]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi-disk: bump SCSIRequest reference count until aio completion runs
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 #define SCSI_REQ_STATUS_RETRY 0x01
46 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
47 #define SCSI_REQ_STATUS_RETRY_READ 0x00
48 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
49 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50
51 typedef struct SCSIDiskState SCSIDiskState;
52
53 typedef struct SCSIDiskReq {
54 SCSIRequest req;
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 uint32_t buflen;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 uint32_t status;
62 BlockAcctCookie acct;
63 } SCSIDiskReq;
64
65 struct SCSIDiskState
66 {
67 SCSIDevice qdev;
68 uint32_t removable;
69 bool media_changed;
70 bool media_event;
71 QEMUBH *bh;
72 char *version;
73 char *serial;
74 bool tray_open;
75 bool tray_locked;
76 };
77
78 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
79 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf);
80
81 static void scsi_free_request(SCSIRequest *req)
82 {
83 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
84
85 if (r->iov.iov_base) {
86 qemu_vfree(r->iov.iov_base);
87 }
88 }
89
90 /* Helper function for command completion with sense. */
91 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
92 {
93 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
94 r->req.tag, sense.key, sense.asc, sense.ascq);
95 scsi_req_build_sense(&r->req, sense);
96 scsi_req_complete(&r->req, CHECK_CONDITION);
97 }
98
99 /* Cancel a pending data transfer. */
100 static void scsi_cancel_io(SCSIRequest *req)
101 {
102 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
103
104 DPRINTF("Cancel tag=0x%x\n", req->tag);
105 r->status &= ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
106 if (r->req.aiocb) {
107 bdrv_aio_cancel(r->req.aiocb);
108
109 /* This reference was left in by scsi_*_data. We take ownership of
110 * it the moment scsi_req_cancel is called, independent of whether
111 * bdrv_aio_cancel completes the request or not. */
112 scsi_req_unref(&r->req);
113 }
114 r->req.aiocb = NULL;
115 }
116
117 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
118 {
119 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
120
121 if (!r->iov.iov_base) {
122 r->buflen = SCSI_DMA_BUF_SIZE;
123 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
124 }
125 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
126 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
127 return r->qiov.size / 512;
128 }
129
130 static void scsi_read_complete(void * opaque, int ret)
131 {
132 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
133 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
134 int n;
135
136 if (r->req.aiocb != NULL) {
137 r->req.aiocb = NULL;
138 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
139 }
140
141 if (ret) {
142 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
143 goto done;
144 }
145 }
146
147 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
148
149 n = r->qiov.size / 512;
150 r->sector += n;
151 r->sector_count -= n;
152 scsi_req_data(&r->req, r->qiov.size);
153
154 done:
155 if (!r->req.io_canceled) {
156 scsi_req_unref(&r->req);
157 }
158 }
159
160 static void scsi_flush_complete(void * opaque, int ret)
161 {
162 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
163 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
164
165 if (r->req.aiocb != NULL) {
166 r->req.aiocb = NULL;
167 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
168 }
169
170 if (ret < 0) {
171 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
172 goto done;
173 }
174 }
175
176 scsi_req_complete(&r->req, GOOD);
177
178 done:
179 if (!r->req.io_canceled) {
180 scsi_req_unref(&r->req);
181 }
182 }
183
184 /* Read more data from scsi device into buffer. */
185 static void scsi_read_data(SCSIRequest *req)
186 {
187 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
188 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
189 uint32_t n;
190
191 if (r->sector_count == (uint32_t)-1) {
192 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
193 r->sector_count = 0;
194 scsi_req_data(&r->req, r->iov.iov_len);
195 return;
196 }
197 DPRINTF("Read sector_count=%d\n", r->sector_count);
198 if (r->sector_count == 0) {
199 /* This also clears the sense buffer for REQUEST SENSE. */
200 scsi_req_complete(&r->req, GOOD);
201 return;
202 }
203
204 /* No data transfer may already be in progress */
205 assert(r->req.aiocb == NULL);
206
207 /* The request is used as the AIO opaque value, so add a ref. */
208 scsi_req_ref(&r->req);
209 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
210 DPRINTF("Data transfer direction invalid\n");
211 scsi_read_complete(r, -EINVAL);
212 return;
213 }
214
215 if (s->tray_open) {
216 scsi_read_complete(r, -ENOMEDIUM);
217 return;
218 }
219
220 n = scsi_init_iovec(r);
221 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
222 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
223 scsi_read_complete, r);
224 if (r->req.aiocb == NULL) {
225 scsi_read_complete(r, -EIO);
226 }
227 }
228
229 /*
230 * scsi_handle_rw_error has two return values. 0 means that the error
231 * must be ignored, 1 means that the error has been processed and the
232 * caller should not do anything else for this request. Note that
233 * scsi_handle_rw_error always manages its reference counts, independent
234 * of the return value.
235 */
236 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
237 {
238 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
239 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
240 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
241
242 if (action == BLOCK_ERR_IGNORE) {
243 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
244 return 0;
245 }
246
247 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
248 || action == BLOCK_ERR_STOP_ANY) {
249
250 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
251 r->status |= SCSI_REQ_STATUS_RETRY | type;
252
253 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
254 vm_stop(RUN_STATE_IO_ERROR);
255 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
256
257 /* No need to save a reference, because scsi_dma_restart_bh just
258 * looks at the request list. If a request is canceled, the
259 * retry request is just dropped.
260 */
261 } else {
262 switch (error) {
263 case ENOMEDIUM:
264 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
265 break;
266 case ENOMEM:
267 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
268 break;
269 case EINVAL:
270 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
271 break;
272 default:
273 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
274 break;
275 }
276 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
277 }
278 return 1;
279 }
280
281 static void scsi_write_complete(void * opaque, int ret)
282 {
283 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
284 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
285 uint32_t n;
286
287 if (r->req.aiocb != NULL) {
288 r->req.aiocb = NULL;
289 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
290 }
291
292 if (ret) {
293 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
294 goto done;
295 }
296 }
297
298 n = r->qiov.size / 512;
299 r->sector += n;
300 r->sector_count -= n;
301 if (r->sector_count == 0) {
302 scsi_req_complete(&r->req, GOOD);
303 } else {
304 scsi_init_iovec(r);
305 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
306 scsi_req_data(&r->req, r->qiov.size);
307 }
308
309 done:
310 if (!r->req.io_canceled) {
311 scsi_req_unref(&r->req);
312 }
313 }
314
315 static void scsi_write_data(SCSIRequest *req)
316 {
317 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
318 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
319 uint32_t n;
320
321 /* No data transfer may already be in progress */
322 assert(r->req.aiocb == NULL);
323
324 /* The request is used as the AIO opaque value, so add a ref. */
325 scsi_req_ref(&r->req);
326 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
327 DPRINTF("Data transfer direction invalid\n");
328 scsi_write_complete(r, -EINVAL);
329 return;
330 }
331
332 n = r->qiov.size / 512;
333 if (n) {
334 if (s->tray_open) {
335 scsi_write_complete(r, -ENOMEDIUM);
336 return;
337 }
338 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
339 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
340 scsi_write_complete, r);
341 if (r->req.aiocb == NULL) {
342 scsi_write_complete(r, -ENOMEM);
343 }
344 } else {
345 /* Called for the first time. Ask the driver to send us more data. */
346 scsi_write_complete(r, 0);
347 }
348 }
349
350 static void scsi_dma_restart_bh(void *opaque)
351 {
352 SCSIDiskState *s = opaque;
353 SCSIRequest *req;
354 SCSIDiskReq *r;
355
356 qemu_bh_delete(s->bh);
357 s->bh = NULL;
358
359 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
360 r = DO_UPCAST(SCSIDiskReq, req, req);
361 if (r->status & SCSI_REQ_STATUS_RETRY) {
362 int status = r->status;
363
364 r->status &=
365 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
366
367 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
368 case SCSI_REQ_STATUS_RETRY_READ:
369 scsi_read_data(&r->req);
370 break;
371 case SCSI_REQ_STATUS_RETRY_WRITE:
372 scsi_write_data(&r->req);
373 break;
374 case SCSI_REQ_STATUS_RETRY_FLUSH:
375 scsi_send_command(&r->req, r->req.cmd.buf);
376 break;
377 }
378 }
379 }
380 }
381
382 static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
383 {
384 SCSIDiskState *s = opaque;
385
386 if (!running) {
387 return;
388 }
389 if (!s->bh) {
390 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
391 qemu_bh_schedule(s->bh);
392 }
393 }
394
395 /* Return a pointer to the data buffer. */
396 static uint8_t *scsi_get_buf(SCSIRequest *req)
397 {
398 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
399
400 return (uint8_t *)r->iov.iov_base;
401 }
402
403 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
404 {
405 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
406 int buflen = 0;
407
408 if (req->cmd.buf[1] & 0x2) {
409 /* Command support data - optional, not implemented */
410 BADF("optional INQUIRY command support request not implemented\n");
411 return -1;
412 }
413
414 if (req->cmd.buf[1] & 0x1) {
415 /* Vital product data */
416 uint8_t page_code = req->cmd.buf[2];
417 if (req->cmd.xfer < 4) {
418 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
419 "less than 4\n", page_code, req->cmd.xfer);
420 return -1;
421 }
422
423 outbuf[buflen++] = s->qdev.type & 0x1f;
424 outbuf[buflen++] = page_code ; // this page
425 outbuf[buflen++] = 0x00;
426
427 switch (page_code) {
428 case 0x00: /* Supported page codes, mandatory */
429 {
430 int pages;
431 DPRINTF("Inquiry EVPD[Supported pages] "
432 "buffer size %zd\n", req->cmd.xfer);
433 pages = buflen++;
434 outbuf[buflen++] = 0x00; // list of supported pages (this page)
435 if (s->serial) {
436 outbuf[buflen++] = 0x80; // unit serial number
437 }
438 outbuf[buflen++] = 0x83; // device identification
439 if (s->qdev.type == TYPE_DISK) {
440 outbuf[buflen++] = 0xb0; // block limits
441 outbuf[buflen++] = 0xb2; // thin provisioning
442 }
443 outbuf[pages] = buflen - pages - 1; // number of pages
444 break;
445 }
446 case 0x80: /* Device serial number, optional */
447 {
448 int l;
449
450 if (!s->serial) {
451 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
452 return -1;
453 }
454
455 l = strlen(s->serial);
456 if (l > req->cmd.xfer) {
457 l = req->cmd.xfer;
458 }
459 if (l > 20) {
460 l = 20;
461 }
462
463 DPRINTF("Inquiry EVPD[Serial number] "
464 "buffer size %zd\n", req->cmd.xfer);
465 outbuf[buflen++] = l;
466 memcpy(outbuf+buflen, s->serial, l);
467 buflen += l;
468 break;
469 }
470
471 case 0x83: /* Device identification page, mandatory */
472 {
473 int max_len = 255 - 8;
474 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
475
476 if (id_len > max_len) {
477 id_len = max_len;
478 }
479 DPRINTF("Inquiry EVPD[Device identification] "
480 "buffer size %zd\n", req->cmd.xfer);
481
482 outbuf[buflen++] = 4 + id_len;
483 outbuf[buflen++] = 0x2; // ASCII
484 outbuf[buflen++] = 0; // not officially assigned
485 outbuf[buflen++] = 0; // reserved
486 outbuf[buflen++] = id_len; // length of data following
487
488 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
489 buflen += id_len;
490 break;
491 }
492 case 0xb0: /* block limits */
493 {
494 unsigned int unmap_sectors =
495 s->qdev.conf.discard_granularity / s->qdev.blocksize;
496 unsigned int min_io_size =
497 s->qdev.conf.min_io_size / s->qdev.blocksize;
498 unsigned int opt_io_size =
499 s->qdev.conf.opt_io_size / s->qdev.blocksize;
500
501 if (s->qdev.type == TYPE_ROM) {
502 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
503 page_code);
504 return -1;
505 }
506 /* required VPD size with unmap support */
507 outbuf[3] = buflen = 0x3c;
508
509 memset(outbuf + 4, 0, buflen - 4);
510
511 /* optimal transfer length granularity */
512 outbuf[6] = (min_io_size >> 8) & 0xff;
513 outbuf[7] = min_io_size & 0xff;
514
515 /* optimal transfer length */
516 outbuf[12] = (opt_io_size >> 24) & 0xff;
517 outbuf[13] = (opt_io_size >> 16) & 0xff;
518 outbuf[14] = (opt_io_size >> 8) & 0xff;
519 outbuf[15] = opt_io_size & 0xff;
520
521 /* optimal unmap granularity */
522 outbuf[28] = (unmap_sectors >> 24) & 0xff;
523 outbuf[29] = (unmap_sectors >> 16) & 0xff;
524 outbuf[30] = (unmap_sectors >> 8) & 0xff;
525 outbuf[31] = unmap_sectors & 0xff;
526 break;
527 }
528 case 0xb2: /* thin provisioning */
529 {
530 outbuf[3] = buflen = 8;
531 outbuf[4] = 0;
532 outbuf[5] = 0x40; /* write same with unmap supported */
533 outbuf[6] = 0;
534 outbuf[7] = 0;
535 break;
536 }
537 default:
538 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
539 "buffer size %zd\n", page_code, req->cmd.xfer);
540 return -1;
541 }
542 /* done with EVPD */
543 return buflen;
544 }
545
546 /* Standard INQUIRY data */
547 if (req->cmd.buf[2] != 0) {
548 BADF("Error: Inquiry (STANDARD) page or code "
549 "is non-zero [%02X]\n", req->cmd.buf[2]);
550 return -1;
551 }
552
553 /* PAGE CODE == 0 */
554 if (req->cmd.xfer < 5) {
555 BADF("Error: Inquiry (STANDARD) buffer size %zd "
556 "is less than 5\n", req->cmd.xfer);
557 return -1;
558 }
559
560 buflen = req->cmd.xfer;
561 if (buflen > SCSI_MAX_INQUIRY_LEN) {
562 buflen = SCSI_MAX_INQUIRY_LEN;
563 }
564 memset(outbuf, 0, buflen);
565
566 outbuf[0] = s->qdev.type & 0x1f;
567 outbuf[1] = s->removable ? 0x80 : 0;
568 if (s->qdev.type == TYPE_ROM) {
569 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
570 } else {
571 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
572 }
573 memcpy(&outbuf[8], "QEMU ", 8);
574 memset(&outbuf[32], 0, 4);
575 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
576 /*
577 * We claim conformance to SPC-3, which is required for guests
578 * to ask for modern features like READ CAPACITY(16) or the
579 * block characteristics VPD page by default. Not all of SPC-3
580 * is actually implemented, but we're good enough.
581 */
582 outbuf[2] = 5;
583 outbuf[3] = 2; /* Format 2 */
584
585 if (buflen > 36) {
586 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
587 } else {
588 /* If the allocation length of CDB is too small,
589 the additional length is not adjusted */
590 outbuf[4] = 36 - 5;
591 }
592
593 /* Sync data transfer and TCQ. */
594 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
595 return buflen;
596 }
597
598 static inline bool media_is_dvd(SCSIDiskState *s)
599 {
600 uint64_t nb_sectors;
601 if (s->qdev.type != TYPE_ROM) {
602 return false;
603 }
604 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
605 return false;
606 }
607 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
608 return nb_sectors > CD_MAX_SECTORS;
609 }
610
611 static inline bool media_is_cd(SCSIDiskState *s)
612 {
613 uint64_t nb_sectors;
614 if (s->qdev.type != TYPE_ROM) {
615 return false;
616 }
617 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
618 return false;
619 }
620 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
621 return nb_sectors <= CD_MAX_SECTORS;
622 }
623
624 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
625 uint8_t *outbuf)
626 {
627 static const int rds_caps_size[5] = {
628 [0] = 2048 + 4,
629 [1] = 4 + 4,
630 [3] = 188 + 4,
631 [4] = 2048 + 4,
632 };
633
634 uint8_t media = r->req.cmd.buf[1];
635 uint8_t layer = r->req.cmd.buf[6];
636 uint8_t format = r->req.cmd.buf[7];
637 int size = -1;
638
639 if (s->qdev.type != TYPE_ROM) {
640 return -1;
641 }
642 if (media != 0) {
643 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
644 return -1;
645 }
646
647 if (format != 0xff) {
648 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
649 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
650 return -1;
651 }
652 if (media_is_cd(s)) {
653 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
654 return -1;
655 }
656 if (format >= ARRAY_SIZE(rds_caps_size)) {
657 return -1;
658 }
659 size = rds_caps_size[format];
660 memset(outbuf, 0, size);
661 }
662
663 switch (format) {
664 case 0x00: {
665 /* Physical format information */
666 uint64_t nb_sectors;
667 if (layer != 0) {
668 goto fail;
669 }
670 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
671
672 outbuf[4] = 1; /* DVD-ROM, part version 1 */
673 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
674 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
675 outbuf[7] = 0; /* default densities */
676
677 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
678 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
679 break;
680 }
681
682 case 0x01: /* DVD copyright information, all zeros */
683 break;
684
685 case 0x03: /* BCA information - invalid field for no BCA info */
686 return -1;
687
688 case 0x04: /* DVD disc manufacturing information, all zeros */
689 break;
690
691 case 0xff: { /* List capabilities */
692 int i;
693 size = 4;
694 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
695 if (!rds_caps_size[i]) {
696 continue;
697 }
698 outbuf[size] = i;
699 outbuf[size + 1] = 0x40; /* Not writable, readable */
700 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
701 size += 4;
702 }
703 break;
704 }
705
706 default:
707 return -1;
708 }
709
710 /* Size of buffer, not including 2 byte size field */
711 stw_be_p(outbuf, size - 2);
712 return size;
713
714 fail:
715 return -1;
716 }
717
718 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
719 {
720 uint8_t event_code, media_status;
721
722 media_status = 0;
723 if (s->tray_open) {
724 media_status = MS_TRAY_OPEN;
725 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
726 media_status = MS_MEDIA_PRESENT;
727 }
728
729 /* Event notification descriptor */
730 event_code = MEC_NO_CHANGE;
731 if (media_status != MS_TRAY_OPEN && s->media_event) {
732 event_code = MEC_NEW_MEDIA;
733 s->media_event = false;
734 }
735
736 outbuf[0] = event_code;
737 outbuf[1] = media_status;
738
739 /* These fields are reserved, just clear them. */
740 outbuf[2] = 0;
741 outbuf[3] = 0;
742 return 4;
743 }
744
745 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
746 uint8_t *outbuf)
747 {
748 int size;
749 uint8_t *buf = r->req.cmd.buf;
750 uint8_t notification_class_request = buf[4];
751 if (s->qdev.type != TYPE_ROM) {
752 return -1;
753 }
754 if ((buf[1] & 1) == 0) {
755 /* asynchronous */
756 return -1;
757 }
758
759 size = 4;
760 outbuf[0] = outbuf[1] = 0;
761 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
762 if (notification_class_request & (1 << GESN_MEDIA)) {
763 outbuf[2] = GESN_MEDIA;
764 size += scsi_event_status_media(s, &outbuf[size]);
765 } else {
766 outbuf[2] = 0x80;
767 }
768 stw_be_p(outbuf, size - 4);
769 return size;
770 }
771
772 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
773 {
774 int current;
775
776 if (s->qdev.type != TYPE_ROM) {
777 return -1;
778 }
779 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
780 memset(outbuf, 0, 40);
781 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
782 stw_be_p(&outbuf[6], current);
783 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
784 outbuf[10] = 0x03; /* persistent, current */
785 outbuf[11] = 8; /* two profiles */
786 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
787 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
788 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
789 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
790 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
791 stw_be_p(&outbuf[20], 1);
792 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
793 outbuf[23] = 8;
794 stl_be_p(&outbuf[24], 1); /* SCSI */
795 outbuf[28] = 1; /* DBE = 1, mandatory */
796 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
797 stw_be_p(&outbuf[32], 3);
798 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
799 outbuf[35] = 4;
800 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
801 /* TODO: Random readable, CD read, DVD read, drive serial number,
802 power management */
803 return 40;
804 }
805
806 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
807 {
808 if (s->qdev.type != TYPE_ROM) {
809 return -1;
810 }
811 memset(outbuf, 0, 8);
812 outbuf[5] = 1; /* CD-ROM */
813 return 8;
814 }
815
816 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
817 int page_control)
818 {
819 static const int mode_sense_valid[0x3f] = {
820 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
821 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
822 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
823 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
824 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
825 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
826 };
827
828 BlockDriverState *bdrv = s->qdev.conf.bs;
829 int cylinders, heads, secs;
830 uint8_t *p = *p_outbuf;
831
832 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
833 return -1;
834 }
835
836 p[0] = page;
837
838 /*
839 * If Changeable Values are requested, a mask denoting those mode parameters
840 * that are changeable shall be returned. As we currently don't support
841 * parameter changes via MODE_SELECT all bits are returned set to zero.
842 * The buffer was already menset to zero by the caller of this function.
843 */
844 switch (page) {
845 case MODE_PAGE_HD_GEOMETRY:
846 p[1] = 0x16;
847 if (page_control == 1) { /* Changeable Values */
848 break;
849 }
850 /* if a geometry hint is available, use it */
851 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
852 p[2] = (cylinders >> 16) & 0xff;
853 p[3] = (cylinders >> 8) & 0xff;
854 p[4] = cylinders & 0xff;
855 p[5] = heads & 0xff;
856 /* Write precomp start cylinder, disabled */
857 p[6] = (cylinders >> 16) & 0xff;
858 p[7] = (cylinders >> 8) & 0xff;
859 p[8] = cylinders & 0xff;
860 /* Reduced current start cylinder, disabled */
861 p[9] = (cylinders >> 16) & 0xff;
862 p[10] = (cylinders >> 8) & 0xff;
863 p[11] = cylinders & 0xff;
864 /* Device step rate [ns], 200ns */
865 p[12] = 0;
866 p[13] = 200;
867 /* Landing zone cylinder */
868 p[14] = 0xff;
869 p[15] = 0xff;
870 p[16] = 0xff;
871 /* Medium rotation rate [rpm], 5400 rpm */
872 p[20] = (5400 >> 8) & 0xff;
873 p[21] = 5400 & 0xff;
874 break;
875
876 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
877 p[1] = 0x1e;
878 if (page_control == 1) { /* Changeable Values */
879 break;
880 }
881 /* Transfer rate [kbit/s], 5Mbit/s */
882 p[2] = 5000 >> 8;
883 p[3] = 5000 & 0xff;
884 /* if a geometry hint is available, use it */
885 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
886 p[4] = heads & 0xff;
887 p[5] = secs & 0xff;
888 p[6] = s->qdev.blocksize >> 8;
889 p[8] = (cylinders >> 8) & 0xff;
890 p[9] = cylinders & 0xff;
891 /* Write precomp start cylinder, disabled */
892 p[10] = (cylinders >> 8) & 0xff;
893 p[11] = cylinders & 0xff;
894 /* Reduced current start cylinder, disabled */
895 p[12] = (cylinders >> 8) & 0xff;
896 p[13] = cylinders & 0xff;
897 /* Device step rate [100us], 100us */
898 p[14] = 0;
899 p[15] = 1;
900 /* Device step pulse width [us], 1us */
901 p[16] = 1;
902 /* Device head settle delay [100us], 100us */
903 p[17] = 0;
904 p[18] = 1;
905 /* Motor on delay [0.1s], 0.1s */
906 p[19] = 1;
907 /* Motor off delay [0.1s], 0.1s */
908 p[20] = 1;
909 /* Medium rotation rate [rpm], 5400 rpm */
910 p[28] = (5400 >> 8) & 0xff;
911 p[29] = 5400 & 0xff;
912 break;
913
914 case MODE_PAGE_CACHING:
915 p[0] = 8;
916 p[1] = 0x12;
917 if (page_control == 1) { /* Changeable Values */
918 break;
919 }
920 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
921 p[2] = 4; /* WCE */
922 }
923 break;
924
925 case MODE_PAGE_R_W_ERROR:
926 p[1] = 10;
927 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
928 if (s->qdev.type == TYPE_ROM) {
929 p[3] = 0x20; /* Read Retry Count */
930 }
931 break;
932
933 case MODE_PAGE_AUDIO_CTL:
934 p[1] = 14;
935 break;
936
937 case MODE_PAGE_CAPABILITIES:
938 p[1] = 0x14;
939 if (page_control == 1) { /* Changeable Values */
940 break;
941 }
942
943 p[2] = 0x3b; /* CD-R & CD-RW read */
944 p[3] = 0; /* Writing not supported */
945 p[4] = 0x7f; /* Audio, composite, digital out,
946 mode 2 form 1&2, multi session */
947 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
948 RW corrected, C2 errors, ISRC,
949 UPC, Bar code */
950 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
951 /* Locking supported, jumper present, eject, tray */
952 p[7] = 0; /* no volume & mute control, no
953 changer */
954 p[8] = (50 * 176) >> 8; /* 50x read speed */
955 p[9] = (50 * 176) & 0xff;
956 p[10] = 2 >> 8; /* Two volume levels */
957 p[11] = 2 & 0xff;
958 p[12] = 2048 >> 8; /* 2M buffer */
959 p[13] = 2048 & 0xff;
960 p[14] = (16 * 176) >> 8; /* 16x read speed current */
961 p[15] = (16 * 176) & 0xff;
962 p[18] = (16 * 176) >> 8; /* 16x write speed */
963 p[19] = (16 * 176) & 0xff;
964 p[20] = (16 * 176) >> 8; /* 16x write speed current */
965 p[21] = (16 * 176) & 0xff;
966 break;
967
968 default:
969 return -1;
970 }
971
972 *p_outbuf += p[1] + 2;
973 return p[1] + 2;
974 }
975
976 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
977 {
978 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
979 uint64_t nb_sectors;
980 int page, dbd, buflen, ret, page_control;
981 uint8_t *p;
982 uint8_t dev_specific_param;
983
984 dbd = r->req.cmd.buf[1] & 0x8;
985 page = r->req.cmd.buf[2] & 0x3f;
986 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
987 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
988 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
989 memset(outbuf, 0, r->req.cmd.xfer);
990 p = outbuf;
991
992 if (bdrv_is_read_only(s->qdev.conf.bs)) {
993 dev_specific_param = 0x80; /* Readonly. */
994 } else {
995 dev_specific_param = 0x00;
996 }
997
998 if (r->req.cmd.buf[0] == MODE_SENSE) {
999 p[1] = 0; /* Default media type. */
1000 p[2] = dev_specific_param;
1001 p[3] = 0; /* Block descriptor length. */
1002 p += 4;
1003 } else { /* MODE_SENSE_10 */
1004 p[2] = 0; /* Default media type. */
1005 p[3] = dev_specific_param;
1006 p[6] = p[7] = 0; /* Block descriptor length. */
1007 p += 8;
1008 }
1009
1010 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1011 if (!dbd && nb_sectors) {
1012 if (r->req.cmd.buf[0] == MODE_SENSE) {
1013 outbuf[3] = 8; /* Block descriptor length */
1014 } else { /* MODE_SENSE_10 */
1015 outbuf[7] = 8; /* Block descriptor length */
1016 }
1017 nb_sectors /= (s->qdev.blocksize / 512);
1018 if (nb_sectors > 0xffffff) {
1019 nb_sectors = 0;
1020 }
1021 p[0] = 0; /* media density code */
1022 p[1] = (nb_sectors >> 16) & 0xff;
1023 p[2] = (nb_sectors >> 8) & 0xff;
1024 p[3] = nb_sectors & 0xff;
1025 p[4] = 0; /* reserved */
1026 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
1027 p[6] = s->qdev.blocksize >> 8;
1028 p[7] = 0;
1029 p += 8;
1030 }
1031
1032 if (page_control == 3) {
1033 /* Saved Values */
1034 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1035 return -1;
1036 }
1037
1038 if (page == 0x3f) {
1039 for (page = 0; page <= 0x3e; page++) {
1040 mode_sense_page(s, page, &p, page_control);
1041 }
1042 } else {
1043 ret = mode_sense_page(s, page, &p, page_control);
1044 if (ret == -1) {
1045 return -1;
1046 }
1047 }
1048
1049 buflen = p - outbuf;
1050 /*
1051 * The mode data length field specifies the length in bytes of the
1052 * following data that is available to be transferred. The mode data
1053 * length does not include itself.
1054 */
1055 if (r->req.cmd.buf[0] == MODE_SENSE) {
1056 outbuf[0] = buflen - 1;
1057 } else { /* MODE_SENSE_10 */
1058 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1059 outbuf[1] = (buflen - 2) & 0xff;
1060 }
1061 if (buflen > r->req.cmd.xfer) {
1062 buflen = r->req.cmd.xfer;
1063 }
1064 return buflen;
1065 }
1066
1067 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1068 {
1069 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1070 int start_track, format, msf, toclen;
1071 uint64_t nb_sectors;
1072
1073 msf = req->cmd.buf[1] & 2;
1074 format = req->cmd.buf[2] & 0xf;
1075 start_track = req->cmd.buf[6];
1076 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1077 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1078 nb_sectors /= s->qdev.blocksize / 512;
1079 switch (format) {
1080 case 0:
1081 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1082 break;
1083 case 1:
1084 /* multi session : only a single session defined */
1085 toclen = 12;
1086 memset(outbuf, 0, 12);
1087 outbuf[1] = 0x0a;
1088 outbuf[2] = 0x01;
1089 outbuf[3] = 0x01;
1090 break;
1091 case 2:
1092 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1093 break;
1094 default:
1095 return -1;
1096 }
1097 if (toclen > req->cmd.xfer) {
1098 toclen = req->cmd.xfer;
1099 }
1100 return toclen;
1101 }
1102
1103 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1104 {
1105 SCSIRequest *req = &r->req;
1106 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1107 bool start = req->cmd.buf[4] & 1;
1108 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1109
1110 if (s->qdev.type == TYPE_ROM && loej) {
1111 if (!start && !s->tray_open && s->tray_locked) {
1112 scsi_check_condition(r,
1113 bdrv_is_inserted(s->qdev.conf.bs)
1114 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1115 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1116 return -1;
1117 }
1118 bdrv_eject(s->qdev.conf.bs, !start);
1119 s->tray_open = !start;
1120 }
1121 return 0;
1122 }
1123
1124 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1125 {
1126 SCSIRequest *req = &r->req;
1127 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1128 uint64_t nb_sectors;
1129 uint8_t *outbuf;
1130 int buflen = 0;
1131
1132 if (!r->iov.iov_base) {
1133 /*
1134 * FIXME: we shouldn't return anything bigger than 4k, but the code
1135 * requires the buffer to be as big as req->cmd.xfer in several
1136 * places. So, do not allow CDBs with a very large ALLOCATION
1137 * LENGTH. The real fix would be to modify scsi_read_data and
1138 * dma_buf_read, so that they return data beyond the buflen
1139 * as all zeros.
1140 */
1141 if (req->cmd.xfer > 65536) {
1142 goto illegal_request;
1143 }
1144 r->buflen = MAX(4096, req->cmd.xfer);
1145 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1146 }
1147
1148 outbuf = r->iov.iov_base;
1149 switch (req->cmd.buf[0]) {
1150 case TEST_UNIT_READY:
1151 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1152 goto not_ready;
1153 }
1154 break;
1155 case INQUIRY:
1156 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1157 if (buflen < 0) {
1158 goto illegal_request;
1159 }
1160 break;
1161 case MODE_SENSE:
1162 case MODE_SENSE_10:
1163 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1164 if (buflen < 0) {
1165 goto illegal_request;
1166 }
1167 break;
1168 case READ_TOC:
1169 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1170 if (buflen < 0) {
1171 goto illegal_request;
1172 }
1173 break;
1174 case RESERVE:
1175 if (req->cmd.buf[1] & 1) {
1176 goto illegal_request;
1177 }
1178 break;
1179 case RESERVE_10:
1180 if (req->cmd.buf[1] & 3) {
1181 goto illegal_request;
1182 }
1183 break;
1184 case RELEASE:
1185 if (req->cmd.buf[1] & 1) {
1186 goto illegal_request;
1187 }
1188 break;
1189 case RELEASE_10:
1190 if (req->cmd.buf[1] & 3) {
1191 goto illegal_request;
1192 }
1193 break;
1194 case START_STOP:
1195 if (scsi_disk_emulate_start_stop(r) < 0) {
1196 return -1;
1197 }
1198 break;
1199 case ALLOW_MEDIUM_REMOVAL:
1200 s->tray_locked = req->cmd.buf[4] & 1;
1201 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1202 break;
1203 case READ_CAPACITY_10:
1204 /* The normal LEN field for this command is zero. */
1205 memset(outbuf, 0, 8);
1206 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1207 if (!nb_sectors) {
1208 goto not_ready;
1209 }
1210 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1211 goto illegal_request;
1212 }
1213 nb_sectors /= s->qdev.blocksize / 512;
1214 /* Returned value is the address of the last sector. */
1215 nb_sectors--;
1216 /* Remember the new size for read/write sanity checking. */
1217 s->qdev.max_lba = nb_sectors;
1218 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1219 if (nb_sectors > UINT32_MAX) {
1220 nb_sectors = UINT32_MAX;
1221 }
1222 outbuf[0] = (nb_sectors >> 24) & 0xff;
1223 outbuf[1] = (nb_sectors >> 16) & 0xff;
1224 outbuf[2] = (nb_sectors >> 8) & 0xff;
1225 outbuf[3] = nb_sectors & 0xff;
1226 outbuf[4] = 0;
1227 outbuf[5] = 0;
1228 outbuf[6] = s->qdev.blocksize >> 8;
1229 outbuf[7] = 0;
1230 buflen = 8;
1231 break;
1232 case MECHANISM_STATUS:
1233 buflen = scsi_emulate_mechanism_status(s, outbuf);
1234 if (buflen < 0) {
1235 goto illegal_request;
1236 }
1237 break;
1238 case GET_CONFIGURATION:
1239 buflen = scsi_get_configuration(s, outbuf);
1240 if (buflen < 0) {
1241 goto illegal_request;
1242 }
1243 break;
1244 case GET_EVENT_STATUS_NOTIFICATION:
1245 buflen = scsi_get_event_status_notification(s, r, outbuf);
1246 if (buflen < 0) {
1247 goto illegal_request;
1248 }
1249 break;
1250 case READ_DVD_STRUCTURE:
1251 buflen = scsi_read_dvd_structure(s, r, outbuf);
1252 if (buflen < 0) {
1253 goto illegal_request;
1254 }
1255 break;
1256 case SERVICE_ACTION_IN_16:
1257 /* Service Action In subcommands. */
1258 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1259 DPRINTF("SAI READ CAPACITY(16)\n");
1260 memset(outbuf, 0, req->cmd.xfer);
1261 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1262 if (!nb_sectors) {
1263 goto not_ready;
1264 }
1265 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1266 goto illegal_request;
1267 }
1268 nb_sectors /= s->qdev.blocksize / 512;
1269 /* Returned value is the address of the last sector. */
1270 nb_sectors--;
1271 /* Remember the new size for read/write sanity checking. */
1272 s->qdev.max_lba = nb_sectors;
1273 outbuf[0] = (nb_sectors >> 56) & 0xff;
1274 outbuf[1] = (nb_sectors >> 48) & 0xff;
1275 outbuf[2] = (nb_sectors >> 40) & 0xff;
1276 outbuf[3] = (nb_sectors >> 32) & 0xff;
1277 outbuf[4] = (nb_sectors >> 24) & 0xff;
1278 outbuf[5] = (nb_sectors >> 16) & 0xff;
1279 outbuf[6] = (nb_sectors >> 8) & 0xff;
1280 outbuf[7] = nb_sectors & 0xff;
1281 outbuf[8] = 0;
1282 outbuf[9] = 0;
1283 outbuf[10] = s->qdev.blocksize >> 8;
1284 outbuf[11] = 0;
1285 outbuf[12] = 0;
1286 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1287
1288 /* set TPE bit if the format supports discard */
1289 if (s->qdev.conf.discard_granularity) {
1290 outbuf[14] = 0x80;
1291 }
1292
1293 /* Protection, exponent and lowest lba field left blank. */
1294 buflen = req->cmd.xfer;
1295 break;
1296 }
1297 DPRINTF("Unsupported Service Action In\n");
1298 goto illegal_request;
1299 case VERIFY_10:
1300 break;
1301 default:
1302 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1303 return -1;
1304 }
1305 return buflen;
1306
1307 not_ready:
1308 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1309 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1310 } else {
1311 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1312 }
1313 return -1;
1314
1315 illegal_request:
1316 if (r->req.status == -1) {
1317 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1318 }
1319 return -1;
1320 }
1321
1322 /* Execute a scsi command. Returns the length of the data expected by the
1323 command. This will be Positive for data transfers from the device
1324 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1325 and zero if the command does not transfer any data. */
1326
1327 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1328 {
1329 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1330 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1331 int32_t len;
1332 uint8_t command;
1333 int rc;
1334
1335 command = buf[0];
1336 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1337
1338 #ifdef DEBUG_SCSI
1339 {
1340 int i;
1341 for (i = 1; i < r->req.cmd.len; i++) {
1342 printf(" 0x%02x", buf[i]);
1343 }
1344 printf("\n");
1345 }
1346 #endif
1347
1348 switch (command) {
1349 case TEST_UNIT_READY:
1350 case INQUIRY:
1351 case MODE_SENSE:
1352 case MODE_SENSE_10:
1353 case RESERVE:
1354 case RESERVE_10:
1355 case RELEASE:
1356 case RELEASE_10:
1357 case START_STOP:
1358 case ALLOW_MEDIUM_REMOVAL:
1359 case READ_CAPACITY_10:
1360 case READ_TOC:
1361 case READ_DVD_STRUCTURE:
1362 case GET_CONFIGURATION:
1363 case GET_EVENT_STATUS_NOTIFICATION:
1364 case MECHANISM_STATUS:
1365 case SERVICE_ACTION_IN_16:
1366 case VERIFY_10:
1367 rc = scsi_disk_emulate_command(r);
1368 if (rc < 0) {
1369 return 0;
1370 }
1371
1372 r->iov.iov_len = rc;
1373 break;
1374 case SYNCHRONIZE_CACHE:
1375 /* The request is used as the AIO opaque value, so add a ref. */
1376 scsi_req_ref(&r->req);
1377 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1378 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1379 if (r->req.aiocb == NULL) {
1380 scsi_flush_complete(r, -EIO);
1381 }
1382 return 0;
1383 case READ_6:
1384 case READ_10:
1385 case READ_12:
1386 case READ_16:
1387 len = r->req.cmd.xfer / s->qdev.blocksize;
1388 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1389 if (r->req.cmd.lba > s->qdev.max_lba) {
1390 goto illegal_lba;
1391 }
1392 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1393 r->sector_count = len * (s->qdev.blocksize / 512);
1394 break;
1395 case WRITE_6:
1396 case WRITE_10:
1397 case WRITE_12:
1398 case WRITE_16:
1399 case WRITE_VERIFY_10:
1400 case WRITE_VERIFY_12:
1401 case WRITE_VERIFY_16:
1402 len = r->req.cmd.xfer / s->qdev.blocksize;
1403 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1404 (command & 0xe) == 0xe ? "And Verify " : "",
1405 r->req.cmd.lba, len);
1406 if (r->req.cmd.lba > s->qdev.max_lba) {
1407 goto illegal_lba;
1408 }
1409 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1410 r->sector_count = len * (s->qdev.blocksize / 512);
1411 break;
1412 case MODE_SELECT:
1413 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1414 /* We don't support mode parameter changes.
1415 Allow the mode parameter header + block descriptors only. */
1416 if (r->req.cmd.xfer > 12) {
1417 goto fail;
1418 }
1419 break;
1420 case MODE_SELECT_10:
1421 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1422 /* We don't support mode parameter changes.
1423 Allow the mode parameter header + block descriptors only. */
1424 if (r->req.cmd.xfer > 16) {
1425 goto fail;
1426 }
1427 break;
1428 case SEEK_6:
1429 case SEEK_10:
1430 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1431 r->req.cmd.lba);
1432 if (r->req.cmd.lba > s->qdev.max_lba) {
1433 goto illegal_lba;
1434 }
1435 break;
1436 case WRITE_SAME_16:
1437 len = r->req.cmd.xfer / s->qdev.blocksize;
1438
1439 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1440 r->req.cmd.lba, len);
1441
1442 if (r->req.cmd.lba > s->qdev.max_lba) {
1443 goto illegal_lba;
1444 }
1445
1446 /*
1447 * We only support WRITE SAME with the unmap bit set for now.
1448 */
1449 if (!(buf[1] & 0x8)) {
1450 goto fail;
1451 }
1452
1453 rc = bdrv_discard(s->qdev.conf.bs,
1454 r->req.cmd.lba * (s->qdev.blocksize / 512),
1455 len * (s->qdev.blocksize / 512));
1456 if (rc < 0) {
1457 /* XXX: better error code ?*/
1458 goto fail;
1459 }
1460
1461 break;
1462 case REQUEST_SENSE:
1463 abort();
1464 default:
1465 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1466 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1467 return 0;
1468 fail:
1469 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1470 return 0;
1471 illegal_lba:
1472 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1473 return 0;
1474 }
1475 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1476 scsi_req_complete(&r->req, GOOD);
1477 }
1478 len = r->sector_count * 512 + r->iov.iov_len;
1479 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1480 return -len;
1481 } else {
1482 if (!r->sector_count) {
1483 r->sector_count = -1;
1484 }
1485 return len;
1486 }
1487 }
1488
1489 static void scsi_disk_reset(DeviceState *dev)
1490 {
1491 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1492 uint64_t nb_sectors;
1493
1494 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1495
1496 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1497 nb_sectors /= s->qdev.blocksize / 512;
1498 if (nb_sectors) {
1499 nb_sectors--;
1500 }
1501 s->qdev.max_lba = nb_sectors;
1502 }
1503
1504 static void scsi_destroy(SCSIDevice *dev)
1505 {
1506 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1507
1508 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1509 blockdev_mark_auto_del(s->qdev.conf.bs);
1510 }
1511
1512 static void scsi_cd_change_media_cb(void *opaque, bool load)
1513 {
1514 SCSIDiskState *s = opaque;
1515
1516 /*
1517 * When a CD gets changed, we have to report an ejected state and
1518 * then a loaded state to guests so that they detect tray
1519 * open/close and media change events. Guests that do not use
1520 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1521 * states rely on this behavior.
1522 *
1523 * media_changed governs the state machine used for unit attention
1524 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1525 */
1526 s->media_changed = load;
1527 s->tray_open = !load;
1528 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1529 s->media_event = true;
1530 }
1531
1532 static bool scsi_cd_is_tray_open(void *opaque)
1533 {
1534 return ((SCSIDiskState *)opaque)->tray_open;
1535 }
1536
1537 static bool scsi_cd_is_medium_locked(void *opaque)
1538 {
1539 return ((SCSIDiskState *)opaque)->tray_locked;
1540 }
1541
1542 static const BlockDevOps scsi_cd_block_ops = {
1543 .change_media_cb = scsi_cd_change_media_cb,
1544 .is_tray_open = scsi_cd_is_tray_open,
1545 .is_medium_locked = scsi_cd_is_medium_locked,
1546 };
1547
1548 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1549 {
1550 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1551 if (s->media_changed) {
1552 s->media_changed = false;
1553 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1554 }
1555 }
1556
1557 static int scsi_initfn(SCSIDevice *dev)
1558 {
1559 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1560 DriveInfo *dinfo;
1561
1562 if (!s->qdev.conf.bs) {
1563 error_report("scsi-disk: drive property not set");
1564 return -1;
1565 }
1566
1567 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1568 error_report("Device needs media, but drive is empty");
1569 return -1;
1570 }
1571
1572 if (!s->serial) {
1573 /* try to fall back to value set with legacy -drive serial=... */
1574 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1575 if (*dinfo->serial) {
1576 s->serial = g_strdup(dinfo->serial);
1577 }
1578 }
1579
1580 if (!s->version) {
1581 s->version = g_strdup(QEMU_VERSION);
1582 }
1583
1584 if (bdrv_is_sg(s->qdev.conf.bs)) {
1585 error_report("scsi-disk: unwanted /dev/sg*");
1586 return -1;
1587 }
1588
1589 if (s->removable) {
1590 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1591 }
1592 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1593
1594 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1595 bdrv_iostatus_enable(s->qdev.conf.bs);
1596 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1597 return 0;
1598 }
1599
1600 static int scsi_hd_initfn(SCSIDevice *dev)
1601 {
1602 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1603 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1604 s->qdev.type = TYPE_DISK;
1605 return scsi_initfn(&s->qdev);
1606 }
1607
1608 static int scsi_cd_initfn(SCSIDevice *dev)
1609 {
1610 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1611 s->qdev.blocksize = 2048;
1612 s->qdev.type = TYPE_ROM;
1613 s->removable = true;
1614 return scsi_initfn(&s->qdev);
1615 }
1616
1617 static int scsi_disk_initfn(SCSIDevice *dev)
1618 {
1619 DriveInfo *dinfo;
1620
1621 if (!dev->conf.bs) {
1622 return scsi_initfn(dev); /* ... and die there */
1623 }
1624
1625 dinfo = drive_get_by_blockdev(dev->conf.bs);
1626 if (dinfo->media_cd) {
1627 return scsi_cd_initfn(dev);
1628 } else {
1629 return scsi_hd_initfn(dev);
1630 }
1631 }
1632
1633 static const SCSIReqOps scsi_disk_reqops = {
1634 .size = sizeof(SCSIDiskReq),
1635 .free_req = scsi_free_request,
1636 .send_command = scsi_send_command,
1637 .read_data = scsi_read_data,
1638 .write_data = scsi_write_data,
1639 .cancel_io = scsi_cancel_io,
1640 .get_buf = scsi_get_buf,
1641 };
1642
1643 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
1644 uint8_t *buf, void *hba_private)
1645 {
1646 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1647 SCSIRequest *req;
1648
1649 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1650 return req;
1651 }
1652
1653 #define DEFINE_SCSI_DISK_PROPERTIES() \
1654 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1655 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1656 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1657
1658 static SCSIDeviceInfo scsi_disk_info[] = {
1659 {
1660 .qdev.name = "scsi-hd",
1661 .qdev.fw_name = "disk",
1662 .qdev.desc = "virtual SCSI disk",
1663 .qdev.size = sizeof(SCSIDiskState),
1664 .qdev.reset = scsi_disk_reset,
1665 .init = scsi_hd_initfn,
1666 .destroy = scsi_destroy,
1667 .alloc_req = scsi_new_request,
1668 .unit_attention_reported = scsi_disk_unit_attention_reported,
1669 .qdev.props = (Property[]) {
1670 DEFINE_SCSI_DISK_PROPERTIES(),
1671 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1672 DEFINE_PROP_END_OF_LIST(),
1673 }
1674 },{
1675 .qdev.name = "scsi-cd",
1676 .qdev.fw_name = "disk",
1677 .qdev.desc = "virtual SCSI CD-ROM",
1678 .qdev.size = sizeof(SCSIDiskState),
1679 .qdev.reset = scsi_disk_reset,
1680 .init = scsi_cd_initfn,
1681 .destroy = scsi_destroy,
1682 .alloc_req = scsi_new_request,
1683 .unit_attention_reported = scsi_disk_unit_attention_reported,
1684 .qdev.props = (Property[]) {
1685 DEFINE_SCSI_DISK_PROPERTIES(),
1686 DEFINE_PROP_END_OF_LIST(),
1687 },
1688 },{
1689 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1690 .qdev.fw_name = "disk",
1691 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1692 .qdev.size = sizeof(SCSIDiskState),
1693 .qdev.reset = scsi_disk_reset,
1694 .init = scsi_disk_initfn,
1695 .destroy = scsi_destroy,
1696 .alloc_req = scsi_new_request,
1697 .unit_attention_reported = scsi_disk_unit_attention_reported,
1698 .qdev.props = (Property[]) {
1699 DEFINE_SCSI_DISK_PROPERTIES(),
1700 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1701 DEFINE_PROP_END_OF_LIST(),
1702 }
1703 }
1704 };
1705
1706 static void scsi_disk_register_devices(void)
1707 {
1708 int i;
1709
1710 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1711 scsi_qdev_register(&scsi_disk_info[i]);
1712 }
1713 }
1714 device_init(scsi_disk_register_devices)
Qemu copy for testing