]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi: change "removable" field to host many features
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41 #include "dma.h"
42
43 #ifdef __linux
44 #include <scsi/sg.h>
45 #endif
46
47 #define SCSI_DMA_BUF_SIZE 131072
48 #define SCSI_MAX_INQUIRY_LEN 256
49
50 typedef struct SCSIDiskState SCSIDiskState;
51
52 typedef struct SCSIDiskReq {
53 SCSIRequest req;
54 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
55 uint64_t sector;
56 uint32_t sector_count;
57 uint32_t buflen;
58 bool started;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 BlockAcctCookie acct;
62 } SCSIDiskReq;
63
64 #define SCSI_DISK_F_REMOVABLE 0
65
66 struct SCSIDiskState
67 {
68 SCSIDevice qdev;
69 uint32_t features;
70 bool media_changed;
71 bool media_event;
72 bool eject_request;
73 QEMUBH *bh;
74 char *version;
75 char *serial;
76 bool tray_open;
77 bool tray_locked;
78 };
79
80 static int scsi_handle_rw_error(SCSIDiskReq *r, int error);
81
82 static void scsi_free_request(SCSIRequest *req)
83 {
84 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
85
86 if (r->iov.iov_base) {
87 qemu_vfree(r->iov.iov_base);
88 }
89 }
90
91 /* Helper function for command completion with sense. */
92 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
93 {
94 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
95 r->req.tag, sense.key, sense.asc, sense.ascq);
96 scsi_req_build_sense(&r->req, sense);
97 scsi_req_complete(&r->req, CHECK_CONDITION);
98 }
99
100 /* Cancel a pending data transfer. */
101 static void scsi_cancel_io(SCSIRequest *req)
102 {
103 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
104
105 DPRINTF("Cancel tag=0x%x\n", req->tag);
106 if (r->req.aiocb) {
107 bdrv_aio_cancel(r->req.aiocb);
108
109 /* This reference was left in by scsi_*_data. We take ownership of
110 * it the moment scsi_req_cancel is called, independent of whether
111 * bdrv_aio_cancel completes the request or not. */
112 scsi_req_unref(&r->req);
113 }
114 r->req.aiocb = NULL;
115 }
116
117 static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
118 {
119 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
120
121 if (!r->iov.iov_base) {
122 r->buflen = size;
123 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
124 }
125 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
126 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
127 return r->qiov.size / 512;
128 }
129
130 static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
131 {
132 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
133
134 qemu_put_be64s(f, &r->sector);
135 qemu_put_be32s(f, &r->sector_count);
136 qemu_put_be32s(f, &r->buflen);
137 if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
138 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
139 }
140 }
141
142 static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
143 {
144 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
145
146 qemu_get_be64s(f, &r->sector);
147 qemu_get_be32s(f, &r->sector_count);
148 qemu_get_be32s(f, &r->buflen);
149 if (r->buflen) {
150 scsi_init_iovec(r, r->buflen);
151 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
152 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 }
154 }
155
156 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
157 }
158
159 static void scsi_flush_complete(void * opaque, int ret)
160 {
161 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
162 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
163
164 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
165
166 if (ret < 0) {
167 if (scsi_handle_rw_error(r, -ret)) {
168 goto done;
169 }
170 }
171
172 scsi_req_complete(&r->req, GOOD);
173
174 done:
175 if (!r->req.io_canceled) {
176 scsi_req_unref(&r->req);
177 }
178 }
179
180 static bool scsi_is_cmd_fua(SCSICommand *cmd)
181 {
182 switch (cmd->buf[0]) {
183 case READ_10:
184 case READ_12:
185 case READ_16:
186 case WRITE_10:
187 case WRITE_12:
188 case WRITE_16:
189 return (cmd->buf[1] & 8) != 0;
190
191 case VERIFY_10:
192 case VERIFY_12:
193 case VERIFY_16:
194 case WRITE_VERIFY_10:
195 case WRITE_VERIFY_12:
196 case WRITE_VERIFY_16:
197 return true;
198
199 case READ_6:
200 case WRITE_6:
201 default:
202 return false;
203 }
204 }
205
206 static void scsi_write_do_fua(SCSIDiskReq *r)
207 {
208 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
209
210 if (scsi_is_cmd_fua(&r->req.cmd)) {
211 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
212 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
213 return;
214 }
215
216 scsi_req_complete(&r->req, GOOD);
217 if (!r->req.io_canceled) {
218 scsi_req_unref(&r->req);
219 }
220 }
221
222 static void scsi_dma_complete(void *opaque, int ret)
223 {
224 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
225 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
226
227 if (r->req.aiocb != NULL) {
228 r->req.aiocb = NULL;
229 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
230 }
231
232 if (ret < 0) {
233 if (scsi_handle_rw_error(r, -ret)) {
234 goto done;
235 }
236 }
237
238 r->sector += r->sector_count;
239 r->sector_count = 0;
240 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
241 scsi_write_do_fua(r);
242 return;
243 } else {
244 scsi_req_complete(&r->req, GOOD);
245 }
246
247 done:
248 if (!r->req.io_canceled) {
249 scsi_req_unref(&r->req);
250 }
251 }
252
253 static void scsi_read_complete(void * opaque, int ret)
254 {
255 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
256 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
257 int n;
258
259 if (r->req.aiocb != NULL) {
260 r->req.aiocb = NULL;
261 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
262 }
263
264 if (ret < 0) {
265 if (scsi_handle_rw_error(r, -ret)) {
266 goto done;
267 }
268 }
269
270 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
271
272 n = r->qiov.size / 512;
273 r->sector += n;
274 r->sector_count -= n;
275 scsi_req_data(&r->req, r->qiov.size);
276
277 done:
278 if (!r->req.io_canceled) {
279 scsi_req_unref(&r->req);
280 }
281 }
282
283 /* Actually issue a read to the block device. */
284 static void scsi_do_read(void *opaque, int ret)
285 {
286 SCSIDiskReq *r = opaque;
287 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
288 uint32_t n;
289
290 if (r->req.aiocb != NULL) {
291 r->req.aiocb = NULL;
292 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
293 }
294
295 if (ret < 0) {
296 if (scsi_handle_rw_error(r, -ret)) {
297 goto done;
298 }
299 }
300
301 if (r->req.io_canceled) {
302 return;
303 }
304
305 /* The request is used as the AIO opaque value, so add a ref. */
306 scsi_req_ref(&r->req);
307
308 if (r->req.sg) {
309 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
310 r->req.resid -= r->req.sg->size;
311 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
312 scsi_dma_complete, r);
313 } else {
314 n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
315 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
316 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
317 scsi_read_complete, r);
318 }
319
320 done:
321 if (!r->req.io_canceled) {
322 scsi_req_unref(&r->req);
323 }
324 }
325
326 /* Read more data from scsi device into buffer. */
327 static void scsi_read_data(SCSIRequest *req)
328 {
329 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
330 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
331 bool first;
332
333 if (r->sector_count == (uint32_t)-1) {
334 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
335 r->sector_count = 0;
336 r->started = true;
337 scsi_req_data(&r->req, r->iov.iov_len);
338 return;
339 }
340 DPRINTF("Read sector_count=%d\n", r->sector_count);
341 if (r->sector_count == 0) {
342 /* This also clears the sense buffer for REQUEST SENSE. */
343 scsi_req_complete(&r->req, GOOD);
344 return;
345 }
346
347 /* No data transfer may already be in progress */
348 assert(r->req.aiocb == NULL);
349
350 /* The request is used as the AIO opaque value, so add a ref. */
351 scsi_req_ref(&r->req);
352 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
353 DPRINTF("Data transfer direction invalid\n");
354 scsi_read_complete(r, -EINVAL);
355 return;
356 }
357
358 if (s->tray_open) {
359 scsi_read_complete(r, -ENOMEDIUM);
360 return;
361 }
362
363 first = !r->started;
364 r->started = true;
365 if (first && scsi_is_cmd_fua(&r->req.cmd)) {
366 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
367 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_do_read, r);
368 } else {
369 scsi_do_read(r, 0);
370 }
371 }
372
373 /*
374 * scsi_handle_rw_error has two return values. 0 means that the error
375 * must be ignored, 1 means that the error has been processed and the
376 * caller should not do anything else for this request. Note that
377 * scsi_handle_rw_error always manages its reference counts, independent
378 * of the return value.
379 */
380 static int scsi_handle_rw_error(SCSIDiskReq *r, int error)
381 {
382 int is_read = (r->req.cmd.xfer == SCSI_XFER_FROM_DEV);
383 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
384 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
385
386 if (action == BLOCK_ERR_IGNORE) {
387 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
388 return 0;
389 }
390
391 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
392 || action == BLOCK_ERR_STOP_ANY) {
393
394 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
395 vm_stop(RUN_STATE_IO_ERROR);
396 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
397 scsi_req_retry(&r->req);
398 } else {
399 switch (error) {
400 case ENOMEDIUM:
401 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
402 break;
403 case ENOMEM:
404 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
405 break;
406 case EINVAL:
407 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
408 break;
409 default:
410 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
411 break;
412 }
413 bdrv_emit_qmp_error_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
414 }
415 return 1;
416 }
417
418 static void scsi_write_complete(void * opaque, int ret)
419 {
420 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
421 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
422 uint32_t n;
423
424 if (r->req.aiocb != NULL) {
425 r->req.aiocb = NULL;
426 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
427 }
428
429 if (ret < 0) {
430 if (scsi_handle_rw_error(r, -ret)) {
431 goto done;
432 }
433 }
434
435 n = r->qiov.size / 512;
436 r->sector += n;
437 r->sector_count -= n;
438 if (r->sector_count == 0) {
439 scsi_write_do_fua(r);
440 return;
441 } else {
442 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
443 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
444 scsi_req_data(&r->req, r->qiov.size);
445 }
446
447 done:
448 if (!r->req.io_canceled) {
449 scsi_req_unref(&r->req);
450 }
451 }
452
453 static void scsi_write_data(SCSIRequest *req)
454 {
455 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
456 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
457 uint32_t n;
458
459 /* No data transfer may already be in progress */
460 assert(r->req.aiocb == NULL);
461
462 /* The request is used as the AIO opaque value, so add a ref. */
463 scsi_req_ref(&r->req);
464 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
465 DPRINTF("Data transfer direction invalid\n");
466 scsi_write_complete(r, -EINVAL);
467 return;
468 }
469
470 if (!r->req.sg && !r->qiov.size) {
471 /* Called for the first time. Ask the driver to send us more data. */
472 r->started = true;
473 scsi_write_complete(r, 0);
474 return;
475 }
476 if (s->tray_open) {
477 scsi_write_complete(r, -ENOMEDIUM);
478 return;
479 }
480
481 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
482 r->req.cmd.buf[0] == VERIFY_16) {
483 if (r->req.sg) {
484 scsi_dma_complete(r, 0);
485 } else {
486 scsi_write_complete(r, 0);
487 }
488 return;
489 }
490
491 if (r->req.sg) {
492 dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
493 r->req.resid -= r->req.sg->size;
494 r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
495 scsi_dma_complete, r);
496 } else {
497 n = r->qiov.size / 512;
498 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
499 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
500 scsi_write_complete, r);
501 }
502 }
503
504 /* Return a pointer to the data buffer. */
505 static uint8_t *scsi_get_buf(SCSIRequest *req)
506 {
507 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
508
509 return (uint8_t *)r->iov.iov_base;
510 }
511
512 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
513 {
514 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
515 int buflen = 0;
516
517 if (req->cmd.buf[1] & 0x2) {
518 /* Command support data - optional, not implemented */
519 BADF("optional INQUIRY command support request not implemented\n");
520 return -1;
521 }
522
523 if (req->cmd.buf[1] & 0x1) {
524 /* Vital product data */
525 uint8_t page_code = req->cmd.buf[2];
526 if (req->cmd.xfer < 4) {
527 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
528 "less than 4\n", page_code, req->cmd.xfer);
529 return -1;
530 }
531
532 outbuf[buflen++] = s->qdev.type & 0x1f;
533 outbuf[buflen++] = page_code ; // this page
534 outbuf[buflen++] = 0x00;
535
536 switch (page_code) {
537 case 0x00: /* Supported page codes, mandatory */
538 {
539 int pages;
540 DPRINTF("Inquiry EVPD[Supported pages] "
541 "buffer size %zd\n", req->cmd.xfer);
542 pages = buflen++;
543 outbuf[buflen++] = 0x00; // list of supported pages (this page)
544 if (s->serial) {
545 outbuf[buflen++] = 0x80; // unit serial number
546 }
547 outbuf[buflen++] = 0x83; // device identification
548 if (s->qdev.type == TYPE_DISK) {
549 outbuf[buflen++] = 0xb0; // block limits
550 outbuf[buflen++] = 0xb2; // thin provisioning
551 }
552 outbuf[pages] = buflen - pages - 1; // number of pages
553 break;
554 }
555 case 0x80: /* Device serial number, optional */
556 {
557 int l;
558
559 if (!s->serial) {
560 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
561 return -1;
562 }
563
564 l = strlen(s->serial);
565 if (l > 20) {
566 l = 20;
567 }
568
569 DPRINTF("Inquiry EVPD[Serial number] "
570 "buffer size %zd\n", req->cmd.xfer);
571 outbuf[buflen++] = l;
572 memcpy(outbuf+buflen, s->serial, l);
573 buflen += l;
574 break;
575 }
576
577 case 0x83: /* Device identification page, mandatory */
578 {
579 const char *str = s->serial ?: bdrv_get_device_name(s->qdev.conf.bs);
580 int max_len = s->serial ? 20 : 255 - 8;
581 int id_len = strlen(str);
582
583 if (id_len > max_len) {
584 id_len = max_len;
585 }
586 DPRINTF("Inquiry EVPD[Device identification] "
587 "buffer size %zd\n", req->cmd.xfer);
588
589 outbuf[buflen++] = 4 + id_len;
590 outbuf[buflen++] = 0x2; // ASCII
591 outbuf[buflen++] = 0; // not officially assigned
592 outbuf[buflen++] = 0; // reserved
593 outbuf[buflen++] = id_len; // length of data following
594
595 memcpy(outbuf+buflen, str, id_len);
596 buflen += id_len;
597 break;
598 }
599 case 0xb0: /* block limits */
600 {
601 unsigned int unmap_sectors =
602 s->qdev.conf.discard_granularity / s->qdev.blocksize;
603 unsigned int min_io_size =
604 s->qdev.conf.min_io_size / s->qdev.blocksize;
605 unsigned int opt_io_size =
606 s->qdev.conf.opt_io_size / s->qdev.blocksize;
607
608 if (s->qdev.type == TYPE_ROM) {
609 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
610 page_code);
611 return -1;
612 }
613 /* required VPD size with unmap support */
614 outbuf[3] = buflen = 0x3c;
615
616 memset(outbuf + 4, 0, buflen - 4);
617
618 /* optimal transfer length granularity */
619 outbuf[6] = (min_io_size >> 8) & 0xff;
620 outbuf[7] = min_io_size & 0xff;
621
622 /* optimal transfer length */
623 outbuf[12] = (opt_io_size >> 24) & 0xff;
624 outbuf[13] = (opt_io_size >> 16) & 0xff;
625 outbuf[14] = (opt_io_size >> 8) & 0xff;
626 outbuf[15] = opt_io_size & 0xff;
627
628 /* optimal unmap granularity */
629 outbuf[28] = (unmap_sectors >> 24) & 0xff;
630 outbuf[29] = (unmap_sectors >> 16) & 0xff;
631 outbuf[30] = (unmap_sectors >> 8) & 0xff;
632 outbuf[31] = unmap_sectors & 0xff;
633 break;
634 }
635 case 0xb2: /* thin provisioning */
636 {
637 outbuf[3] = buflen = 8;
638 outbuf[4] = 0;
639 outbuf[5] = 0x60; /* write_same 10/16 supported */
640 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
641 outbuf[7] = 0;
642 break;
643 }
644 default:
645 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
646 "buffer size %zd\n", page_code, req->cmd.xfer);
647 return -1;
648 }
649 /* done with EVPD */
650 return buflen;
651 }
652
653 /* Standard INQUIRY data */
654 if (req->cmd.buf[2] != 0) {
655 BADF("Error: Inquiry (STANDARD) page or code "
656 "is non-zero [%02X]\n", req->cmd.buf[2]);
657 return -1;
658 }
659
660 /* PAGE CODE == 0 */
661 if (req->cmd.xfer < 5) {
662 BADF("Error: Inquiry (STANDARD) buffer size %zd "
663 "is less than 5\n", req->cmd.xfer);
664 return -1;
665 }
666
667 buflen = req->cmd.xfer;
668 if (buflen > SCSI_MAX_INQUIRY_LEN) {
669 buflen = SCSI_MAX_INQUIRY_LEN;
670 }
671 memset(outbuf, 0, buflen);
672
673 outbuf[0] = s->qdev.type & 0x1f;
674 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
675 if (s->qdev.type == TYPE_ROM) {
676 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
677 } else {
678 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
679 }
680 memcpy(&outbuf[8], "QEMU ", 8);
681 memset(&outbuf[32], 0, 4);
682 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
683 /*
684 * We claim conformance to SPC-3, which is required for guests
685 * to ask for modern features like READ CAPACITY(16) or the
686 * block characteristics VPD page by default. Not all of SPC-3
687 * is actually implemented, but we're good enough.
688 */
689 outbuf[2] = 5;
690 outbuf[3] = 2; /* Format 2 */
691
692 if (buflen > 36) {
693 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
694 } else {
695 /* If the allocation length of CDB is too small,
696 the additional length is not adjusted */
697 outbuf[4] = 36 - 5;
698 }
699
700 /* Sync data transfer and TCQ. */
701 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
702 return buflen;
703 }
704
705 static inline bool media_is_dvd(SCSIDiskState *s)
706 {
707 uint64_t nb_sectors;
708 if (s->qdev.type != TYPE_ROM) {
709 return false;
710 }
711 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
712 return false;
713 }
714 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
715 return nb_sectors > CD_MAX_SECTORS;
716 }
717
718 static inline bool media_is_cd(SCSIDiskState *s)
719 {
720 uint64_t nb_sectors;
721 if (s->qdev.type != TYPE_ROM) {
722 return false;
723 }
724 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
725 return false;
726 }
727 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
728 return nb_sectors <= CD_MAX_SECTORS;
729 }
730
731 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
732 uint8_t *outbuf)
733 {
734 static const int rds_caps_size[5] = {
735 [0] = 2048 + 4,
736 [1] = 4 + 4,
737 [3] = 188 + 4,
738 [4] = 2048 + 4,
739 };
740
741 uint8_t media = r->req.cmd.buf[1];
742 uint8_t layer = r->req.cmd.buf[6];
743 uint8_t format = r->req.cmd.buf[7];
744 int size = -1;
745
746 if (s->qdev.type != TYPE_ROM) {
747 return -1;
748 }
749 if (media != 0) {
750 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
751 return -1;
752 }
753
754 if (format != 0xff) {
755 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
756 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
757 return -1;
758 }
759 if (media_is_cd(s)) {
760 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
761 return -1;
762 }
763 if (format >= ARRAY_SIZE(rds_caps_size)) {
764 return -1;
765 }
766 size = rds_caps_size[format];
767 memset(outbuf, 0, size);
768 }
769
770 switch (format) {
771 case 0x00: {
772 /* Physical format information */
773 uint64_t nb_sectors;
774 if (layer != 0) {
775 goto fail;
776 }
777 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
778
779 outbuf[4] = 1; /* DVD-ROM, part version 1 */
780 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
781 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
782 outbuf[7] = 0; /* default densities */
783
784 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
785 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
786 break;
787 }
788
789 case 0x01: /* DVD copyright information, all zeros */
790 break;
791
792 case 0x03: /* BCA information - invalid field for no BCA info */
793 return -1;
794
795 case 0x04: /* DVD disc manufacturing information, all zeros */
796 break;
797
798 case 0xff: { /* List capabilities */
799 int i;
800 size = 4;
801 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
802 if (!rds_caps_size[i]) {
803 continue;
804 }
805 outbuf[size] = i;
806 outbuf[size + 1] = 0x40; /* Not writable, readable */
807 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
808 size += 4;
809 }
810 break;
811 }
812
813 default:
814 return -1;
815 }
816
817 /* Size of buffer, not including 2 byte size field */
818 stw_be_p(outbuf, size - 2);
819 return size;
820
821 fail:
822 return -1;
823 }
824
825 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
826 {
827 uint8_t event_code, media_status;
828
829 media_status = 0;
830 if (s->tray_open) {
831 media_status = MS_TRAY_OPEN;
832 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
833 media_status = MS_MEDIA_PRESENT;
834 }
835
836 /* Event notification descriptor */
837 event_code = MEC_NO_CHANGE;
838 if (media_status != MS_TRAY_OPEN) {
839 if (s->media_event) {
840 event_code = MEC_NEW_MEDIA;
841 s->media_event = false;
842 } else if (s->eject_request) {
843 event_code = MEC_EJECT_REQUESTED;
844 s->eject_request = false;
845 }
846 }
847
848 outbuf[0] = event_code;
849 outbuf[1] = media_status;
850
851 /* These fields are reserved, just clear them. */
852 outbuf[2] = 0;
853 outbuf[3] = 0;
854 return 4;
855 }
856
857 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
858 uint8_t *outbuf)
859 {
860 int size;
861 uint8_t *buf = r->req.cmd.buf;
862 uint8_t notification_class_request = buf[4];
863 if (s->qdev.type != TYPE_ROM) {
864 return -1;
865 }
866 if ((buf[1] & 1) == 0) {
867 /* asynchronous */
868 return -1;
869 }
870
871 size = 4;
872 outbuf[0] = outbuf[1] = 0;
873 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
874 if (notification_class_request & (1 << GESN_MEDIA)) {
875 outbuf[2] = GESN_MEDIA;
876 size += scsi_event_status_media(s, &outbuf[size]);
877 } else {
878 outbuf[2] = 0x80;
879 }
880 stw_be_p(outbuf, size - 4);
881 return size;
882 }
883
884 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
885 {
886 int current;
887
888 if (s->qdev.type != TYPE_ROM) {
889 return -1;
890 }
891 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
892 memset(outbuf, 0, 40);
893 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
894 stw_be_p(&outbuf[6], current);
895 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
896 outbuf[10] = 0x03; /* persistent, current */
897 outbuf[11] = 8; /* two profiles */
898 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
899 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
900 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
901 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
902 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
903 stw_be_p(&outbuf[20], 1);
904 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
905 outbuf[23] = 8;
906 stl_be_p(&outbuf[24], 1); /* SCSI */
907 outbuf[28] = 1; /* DBE = 1, mandatory */
908 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
909 stw_be_p(&outbuf[32], 3);
910 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
911 outbuf[35] = 4;
912 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
913 /* TODO: Random readable, CD read, DVD read, drive serial number,
914 power management */
915 return 40;
916 }
917
918 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
919 {
920 if (s->qdev.type != TYPE_ROM) {
921 return -1;
922 }
923 memset(outbuf, 0, 8);
924 outbuf[5] = 1; /* CD-ROM */
925 return 8;
926 }
927
928 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
929 int page_control)
930 {
931 static const int mode_sense_valid[0x3f] = {
932 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
933 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
934 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
935 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
936 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
937 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
938 };
939
940 BlockDriverState *bdrv = s->qdev.conf.bs;
941 int cylinders, heads, secs;
942 uint8_t *p = *p_outbuf;
943
944 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
945 return -1;
946 }
947
948 p[0] = page;
949
950 /*
951 * If Changeable Values are requested, a mask denoting those mode parameters
952 * that are changeable shall be returned. As we currently don't support
953 * parameter changes via MODE_SELECT all bits are returned set to zero.
954 * The buffer was already menset to zero by the caller of this function.
955 */
956 switch (page) {
957 case MODE_PAGE_HD_GEOMETRY:
958 p[1] = 0x16;
959 if (page_control == 1) { /* Changeable Values */
960 break;
961 }
962 /* if a geometry hint is available, use it */
963 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
964 p[2] = (cylinders >> 16) & 0xff;
965 p[3] = (cylinders >> 8) & 0xff;
966 p[4] = cylinders & 0xff;
967 p[5] = heads & 0xff;
968 /* Write precomp start cylinder, disabled */
969 p[6] = (cylinders >> 16) & 0xff;
970 p[7] = (cylinders >> 8) & 0xff;
971 p[8] = cylinders & 0xff;
972 /* Reduced current start cylinder, disabled */
973 p[9] = (cylinders >> 16) & 0xff;
974 p[10] = (cylinders >> 8) & 0xff;
975 p[11] = cylinders & 0xff;
976 /* Device step rate [ns], 200ns */
977 p[12] = 0;
978 p[13] = 200;
979 /* Landing zone cylinder */
980 p[14] = 0xff;
981 p[15] = 0xff;
982 p[16] = 0xff;
983 /* Medium rotation rate [rpm], 5400 rpm */
984 p[20] = (5400 >> 8) & 0xff;
985 p[21] = 5400 & 0xff;
986 break;
987
988 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
989 p[1] = 0x1e;
990 if (page_control == 1) { /* Changeable Values */
991 break;
992 }
993 /* Transfer rate [kbit/s], 5Mbit/s */
994 p[2] = 5000 >> 8;
995 p[3] = 5000 & 0xff;
996 /* if a geometry hint is available, use it */
997 bdrv_guess_geometry(bdrv, &cylinders, &heads, &secs);
998 p[4] = heads & 0xff;
999 p[5] = secs & 0xff;
1000 p[6] = s->qdev.blocksize >> 8;
1001 p[8] = (cylinders >> 8) & 0xff;
1002 p[9] = cylinders & 0xff;
1003 /* Write precomp start cylinder, disabled */
1004 p[10] = (cylinders >> 8) & 0xff;
1005 p[11] = cylinders & 0xff;
1006 /* Reduced current start cylinder, disabled */
1007 p[12] = (cylinders >> 8) & 0xff;
1008 p[13] = cylinders & 0xff;
1009 /* Device step rate [100us], 100us */
1010 p[14] = 0;
1011 p[15] = 1;
1012 /* Device step pulse width [us], 1us */
1013 p[16] = 1;
1014 /* Device head settle delay [100us], 100us */
1015 p[17] = 0;
1016 p[18] = 1;
1017 /* Motor on delay [0.1s], 0.1s */
1018 p[19] = 1;
1019 /* Motor off delay [0.1s], 0.1s */
1020 p[20] = 1;
1021 /* Medium rotation rate [rpm], 5400 rpm */
1022 p[28] = (5400 >> 8) & 0xff;
1023 p[29] = 5400 & 0xff;
1024 break;
1025
1026 case MODE_PAGE_CACHING:
1027 p[0] = 8;
1028 p[1] = 0x12;
1029 if (page_control == 1) { /* Changeable Values */
1030 break;
1031 }
1032 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
1033 p[2] = 4; /* WCE */
1034 }
1035 break;
1036
1037 case MODE_PAGE_R_W_ERROR:
1038 p[1] = 10;
1039 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
1040 if (s->qdev.type == TYPE_ROM) {
1041 p[3] = 0x20; /* Read Retry Count */
1042 }
1043 break;
1044
1045 case MODE_PAGE_AUDIO_CTL:
1046 p[1] = 14;
1047 break;
1048
1049 case MODE_PAGE_CAPABILITIES:
1050 p[1] = 0x14;
1051 if (page_control == 1) { /* Changeable Values */
1052 break;
1053 }
1054
1055 p[2] = 0x3b; /* CD-R & CD-RW read */
1056 p[3] = 0; /* Writing not supported */
1057 p[4] = 0x7f; /* Audio, composite, digital out,
1058 mode 2 form 1&2, multi session */
1059 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
1060 RW corrected, C2 errors, ISRC,
1061 UPC, Bar code */
1062 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
1063 /* Locking supported, jumper present, eject, tray */
1064 p[7] = 0; /* no volume & mute control, no
1065 changer */
1066 p[8] = (50 * 176) >> 8; /* 50x read speed */
1067 p[9] = (50 * 176) & 0xff;
1068 p[10] = 2 >> 8; /* Two volume levels */
1069 p[11] = 2 & 0xff;
1070 p[12] = 2048 >> 8; /* 2M buffer */
1071 p[13] = 2048 & 0xff;
1072 p[14] = (16 * 176) >> 8; /* 16x read speed current */
1073 p[15] = (16 * 176) & 0xff;
1074 p[18] = (16 * 176) >> 8; /* 16x write speed */
1075 p[19] = (16 * 176) & 0xff;
1076 p[20] = (16 * 176) >> 8; /* 16x write speed current */
1077 p[21] = (16 * 176) & 0xff;
1078 break;
1079
1080 default:
1081 return -1;
1082 }
1083
1084 *p_outbuf += p[1] + 2;
1085 return p[1] + 2;
1086 }
1087
1088 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
1089 {
1090 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1091 uint64_t nb_sectors;
1092 bool dbd;
1093 int page, buflen, ret, page_control;
1094 uint8_t *p;
1095 uint8_t dev_specific_param;
1096
1097 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
1098 page = r->req.cmd.buf[2] & 0x3f;
1099 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
1100 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
1101 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1102 memset(outbuf, 0, r->req.cmd.xfer);
1103 p = outbuf;
1104
1105 if (s->qdev.type == TYPE_DISK) {
1106 dev_specific_param = 0x10; /* DPOFUA */
1107 if (bdrv_is_read_only(s->qdev.conf.bs)) {
1108 dev_specific_param |= 0x80; /* Readonly. */
1109 }
1110 } else {
1111 /* MMC prescribes that CD/DVD drives have no block descriptors,
1112 * and defines no device-specific parameter. */
1113 dev_specific_param = 0x00;
1114 dbd = true;
1115 }
1116
1117 if (r->req.cmd.buf[0] == MODE_SENSE) {
1118 p[1] = 0; /* Default media type. */
1119 p[2] = dev_specific_param;
1120 p[3] = 0; /* Block descriptor length. */
1121 p += 4;
1122 } else { /* MODE_SENSE_10 */
1123 p[2] = 0; /* Default media type. */
1124 p[3] = dev_specific_param;
1125 p[6] = p[7] = 0; /* Block descriptor length. */
1126 p += 8;
1127 }
1128
1129 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1130 if (!dbd && nb_sectors) {
1131 if (r->req.cmd.buf[0] == MODE_SENSE) {
1132 outbuf[3] = 8; /* Block descriptor length */
1133 } else { /* MODE_SENSE_10 */
1134 outbuf[7] = 8; /* Block descriptor length */
1135 }
1136 nb_sectors /= (s->qdev.blocksize / 512);
1137 if (nb_sectors > 0xffffff) {
1138 nb_sectors = 0;
1139 }
1140 p[0] = 0; /* media density code */
1141 p[1] = (nb_sectors >> 16) & 0xff;
1142 p[2] = (nb_sectors >> 8) & 0xff;
1143 p[3] = nb_sectors & 0xff;
1144 p[4] = 0; /* reserved */
1145 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1146 p[6] = s->qdev.blocksize >> 8;
1147 p[7] = 0;
1148 p += 8;
1149 }
1150
1151 if (page_control == 3) {
1152 /* Saved Values */
1153 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1154 return -1;
1155 }
1156
1157 if (page == 0x3f) {
1158 for (page = 0; page <= 0x3e; page++) {
1159 mode_sense_page(s, page, &p, page_control);
1160 }
1161 } else {
1162 ret = mode_sense_page(s, page, &p, page_control);
1163 if (ret == -1) {
1164 return -1;
1165 }
1166 }
1167
1168 buflen = p - outbuf;
1169 /*
1170 * The mode data length field specifies the length in bytes of the
1171 * following data that is available to be transferred. The mode data
1172 * length does not include itself.
1173 */
1174 if (r->req.cmd.buf[0] == MODE_SENSE) {
1175 outbuf[0] = buflen - 1;
1176 } else { /* MODE_SENSE_10 */
1177 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1178 outbuf[1] = (buflen - 2) & 0xff;
1179 }
1180 return buflen;
1181 }
1182
1183 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1184 {
1185 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1186 int start_track, format, msf, toclen;
1187 uint64_t nb_sectors;
1188
1189 msf = req->cmd.buf[1] & 2;
1190 format = req->cmd.buf[2] & 0xf;
1191 start_track = req->cmd.buf[6];
1192 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1193 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1194 nb_sectors /= s->qdev.blocksize / 512;
1195 switch (format) {
1196 case 0:
1197 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1198 break;
1199 case 1:
1200 /* multi session : only a single session defined */
1201 toclen = 12;
1202 memset(outbuf, 0, 12);
1203 outbuf[1] = 0x0a;
1204 outbuf[2] = 0x01;
1205 outbuf[3] = 0x01;
1206 break;
1207 case 2:
1208 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1209 break;
1210 default:
1211 return -1;
1212 }
1213 return toclen;
1214 }
1215
1216 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1217 {
1218 SCSIRequest *req = &r->req;
1219 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1220 bool start = req->cmd.buf[4] & 1;
1221 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1222
1223 if (s->qdev.type == TYPE_ROM && loej) {
1224 if (!start && !s->tray_open && s->tray_locked) {
1225 scsi_check_condition(r,
1226 bdrv_is_inserted(s->qdev.conf.bs)
1227 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1228 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1229 return -1;
1230 }
1231
1232 if (s->tray_open != !start) {
1233 bdrv_eject(s->qdev.conf.bs, !start);
1234 s->tray_open = !start;
1235 }
1236 }
1237 return 0;
1238 }
1239
1240 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1241 {
1242 SCSIRequest *req = &r->req;
1243 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1244 uint64_t nb_sectors;
1245 uint8_t *outbuf;
1246 int buflen = 0;
1247
1248 if (!r->iov.iov_base) {
1249 /*
1250 * FIXME: we shouldn't return anything bigger than 4k, but the code
1251 * requires the buffer to be as big as req->cmd.xfer in several
1252 * places. So, do not allow CDBs with a very large ALLOCATION
1253 * LENGTH. The real fix would be to modify scsi_read_data and
1254 * dma_buf_read, so that they return data beyond the buflen
1255 * as all zeros.
1256 */
1257 if (req->cmd.xfer > 65536) {
1258 goto illegal_request;
1259 }
1260 r->buflen = MAX(4096, req->cmd.xfer);
1261 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1262 }
1263
1264 outbuf = r->iov.iov_base;
1265 switch (req->cmd.buf[0]) {
1266 case TEST_UNIT_READY:
1267 assert(!s->tray_open && bdrv_is_inserted(s->qdev.conf.bs));
1268 break;
1269 case INQUIRY:
1270 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1271 if (buflen < 0) {
1272 goto illegal_request;
1273 }
1274 break;
1275 case MODE_SENSE:
1276 case MODE_SENSE_10:
1277 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1278 if (buflen < 0) {
1279 goto illegal_request;
1280 }
1281 break;
1282 case READ_TOC:
1283 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1284 if (buflen < 0) {
1285 goto illegal_request;
1286 }
1287 break;
1288 case RESERVE:
1289 if (req->cmd.buf[1] & 1) {
1290 goto illegal_request;
1291 }
1292 break;
1293 case RESERVE_10:
1294 if (req->cmd.buf[1] & 3) {
1295 goto illegal_request;
1296 }
1297 break;
1298 case RELEASE:
1299 if (req->cmd.buf[1] & 1) {
1300 goto illegal_request;
1301 }
1302 break;
1303 case RELEASE_10:
1304 if (req->cmd.buf[1] & 3) {
1305 goto illegal_request;
1306 }
1307 break;
1308 case START_STOP:
1309 if (scsi_disk_emulate_start_stop(r) < 0) {
1310 return -1;
1311 }
1312 break;
1313 case ALLOW_MEDIUM_REMOVAL:
1314 s->tray_locked = req->cmd.buf[4] & 1;
1315 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1316 break;
1317 case READ_CAPACITY_10:
1318 /* The normal LEN field for this command is zero. */
1319 memset(outbuf, 0, 8);
1320 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1321 if (!nb_sectors) {
1322 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1323 return -1;
1324 }
1325 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1326 goto illegal_request;
1327 }
1328 nb_sectors /= s->qdev.blocksize / 512;
1329 /* Returned value is the address of the last sector. */
1330 nb_sectors--;
1331 /* Remember the new size for read/write sanity checking. */
1332 s->qdev.max_lba = nb_sectors;
1333 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1334 if (nb_sectors > UINT32_MAX) {
1335 nb_sectors = UINT32_MAX;
1336 }
1337 outbuf[0] = (nb_sectors >> 24) & 0xff;
1338 outbuf[1] = (nb_sectors >> 16) & 0xff;
1339 outbuf[2] = (nb_sectors >> 8) & 0xff;
1340 outbuf[3] = nb_sectors & 0xff;
1341 outbuf[4] = 0;
1342 outbuf[5] = 0;
1343 outbuf[6] = s->qdev.blocksize >> 8;
1344 outbuf[7] = 0;
1345 buflen = 8;
1346 break;
1347 case REQUEST_SENSE:
1348 /* Just return "NO SENSE". */
1349 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1350 (req->cmd.buf[1] & 1) == 0);
1351 break;
1352 case MECHANISM_STATUS:
1353 buflen = scsi_emulate_mechanism_status(s, outbuf);
1354 if (buflen < 0) {
1355 goto illegal_request;
1356 }
1357 break;
1358 case GET_CONFIGURATION:
1359 buflen = scsi_get_configuration(s, outbuf);
1360 if (buflen < 0) {
1361 goto illegal_request;
1362 }
1363 break;
1364 case GET_EVENT_STATUS_NOTIFICATION:
1365 buflen = scsi_get_event_status_notification(s, r, outbuf);
1366 if (buflen < 0) {
1367 goto illegal_request;
1368 }
1369 break;
1370 case READ_DVD_STRUCTURE:
1371 buflen = scsi_read_dvd_structure(s, r, outbuf);
1372 if (buflen < 0) {
1373 goto illegal_request;
1374 }
1375 break;
1376 case SERVICE_ACTION_IN_16:
1377 /* Service Action In subcommands. */
1378 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1379 DPRINTF("SAI READ CAPACITY(16)\n");
1380 memset(outbuf, 0, req->cmd.xfer);
1381 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1382 if (!nb_sectors) {
1383 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1384 return -1;
1385 }
1386 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1387 goto illegal_request;
1388 }
1389 nb_sectors /= s->qdev.blocksize / 512;
1390 /* Returned value is the address of the last sector. */
1391 nb_sectors--;
1392 /* Remember the new size for read/write sanity checking. */
1393 s->qdev.max_lba = nb_sectors;
1394 outbuf[0] = (nb_sectors >> 56) & 0xff;
1395 outbuf[1] = (nb_sectors >> 48) & 0xff;
1396 outbuf[2] = (nb_sectors >> 40) & 0xff;
1397 outbuf[3] = (nb_sectors >> 32) & 0xff;
1398 outbuf[4] = (nb_sectors >> 24) & 0xff;
1399 outbuf[5] = (nb_sectors >> 16) & 0xff;
1400 outbuf[6] = (nb_sectors >> 8) & 0xff;
1401 outbuf[7] = nb_sectors & 0xff;
1402 outbuf[8] = 0;
1403 outbuf[9] = 0;
1404 outbuf[10] = s->qdev.blocksize >> 8;
1405 outbuf[11] = 0;
1406 outbuf[12] = 0;
1407 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1408
1409 /* set TPE bit if the format supports discard */
1410 if (s->qdev.conf.discard_granularity) {
1411 outbuf[14] = 0x80;
1412 }
1413
1414 /* Protection, exponent and lowest lba field left blank. */
1415 buflen = req->cmd.xfer;
1416 break;
1417 }
1418 DPRINTF("Unsupported Service Action In\n");
1419 goto illegal_request;
1420 default:
1421 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1422 return -1;
1423 }
1424 buflen = MIN(buflen, req->cmd.xfer);
1425 return buflen;
1426
1427 illegal_request:
1428 if (r->req.status == -1) {
1429 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1430 }
1431 return -1;
1432 }
1433
1434 /* Execute a scsi command. Returns the length of the data expected by the
1435 command. This will be Positive for data transfers from the device
1436 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1437 and zero if the command does not transfer any data. */
1438
1439 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1440 {
1441 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1442 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1443 int32_t len;
1444 uint8_t command;
1445 int rc;
1446
1447 command = buf[0];
1448 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1449
1450 #ifdef DEBUG_SCSI
1451 {
1452 int i;
1453 for (i = 1; i < r->req.cmd.len; i++) {
1454 printf(" 0x%02x", buf[i]);
1455 }
1456 printf("\n");
1457 }
1458 #endif
1459
1460 switch (command) {
1461 case INQUIRY:
1462 case MODE_SENSE:
1463 case MODE_SENSE_10:
1464 case RESERVE:
1465 case RESERVE_10:
1466 case RELEASE:
1467 case RELEASE_10:
1468 case START_STOP:
1469 case ALLOW_MEDIUM_REMOVAL:
1470 case GET_CONFIGURATION:
1471 case GET_EVENT_STATUS_NOTIFICATION:
1472 case MECHANISM_STATUS:
1473 case REQUEST_SENSE:
1474 break;
1475
1476 default:
1477 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1478 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1479 return 0;
1480 }
1481 break;
1482 }
1483
1484 switch (command) {
1485 case TEST_UNIT_READY:
1486 case INQUIRY:
1487 case MODE_SENSE:
1488 case MODE_SENSE_10:
1489 case RESERVE:
1490 case RESERVE_10:
1491 case RELEASE:
1492 case RELEASE_10:
1493 case START_STOP:
1494 case ALLOW_MEDIUM_REMOVAL:
1495 case READ_CAPACITY_10:
1496 case READ_TOC:
1497 case READ_DVD_STRUCTURE:
1498 case GET_CONFIGURATION:
1499 case GET_EVENT_STATUS_NOTIFICATION:
1500 case MECHANISM_STATUS:
1501 case SERVICE_ACTION_IN_16:
1502 case REQUEST_SENSE:
1503 rc = scsi_disk_emulate_command(r);
1504 if (rc < 0) {
1505 return 0;
1506 }
1507
1508 r->iov.iov_len = rc;
1509 break;
1510 case SYNCHRONIZE_CACHE:
1511 /* The request is used as the AIO opaque value, so add a ref. */
1512 scsi_req_ref(&r->req);
1513 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1514 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1515 return 0;
1516 case READ_6:
1517 case READ_10:
1518 case READ_12:
1519 case READ_16:
1520 len = r->req.cmd.xfer / s->qdev.blocksize;
1521 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1522 if (r->req.cmd.lba > s->qdev.max_lba) {
1523 goto illegal_lba;
1524 }
1525 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1526 r->sector_count = len * (s->qdev.blocksize / 512);
1527 break;
1528 case VERIFY_10:
1529 case VERIFY_12:
1530 case VERIFY_16:
1531 case WRITE_6:
1532 case WRITE_10:
1533 case WRITE_12:
1534 case WRITE_16:
1535 case WRITE_VERIFY_10:
1536 case WRITE_VERIFY_12:
1537 case WRITE_VERIFY_16:
1538 len = r->req.cmd.xfer / s->qdev.blocksize;
1539 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1540 (command & 0xe) == 0xe ? "And Verify " : "",
1541 r->req.cmd.lba, len);
1542 if (r->req.cmd.lba > s->qdev.max_lba) {
1543 goto illegal_lba;
1544 }
1545 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1546 r->sector_count = len * (s->qdev.blocksize / 512);
1547 break;
1548 case MODE_SELECT:
1549 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1550 /* We don't support mode parameter changes.
1551 Allow the mode parameter header + block descriptors only. */
1552 if (r->req.cmd.xfer > 12) {
1553 goto fail;
1554 }
1555 break;
1556 case MODE_SELECT_10:
1557 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1558 /* We don't support mode parameter changes.
1559 Allow the mode parameter header + block descriptors only. */
1560 if (r->req.cmd.xfer > 16) {
1561 goto fail;
1562 }
1563 break;
1564 case SEEK_10:
1565 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
1566 if (r->req.cmd.lba > s->qdev.max_lba) {
1567 goto illegal_lba;
1568 }
1569 break;
1570 case WRITE_SAME_10:
1571 len = lduw_be_p(&buf[7]);
1572 goto write_same;
1573 case WRITE_SAME_16:
1574 len = ldl_be_p(&buf[10]) & 0xffffffffULL;
1575 write_same:
1576
1577 DPRINTF("WRITE SAME() (sector %" PRId64 ", count %d)\n",
1578 r->req.cmd.lba, len);
1579
1580 if (r->req.cmd.lba > s->qdev.max_lba) {
1581 goto illegal_lba;
1582 }
1583
1584 /*
1585 * We only support WRITE SAME with the unmap bit set for now.
1586 */
1587 if (!(buf[1] & 0x8)) {
1588 goto fail;
1589 }
1590
1591 rc = bdrv_discard(s->qdev.conf.bs,
1592 r->req.cmd.lba * (s->qdev.blocksize / 512),
1593 len * (s->qdev.blocksize / 512));
1594 if (rc < 0) {
1595 /* XXX: better error code ?*/
1596 goto fail;
1597 }
1598
1599 break;
1600 default:
1601 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1602 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1603 return 0;
1604 fail:
1605 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1606 return 0;
1607 illegal_lba:
1608 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1609 return 0;
1610 }
1611 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1612 scsi_req_complete(&r->req, GOOD);
1613 }
1614 len = r->sector_count * 512 + r->iov.iov_len;
1615 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1616 return -len;
1617 } else {
1618 if (!r->sector_count) {
1619 r->sector_count = -1;
1620 }
1621 return len;
1622 }
1623 }
1624
1625 static void scsi_disk_reset(DeviceState *dev)
1626 {
1627 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1628 uint64_t nb_sectors;
1629
1630 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1631
1632 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1633 nb_sectors /= s->qdev.blocksize / 512;
1634 if (nb_sectors) {
1635 nb_sectors--;
1636 }
1637 s->qdev.max_lba = nb_sectors;
1638 }
1639
1640 static void scsi_destroy(SCSIDevice *dev)
1641 {
1642 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1643
1644 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1645 blockdev_mark_auto_del(s->qdev.conf.bs);
1646 }
1647
1648 static void scsi_cd_change_media_cb(void *opaque, bool load)
1649 {
1650 SCSIDiskState *s = opaque;
1651
1652 /*
1653 * When a CD gets changed, we have to report an ejected state and
1654 * then a loaded state to guests so that they detect tray
1655 * open/close and media change events. Guests that do not use
1656 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1657 * states rely on this behavior.
1658 *
1659 * media_changed governs the state machine used for unit attention
1660 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1661 */
1662 s->media_changed = load;
1663 s->tray_open = !load;
1664 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1665 s->media_event = true;
1666 s->eject_request = false;
1667 }
1668
1669 static void scsi_cd_eject_request_cb(void *opaque, bool force)
1670 {
1671 SCSIDiskState *s = opaque;
1672
1673 s->eject_request = true;
1674 if (force) {
1675 s->tray_locked = false;
1676 }
1677 }
1678
1679 static bool scsi_cd_is_tray_open(void *opaque)
1680 {
1681 return ((SCSIDiskState *)opaque)->tray_open;
1682 }
1683
1684 static bool scsi_cd_is_medium_locked(void *opaque)
1685 {
1686 return ((SCSIDiskState *)opaque)->tray_locked;
1687 }
1688
1689 static const BlockDevOps scsi_cd_block_ops = {
1690 .change_media_cb = scsi_cd_change_media_cb,
1691 .eject_request_cb = scsi_cd_eject_request_cb,
1692 .is_tray_open = scsi_cd_is_tray_open,
1693 .is_medium_locked = scsi_cd_is_medium_locked,
1694 };
1695
1696 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1697 {
1698 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1699 if (s->media_changed) {
1700 s->media_changed = false;
1701 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1702 }
1703 }
1704
1705 static int scsi_initfn(SCSIDevice *dev)
1706 {
1707 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1708 DriveInfo *dinfo;
1709
1710 if (!s->qdev.conf.bs) {
1711 error_report("drive property not set");
1712 return -1;
1713 }
1714
1715 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
1716 !bdrv_is_inserted(s->qdev.conf.bs)) {
1717 error_report("Device needs media, but drive is empty");
1718 return -1;
1719 }
1720
1721 if (!s->serial) {
1722 /* try to fall back to value set with legacy -drive serial=... */
1723 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1724 if (*dinfo->serial) {
1725 s->serial = g_strdup(dinfo->serial);
1726 }
1727 }
1728
1729 if (!s->version) {
1730 s->version = g_strdup(QEMU_VERSION);
1731 }
1732
1733 if (bdrv_is_sg(s->qdev.conf.bs)) {
1734 error_report("unwanted /dev/sg*");
1735 return -1;
1736 }
1737
1738 if (s->features & (1 << SCSI_DISK_F_REMOVABLE)) {
1739 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1740 }
1741 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1742
1743 bdrv_iostatus_enable(s->qdev.conf.bs);
1744 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, NULL);
1745 return 0;
1746 }
1747
1748 static int scsi_hd_initfn(SCSIDevice *dev)
1749 {
1750 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1751 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1752 s->qdev.type = TYPE_DISK;
1753 return scsi_initfn(&s->qdev);
1754 }
1755
1756 static int scsi_cd_initfn(SCSIDevice *dev)
1757 {
1758 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1759 s->qdev.blocksize = 2048;
1760 s->qdev.type = TYPE_ROM;
1761 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1762 return scsi_initfn(&s->qdev);
1763 }
1764
1765 static int scsi_disk_initfn(SCSIDevice *dev)
1766 {
1767 DriveInfo *dinfo;
1768
1769 if (!dev->conf.bs) {
1770 return scsi_initfn(dev); /* ... and die there */
1771 }
1772
1773 dinfo = drive_get_by_blockdev(dev->conf.bs);
1774 if (dinfo->media_cd) {
1775 return scsi_cd_initfn(dev);
1776 } else {
1777 return scsi_hd_initfn(dev);
1778 }
1779 }
1780
1781 static const SCSIReqOps scsi_disk_reqops = {
1782 .size = sizeof(SCSIDiskReq),
1783 .free_req = scsi_free_request,
1784 .send_command = scsi_send_command,
1785 .read_data = scsi_read_data,
1786 .write_data = scsi_write_data,
1787 .cancel_io = scsi_cancel_io,
1788 .get_buf = scsi_get_buf,
1789 .load_request = scsi_disk_load_request,
1790 .save_request = scsi_disk_save_request,
1791 };
1792
1793 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1794 uint8_t *buf, void *hba_private)
1795 {
1796 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1797 SCSIRequest *req;
1798
1799 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1800 return req;
1801 }
1802
1803 #ifdef __linux__
1804 static int get_device_type(SCSIDiskState *s)
1805 {
1806 BlockDriverState *bdrv = s->qdev.conf.bs;
1807 uint8_t cmd[16];
1808 uint8_t buf[36];
1809 uint8_t sensebuf[8];
1810 sg_io_hdr_t io_header;
1811 int ret;
1812
1813 memset(cmd, 0, sizeof(cmd));
1814 memset(buf, 0, sizeof(buf));
1815 cmd[0] = INQUIRY;
1816 cmd[4] = sizeof(buf);
1817
1818 memset(&io_header, 0, sizeof(io_header));
1819 io_header.interface_id = 'S';
1820 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
1821 io_header.dxfer_len = sizeof(buf);
1822 io_header.dxferp = buf;
1823 io_header.cmdp = cmd;
1824 io_header.cmd_len = sizeof(cmd);
1825 io_header.mx_sb_len = sizeof(sensebuf);
1826 io_header.sbp = sensebuf;
1827 io_header.timeout = 6000; /* XXX */
1828
1829 ret = bdrv_ioctl(bdrv, SG_IO, &io_header);
1830 if (ret < 0 || io_header.driver_status || io_header.host_status) {
1831 return -1;
1832 }
1833 s->qdev.type = buf[0];
1834 if (buf[1] & 0x80) {
1835 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
1836 }
1837 return 0;
1838 }
1839
1840 static int scsi_block_initfn(SCSIDevice *dev)
1841 {
1842 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1843 int sg_version;
1844 int rc;
1845
1846 if (!s->qdev.conf.bs) {
1847 error_report("scsi-block: drive property not set");
1848 return -1;
1849 }
1850
1851 /* check we are using a driver managing SG_IO (version 3 and after) */
1852 if (bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) < 0 ||
1853 sg_version < 30000) {
1854 error_report("scsi-block: scsi generic interface too old");
1855 return -1;
1856 }
1857
1858 /* get device type from INQUIRY data */
1859 rc = get_device_type(s);
1860 if (rc < 0) {
1861 error_report("scsi-block: INQUIRY failed");
1862 return -1;
1863 }
1864
1865 /* Make a guess for the block size, we'll fix it when the guest sends.
1866 * READ CAPACITY. If they don't, they likely would assume these sizes
1867 * anyway. (TODO: check in /sys).
1868 */
1869 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
1870 s->qdev.blocksize = 2048;
1871 } else {
1872 s->qdev.blocksize = 512;
1873 }
1874 return scsi_initfn(&s->qdev);
1875 }
1876
1877 static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
1878 uint32_t lun, uint8_t *buf,
1879 void *hba_private)
1880 {
1881 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1882
1883 switch (buf[0]) {
1884 case READ_6:
1885 case READ_10:
1886 case READ_12:
1887 case READ_16:
1888 case VERIFY_10:
1889 case VERIFY_12:
1890 case VERIFY_16:
1891 case WRITE_6:
1892 case WRITE_10:
1893 case WRITE_12:
1894 case WRITE_16:
1895 case WRITE_VERIFY_10:
1896 case WRITE_VERIFY_12:
1897 case WRITE_VERIFY_16:
1898 /* If we are not using O_DIRECT, we might read stale data from the
1899 * host cache if writes were made using other commands than these
1900 * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without
1901 * O_DIRECT everything must go through SG_IO.
1902 */
1903 if (!(s->qdev.conf.bs->open_flags & BDRV_O_NOCACHE)) {
1904 break;
1905 }
1906
1907 /* MMC writing cannot be done via pread/pwrite, because it sometimes
1908 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
1909 * And once you do these writes, reading from the block device is
1910 * unreliable, too. It is even possible that reads deliver random data
1911 * from the host page cache (this is probably a Linux bug).
1912 *
1913 * We might use scsi_disk_reqops as long as no writing commands are
1914 * seen, but performance usually isn't paramount on optical media. So,
1915 * just make scsi-block operate the same as scsi-generic for them.
1916 */
1917 if (s->qdev.type == TYPE_ROM) {
1918 break;
1919 }
1920 return scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun,
1921 hba_private);
1922 }
1923
1924 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
1925 hba_private);
1926 }
1927 #endif
1928
1929 #define DEFINE_SCSI_DISK_PROPERTIES() \
1930 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1931 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1932 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1933
1934 static Property scsi_hd_properties[] = {
1935 DEFINE_SCSI_DISK_PROPERTIES(),
1936 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
1937 SCSI_DISK_F_REMOVABLE, false),
1938 DEFINE_PROP_END_OF_LIST(),
1939 };
1940
1941 static const VMStateDescription vmstate_scsi_disk_state = {
1942 .name = "scsi-disk",
1943 .version_id = 1,
1944 .minimum_version_id = 1,
1945 .minimum_version_id_old = 1,
1946 .fields = (VMStateField[]) {
1947 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
1948 VMSTATE_BOOL(media_changed, SCSIDiskState),
1949 VMSTATE_BOOL(media_event, SCSIDiskState),
1950 VMSTATE_BOOL(eject_request, SCSIDiskState),
1951 VMSTATE_BOOL(tray_open, SCSIDiskState),
1952 VMSTATE_BOOL(tray_locked, SCSIDiskState),
1953 VMSTATE_END_OF_LIST()
1954 }
1955 };
1956
1957 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
1958 {
1959 DeviceClass *dc = DEVICE_CLASS(klass);
1960 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1961
1962 sc->init = scsi_hd_initfn;
1963 sc->destroy = scsi_destroy;
1964 sc->alloc_req = scsi_new_request;
1965 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1966 dc->fw_name = "disk";
1967 dc->desc = "virtual SCSI disk";
1968 dc->reset = scsi_disk_reset;
1969 dc->props = scsi_hd_properties;
1970 dc->vmsd = &vmstate_scsi_disk_state;
1971 }
1972
1973 static TypeInfo scsi_hd_info = {
1974 .name = "scsi-hd",
1975 .parent = TYPE_SCSI_DEVICE,
1976 .instance_size = sizeof(SCSIDiskState),
1977 .class_init = scsi_hd_class_initfn,
1978 };
1979
1980 static Property scsi_cd_properties[] = {
1981 DEFINE_SCSI_DISK_PROPERTIES(),
1982 DEFINE_PROP_END_OF_LIST(),
1983 };
1984
1985 static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
1986 {
1987 DeviceClass *dc = DEVICE_CLASS(klass);
1988 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
1989
1990 sc->init = scsi_cd_initfn;
1991 sc->destroy = scsi_destroy;
1992 sc->alloc_req = scsi_new_request;
1993 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
1994 dc->fw_name = "disk";
1995 dc->desc = "virtual SCSI CD-ROM";
1996 dc->reset = scsi_disk_reset;
1997 dc->props = scsi_cd_properties;
1998 dc->vmsd = &vmstate_scsi_disk_state;
1999 }
2000
2001 static TypeInfo scsi_cd_info = {
2002 .name = "scsi-cd",
2003 .parent = TYPE_SCSI_DEVICE,
2004 .instance_size = sizeof(SCSIDiskState),
2005 .class_init = scsi_cd_class_initfn,
2006 };
2007
2008 #ifdef __linux__
2009 static Property scsi_block_properties[] = {
2010 DEFINE_SCSI_DISK_PROPERTIES(),
2011 DEFINE_PROP_END_OF_LIST(),
2012 };
2013
2014 static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2015 {
2016 DeviceClass *dc = DEVICE_CLASS(klass);
2017 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2018
2019 sc->init = scsi_block_initfn;
2020 sc->destroy = scsi_destroy;
2021 sc->alloc_req = scsi_block_new_request;
2022 dc->fw_name = "disk";
2023 dc->desc = "SCSI block device passthrough";
2024 dc->reset = scsi_disk_reset;
2025 dc->props = scsi_block_properties;
2026 dc->vmsd = &vmstate_scsi_disk_state;
2027 }
2028
2029 static TypeInfo scsi_block_info = {
2030 .name = "scsi-block",
2031 .parent = TYPE_SCSI_DEVICE,
2032 .instance_size = sizeof(SCSIDiskState),
2033 .class_init = scsi_block_class_initfn,
2034 };
2035 #endif
2036
2037 static Property scsi_disk_properties[] = {
2038 DEFINE_SCSI_DISK_PROPERTIES(),
2039 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2040 SCSI_DISK_F_REMOVABLE, false),
2041 DEFINE_PROP_END_OF_LIST(),
2042 };
2043
2044 static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2045 {
2046 DeviceClass *dc = DEVICE_CLASS(klass);
2047 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2048
2049 sc->init = scsi_disk_initfn;
2050 sc->destroy = scsi_destroy;
2051 sc->alloc_req = scsi_new_request;
2052 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
2053 dc->fw_name = "disk";
2054 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2055 dc->reset = scsi_disk_reset;
2056 dc->props = scsi_disk_properties;
2057 dc->vmsd = &vmstate_scsi_disk_state;
2058 }
2059
2060 static TypeInfo scsi_disk_info = {
2061 .name = "scsi-disk",
2062 .parent = TYPE_SCSI_DEVICE,
2063 .instance_size = sizeof(SCSIDiskState),
2064 .class_init = scsi_disk_class_initfn,
2065 };
2066
2067 static void scsi_disk_register_types(void)
2068 {
2069 type_register_static(&scsi_hd_info);
2070 type_register_static(&scsi_cd_info);
2071 #ifdef __linux__
2072 type_register_static(&scsi_block_info);
2073 #endif
2074 type_register_static(&scsi_disk_info);
2075 }
2076
2077 type_init(scsi_disk_register_types)
Qemu copy for testing