]> git.proxmox.com Git - qemu.git/blob - hw/scsi-disk.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Rename DriveInfo.onerror to on_write_error
[qemu.git] / hw / scsi-disk.c
1 /*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
8 *
9 * This code is licenced under the LGPL.
10 *
11 * Note that this file only handles the SCSI architecture model and device
12 * commands. Emulation of interface/link layer protocols is handled by
13 * the host adapter emulator.
14 */
15
16 #include <qemu-common.h>
17 #include <sysemu.h>
18 //#define DEBUG_SCSI
19
20 #ifdef DEBUG_SCSI
21 #define DPRINTF(fmt, ...) \
22 do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #endif
26
27 #define BADF(fmt, ...) \
28 do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
29
30 #include "qemu-common.h"
31 #include "block.h"
32 #include "scsi.h"
33 #include "scsi-defs.h"
34
35 #define SCSI_DMA_BUF_SIZE 131072
36 #define SCSI_MAX_INQUIRY_LEN 256
37
38 #define SCSI_REQ_STATUS_RETRY 0x01
39
40 typedef struct SCSIDiskState SCSIDiskState;
41
42 typedef struct SCSIDiskReq {
43 SCSIRequest req;
44 /* ??? We should probably keep track of whether the data transfer is
45 a read or a write. Currently we rely on the host getting it right. */
46 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
47 uint64_t sector;
48 uint32_t sector_count;
49 struct iovec iov;
50 QEMUIOVector qiov;
51 uint32_t status;
52 } SCSIDiskReq;
53
54 struct SCSIDiskState
55 {
56 SCSIDevice qdev;
57 /* The qemu block layer uses a fixed 512 byte sector size.
58 This is the number of 512 byte blocks in a single scsi sector. */
59 int cluster_size;
60 uint64_t max_lba;
61 QEMUBH *bh;
62 };
63
64 static SCSIDiskReq *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun)
65 {
66 SCSIRequest *req;
67 SCSIDiskReq *r;
68
69 req = scsi_req_alloc(sizeof(SCSIDiskReq), d, tag, lun);
70 r = DO_UPCAST(SCSIDiskReq, req, req);
71 r->iov.iov_base = qemu_memalign(512, SCSI_DMA_BUF_SIZE);
72 return r;
73 }
74
75 static void scsi_remove_request(SCSIDiskReq *r)
76 {
77 qemu_free(r->iov.iov_base);
78 scsi_req_free(&r->req);
79 }
80
81 static SCSIDiskReq *scsi_find_request(SCSIDiskState *s, uint32_t tag)
82 {
83 return DO_UPCAST(SCSIDiskReq, req, scsi_req_find(&s->qdev, tag));
84 }
85
86 static void scsi_req_set_status(SCSIRequest *req, int status, int sense_code)
87 {
88 req->status = status;
89 scsi_dev_set_sense(req->dev, sense_code);
90 }
91
92 /* Helper function for command completion. */
93 static void scsi_command_complete(SCSIDiskReq *r, int status, int sense)
94 {
95 DPRINTF("Command complete tag=0x%x status=%d sense=%d\n",
96 r->req.tag, status, sense);
97 scsi_req_set_status(&r->req, status, sense);
98 scsi_req_complete(&r->req);
99 scsi_remove_request(r);
100 }
101
102 /* Cancel a pending data transfer. */
103 static void scsi_cancel_io(SCSIDevice *d, uint32_t tag)
104 {
105 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
106 SCSIDiskReq *r;
107 DPRINTF("Cancel tag=0x%x\n", tag);
108 r = scsi_find_request(s, tag);
109 if (r) {
110 if (r->req.aiocb)
111 bdrv_aio_cancel(r->req.aiocb);
112 r->req.aiocb = NULL;
113 scsi_remove_request(r);
114 }
115 }
116
117 static void scsi_read_complete(void * opaque, int ret)
118 {
119 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
120
121 if (ret) {
122 DPRINTF("IO error\n");
123 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, 0);
124 scsi_command_complete(r, CHECK_CONDITION, NO_SENSE);
125 return;
126 }
127 DPRINTF("Data ready tag=0x%x len=%" PRId64 "\n", r->req.tag, r->iov.iov_len);
128
129 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
130 }
131
132 /* Read more data from scsi device into buffer. */
133 static void scsi_read_data(SCSIDevice *d, uint32_t tag)
134 {
135 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
136 SCSIDiskReq *r;
137 uint32_t n;
138
139 r = scsi_find_request(s, tag);
140 if (!r) {
141 BADF("Bad read tag 0x%x\n", tag);
142 /* ??? This is the wrong error. */
143 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
144 return;
145 }
146 if (r->sector_count == (uint32_t)-1) {
147 DPRINTF("Read buf_len=%" PRId64 "\n", r->iov.iov_len);
148 r->sector_count = 0;
149 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, r->iov.iov_len);
150 return;
151 }
152 DPRINTF("Read sector_count=%d\n", r->sector_count);
153 if (r->sector_count == 0) {
154 scsi_command_complete(r, GOOD, NO_SENSE);
155 return;
156 }
157
158 n = r->sector_count;
159 if (n > SCSI_DMA_BUF_SIZE / 512)
160 n = SCSI_DMA_BUF_SIZE / 512;
161
162 r->iov.iov_len = n * 512;
163 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
164 r->req.aiocb = bdrv_aio_readv(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
165 scsi_read_complete, r);
166 if (r->req.aiocb == NULL)
167 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
168 r->sector += n;
169 r->sector_count -= n;
170 }
171
172 static int scsi_handle_write_error(SCSIDiskReq *r, int error)
173 {
174 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
175 BlockInterfaceErrorAction action =
176 drive_get_on_error(s->qdev.dinfo->bdrv, 0);
177
178 if (action == BLOCK_ERR_IGNORE)
179 return 0;
180
181 if ((error == ENOSPC && action == BLOCK_ERR_STOP_ENOSPC)
182 || action == BLOCK_ERR_STOP_ANY) {
183 r->status |= SCSI_REQ_STATUS_RETRY;
184 vm_stop(0);
185 } else {
186 scsi_command_complete(r, CHECK_CONDITION,
187 HARDWARE_ERROR);
188 }
189
190 return 1;
191 }
192
193 static void scsi_write_complete(void * opaque, int ret)
194 {
195 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
196 uint32_t len;
197 uint32_t n;
198
199 r->req.aiocb = NULL;
200
201 if (ret) {
202 if (scsi_handle_write_error(r, -ret))
203 return;
204 }
205
206 n = r->iov.iov_len / 512;
207 r->sector += n;
208 r->sector_count -= n;
209 if (r->sector_count == 0) {
210 scsi_command_complete(r, GOOD, NO_SENSE);
211 } else {
212 len = r->sector_count * 512;
213 if (len > SCSI_DMA_BUF_SIZE) {
214 len = SCSI_DMA_BUF_SIZE;
215 }
216 r->iov.iov_len = len;
217 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, len);
218 r->req.bus->complete(r->req.bus, SCSI_REASON_DATA, r->req.tag, len);
219 }
220 }
221
222 static void scsi_write_request(SCSIDiskReq *r)
223 {
224 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
225 uint32_t n;
226
227 n = r->iov.iov_len / 512;
228 if (n) {
229 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
230 r->req.aiocb = bdrv_aio_writev(s->qdev.dinfo->bdrv, r->sector, &r->qiov, n,
231 scsi_write_complete, r);
232 if (r->req.aiocb == NULL)
233 scsi_command_complete(r, CHECK_CONDITION,
234 HARDWARE_ERROR);
235 } else {
236 /* Invoke completion routine to fetch data from host. */
237 scsi_write_complete(r, 0);
238 }
239 }
240
241 /* Write data to a scsi device. Returns nonzero on failure.
242 The transfer may complete asynchronously. */
243 static int scsi_write_data(SCSIDevice *d, uint32_t tag)
244 {
245 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
246 SCSIDiskReq *r;
247
248 DPRINTF("Write data tag=0x%x\n", tag);
249 r = scsi_find_request(s, tag);
250 if (!r) {
251 BADF("Bad write tag 0x%x\n", tag);
252 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
253 return 1;
254 }
255
256 if (r->req.aiocb)
257 BADF("Data transfer already in progress\n");
258
259 scsi_write_request(r);
260
261 return 0;
262 }
263
264 static void scsi_dma_restart_bh(void *opaque)
265 {
266 SCSIDiskState *s = opaque;
267 SCSIRequest *req;
268 SCSIDiskReq *r;
269
270 qemu_bh_delete(s->bh);
271 s->bh = NULL;
272
273 QTAILQ_FOREACH(req, &s->qdev.requests, next) {
274 r = DO_UPCAST(SCSIDiskReq, req, req);
275 if (r->status & SCSI_REQ_STATUS_RETRY) {
276 r->status &= ~SCSI_REQ_STATUS_RETRY;
277 scsi_write_request(r);
278 }
279 }
280 }
281
282 static void scsi_dma_restart_cb(void *opaque, int running, int reason)
283 {
284 SCSIDiskState *s = opaque;
285
286 if (!running)
287 return;
288
289 if (!s->bh) {
290 s->bh = qemu_bh_new(scsi_dma_restart_bh, s);
291 qemu_bh_schedule(s->bh);
292 }
293 }
294
295 /* Return a pointer to the data buffer. */
296 static uint8_t *scsi_get_buf(SCSIDevice *d, uint32_t tag)
297 {
298 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
299 SCSIDiskReq *r;
300
301 r = scsi_find_request(s, tag);
302 if (!r) {
303 BADF("Bad buffer tag 0x%x\n", tag);
304 return NULL;
305 }
306 return (uint8_t *)r->iov.iov_base;
307 }
308
309 static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
310 {
311 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
312 int buflen = 0;
313
314 if (req->cmd.buf[1] & 0x2) {
315 /* Command support data - optional, not implemented */
316 BADF("optional INQUIRY command support request not implemented\n");
317 return -1;
318 }
319
320 if (req->cmd.buf[1] & 0x1) {
321 /* Vital product data */
322 uint8_t page_code = req->cmd.buf[2];
323 if (req->cmd.xfer < 4) {
324 BADF("Error: Inquiry (EVPD[%02X]) buffer size %zd is "
325 "less than 4\n", page_code, req->cmd.xfer);
326 return -1;
327 }
328
329 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
330 outbuf[buflen++] = 5;
331 } else {
332 outbuf[buflen++] = 0;
333 }
334 outbuf[buflen++] = page_code ; // this page
335 outbuf[buflen++] = 0x00;
336
337 switch (page_code) {
338 case 0x00: /* Supported page codes, mandatory */
339 DPRINTF("Inquiry EVPD[Supported pages] "
340 "buffer size %zd\n", req->cmd.xfer);
341 outbuf[buflen++] = 3; // number of pages
342 outbuf[buflen++] = 0x00; // list of supported pages (this page)
343 outbuf[buflen++] = 0x80; // unit serial number
344 outbuf[buflen++] = 0x83; // device identification
345 break;
346
347 case 0x80: /* Device serial number, optional */
348 {
349 const char *serial = req->dev->dinfo->serial ?: "0";
350 int l = strlen(serial);
351
352 if (l > req->cmd.xfer)
353 l = req->cmd.xfer;
354 if (l > 20)
355 l = 20;
356
357 DPRINTF("Inquiry EVPD[Serial number] "
358 "buffer size %zd\n", req->cmd.xfer);
359 outbuf[buflen++] = l;
360 memcpy(outbuf+buflen, serial, l);
361 buflen += l;
362 break;
363 }
364
365 case 0x83: /* Device identification page, mandatory */
366 {
367 int max_len = 255 - 8;
368 int id_len = strlen(bdrv_get_device_name(bdrv));
369
370 if (id_len > max_len)
371 id_len = max_len;
372 DPRINTF("Inquiry EVPD[Device identification] "
373 "buffer size %zd\n", req->cmd.xfer);
374
375 outbuf[buflen++] = 3 + id_len;
376 outbuf[buflen++] = 0x2; // ASCII
377 outbuf[buflen++] = 0; // not officially assigned
378 outbuf[buflen++] = 0; // reserved
379 outbuf[buflen++] = id_len; // length of data following
380
381 memcpy(outbuf+buflen, bdrv_get_device_name(bdrv), id_len);
382 buflen += id_len;
383 break;
384 }
385 default:
386 BADF("Error: unsupported Inquiry (EVPD[%02X]) "
387 "buffer size %zd\n", page_code, req->cmd.xfer);
388 return -1;
389 }
390 /* done with EVPD */
391 return buflen;
392 }
393
394 /* Standard INQUIRY data */
395 if (req->cmd.buf[2] != 0) {
396 BADF("Error: Inquiry (STANDARD) page or code "
397 "is non-zero [%02X]\n", req->cmd.buf[2]);
398 return -1;
399 }
400
401 /* PAGE CODE == 0 */
402 if (req->cmd.xfer < 5) {
403 BADF("Error: Inquiry (STANDARD) buffer size %zd "
404 "is less than 5\n", req->cmd.xfer);
405 return -1;
406 }
407
408 if (req->cmd.xfer < 36) {
409 BADF("Error: Inquiry (STANDARD) buffer size %zd "
410 "is less than 36 (TODO: only 5 required)\n", req->cmd.xfer);
411 }
412
413 buflen = req->cmd.xfer;
414 if (buflen > SCSI_MAX_INQUIRY_LEN)
415 buflen = SCSI_MAX_INQUIRY_LEN;
416
417 memset(outbuf, 0, buflen);
418
419 if (req->lun || req->cmd.buf[1] >> 5) {
420 outbuf[0] = 0x7f; /* LUN not supported */
421 return buflen;
422 }
423
424 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM) {
425 outbuf[0] = 5;
426 outbuf[1] = 0x80;
427 memcpy(&outbuf[16], "QEMU CD-ROM ", 16);
428 } else {
429 outbuf[0] = 0;
430 memcpy(&outbuf[16], "QEMU HARDDISK ", 16);
431 }
432 memcpy(&outbuf[8], "QEMU ", 8);
433 memcpy(&outbuf[32], QEMU_VERSION, 4);
434 /* Identify device as SCSI-3 rev 1.
435 Some later commands are also implemented. */
436 outbuf[2] = 3;
437 outbuf[3] = 2; /* Format 2 */
438 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
439 /* Sync data transfer and TCQ. */
440 outbuf[7] = 0x10 | (req->bus->tcq ? 0x02 : 0);
441 return buflen;
442 }
443
444 static int mode_sense_page(SCSIRequest *req, int page, uint8_t *p)
445 {
446 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
447 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
448 int cylinders, heads, secs;
449
450 switch (page) {
451 case 4: /* Rigid disk device geometry page. */
452 p[0] = 4;
453 p[1] = 0x16;
454 /* if a geometry hint is available, use it */
455 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
456 p[2] = (cylinders >> 16) & 0xff;
457 p[3] = (cylinders >> 8) & 0xff;
458 p[4] = cylinders & 0xff;
459 p[5] = heads & 0xff;
460 /* Write precomp start cylinder, disabled */
461 p[6] = (cylinders >> 16) & 0xff;
462 p[7] = (cylinders >> 8) & 0xff;
463 p[8] = cylinders & 0xff;
464 /* Reduced current start cylinder, disabled */
465 p[9] = (cylinders >> 16) & 0xff;
466 p[10] = (cylinders >> 8) & 0xff;
467 p[11] = cylinders & 0xff;
468 /* Device step rate [ns], 200ns */
469 p[12] = 0;
470 p[13] = 200;
471 /* Landing zone cylinder */
472 p[14] = 0xff;
473 p[15] = 0xff;
474 p[16] = 0xff;
475 /* Medium rotation rate [rpm], 5400 rpm */
476 p[20] = (5400 >> 8) & 0xff;
477 p[21] = 5400 & 0xff;
478 return 0x16;
479
480 case 5: /* Flexible disk device geometry page. */
481 p[0] = 5;
482 p[1] = 0x1e;
483 /* Transfer rate [kbit/s], 5Mbit/s */
484 p[2] = 5000 >> 8;
485 p[3] = 5000 & 0xff;
486 /* if a geometry hint is available, use it */
487 bdrv_get_geometry_hint(bdrv, &cylinders, &heads, &secs);
488 p[4] = heads & 0xff;
489 p[5] = secs & 0xff;
490 p[6] = s->cluster_size * 2;
491 p[8] = (cylinders >> 8) & 0xff;
492 p[9] = cylinders & 0xff;
493 /* Write precomp start cylinder, disabled */
494 p[10] = (cylinders >> 8) & 0xff;
495 p[11] = cylinders & 0xff;
496 /* Reduced current start cylinder, disabled */
497 p[12] = (cylinders >> 8) & 0xff;
498 p[13] = cylinders & 0xff;
499 /* Device step rate [100us], 100us */
500 p[14] = 0;
501 p[15] = 1;
502 /* Device step pulse width [us], 1us */
503 p[16] = 1;
504 /* Device head settle delay [100us], 100us */
505 p[17] = 0;
506 p[18] = 1;
507 /* Motor on delay [0.1s], 0.1s */
508 p[19] = 1;
509 /* Motor off delay [0.1s], 0.1s */
510 p[20] = 1;
511 /* Medium rotation rate [rpm], 5400 rpm */
512 p[28] = (5400 >> 8) & 0xff;
513 p[29] = 5400 & 0xff;
514 return 0x1e;
515
516 case 8: /* Caching page. */
517 p[0] = 8;
518 p[1] = 0x12;
519 if (bdrv_enable_write_cache(s->qdev.dinfo->bdrv)) {
520 p[2] = 4; /* WCE */
521 }
522 return 20;
523
524 case 0x2a: /* CD Capabilities and Mechanical Status page. */
525 if (bdrv_get_type_hint(bdrv) != BDRV_TYPE_CDROM)
526 return 0;
527 p[0] = 0x2a;
528 p[1] = 0x14;
529 p[2] = 3; // CD-R & CD-RW read
530 p[3] = 0; // Writing not supported
531 p[4] = 0x7f; /* Audio, composite, digital out,
532 mode 2 form 1&2, multi session */
533 p[5] = 0xff; /* CD DA, DA accurate, RW supported,
534 RW corrected, C2 errors, ISRC,
535 UPC, Bar code */
536 p[6] = 0x2d | (bdrv_is_locked(s->qdev.dinfo->bdrv)? 2 : 0);
537 /* Locking supported, jumper present, eject, tray */
538 p[7] = 0; /* no volume & mute control, no
539 changer */
540 p[8] = (50 * 176) >> 8; // 50x read speed
541 p[9] = (50 * 176) & 0xff;
542 p[10] = 0 >> 8; // No volume
543 p[11] = 0 & 0xff;
544 p[12] = 2048 >> 8; // 2M buffer
545 p[13] = 2048 & 0xff;
546 p[14] = (16 * 176) >> 8; // 16x read speed current
547 p[15] = (16 * 176) & 0xff;
548 p[18] = (16 * 176) >> 8; // 16x write speed
549 p[19] = (16 * 176) & 0xff;
550 p[20] = (16 * 176) >> 8; // 16x write speed current
551 p[21] = (16 * 176) & 0xff;
552 return 22;
553
554 default:
555 return 0;
556 }
557 }
558
559 static int scsi_disk_emulate_mode_sense(SCSIRequest *req, uint8_t *outbuf)
560 {
561 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
562 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
563 uint64_t nb_sectors;
564 int page, dbd, buflen;
565 uint8_t *p;
566
567 dbd = req->cmd.buf[1] & 0x8;
568 page = req->cmd.buf[2] & 0x3f;
569 DPRINTF("Mode Sense (page %d, len %zd)\n", page, req->cmd.xfer);
570 memset(outbuf, 0, req->cmd.xfer);
571 p = outbuf;
572
573 p[1] = 0; /* Default media type. */
574 p[3] = 0; /* Block descriptor length. */
575 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM ||
576 bdrv_is_read_only(bdrv)) {
577 p[2] = 0x80; /* Readonly. */
578 }
579 p += 4;
580
581 bdrv_get_geometry(bdrv, &nb_sectors);
582 if ((~dbd) & nb_sectors) {
583 outbuf[3] = 8; /* Block descriptor length */
584 nb_sectors /= s->cluster_size;
585 nb_sectors--;
586 if (nb_sectors > 0xffffff)
587 nb_sectors = 0xffffff;
588 p[0] = 0; /* media density code */
589 p[1] = (nb_sectors >> 16) & 0xff;
590 p[2] = (nb_sectors >> 8) & 0xff;
591 p[3] = nb_sectors & 0xff;
592 p[4] = 0; /* reserved */
593 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
594 p[6] = s->cluster_size * 2;
595 p[7] = 0;
596 p += 8;
597 }
598
599 switch (page) {
600 case 0x04:
601 case 0x05:
602 case 0x08:
603 case 0x2a:
604 p += mode_sense_page(req, page, p);
605 break;
606 case 0x3f:
607 p += mode_sense_page(req, 0x08, p);
608 p += mode_sense_page(req, 0x2a, p);
609 break;
610 }
611
612 buflen = p - outbuf;
613 outbuf[0] = buflen - 4;
614 if (buflen > req->cmd.xfer)
615 buflen = req->cmd.xfer;
616 return buflen;
617 }
618
619 static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
620 {
621 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
622 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
623 int start_track, format, msf, toclen;
624 uint64_t nb_sectors;
625
626 msf = req->cmd.buf[1] & 2;
627 format = req->cmd.buf[2] & 0xf;
628 start_track = req->cmd.buf[6];
629 bdrv_get_geometry(bdrv, &nb_sectors);
630 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
631 nb_sectors /= s->cluster_size;
632 switch (format) {
633 case 0:
634 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
635 break;
636 case 1:
637 /* multi session : only a single session defined */
638 toclen = 12;
639 memset(outbuf, 0, 12);
640 outbuf[1] = 0x0a;
641 outbuf[2] = 0x01;
642 outbuf[3] = 0x01;
643 break;
644 case 2:
645 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
646 break;
647 default:
648 return -1;
649 }
650 if (toclen > req->cmd.xfer)
651 toclen = req->cmd.xfer;
652 return toclen;
653 }
654
655 static int scsi_disk_emulate_command(SCSIRequest *req, uint8_t *outbuf)
656 {
657 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
658 BlockDriverState *bdrv = req->dev->dinfo->bdrv;
659 uint64_t nb_sectors;
660 int buflen = 0;
661
662 switch (req->cmd.buf[0]) {
663 case TEST_UNIT_READY:
664 if (!bdrv_is_inserted(bdrv))
665 goto not_ready;
666 break;
667 case REQUEST_SENSE:
668 if (req->cmd.xfer < 4)
669 goto illegal_request;
670 memset(outbuf, 0, 4);
671 buflen = 4;
672 if (req->dev->sense.key == NOT_READY && req->cmd.xfer >= 18) {
673 memset(outbuf, 0, 18);
674 buflen = 18;
675 outbuf[7] = 10;
676 /* asc 0x3a, ascq 0: Medium not present */
677 outbuf[12] = 0x3a;
678 outbuf[13] = 0;
679 }
680 outbuf[0] = 0xf0;
681 outbuf[1] = 0;
682 outbuf[2] = req->dev->sense.key;
683 scsi_dev_clear_sense(req->dev);
684 break;
685 case INQUIRY:
686 buflen = scsi_disk_emulate_inquiry(req, outbuf);
687 if (buflen < 0)
688 goto illegal_request;
689 break;
690 case MODE_SENSE:
691 case MODE_SENSE_10:
692 buflen = scsi_disk_emulate_mode_sense(req, outbuf);
693 if (buflen < 0)
694 goto illegal_request;
695 break;
696 case READ_TOC:
697 buflen = scsi_disk_emulate_read_toc(req, outbuf);
698 if (buflen < 0)
699 goto illegal_request;
700 break;
701 case RESERVE:
702 if (req->cmd.buf[1] & 1)
703 goto illegal_request;
704 break;
705 case RESERVE_10:
706 if (req->cmd.buf[1] & 3)
707 goto illegal_request;
708 break;
709 case RELEASE:
710 if (req->cmd.buf[1] & 1)
711 goto illegal_request;
712 break;
713 case RELEASE_10:
714 if (req->cmd.buf[1] & 3)
715 goto illegal_request;
716 break;
717 case START_STOP:
718 if (bdrv_get_type_hint(bdrv) == BDRV_TYPE_CDROM && (req->cmd.buf[4] & 2)) {
719 /* load/eject medium */
720 bdrv_eject(bdrv, !(req->cmd.buf[4] & 1));
721 }
722 break;
723 case ALLOW_MEDIUM_REMOVAL:
724 bdrv_set_locked(bdrv, req->cmd.buf[4] & 1);
725 break;
726 case READ_CAPACITY:
727 /* The normal LEN field for this command is zero. */
728 memset(outbuf, 0, 8);
729 bdrv_get_geometry(bdrv, &nb_sectors);
730 if (!nb_sectors)
731 goto not_ready;
732 nb_sectors /= s->cluster_size;
733 /* Returned value is the address of the last sector. */
734 nb_sectors--;
735 /* Remember the new size for read/write sanity checking. */
736 s->max_lba = nb_sectors;
737 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
738 if (nb_sectors > UINT32_MAX)
739 nb_sectors = UINT32_MAX;
740 outbuf[0] = (nb_sectors >> 24) & 0xff;
741 outbuf[1] = (nb_sectors >> 16) & 0xff;
742 outbuf[2] = (nb_sectors >> 8) & 0xff;
743 outbuf[3] = nb_sectors & 0xff;
744 outbuf[4] = 0;
745 outbuf[5] = 0;
746 outbuf[6] = s->cluster_size * 2;
747 outbuf[7] = 0;
748 buflen = 8;
749 break;
750 case SYNCHRONIZE_CACHE:
751 bdrv_flush(bdrv);
752 break;
753 case GET_CONFIGURATION:
754 memset(outbuf, 0, 8);
755 /* ??? This should probably return much more information. For now
756 just return the basic header indicating the CD-ROM profile. */
757 outbuf[7] = 8; // CD-ROM
758 buflen = 8;
759 break;
760 case SERVICE_ACTION_IN:
761 /* Service Action In subcommands. */
762 if ((req->cmd.buf[1] & 31) == 0x10) {
763 DPRINTF("SAI READ CAPACITY(16)\n");
764 memset(outbuf, 0, req->cmd.xfer);
765 bdrv_get_geometry(bdrv, &nb_sectors);
766 if (!nb_sectors)
767 goto not_ready;
768 nb_sectors /= s->cluster_size;
769 /* Returned value is the address of the last sector. */
770 nb_sectors--;
771 /* Remember the new size for read/write sanity checking. */
772 s->max_lba = nb_sectors;
773 outbuf[0] = (nb_sectors >> 56) & 0xff;
774 outbuf[1] = (nb_sectors >> 48) & 0xff;
775 outbuf[2] = (nb_sectors >> 40) & 0xff;
776 outbuf[3] = (nb_sectors >> 32) & 0xff;
777 outbuf[4] = (nb_sectors >> 24) & 0xff;
778 outbuf[5] = (nb_sectors >> 16) & 0xff;
779 outbuf[6] = (nb_sectors >> 8) & 0xff;
780 outbuf[7] = nb_sectors & 0xff;
781 outbuf[8] = 0;
782 outbuf[9] = 0;
783 outbuf[10] = s->cluster_size * 2;
784 outbuf[11] = 0;
785 /* Protection, exponent and lowest lba field left blank. */
786 buflen = req->cmd.xfer;
787 break;
788 }
789 DPRINTF("Unsupported Service Action In\n");
790 goto illegal_request;
791 case REPORT_LUNS:
792 if (req->cmd.xfer < 16)
793 goto illegal_request;
794 memset(outbuf, 0, 16);
795 outbuf[3] = 8;
796 buflen = 16;
797 break;
798 case VERIFY:
799 break;
800 default:
801 goto illegal_request;
802 }
803 scsi_req_set_status(req, GOOD, NO_SENSE);
804 return buflen;
805
806 not_ready:
807 scsi_req_set_status(req, CHECK_CONDITION, NOT_READY);
808 return 0;
809
810 illegal_request:
811 scsi_req_set_status(req, CHECK_CONDITION, ILLEGAL_REQUEST);
812 return 0;
813 }
814
815 /* Execute a scsi command. Returns the length of the data expected by the
816 command. This will be Positive for data transfers from the device
817 (eg. disk reads), negative for transfers to the device (eg. disk writes),
818 and zero if the command does not transfer any data. */
819
820 static int32_t scsi_send_command(SCSIDevice *d, uint32_t tag,
821 uint8_t *buf, int lun)
822 {
823 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
824 uint64_t lba;
825 uint32_t len;
826 int cmdlen;
827 int is_write;
828 uint8_t command;
829 uint8_t *outbuf;
830 SCSIDiskReq *r;
831 int rc;
832
833 command = buf[0];
834 r = scsi_find_request(s, tag);
835 if (r) {
836 BADF("Tag 0x%x already in use\n", tag);
837 scsi_cancel_io(d, tag);
838 }
839 /* ??? Tags are not unique for different luns. We only implement a
840 single lun, so this should not matter. */
841 r = scsi_new_request(d, tag, lun);
842 outbuf = (uint8_t *)r->iov.iov_base;
843 is_write = 0;
844 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
845 switch (command >> 5) {
846 case 0:
847 lba = (uint64_t) buf[3] | ((uint64_t) buf[2] << 8) |
848 (((uint64_t) buf[1] & 0x1f) << 16);
849 len = buf[4];
850 cmdlen = 6;
851 break;
852 case 1:
853 case 2:
854 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
855 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
856 len = buf[8] | (buf[7] << 8);
857 cmdlen = 10;
858 break;
859 case 4:
860 lba = (uint64_t) buf[9] | ((uint64_t) buf[8] << 8) |
861 ((uint64_t) buf[7] << 16) | ((uint64_t) buf[6] << 24) |
862 ((uint64_t) buf[5] << 32) | ((uint64_t) buf[4] << 40) |
863 ((uint64_t) buf[3] << 48) | ((uint64_t) buf[2] << 56);
864 len = buf[13] | (buf[12] << 8) | (buf[11] << 16) | (buf[10] << 24);
865 cmdlen = 16;
866 break;
867 case 5:
868 lba = (uint64_t) buf[5] | ((uint64_t) buf[4] << 8) |
869 ((uint64_t) buf[3] << 16) | ((uint64_t) buf[2] << 24);
870 len = buf[9] | (buf[8] << 8) | (buf[7] << 16) | (buf[6] << 24);
871 cmdlen = 12;
872 break;
873 default:
874 BADF("Unsupported command length, command %x\n", command);
875 goto fail;
876 }
877 #ifdef DEBUG_SCSI
878 {
879 int i;
880 for (i = 1; i < cmdlen; i++) {
881 printf(" 0x%02x", buf[i]);
882 }
883 printf("\n");
884 }
885 #endif
886
887 if (scsi_req_parse(&r->req, buf) != 0) {
888 BADF("Unsupported command length, command %x\n", command);
889 goto fail;
890 }
891 assert(r->req.cmd.len == cmdlen);
892 assert(r->req.cmd.lba == lba);
893
894 if (lun || buf[1] >> 5) {
895 /* Only LUN 0 supported. */
896 DPRINTF("Unimplemented LUN %d\n", lun ? lun : buf[1] >> 5);
897 if (command != REQUEST_SENSE && command != INQUIRY)
898 goto fail;
899 }
900 switch (command) {
901 case TEST_UNIT_READY:
902 case REQUEST_SENSE:
903 case INQUIRY:
904 case MODE_SENSE:
905 case MODE_SENSE_10:
906 case RESERVE:
907 case RESERVE_10:
908 case RELEASE:
909 case RELEASE_10:
910 case START_STOP:
911 case ALLOW_MEDIUM_REMOVAL:
912 case READ_CAPACITY:
913 case SYNCHRONIZE_CACHE:
914 case READ_TOC:
915 case GET_CONFIGURATION:
916 case SERVICE_ACTION_IN:
917 case REPORT_LUNS:
918 case VERIFY:
919 rc = scsi_disk_emulate_command(&r->req, outbuf);
920 if (rc > 0) {
921 r->iov.iov_len = rc;
922 } else {
923 scsi_req_complete(&r->req);
924 scsi_remove_request(r);
925 return 0;
926 }
927 break;
928 case READ_6:
929 case READ_10:
930 case READ_12:
931 case READ_16:
932 DPRINTF("Read (sector %" PRId64 ", count %d)\n", lba, len);
933 if (lba > s->max_lba)
934 goto illegal_lba;
935 r->sector = lba * s->cluster_size;
936 r->sector_count = len * s->cluster_size;
937 break;
938 case WRITE_6:
939 case WRITE_10:
940 case WRITE_12:
941 case WRITE_16:
942 DPRINTF("Write (sector %" PRId64 ", count %d)\n", lba, len);
943 if (lba > s->max_lba)
944 goto illegal_lba;
945 r->sector = lba * s->cluster_size;
946 r->sector_count = len * s->cluster_size;
947 is_write = 1;
948 break;
949 default:
950 DPRINTF("Unknown SCSI command (%2.2x)\n", buf[0]);
951 fail:
952 scsi_command_complete(r, CHECK_CONDITION, ILLEGAL_REQUEST);
953 return 0;
954 illegal_lba:
955 scsi_command_complete(r, CHECK_CONDITION, HARDWARE_ERROR);
956 return 0;
957 }
958 if (r->sector_count == 0 && r->iov.iov_len == 0) {
959 scsi_command_complete(r, GOOD, NO_SENSE);
960 }
961 len = r->sector_count * 512 + r->iov.iov_len;
962 if (is_write) {
963 return -len;
964 } else {
965 if (!r->sector_count)
966 r->sector_count = -1;
967 return len;
968 }
969 }
970
971 static void scsi_destroy(SCSIDevice *dev)
972 {
973 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
974 SCSIDiskReq *r;
975
976 while (!QTAILQ_EMPTY(&s->qdev.requests)) {
977 r = DO_UPCAST(SCSIDiskReq, req, QTAILQ_FIRST(&s->qdev.requests));
978 scsi_remove_request(r);
979 }
980 drive_uninit(s->qdev.dinfo);
981 }
982
983 static int scsi_disk_initfn(SCSIDevice *dev)
984 {
985 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
986 uint64_t nb_sectors;
987
988 if (!s->qdev.dinfo || !s->qdev.dinfo->bdrv) {
989 qemu_error("scsi-disk: drive property not set\n");
990 return -1;
991 }
992
993 if (bdrv_get_type_hint(s->qdev.dinfo->bdrv) == BDRV_TYPE_CDROM) {
994 s->cluster_size = 4;
995 } else {
996 s->cluster_size = 1;
997 }
998 s->qdev.blocksize = 512 * s->cluster_size;
999 s->qdev.type = TYPE_DISK;
1000 bdrv_get_geometry(s->qdev.dinfo->bdrv, &nb_sectors);
1001 nb_sectors /= s->cluster_size;
1002 if (nb_sectors)
1003 nb_sectors--;
1004 s->max_lba = nb_sectors;
1005 qemu_add_vm_change_state_handler(scsi_dma_restart_cb, s);
1006 return 0;
1007 }
1008
1009 static SCSIDeviceInfo scsi_disk_info = {
1010 .qdev.name = "scsi-disk",
1011 .qdev.desc = "virtual scsi disk or cdrom",
1012 .qdev.size = sizeof(SCSIDiskState),
1013 .init = scsi_disk_initfn,
1014 .destroy = scsi_destroy,
1015 .send_command = scsi_send_command,
1016 .read_data = scsi_read_data,
1017 .write_data = scsi_write_data,
1018 .cancel_io = scsi_cancel_io,
1019 .get_buf = scsi_get_buf,
1020 .qdev.props = (Property[]) {
1021 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.dinfo),
1022 DEFINE_PROP_END_OF_LIST(),
1023 },
1024 };
1025
1026 static void scsi_disk_register_devices(void)
1027 {
1028 scsi_qdev_register(&scsi_disk_info);
1029 }
1030 device_init(scsi_disk_register_devices)
Qemu copy for testing