * 176) >> 8; /* 50x read speed */
1058 p[9] = (50 * 176) & 0xff;
1059 p[10] = 2 >> 8; /* Two volume levels */
1060 p[11] = 2 & 0xff;
1061 p[12] = 2048 >> 8; /* 2M buffer */
1062 p[13] = 2048 & 0xff;
1063 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1064 p[15] = (16 * 176) & 0xff;
1065 p[18] = (16 * 176) >> 8; /* 16x write speed */
1066 p[19] = (16 * 176) & 0xff;
1067 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1068 p[21] = (16 * 176) & 0xff;
1069 break;
1070
1071 default:
1072 return -1;
1073 }
1074
1075 *p_outbuf += p[1] + 2;
1076 return p[1] + 2;
1077 }
1078
1079 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1080 {
1081 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1082 uint64_t nb_sectors;
1083 bool dbd;
1084 int page, buflen, ret, page_control;
1085 uint8_t *p;
1086 uint8_t dev_specific_param;
1087
1088 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1089 page = r->req.cmd.buf[2] & 0x3f;
1090 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1091 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1092 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1093 memset(outbuf, 0, r->req.cmd.xfer);
1094 p = outbuf;
1095
1096 if (s->qdev.type == TYPE_DISK) {
1097 dev_specific_param = 0x10; /* DPOFUA */
1098 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1099 dev_specific_param |= 0x80; /* Readonly. */
1100 }
1101 } else {
1102 /* MMC prescribes that CD/DVD drives have no block descriptors,
1103 * and defines no device-specific parameter. */
1104 dev_specific_param = 0x00;
1105 dbd = true;
1106 }
1107
1108 if (r->req.cmd.buf[0] == MODE_SENSE) {
1109 p[1] = 0; /* Default media type. */
1110 p[2] = dev_specific_param;
1111 p[3] = 0; /* Block descriptor length. */
1112 p += 4;
1113 } else { /* MODE_SENSE_10 */
1114 p[2] = 0; /* Default media type. */
1115 p[3] = dev_specific_param;
1116 p[6] = p[7] = 0; /* Block descriptor length. */
1117 p += 8;
1118 }
1119
1120 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1121 if (!dbd && nb_sectors) {
1122 if (r->req.cmd.buf[0] == MODE_SENSE) {
1123 outbuf[3] = 8; /* Block descriptor length */
1124 } else { /* MODE_SENSE_10 */
1125 outbuf[7] = 8; /* Block descriptor length */
1126 }
1127 nb_sectors /= (s->qdev.blocksize / 512);
1128 if (nb_sectors > 0xffffff) {
1129 nb_sectors = 0;
1130 }
1131 p[0] = 0; /* media density code */
1132 p[1] = (nb_sectors >> 16) & 0xff;
1133 p[2] = (nb_sectors >> 8) & 0xff;
1134 p[3] = nb_sectors & 0xff;
1135 p[4] = 0; /* reserved */
1136 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1137 p[6] = s->qdev.blocksize >> 8;
1138 p[7] = 0;
1139 p += 8;
1140 }
1141
1142 if (page_control == 3) {
1143 /* Saved Values */
1144 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1145 return -1;
1146 }
1147
1148 if (page == 0x3f) {
1149 for (page = 0; page <= 0x3e; page++) {
1150 mode_sense_page(s, page, &p, page_control);
1151 }
1152 } else {
1153 ret = mode_sense_page(s, page, &p, page_control);
1154 if (ret == -1) {
1155 return -1;
1156 }
1157 }
1158
1159 buflen = p - outbuf;
1160 /*
1161 * The mode data length field specifies the length in bytes of the
1162 * following data that is available to be transferred. The mode data
1163 * length does not include itself.
1164 */
1165 if (r->req.cmd.buf[0] == MODE_SENSE) {
1166 outbuf[0] = buflen - 1;
1167 } else { /* MODE_SENSE_10 */
1168 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1169 outbuf[1] = (buflen - 2) & 0xff;
1170 }
1171 return buflen;
1172 }
1173
1174 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1175 {
1176 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1177 int start_track, format, msf, toclen;
1178 uint64_t nb_sectors;
1179
1180 msf = req->cmd.buf[1] & 2;
1181 format = req->cmd.buf[2] & 0xf;
1182 start_track = req->cmd.buf[6];
1183 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1184 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1185 nb_sectors /= s->qdev.blocksize / 512;
1186 switch (format) {
1187 case 0:
1188 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1189 break;
1190 case 1:
1191 /* multi session : only a single session defined */
1192 toclen = 12;
1193 memset(outbuf, 0, 12);
1194 outbuf[1] = 0x0a;
1195 outbuf[2] = 0x01;
1196 outbuf[3] = 0x01;
1197 break;
1198 case 2:
1199 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1200 break;
1201 default:
1202 return -1;
1203 }
1204 return toclen;
1205 }
1206
1207 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1208 {
1209 SCSIRequest *req = &r->req;
1210 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1211 bool start = req->cmd.buf[4] & 1;
1212 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1213
1214 if (s->qdev.type == TYPE_ROM && loej) {
1215 if (!start && !s->tray_open && s->tray_locked) {
1216 scsi_check_condition(r,
1217 bdrv_is_inserted(s->qdev.conf.bs)
1218 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1219 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1220 return -1;
1221 }
1222
1223 if (s->tray_open != !start) {
1224 bdrv_eject(s->qdev.conf.bs, !start);
1225 s->tray_open = !start;
1226 }
1227 }
1228 return 0;
1229 }
1230
1231 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1232 {
1233 SCSIRequest *req = &r->req;
1234 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1235 uint64_t nb_sectors;
1236 uint8_t *outbuf;
1237 int buflen = 0;
1238
1239 if (!r->iov.iov_base) {
1240 /*
1241 * FIXME: we shouldn't return anything bigger than 4k, but the code
1242 * requires the buffer to be as big as req->cmd.xfer in several
1243 * places. So, do not allow CDBs with a very large ALLOCATION
1244 * LENGTH. The real fix would be to modify scsi_read_data and
1245 * dma_buf_read, so that they return data beyond the buflen
1246 * as all zeros.
1247 */
1248 if (req->cmd.xfer > 65536) {
1249 goto illegal_request;
1250 }
1251 r->buflen = MAX(4096, req->cmd.xfer);
1252 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1253 }
1254
1255 outbuf = r->iov.iov_base;
1256 switch (req->cmd.buf[0]) {
1257 case TEST_UNIT_READY:
1258 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1259 break;
1260 case INQUIRY:
1261 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1262 if (buflen < 0) {
1263 goto illegal_request;
1264 }
1265 break;
1266 case MODE_SENSE:
1267 case MODE_SENSE_10:
1268 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1269 if (buflen < 0) {
1270 goto illegal_request;
1271 }
1272 break;
1273 case READ_TOC:
1274 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1275 if (buflen < 0) {
1276 goto illegal_request;
1277 }
1278 break;
1279 case RESERVE:
1280 if (req->cmd.buf[1] & 1) {
1281 goto illegal_request;
1282 }
1283 break;
1284 case RESERVE_10:
1285 if (req->cmd.buf[1] & 3) {
1286 goto illegal_request;
1287 }
1288 break;
1289 case RELEASE:
1290 if (req->cmd.buf[1] & 1) {
1291 goto illegal_request;
1292 }
1293 break;
1294 case RELEASE_10:
1295 if (req->cmd.buf[1] & 3) {
1296 goto illegal_request;
1297 }
1298 break;
1299 case START_STOP:
1300 if (scsi_disk_emulate_start_stop(r) < 0) {
1301 return -1;
1302 }
1303 break;
1304 case ALLOW_MEDIUM_REMOVAL:
1305 s->tray_locked = req->cmd.buf[4] & 1;
1306 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1307 break;
1308 case READ_CAPACITY_10:
1309 /* The normal LEN field for this command is zero. */
1310 memset(outbuf, 0, 8);
1311 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1312 if (!nb_sectors) {
1313 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1314 return -1;
1315 }
1316 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1317 goto illegal_request;
1318 }
1319 nb_sectors /= s->qdev.blocksize / 512;
1320 /* Returned value is the address of the last sector. */
1321 nb_sectors--;
1322 /* Remember the new size for read/write sanity checking. */
1323 s->qdev.max_lba = nb_sectors;
1324 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1325 if (nb_sectors > UINT32_MAX) {
1326 nb_sectors = UINT32_MAX;
1327 }
1328 outbuf[0] = (nb_sectors >> 24) & 0xff;
1329 outbuf[1] = (nb_sectors >> 16) & 0xff;
1330 outbuf[2] = (nb_sectors >> 8) & 0xff;
1331 outbuf[3] = nb_sectors & 0xff;
1332 outbuf[4] = 0;
1333 outbuf[5] = 0;
1334 outbuf[6] = s->qdev.blocksize >> 8;
1335 outbuf[7] = 0;
1336 buflen = 8;
1337 break;
1338 case REQUEST_SENSE:
1339 /* Just return "NO SENSE". */
1340 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1341 (req->cmd.buf[1] & 1) == 0);
1342 break;
1343 case MECHANISM_STATUS:
1344 buflen = scsi_emulate_mechanism_status(s, outbuf);
1345 if (buflen < 0) {
1346 goto illegal_request;
1347 }
1348 break;
1349 case GET_CONFIGURATION:
1350 buflen = scsi_get_configuration(s, outbuf);
1351 if (buflen < 0) {
1352 goto illegal_request;
1353 }
1354 break;
1355 case GET_EVENT_STATUS_NOTIFICATION:
1356 buflen = scsi_get_event_status_notification(s, r, outbuf);
1357 if (buflen < 0) {
1358 goto illegal_request;
1359 }
1360 break;
1361 case READ_DVD_STRUCTURE:
1362 buflen = scsi_read_dvd_structure(s, r, outbuf);
1363 if (buflen < 0) {
1364 goto illegal_request;
1365 }
1366 break;
1367 case SERVICE_ACTION_IN_16:
1368 /* Service Action In subcommands. */
1369 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1370 DPRINTF("SAI READ CAPACITY(16)\n");
1371 memset(outbuf, 0, req->cmd.xfer);
1372 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1373 if (!nb_sectors) {
1374 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1375 return -1;
1376 }
1377 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1378 goto illegal_request;
1379 }
1380 nb_sectors /= s->qdev.blocksize / 512;
1381 /* Returned value is the address of the last sector. */
1382 nb_sectors--;
1383 /* Remember the new size for read/write sanity checking. */
1384 s->qdev.max_lba = nb_sectors;
1385 outbuf[0] = (nb_sectors >> 56) & 0xff;
1386 outbuf[1] = (nb_sectors >> 48) & 0xff;
1387 outbuf[2] = (nb_sectors >> 40) & 0xff;
1388 outbuf[3] = (nb_sectors >> 32) & 0xff;
1389 outbuf[4] = (nb_sectors >> 24) & 0xff;
1390 outbuf[5] = (nb_sectors >> 16) & 0xff;
1391 outbuf[6] = (nb_sectors >> 8) & 0xff;
1392 outbuf[7] = nb_sectors & 0xff;
1393 outbuf[8] = 0;
1394 outbuf[9] = 0;
1395 outbuf[10] = s->qdev.blocksize >> 8;
1396 outbuf[11] = 0;
1397 outbuf[12] = 0;
1398 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1399
1400 /* set TPE bit if the format supports discard */
1401 if (s->qdev.conf.discard_granularity) {
1402 outbuf[14] = 0x80;
1403 }
1404
1405 /* Protection, exponent and lowest lba field left blank. */
1406 buflen = req->cmd.xfer;
1407 break;
1408 }
1409 DPRINTF("Unsupported Service Action In\n");
1410 goto illegal_request;
1411 default:
1412 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1413 return -1;
1414 }
1415 buflen = MIN(buflen, req->cmd.xfer);
1416 return buflen;
1417
1418 illegal_request:
1419 if (r->req.status == -1) {
1420 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1421 }
1422 return -1;
1423 }
1424
1425 /* Execute a scsi command. Returns the length of the data expected by the
1426 command. This will be Positive for data transfers from the device
1427 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1428 and zero if the command does not transfer any data. */
1429
1430 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1431 {
1432 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1433 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1434 int32_t len;
1435 uint8_t command;
1436 int rc;
1437
1438 command = buf[0];
1439 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1440
1441 #ifdef DEBUG_SCSI
1442 {
1443 int i;
1444 for (i = 1; i < r->req.cmd.len; i++) {
1445 printf(" 0x%02x", buf[i]);
1446 }
1447 printf("\n");
1448 }
1449 #endif
1450
1451 switch (command) {
1452 case INQUIRY:
1453 case MODE_SENSE:
1454 case MODE_SENSE_10:
1455 case RESERVE:
1456 case RESERVE_10:
1457 case RELEASE:
1458 case RELEASE_10:
1459 case START_STOP:
1460 case ALLOW_MEDIUM_REMOVAL:
1461 case GET_CONFIGURATION:
1462 case GET_EVENT_STATUS_NOTIFICATION:
1463 case MECHANISM_STATUS:
1464 case REQUEST_SENSE:
1465 break;
1466
1467 default:
1468 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1469 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1470 return 0;
1471 }
1472 break;
1473 }
1474
1475 switch (command) {
1476 case TEST_UNIT_READY:
1477 case INQUIRY:
1478 case MODE_SENSE:
1479 case MODE_SENSE_10:
1480 case RESERVE:
1481 case RESERVE_10:
1482 case RELEASE:
1483 case RELEASE_10:
1484 case START_STOP:
1485 case ALLOW_MEDIUM_REMOVAL:
1486 case READ_CAPACITY_10:
1487 case READ_TOC:
1488 case READ_DVD_STRUCTURE:
1489 case GET_CONFIGURATION:
1490 case GET_EVENT_STATUS_NOTIFICATION:
1491 case MECHANISM_STATUS:
1492 case SERVICE_ACTION_IN_16:
1493 case REQUEST_SENSE:
1494 rc = scsi_disk_emulate_command(r);
1495 if (rc < 0) {
1496 return 0;
1497 }
1498
1499 r->iov.iov_len = rc;
1500 break;
1501 case SYNCHRONIZE_CACHE:
1502 /* The request is used as the AIO opaque value, so add a ref. */
1503 scsi_req_ref(&r->req);
1504 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1505 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1506 return 0;
1507 case READ_6:
1508 case READ_10:
1509 case READ_12:
1510 case READ_16:
1511 len = r->req.cmd.xfer / s->qdev.blocksize;
1512 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1513 if (r->req.cmd.lba > s->qdev.max_lba) {
1514 goto illegal_lba;
1515 }
1516 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1517 r->sector_count = len * (s->qdev.blocksize / 512);
1518 break;
1519 case VERIFY_10:
1520 case VERIFY_12:
1521 case VERIFY_16:
1522 case WRITE_6:
1523 case WRITE_10:
1524 case WRITE_12:
1525 case WRITE_16:
1526 case WRITE_VERIFY_10:
1527 case WRITE_VERIFY_12:
1528 case WRITE_VERIFY_16:
1529 len = r->req.cmd.xfer / s->qdev.blocksize;
1530 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1531 (command & 0xe) == 0xe ? "And Verify " : "",
1532 r->req.cmd.lba, len);
1533 if (r->req.cmd.lba > s->qdev.max_lba) {
1534 goto illegal_lba;
1535 }
1536 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1537 r->sector_count = len * (s->qdev.blocksize / 512);
1538 break;
1539 case MODE_SELECT:
1540 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1541 /* We don't support mode parameter changes.
1542 Allow the mode parameter header + block descriptors only. */
1543 if (r->req.cmd.xfer > 12) {
1544 goto fail;
1545 }
1546 break;
1547 case MODE_SELECT_10:
1548 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1549 /* We don't support mode parameter changes.
1550 Allow the mode parameter header + block descriptors only. */
1551 if (r->req.cmd.xfer > 16) {
1552 goto fail;
1553 }
1554 break;
1555 case SEEK_10:
1556 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1557 if (r->req.cmd.lba > s->qdev.max_lba) {
1558 goto illegal_lba;
1559 }
1560 break;
1561 case WRITE_SAME_10:
1562 case WRITE_SAME_16:
1563 len = r->req.cmd.xfer / s->qdev.blocksize;
1564
1565 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1566 r->req.cmd.lba, len);
1567
1568 if (r->req.cmd.lba > s->qdev.max_lba) {
1569 goto illegal_lba;
1570 }
1571
1572 /*
1573 * We only support WRITE SAME with the unmap bit set for now.
1574 */
1575 if (!(buf[1] & 0x8)) {
1576 goto fail;
1577 }
1578
1579 rc = bdrv_discard(s->qdev.conf.bs,
1580 r->req.cmd.lba * (s->qdev.blocksize / 512),
1581 len * (s->qdev.blocksize / 512));
1582 if (rc < 0) {
1583 /* XXX: better error code ?*/
1584 goto fail;
1585 }
1586
1587 break;
1588 default:
1589 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1590 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1591 return 0;
1592 fail:
1593 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1594 return 0;
1595 illegal_lba:
1596 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1597 return 0;
1598 }
1599 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1600 scsi_req_complete(&r->req, GOOD);
1601 }
1602 len = r->sector_count * 512 + r->iov.iov_len;
1603 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1604 return -len;
1605 } else {
1606 if (!r->sector_count) {
1607 r->sector_count = -1;
1608 }
1609 return len;
1610 }
1611 }
1612
1613 static void scsi_disk_reset(DeviceState *dev)
1614 {
1615 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1616 uint64_t nb_sectors;
1617
1618 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1619
1620 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1621 nb_sectors /= s->qdev.blocksize / 512;
1622 if (nb_sectors) {
1623 nb_sectors--;
1624 }
1625 s->qdev.max_lba = nb_sectors;
1626 }
1627
1628 static void scsi_destroy(SCSIDevice *dev)
1629 {
1630 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1631
1632 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1633 blockdev_mark_auto_del(s->qdev.conf.bs);
1634 }
1635
1636 static void scsi_cd_change_media_cb(void *opaque, bool load)
1637 {
1638 SCSIDiskState *s = opaque;
1639
1640 /*
1641 * When a CD gets changed, we have to report an ejected state and
1642 * then a loaded state to guests so that they detect tray
1643 * open/close and media change events. Guests that do not use
1644 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1645 * states rely on this behavior.
1646 *
1647 * media_changed governs the state machine used for unit attention
1648 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1649 */
1650 s->media_changed = load;
1651 s->tray_open = !load;
1652 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1653 s->media_event = true;
1654 s->eject_request = false;
1655 }
1656
1657 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1658 {
1659 SCSIDiskState *s = opaque;
1660
1661 s->eject_request = true;
1662 if (force) {
1663 s->tray_locked = false;
1664 }
1665 }
1666
1667 static bool scsi_cd_is_tray_open(void *opaque)
1668 {
1669 return ((SCSIDiskState *)opaque)->tray_open;
1670 }
1671
1672 static bool scsi_cd_is_medium_locked(void *opaque)
1673 {
1674 return ((SCSIDiskState *)opaque)->tray_locked;
1675 }
1676
1677 static const BlockDevOps scsi_cd_block_ops = {
1678 .change_media_cb = scsi_cd_change_media_cb,
1679 .eject_request_cb = scsi_cd_eject_request_cb,
1680 .is_tray_open = scsi_cd_is_tray_open,
1681 .is_medium_locked = scsi_cd_is_medium_locked,
1682 };
1683
1684 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1685 {
1686 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1687 if (s->media_changed) {
1688 s->media_changed = false;
1689 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1690 }
1691 }
1692
1693 static int scsi_initfn(SCSIDevice *dev)
1694 {
1695 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1696 DriveInfo *dinfo;
1697
1698 if (!s->qdev.conf.bs) {
1699 error_report("drive property not set");
1700 return -1;
1701 }
1702
1703 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1704 error_report("Device needs media, but drive is empty");
1705 return -1;
1706 }
1707
1708 if (!s->serial) {
1709 /* try to fall back to value set with legacy -drive serial=... */
1710 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1711 if (*dinfo->serial) {
1712 s->serial = g_strdup(dinfo->serial);
1713 }
1714 }
1715
1716 if (!s->version) {
1717 s->version = g_strdup(QEMU_VERSION);
1718 }
1719
1720 if (bdrv_is_sg(s->qdev.conf.bs)) {
1721 error_report("unwanted /dev/sg*");
1722 return -1;
1723 }
1724
1725 if (s->removable) {
1726 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1727 }
1728 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1729
1730 bdrv_iostatus_enable(s->qdev.conf.bs);
1731 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1732 return 0;
1733 }
1734
1735 static int scsi_hd_initfn(SCSIDevice *dev)
1736 {
1737 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1738 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1739 s->qdev.type = TYPE_DISK;
1740 return scsi_initfn(&s->qdev);
1741 }
1742
1743 static int scsi_cd_initfn(SCSIDevice *dev)
1744 {
1745 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1746 s->qdev.blocksize = 2048;
1747 s->qdev.type = TYPE_ROM;
1748 s->removable = true;
1749 return scsi_initfn(&s->qdev);
1750 }
1751
1752 static int scsi_disk_initfn(SCSIDevice *dev)
1753 {
1754 DriveInfo *dinfo;
1755
1756 if (!dev->conf.bs) {
1757 return scsi_initfn(dev); /* ... and die there */
1758 }
1759
1760 dinfo = drive_get_by_blockdev(dev->conf.bs);
1761 if (dinfo->media_cd) {
1762 return scsi_cd_initfn(dev);
1763 } else {
1764 return scsi_hd_initfn(dev);
1765 }
1766 }
1767
1768 static const SCSIReqOps scsi_disk_reqops = {
1769 .size = sizeof(SCSIDiskReq),
1770 .free_req = scsi_free_request,
1771 .send_command = scsi_send_command,
1772 .read_data = scsi_read_data,
1773 .write_data = scsi_write_data,
1774 .cancel_io = scsi_cancel_io,
1775 .get_buf = scsi_get_buf,
1776 .load_request = scsi_disk_load_request,
1777 .save_request = scsi_disk_save_request,
1778 };
1779
1780 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1781 uint8_t *buf, void *hba_private)
1782 {
1783 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1784 SCSIRequest *req;
1785
1786 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1787 return req;
1788 }
1789
1790 #ifdef __linux__
1791 static int get_device_type(SCSIDiskState *s)
1792 {
1793 BlockDriverState *bdrv = s->qdev.conf.bs;
1794 uint8_t cmd[16];
1795 uint8_t buf[36];
1796 uint8_t sensebuf[8];
1797 sg_io_hdr_t io_header;
1798 int ret;
1799
1800 memset(cmd, 0, sizeof(cmd));
1801 memset(buf, 0, sizeof(buf));
1802 cmd[0] = INQUIRY;
1803 cmd[4] = sizeof(buf);
1804
1805 memset(&io_header, 0, sizeof(io_header));
1806 io_header.interface_id = 'S';
1807 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1808 io_header.dxfer_len = sizeof(buf);
1809 io_header.dxferp = buf;
1810 io_header.cmdp = cmd;
1811 io_header.cmd_len = sizeof(cmd);
1812 io_header.mx_sb_len = sizeof(sensebuf);
1813 io_header.sbp = sensebuf;
1814 io_header.timeout = 6000; /* XXX */
1815
1816 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1817 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1818 return -1;
1819 }
1820 s->qdev.type = buf[0];
1821 s->removable = (buf[1] & 0x80) != 0;
1822 return 0;
1823 }
1824
1825 static int scsi_block_initfn(SCSIDevice *dev)
1826 {
1827 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1828 int sg_version;
1829 int rc;
1830
1831 if (!s->qdev.conf.bs) {
1832 error_report("scsi-block: drive property not set");
1833 return -1;
1834 }
1835
1836 /* check we are using a driver managing SG_IO (version 3 and after) */
1837 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1838 sg_version < 30000) {
1839 error_report("scsi-block: scsi generic interface too old");
1840 return -1;
1841 }
1842
1843 /* get device type from INQUIRY data */
1844 rc = get_device_type(s);
1845 if (rc < 0) {
1846 error_report("scsi-block: INQUIRY failed");
1847 return -1;
1848 }
1849
1850 /* Make a guess for the block size, we'll fix it when the guest sends.
1851 * READ CAPACITY. If they don't, they likely would assume these sizes
1852 * anyway. (TODO: check in /sys).
1853 */
1854 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1855 s->qdev.blocksize = 2048;
1856 } else {
1857 s->qdev.blocksize = 512;
1858 }
1859 return scsi_initfn(&s->qdev);
1860 }
1861
1862 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1863 uint32_t lun, uint8_t *buf,
1864 void *hba_private)
1865 {
1866 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1867
1868 switch (buf[0]) {
1869 case READ_6:
1870 case READ_10:
1871 case READ_12:
1872 case READ_16:
1873 case VERIFY_10:
1874 case VERIFY_12:
1875 case VERIFY_16:
1876 case WRITE_6:
1877 case WRITE_10:
1878 case WRITE_12:
1879 case WRITE_16:
1880 case WRITE_VERIFY_10:
1881 case WRITE_VERIFY_12:
1882 case WRITE_VERIFY_16:
1883 /* If we are not using O_DIRECT, we might read stale data from the
1884 * host cache if writes were made using other commands than these
1885 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1886 * O_DIRECT everything must go through SG_IO.
1887 */
1888 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1889 break;
1890 }
1891
1892 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1893 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1894 * And once you do these writes, reading from the block device is
1895 * unreliable, too. It is even possible that reads deliver random data
1896 * from the host page cache (this is probably a Linux bug).
1897 *
1898 * We might use scsi_disk_reqops as long as no writing commands are
1899 * seen, but performance usually isn't paramount on optical media. So,
1900 * just make scsi-block operate the same as scsi-generic for them.
1901 */
1902 if (s->qdev.type == TYPE_ROM) {
1903 break;
1904 }
1905 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1906 hba_private);
1907 }
1908
1909 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1910 hba_private);
1911 }
1912 #endif
1913
1914 #define DEFINE_SCSI_DISK_PROPERTIES() \
1915 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1916 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1917 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1918
1919 static Property scsi_hd_properties[] = {
1920 DEFINE_SCSI_DISK_PROPERTIES(),
1921 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1922 DEFINE_PROP_END_OF_LIST(),
1923 };
1924
1925 static const VMStateDescription vmstate_scsi_disk_state = {
1926 .name = "scsi-disk",
1927 .version_id = 1,
1928 .minimum_version_id = 1,
1929 .minimum_version_id_old = 1,
1930 .fields = (VMStateField[]) {
1931 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1932 VMSTATE_BOOL(media_changed, SCSIDiskState),
1933 VMSTATE_BOOL(media_event, SCSIDiskState),
1934 VMSTATE_BOOL(eject_request, SCSIDiskState),
1935 VMSTATE_BOOL(tray_open, SCSIDiskState),
1936 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1937 VMSTATE_END_OF_LIST()
1938 }
1939 };
1940
1941 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1942 {
1943 DeviceClass *dc = DEVICE_CLASS(klass);
1944 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1945
1946 sc->init = scsi_hd_initfn;
1947 sc->destroy = scsi_destroy;
1948 sc->alloc_req = scsi_new_request;
1949 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1950 dc->fw_name = "disk";
1951 dc->desc = "virtual SCSI disk";
1952 dc->reset = scsi_disk_reset;
1953 dc->props = scsi_hd_properties;
1954 dc->vmsd = &vmstate_scsi_disk_state;
1955 }
1956
1957 static TypeInfo scsi_hd_info = {
1958 .name = "scsi-hd",
1959 .parent = TYPE_SCSI_DEVICE,
1960 .instance_size = sizeof(SCSIDiskState),
1961 .class_init = scsi_hd_class_initfn,
1962 };
1963
1964 static Property scsi_cd_properties[] = {
1965 DEFINE_SCSI_DISK_PROPERTIES(),
1966 DEFINE_PROP_END_OF_LIST(),
1967 };
1968
1969 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1970 {
1971 DeviceClass *dc = DEVICE_CLASS(klass);
1972 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1973
1974 sc->init = scsi_cd_initfn;
1975 sc->destroy = scsi_destroy;
1976 sc->alloc_req = scsi_new_request;
1977 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1978 dc->fw_name = "disk";
1979 dc->desc = "virtual SCSI CD-ROM";
1980 dc->reset = scsi_disk_reset;
1981 dc->props = scsi_cd_properties;
1982 dc->vmsd = &vmstate_scsi_disk_state;
1983 }
1984
1985 static TypeInfo scsi_cd_info = {
1986 .name = "scsi-cd",
1987 .parent = TYPE_SCSI_DEVICE,
1988 .instance_size = sizeof(SCSIDiskState),
1989 .class_init = scsi_cd_class_initfn,
1990 };
1991
1992 #ifdef __linux__
1993 static Property scsi_block_properties[] = {
1994 DEFINE_SCSI_DISK_PROPERTIES(),
1995 DEFINE_PROP_END_OF_LIST(),
1996 };
1997
1998 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
1999 {
2000 DeviceClass *dc = DEVICE_CLASS(klass);
2001 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2002
2003 sc->init = scsi_block_initfn;
2004 sc->destroy = scsi_destroy;
2005 sc->alloc_req = scsi_block_new_request;
2006 dc->fw_name = "disk";
2007 dc->desc = "SCSI block device passthrough";
2008 dc->reset = scsi_disk_reset;
2009 dc->props = scsi_block_properties;
2010 dc->vmsd = &vmstate_scsi_disk_state;
2011 }
2012
2013 static TypeInfo scsi_block_info = {
2014 .name = "scsi-block",
2015 .parent = TYPE_SCSI_DEVICE,
2016 .instance_size = sizeof(SCSIDiskState),
2017 .class_init = scsi_block_class_initfn,
2018 };
2019 #endif
2020
2021 static Property scsi_disk_properties[] = {
2022 DEFINE_SCSI_DISK_PROPERTIES(),
2023 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
2024 DEFINE_PROP_END_OF_LIST(),
2025 };
2026
2027 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2028 {
2029 DeviceClass *dc = DEVICE_CLASS(klass);
2030 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2031
2032 sc->init = scsi_disk_initfn;
2033 sc->destroy = scsi_destroy;
2034 sc->alloc_req = scsi_new_request;
2035 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2036 dc->fw_name = "disk";
2037 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2038 dc->reset = scsi_disk_reset;
2039 dc->props = scsi_disk_properties;
2040 dc->vmsd = &vmstate_scsi_disk_state;
2041 }
2042
2043 static TypeInfo scsi_disk_info = {
2044 .name = "scsi-disk",
2045 .parent = TYPE_SCSI_DEVICE,
2046 .instance_size = sizeof(SCSIDiskState),
2047 .class_init = scsi_disk_class_initfn,
2048 };
2049
2050 static void scsi_disk_register_types(void)
2051 {
2052 type_register_static(&scsi_hd_info);
2053 type_register_static(&scsi_cd_info);
2054 #ifdef __linux__
2055 type_register_static(&scsi_block_info);
2056 #endif
2057 type_register_static(&scsi_disk_info);
2058 }
2059
2060 type_init(scsi_disk_register_types)
Qemu copy for testing