]> git.proxmox.com Git - qemu.git/blob - hw/usb-msd.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
qdev/scsi: add scsi bus support to qdev, convert drivers.
[qemu.git] / hw / usb-msd.c
1 /*
2 * USB Mass Storage Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
6 *
7 * This code is licenced under the LGPL.
8 */
9
10 #include "qemu-common.h"
11 #include "usb.h"
12 #include "block.h"
13 #include "scsi-disk.h"
14 #include "console.h"
15
16 //#define DEBUG_MSD
17
18 #ifdef DEBUG_MSD
19 #define DPRINTF(fmt, ...) \
20 do { printf("usb-msd: " fmt , ## __VA_ARGS__); } while (0)
21 #else
22 #define DPRINTF(fmt, ...) do {} while(0)
23 #endif
24
25 /* USB requests. */
26 #define MassStorageReset 0xff
27 #define GetMaxLun 0xfe
28
29 enum USBMSDMode {
30 USB_MSDM_CBW, /* Command Block. */
31 USB_MSDM_DATAOUT, /* Tranfer data to device. */
32 USB_MSDM_DATAIN, /* Transfer data from device. */
33 USB_MSDM_CSW /* Command Status. */
34 };
35
36 typedef struct {
37 USBDevice dev;
38 enum USBMSDMode mode;
39 uint32_t scsi_len;
40 uint8_t *scsi_buf;
41 uint32_t usb_len;
42 uint8_t *usb_buf;
43 uint32_t data_len;
44 uint32_t residue;
45 uint32_t tag;
46 BlockDriverState *bs;
47 SCSIBus *bus;
48 SCSIDevice *scsi_dev;
49 int result;
50 /* For async completion. */
51 USBPacket *packet;
52 } MSDState;
53
54 struct usb_msd_cbw {
55 uint32_t sig;
56 uint32_t tag;
57 uint32_t data_len;
58 uint8_t flags;
59 uint8_t lun;
60 uint8_t cmd_len;
61 uint8_t cmd[16];
62 };
63
64 struct usb_msd_csw {
65 uint32_t sig;
66 uint32_t tag;
67 uint32_t residue;
68 uint8_t status;
69 };
70
71 static const uint8_t qemu_msd_dev_descriptor[] = {
72 0x12, /* u8 bLength; */
73 0x01, /* u8 bDescriptorType; Device */
74 0x00, 0x01, /* u16 bcdUSB; v1.0 */
75
76 0x00, /* u8 bDeviceClass; */
77 0x00, /* u8 bDeviceSubClass; */
78 0x00, /* u8 bDeviceProtocol; [ low/full speeds only ] */
79 0x08, /* u8 bMaxPacketSize0; 8 Bytes */
80
81 /* Vendor and product id are arbitrary. */
82 0x00, 0x00, /* u16 idVendor; */
83 0x00, 0x00, /* u16 idProduct; */
84 0x00, 0x00, /* u16 bcdDevice */
85
86 0x01, /* u8 iManufacturer; */
87 0x02, /* u8 iProduct; */
88 0x03, /* u8 iSerialNumber; */
89 0x01 /* u8 bNumConfigurations; */
90 };
91
92 static const uint8_t qemu_msd_config_descriptor[] = {
93
94 /* one configuration */
95 0x09, /* u8 bLength; */
96 0x02, /* u8 bDescriptorType; Configuration */
97 0x20, 0x00, /* u16 wTotalLength; */
98 0x01, /* u8 bNumInterfaces; (1) */
99 0x01, /* u8 bConfigurationValue; */
100 0x00, /* u8 iConfiguration; */
101 0xc0, /* u8 bmAttributes;
102 Bit 7: must be set,
103 6: Self-powered,
104 5: Remote wakeup,
105 4..0: resvd */
106 0x00, /* u8 MaxPower; */
107
108 /* one interface */
109 0x09, /* u8 if_bLength; */
110 0x04, /* u8 if_bDescriptorType; Interface */
111 0x00, /* u8 if_bInterfaceNumber; */
112 0x00, /* u8 if_bAlternateSetting; */
113 0x02, /* u8 if_bNumEndpoints; */
114 0x08, /* u8 if_bInterfaceClass; MASS STORAGE */
115 0x06, /* u8 if_bInterfaceSubClass; SCSI */
116 0x50, /* u8 if_bInterfaceProtocol; Bulk Only */
117 0x00, /* u8 if_iInterface; */
118
119 /* Bulk-In endpoint */
120 0x07, /* u8 ep_bLength; */
121 0x05, /* u8 ep_bDescriptorType; Endpoint */
122 0x81, /* u8 ep_bEndpointAddress; IN Endpoint 1 */
123 0x02, /* u8 ep_bmAttributes; Bulk */
124 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
125 0x00, /* u8 ep_bInterval; */
126
127 /* Bulk-Out endpoint */
128 0x07, /* u8 ep_bLength; */
129 0x05, /* u8 ep_bDescriptorType; Endpoint */
130 0x02, /* u8 ep_bEndpointAddress; OUT Endpoint 2 */
131 0x02, /* u8 ep_bmAttributes; Bulk */
132 0x40, 0x00, /* u16 ep_wMaxPacketSize; */
133 0x00 /* u8 ep_bInterval; */
134 };
135
136 static void usb_msd_copy_data(MSDState *s)
137 {
138 uint32_t len;
139 len = s->usb_len;
140 if (len > s->scsi_len)
141 len = s->scsi_len;
142 if (s->mode == USB_MSDM_DATAIN) {
143 memcpy(s->usb_buf, s->scsi_buf, len);
144 } else {
145 memcpy(s->scsi_buf, s->usb_buf, len);
146 }
147 s->usb_len -= len;
148 s->scsi_len -= len;
149 s->usb_buf += len;
150 s->scsi_buf += len;
151 s->data_len -= len;
152 if (s->scsi_len == 0) {
153 if (s->mode == USB_MSDM_DATAIN) {
154 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
155 } else if (s->mode == USB_MSDM_DATAOUT) {
156 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
157 }
158 }
159 }
160
161 static void usb_msd_send_status(MSDState *s)
162 {
163 struct usb_msd_csw csw;
164
165 csw.sig = cpu_to_le32(0x53425355);
166 csw.tag = cpu_to_le32(s->tag);
167 csw.residue = s->residue;
168 csw.status = s->result;
169 memcpy(s->usb_buf, &csw, 13);
170 }
171
172 static void usb_msd_command_complete(SCSIBus *bus, int reason, uint32_t tag,
173 uint32_t arg)
174 {
175 MSDState *s = DO_UPCAST(MSDState, dev.qdev, bus->qbus.parent);
176 USBPacket *p = s->packet;
177
178 if (tag != s->tag) {
179 fprintf(stderr, "usb-msd: Unexpected SCSI Tag 0x%x\n", tag);
180 }
181 if (reason == SCSI_REASON_DONE) {
182 DPRINTF("Command complete %d\n", arg);
183 s->residue = s->data_len;
184 s->result = arg != 0;
185 if (s->packet) {
186 if (s->data_len == 0 && s->mode == USB_MSDM_DATAOUT) {
187 /* A deferred packet with no write data remaining must be
188 the status read packet. */
189 usb_msd_send_status(s);
190 s->mode = USB_MSDM_CBW;
191 } else {
192 if (s->data_len) {
193 s->data_len -= s->usb_len;
194 if (s->mode == USB_MSDM_DATAIN)
195 memset(s->usb_buf, 0, s->usb_len);
196 s->usb_len = 0;
197 }
198 if (s->data_len == 0)
199 s->mode = USB_MSDM_CSW;
200 }
201 s->packet = NULL;
202 usb_packet_complete(p);
203 } else if (s->data_len == 0) {
204 s->mode = USB_MSDM_CSW;
205 }
206 return;
207 }
208 s->scsi_len = arg;
209 s->scsi_buf = s->scsi_dev->info->get_buf(s->scsi_dev, tag);
210 if (p) {
211 usb_msd_copy_data(s);
212 if (s->usb_len == 0) {
213 /* Set s->packet to NULL before calling usb_packet_complete
214 because annother request may be issued before
215 usb_packet_complete returns. */
216 DPRINTF("Packet complete %p\n", p);
217 s->packet = NULL;
218 usb_packet_complete(p);
219 }
220 }
221 }
222
223 static void usb_msd_handle_reset(USBDevice *dev)
224 {
225 MSDState *s = (MSDState *)dev;
226
227 DPRINTF("Reset\n");
228 s->mode = USB_MSDM_CBW;
229 }
230
231 static int usb_msd_handle_control(USBDevice *dev, int request, int value,
232 int index, int length, uint8_t *data)
233 {
234 MSDState *s = (MSDState *)dev;
235 int ret = 0;
236
237 switch (request) {
238 case DeviceRequest | USB_REQ_GET_STATUS:
239 data[0] = (1 << USB_DEVICE_SELF_POWERED) |
240 (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
241 data[1] = 0x00;
242 ret = 2;
243 break;
244 case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
245 if (value == USB_DEVICE_REMOTE_WAKEUP) {
246 dev->remote_wakeup = 0;
247 } else {
248 goto fail;
249 }
250 ret = 0;
251 break;
252 case DeviceOutRequest | USB_REQ_SET_FEATURE:
253 if (value == USB_DEVICE_REMOTE_WAKEUP) {
254 dev->remote_wakeup = 1;
255 } else {
256 goto fail;
257 }
258 ret = 0;
259 break;
260 case DeviceOutRequest | USB_REQ_SET_ADDRESS:
261 dev->addr = value;
262 ret = 0;
263 break;
264 case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
265 switch(value >> 8) {
266 case USB_DT_DEVICE:
267 memcpy(data, qemu_msd_dev_descriptor,
268 sizeof(qemu_msd_dev_descriptor));
269 ret = sizeof(qemu_msd_dev_descriptor);
270 break;
271 case USB_DT_CONFIG:
272 memcpy(data, qemu_msd_config_descriptor,
273 sizeof(qemu_msd_config_descriptor));
274 ret = sizeof(qemu_msd_config_descriptor);
275 break;
276 case USB_DT_STRING:
277 switch(value & 0xff) {
278 case 0:
279 /* language ids */
280 data[0] = 4;
281 data[1] = 3;
282 data[2] = 0x09;
283 data[3] = 0x04;
284 ret = 4;
285 break;
286 case 1:
287 /* vendor description */
288 ret = set_usb_string(data, "QEMU " QEMU_VERSION);
289 break;
290 case 2:
291 /* product description */
292 ret = set_usb_string(data, "QEMU USB HARDDRIVE");
293 break;
294 case 3:
295 /* serial number */
296 ret = set_usb_string(data, "1");
297 break;
298 default:
299 goto fail;
300 }
301 break;
302 default:
303 goto fail;
304 }
305 break;
306 case DeviceRequest | USB_REQ_GET_CONFIGURATION:
307 data[0] = 1;
308 ret = 1;
309 break;
310 case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
311 ret = 0;
312 break;
313 case DeviceRequest | USB_REQ_GET_INTERFACE:
314 data[0] = 0;
315 ret = 1;
316 break;
317 case DeviceOutRequest | USB_REQ_SET_INTERFACE:
318 ret = 0;
319 break;
320 case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
321 if (value == 0 && index != 0x81) { /* clear ep halt */
322 goto fail;
323 }
324 ret = 0;
325 break;
326 /* Class specific requests. */
327 case MassStorageReset:
328 /* Reset state ready for the next CBW. */
329 s->mode = USB_MSDM_CBW;
330 ret = 0;
331 break;
332 case GetMaxLun:
333 data[0] = 0;
334 ret = 1;
335 break;
336 default:
337 fail:
338 ret = USB_RET_STALL;
339 break;
340 }
341 return ret;
342 }
343
344 static void usb_msd_cancel_io(USBPacket *p, void *opaque)
345 {
346 MSDState *s = opaque;
347 s->scsi_dev->info->cancel_io(s->scsi_dev, s->tag);
348 s->packet = NULL;
349 s->scsi_len = 0;
350 }
351
352 static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
353 {
354 MSDState *s = (MSDState *)dev;
355 int ret = 0;
356 struct usb_msd_cbw cbw;
357 uint8_t devep = p->devep;
358 uint8_t *data = p->data;
359 int len = p->len;
360
361 switch (p->pid) {
362 case USB_TOKEN_OUT:
363 if (devep != 2)
364 goto fail;
365
366 switch (s->mode) {
367 case USB_MSDM_CBW:
368 if (len != 31) {
369 fprintf(stderr, "usb-msd: Bad CBW size");
370 goto fail;
371 }
372 memcpy(&cbw, data, 31);
373 if (le32_to_cpu(cbw.sig) != 0x43425355) {
374 fprintf(stderr, "usb-msd: Bad signature %08x\n",
375 le32_to_cpu(cbw.sig));
376 goto fail;
377 }
378 DPRINTF("Command on LUN %d\n", cbw.lun);
379 if (cbw.lun != 0) {
380 fprintf(stderr, "usb-msd: Bad LUN %d\n", cbw.lun);
381 goto fail;
382 }
383 s->tag = le32_to_cpu(cbw.tag);
384 s->data_len = le32_to_cpu(cbw.data_len);
385 if (s->data_len == 0) {
386 s->mode = USB_MSDM_CSW;
387 } else if (cbw.flags & 0x80) {
388 s->mode = USB_MSDM_DATAIN;
389 } else {
390 s->mode = USB_MSDM_DATAOUT;
391 }
392 DPRINTF("Command tag 0x%x flags %08x len %d data %d\n",
393 s->tag, cbw.flags, cbw.cmd_len, s->data_len);
394 s->residue = 0;
395 s->scsi_dev->info->send_command(s->scsi_dev, s->tag, cbw.cmd, 0);
396 /* ??? Should check that USB and SCSI data transfer
397 directions match. */
398 if (s->residue == 0) {
399 if (s->mode == USB_MSDM_DATAIN) {
400 s->scsi_dev->info->read_data(s->scsi_dev, s->tag);
401 } else if (s->mode == USB_MSDM_DATAOUT) {
402 s->scsi_dev->info->write_data(s->scsi_dev, s->tag);
403 }
404 }
405 ret = len;
406 break;
407
408 case USB_MSDM_DATAOUT:
409 DPRINTF("Data out %d/%d\n", len, s->data_len);
410 if (len > s->data_len)
411 goto fail;
412
413 s->usb_buf = data;
414 s->usb_len = len;
415 if (s->scsi_len) {
416 usb_msd_copy_data(s);
417 }
418 if (s->residue && s->usb_len) {
419 s->data_len -= s->usb_len;
420 if (s->data_len == 0)
421 s->mode = USB_MSDM_CSW;
422 s->usb_len = 0;
423 }
424 if (s->usb_len) {
425 DPRINTF("Deferring packet %p\n", p);
426 usb_defer_packet(p, usb_msd_cancel_io, s);
427 s->packet = p;
428 ret = USB_RET_ASYNC;
429 } else {
430 ret = len;
431 }
432 break;
433
434 default:
435 DPRINTF("Unexpected write (len %d)\n", len);
436 goto fail;
437 }
438 break;
439
440 case USB_TOKEN_IN:
441 if (devep != 1)
442 goto fail;
443
444 switch (s->mode) {
445 case USB_MSDM_DATAOUT:
446 if (s->data_len != 0 || len < 13)
447 goto fail;
448 /* Waiting for SCSI write to complete. */
449 usb_defer_packet(p, usb_msd_cancel_io, s);
450 s->packet = p;
451 ret = USB_RET_ASYNC;
452 break;
453
454 case USB_MSDM_CSW:
455 DPRINTF("Command status %d tag 0x%x, len %d\n",
456 s->result, s->tag, len);
457 if (len < 13)
458 goto fail;
459
460 s->usb_len = len;
461 s->usb_buf = data;
462 usb_msd_send_status(s);
463 s->mode = USB_MSDM_CBW;
464 ret = 13;
465 break;
466
467 case USB_MSDM_DATAIN:
468 DPRINTF("Data in %d/%d\n", len, s->data_len);
469 if (len > s->data_len)
470 len = s->data_len;
471 s->usb_buf = data;
472 s->usb_len = len;
473 if (s->scsi_len) {
474 usb_msd_copy_data(s);
475 }
476 if (s->residue && s->usb_len) {
477 s->data_len -= s->usb_len;
478 memset(s->usb_buf, 0, s->usb_len);
479 if (s->data_len == 0)
480 s->mode = USB_MSDM_CSW;
481 s->usb_len = 0;
482 }
483 if (s->usb_len) {
484 DPRINTF("Deferring packet %p\n", p);
485 usb_defer_packet(p, usb_msd_cancel_io, s);
486 s->packet = p;
487 ret = USB_RET_ASYNC;
488 } else {
489 ret = len;
490 }
491 break;
492
493 default:
494 DPRINTF("Unexpected read (len %d)\n", len);
495 goto fail;
496 }
497 break;
498
499 default:
500 DPRINTF("Bad token\n");
501 fail:
502 ret = USB_RET_STALL;
503 break;
504 }
505
506 return ret;
507 }
508
509 static void usb_msd_handle_destroy(USBDevice *dev)
510 {
511 MSDState *s = (MSDState *)dev;
512
513 s->scsi_dev->info->destroy(s->scsi_dev);
514 bdrv_delete(s->bs);
515 qemu_free(s);
516 }
517
518 static int usb_msd_initfn(USBDevice *dev)
519 {
520 MSDState *s = DO_UPCAST(MSDState, dev, dev);
521
522 s->dev.speed = USB_SPEED_FULL;
523 return 0;
524 }
525
526 USBDevice *usb_msd_init(const char *filename)
527 {
528 USBDevice *dev;
529 MSDState *s;
530 BlockDriverState *bdrv;
531 BlockDriver *drv = NULL;
532 const char *p1;
533 char fmt[32];
534
535 p1 = strchr(filename, ':');
536 if (p1++) {
537 const char *p2;
538
539 if (strstart(filename, "format=", &p2)) {
540 int len = MIN(p1 - p2, sizeof(fmt));
541 pstrcpy(fmt, len, p2);
542
543 drv = bdrv_find_format(fmt);
544 if (!drv) {
545 printf("invalid format %s\n", fmt);
546 return NULL;
547 }
548 } else if (*filename != ':') {
549 printf("unrecognized USB mass-storage option %s\n", filename);
550 return NULL;
551 }
552
553 filename = p1;
554 }
555
556 if (!*filename) {
557 printf("block device specification needed\n");
558 return NULL;
559 }
560
561 bdrv = bdrv_new("usb");
562 if (bdrv_open2(bdrv, filename, 0, drv) < 0)
563 return NULL;
564
565 dev = usb_create_simple(NULL /* FIXME */, "QEMU USB MSD");
566 s = DO_UPCAST(MSDState, dev, dev);
567 s->bs = bdrv;
568 snprintf(s->dev.devname, sizeof(s->dev.devname), "QEMU USB MSD(%.16s)",
569 filename);
570
571 s->bus = scsi_bus_new(&s->dev.qdev, 0, 1, usb_msd_command_complete);
572 #if 0
573 s->scsi_dev = scsi_disk_init(s->bus, bdrv);
574 #endif
575 usb_msd_handle_reset((USBDevice *)s);
576 return (USBDevice *)s;
577 }
578
579 BlockDriverState *usb_msd_get_bdrv(USBDevice *dev)
580 {
581 MSDState *s = (MSDState *)dev;
582
583 return s->bs;
584 }
585
586 static struct USBDeviceInfo msd_info = {
587 .qdev.name = "QEMU USB MSD",
588 .qdev.size = sizeof(MSDState),
589 .init = usb_msd_initfn,
590 .handle_packet = usb_generic_handle_packet,
591 .handle_reset = usb_msd_handle_reset,
592 .handle_control = usb_msd_handle_control,
593 .handle_data = usb_msd_handle_data,
594 .handle_destroy = usb_msd_handle_destroy,
595 };
596
597 static void usb_msd_register_devices(void)
598 {
599 usb_qdev_register(&msd_info);
600 }
601 device_init(usb_msd_register_devices)
Qemu copy for testing