]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
scsi-disk: small clean up to INQUIRY
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
14 *
15 * This code is licensed under the LGPL.
16 *
17 * Note that this file only handles the SCSI architecture model and device
18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
20 */
21
22 //#define DEBUG_SCSI
23
24 #ifdef DEBUG_SCSI
25 #define DPRINTF(fmt, ...) \
26 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
27 #else
28 #define DPRINTF(fmt, ...) do {} while(0)
29 #endif
30
31 #define BADF(fmt, ...) \
32 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
33
34 #include "qemu-common.h"
35 #include "qemu-error.h"
36 #include "scsi.h"
37 #include "scsi-defs.h"
38 #include "sysemu.h"
39 #include "blockdev.h"
40 #include "block_int.h"
41
42 #define SCSI_DMA_BUF_SIZE 131072
43 #define SCSI_MAX_INQUIRY_LEN 256
44
45 #define SCSI_REQ_STATUS_RETRY 0x01
46 #define SCSI_REQ_STATUS_RETRY_TYPE_MASK 0x06
47 #define SCSI_REQ_STATUS_RETRY_READ 0x00
48 #define SCSI_REQ_STATUS_RETRY_WRITE 0x02
49 #define SCSI_REQ_STATUS_RETRY_FLUSH 0x04
50
51 typedef struct SCSIDiskState SCSIDiskState;
52
53 typedef struct SCSIDiskReq {
54 SCSIRequest req;
55 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
56 uint64_t sector;
57 uint32_t sector_count;
58 uint32_t buflen;
59 struct iovec iov;
60 QEMUIOVector qiov;
61 uint32_t status;
62 BlockAcctCookie acct;
63 } SCSIDiskReq;
64
65 struct SCSIDiskState
66 {
67 SCSIDevice qdev;
68 uint32_t removable;
69 uint64_t max_lba;
70 bool media_changed;
71 bool media_event;
72 QEMUBH *bh;
73 char *version;
74 char *serial;
75 bool tray_open;
76 bool tray_locked;
77 };
78
79 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type);
80 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf);
81
82 static void scsi_free_request(SCSIRequest *req)
83 {
84 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
85
86 if (r->iov.iov_base) {
87 qemu_vfree(r->iov.iov_base);
88 }
89 }
90
91 /* Helper function for command completion with sense. */
92 static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
93 {
94 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
95 r->req.tag, sense.key, sense.asc, sense.ascq);
96 scsi_req_build_sense(&r->req, sense);
97 scsi_req_complete(&r->req, CHECK_CONDITION);
98 }
99
100 /* Cancel a pending data transfer. */
101 static void scsi_cancel_io(SCSIRequest *req)
102 {
103 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
104
105 DPRINTF("Cancel tag=0x%x\n", req->tag);
106 if (r->req.aiocb) {
107 bdrv_aio_cancel(r->req.aiocb);
108 }
109 r->req.aiocb = NULL;
110 }
111
112 static uint32_t scsi_init_iovec(SCSIDiskReq *r)
113 {
114 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
115
116 if (!r->iov.iov_base) {
117 r->buflen = SCSI_DMA_BUF_SIZE;
118 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
119 }
120 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
121 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
122 return r->qiov.size / 512;
123 }
124
125 static void scsi_read_complete(void * opaque, int ret)
126 {
127 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
128 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
129 int n;
130
131 if (r->req.aiocb != NULL) {
132 r->req.aiocb = NULL;
133 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
134 }
135
136 if (ret) {
137 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) {
138 return;
139 }
140 }
141
142 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
143
144 n = r->qiov.size / 512;
145 r->sector += n;
146 r->sector_count -= n;
147 scsi_req_data(&r->req, r->qiov.size);
148 }
149
150 static void scsi_flush_complete(void * opaque, int ret)
151 {
152 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
153 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
154
155 if (r->req.aiocb != NULL) {
156 r->req.aiocb = NULL;
157 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
158 }
159
160 if (ret < 0) {
161 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_FLUSH)) {
162 return;
163 }
164 }
165
166 scsi_req_complete(&r->req, GOOD);
167 }
168
169 /* Read more data from scsi device into buffer. */
170 static void scsi_read_data(SCSIRequest *req)
171 {
172 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
173 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
174 uint32_t n;
175
176 if (r->sector_count == (uint32_t)-1) {
177 DPRINTF("Read buf_len=%zd\n", r->iov.iov_len);
178 r->sector_count = 0;
179 scsi_req_data(&r->req, r->iov.iov_len);
180 return;
181 }
182 DPRINTF("Read sector_count=%d\n", r->sector_count);
183 if (r->sector_count == 0) {
184 /* This also clears the sense buffer for REQUEST SENSE. */
185 scsi_req_complete(&r->req, GOOD);
186 return;
187 }
188
189 /* No data transfer may already be in progress */
190 assert(r->req.aiocb == NULL);
191
192 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
193 DPRINTF("Data transfer direction invalid\n");
194 scsi_read_complete(r, -EINVAL);
195 return;
196 }
197
198 if (s->tray_open) {
199 scsi_read_complete(r, -ENOMEDIUM);
200 }
201 n = scsi_init_iovec(r);
202 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ);
203 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
204 scsi_read_complete, r);
205 if (r->req.aiocb == NULL) {
206 scsi_read_complete(r, -EIO);
207 }
208 }
209
210 static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int type)
211 {
212 int is_read = (type == SCSI_REQ_STATUS_RETRY_READ);
213 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
214 BlockErrorAction action = bdrv_get_on_error(s->qdev.conf.bs, is_read);
215
216 if (action == BLOCK_ERR_IGNORE) {
217 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_IGNORE, is_read);
218 return 0;
219 }
220
221 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
222 || action == BLOCK_ERR_STOP_ANY) {
223
224 type &= SCSI_REQ_STATUS_RETRY_TYPE_MASK;
225 r->status |= SCSI_REQ_STATUS_RETRY | type;
226
227 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_STOP, is_read);
228 vm_stop(RUN_STATE_IO_ERROR);
229 bdrv_iostatus_set_err(s->qdev.conf.bs, error);
230 } else {
231 switch (error) {
232 case ENOMEDIUM:
233 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
234 break;
235 case ENOMEM:
236 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
237 break;
238 case EINVAL:
239 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
240 break;
241 default:
242 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
243 break;
244 }
245 bdrv_mon_event(s->qdev.conf.bs, BDRV_ACTION_REPORT, is_read);
246 }
247 return 1;
248 }
249
250 static void scsi_write_complete(void * opaque, int ret)
251 {
252 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
253 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
254 uint32_t n;
255
256 if (r->req.aiocb != NULL) {
257 r->req.aiocb = NULL;
258 bdrv_acct_done(s->qdev.conf.bs, &r->acct);
259 }
260
261 if (ret) {
262 if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) {
263 return;
264 }
265 }
266
267 n = r->qiov.size / 512;
268 r->sector += n;
269 r->sector_count -= n;
270 if (r->sector_count == 0) {
271 scsi_req_complete(&r->req, GOOD);
272 } else {
273 scsi_init_iovec(r);
274 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
275 scsi_req_data(&r->req, r->qiov.size);
276 }
277 }
278
279 static void scsi_write_data(SCSIRequest *req)
280 {
281 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
282 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
283 uint32_t n;
284
285 /* No data transfer may already be in progress */
286 assert(r->req.aiocb == NULL);
287
288 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
289 DPRINTF("Data transfer direction invalid\n");
290 scsi_write_complete(r, -EINVAL);
291 return;
292 }
293
294 n = r->qiov.size / 512;
295 if (n) {
296 if (s->tray_open) {
297 scsi_write_complete(r, -ENOMEDIUM);
298 }
299 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE);
300 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
301 scsi_write_complete, r);
302 if (r->req.aiocb == NULL) {
303 scsi_write_complete(r, -ENOMEM);
304 }
305 } else {
306 /* Called for the first time. Ask the driver to send us more data. */
307 scsi_write_complete(r, 0);
308 }
309 }
310
311 static void scsi_dma_restart_bh(void *opaque)
312 {
313 SCSIDiskState *s = opaque;
314 SCSIRequest *req;
315 SCSIDiskReq *r;
316
317 qemu_bh_delete(s->bh);
318 s->bh = NULL;
319
320 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
321 r = DO_UPCAST(SCSIDiskReq, req, req);
322 if (r->status & SCSI_REQ_STATUS_RETRY) {
323 int status = r->status;
324
325 r->status &=
326 ~(SCSI_REQ_STATUS_RETRY | SCSI_REQ_STATUS_RETRY_TYPE_MASK);
327
328 switch (status & SCSI_REQ_STATUS_RETRY_TYPE_MASK) {
329 case SCSI_REQ_STATUS_RETRY_READ:
330 scsi_read_data(&r->req);
331 break;
332 case SCSI_REQ_STATUS_RETRY_WRITE:
333 scsi_write_data(&r->req);
334 break;
335 case SCSI_REQ_STATUS_RETRY_FLUSH:
336 scsi_send_command(&r->req, r->req.cmd.buf);
337 break;
338 }
339 }
340 }
341 }
342
343 static void scsi_dma_restart_cb(void *opaque, int running, RunState state)
344 {
345 SCSIDiskState *s = opaque;
346
347 if (!running) {
348 return;
349 }
350 if (!s->bh) {
351 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
352 qemu_bh_schedule(s->bh);
353 }
354 }
355
356 /* Return a pointer to the data buffer. */
357 static uint8_t *scsi_get_buf(SCSIRequest *req)
358 {
359 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
360
361 return (uint8_t *)r->iov.iov_base;
362 }
363
364 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
365 {
366 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
367 int buflen = 0;
368
369 if (req->cmd.buf[1] & 0x2) {
370 /* Command support data - optional, not implemented */
371 BADF("optional INQUIRY command support request not implemented\n");
372 return -1;
373 }
374
375 if (req->cmd.buf[1] & 0x1) {
376 /* Vital product data */
377 uint8_t page_code = req->cmd.buf[2];
378 if (req->cmd.xfer < 4) {
379 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
380 "less than 4\n", page_code, req->cmd.xfer);
381 return -1;
382 }
383
384 outbuf[buflen++] = s->qdev.type & 0x1f;
385 outbuf[buflen++] = page_code ; // this page
386 outbuf[buflen++] = 0x00;
387
388 switch (page_code) {
389 case 0x00: /* Supported page codes, mandatory */
390 {
391 int pages;
392 DPRINTF("Inquiry EVPD[Supported pages] "
393 "buffer size %zd\n", req->cmd.xfer);
394 pages = buflen++;
395 outbuf[buflen++] = 0x00; // list of supported pages (this page)
396 if (s->serial) {
397 outbuf[buflen++] = 0x80; // unit serial number
398 }
399 outbuf[buflen++] = 0x83; // device identification
400 if (s->qdev.type == TYPE_DISK) {
401 outbuf[buflen++] = 0xb0; // block limits
402 outbuf[buflen++] = 0xb2; // thin provisioning
403 }
404 outbuf[pages] = buflen - pages - 1; // number of pages
405 break;
406 }
407 case 0x80: /* Device serial number, optional */
408 {
409 int l;
410
411 if (!s->serial) {
412 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
413 return -1;
414 }
415
416 l = strlen(s->serial);
417 if (l > req->cmd.xfer) {
418 l = req->cmd.xfer;
419 }
420 if (l > 20) {
421 l = 20;
422 }
423
424 DPRINTF("Inquiry EVPD[Serial number] "
425 "buffer size %zd\n", req->cmd.xfer);
426 outbuf[buflen++] = l;
427 memcpy(outbuf+buflen, s->serial, l);
428 buflen += l;
429 break;
430 }
431
432 case 0x83: /* Device identification page, mandatory */
433 {
434 int max_len = 255 - 8;
435 int id_len = strlen(bdrv_get_device_name(s->qdev.conf.bs));
436
437 if (id_len > max_len) {
438 id_len = max_len;
439 }
440 DPRINTF("Inquiry EVPD[Device identification] "
441 "buffer size %zd\n", req->cmd.xfer);
442
443 outbuf[buflen++] = 4 + id_len;
444 outbuf[buflen++] = 0x2; // ASCII
445 outbuf[buflen++] = 0; // not officially assigned
446 outbuf[buflen++] = 0; // reserved
447 outbuf[buflen++] = id_len; // length of data following
448
449 memcpy(outbuf+buflen, bdrv_get_device_name(s->qdev.conf.bs), id_len);
450 buflen += id_len;
451 break;
452 }
453 case 0xb0: /* block limits */
454 {
455 unsigned int unmap_sectors =
456 s->qdev.conf.discard_granularity / s->qdev.blocksize;
457 unsigned int min_io_size =
458 s->qdev.conf.min_io_size / s->qdev.blocksize;
459 unsigned int opt_io_size =
460 s->qdev.conf.opt_io_size / s->qdev.blocksize;
461
462 if (s->qdev.type == TYPE_ROM) {
463 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
464 page_code);
465 return -1;
466 }
467 /* required VPD size with unmap support */
468 outbuf[3] = buflen = 0x3c;
469
470 memset(outbuf + 4, 0, buflen - 4);
471
472 /* optimal transfer length granularity */
473 outbuf[6] = (min_io_size >> 8) & 0xff;
474 outbuf[7] = min_io_size & 0xff;
475
476 /* optimal transfer length */
477 outbuf[12] = (opt_io_size >> 24) & 0xff;
478 outbuf[13] = (opt_io_size >> 16) & 0xff;
479 outbuf[14] = (opt_io_size >> 8) & 0xff;
480 outbuf[15] = opt_io_size & 0xff;
481
482 /* optimal unmap granularity */
483 outbuf[28] = (unmap_sectors >> 24) & 0xff;
484 outbuf[29] = (unmap_sectors >> 16) & 0xff;
485 outbuf[30] = (unmap_sectors >> 8) & 0xff;
486 outbuf[31] = unmap_sectors & 0xff;
487 break;
488 }
489 case 0xb2: /* thin provisioning */
490 {
491 outbuf[3] = buflen = 8;
492 outbuf[4] = 0;
493 outbuf[5] = 0x40; /* write same with unmap supported */
494 outbuf[6] = 0;
495 outbuf[7] = 0;
496 break;
497 }
498 default:
499 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
500 "buffer size %zd\n", page_code, req->cmd.xfer);
501 return -1;
502 }
503 /* done with EVPD */
504 return buflen;
505 }
506
507 /* Standard INQUIRY data */
508 if (req->cmd.buf[2] != 0) {
509 BADF("Error: Inquiry (STANDARD) page or code "
510 "is non-zero [%02X]\n", req->cmd.buf[2]);
511 return -1;
512 }
513
514 /* PAGE CODE == 0 */
515 if (req->cmd.xfer < 5) {
516 BADF("Error: Inquiry (STANDARD) buffer size %zd "
517 "is less than 5\n", req->cmd.xfer);
518 return -1;
519 }
520
521 buflen = req->cmd.xfer;
522 if (buflen > SCSI_MAX_INQUIRY_LEN) {
523 buflen = SCSI_MAX_INQUIRY_LEN;
524 }
525 memset(outbuf, 0, buflen);
526
527 outbuf[0] = s->qdev.type & 0x1f;
528 outbuf[1] = s->removable ? 0x80 : 0;
529 if (s->qdev.type == TYPE_ROM) {
530 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
531 } else {
532 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
533 }
534 memcpy(&outbuf[8], "QEMU ", 8);
535 memset(&outbuf[32], 0, 4);
536 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
537 /*
538 * We claim conformance to SPC-3, which is required for guests
539 * to ask for modern features like READ CAPACITY(16) or the
540 * block characteristics VPD page by default. Not all of SPC-3
541 * is actually implemented, but we're good enough.
542 */
543 outbuf[2] = 5;
544 outbuf[3] = 2; /* Format 2 */
545
546 if (buflen > 36) {
547 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
548 } else {
549 /* If the allocation length of CDB is too small,
550 the additional length is not adjusted */
551 outbuf[4] = 36 - 5;
552 }
553
554 /* Sync data transfer and TCQ. */
555 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
556 return buflen;
557 }
558
559 static inline bool media_is_dvd(SCSIDiskState *s)
560 {
561 uint64_t nb_sectors;
562 if (s->qdev.type != TYPE_ROM) {
563 return false;
564 }
565 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
566 return false;
567 }
568 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
569 return nb_sectors > CD_MAX_SECTORS;
570 }
571
572 static inline bool media_is_cd(SCSIDiskState *s)
573 {
574 uint64_t nb_sectors;
575 if (s->qdev.type != TYPE_ROM) {
576 return false;
577 }
578 if (!bdrv_is_inserted(s->qdev.conf.bs)) {
579 return false;
580 }
581 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
582 return nb_sectors <= CD_MAX_SECTORS;
583 }
584
585 static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
586 uint8_t *outbuf)
587 {
588 static const int rds_caps_size[5] = {
589 [0] = 2048 + 4,
590 [1] = 4 + 4,
591 [3] = 188 + 4,
592 [4] = 2048 + 4,
593 };
594
595 uint8_t media = r->req.cmd.buf[1];
596 uint8_t layer = r->req.cmd.buf[6];
597 uint8_t format = r->req.cmd.buf[7];
598 int size = -1;
599
600 if (s->qdev.type != TYPE_ROM) {
601 return -1;
602 }
603 if (media != 0) {
604 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
605 return -1;
606 }
607
608 if (format != 0xff) {
609 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
610 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
611 return -1;
612 }
613 if (media_is_cd(s)) {
614 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
615 return -1;
616 }
617 if (format >= ARRAY_SIZE(rds_caps_size)) {
618 return -1;
619 }
620 size = rds_caps_size[format];
621 memset(outbuf, 0, size);
622 }
623
624 switch (format) {
625 case 0x00: {
626 /* Physical format information */
627 uint64_t nb_sectors;
628 if (layer != 0) {
629 goto fail;
630 }
631 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
632
633 outbuf[4] = 1; /* DVD-ROM, part version 1 */
634 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
635 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
636 outbuf[7] = 0; /* default densities */
637
638 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
639 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
640 break;
641 }
642
643 case 0x01: /* DVD copyright information, all zeros */
644 break;
645
646 case 0x03: /* BCA information - invalid field for no BCA info */
647 return -1;
648
649 case 0x04: /* DVD disc manufacturing information, all zeros */
650 break;
651
652 case 0xff: { /* List capabilities */
653 int i;
654 size = 4;
655 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
656 if (!rds_caps_size[i]) {
657 continue;
658 }
659 outbuf[size] = i;
660 outbuf[size + 1] = 0x40; /* Not writable, readable */
661 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
662 size += 4;
663 }
664 break;
665 }
666
667 default:
668 return -1;
669 }
670
671 /* Size of buffer, not including 2 byte size field */
672 stw_be_p(outbuf, size - 2);
673 return size;
674
675 fail:
676 return -1;
677 }
678
679 static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
680 {
681 uint8_t event_code, media_status;
682
683 media_status = 0;
684 if (s->tray_open) {
685 media_status = MS_TRAY_OPEN;
686 } else if (bdrv_is_inserted(s->qdev.conf.bs)) {
687 media_status = MS_MEDIA_PRESENT;
688 }
689
690 /* Event notification descriptor */
691 event_code = MEC_NO_CHANGE;
692 if (media_status != MS_TRAY_OPEN && s->media_event) {
693 event_code = MEC_NEW_MEDIA;
694 s->media_event = false;
695 }
696
697 outbuf[0] = event_code;
698 outbuf[1] = media_status;
699
700 /* These fields are reserved, just clear them. */
701 outbuf[2] = 0;
702 outbuf[3] = 0;
703 return 4;
704 }
705
706 static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
707 uint8_t *outbuf)
708 {
709 int size;
710 uint8_t *buf = r->req.cmd.buf;
711 uint8_t notification_class_request = buf[4];
712 if (s->qdev.type != TYPE_ROM) {
713 return -1;
714 }
715 if ((buf[1] & 1) == 0) {
716 /* asynchronous */
717 return -1;
718 }
719
720 size = 4;
721 outbuf[0] = outbuf[1] = 0;
722 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
723 if (notification_class_request & (1 << GESN_MEDIA)) {
724 outbuf[2] = GESN_MEDIA;
725 size += scsi_event_status_media(s, &outbuf[size]);
726 } else {
727 outbuf[2] = 0x80;
728 }
729 stw_be_p(outbuf, size - 4);
730 return size;
731 }
732
733 static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
734 {
735 int current;
736
737 if (s->qdev.type != TYPE_ROM) {
738 return -1;
739 }
740 current = media_is_dvd(s) ? MMC_PROFILE_DVD_ROM : MMC_PROFILE_CD_ROM;
741 memset(outbuf, 0, 40);
742 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
743 stw_be_p(&outbuf[6], current);
744 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
745 outbuf[10] = 0x03; /* persistent, current */
746 outbuf[11] = 8; /* two profiles */
747 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
748 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
749 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
750 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
751 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
752 stw_be_p(&outbuf[20], 1);
753 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
754 outbuf[23] = 8;
755 stl_be_p(&outbuf[24], 1); /* SCSI */
756 outbuf[28] = 1; /* DBE = 1, mandatory */
757 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
758 stw_be_p(&outbuf[32], 3);
759 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
760 outbuf[35] = 4;
761 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
762 /* TODO: Random readable, CD read, DVD read, drive serial number,
763 power management */
764 return 40;
765 }
766
767 static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
768 {
769 if (s->qdev.type != TYPE_ROM) {
770 return -1;
771 }
772 memset(outbuf, 0, 8);
773 outbuf[5] = 1; /* CD-ROM */
774 return 8;
775 }
776
777 static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
778 int page_control)
779 {
780 static const int mode_sense_valid[0x3f] = {
781 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
782 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
783 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
784 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
785 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
786 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
787 };
788
789 BlockDriverState *bdrv = s->qdev.conf.bs;
790 int cylinders, heads, secs;
791 uint8_t *p = *p_outbuf;
792
793 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
794 return -1;
795 }
796
797 p[0] = page;
798
799 /*
800 * If Changeable Values are requested, a mask denoting those mode parameters
801 * that are changeable shall be returned. As we currently don't support
802 * parameter changes via MODE_SELECT all bits are returned set to zero.
803 * The buffer was already menset to zero by the caller of this function.
804 */
805 switch (page) {
806 case MODE_PAGE_HD_GEOMETRY:
807 p[1] = 0x16;
808 if (page_control == 1) { /* Changeable Values */
809 break;
810 }
811 /* if a geometry hint is available, use it */
812 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
813 p[2] = (cylinders >> 16) & 0xff;
814 p[3] = (cylinders >> 8) & 0xff;
815 p[4] = cylinders & 0xff;
816 p[5] = heads & 0xff;
817 /* Write precomp start cylinder, disabled */
818 p[6] = (cylinders >> 16) & 0xff;
819 p[7] = (cylinders >> 8) & 0xff;
820 p[8] = cylinders & 0xff;
821 /* Reduced current start cylinder, disabled */
822 p[9] = (cylinders >> 16) & 0xff;
823 p[10] = (cylinders >> 8) & 0xff;
824 p[11] = cylinders & 0xff;
825 /* Device step rate [ns], 200ns */
826 p[12] = 0;
827 p[13] = 200;
828 /* Landing zone cylinder */
829 p[14] = 0xff;
830 p[15] = 0xff;
831 p[16] = 0xff;
832 /* Medium rotation rate [rpm], 5400 rpm */
833 p[20] = (5400 >> 8) & 0xff;
834 p[21] = 5400 & 0xff;
835 break;
836
837 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
838 p[1] = 0x1e;
839 if (page_control == 1) { /* Changeable Values */
840 break;
841 }
842 /* Transfer rate [kbit/s], 5Mbit/s */
843 p[2] = 5000 >> 8;
844 p[3] = 5000 & 0xff;
845 /* if a geometry hint is available, use it */
846 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
847 p[4] = heads & 0xff;
848 p[5] = secs & 0xff;
849 p[6] = s->qdev.blocksize >> 8;
850 p[8] = (cylinders >> 8) & 0xff;
851 p[9] = cylinders & 0xff;
852 /* Write precomp start cylinder, disabled */
853 p[10] = (cylinders >> 8) & 0xff;
854 p[11] = cylinders & 0xff;
855 /* Reduced current start cylinder, disabled */
856 p[12] = (cylinders >> 8) & 0xff;
857 p[13] = cylinders & 0xff;
858 /* Device step rate [100us], 100us */
859 p[14] = 0;
860 p[15] = 1;
861 /* Device step pulse width [us], 1us */
862 p[16] = 1;
863 /* Device head settle delay [100us], 100us */
864 p[17] = 0;
865 p[18] = 1;
866 /* Motor on delay [0.1s], 0.1s */
867 p[19] = 1;
868 /* Motor off delay [0.1s], 0.1s */
869 p[20] = 1;
870 /* Medium rotation rate [rpm], 5400 rpm */
871 p[28] = (5400 >> 8) & 0xff;
872 p[29] = 5400 & 0xff;
873 break;
874
875 case MODE_PAGE_CACHING:
876 p[0] = 8;
877 p[1] = 0x12;
878 if (page_control == 1) { /* Changeable Values */
879 break;
880 }
881 if (bdrv_enable_write_cache(s->qdev.conf.bs)) {
882 p[2] = 4; /* WCE */
883 }
884 break;
885
886 case MODE_PAGE_R_W_ERROR:
887 p[1] = 10;
888 p[2] = 0x80; /* Automatic Write Reallocation Enabled */
889 if (s->qdev.type == TYPE_ROM) {
890 p[3] = 0x20; /* Read Retry Count */
891 }
892 break;
893
894 case MODE_PAGE_AUDIO_CTL:
895 p[1] = 14;
896 break;
897
898 case MODE_PAGE_CAPABILITIES:
899 p[1] = 0x14;
900 if (page_control == 1) { /* Changeable Values */
901 break;
902 }
903
904 p[2] = 0x3b; /* CD-R & CD-RW read */
905 p[3] = 0; /* Writing not supported */
906 p[4] = 0x7f; /* Audio, composite, digital out,
907 mode 2 form 1&2, multi session */
908 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
909 RW corrected, C2 errors, ISRC,
910 UPC, Bar code */
911 p[6] = 0x2d | (s->tray_locked ? 2 : 0);
912 /* Locking supported, jumper present, eject, tray */
913 p[7] = 0; /* no volume & mute control, no
914 changer */
915 p[8] = (50 * 176) >> 8; /* 50x read speed */
916 p[9] = (50 * 176) & 0xff;
917 p[10] = 2 >> 8; /* Two volume levels */
918 p[11] = 2 & 0xff;
919 p[12] = 2048 >> 8; /* 2M buffer */
920 p[13] = 2048 & 0xff;
921 p[14] = (16 * 176) >> 8; /* 16x read speed current */
922 p[15] = (16 * 176) & 0xff;
923 p[18] = (16 * 176) >> 8; /* 16x write speed */
924 p[19] = (16 * 176) & 0xff;
925 p[20] = (16 * 176) >> 8; /* 16x write speed current */
926 p[21] = (16 * 176) & 0xff;
927 break;
928
929 default:
930 return -1;
931 }
932
933 *p_outbuf += p[1] + 2;
934 return p[1] + 2;
935 }
936
937 static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
938 {
939 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
940 uint64_t nb_sectors;
941 int page, dbd, buflen, ret, page_control;
942 uint8_t *p;
943 uint8_t dev_specific_param;
944
945 dbd = r->req.cmd.buf[1] & 0x8;
946 page = r->req.cmd.buf[2] & 0x3f;
947 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
948 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
949 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
950 memset(outbuf, 0, r->req.cmd.xfer);
951 p = outbuf;
952
953 if (bdrv_is_read_only(s->qdev.conf.bs)) {
954 dev_specific_param = 0x80; /* Readonly. */
955 } else {
956 dev_specific_param = 0x00;
957 }
958
959 if (r->req.cmd.buf[0] == MODE_SENSE) {
960 p[1] = 0; /* Default media type. */
961 p[2] = dev_specific_param;
962 p[3] = 0; /* Block descriptor length. */
963 p += 4;
964 } else { /* MODE_SENSE_10 */
965 p[2] = 0; /* Default media type. */
966 p[3] = dev_specific_param;
967 p[6] = p[7] = 0; /* Block descriptor length. */
968 p += 8;
969 }
970
971 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
972 if (!dbd && nb_sectors) {
973 if (r->req.cmd.buf[0] == MODE_SENSE) {
974 outbuf[3] = 8; /* Block descriptor length */
975 } else { /* MODE_SENSE_10 */
976 outbuf[7] = 8; /* Block descriptor length */
977 }
978 nb_sectors /= (s->qdev.blocksize / 512);
979 if (nb_sectors > 0xffffff) {
980 nb_sectors = 0;
981 }
982 p[0] = 0; /* media density code */
983 p[1] = (nb_sectors >> 16) & 0xff;
984 p[2] = (nb_sectors >> 8) & 0xff;
985 p[3] = nb_sectors & 0xff;
986 p[4] = 0; /* reserved */
987 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
988 p[6] = s->qdev.blocksize >> 8;
989 p[7] = 0;
990 p += 8;
991 }
992
993 if (page_control == 3) {
994 /* Saved Values */
995 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
996 return -1;
997 }
998
999 if (page == 0x3f) {
1000 for (page = 0; page <= 0x3e; page++) {
1001 mode_sense_page(s, page, &p, page_control);
1002 }
1003 } else {
1004 ret = mode_sense_page(s, page, &p, page_control);
1005 if (ret == -1) {
1006 return -1;
1007 }
1008 }
1009
1010 buflen = p - outbuf;
1011 /*
1012 * The mode data length field specifies the length in bytes of the
1013 * following data that is available to be transferred. The mode data
1014 * length does not include itself.
1015 */
1016 if (r->req.cmd.buf[0] == MODE_SENSE) {
1017 outbuf[0] = buflen - 1;
1018 } else { /* MODE_SENSE_10 */
1019 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1020 outbuf[1] = (buflen - 2) & 0xff;
1021 }
1022 if (buflen > r->req.cmd.xfer) {
1023 buflen = r->req.cmd.xfer;
1024 }
1025 return buflen;
1026 }
1027
1028 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1029 {
1030 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1031 int start_track, format, msf, toclen;
1032 uint64_t nb_sectors;
1033
1034 msf = req->cmd.buf[1] & 2;
1035 format = req->cmd.buf[2] & 0xf;
1036 start_track = req->cmd.buf[6];
1037 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1038 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
1039 nb_sectors /= s->qdev.blocksize / 512;
1040 switch (format) {
1041 case 0:
1042 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1043 break;
1044 case 1:
1045 /* multi session : only a single session defined */
1046 toclen = 12;
1047 memset(outbuf, 0, 12);
1048 outbuf[1] = 0x0a;
1049 outbuf[2] = 0x01;
1050 outbuf[3] = 0x01;
1051 break;
1052 case 2:
1053 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1054 break;
1055 default:
1056 return -1;
1057 }
1058 if (toclen > req->cmd.xfer) {
1059 toclen = req->cmd.xfer;
1060 }
1061 return toclen;
1062 }
1063
1064 static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
1065 {
1066 SCSIRequest *req = &r->req;
1067 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1068 bool start = req->cmd.buf[4] & 1;
1069 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
1070
1071 if (s->qdev.type == TYPE_ROM && loej) {
1072 if (!start && !s->tray_open && s->tray_locked) {
1073 scsi_check_condition(r,
1074 bdrv_is_inserted(s->qdev.conf.bs)
1075 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1076 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1077 return -1;
1078 }
1079 bdrv_eject(s->qdev.conf.bs, !start);
1080 s->tray_open = !start;
1081 }
1082 return 0;
1083 }
1084
1085 static int scsi_disk_emulate_command(SCSIDiskReq *r)
1086 {
1087 SCSIRequest *req = &r->req;
1088 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1089 uint64_t nb_sectors;
1090 uint8_t *outbuf;
1091 int buflen = 0;
1092
1093 if (!r->iov.iov_base) {
1094 /*
1095 * FIXME: we shouldn't return anything bigger than 4k, but the code
1096 * requires the buffer to be as big as req->cmd.xfer in several
1097 * places. So, do not allow CDBs with a very large ALLOCATION
1098 * LENGTH. The real fix would be to modify scsi_read_data and
1099 * dma_buf_read, so that they return data beyond the buflen
1100 * as all zeros.
1101 */
1102 if (req->cmd.xfer > 65536) {
1103 goto illegal_request;
1104 }
1105 r->buflen = MAX(4096, req->cmd.xfer);
1106 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
1107 }
1108
1109 outbuf = r->iov.iov_base;
1110 switch (req->cmd.buf[0]) {
1111 case TEST_UNIT_READY:
1112 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1113 goto not_ready;
1114 }
1115 break;
1116 case INQUIRY:
1117 buflen = scsi_disk_emulate_inquiry(req, outbuf);
1118 if (buflen < 0) {
1119 goto illegal_request;
1120 }
1121 break;
1122 case MODE_SENSE:
1123 case MODE_SENSE_10:
1124 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
1125 if (buflen < 0) {
1126 goto illegal_request;
1127 }
1128 break;
1129 case READ_TOC:
1130 buflen = scsi_disk_emulate_read_toc(req, outbuf);
1131 if (buflen < 0) {
1132 goto illegal_request;
1133 }
1134 break;
1135 case RESERVE:
1136 if (req->cmd.buf[1] & 1) {
1137 goto illegal_request;
1138 }
1139 break;
1140 case RESERVE_10:
1141 if (req->cmd.buf[1] & 3) {
1142 goto illegal_request;
1143 }
1144 break;
1145 case RELEASE:
1146 if (req->cmd.buf[1] & 1) {
1147 goto illegal_request;
1148 }
1149 break;
1150 case RELEASE_10:
1151 if (req->cmd.buf[1] & 3) {
1152 goto illegal_request;
1153 }
1154 break;
1155 case START_STOP:
1156 if (scsi_disk_emulate_start_stop(r) < 0) {
1157 return -1;
1158 }
1159 break;
1160 case ALLOW_MEDIUM_REMOVAL:
1161 s->tray_locked = req->cmd.buf[4] & 1;
1162 bdrv_lock_medium(s->qdev.conf.bs, req->cmd.buf[4] & 1);
1163 break;
1164 case READ_CAPACITY_10:
1165 /* The normal LEN field for this command is zero. */
1166 memset(outbuf, 0, 8);
1167 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1168 if (!nb_sectors) {
1169 goto not_ready;
1170 }
1171 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1172 goto illegal_request;
1173 }
1174 nb_sectors /= s->qdev.blocksize / 512;
1175 /* Returned value is the address of the last sector. */
1176 nb_sectors--;
1177 /* Remember the new size for read/write sanity checking. */
1178 s->max_lba = nb_sectors;
1179 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
1180 if (nb_sectors > UINT32_MAX) {
1181 nb_sectors = UINT32_MAX;
1182 }
1183 outbuf[0] = (nb_sectors >> 24) & 0xff;
1184 outbuf[1] = (nb_sectors >> 16) & 0xff;
1185 outbuf[2] = (nb_sectors >> 8) & 0xff;
1186 outbuf[3] = nb_sectors & 0xff;
1187 outbuf[4] = 0;
1188 outbuf[5] = 0;
1189 outbuf[6] = s->qdev.blocksize >> 8;
1190 outbuf[7] = 0;
1191 buflen = 8;
1192 break;
1193 case MECHANISM_STATUS:
1194 buflen = scsi_emulate_mechanism_status(s, outbuf);
1195 if (buflen < 0) {
1196 goto illegal_request;
1197 }
1198 break;
1199 case GET_CONFIGURATION:
1200 buflen = scsi_get_configuration(s, outbuf);
1201 if (buflen < 0) {
1202 goto illegal_request;
1203 }
1204 break;
1205 case GET_EVENT_STATUS_NOTIFICATION:
1206 buflen = scsi_get_event_status_notification(s, r, outbuf);
1207 if (buflen < 0) {
1208 goto illegal_request;
1209 }
1210 break;
1211 case READ_DVD_STRUCTURE:
1212 buflen = scsi_read_dvd_structure(s, r, outbuf);
1213 if (buflen < 0) {
1214 goto illegal_request;
1215 }
1216 break;
1217 case SERVICE_ACTION_IN_16:
1218 /* Service Action In subcommands. */
1219 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
1220 DPRINTF("SAI READ CAPACITY(16)\n");
1221 memset(outbuf, 0, req->cmd.xfer);
1222 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1223 if (!nb_sectors) {
1224 goto not_ready;
1225 }
1226 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
1227 goto illegal_request;
1228 }
1229 nb_sectors /= s->qdev.blocksize / 512;
1230 /* Returned value is the address of the last sector. */
1231 nb_sectors--;
1232 /* Remember the new size for read/write sanity checking. */
1233 s->max_lba = nb_sectors;
1234 outbuf[0] = (nb_sectors >> 56) & 0xff;
1235 outbuf[1] = (nb_sectors >> 48) & 0xff;
1236 outbuf[2] = (nb_sectors >> 40) & 0xff;
1237 outbuf[3] = (nb_sectors >> 32) & 0xff;
1238 outbuf[4] = (nb_sectors >> 24) & 0xff;
1239 outbuf[5] = (nb_sectors >> 16) & 0xff;
1240 outbuf[6] = (nb_sectors >> 8) & 0xff;
1241 outbuf[7] = nb_sectors & 0xff;
1242 outbuf[8] = 0;
1243 outbuf[9] = 0;
1244 outbuf[10] = s->qdev.blocksize >> 8;
1245 outbuf[11] = 0;
1246 outbuf[12] = 0;
1247 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
1248
1249 /* set TPE bit if the format supports discard */
1250 if (s->qdev.conf.discard_granularity) {
1251 outbuf[14] = 0x80;
1252 }
1253
1254 /* Protection, exponent and lowest lba field left blank. */
1255 buflen = req->cmd.xfer;
1256 break;
1257 }
1258 DPRINTF("Unsupported Service Action In\n");
1259 goto illegal_request;
1260 case VERIFY_10:
1261 break;
1262 default:
1263 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1264 return -1;
1265 }
1266 return buflen;
1267
1268 not_ready:
1269 if (s->tray_open || !bdrv_is_inserted(s->qdev.conf.bs)) {
1270 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1271 } else {
1272 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
1273 }
1274 return -1;
1275
1276 illegal_request:
1277 if (r->req.status == -1) {
1278 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1279 }
1280 return -1;
1281 }
1282
1283 /* Execute a scsi command. Returns the length of the data expected by the
1284 command. This will be Positive for data transfers from the device
1285 (eg. disk reads), negative for transfers to the device (eg. disk writes),
1286 and zero if the command does not transfer any data. */
1287
1288 static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf)
1289 {
1290 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1291 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1292 int32_t len;
1293 uint8_t command;
1294 int rc;
1295
1296 command = buf[0];
1297 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", req->lun, req->tag, buf[0]);
1298
1299 #ifdef DEBUG_SCSI
1300 {
1301 int i;
1302 for (i = 1; i < r->req.cmd.len; i++) {
1303 printf(" 0x%02x", buf[i]);
1304 }
1305 printf("\n");
1306 }
1307 #endif
1308
1309 switch (command) {
1310 case TEST_UNIT_READY:
1311 case INQUIRY:
1312 case MODE_SENSE:
1313 case MODE_SENSE_10:
1314 case RESERVE:
1315 case RESERVE_10:
1316 case RELEASE:
1317 case RELEASE_10:
1318 case START_STOP:
1319 case ALLOW_MEDIUM_REMOVAL:
1320 case READ_CAPACITY_10:
1321 case READ_TOC:
1322 case READ_DVD_STRUCTURE:
1323 case GET_CONFIGURATION:
1324 case GET_EVENT_STATUS_NOTIFICATION:
1325 case MECHANISM_STATUS:
1326 case SERVICE_ACTION_IN_16:
1327 case VERIFY_10:
1328 rc = scsi_disk_emulate_command(r);
1329 if (rc < 0) {
1330 return 0;
1331 }
1332
1333 r->iov.iov_len = rc;
1334 break;
1335 case SYNCHRONIZE_CACHE:
1336 bdrv_acct_start(s->qdev.conf.bs, &r->acct, 0, BDRV_ACCT_FLUSH);
1337 r->req.aiocb = bdrv_aio_flush(s->qdev.conf.bs, scsi_flush_complete, r);
1338 if (r->req.aiocb == NULL) {
1339 scsi_flush_complete(r, -EIO);
1340 }
1341 return 0;
1342 case READ_6:
1343 case READ_10:
1344 case READ_12:
1345 case READ_16:
1346 len = r->req.cmd.xfer / s->qdev.blocksize;
1347 DPRINTF("Read (sector %" PRId64 ", count %d)\n", r->req.cmd.lba, len);
1348 if (r->req.cmd.lba > s->max_lba) {
1349 goto illegal_lba;
1350 }
1351 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1352 r->sector_count = len * (s->qdev.blocksize / 512);
1353 break;
1354 case WRITE_6:
1355 case WRITE_10:
1356 case WRITE_12:
1357 case WRITE_16:
1358 case WRITE_VERIFY_10:
1359 case WRITE_VERIFY_12:
1360 case WRITE_VERIFY_16:
1361 len = r->req.cmd.xfer / s->qdev.blocksize;
1362 DPRINTF("Write %s(sector %" PRId64 ", count %d)\n",
1363 (command & 0xe) == 0xe ? "And Verify " : "",
1364 r->req.cmd.lba, len);
1365 if (r->req.cmd.lba > s->max_lba) {
1366 goto illegal_lba;
1367 }
1368 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1369 r->sector_count = len * (s->qdev.blocksize / 512);
1370 break;
1371 case MODE_SELECT:
1372 DPRINTF("Mode Select(6) (len %lu)\n", (long)r->req.cmd.xfer);
1373 /* We don't support mode parameter changes.
1374 Allow the mode parameter header + block descriptors only. */
1375 if (r->req.cmd.xfer > 12) {
1376 goto fail;
1377 }
1378 break;
1379 case MODE_SELECT_10:
1380 DPRINTF("Mode Select(10) (len %lu)\n", (long)r->req.cmd.xfer);
1381 /* We don't support mode parameter changes.
1382 Allow the mode parameter header + block descriptors only. */
1383 if (r->req.cmd.xfer > 16) {
1384 goto fail;
1385 }
1386 break;
1387 case SEEK_6:
1388 case SEEK_10:
1389 DPRINTF("Seek(%d) (sector %" PRId64 ")\n", command == SEEK_6 ? 6 : 10,
1390 r->req.cmd.lba);
1391 if (r->req.cmd.lba > s->max_lba) {
1392 goto illegal_lba;
1393 }
1394 break;
1395 case WRITE_SAME_16:
1396 len = r->req.cmd.xfer / s->qdev.blocksize;
1397
1398 DPRINTF("WRITE SAME(16) (sector %" PRId64 ", count %d)\n",
1399 r->req.cmd.lba, len);
1400
1401 if (r->req.cmd.lba > s->max_lba) {
1402 goto illegal_lba;
1403 }
1404
1405 /*
1406 * We only support WRITE SAME with the unmap bit set for now.
1407 */
1408 if (!(buf[1] & 0x8)) {
1409 goto fail;
1410 }
1411
1412 rc = bdrv_discard(s->qdev.conf.bs,
1413 r->req.cmd.lba * (s->qdev.blocksize / 512),
1414 len * (s->qdev.blocksize / 512));
1415 if (rc < 0) {
1416 /* XXX: better error code ?*/
1417 goto fail;
1418 }
1419
1420 break;
1421 case REQUEST_SENSE:
1422 abort();
1423 default:
1424 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
1425 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
1426 return 0;
1427 fail:
1428 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1429 return 0;
1430 illegal_lba:
1431 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1432 return 0;
1433 }
1434 if (r->sector_count == 0 && r->iov.iov_len == 0) {
1435 scsi_req_complete(&r->req, GOOD);
1436 }
1437 len = r->sector_count * 512 + r->iov.iov_len;
1438 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
1439 return -len;
1440 } else {
1441 if (!r->sector_count) {
1442 r->sector_count = -1;
1443 }
1444 return len;
1445 }
1446 }
1447
1448 static void scsi_disk_reset(DeviceState *dev)
1449 {
1450 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
1451 uint64_t nb_sectors;
1452
1453 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
1454
1455 bdrv_get_geometry(s->qdev.conf.bs, &nb_sectors);
1456 nb_sectors /= s->qdev.blocksize / 512;
1457 if (nb_sectors) {
1458 nb_sectors--;
1459 }
1460 s->max_lba = nb_sectors;
1461 }
1462
1463 static void scsi_destroy(SCSIDevice *dev)
1464 {
1465 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1466
1467 scsi_device_purge_requests(&s->qdev, SENSE_CODE(NO_SENSE));
1468 blockdev_mark_auto_del(s->qdev.conf.bs);
1469 }
1470
1471 static void scsi_cd_change_media_cb(void *opaque, bool load)
1472 {
1473 SCSIDiskState *s = opaque;
1474
1475 /*
1476 * When a CD gets changed, we have to report an ejected state and
1477 * then a loaded state to guests so that they detect tray
1478 * open/close and media change events. Guests that do not use
1479 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
1480 * states rely on this behavior.
1481 *
1482 * media_changed governs the state machine used for unit attention
1483 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
1484 */
1485 s->media_changed = load;
1486 s->tray_open = !load;
1487 s->qdev.unit_attention = SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM);
1488 s->media_event = true;
1489 }
1490
1491 static bool scsi_cd_is_tray_open(void *opaque)
1492 {
1493 return ((SCSIDiskState *)opaque)->tray_open;
1494 }
1495
1496 static bool scsi_cd_is_medium_locked(void *opaque)
1497 {
1498 return ((SCSIDiskState *)opaque)->tray_locked;
1499 }
1500
1501 static const BlockDevOps scsi_cd_block_ops = {
1502 .change_media_cb = scsi_cd_change_media_cb,
1503 .is_tray_open = scsi_cd_is_tray_open,
1504 .is_medium_locked = scsi_cd_is_medium_locked,
1505 };
1506
1507 static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
1508 {
1509 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1510 if (s->media_changed) {
1511 s->media_changed = false;
1512 s->qdev.unit_attention = SENSE_CODE(MEDIUM_CHANGED);
1513 }
1514 }
1515
1516 static int scsi_initfn(SCSIDevice *dev)
1517 {
1518 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1519 DriveInfo *dinfo;
1520
1521 if (!s->qdev.conf.bs) {
1522 error_report("scsi-disk: drive property not set");
1523 return -1;
1524 }
1525
1526 if (!s->removable && !bdrv_is_inserted(s->qdev.conf.bs)) {
1527 error_report("Device needs media, but drive is empty");
1528 return -1;
1529 }
1530
1531 if (!s->serial) {
1532 /* try to fall back to value set with legacy -drive serial=... */
1533 dinfo = drive_get_by_blockdev(s->qdev.conf.bs);
1534 if (*dinfo->serial) {
1535 s->serial = g_strdup(dinfo->serial);
1536 }
1537 }
1538
1539 if (!s->version) {
1540 s->version = g_strdup(QEMU_VERSION);
1541 }
1542
1543 if (bdrv_is_sg(s->qdev.conf.bs)) {
1544 error_report("scsi-disk: unwanted /dev/sg*");
1545 return -1;
1546 }
1547
1548 if (s->removable) {
1549 bdrv_set_dev_ops(s->qdev.conf.bs, &scsi_cd_block_ops, s);
1550 }
1551 bdrv_set_buffer_alignment(s->qdev.conf.bs, s->qdev.blocksize);
1552
1553 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1554 bdrv_iostatus_enable(s->qdev.conf.bs);
1555 add_boot_device_path(s->qdev.conf.bootindex, &dev->qdev, ",0");
1556 return 0;
1557 }
1558
1559 static int scsi_hd_initfn(SCSIDevice *dev)
1560 {
1561 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1562 s->qdev.blocksize = s->qdev.conf.logical_block_size;
1563 s->qdev.type = TYPE_DISK;
1564 return scsi_initfn(&s->qdev);
1565 }
1566
1567 static int scsi_cd_initfn(SCSIDevice *dev)
1568 {
1569 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
1570 s->qdev.blocksize = 2048;
1571 s->qdev.type = TYPE_ROM;
1572 s->removable = true;
1573 return scsi_initfn(&s->qdev);
1574 }
1575
1576 static int scsi_disk_initfn(SCSIDevice *dev)
1577 {
1578 DriveInfo *dinfo;
1579
1580 if (!dev->conf.bs) {
1581 return scsi_initfn(dev); /* ... and die there */
1582 }
1583
1584 dinfo = drive_get_by_blockdev(dev->conf.bs);
1585 if (dinfo->media_cd) {
1586 return scsi_cd_initfn(dev);
1587 } else {
1588 return scsi_hd_initfn(dev);
1589 }
1590 }
1591
1592 static SCSIReqOps scsi_disk_reqops = {
1593 .size = sizeof(SCSIDiskReq),
1594 .free_req = scsi_free_request,
1595 .send_command = scsi_send_command,
1596 .read_data = scsi_read_data,
1597 .write_data = scsi_write_data,
1598 .cancel_io = scsi_cancel_io,
1599 .get_buf = scsi_get_buf,
1600 };
1601
1602 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag,
1603 uint32_t lun, void *hba_private)
1604 {
1605 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
1606 SCSIRequest *req;
1607
1608 req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private);
1609 return req;
1610 }
1611
1612 #define DEFINE_SCSI_DISK_PROPERTIES() \
1613 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
1614 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
1615 DEFINE_PROP_STRING("serial", SCSIDiskState, serial)
1616
1617 static SCSIDeviceInfo scsi_disk_info[] = {
1618 {
1619 .qdev.name = "scsi-hd",
1620 .qdev.fw_name = "disk",
1621 .qdev.desc = "virtual SCSI disk",
1622 .qdev.size = sizeof(SCSIDiskState),
1623 .qdev.reset = scsi_disk_reset,
1624 .init = scsi_hd_initfn,
1625 .destroy = scsi_destroy,
1626 .alloc_req = scsi_new_request,
1627 .unit_attention_reported = scsi_disk_unit_attention_reported,
1628 .qdev.props = (Property[]) {
1629 DEFINE_SCSI_DISK_PROPERTIES(),
1630 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1631 DEFINE_PROP_END_OF_LIST(),
1632 }
1633 },{
1634 .qdev.name = "scsi-cd",
1635 .qdev.fw_name = "disk",
1636 .qdev.desc = "virtual SCSI CD-ROM",
1637 .qdev.size = sizeof(SCSIDiskState),
1638 .qdev.reset = scsi_disk_reset,
1639 .init = scsi_cd_initfn,
1640 .destroy = scsi_destroy,
1641 .alloc_req = scsi_new_request,
1642 .unit_attention_reported = scsi_disk_unit_attention_reported,
1643 .qdev.props = (Property[]) {
1644 DEFINE_SCSI_DISK_PROPERTIES(),
1645 DEFINE_PROP_END_OF_LIST(),
1646 },
1647 },{
1648 .qdev.name = "scsi-disk", /* legacy -device scsi-disk */
1649 .qdev.fw_name = "disk",
1650 .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)",
1651 .qdev.size = sizeof(SCSIDiskState),
1652 .qdev.reset = scsi_disk_reset,
1653 .init = scsi_disk_initfn,
1654 .destroy = scsi_destroy,
1655 .alloc_req = scsi_new_request,
1656 .unit_attention_reported = scsi_disk_unit_attention_reported,
1657 .qdev.props = (Property[]) {
1658 DEFINE_SCSI_DISK_PROPERTIES(),
1659 DEFINE_PROP_BIT("removable", SCSIDiskState, removable, 0, false),
1660 DEFINE_PROP_END_OF_LIST(),
1661 }
1662 }
1663 };
1664
1665 static void scsi_disk_register_devices(void)
1666 {
1667 int i;
1668
1669 for (i = 0; i < ARRAY_SIZE(scsi_disk_info); i++) {
1670 scsi_qdev_register(&scsi_disk_info[i]);
1671 }
1672 }
1673 device_init(scsi_disk_register_devices)
Qemu copy for testing